Help with Malware Removal

**pedrodsky1** · 2011-03-19, 15:10

Hope you can help me with this problem.A friend of mine tried to formatted my netbook,which was known already as having malware.
this is the log of DDS
DDS (Ver_09-06-26.01) - NTFSx86
Run by Joao at 13:50:37,40 on 19-03-2011
Internet Explorer: 8.0.6001.19019
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.351.1033.18.1014.139 [GMT 0:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\conime.exe
C:\Windows\system32\wgaer_m.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\mcbuilder.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Joao\Downloads\dds.scr

============== Pseudo HJT Report ===============

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
StartupFolder: c:\users\joao\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\joao\appdata\roaming\mozilla\firefox\profiles\el0zyx9t.default\
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.il", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgba3a4f16a", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgba3a4fra", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--wgbl6a", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", "-1");
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); // now unused
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.delay", 50);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 27216]

=============== Created Last 30 ================

2011-03-19 13:33 <DIR> --d----- c:\program files\Trend Micro
2011-03-17 13:32 4,152,184 a------- c:\windows\system32\wgaer_m.exe
2011-03-17 13:32 1,303 a------- c:\windows\system32\WGAScanner.xml
2011-03-17 08:43 <DIR> --d----- c:\windows\Panther
2011-03-17 08:43 8,192 a--s-r-- C:\BOOTSECT.BAK
2011-03-17 08:43 333,203 a--shr-- C:\bootmgr
2011-03-17 08:43 <DIR> --d----- C:\Boot
2011-03-17 08:19 80,896 a------- c:\windows\system32\MSNP.ax
2011-03-17 08:19 293,376 a------- c:\windows\system32\psisdecd.dll
2011-03-17 08:19 217,088 a------- c:\windows\system32\psisrndr.ax
2011-03-17 07:37 <DIR> --d----- c:\users\joao\appdata\roaming\AVG10
2011-03-17 04:40 293,376 a------- c:\windows\system32\browserchoice.exe
2011-03-17 04:05 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2011-03-17 04:05 97,800 a------- c:\windows\system32\infocardapi.dll
2011-03-17 04:05 622,080 a------- c:\windows\system32\icardagt.exe
2011-03-17 04:05 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2011-03-17 04:05 37,384 a------- c:\windows\system32\infocardcpl.cpl
2011-03-17 04:05 11,264 a------- c:\windows\system32\icardres.dll
2011-03-17 04:05 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2011-03-17 04:05 326,160 a------- c:\windows\system32\PresentationHost.exe
2011-03-17 03:53 96,760 a------- c:\windows\system32\dfshim.dll
2011-03-17 03:53 282,112 a------- c:\windows\system32\mscoree.dll
2011-03-17 03:53 41,984 a------- c:\windows\system32\netfxperf.dll
2011-03-17 03:53 158,720 a------- c:\windows\system32\mscorier.dll
2011-03-17 03:53 83,968 a------- c:\windows\system32\mscories.dll
2011-03-17 03:47 24,064 a------- c:\windows\system32\nshhttp.dll
2011-03-17 03:47 411,136 a------- c:\windows\system32\drivers\http.sys
2011-03-17 03:47 31,232 a------- c:\windows\system32\httpapi.dll
2011-03-17 03:46 231,936 a------- c:\windows\system32\msshsq.dll
2011-03-17 03:42 2,048 a------- c:\windows\system32\winrsmgr.dll
2011-03-17 03:37 409,600 a------- c:\windows\system32\odbc32.dll
2011-03-17 03:37 2,927,104 a------- c:\windows\explorer.exe
2011-03-17 03:37 213,504 a------- c:\windows\system32\msv1_0.dll
2011-03-17 03:37 1,399,296 a------- c:\windows\system32\msxml6.dll
2011-03-17 03:36 104,960 a------- c:\windows\system32\netiohlp.dll
2011-03-17 03:36 27,136 a------- c:\windows\system32\NETSTAT.EXE
2011-03-17 03:36 19,968 a------- c:\windows\system32\ARP.EXE
2011-03-17 03:36 17,920 a------- c:\windows\system32\ROUTE.EXE
2011-03-17 03:36 17,920 a------- c:\windows\system32\netevent.dll
2011-03-17 03:36 11,264 a------- c:\windows\system32\MRINFO.EXE
2011-03-17 03:36 10,240 a------- c:\windows\system32\finger.exe
2011-03-17 03:36 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2011-03-17 03:36 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2011-03-17 03:36 2,868,224 a------- c:\windows\system32\mf.dll
2011-03-17 03:34 2,038,784 a------- c:\windows\system32\win32k.sys
2011-03-17 03:34 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2011-03-17 03:34 376,832 a------- c:\windows\system32\winhttp.dll
2011-03-17 03:34 81,920 a------- c:\windows\system32\iccvid.dll
2011-03-17 03:34 274,432 a------- c:\windows\system32\schannel.dll
2011-03-17 03:34 126,464 a------- c:\windows\system32\spoolsv.exe
2011-03-17 03:34 296,960 a------- c:\windows\system32\gdi32.dll
2011-03-17 03:34 67,072 a------- c:\windows\system32\asycfilt.dll
2011-03-17 03:34 738,304 a------- c:\windows\system32\inetcomm.dll
2011-03-17 03:34 562,176 a------- c:\windows\system32\msdtcprx.dll
2011-03-17 03:34 38,912 a------- c:\windows\system32\xolehlp.dll
2011-03-17 03:33 71,680 a------- c:\windows\system32\atl.dll
2011-03-17 03:33 160,256 a------- c:\windows\system32\wkssvc.dll
2011-03-17 03:32 28,672 a------- c:\windows\system32\Apphlpdm.dll
2011-03-17 03:32 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2011-03-17 03:32 499,712 a------- c:\windows\system32\kerberos.dll
2011-03-17 03:32 175,104 a------- c:\windows\system32\wdigest.dll
2011-03-17 03:32 1,256,448 a------- c:\windows\system32\lsasrv.dll
2011-03-17 03:32 439,896 a------- c:\windows\system32\drivers\ksecdd.sys
2011-03-17 03:32 72,704 a------- c:\windows\system32\secur32.dll
2011-03-17 03:32 9,728 a------- c:\windows\system32\lsass.exe
2011-03-17 03:31 636,928 a------- c:\windows\system32\localspl.dll
2011-03-17 03:31 2,048 a------- c:\windows\system32\tzres.dll
2011-03-17 03:31 36,352 a------- c:\windows\system32\rtutils.dll
2011-03-17 03:29 329,216 a------- c:\windows\system32\msdrm.dll
2011-03-17 03:29 151,040 a------- c:\windows\system32\secproc_ssp_isv.dll
2011-03-17 03:29 151,040 a------- c:\windows\system32\secproc_ssp.dll
2011-03-17 03:21 898,952 a------- c:\windows\system32\drivers\tcpip.sys
2011-03-17 03:18 996,352 a------- c:\windows\system32\WMNetMgr.dll
2011-03-17 03:18 94,720 a------- c:\windows\system32\logagent.exe
2011-03-17 03:18 313,344 a------- c:\windows\system32\wmpdxm.dll
2011-03-17 03:18 43,520 a------- c:\windows\system32\msdxm.tlb
2011-03-17 03:18 18,432 a------- c:\windows\system32\amcompat.tlb
2011-03-17 03:18 13,824 a------- c:\windows\system32\apilogen.dll
2011-03-17 03:16 351,232 a------- c:\windows\system32\WSDApi.dll
2011-03-17 03:09 <DIR> --d-h--- c:\programdata\Common Files
2011-03-17 03:09 <DIR> --d-h--- c:\progra~2\Common Files
2011-03-17 03:05 <DIR> --d----- c:\windows\system32\drivers\AVG
2011-03-17 03:05 <DIR> --d----- c:\programdata\AVG10
2011-03-17 03:05 <DIR> --d----- c:\progra~2\AVG10
2011-03-17 03:03 <DIR> --d----- c:\program files\AVG
2011-03-17 03:02 31,744 a------- c:\windows\system32\msvidc32.dll
2011-03-17 03:02 50,176 a------- c:\windows\system32\iyuv_32.dll
2011-03-17 03:02 22,528 a------- c:\windows\system32\msyuv.dll
2011-03-17 03:02 13,312 a------- c:\windows\system32\msrle32.dll
2011-03-17 03:02 11,776 a------- c:\windows\system32\tsbyuv.dll
2011-03-17 03:02 123,904 a------- c:\windows\system32\msvfw32.dll
2011-03-17 03:02 91,136 a------- c:\windows\system32\avifil32.dll
2011-03-17 03:02 82,944 a------- c:\windows\system32\mciavi32.dll
2011-03-17 03:02 65,024 a------- c:\windows\system32\avicap32.dll
2011-03-17 02:11 310,784 a------- c:\windows\system32\unregmp2.exe
2011-03-17 02:11 7,680 a------- c:\windows\system32\spwmp.dll
2011-03-17 02:11 4,096 a------- c:\windows\system32\msdxm.ocx
2011-03-17 02:11 4,096 a------- c:\windows\system32\dxmasf.dll
2011-03-17 02:09 604,672 a------- c:\windows\system32\WMSPDMOD.DLL
2011-03-17 02:06 <DIR> --d----- c:\programdata\MFAData
2011-03-17 02:06 <DIR> --d----- c:\progra~2\MFAData
2011-03-17 01:56 <DIR> --dsh--- C:\$RECYCLE.BIN
2011-03-17 01:39 256,512 a------- c:\windows\PEV.exe
2011-03-17 01:39 161,792 a------- c:\windows\SWREG.exe
2011-03-17 01:39 98,816 a------- c:\windows\sed.exe
2011-03-17 01:39 89,088 a------- c:\windows\MBR.exe
2011-03-17 01:33 171,520 a------- c:\windows\system32\wintrust.dll
2011-03-17 01:33 98,304 a------- c:\windows\system32\cabview.dll
2011-03-17 01:17 2,421,760 a------- c:\windows\system32\wucltux.dll
2011-03-17 01:16 87,552 a------- c:\windows\system32\wudriver.dll
2011-03-17 01:16 171,608 a------- c:\windows\system32\wuwebv.dll
2011-03-17 01:16 33,792 a------- c:\windows\system32\wuapp.exe
2011-03-17 01:07 156,771 a------- c:\windows\system32\netathr.inf
2011-03-17 01:07 49,217 a------- c:\windows\system32\athrext.cat
2011-03-17 01:07 1,183,744 a------- c:\windows\system32\drivers\athr.sys
2011-03-17 01:07 1,183,744 a------- c:\windows\system32\athr.sys
2011-03-17 01:07 397,312 a------- c:\windows\system32\athihvs.dll
2011-03-17 01:07 61,440 a------- c:\windows\system32\athihvui.dll
2011-03-17 01:07 <DIR> --d----- c:\windows\system32\nn-NO
2011-03-17 01:07 <DIR> --d----- c:\program files\Atheros
2011-03-17 01:07 <DIR> --d----- c:\program files\Cisco
2011-03-17 01:06 <DIR> --dsh--- c:\windows\Installer
2011-03-17 01:06 <DIR> --d----- c:\programdata\Atheros
2011-03-17 01:06 <DIR> --d----- c:\progra~2\Atheros
2011-03-17 01:05 14,592 a------- c:\windows\system32\results.xml
2011-03-17 01:02 1,002,008 a------- c:\windows\system32\igxpun.exe
2011-03-17 01:02 319,456 a------- c:\windows\system32\difxapi.dll
2011-03-17 01:02 <DIR> --d----- c:\windows\system32\Lang
2011-03-17 01:02 <DIR> --d----- C:\Intel
2011-03-17 00:56 <DIR> --d----- c:\users\Joao
2011-03-17 00:50 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf

