Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I still infected?


  • This topic is locked This topic is locked
10 replies to this topic

#1 Rogerio025

Rogerio025

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 21 June 2011 - 08:28 AM

Hello folks,

Firstly thank you for your help and time. I'm sorry for my poor English.
My sister got infected again, twice this month. She knows little about computers, and I'm trying to help her make better use of our computer. She does not know to differentiate emails she gets. We are not too young anymore, but I know a little more than her. This time was an attached from a friend of us, but he was surprised when we told him.
After the infected email, Microsoft Essentials was uninstalled by the infection.
I ran some programs, MBAM, ESET online OTL this time. After that, I was able to reinstall Microsoft Essentials.
But the live messenger is not working normally. All contacts are offline, and not be able to send instant messages on live messenger, only in the webmessenger at ~~wwwdothotmaildotcom~~.

Any help is appreciated.

Rogerio


OTL logfile created on: 20/06/2011 15:49:46 - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Rogério\Desktop
Windows Vista Starter Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

1,87 Gb Total Physical Memory | 0,72 Gb Available Physical Memory | 38,61% Memory free
3,99 Gb Paging File | 2,56 Gb Available in Paging File | 64,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,05 Gb Total Space | 55,16 Gb Free Space | 37,01% Space Free | Partition Type: NTFS

Computer Name: ROGÉRIO-PC | User Name: Rogério | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/20 15:48:52 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Rogério\Desktop\OTL.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/05/28 03:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe
PRC - [2011/05/18 08:06:45 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/03/01 12:29:51 | 002,020,216 | ---- | M] (TeamViewer GmbH) -- c:\users\rogrio~1\appdata\local\temp\teamviewer\version6\TeamViewer_Desktop.exe
PRC - [2011/03/01 12:29:50 | 006,745,464 | ---- | M] (TeamViewer GmbH) -- C:\Users\ROGRIO~1\AppData\Local\Temp\TeamViewer\Version6\TeamViewer.exe
PRC - [2011/03/01 11:24:45 | 000,108,408 | ---- | M] (TeamViewer GmbH) -- C:\Users\ROGRIO~1\AppData\Local\Temp\TeamViewer\Version6\tv_w32.exe
PRC - [2010/11/10 01:54:18 | 004,240,760 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
PRC - [2010/11/10 01:07:26 | 000,054,656 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Live\Companion\companionuser.exe
PRC - [2010/11/10 00:13:30 | 000,025,456 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
PRC - [2010/09/22 11:03:38 | 000,316,208 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
PRC - [2010/09/22 11:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/09/21 13:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Arquivos de programas\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010/09/21 13:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Arquivos de programas\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/04/10 22:28:12 | 001,143,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
PRC - [2009/04/10 22:28:04 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Sidebar\sidebar.exe
PRC - [2009/04/10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/10 22:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008/10/25 10:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008/05/16 05:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Arquivos de programas\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/05/16 05:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Arquivos de programas\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2007/04/09 02:47:00 | 000,061,440 | ---- | M] (Vimicro) -- C:\Windows\vm305_sti.exe
PRC - [2007/01/18 03:46:56 | 004,349,952 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/12/23 17:05:20 | 000,143,360 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/12/23 17:04:42 | 000,905,216 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Common Files\Ahead\Lib\NMIndexStoreSvr.exe


========== Modules (SafeList) ==========

MOD - [2011/06/20 15:48:52 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Rogério\Desktop\OTL.exe
MOD - [2011/04/18 15:12:24 | 000,496,072 | ---- | M] (Caixa Economica Federal) -- C:\Arquivos de programas\GbPlugin\gbiehcef.dll
MOD - [2011/03/01 11:24:45 | 000,050,552 | ---- | M] (TeamViewer GmbH) -- C:\Users\ROGRIO~1\AppData\Local\Temp\TeamViewer\Version6\tv_w32.dll
MOD - [2010/08/31 12:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2009/04/10 22:28:22 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL
MOD - [2009/04/10 22:28:20 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
MOD - [2008/01/19 04:36:55 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winnsi.dll
MOD - [2006/11/02 06:46:03 | 000,149,019 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\crtdll.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Unknown | Stopped] -- -- (NisSrv)
SRV - File not found [Auto | Stopped] -- -- (MsMpSvc)
SRV - File not found [Unknown | Stopped] -- -- (GbpSv)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2008/05/16 05:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/01/19 04:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de Programas\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/04/18 15:14:16 | 000,046,664 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\gbpkm.sys -- (GbpKm)
DRV - [2010/10/24 20:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 20:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/08/12 11:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET)
DRV - [2008/06/19 23:04:00 | 007,468,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/16 05:10:32 | 000,024,888 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/05/16 05:10:30 | 000,026,424 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\purendis.sys -- (purendis)
DRV - [2007/08/09 17:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007/06/18 15:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/04/09 02:47:00 | 001,466,624 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbVM305.sys -- (ZSMC0305)
DRV - [2007/04/09 02:47:00 | 000,474,368 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vvftav.sys -- (vvftav)
DRV - [2006/11/02 04:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/?LinkId=69157


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-2512189605-968961597-3011305198-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-2512189605-968961597-3011305198-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-2512189605-968961597-3011305198-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2512189605-968961597-3011305198-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/
IE - HKU\S-1-5-21-2512189605-968961597-3011305198-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2512189605-968961597-3011305198-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-2512189605-968961597-3011305198-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 11:03:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}: C:\Users\Rogério\AppData\Roaming\Mozilla\FireFox\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}