==================== Find3M ====================

2011-03-17 01:08 51,200 a------- c:\windows\inf\infpub.dat
2011-03-17 01:08 86,016 a------- c:\windows\inf\infstrng.dat
2011-03-17 01:08 86,016 a------- c:\windows\inf\infstor.dat
2011-01-08 07:50 34,304 a------- c:\windows\system32\atmlib.dll
2011-01-08 05:57 292,352 a------- c:\windows\system32\atmfd.dll
2010-12-29 17:41 323,072 a------- c:\windows\system32\sbe.dll
2010-12-29 17:41 153,088 a------- c:\windows\system32\sbeio.dll
2010-12-29 17:41 429,056 a------- c:\windows\system32\EncDec.dll
2008-06-12 00:03 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-21 02:41 174 a--sh--- c:\program files\desktop.ini
2006-11-02 12:40 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:40 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 12:40 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:40 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 09:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-04-09 23:35 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 13:57:05,99 ===============

**Blade81** · 2011-03-20, 16:49

Hi,

Please do NOT run 'FIXES' (ComboFix etc) without being asked (ran ComboFix though it shouldn't be used without supervision).

Look for c:\ComboFix.txt file and post back its contents. What are the existing symptoms?

**pedrodsky1** · 2011-03-20, 23:50

thanks for your reply.the laptop opens windows of "windows explorer" all the time.Also noticed that opens the "search finder" in any browser(firefox,IE,etc).
here´s the combofix log
ComboFix 11-03-15.02 - Joao 17-03-2011 1:41.1.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.351.1033.18.1014.230 [GMT 0:00]
Executando de: F:\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2011-02-17 to 2011-03-17 ))))))))))))))))))))))))))))
.
.
2011-03-17 08:43 . 2011-03-17 00:52 -------- d-----w- c:\windows\Panther
2011-03-17 08:43 . 2011-03-17 08:43 -------- d-----w- C:\Boot
2011-03-17 01:50 . 2011-03-17 01:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-17 01:33 . 2010-01-15 00:04 98304 ----a-w- c:\windows\system32\cabview.dll
2011-03-17 01:17 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2011-03-17 01:17 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2011-03-17 01:17 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2011-03-17 01:17 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2011-03-17 01:16 . 2011-03-17 01:16 -------- d-----w- c:\windows\system32\Macromed
2011-03-17 01:16 . 2009-08-06 19:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2011-03-17 01:16 . 2009-08-06 18:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2011-03-17 01:07 . 2011-03-17 01:07 -------- d-----w- c:\windows\system32\nn-NO
2011-03-17 01:07 . 2009-09-14 10:00 61440 ----a-w- c:\windows\system32\athihvui.dll
2011-03-17 01:07 . 2009-09-14 10:00 397312 ----a-w- c:\windows\system32\athihvs.dll
2011-03-17 01:07 . 2009-09-05 22:25 1183744 ----a-w- c:\windows\system32\drivers\athr.sys
2011-03-17 01:07 . 2009-09-05 22:25 1183744 ----a-w- c:\windows\system32\athr.sys
2011-03-17 01:07 . 2011-03-17 01:07 -------- d-----w- c:\program files\Atheros
2011-03-17 01:07 . 2011-03-17 01:07 -------- d-----w- c:\program files\Cisco
2011-03-17 01:07 . 2011-03-17 01:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2011-03-17 01:06 . 2011-03-17 01:07 -------- d-sh--w- c:\windows\Installer
2011-03-17 01:06 . 2011-03-17 01:08 -------- d-----w- c:\programdata\Atheros
2011-03-17 01:02 . 2011-03-17 01:02 -------- d-----w- c:\windows\system32\Lang
2011-03-17 01:02 . 2009-08-14 15:12 1002008 ----a-w- c:\windows\system32\igxpun.exe
2011-03-17 01:02 . 2006-11-10 09:25 319456 ----a-w- c:\windows\system32\difxapi.dll
2011-03-17 01:02 . 2011-03-17 01:02 -------- d-----w- C:\Intel
2011-03-17 00:56 . 2011-03-17 01:08 -------- d-----w- c:\users\Joao
2011-03-17 00:55 . 2011-03-17 00:59 -------- d-----w- c:\windows\Debug
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-14 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-14 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-14 150552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
--- =Outros Serviços/Drivers Na Memória ---
.
*NewlyCreated* - NATIVEWIFIP
*NewlyCreated* - NDISUIO
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-17 01:50
Windows 6.0.6001 Service Pack 1 NTFS
.
Procurando processos ocultos ...
.
Procurando entradas auto inicializáveis ocultas ...
.
Procurando ficheiros/arquivos ocultos ...
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Tempo para conclusão: 2011-03-17 01:58:02
ComboFix-quarantined-files.txt 2011-03-17 01:57
.
Pré-execução: 65.461.342.208 bytes free
Pós execução: 65.410.342.912 bytes free
.
- - End Of File - - 50B5F74053338761DBABE38F8FBCFCBD

**Blade81** · 2011-03-21, 07:50

Hi,

Run ComboFix again and let it update itself when prompted. Post back the report.