O1 HOSTS File: ([2011/05/09 08:15:48 | 000,000,759 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de Programas\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de Programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de Programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Arquivos de Programas\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de Programas\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de Programas\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de Programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de Programas\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de Programas\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2512189605-968961597-3011305198-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2512189605-968961597-3011305198-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Arquivos de Programas\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BigDog305] C:\Windows\VM305_STI.EXE (Vimicro)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Arquivos de Programas\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2512189605-968961597-3011305198-1001..\Run: [ares] File not found
O4 - HKU\S-1-5-21-2512189605-968961597-3011305198-1001..\Run: [Badoo Desktop] C:\ProgramData\Badoo\Badoo Desktop\1.5.3.949\Badoo.Desktop.exe (Badoo)
O4 - HKU\S-1-5-21-2512189605-968961597-3011305198-1001..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-2512189605-968961597-3011305198-1001..\Run: [Google Update] C:\Users\Rogério\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-2512189605-968961597-3011305198-1001..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2512189605-968961597-3011305198-1001..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2512189605-968961597-3011305198-1001..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 1
O7 - HKU\S-1-5-21-2512189605-968961597-3011305198-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Arquivos de Programas\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de Programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de Programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Arquivos de Programas\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de Programas\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de Programas\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Arquivos de Programas\Common Files\Pure Networks Shared\Platform\puresp4.dll (Pure Networks, Inc.)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de Programas\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Arquivos de Programas\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - HKU\S-1-5-21-2512189605-968961597-3011305198-1001 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ GbPluginCef: DllName - C:\Program Files\GbPlugin\gbiehCef.dll - C:\Arquivos de Programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Rogério\AppData\Roaming\Microsoft\Windows Photo Gallery\Papel de Parede da Galeria de Fotos do Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\Rogério\AppData\Roaming\Microsoft\Windows Photo Gallery\Papel de Parede da Galeria de Fotos do Windows.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de Programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Arquivos de Programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 18:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{01004936-1ccf-11e0-a413-001bb9c249f8}\Shell\AutoRun\command - "" = I:\dvZGiA.eXE
O33 - MountPoints2\{01004936-1ccf-11e0-a413-001bb9c249f8}\Shell\oPEn\comMAnd - "" = I:\DVZgIA.Exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2015/12/01 15:16:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Badoo
[2015/12/01 15:09:03 | 000,000,000 | ---D | C] -- C:\Users\Rogério\AppData\Local\{F8E2607E-B9AA-46E5-B229-540EEA8A1B07}
[2011/06/20 15:48:50 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Rogério\Desktop\OTL.exe
[2011/06/20 12:56:23 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\ESET
[2011/06/20 12:55:31 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Rogério\Desktop\esetsmartinstaller_enu.exe
[2011/06/20 12:42:13 | 000,000,000 | ---D | C] -- C:\MSNCleaner
[2011/06/20 12:42:05 | 000,000,000 | ---D | C] -- C:\Users\Rogério\Documents\MsnCleaner
[2011/06/20 12:36:17 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Users\Rogério\Desktop\aswMBR.exe
[2011/06/20 10:10:14 | 000,000,000 | ---D | C] -- C:\Users\Rogério\AppData\Roaming\Malwarebytes
[2011/06/20 10:09:59 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/06/20 10:09:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/20 10:09:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/06/20 10:09:55 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/06/20 10:09:55 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Malwarebytes' Anti-Malware
[2011/06/20 10:09:30 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Rogério\Documents\mbam-setup-1.51.0.1200.exe
[2011/06/20 08:28:35 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/20 08:27:35 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/06/20 08:27:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/06/20 08:27:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/06/20 08:16:55 | 000,000,000 | ---D | C] -- C:\Users\Rogério\AppData\Local\{2B1350A9-AB3C-41DA-8011-A3EE57261A31}
[2011/06/17 17:49:12 | 000,000,000 | ---D | C] -- C:\Users\Rogério\AppData\Local\{8269A330-57BF-4284-AEBB-2AF41B433E20}
[2011/06/17 16:04:33 | 000,000,000 | -H-D | C] -- C:\xe
[2011/06/17 08:17:22 | 000,000,000 | ---D | C] -- C:\Users\Rogério\AppData\Local\{59E50317-1D7C-4CA6-878A-5396FCE2DAFE}
[2011/06/16 15:28:52 | 001,441,584 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Rogério\Desktop\TDSSKiller.exe
[2011/06/16 14:32:37 | 000,000,000 | ---D | C] -- C:\Users\Rogério\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCI-Express-Guias 1.0.0
[2011/06/16 14:30:26 | 002,965,332 | ---- | C] (ZAPT System Ltda Me.) -- C:\Users\Rogério\Documents\CCI-EXPRESS-GUIAS.exe
[2011/06/16 08:03:20 | 000,000,000 | ---D | C] -- C:\Users\Rogério\AppData\Local\{69DA95C1-24B3-44BD-96E7-5A61FE5DEE94}
[2011/06/15 08:23:14 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/06/15 08:23:06 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/06/15 08:23:03 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/06/15 08:23:01 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/06/15 08:22:57 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/06/15 08:22:57 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/06/15 08:22:56 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/06/15 08:22:56 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/06/15 08:22:55 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/06/15 08:22:55 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/06/15 08:22:55 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/06/15 08:22:55 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/06/15 08:22:55 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/06/15 08:22:55 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/06/15 08:22:55 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/06/15 08:22:54 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/06/15 08:22:54 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/06/15 08:18:36 | 000,000,000 | ---D | C] -- C:\Users\Rogério\Documents\AMulherAntesdeDormir[1]
[2011/06/15 08:08:51 | 000,000,000 | ---D | C] -- C:\Users\Rogério\AppData\Local\{2838F105-C5E2-4377-9A3E-F4DE88CBE21B}
[2011/06/14 08:04:06 | 000,000,000 | ---D | C] -- C:\Users\Rogério\AppData\Local\{9095F81A-06ED-4D20-B29B-CECE27CE9ABC}
[2011/06/13 08:03:33 | 000,000,000 | ---D | C] -- C:\Users\Rogério\AppData\Local\{2FBBCCB6-809B-4916-9416-2741EE872075}
[2011/06/10 08:33:34 | 000,000,000 | ---D | C] -- C:\Users\Rogério\AppData\Local\{F88E5F75-16A0-4C55-8273-79972CABB36A}
[2011/06/09 08:07:07 | 000,000,000 | ---D | C] -- C:\Users\Rogério\AppData\Local\{0551CE4B-7D47-4CD7-9A6A-38F516AB6EFA}
[2011/06/08 08:03:19 | 000,000,000 | ---D | C] -- C:\Users\Rogério\AppData\Local\{4BBD12B4-7BAC-4DBD-8A22-17D49616A38B}
[2011/06/07 08:06:41 | 000,000,000 | ---D | C] -- C:\Users\Rogério\AppData\Local\{E777F6B7-9003-4D53-BAA6-8CD205C6FFA9}
[2011/06/06 08:09:26 | 000,000,000 | ---D | C] -- C:\Users\Rogério\AppData\Local\{CBF3A21E-A66C-4AF0-B6A2-04419F24EB03}
[2011/06/03 21:09:59 | 000,000,000 | ---D | C] -- C:\Users\Rogério\AppData\Local\{9E768D8C-CFEE-4314-94C7-709BA01324AF}
[2011/06/03 14:15:25 | 000,000,000 | ---D | C] -- C:\!KillBox
[2011/06/03 08:15:25 | 000,000,000 | ---D | C] -- C:\Users\Rogério\AppData\Local\{E06465CE-6790-42C4-91AE-FE8B60C77711}
[2011/06/02 08:21:14 | 000,000,000 | ---D | C] -- C:\Users\Rogério\AppData\Local\{E40E16EC-2262-49BC-BE53-6323AE791FF1}
[2011/06/01 08:29:47 | 000,000,000 | ---D | C] -- C:\Users\Rogério\AppData\Local\{07F44C99-4F8C-47BB-8C2C-C1CC11A77466}
[2011/05/31 08:06:43 | 000,000,000 | ---D | C] -- C:\Users\Rogério\AppData\Local\{E54822A5-0D21-4708-9E17-5BC35D0B0DF4}
[2011/05/30 08:12:01 | 000,000,000 | ---D | C] -- C:\Users\Rogério\AppData\Local\{F8AF1337-221D-4153-B366-B7350591B782}
[2011/05/28 18:54:05 | 000,000,000 | ---D | C] -- C:\Users\Rogério\AppData\Local\{BA6CBF99-D065-4137-9706-0BC9D2B6E374}
[2011/05/27 08:05:15 | 000,000,000 | ---D | C] -- C:\Users\Rogério\AppData\Local\{A726D0ED-8B65-4A2C-9D28-99C0D86D86B4}
[2011/05/26 12:20:04 | 000,000,000 | ---D | C] -- C:\Users\Rogério\AppData\Local\{60FF75A9-92FA-4E17-ADB2-05D83C0064A9}
[2011/05/25 08:03:17 | 000,000,000 | ---D | C] -- C:\Users\Rogério\AppData\Local\{3F42906C-A8C1-4BE1-B33E-12476BFA3D8C}
[2011/05/24 08:02:12 | 000,000,000 | ---D | C] -- C:\Users\Rogério\AppData\Local\{F01C3D34-3BA5-4149-B964-1A0115B6FA15}
[2011/05/23 08:15:50 | 000,000,000 | ---D | C] -- C:\Users\Rogério\AppData\Local\{9CC93E1E-D23E-4C40-BB35-00FFA54D74B5}
[2011/05/21 17:16:34 | 000,000,000 | ---D | C] -- C:\Users\Rogério\AppData\Local\{93180D34-FC6A-4139-A26D-70C526277929}