**pedrodsky1** · 2011-03-21, 12:44

Hi,this is the new report
ComboFix 11-03-15.02 - Joao 21-03-2011 11:37:00.2.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.351.1033.18.1014.255 [GMT 0:00]
Executando de: F:\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
- MODO DE FUNCIONALIDADE REDUZIDA -
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2011-02-21 to 2011-03-21 ))))))))))))))))))))))))))))
.
.
2011-03-21 11:38 . 2011-03-21 11:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-20 15:29 . 2007-07-19 23:55 233888 ----a-w- c:\windows\system32\DreamScene.dll
2011-03-20 15:28 . 2008-07-12 08:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2011-03-20 15:27 . 2008-09-12 04:46 2048 ----a-w- c:\program files\Microsoft Games\Tinker\SparkResource.dll
2011-03-20 15:27 . 2008-09-12 04:46 333312 ----a-w- c:\program files\Microsoft Games\Tinker\SparkGDF.dll
2011-03-20 15:27 . 2008-09-12 04:46 1307136 ----a-w- c:\program files\Microsoft Games\Tinker\Tinker.exe
2011-03-20 15:27 . 2011-03-20 15:27 -------- d-----w- c:\program files\BitLocker
2011-03-20 15:25 . 2007-02-22 02:26 1171848 ----a-w- c:\windows\system32\SecureKeyBackupCPL.dll
2011-03-20 15:24 . 2009-06-03 23:56 675152 ----a-w- c:\windows\system32\gpprefcl.dll
2011-03-20 15:21 . 2007-02-21 19:46 1496912 ----a-w- c:\program files\Microsoft Games\HoldEm\HoldEm.exe
2011-03-20 15:17 . 2011-03-20 15:17 -------- d-----w- c:\windows\pt-PT
2011-03-20 15:17 . 2011-03-20 15:17 -------- d-----w- c:\windows\system32\drivers\pt-PT
2011-03-20 15:17 . 2011-03-20 15:17 -------- d-----w- c:\windows\system32\drivers\UMDF\pt-PT
2011-03-20 15:17 . 2011-03-20 15:17 -------- d-----w- c:\windows\system32\0816
2011-03-20 15:17 . 2011-03-20 15:25 -------- d-----w- c:\windows\system32\wbem\pt-PT
2011-03-20 15:17 . 2011-03-20 15:17 -------- d-----w- c:\windows\system32\pt
2011-03-20 15:09 . 2011-03-20 15:09 40960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\pt\Microsoft.Ink.Resources.dll
2011-03-20 15:05 . 2011-03-20 15:05 4096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\pt-PT\LMPRTPRC.DLL.mui
2011-03-19 14:01 . 2010-09-06 16:24 125952 ----a-w- c:\windows\system32\srvsvc.dll
2011-03-19 14:01 . 2010-09-06 14:13 303616 ----a-w- c:\windows\system32\drivers\srv.sys
2011-03-19 14:01 . 2010-09-06 14:12 101888 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-03-19 14:01 . 2010-09-06 14:12 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-03-19 14:01 . 2010-09-06 16:23 17920 ----a-w- c:\windows\system32\netevent.dll
2011-03-19 14:01 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2011-03-19 14:01 . 2009-08-24 12:16 378368 ----a-w- c:\windows\system32\winhttp.dll
2011-03-19 14:00 . 2010-05-27 19:16 738816 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-19 13:42 . 2011-03-19 13:42 -------- d-----w- c:\program files\ERUNT
2011-03-19 13:39 . 2011-03-19 13:39 -------- d-----w- c:\program files\Microsoft.NET
2011-03-19 13:36 . 2009-11-08 10:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-03-19 13:36 . 2009-11-08 10:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-03-19 13:36 . 2009-11-08 10:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-03-19 13:36 . 2009-11-08 10:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-03-19 13:36 . 2009-11-08 10:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-03-19 13:33 . 2011-03-19 13:33 -------- d-----w- c:\program files\Trend Micro
2011-03-17 08:43 . 2011-03-17 00:52 -------- d-----w- c:\windows\Panther
2011-03-17 08:43 . 2011-03-17 08:43 -------- d-----w- C:\Boot
2011-03-17 08:19 . 2010-04-14 17:46 80896 ----a-w- c:\windows\system32\MSNP.ax
2011-03-17 08:19 . 2010-04-14 17:47 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-03-17 08:19 . 2010-04-14 17:47 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-03-17 07:44 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-03-17 04:40 . 2010-02-12 10:48 293376 ----a-w- c:\windows\system32\browserchoice.exe
2011-03-17 04:05 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2011-03-17 04:05 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2011-03-17 04:05 . 2008-06-20 01:14 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2011-03-17 04:05 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2011-03-17 04:05 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2011-03-17 04:05 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2011-03-17 03:53 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2011-03-17 03:53 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2011-03-17 03:47 . 2010-02-20 23:39 24064 ----a-w- c:\windows\system32\nshhttp.dll
2011-03-17 03:47 . 2010-02-20 21:18 411136 ----a-w- c:\windows\system32\drivers\http.sys
2011-03-17 03:47 . 2010-02-20 23:37 31232 ----a-w- c:\windows\system32\httpapi.dll
2011-03-17 03:46 . 2010-09-20 09:25 231936 ----a-w- c:\windows\system32\msshsq.dll
2011-03-17 03:42 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-03-17 03:37 . 2010-12-28 14:57 409600 ----a-w- c:\windows\system32\odbc32.dll
2011-03-17 03:37 . 2010-12-28 14:56 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-03-17 03:37 . 2010-12-28 14:56 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2011-03-17 03:37 . 2010-12-28 14:56 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-03-17 03:37 . 2010-12-28 14:56 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-03-17 03:37 . 2010-12-28 14:56 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-03-17 03:37 . 2008-10-29 06:29 2927104 ----a-w- c:\windows\explorer.exe
2011-03-17 03:37 . 2009-09-10 17:30 213504 ----a-w- c:\windows\system32\msv1_0.dll
2011-03-17 03:37 . 2009-08-10 11:01 1399296 ----a-w- c:\windows\system32\msxml6.dll
2011-03-17 03:36 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll
2011-03-17 03:36 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2011-03-17 03:36 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2011-03-17 03:36 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2011-03-17 03:36 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2011-03-17 03:36 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE
2011-03-17 03:36 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2011-03-17 03:36 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe
2011-03-17 03:36 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\system32\mf.dll
2011-03-17 03:34 . 2010-12-31 13:25 2038784 ----a-w- c:\windows\system32\win32k.sys
2011-03-17 03:34 . 2008-10-22 03:57 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2011-03-17 03:34 . 2010-05-27 19:16 81920 ----a-w- c:\windows\system32\iccvid.dll
2011-03-17 03:34 . 2010-08-10 15:02 274432 ----a-w- c:\windows\system32\schannel.dll
2011-03-17 03:34 . 2010-08-17 13:32 126464 ----a-w- c:\windows\system32\spoolsv.exe
2011-03-17 03:34 . 2010-10-12 13:52 515584 ----a-w- c:\program files\Windows Mail\wab.exe
2011-03-17 03:34 . 2010-10-12 15:48 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll
2011-03-17 03:34 . 2010-10-12 13:52 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe
2011-03-17 03:34 . 2008-10-21 05:25 296960 ----a-w- c:\windows\system32\gdi32.dll
2011-03-17 03:34 . 2010-04-05 16:07 67072 ----a-w- c:\windows\system32\asycfilt.dll
2011-03-17 03:34 . 2010-01-29 16:22 1616384 ----a-w- c:\program files\Windows Mail\msoe.dll
2011-03-17 03:34 . 2008-06-06 03:27 38912 ----a-w- c:\windows\system32\xolehlp.dll
2011-03-17 03:34 . 2008-06-06 03:27 562176 ----a-w- c:\windows\system32\msdtcprx.dll
2011-03-17 03:33 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2011-03-17 03:33 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2011-03-17 03:32 . 2010-08-26 16:01 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-03-17 03:32 . 2010-08-26 14:11 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-03-17 03:32 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2011-03-17 03:32 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2011-03-17 03:32 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2011-03-17 03:32 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2011-03-17 03:32 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2011-03-17 03:32 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2011-03-17 03:31 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2011-03-17 03:31 . 2011-01-06 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-03-17 03:31 . 2010-10-28 12:56 2048 ----a-w- c:\windows\system32\tzres.dll
2011-03-17 03:31 . 2010-06-18 16:43 36352 ----a-w- c:\windows\system32\rtutils.dll
2011-03-17 03:29 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2011-03-17 03:29 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2011-03-17 03:29 . 2010-01-25 12:45 329216 ----a-w- c:\windows\system32\msdrm.dll
2011-03-17 03:21 . 2010-06-16 15:59 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-03-17 03:18 . 2008-06-23 01:59 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2011-03-17 03:18 . 2008-06-23 01:58 94720 ----a-w- c:\windows\system32\logagent.exe
2011-03-17 03:18 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2011-03-17 03:18 . 2009-07-14 08:30 43520 ----a-w- c:\windows\system32\msdxm.tlb
2011-03-17 03:18 . 2009-07-14 08:30 18432 ----a-w- c:\windows\system32\amcompat.tlb
2011-03-17 03:18 . 2009-03-17 03:38 13824 ----a-w- c:\windows\system32\apilogen.dll
2011-03-17 03:16 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi.dll
2011-03-17 03:09 . 2011-03-17 03:09 -------- d--h--w- c:\programdata\Common Files
2011-03-17 03:05 . 2011-03-21 11:24 -------- d-----w- c:\programdata\AVG10
2011-03-17 03:02 . 2009-12-28 12:32 31744 ----a-w- c:\windows\system32\msvidc32.dll
2011-03-17 03:02 . 2009-12-28 12:35 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2011-03-17 03:02 . 2009-12-28 12:32 22528 ----a-w- c:\windows\system32\msyuv.dll
2011-03-17 03:02 . 2009-12-28 12:32 13312 ----a-w- c:\windows\system32\msrle32.dll
2011-03-17 03:02 . 2009-12-28 12:31 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2011-03-17 03:02 . 2009-12-28 12:32 123904 ----a-w- c:\windows\system32\msvfw32.dll
2011-03-17 03:02 . 2009-12-28 12:31 82944 ----a-w- c:\windows\system32\mciavi32.dll
2011-03-17 03:02 . 2009-12-28 12:28 91136 ----a-w- c:\windows\system32\avifil32.dll
2011-03-17 03:02 . 2009-12-28 12:28 65024 ----a-w- c:\windows\system32\avicap32.dll
2011-03-17 02:11 . 2009-09-10 15:21 1418752 ----a-w- c:\program files\Windows Media Player\setup_wm.exe
2011-03-17 02:11 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
2011-03-17 02:11 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2011-03-17 02:11 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\msdxm.ocx
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-20 15:10 . 2011-03-20 15:10 5120 ----a-w- c:\windows\system32\drivers\pt-PT\tpm.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 5632 ----a-w- c:\windows\system32\drivers\pt-PT\kbdclass.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 3072 ----a-w- c:\windows\system32\drivers\pt-PT\kbdhid.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 12288 ----a-w- c:\windows\system32\drivers\pt-PT\i8042prt.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 7680 ----a-w- c:\windows\system32\drivers\pt-PT\luafv.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 5120 ----a-w- c:\windows\system32\drivers\pt-PT\e100b325.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 21504 ----a-w- c:\windows\system32\drivers\pt-PT\e1e6032.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 21504 ----a-w- c:\windows\system32\drivers\pt-PT\viac7.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 21504 ----a-w- c:\windows\system32\drivers\pt-PT\processr.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 21504 ----a-w- c:\windows\system32\drivers\pt-PT\crusoe.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 21504 ----a-w- c:\windows\system32\drivers\pt-PT\amdk8.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 21504 ----a-w- c:\windows\system32\drivers\pt-PT\intelppm.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 21504 ----a-w- c:\windows\system32\drivers\pt-PT\amdk7.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 10240 ----a-w- c:\windows\system32\drivers\pt-PT\battc.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 18432 ----a-w- c:\windows\system32\drivers\pt-PT\E1G60I32.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 5632 ----a-w- c:\windows\system32\drivers\pt-PT\b57nd60x.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 3072 ----a-w- c:\windows\system32\drivers\pt-PT\wdf01000.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 9728 ----a-w- c:\windows\system32\drivers\pt-PT\pci.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 4608 ----a-w- c:\windows\system32\drivers\pt-PT\isapnp.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 3584 ----a-w- c:\windows\system32\drivers\pt-PT\mssmbios.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 3072 ----a-w- c:\windows\system32\drivers\pt-PT\NV_AGP.SYS.mui
2011-03-20 15:09 . 2011-03-20 15:09 27648 ----a-w- c:\windows\system32\drivers\pt-PT\mpio.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 3072 ----a-w- c:\windows\system32\drivers\pt-PT\VIAAGP.SYS.mui
2011-03-20 15:09 . 2011-03-20 15:09 3072 ----a-w- c:\windows\system32\drivers\pt-PT\ULIAGPKX.SYS.mui
2011-03-20 15:09 . 2011-03-20 15:09 3072 ----a-w- c:\windows\system32\drivers\pt-PT\SISAGP.SYS.mui
2011-03-20 15:09 . 2011-03-20 15:09 3072 ----a-w- c:\windows\system32\drivers\pt-PT\AMDAGP.SYS.mui
2011-03-20 15:09 . 2011-03-20 15:09 3072 ----a-w- c:\windows\system32\drivers\pt-PT\AGP440.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 40960 ----a-w- c:\windows\system32\drivers\pt-PT\http.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 10752 ----a-w- c:\windows\system32\drivers\pt-PT\acpi.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 36864 ----a-w- c:\windows\system32\drivers\pt-PT\volsnap.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 6144 ----a-w- c:\windows\system32\drivers\pt-PT\sermouse.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 5632 ----a-w- c:\windows\system32\drivers\pt-PT\mouclass.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 3584 ----a-w- c:\windows\system32\drivers\pt-PT\mouhid.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 14848 ----a-w- c:\windows\system32\drivers\pt-PT\fvevol.sys.mui
2011-03-20 15:07 . 2011-03-20 15:07 3072 ----a-w- c:\windows\system32\drivers\pt-PT\qwavedrv.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 3584 ----a-w- c:\windows\system32\drivers\pt-PT\serscan.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 4608 ----a-w- c:\windows\system32\drivers\pt-PT\modem.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 4096 ----a-w- c:\windows\system32\drivers\pt-PT\ipnat.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 9728 ----a-w- c:\windows\system32\drivers\pt-PT\afd.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 7680 ----a-w- c:\windows\system32\drivers\pt-PT\bthport.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 6656 ----a-w- c:\windows\system32\drivers\pt-PT\yk60x86.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 3584 ----a-w- c:\windows\system32\drivers\pt-PT\hidbth.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 11264 ----a-w- c:\windows\system32\drivers\pt-PT\ltmdmnt.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 3072 ----a-w- c:\windows\system32\drivers\pt-PT\srv.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 3584 ----a-w- c:\windows\system32\drivers\pt-PT\ati2mpad.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 77824 ----a-w- c:\windows\system32\drivers\pt-PT\ntfs.sys.mui
2011-03-20 15:05 . 2011-03-20 15:05 4608 ----a-w- c:\windows\system32\drivers\pt-PT\ntrigdigi.sys.mui
2011-03-20 15:05 . 2011-03-20 15:05 6656 ----a-w- c:\windows\system32\drivers\UMDF\pt-PT\WpdMtpDr.dll.mui
2011-03-20 15:05 . 2011-03-20 15:05 3584 ----a-w- c:\windows\system32\drivers\pt-PT\parvdm.sys.mui
2011-03-20 15:05 . 2011-03-20 15:05 4608 ----a-w- c:\windows\system32\drivers\pt-PT\parport.sys.mui
2011-03-20 15:05 . 2011-03-20 15:05 11776 ----a-w- c:\windows\system32\drivers\pt-PT\serial.sys.mui
2011-03-20 15:05 . 2011-03-20 15:05 3584 ----a-w- c:\windows\system32\drivers\pt-PT\RNDISMP.sys.mui
2011-03-20 15:05 . 2011-03-20 15:05 12288 ----a-w- c:\windows\system32\drivers\pt-PT\ohci1394.sys.mui
2011-03-20 15:05 . 2011-03-20 15:05 3072 ----a-w- c:\windows\system32\drivers\pt-PT\UAGP35.SYS.mui
2011-03-20 15:05 . 2011-03-20 15:05 3072 ----a-w- c:\windows\system32\drivers\pt-PT\GAGP30KX.SYS.mui
2011-03-20 15:05 . 2011-03-20 15:05 4096 ----a-w- c:\windows\system32\drivers\pt-PT\dxgkrnl.sys.mui
2011-03-20 15:05 . 2011-03-20 15:05 3584 ----a-w- c:\windows\system32\drivers\pt-PT\umbus.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 3584 ----a-w- c:\windows\system32\drivers\pt-PT\Dot4usb.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 2560 ----a-w- c:\windows\system32\drivers\pt-PT\BRPARWDM.SYS.mui
2011-03-20 15:04 . 2011-03-20 15:04 2560 ----a-w- c:\windows\system32\drivers\pt-PT\amdide.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 5632 ----a-w- c:\windows\system32\drivers\pt-PT\fltmgr.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 5632 ----a-w- c:\windows\system32\drivers\pt-PT\bcm4sbxp.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 5120 ----a-w- c:\windows\system32\drivers\pt-PT\bthpan.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 3584 ----a-w- c:\windows\system32\drivers\pt-PT\atikmdag.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 3584 ----a-w- c:\windows\system32\drivers\pt-PT\scsiport.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 5120 ----a-w- c:\windows\system32\drivers\pt-PT\nv4_mini.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 3584 ----a-w- c:\windows\system32\drivers\pt-PT\ati2mtag.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 4608 ----a-w- c:\windows\system32\drivers\pt-PT\wacompen.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 4608 ----a-w- c:\windows\system32\drivers\pt-PT\pscr.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 4096 ----a-w- c:\windows\system32\drivers\pt-PT\SCR111.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 4096 ----a-w- c:\windows\system32\drivers\pt-PT\scmstcs.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 4096 ----a-w- c:\windows\system32\drivers\pt-PT\grserial.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 3584 ----a-w- c:\windows\system32\drivers\pt-PT\stcusb.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 3584 ----a-w- c:\windows\system32\drivers\pt-PT\gpr400.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 3584 ----a-w- c:\windows\system32\drivers\pt-PT\cxbp0wdm.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 3584 ----a-w- c:\windows\system32\drivers\pt-PT\cmbp0wdm.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 3584 ----a-w- c:\windows\system32\drivers\pt-PT\rndismpx.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 3072 ----a-w- c:\windows\system32\drivers\pt-PT\pnpmem.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 2560 ----a-w- c:\windows\system32\drivers\pt-PT\wd.sys.mui
2011-03-20 15:03 . 2011-03-20 15:03 6656 ----a-w- c:\windows\system32\drivers\pt-PT\IPMIDrv.sys.mui
2011-03-20 15:03 . 2011-03-20 15:03 4608 ----a-w- c:\windows\system32\drivers\pt-PT\pcmcia.sys.mui
2011-03-20 15:03 . 2011-03-20 15:03 3584 ----a-w- c:\windows\system32\drivers\pt-PT\pacer.sys.mui
2011-03-20 15:03 . 2011-03-20 15:03 4608 ----a-w- c:\windows\system32\drivers\pt-PT\msdsm.sys.mui
2011-03-20 15:03 . 2011-03-20 15:03 11264 ----a-w- c:\windows\system32\drivers\pt-PT\BrSerId.sys.mui
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-14 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-14 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-14 150552]
.
c:\users\Joao\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
2008-04-11 17:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
2008-08-28 10:50 30720 ----a-w- c:\windows\System32\soundschemes2.exe
.
.
------- Scan Suplementar -------
.
FF - ProfilePath - c:\users\Joao\AppData\Roaming\Mozilla\Firefox\Profiles\el0zyx9t.default\
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-21 11:39
Windows 6.0.6001 Service Pack 1 NTFS
.
Procurando processos ocultos ...
.
Procurando entradas auto inicializáveis ocultas ...
.
Procurando ficheiros/arquivos ocultos ...
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
Tempo para conclusão: 2011-03-21 11:42:09
ComboFix-quarantined-files.txt 2011-03-21 11:42
.
Pré-execução: 49.704.931.328 bytes free
Pós execução: 50.006.245.376 bytes free
.
- - End Of File - - 2E7CE6EFBD2E02DFC6C08CB93917E456