========== Files - Modified Within 30 Days ==========

[2015/12/01 15:41:00 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{69E97E79-0A48-4459-AE04-B1CB8FA10E3D}.job
[2015/12/01 15:18:52 | 000,000,286 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2015/12/01 15:08:23 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2015/12/01 15:08:23 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/06/20 15:48:52 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Rogério\Desktop\OTL.exe
[2011/06/20 15:45:09 | 001,441,584 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Rogério\Desktop\TDSSKiller.exe
[2011/06/20 15:44:45 | 001,309,375 | ---- | M] () -- C:\Users\Rogério\Documents\tdsskiller.zip
[2011/06/20 15:27:02 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/20 15:20:11 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2512189605-968961597-3011305198-1001UA.job
[2011/06/20 14:22:29 | 000,003,936 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/20 14:22:29 | 000,003,936 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/20 13:27:01 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/20 12:41:56 | 000,159,410 | ---- | M] () -- C:\Users\Rogério\Documents\MsnCleaner.zip
[2011/06/20 12:39:09 | 000,000,512 | ---- | M] () -- C:\Users\Rogério\Desktop\MBR.dat
[2011/06/20 12:22:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/20 12:22:23 | 2011,684,864 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/20 10:10:00 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/20 10:09:41 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Rogério\Documents\mbam-setup-1.51.0.1200.exe
[2011/06/20 09:44:08 | 000,000,049 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011/06/20 08:28:45 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/06/20 08:20:01 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2512189605-968961597-3011305198-1001Core.job
[2011/06/17 16:06:01 | 000,019,286 | ---- | M] () -- C:\cleanup.exe
[2011/06/17 15:19:43 | 000,000,000 | ---- | M] () -- C:\hpfr3420.xml
[2011/06/16 14:32:41 | 000,001,740 | ---- | M] () -- C:\Users\Rogério\Desktop\CCI-Express-Guias.lnk
[2011/06/16 14:30:40 | 002,965,332 | ---- | M] (ZAPT System Ltda Me.) -- C:\Users\Rogério\Documents\CCI-EXPRESS-GUIAS.exe
[2011/06/16 14:25:23 | 001,033,728 | ---- | M] () -- C:\Users\Rogério\Documents\cci_express_guia.exe
[2011/06/16 09:42:14 | 000,002,517 | ---- | M] () -- C:\Users\Rogério\Desktop\Hotmail - armonicatur@hotmail.com - Windows Live (3).url
[2011/06/15 08:27:50 | 000,002,052 | ---- | M] () -- C:\Users\Rogério\Desktop\Google Chrome.lnk
[2011/06/09 16:44:15 | 000,002,579 | ---- | M] () -- C:\Users\Rogério\Desktop\Hotmail - armonicatur@hotmail.com - Windows Live (2).url
[2011/06/07 16:15:54 | 002,354,003 | ---- | M] () -- C:\Users\Rogério\Documents\autorizaç...jpg
[2011/06/06 14:00:17 | 000,029,748 | ---- | M] () -- C:\Users\Rogério\Documents\Logo Armônica.cdr
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/28 03:05:27 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/05/28 03:04:56 | 000,602,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/05/28 03:04:56 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/05/28 03:04:30 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/05/28 03:04:22 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/05/28 03:04:17 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/05/28 03:04:03 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/05/28 03:04:03 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/05/28 03:04:03 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/05/28 03:04:02 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/05/28 03:04:02 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/05/28 03:03:58 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/05/28 02:10:26 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/05/28 01:33:03 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/05/28 01:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/05/28 01:32:15 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/05/28 01:31:44 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/05/24 19:14:10 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011/05/21 23:11:45 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\Rogério\Desktop\aswMBR.exe

========== Files Created - No Company Name ==========

[2015/12/01 15:08:23 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2015/12/01 15:08:23 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/06/20 15:44:41 | 001,309,375 | ---- | C] () -- C:\Users\Rogério\Documents\tdsskiller.zip
[2011/06/20 12:41:50 | 000,159,410 | ---- | C] () -- C:\Users\Rogério\Documents\MsnCleaner.zip
[2011/06/20 12:39:09 | 000,000,512 | ---- | C] () -- C:\Users\Rogério\Desktop\MBR.dat
[2011/06/20 10:10:00 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/17 16:06:01 | 000,019,286 | ---- | C] () -- C:\cleanup.exe
[2011/06/16 14:32:41 | 000,001,740 | ---- | C] () -- C:\Users\Rogério\Desktop\CCI-Express-Guias.lnk
[2011/06/16 09:42:14 | 000,002,517 | ---- | C] () -- C:\Users\Rogério\Desktop\Hotmail - armonicatur@hotmail.com - Windows Live (3).url
[2011/06/15 13:53:02 | 000,029,748 | ---- | C] () -- C:\Users\Rogério\Documents\Logo Armônica.cdr
[2011/06/15 10:25:47 | 001,033,728 | ---- | C] () -- C:\Users\Rogério\Documents\cci_express_guia.exe
[2011/06/09 16:44:15 | 000,002,579 | ---- | C] () -- C:\Users\Rogério\Desktop\Hotmail - armonicatur@hotmail.com - Windows Live (2).url
[2011/06/07 16:15:54 | 002,354,003 | ---- | C] () -- C:\Users\Rogério\Documents\autorizaç...jpg
[2011/02/28 09:10:17 | 000,139,264 | ---- | C] () -- C:\Windows\System32\vmcoinst_vc0305.dll
[2011/02/28 09:09:05 | 000,122,880 | ---- | C] () -- C:\Windows\rm305.exe
[2011/02/28 09:09:05 | 000,000,900 | ---- | C] () -- C:\Windows\rm305.ini
[2010/12/30 17:27:00 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/12/30 17:23:42 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/12/14 11:21:55 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2010/12/14 11:11:18 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/08/09 12:42:18 | 000,000,286 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/08/09 11:59:36 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/07/16 18:02:12 | 000,000,019 | ---- | C] () -- C:\Windows\System32\armonicatur-dataenvio.ini
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008/08/30 16:49:56 | 000,029,184 | ---- | C] () -- C:\Users\Rogério\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/23 17:16:21 | 000,003,972 | ---- | C] () -- C:\Windows\System32\drivers\PciBus.sys
[2006/11/05 22:33:42 | 000,318,818 | ---- | C] () -- C:\Windows\System32\prfi0416.dat
[2006/11/05 22:33:42 | 000,079,450 | ---- | C] () -- C:\Windows\System32\prfc0416.dat
[2006/11/05 22:33:42 | 000,037,412 | ---- | C] () -- C:\Windows\System32\prfd0416.dat
[2006/11/05 22:33:42 | 000,000,000 | ---- | C] () -- C:\Windows\System32\prfh0416.dat
[2006/11/02 09:59:06 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 09:45:36 | 000,372,728 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:33:01 | 000,303,148 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 07:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 07:33:01 | 000,034,000 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 07:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 07:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 07:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 05:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 05:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 04:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 04:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== Files - Unicode (All) ==========
[2011/06/15 10:38:26 | 002,700,424 | ---- | M] (TeamViewer GmbH)(C:\Users\Rogério\Documents\Conex?o_ZAPT_System.exe) -- C:\Users\Rogério\Documents\Conex�o_ZAPT_System.exe
[2011/06/15 10:38:15 | 002,700,424 | ---- | C] (TeamViewer GmbH)(C:\Users\Rogério\Documents\Conex?o_ZAPT_System.exe) -- C:\Users\Rogério\Documents\Conex�o_ZAPT_System.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 208 bytes -> C:\Windows\System32\drivers:GbpKmAp.lst

< End of report >

I forgot:

The day was Jun 17 2011. That was the day she got the email.
We already changed her email password.