**Blade81** · 2011-03-21, 17:15

Hi,

Please download ComboFix here to your desktop and run it. Post back the report.

**pedrodsky1** · 2011-03-21, 20:46

ComboFix 11-03-21.01 - Joao 21-03-2011 19:15:23.3.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.351.1033.18.1014.352 [GMT 0:00]
Executando de: c:\users\Joao\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
A cópia de c:\windows\system32\Version.dll foi encontrada e desinfectada
Cópia restaurada de - c:\windows\SoftwareDistribution\Download\3bd8fe73c6fda64a95e9e60ac46184d4\x86_microsoft-windows-version_31bf3856ad364e35_6.0.6002.18005_none_16e9c83b4e078740\version.dll
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2011-02-21 to 2011-03-21 ))))))))))))))))))))))))))))
.
.
2011-03-21 19:26 . 2011-03-21 19:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-20 15:29 . 2007-07-19 23:55 233888 ----a-w- c:\windows\system32\DreamScene.dll
2011-03-20 15:28 . 2008-07-12 08:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2011-03-20 15:27 . 2008-09-12 04:46 2048 ----a-w- c:\program files\Microsoft Games\Tinker\SparkResource.dll
2011-03-20 15:27 . 2008-09-12 04:46 333312 ----a-w- c:\program files\Microsoft Games\Tinker\SparkGDF.dll
2011-03-20 15:27 . 2008-09-12 04:46 1307136 ----a-w- c:\program files\Microsoft Games\Tinker\Tinker.exe
2011-03-20 15:27 . 2011-03-20 15:27 -------- d-----w- c:\program files\BitLocker
2011-03-20 15:25 . 2007-02-22 02:26 1171848 ----a-w- c:\windows\system32\SecureKeyBackupCPL.dll
2011-03-20 15:24 . 2009-06-03 23:56 675152 ----a-w- c:\windows\system32\gpprefcl.dll
2011-03-20 15:21 . 2007-02-21 19:46 1496912 ----a-w- c:\program files\Microsoft Games\HoldEm\HoldEm.exe
2011-03-20 15:17 . 2011-03-20 15:17 -------- d-----w- c:\windows\pt-PT
2011-03-20 15:17 . 2011-03-20 15:17 -------- d-----w- c:\windows\system32\drivers\pt-PT
2011-03-20 15:17 . 2011-03-20 15:17 -------- d-----w- c:\windows\system32\drivers\UMDF\pt-PT
2011-03-20 15:17 . 2011-03-20 15:17 -------- d-----w- c:\windows\system32\0816
2011-03-20 15:17 . 2011-03-20 15:25 -------- d-----w- c:\windows\system32\wbem\pt-PT
2011-03-20 15:17 . 2011-03-20 15:17 -------- d-----w- c:\windows\system32\pt
2011-03-20 15:09 . 2011-03-20 15:09 40960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\pt\Microsoft.Ink.Resources.dll
2011-03-20 15:05 . 2011-03-20 15:05 4096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\pt-PT\LMPRTPRC.DLL.mui
2011-03-19 14:01 . 2010-09-06 16:24 125952 ----a-w- c:\windows\system32\srvsvc.dll
2011-03-19 14:01 . 2010-09-06 14:13 303616 ----a-w- c:\windows\system32\drivers\srv.sys
2011-03-19 14:01 . 2010-09-06 14:12 101888 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-03-19 14:01 . 2010-09-06 14:12 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-03-19 14:01 . 2010-09-06 16:23 17920 ----a-w- c:\windows\system32\netevent.dll
2011-03-19 14:01 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2011-03-19 14:01 . 2009-08-24 12:16 378368 ----a-w- c:\windows\system32\winhttp.dll
2011-03-19 14:00 . 2010-05-27 19:16 738816 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-19 13:42 . 2011-03-19 13:42 -------- d-----w- c:\program files\ERUNT
2011-03-19 13:39 . 2011-03-19 13:39 -------- d-----w- c:\program files\Microsoft.NET
2011-03-19 13:36 . 2009-11-08 10:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-03-19 13:36 . 2009-11-08 10:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-03-19 13:36 . 2009-11-08 10:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-03-19 13:36 . 2009-11-08 10:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-03-19 13:36 . 2009-11-08 10:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-03-19 13:33 . 2011-03-19 13:33 -------- d-----w- c:\program files\Trend Micro
2011-03-17 08:43 . 2011-03-17 00:52 -------- d-----w- c:\windows\Panther
2011-03-17 08:43 . 2011-03-17 08:43 -------- d-----w- C:\Boot
2011-03-17 08:19 . 2010-04-14 17:46 80896 ----a-w- c:\windows\system32\MSNP.ax
2011-03-17 08:19 . 2010-04-14 17:47 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-03-17 08:19 . 2010-04-14 17:47 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-03-17 07:44 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-03-17 04:40 . 2010-02-12 10:48 293376 ----a-w- c:\windows\system32\browserchoice.exe
2011-03-17 04:05 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2011-03-17 04:05 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2011-03-17 04:05 . 2008-06-20 01:14 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2011-03-17 04:05 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2011-03-17 04:05 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2011-03-17 04:05 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2011-03-17 03:53 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2011-03-17 03:53 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2011-03-17 03:47 . 2010-02-20 23:39 24064 ----a-w- c:\windows\system32\nshhttp.dll
2011-03-17 03:47 . 2010-02-20 21:18 411136 ----a-w- c:\windows\system32\drivers\http.sys
2011-03-17 03:47 . 2010-02-20 23:37 31232 ----a-w- c:\windows\system32\httpapi.dll
2011-03-17 03:46 . 2010-09-20 09:25 231936 ----a-w- c:\windows\system32\msshsq.dll
2011-03-17 03:42 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-03-17 03:37 . 2010-12-28 14:57 409600 ----a-w- c:\windows\system32\odbc32.dll
2011-03-17 03:37 . 2010-12-28 14:56 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-03-17 03:37 . 2010-12-28 14:56 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2011-03-17 03:37 . 2010-12-28 14:56 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-03-17 03:37 . 2010-12-28 14:56 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-03-17 03:37 . 2010-12-28 14:56 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-03-17 03:37 . 2008-10-29 06:29 2927104 ----a-w- c:\windows\explorer.exe
2011-03-17 03:37 . 2009-09-10 17:30 213504 ----a-w- c:\windows\system32\msv1_0.dll
2011-03-17 03:37 . 2009-08-10 11:01 1399296 ----a-w- c:\windows\system32\msxml6.dll
2011-03-17 03:36 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll
2011-03-17 03:36 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2011-03-17 03:36 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2011-03-17 03:36 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2011-03-17 03:36 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2011-03-17 03:36 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE
2011-03-17 03:36 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2011-03-17 03:36 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe
2011-03-17 03:36 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\system32\mf.dll
2011-03-17 03:34 . 2010-12-31 13:25 2038784 ----a-w- c:\windows\system32\win32k.sys
2011-03-17 03:34 . 2008-10-22 03:57 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2011-03-17 03:34 . 2010-05-27 19:16 81920 ----a-w- c:\windows\system32\iccvid.dll
2011-03-17 03:34 . 2010-08-10 15:02 274432 ----a-w- c:\windows\system32\schannel.dll
2011-03-17 03:34 . 2010-08-17 13:32 126464 ----a-w- c:\windows\system32\spoolsv.exe