Thx again

Eset Nod

C:\$Recycle.Bin\S-1-5-21-2512189605-968961597-3011305198-1001\$RR7MIWJ.exe probably a variant of Win32/Adware.RegGenie application deleted - quarantined
C:\Users\Rogério\AppData\Local\Temp\cfs9536.tmp Win32/Adware.Mirar application cleaned by deleting - quarantined
C:\Users\Rogério\AppData\Local\Temp\NERO1002626\unit_app_75\Toolbar.exe Win32/Toolbar.AskSBar application cleaned by deleting - quarantined
C:\Users\Rogério\Documents\AMulherAntesdeDormir[1]\AMulherAntesdeDormir.exe a variant of Win32/TrojanDownloader.Delf.QLQ trojan deleted - quarantined
C:\Users\Rogério\Documents\Carla\Comprovante de depósito.scr a variant of Win32/TrojanDownloader.Banload.PCQ trojan cleaned by deleting - quarantined
C:\Users\Rogério\Downloads\f6uZYo (1).zip probably a variant of Win32/Injector.EQ trojan deleted - quarantined


Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Versão da Base de Dados: 6902

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19088

20/06/2011 12:20:29
mbam-log-2011-06-20 (12-20-29).txt

Tipo de Verificação: Verificação Completa (C:\|)
Objetos escaneados: 311146
Tempo decorrido: 1 hora(s), 6 minuto(s), 36 segundo(s)

Processos de Memória Infectados: 0
Módulos de Memória Infectados: 0
Chaves de Registro Infectadas: 1
Valores de Registro Infectados: 0
Itens de Dados no Registro Infectados: 0
Pastas Infectadas: 0
Arquivos Infectados: 9

Processos de Memória Infectados:
(Não foram detectados ítens maliciosos)

Módulos de Memória Infectados:
(Não foram detectados ítens maliciosos)

Chaves de Registro Infectadas:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Valores de Registro Infectados:
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Infectados:
(Não foram detectados ítens maliciosos)

Pastas Infectadas:
(Não foram detectados ítens maliciosos)

Arquivos Infectados:
c:\mothersday11-hp.exe (Spyware.Banker) -> Quarantined and deleted successfully.
c:\tempi\taskmgr.exe (Spyware.Banker) -> Quarantined and deleted successfully.
c:\Users\Rogério\AppData\Local\virtualstore\Windows\System32\COBRANCA.jpg (Trojan.AVKiller) -> Quarantined and deleted successfully.
c:\Users\Rogério\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\3GHCMD3Q\logof[1].mp3 (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rogério\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\R6ZHJ1WE\2hookdll[1].dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rogério\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\VJHUVYX8\klotes[1].mp3 (Spyware.PWS) -> Quarantined and deleted successfully.
c:\Users\Rogério\documents\boleto_html.com (Trojan.Banload) -> Quarantined and deleted successfully.
c:\Windows\logoff.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\hookDll.dll (Trojan.Agent) -> Quarantined and deleted successfully.


Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Versão da Base de Dados: 6902

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19088

20/06/2011 10:14:38
mbam-log-2011-06-20 (10-14-38).txt

Tipo de Verificação: Verificação Instantânea
Objetos escaneados: 109447
Tempo decorrido: 2 minuto(s), 6 segundo(s)

Processos de Memória Infectados: 2
Módulos de Memória Infectados: 0
Chaves de Registro Infectadas: 5
Valores de Registro Infectados: 6
Itens de Dados no Registro Infectados: 2
Pastas Infectadas: 1
Arquivos Infectados: 19

Processos de Memória Infectados:
c:\Users\Rogério\AppData\Local\ctfmot.exe (Spyware.Banker) -> 4392 -> Unloaded process successfully.
c:\tempi\ctfmon.exe (Trojan.Banker) -> 4928 -> Unloaded process successfully.

Módulos de Memória Infectados:
(Não foram detectados ítens maliciosos)

Chaves de Registro Infectadas:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\impressorax (Trojan.Banker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\placax (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\ctfmot (Trojan.Banker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\dark (Trojan.Banker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\AppDataLow\Software\MarketPrecision (Adware.Adparatus) -> Quarantined and deleted successfully.

Valores de Registro Infectados:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\(default) (Spyware.Banker) -> Value: (default) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lsasss (Trojan.Banker) -> Value: lsasss -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus (Spyware.PWS) -> Value: antivirus -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\load (Trojan.Agent) -> Value: load -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\adparatus@adparatus.com (Adware.Adparatus) -> Value: adparatus@adparatus.com -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Microsoft Windows Debug (Trojan.Banker) -> Value: Microsoft Windows Debug -> Quarantined and deleted successfully.

Itens de Dados no Registro Infectados:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (http://www.mirarsearch.com/?useie5=1&q=) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (http://www.mirarsearch.com/?useie5=1&q=) Good: (http://www.google.com) -> Quarantined and deleted successfully.

Pastas Infectadas:
c:\Users\Rogério\AppData\Local\Temp\adparatustemp (Adware.Adparatus) -> Quarantined and deleted successfully.

Arquivos Infectados:
c:\Users\Rogério\AppData\Local\ctfmot.exe (Spyware.Banker) -> Quarantined and deleted successfully.
c:\tempi\ctfmon.exe (Trojan.Banker) -> Quarantined and deleted successfully.
c:\Windows\ctfmonn.exe (Spyware.PWS) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\impressorax.sys (Trojan.Banker) -> Quarantined and deleted successfully.
c:\Windows\AvastsS.exe (Trojan.Banker) -> Quarantined and deleted successfully.
c:\Users\Public\Desktop\streaming music - mediapass.lnk (Adware.Trace) -> Quarantined and deleted successfully.
c:\Users\Rogério\AppData\Local\Temp\adparatus.installer.log (Adware.Adparatus) -> Quarantined and deleted successfully.
c:\Windows\firewalls.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\registroo64o.txt (Malware.Trace) -> Quarantined and deleted successfully.
c:\DRIVERS\KDESCK.exe (Trojan.Banker) -> Quarantined and deleted successfully.
c:\DRIVERS\TDESCK.txt (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\placax.sys (Trojan.Agent) -> Quarantined and deleted successfully.
c:\DRIVERS\WINNTK.lnk (Trojan.Banker) -> Quarantined and deleted successfully.
c:\Users\Rogério\AppData\Local\Temp\adparatustemp\duh3273.tmp.html (Adware.Adparatus) -> Quarantined and deleted successfully.
c:\Users\Rogério\AppData\Local\Temp\adparatustemp\duh941c.tmp.html (Adware.Adparatus) -> Quarantined and deleted successfully.
c:\Users\Rogério\AppData\Local\Temp\adparatustemp\duh94e.tmp.html (Adware.Adparatus) -> Quarantined and deleted successfully.
c:\Users\Rogério\AppData\Local\Temp\adparatustemp\duh9641.tmp.html (Adware.Adparatus) -> Quarantined and deleted successfully.
c:\Users\Rogério\AppData\Local\Temp\adparatustemp\duhc2fd.tmp.html (Adware.Adparatus) -> Quarantined and deleted successfully.
c:\Users\Rogério\AppData\Local\Temp\adparatustemp\duhf00a.tmp.html (Adware.Adparatus) -> Quarantined and deleted successfully.

Thx again

Edited by hamluis, 21 June 2011 - 11:59 AM.
Merged posts, PM sent.


BC AdBot (Login to Remove)

 


#2 rigacci

rigacci

    Fiorentino


  • Members
  • 2,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:06 AM

Posted 29 June 2011 - 07:41 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks.

DR

#3 Rogerio025

Rogerio025
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 30 June 2011 - 04:37 PM

Hello there!
Thx for your help and time!