2011-03-17 03:34 . 2010-10-12 13:52 515584 ----a-w- c:\program files\Windows Mail\wab.exe
2011-03-17 03:34 . 2010-10-12 15:48 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll
2011-03-17 03:34 . 2010-10-12 13:52 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe
2011-03-17 03:34 . 2008-10-21 05:25 296960 ----a-w- c:\windows\system32\gdi32.dll
2011-03-17 03:34 . 2010-04-05 16:07 67072 ----a-w- c:\windows\system32\asycfilt.dll
2011-03-17 03:34 . 2010-01-29 16:22 1616384 ----a-w- c:\program files\Windows Mail\msoe.dll
2011-03-17 03:34 . 2008-06-06 03:27 38912 ----a-w- c:\windows\system32\xolehlp.dll
2011-03-17 03:34 . 2008-06-06 03:27 562176 ----a-w- c:\windows\system32\msdtcprx.dll
2011-03-17 03:33 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2011-03-17 03:33 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2011-03-17 03:32 . 2010-08-26 16:01 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-03-17 03:32 . 2010-08-26 14:11 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-03-17 03:32 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2011-03-17 03:32 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2011-03-17 03:32 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2011-03-17 03:32 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2011-03-17 03:32 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2011-03-17 03:32 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2011-03-17 03:31 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2011-03-17 03:31 . 2011-01-06 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-03-17 03:31 . 2010-10-28 12:56 2048 ----a-w- c:\windows\system32\tzres.dll
2011-03-17 03:31 . 2010-06-18 16:43 36352 ----a-w- c:\windows\system32\rtutils.dll
2011-03-17 03:29 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2011-03-17 03:29 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2011-03-17 03:29 . 2010-01-25 12:45 329216 ----a-w- c:\windows\system32\msdrm.dll
2011-03-17 03:21 . 2010-06-16 15:59 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-03-17 03:18 . 2008-06-23 01:59 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2011-03-17 03:18 . 2008-06-23 01:58 94720 ----a-w- c:\windows\system32\logagent.exe
2011-03-17 03:18 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2011-03-17 03:18 . 2009-07-14 08:30 43520 ----a-w- c:\windows\system32\msdxm.tlb
2011-03-17 03:18 . 2009-07-14 08:30 18432 ----a-w- c:\windows\system32\amcompat.tlb
2011-03-17 03:18 . 2009-03-17 03:38 13824 ----a-w- c:\windows\system32\apilogen.dll
2011-03-17 03:16 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi.dll
2011-03-17 03:09 . 2011-03-17 03:09 -------- d--h--w- c:\programdata\Common Files
2011-03-17 03:05 . 2011-03-21 11:24 -------- d-----w- c:\programdata\AVG10
2011-03-17 03:02 . 2009-12-28 12:32 31744 ----a-w- c:\windows\system32\msvidc32.dll
2011-03-17 03:02 . 2009-12-28 12:35 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2011-03-17 03:02 . 2009-12-28 12:32 22528 ----a-w- c:\windows\system32\msyuv.dll
2011-03-17 03:02 . 2009-12-28 12:32 13312 ----a-w- c:\windows\system32\msrle32.dll
2011-03-17 03:02 . 2009-12-28 12:31 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2011-03-17 03:02 . 2009-12-28 12:32 123904 ----a-w- c:\windows\system32\msvfw32.dll
2011-03-17 03:02 . 2009-12-28 12:31 82944 ----a-w- c:\windows\system32\mciavi32.dll
2011-03-17 03:02 . 2009-12-28 12:28 91136 ----a-w- c:\windows\system32\avifil32.dll
2011-03-17 03:02 . 2009-12-28 12:28 65024 ----a-w- c:\windows\system32\avicap32.dll
2011-03-17 02:11 . 2009-09-10 15:21 1418752 ----a-w- c:\program files\Windows Media Player\setup_wm.exe
2011-03-17 02:11 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
2011-03-17 02:11 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2011-03-17 02:11 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\msdxm.ocx
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-20 15:10 . 2011-03-20 15:10 5120 ----a-w- c:\windows\system32\drivers\pt-PT\tpm.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 5632 ----a-w- c:\windows\system32\drivers\pt-PT\kbdclass.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 3072 ----a-w- c:\windows\system32\drivers\pt-PT\kbdhid.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 12288 ----a-w- c:\windows\system32\drivers\pt-PT\i8042prt.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 7680 ----a-w- c:\windows\system32\drivers\pt-PT\luafv.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 5120 ----a-w- c:\windows\system32\drivers\pt-PT\e100b325.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 21504 ----a-w- c:\windows\system32\drivers\pt-PT\e1e6032.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 21504 ----a-w- c:\windows\system32\drivers\pt-PT\viac7.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 21504 ----a-w- c:\windows\system32\drivers\pt-PT\processr.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 21504 ----a-w- c:\windows\system32\drivers\pt-PT\crusoe.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 21504 ----a-w- c:\windows\system32\drivers\pt-PT\amdk8.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 21504 ----a-w- c:\windows\system32\drivers\pt-PT\intelppm.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 21504 ----a-w- c:\windows\system32\drivers\pt-PT\amdk7.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 10240 ----a-w- c:\windows\system32\drivers\pt-PT\battc.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 18432 ----a-w- c:\windows\system32\drivers\pt-PT\E1G60I32.sys.mui
2011-03-20 15:10 . 2011-03-20 15:10 5632 ----a-w- c:\windows\system32\drivers\pt-PT\b57nd60x.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 3072 ----a-w- c:\windows\system32\drivers\pt-PT\wdf01000.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 9728 ----a-w- c:\windows\system32\drivers\pt-PT\pci.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 4608 ----a-w- c:\windows\system32\drivers\pt-PT\isapnp.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 3584 ----a-w- c:\windows\system32\drivers\pt-PT\mssmbios.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 3072 ----a-w- c:\windows\system32\drivers\pt-PT\NV_AGP.SYS.mui
2011-03-20 15:09 . 2011-03-20 15:09 27648 ----a-w- c:\windows\system32\drivers\pt-PT\mpio.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 3072 ----a-w- c:\windows\system32\drivers\pt-PT\VIAAGP.SYS.mui
2011-03-20 15:09 . 2011-03-20 15:09 3072 ----a-w- c:\windows\system32\drivers\pt-PT\ULIAGPKX.SYS.mui
2011-03-20 15:09 . 2011-03-20 15:09 3072 ----a-w- c:\windows\system32\drivers\pt-PT\SISAGP.SYS.mui
2011-03-20 15:09 . 2011-03-20 15:09 3072 ----a-w- c:\windows\system32\drivers\pt-PT\AMDAGP.SYS.mui