DDS Log
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.19088
Run by Rogério at 16:40:54 on 2011-06-30
Microsoft® Windows Vista™ Starter 6.0.6002.2.1252.55.1046.18.1918.809 [GMT -3:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WerCon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Windows\vm305_sti.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\ROGRIO~1\AppData\Local\Temp\TeamViewer\Version6\TeamViewer.exe
c:\users\rogrio~1\appdata\local\temp\teamviewer\version6\TeamViewer_Desktop.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Users\ROGRIO~1\AppData\Local\Temp\TeamViewer\Version6\tv_w32.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Rogério\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com.br/
uSearch Bar = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540003} - c:\program files\gbplugin\gbiehcef.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ares] "c:\program files\ares\Ares.exe" -h
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [Google Update] "c:\users\rogério\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [BigDog305] c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
uPolicies-explorer: NoDFSTab = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: NoDFSTab = 1 (0x1)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5AB88739-4672-4FE1-BCED-159CF30C8346} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{5AB88739-4672-4FE1-BCED-159CF30C8346} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: GbPluginCef - c:\program files\gbplugin\gbiehCef.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399003} - c:\program files\gbplugin\gbiehcef.dll
.
============= SERVICES / DRIVERS ===============
.
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [2009-11-23 46664]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 165264]
R1 MpKsl0baaffb3;MpKsl0baaffb3;c:\programdata\microsoft\microsoft antimalware\definition updates\{4f62e028-774c-4b10-8637-35c2b244d186}\MpKsl0baaffb3.sys [2011-6-30 28752]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 FontCache;Serviço de Cache de Fontes do Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-5 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-20 366640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-20 22712]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 43392]
R3 vvftav;vvftav;c:\windows\system32\drivers\vvftav.sys [2011-2-28 474368]
R3 ZSMC0305;USB PC Camera VC305;c:\windows\system32\drivers\usbVM305.sys [2011-2-28 1466624]
S1 MpKslb983d8a5;MpKslb983d8a5;c:\programdata\microsoft\microsoft antimalware\definition updates\{4f62e028-774c-4b10-8637-35c2b244d186}\MpKslb983d8a5.sys [2011-6-30 28752]
S2 GbpSv;Gbp Service;c:\progra~1\gbplugin\gbpsv.exe --> c:\progra~1\gbplugin\GbpSv.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-2 135664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2006-11-2 167936]
S3 gupdatem;Serviço do Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-2 135664]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-06-30 19:30:13 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{4f62e028-774c-4b10-8637-35c2b244d186}\MpKsl0baaffb3.sys
2011-06-30 16:58:12 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{4f62e028-774c-4b10-8637-35c2b244d186}\MpKslb983d8a5.sys
2011-06-30 11:33:03 7074640 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{4f62e028-774c-4b10-8637-35c2b244d186}\mpengine.dll
2011-06-29 11:19:58 276992 ----a-w- c:\windows\system32\schannel.dll
2011-06-22 11:18:05 7074640 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-06-20 19:45:21 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f6f56205-8c1d-48bb-99fe-64feb0a6861a}\gapaengine.dll
2011-06-20 19:41:09 -------- d-----w- c:\program files\Microsoft Security Client
2011-06-20 19:26:01 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-06-20 19:26:01 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-06-20 19:26:00 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-06-20 19:24:48 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-06-20 15:42:13 -------- d-----w- C:\MSNCleaner
2011-06-20 13:10:14 -------- d-----w- c:\users\rogério\appdata\roaming\Malwarebytes
2011-06-20 13:09:59 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-20 13:09:58 -------- d-----w- c:\programdata\Malwarebytes
2011-06-20 13:09:55 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-20 13:09:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-20 11:23:28 6962000 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e49c9faa-fd94-4dd0-a622-a547359da15c}\mpengine.dll
2011-06-17 19:06:01 19286 ----a-w- C:\cleanup.exe
2011-06-17 19:04:33 -------- d--h--w- C:\xe
2011-06-15 11:24:33 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-15 11:24:18 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-15 11:24:13 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-15 11:24:12 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-15 11:24:02 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-15 11:23:16 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-15 11:23:15 247808 ----a-w- c:\program files\internet explorer\ieproxy.dll
2011-06-15 11:23:05 638232 ----a-w- c:\program files\internet explorer\iexplore.exe
2011-06-15 11:23:03 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-15 11:21:59 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-15 11:21:59 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-15 11:21:57 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-06-03 17:15:25 -------- d-----w- C:\!KillBox
.
==================== Find3M ====================
.
2011-05-28 06:04:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-28 06:04:03 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-05-28 06:04:03 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-28 05:10:26 385024 ----a-w- c:\windows\system32\html.iec
2011-05-28 04:33:03 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-28 04:31:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-24 22:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-04 07:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-02 17:16:14 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 13:24:50 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-18 18:14:16 46664 ----a-w- c:\windows\system32\drivers\GbpKm.sys
.
============= FINISH: 16:42:24,60 ===============
Attach
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft® Windows Vista™ Starter
Boot Device: \Device\HarddiskVolume1
Install Date: 30/08/2008 16:32:58
System Uptime: 30/06/2011 16:29:35 (0 hours ago)
.
Motherboard: PCCHIPS | | A13G
Processor: AMD Athlon™ 64 X2 Dual Core Processor 4000+ | Socket M2 | 2100/201mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 57,149 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.5 - Português
Atualização do produto Microsoft Office Excel 2007 Help (KB963678)
Atualização do produto Microsoft Office Outlook 2007 Help (KB963677)
Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669)
Atualização do produto Microsoft Office Word 2007 Help (KB963665)
Avanquest update
CCI-Express-Guias 1.0.0
Controle ActiveX do Windows Live Mesh para Conexões Remotas
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java Auto Updater
Java™ 6 Update 26
Java™ 6 Update 7
Malwarebytes' Anti-Malware versão 1.51.0.1200
Microsoft .NET Framework 3.5 Language Pack SP1 - ptb
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile PTB Language Pack
Microsoft Antimalware
Microsoft Antimalware Service PT-BR Language Pack
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (Portuguese (Brazil)) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Portuguese (Brazil)) 2007
Microsoft Office Groove MUI (Portuguese (Brazil)) 2007
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (Portuguese (Brazil)) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (Portuguese (Brazil)) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007
Microsoft Office Shared MUI (Portuguese (Brazil)) 2007
Microsoft Office Word MUI (Portuguese (Brazil)) 2007
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Client PT-BR Language Pack
Microsoft Security Essentials
Microsoft Silverlight
Motorola Driver Installation
Motorola Phone Tools
Nero 7 Essentials
Network Magic
NVIDIA Drivers
OGA Notifier 2.0.0048.0
Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0
Pacote de Idiomas do Microsoft .NET Framework 3.5 SP1 - PTB
Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)
PhotoMail Maker
PowerDVD
Pure Networks Platform
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (KB2478663)
Security Update for Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (KB2518870)
SopCast 3.0.3
Spelling Dictionaries Support For Adobe Reader 9
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Outlook 2007 Junk Email Filter (KB2536413)
USB PC Camera VC305
Vimicro USB PC Camera(VC0305)
Visual C++ 8.0 CRT (x86) WinSXS MSM
.
==== End Of File ===========================
Mger
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-30 18:33:53
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000053 SAMSUNG_ rev.GF10
Running: 9p71vhn5.exe; Driver: C:\Users\ROGRIO~1\AppData\Local\Temp\kxtiqfog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x9000C340, 0x3DB197, 0xE8000020]
? C:\Users\ROGRIO~1\AppData\Local\Temp\mbr.sys O sistema não pode encontrar o arquivo especificado. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[296] USER32.dll!CreateWindowExW 76A61305 5 Bytes JMP 6D0BDB04 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[296] USER32.dll!DialogBoxParamW 76A810B0 5 Bytes JMP 6CFE54C5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[296] USER32.dll!DialogBoxIndirectParamW 76A82EF5 5 Bytes JMP 6D1B5329 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[296] USER32.dll!DialogBoxParamA 76A98152 5 Bytes JMP 6D1B52C6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[296] USER32.dll!DialogBoxIndirectParamA 76A9847D 5 Bytes JMP 6D1B538C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[296] USER32.dll!MessageBoxIndirectA 76AAD4D9 5 Bytes JMP 6D1B525B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[296] USER32.dll!MessageBoxIndirectW 76AAD5D3 5 Bytes JMP 6D1B51F0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[296] USER32.dll!MessageBoxExA 76AAD639 5 Bytes JMP 6D1B518E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[296] USER32.dll!MessageBoxExW 76AAD65D 5 Bytes JMP 6D1B512C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1268] USER32.dll!CreateDialogParamW 76A572A2 5 Bytes JMP 6D0BDE90 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1268] USER32.dll!GetAsyncKeyState 76A5863C 5 Bytes JMP 6CFD8EFF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1268] USER32.dll!SetWindowsHookExW 76A587AD 5 Bytes JMP 6D0B9A91 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1268] USER32.dll!CallNextHookEx 76A58E3B 5 Bytes JMP 6D0AD0CD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1268] USER32.dll!UnhookWindowsHookEx 76A598DB 5 Bytes JMP 6D02466E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1268] USER32.dll!EnableWindow 76A5CD8B 5 Bytes JMP 6D0BDD1D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1268] USER32.dll!CreateWindowExW 76A61305 5 Bytes JMP 6D0BDB04 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1268] USER32.dll!GetKeyState 76A68CB1 5 Bytes JMP 6D0BD2CB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1268] USER32.dll!IsDialogMessageW 76A70745 5 Bytes JMP 6CFE59D7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1268] USER32.dll!CreateDialogParamA 76A717AA 5 Bytes JMP 6D1B5F95 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1268] USER32.dll!IsDialogMessage 76A71847 5 Bytes JMP 6D1B5831 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1268] USER32.dll!CreateDialogIndirectParamA 76A726F1 5 Bytes JMP 6D1B5FCC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1268] USER32.dll!CreateDialogIndirectParamW 76A79A62 5 Bytes JMP 6D1B6003 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1268] USER32.dll!SetKeyboardState 76A80987 5 Bytes JMP 6D1B5BA0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1268] USER32.dll!DialogBoxParamW 76A810B0 5 Bytes JMP 6CFE54C5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1268] USER32.dll!DialogBoxIndirectParamW 76A82EF5 5 Bytes JMP 6D1B5329 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1268] USER32.dll!SendInput 76A82F75 5 Bytes JMP 6D1B675F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1268] USER32.dll!EndDialog 76A8326E 5 Bytes JMP 6CFE7E7E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1268] USER32.dll!SetCursorPos 76A96FB2 5 Bytes JMP 6D1B67B3 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1268] USER32.dll!DialogBoxParamA 76A98152 5 Bytes JMP 6D1B52C6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1268] USER32.dll!DialogBoxIndirectParamA 76A9847D 5 Bytes JMP 6D1B538C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1268] USER32.dll!MessageBoxIndirectA 76AAD4D9 5 Bytes JMP 6D1B525B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1268] USER32.dll!MessageBoxIndirectW 76AAD5D3 5 Bytes JMP 6D1B51F0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1268] USER32.dll!MessageBoxExA 76AAD639 5 Bytes JMP 6D1B518E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1268] USER32.dll!MessageBoxExW 76AAD65D 5 Bytes JMP 6D1B512C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1268] USER32.dll!keybd_event 76AAD972 5 Bytes JMP 6D1B6AE3 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1268] SHELL32.dll!SHRestricted + D95 75ED89A8 4 Bytes [4D, 30, 83, 69]