2011-03-20 15:09 . 2011-03-20 15:09 3072 ----a-w- c:\windows\system32\drivers\pt-PT\AGP440.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 40960 ----a-w- c:\windows\system32\drivers\pt-PT\http.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 10752 ----a-w- c:\windows\system32\drivers\pt-PT\acpi.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 36864 ----a-w- c:\windows\system32\drivers\pt-PT\volsnap.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 6144 ----a-w- c:\windows\system32\drivers\pt-PT\sermouse.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 5632 ----a-w- c:\windows\system32\drivers\pt-PT\mouclass.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 3584 ----a-w- c:\windows\system32\drivers\pt-PT\mouhid.sys.mui
2011-03-20 15:09 . 2011-03-20 15:09 14848 ----a-w- c:\windows\system32\drivers\pt-PT\fvevol.sys.mui
2011-03-20 15:07 . 2011-03-20 15:07 3072 ----a-w- c:\windows\system32\drivers\pt-PT\qwavedrv.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 3584 ----a-w- c:\windows\system32\drivers\pt-PT\serscan.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 4608 ----a-w- c:\windows\system32\drivers\pt-PT\modem.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 4096 ----a-w- c:\windows\system32\drivers\pt-PT\ipnat.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 9728 ----a-w- c:\windows\system32\drivers\pt-PT\afd.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 7680 ----a-w- c:\windows\system32\drivers\pt-PT\bthport.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 6656 ----a-w- c:\windows\system32\drivers\pt-PT\yk60x86.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 3584 ----a-w- c:\windows\system32\drivers\pt-PT\hidbth.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 11264 ----a-w- c:\windows\system32\drivers\pt-PT\ltmdmnt.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 3072 ----a-w- c:\windows\system32\drivers\pt-PT\srv.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 3584 ----a-w- c:\windows\system32\drivers\pt-PT\ati2mpad.sys.mui
2011-03-20 15:06 . 2011-03-20 15:06 77824 ----a-w- c:\windows\system32\drivers\pt-PT\ntfs.sys.mui
2011-03-20 15:05 . 2011-03-20 15:05 4608 ----a-w- c:\windows\system32\drivers\pt-PT\ntrigdigi.sys.mui
2011-03-20 15:05 . 2011-03-20 15:05 6656 ----a-w- c:\windows\system32\drivers\UMDF\pt-PT\WpdMtpDr.dll.mui
2011-03-20 15:05 . 2011-03-20 15:05 3584 ----a-w- c:\windows\system32\drivers\pt-PT\parvdm.sys.mui
2011-03-20 15:05 . 2011-03-20 15:05 4608 ----a-w- c:\windows\system32\drivers\pt-PT\parport.sys.mui
2011-03-20 15:05 . 2011-03-20 15:05 11776 ----a-w- c:\windows\system32\drivers\pt-PT\serial.sys.mui
2011-03-20 15:05 . 2011-03-20 15:05 3584 ----a-w- c:\windows\system32\drivers\pt-PT\RNDISMP.sys.mui
2011-03-20 15:05 . 2011-03-20 15:05 12288 ----a-w- c:\windows\system32\drivers\pt-PT\ohci1394.sys.mui
2011-03-20 15:05 . 2011-03-20 15:05 3072 ----a-w- c:\windows\system32\drivers\pt-PT\UAGP35.SYS.mui
2011-03-20 15:05 . 2011-03-20 15:05 3072 ----a-w- c:\windows\system32\drivers\pt-PT\GAGP30KX.SYS.mui
2011-03-20 15:05 . 2011-03-20 15:05 4096 ----a-w- c:\windows\system32\drivers\pt-PT\dxgkrnl.sys.mui
2011-03-20 15:05 . 2011-03-20 15:05 3584 ----a-w- c:\windows\system32\drivers\pt-PT\umbus.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 3584 ----a-w- c:\windows\system32\drivers\pt-PT\Dot4usb.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 2560 ----a-w- c:\windows\system32\drivers\pt-PT\BRPARWDM.SYS.mui
2011-03-20 15:04 . 2011-03-20 15:04 2560 ----a-w- c:\windows\system32\drivers\pt-PT\amdide.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 5632 ----a-w- c:\windows\system32\drivers\pt-PT\fltmgr.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 5632 ----a-w- c:\windows\system32\drivers\pt-PT\bcm4sbxp.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 5120 ----a-w- c:\windows\system32\drivers\pt-PT\bthpan.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 3584 ----a-w- c:\windows\system32\drivers\pt-PT\atikmdag.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 3584 ----a-w- c:\windows\system32\drivers\pt-PT\scsiport.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 5120 ----a-w- c:\windows\system32\drivers\pt-PT\nv4_mini.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 3584 ----a-w- c:\windows\system32\drivers\pt-PT\ati2mtag.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 4608 ----a-w- c:\windows\system32\drivers\pt-PT\wacompen.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 4608 ----a-w- c:\windows\system32\drivers\pt-PT\pscr.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 4096 ----a-w- c:\windows\system32\drivers\pt-PT\SCR111.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 4096 ----a-w- c:\windows\system32\drivers\pt-PT\scmstcs.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 4096 ----a-w- c:\windows\system32\drivers\pt-PT\grserial.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 3584 ----a-w- c:\windows\system32\drivers\pt-PT\stcusb.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 3584 ----a-w- c:\windows\system32\drivers\pt-PT\gpr400.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 3584 ----a-w- c:\windows\system32\drivers\pt-PT\cxbp0wdm.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 3584 ----a-w- c:\windows\system32\drivers\pt-PT\cmbp0wdm.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 3584 ----a-w- c:\windows\system32\drivers\pt-PT\rndismpx.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 3072 ----a-w- c:\windows\system32\drivers\pt-PT\pnpmem.sys.mui
2011-03-20 15:04 . 2011-03-20 15:04 2560 ----a-w- c:\windows\system32\drivers\pt-PT\wd.sys.mui
2011-03-20 15:03 . 2011-03-20 15:03 6656 ----a-w- c:\windows\system32\drivers\pt-PT\IPMIDrv.sys.mui
2011-03-20 15:03 . 2011-03-20 15:03 4608 ----a-w- c:\windows\system32\drivers\pt-PT\pcmcia.sys.mui
2011-03-20 15:03 . 2011-03-20 15:03 3584 ----a-w- c:\windows\system32\drivers\pt-PT\pacer.sys.mui
2011-03-20 15:03 . 2011-03-20 15:03 4608 ----a-w- c:\windows\system32\drivers\pt-PT\msdsm.sys.mui
2011-03-20 15:03 . 2011-03-20 15:03 11264 ----a-w- c:\windows\system32\drivers\pt-PT\BrSerId.sys.mui
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-14 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-14 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-14 150552]
.
c:\users\Joao\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
2008-04-11 17:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
2008-08-28 10:50 30720 ----a-w- c:\windows\System32\soundschemes2.exe
.
.
------- Scan Suplementar -------
.
FF - ProfilePath - c:\users\Joao\AppData\Roaming\Mozilla\Firefox\Profiles\el0zyx9t.default\
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-21 19:30
Windows 6.0.6001 Service Pack 1 NTFS
.
Procurando processos ocultos ...
.
Procurando entradas auto inicializáveis ocultas ...
.
Procurando ficheiros/arquivos ocultos ...
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
------------------------ Outros Processos em Execução ------------------------
.
c:\windows\system32\WLANExt.exe
c:\windows\system32\conime.exe
c:\windows\system32\igfxsrvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Tempo para conclusão: 2011-03-21 19:36:18 - Máquina reiniciou
ComboFix-quarantined-files.txt 2011-03-21 19:36
ComboFix2.txt 2011-03-21 11:42
.
Pré-execução: 49.113.538.560 bytes free
Pós execução: 48.882.683.904 bytes free
.
- - End Of File - - 5768FE3CBD9014D2E5EABDF70F468D03