.text C:\Program Files\Internet Explorer\iexplore.exe[1268] SHELL32.dll!SHRestricted + D9D 75ED89B0 8 Bytes [57, 2F, 83, 69, 9C, 5B, 82, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[1268] ole32.dll!OleLoadFromStream 75961E80 5 Bytes JMP 6D1B5691 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1268] ole32.dll!CoCreateInstance 75999F3E 5 Bytes JMP 6D0BDB60 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1268] ws2_32.dll!closesocket 7722330C 5 Bytes JMP 68E141DF C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1268] ws2_32.dll!recv 7722343A 5 Bytes JMP 68E14549 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1268] ws2_32.dll!socket 772236D1 5 Bytes JMP 68E1354C C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1268] ws2_32.dll!connect 772240D9 5 Bytes JMP 68E135DC C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1268] ws2_32.dll!getaddrinfo 7722418A 5 Bytes JMP 68E13704 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1268] ws2_32.dll!send 7722659B 5 Bytes JMP 68E13B92 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [698182F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [698182F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [69821AEC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6982007C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CopyFileW] [6981E1E9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!MoveFileW] [69820994] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!DeleteFileW] [6981EE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [6981A3FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [69821D56] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [69823ADC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [69822999] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [69823035] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6981FBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [6981E860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6981DC5C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6981FD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [698182F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6981D4B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6982FBB3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegEnumValueW] [6983051D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW] [6982EB3D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryValueExW] [6982F817] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegDeleteKeyW] [6982EF31] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW] [6982E5C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCloseKey] [6982ED95] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6982007C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6981FBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [6981E1E9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [698182F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6981FD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [6981E860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [69821AEC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [6981EE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindClose] [69823ADC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileA] [69822CD2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileA] [69822926] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileW] [69823035] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileW] [69822999] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesA] [6981BD77] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryA] [6982173F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesA] [6981BFCD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryA] [69820F0F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryA] [698214E9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileA] [6981ED1B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesW] [6981BEA2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryW] [69821D56] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesW] [6981C0FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryW] [6982103D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileW] [6981EE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileW] [69820994] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryW] [69821614] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileA] [69820921] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [698182F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6981FBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [6981A073] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [6981A3FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] [6981E717] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] [6981E860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [6981FD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6981FD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [69820C95] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [6981DC5C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [6981D4B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [6981D361] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [6981EE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6982007C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [6981C0FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [6981E860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [69823035] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [69822999] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [69821AEC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [6981BEA2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [6981BFCD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [6981E717] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [69822CD2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [69822926] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [69823ADC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [698223A5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [6981BD77] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6981FBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [698182F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpW] [6981FAAA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpA] [6981F973] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCloseKey] [6982ED95] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [6982E43D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyA] [6982EDE8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyA] [6982F9B7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [6982E9C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [6982E5C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [6982EB3D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExW] [6983020D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] [6982F4DB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] [6982EF31] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6982FBB3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] [6982F817] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueW] [6983051D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyW] [6982FF19] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExA] [69830085] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueA] [69830395] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyA] [6982FDAF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] [6982F677] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [6981CFA8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindNextFileW] [69822999] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [69820C95] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [6981D22A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [6981D9DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6981DC5C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [6981EB68] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetCurrentDirectoryW] [69821D56] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [6981E1E9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [6981CAA7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6982007C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [6981A3FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [69820994] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindFirstFileW] [69823035] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindClose] [69823ADC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [6981C709] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesA] [6981BD77] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SearchPathW] [69821AEC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [6981CD20] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6981D4B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!RemoveDirectoryW] [69821614] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateDirectoryW] [6982103D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] [6981EE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetFileAttributesW] [6981C0FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesW] [6981BEA2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [698209B9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameW] [6981C848] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6981FD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [6981E860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesExW] [6981C368] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6981FBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetLongPathNameW] [6981C5D8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [6981F0D0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [6981FAAA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [6981F5C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringByKeyW] [6982620B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHCreateStreamOnFileW] [69827595] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryKeyW] [698260AE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringW] [6982615B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyA] [698275E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCombineW] [69826533] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHOpenRegStream2W] [6982799A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryW] [6982684F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsURLW] [69826E45] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootA] [69826AFB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootW] [69826B47] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripToRootW] [69827281] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFindOnPathW] [69826716] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripPathW] [698271ED] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRemoveArgsW] [69827021] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetBoolUSValueW] [69827FBE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathSkipRootW] [69827159] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryEmptyW] [698268E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsSystemFolderW] [69826BE2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryA] [69826803] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRelativePathToW] [69826F81] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootA] [698263A5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetPathW] [698280BD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegSetPathW] [69828513] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetUSValueW] [69828176] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCreateFromUrlW] [698265DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHQueryValueExW] [69827BA4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetValueW] [69828235] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsNetworkPathW] [6982697F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerShareW] [69826DAD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerW] [69826D15] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathUnExpandEnvStringsW] [6982731F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathMakeSystemFolderW] [69826EDD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCW] [69826C7D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRelativeW] [69826AAF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHGetValueW] [698278EA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootW] [698263F4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteValueW] [698276D7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHSetValueW] [69828732] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumKeyExW] [6982777E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumValueW] [69827831] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFileExistsW] [6982667B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyW] [69827636] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [6981BB38] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindClose] [69823ADC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] [69823035] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6982007C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SearchPathW] [69821AEC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [6981A3FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DeleteFileW] [6981EE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetShortPathNameW] [6981C848] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesExW] [6981C368] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] [6981E860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6981FD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW] [6981BEA2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6981FBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [698182F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [698182F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [69828235] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [698281D7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [698272CD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [698275E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [698276D7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [698265DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [6982788F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [698286D7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [698278EA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [69828732] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCombineW] [69826533] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [698182F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\ws2_32.dll [KERNEL32.dll!GetProcAddress] [698182F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [698182F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [698182F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [698182F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1268] @ C:\Windows\system32\IPHLPAPI.DLL [KERNEL32.dll!GetProcAddress] [698182F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Thx again

Attached Files

  • Attached File  Gmer.log   66.02KB   0 downloads


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:06 AM

Posted 01 July 2011 - 08:32 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Rogerio025

Rogerio025
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 04 July 2011 - 08:11 AM

Hi Gringo
Sorry for the delay, I had some ISP issue.
In the meantime I did unistal MSN 2011 and reinstall MSN 2009 it is working again, so do you think I can Reinstall MSN 2011 again with no problem? Just remember It was with contacts offline, and I coudnt IM with then.

I will be outside until noon (GMT-03:00) Brasília.
As will reply to you next step as soon as I can.

Just one thing, when combofix finished I coudnt open any program, I copied the Combofix log but coundt open Internet explorer. Everything works again after Computer reboot.

Here is the combofix log.
ComboFix 11-07-03.04 - Rogério 04/07/2011 9:29.1.2 - x86
Microsoft® Windows Vista™ Starter 6.0.6002.2.1252.55.1046.18.1918.1250 [GMT -3:00]
Executando de: c:\users\Rogério\Desktop\CbFx.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - drivers: deleted 208 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\cleanup.exe
c:\drivers\REGlog
C:\tempi
C:\Windi
c:\windows\Key_Atualizada
c:\windows\VM305Cap.exe
c:\xe\Anti
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_IMPRESSORAX
-------\Legacy_PLACAX
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2011-06-04 to 2011-07-04 ))))))))))))))))))))))))))))
.
.
2015-12-01 18:09 . 2015-12-01 18:09 -------- d-----w- c:\users\Rogério\AppData\Local\{F8E2607E-B9AA-46E5-B229-540EEA8A1B07}
2011-07-04 12:47 . 2011-07-04 12:50 -------- d-----w- c:\users\Rogério\AppData\Local\temp
2011-07-04 12:47 . 2011-07-04 12:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-04 11:16 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{55690440-4149-422E-8DBE-978406F29560}\mpengine.dll
2011-07-01 19:21 . 2011-07-01 19:21 -------- d-----w- C:\CbFx
2011-07-01 19:17 . 2011-07-04 12:26 -------- d-----w- C:\32788R22FWJFW
2011-07-01 02:02 . 2011-07-01 02:02 -------- d-----w- c:\program files\Windows Live SkyDrive
2011-07-01 02:02 . 2011-07-01 02:02 -------- d-----w- c:\program files\Windows Live
2011-06-30 11:11 . 2011-06-30 11:11 -------- d-----w- c:\users\Rogério\AppData\Local\{5FD9ABBC-0A9C-42D1-90ED-BB9FA353DD6D}
2011-06-29 11:19 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
2011-06-29 11:12 . 2011-06-29 11:12 -------- d-----w- c:\users\Rogério\AppData\Local\{206E7679-AB1F-49FC-9D61-00878D77DD27}
2011-06-28 11:07 . 2011-06-28 11:07 -------- d-----w- c:\users\Rogério\AppData\Local\{F0EB0E30-7213-433B-9D72-E21DC96BD542}
2011-06-27 11:02 . 2011-06-27 11:03 -------- d-----w- c:\users\Rogério\AppData\Local\{433EF592-04C5-410A-B81C-DBCA40C81486}
2011-06-24 11:08 . 2011-06-24 11:08 -------- d-----w- c:\users\Rogério\AppData\Local\{A64D911F-7B0D-4D88-AA52-2F66182AA47F}
2011-06-22 11:18 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-06-22 11:05 . 2011-06-22 11:06 -------- d-----w- c:\users\Rogério\AppData\Local\{F4AE3837-B276-4E36-853E-EB163C21980C}
2011-06-21 11:11 . 2011-06-21 11:11 -------- d-----w- c:\users\Rogério\AppData\Local\{3184B062-EF50-4FC2-8746-8734981E8427}
2011-06-20 19:45 . 2011-06-20 19:44 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F6F56205-8C1D-48BB-99FE-64FEB0A6861A}\gapaengine.dll
2011-06-20 19:41 . 2011-06-20 19:41 -------- d-----w- c:\program files\Microsoft Security Client
2011-06-20 19:26 . 2009-09-04 20:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-06-20 19:26 . 2009-09-04 20:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-06-20 19:26 . 2009-09-04 20:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-06-20 19:24 . 2006-11-29 16:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-06-20 15:42 . 2011-06-20 15:43 -------- d-----w- C:\MSNCleaner
2011-06-20 13:10 . 2011-06-20 13:10 -------- d-----w- c:\users\Rogério\AppData\Roaming\Malwarebytes
2011-06-20 13:09 . 2011-05-29 12:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-20 13:09 . 2011-06-20 13:09 -------- d-----w- c:\programdata\Malwarebytes
2011-06-20 13:09 . 2011-06-20 13:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-20 13:09 . 2011-05-29 12:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-20 11:23 . 2011-05-24 22:12 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E49C9FAA-FD94-4DD0-A622-A547359DA15C}\mpengine.dll
2011-06-20 11:16 . 2011-06-20 11:17 -------- d-----w- c:\users\Rogério\AppData\Local\{2B1350A9-AB3C-41DA-8011-A3EE57261A31}
2011-06-17 20:49 . 2011-06-17 20:49 -------- d-----w- c:\users\Rogério\AppData\Local\{8269A330-57BF-4284-AEBB-2AF41B433E20}
2011-06-17 19:04 . 2011-07-04 12:46 -------- d-----w- C:\xe
2011-06-17 11:17 . 2011-06-17 11:17 -------- d-----w- c:\users\Rogério\AppData\Local\{59E50317-1D7C-4CA6-878A-5396FCE2DAFE}
2011-06-16 11:03 . 2011-06-16 11:03 -------- d-----w- c:\users\Rogério\AppData\Local\{69DA95C1-24B3-44BD-96E7-5A61FE5DEE94}
2011-06-15 11:24 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-15 11:24 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-15 11:24 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-15 11:24 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-15 11:24 . 2010-12-20 16:35 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-15 11:23 . 2011-05-28 06:08 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-15 11:23 . 2011-05-28 06:04 247808 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2011-06-15 11:23 . 2011-05-28 06:09 638232 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2011-06-15 11:23 . 2011-05-28 06:04 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-15 11:21 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-15 11:21 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-15 11:21 . 2011-05-02 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-06-15 11:08 . 2011-06-15 11:09 -------- d-----w- c:\users\Rogério\AppData\Local\{2838F105-C5E2-4377-9A3E-F4DE88CBE21B}
2011-06-14 11:04 . 2011-06-14 11:04 -------- d-----w- c:\users\Rogério\AppData\Local\{9095F81A-06ED-4D20-B29B-CECE27CE9ABC}
2011-06-13 11:03 . 2011-06-13 11:03 -------- d-----w- c:\users\Rogério\AppData\Local\{2FBBCCB6-809B-4916-9416-2741EE872075}
2011-06-10 11:33 . 2011-06-10 11:33 -------- d-----w- c:\users\Rogério\AppData\Local\{F88E5F75-16A0-4C55-8273-79972CABB36A}
2011-06-09 11:07 . 2011-06-09 11:07 -------- d-----w- c:\users\Rogério\AppData\Local\{0551CE4B-7D47-4CD7-9A6A-38F516AB6EFA}
2011-06-08 11:03 . 2011-06-08 11:03 -------- d-----w- c:\users\Rogério\AppData\Local\{4BBD12B4-7BAC-4DBD-8A22-17D49616A38B}
2011-06-07 11:06 . 2011-06-07 11:06 -------- d-----w- c:\users\Rogério\AppData\Local\{E777F6B7-9003-4D53-BAA6-8CD205C6FFA9}
2011-06-06 11:09 . 2011-06-06 11:09 -------- d-----w- c:\users\Rogério\AppData\Local\{CBF3A21E-A66C-4AF0-B6A2-04419F24EB03}
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-24 22:14 . 2009-10-03 21:55 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-04 07:52 . 2010-07-20 11:20 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-18 18:14 . 2009-11-23 17:56 46664 ----a-w- c:\windows\system32\drivers\GbpKm.sys
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-19 39408]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 4349952]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-20 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-20 92704]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"BigDog305"="c:\windows\VM305_STI.EXE" [2007-04-09 61440]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDFSTab"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDFSTab"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]
2011-04-18 18:12 496072 ----a-w- c:\program files\GbPlugin\gbiehcef.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKsl0d104e97;MpKsl0d104e97;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B04ADBF4-40FB-4384-AF73-70695076AA4F}\MpKsl0d104e97.sys [x]
R1 MpKslb983d8a5;MpKslb983d8a5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4F62E028-774C-4B10-8637-35C2B244D186}\MpKslb983d8a5.sys [x]
R1 MpKslbd156ced;MpKslbd156ced;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CA603FC4-1CA9-40E5-B342-7A40CDCBB0A5}\MpKslbd156ced.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 135664]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
R3 gupdatem;Serviço do Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 135664]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2011-04-18 46664]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]
S3 vvftav;vvftav;c:\windows\system32\drivers\vvftav.sys [2007-04-09 474368]
S3 ZSMC0305;USB PC Camera VC305;c:\windows\system32\Drivers\usbVM305.sys [2007-04-09 1466624]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2011-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 12:09]
.
2011-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 12:09]
.
2015-12-01 c:\windows\Tasks\User_Feed_Synchronization-{69E97E79-0A48-4459-AE04-B1CB8FA10E3D}.job
- c:\windows\system32\msfeedssync.exe [2011-06-15 04:32]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com.br/
mSearch Bar = hxxp://www.google.com
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5AB88739-4672-4FE1-BCED-159CF30C8346}: NameServer = 208.67.222.222,208.67.220.220
.
- - - - ORFÃOS REMOVIDOS - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-ares - c:\program files\Ares\Ares.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-04 09:51
Windows 6.0.6002 Service Pack 2 NTFS
.
Procurando processos ocultos ...
.
Procurando entradas auto inicializáveis ocultas ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????@?@??????????????????????????
.
Procurando ficheiros/arquivos ocultos ...
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Outros Processos em Execução ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\msiexec.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\windows\PEV.exe
c:\windows\system32\WerCon.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Tempo para conclusão: 2011-07-04 09:55:51 - Máquina reiniciou
ComboFix-quarantined-files.txt 2011-07-04 12:55
.
Pré-execução: 60.183.695.360 bytes disponíveis
Pós execução: 64.688.521.216 bytes disponíveis
.
- - End Of File - - 31640C914ADAF2CE4DCF3280275A1F27

Thx Again

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:06 AM

Posted 04 July 2011 - 09:12 PM

Clear your Java Cache

  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Rogerio025

Rogerio025
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 05 July 2011 - 07:17 AM

Hi Gringo,

Everything looks nice, but still got error with MSN Live 2011 (Live Essentials), I did uninstall Live Messenger 2009 and reinstall Live 2011 and got no contacts online, every body is offline. I atached 2 images.

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Versão da Base de Dados: 7026

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19088

05/07/2011 08:41:05
mbam-log-2011-07-05 (08-41-05).txt

Tipo de Verificação: Verificação Rápida
Objetos escaneados: 156882
Tempo decorrido: 13 minuto(s), 34 segundo(s)

Processos de Memória Infectados: 0
Módulos de Memória Infectados: 0
Chaves de Registro Infectadas: 0
Valores de Registro Infectados: 0
Itens de Dados no Registro Infectados: 0
Pastas Infectadas: 0
Arquivos Infectados: 0

Processos de Memória Infectados:
(Não foram detectados ítens maliciosos)

Módulos de Memória Infectados:
(Não foram detectados ítens maliciosos)

Chaves de Registro Infectadas:
(Não foram detectados ítens maliciosos)

Valores de Registro Infectados:
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Infectados:
(Não foram detectados ítens maliciosos)

Pastas Infectadas:
(Não foram detectados ítens maliciosos)

Arquivos Infectados:
(Não foram detectados ítens maliciosos)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 08:49:10, on 05/07/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19088)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WerCon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Windows\vm305_sti.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BigDog305] C:\Windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5AB88739-4672-4FE1-BCED-159CF30C8346}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: GbPluginCef - C:\Program Files\GbPlugin\gbiehCef.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\PROGRA~1\GbPlugin\GbpSv.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 7593 bytes

Thx again

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:06 AM

Posted 05 July 2011 - 07:45 AM

Greetings

but still got error with MSN Live 2011 (Live Essentials),
this I don't have any idea about and when we are finished you may have to ask in another part of the forum

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded startup entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [BigDog305] C:\Windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brakets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the activex control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard and paste the results here in this topic
  • you may also find here C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Rogerio025

Rogerio025
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 06 July 2011 - 12:47 PM

Hi Gringo

I really appreciated your help and your Time.
System is running very well, only issue with Live Messenger, Now that we are cleanning here I will open a topic in the correct forum for that.

ESET did not find any problem.

Thx Againg.

Attached Files

  • Attached File  Eset.jpg   43.51KB   1 downloads


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:06 AM

Posted 06 July 2011 - 01:32 PM

Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

Any programs and logs that are left over you can just be deleted from the desktop. TFC is a free temp file cleaner that is very easy to use, I would keep this and use before you do any scans or when you want to free up some space.

:DeFogger:

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
Your Emulation drivers are now re-enabled.


:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image


:remove tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.


:Make your Internet Explorer more secure:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.


:Make Firefox more secure:

please visit this page to explain how to make Firefox more secure - How to Secure Firefox


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector


:Turn On Automatic Updates:

Turn On Automatic Updates
1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

:antispyware programs:

I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:

  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often.

Here is some great reading about how to be safer online:

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum
and
COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:06 AM

Posted 09 July 2011 - 03:05 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users