**Blade81** · 2011-03-21, 21:06

Hi again,

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location.
Please post contents of that file + fresh dds.txt in your next reply.

Are the symptoms still present?

**pedrodsky1** · 2011-03-22, 00:11

the symptons are still present.
mbam log:
´Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6121

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19019

21-03-2011 22:30:59
mbam-log-2011-03-21 (22-30-59).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 268172
Time elapsed: 2 hour(s), 14 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

dds log

DDS (Ver_09-06-26.01) - NTFSx86
Run by Joao at 23:05:41,59 on 21-03-2011
Internet Explorer: 8.0.6001.19019
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.351.1033.18.1014.245 [GMT 0:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Users\Joao\Downloads\dds.scr

============== Pseudo HJT Report ===============

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\joao\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: igfxcui - igfxdev.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\joao\appdata\roaming\mozilla\firefox\profiles\el0zyx9t.default\
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.il", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgba3a4f16a", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgba3a4fra", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--wgbl6a", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", "-1");
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); // now unused
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.delay", 50);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 27216]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2011-03-21 20:13 <DIR> --d----- c:\users\joao\appdata\roaming\Malwarebytes
2011-03-21 20:12 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-21 20:12 <DIR> --d----- c:\programdata\Malwarebytes
2011-03-21 20:12 <DIR> --d----- c:\progra~2\Malwarebytes
2011-03-21 20:12 20,952 a------- c:\windows\system32\drivers\mbam.sys
2011-03-21 20:12 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2011-03-21 19:59 <DIR> --d----- c:\windows\system32\drivers\AVG
2011-03-21 19:57 <DIR> --d----- c:\program files\AVG
2011-03-21 19:47 222,080 -------- c:\windows\system32\MpSigStub.exe
2011-03-21 19:28 <DIR> --d----- C:\$RECYCLE.BIN
2011-03-20 15:29 233,888 a------- c:\windows\system32\DreamScene.dll
2011-03-20 15:28 3,851,784 a------- c:\windows\system32\D3DX9_39.dll
2011-03-20 15:27 <DIR> --d----- c:\program files\BitLocker
2011-03-20 15:25 711 a------- c:\windows\system32\CPSOKBTasks.xml
2011-03-20 15:25 1,171,848 a------- c:\windows\system32\SecureKeyBackupCPL.dll
2011-03-20 15:24 675,152 a------- c:\windows\system32\gpprefcl.dll
2011-03-20 15:19 332,682 a------- c:\windows\system32\prfi0816.dat
2011-03-20 15:19 654,866 a------- c:\windows\system32\prfh0816.dat
2011-03-20 15:19 129,702 a------- c:\windows\system32\prfc0816.dat
2011-03-20 15:19 39,514 a------- c:\windows\system32\prfd0816.dat
2011-03-20 15:17 <DIR> --d----- c:\windows\pt-PT
2011-03-20 15:17 <DIR> --d----- c:\windows\system32\drivers\pt-PT
2011-03-20 15:17 <DIR> --d----- c:\windows\system32\0816
2011-03-20 15:17 <DIR> --d----- c:\windows\system32\wbem\pt-PT
2011-03-20 15:17 <DIR> --d----- c:\windows\system32\pt
2011-03-19 14:01 303,616 a------- c:\windows\system32\drivers\srv.sys
2011-03-19 14:01 125,952 a------- c:\windows\system32\srvsvc.dll
2011-03-19 14:01 101,888 a------- c:\windows\system32\drivers\srvnet.sys
2011-03-19 14:01 145,408 a------- c:\windows\system32\drivers\srv2.sys
2011-03-19 14:01 17,920 a------- c:\windows\system32\netevent.dll
2011-03-19 14:01 420,352 a------- c:\windows\system32\vbscript.dll
2011-03-19 14:01 378,368 a------- c:\windows\system32\winhttp.dll
2011-03-19 14:00 738,816 a------- c:\windows\system32\inetcomm.dll
2011-03-19 13:36 295,264 a------- c:\windows\system32\PresentationHost.exe
2011-03-19 13:36 99,176 a------- c:\windows\system32\PresentationHostProxy.dll
2011-03-19 13:36 1,130,824 a------- c:\windows\system32\dfshim.dll
2011-03-19 13:36 297,808 a------- c:\windows\system32\mscoree.dll
2011-03-19 13:36 49,472 a------- c:\windows\system32\netfxperf.dll
2011-03-19 13:33 <DIR> --d----- c:\program files\Trend Micro
2011-03-17 08:43 <DIR> --d----- c:\windows\Panther
2011-03-17 08:43 8,192 a--s-r-- C:\BOOTSECT.BAK
2011-03-17 08:43 333,203 a--shr-- C:\bootmgr
2011-03-17 08:43 <DIR> --d----- C:\Boot
2011-03-17 08:19 80,896 a------- c:\windows\system32\MSNP.ax
2011-03-17 08:19 293,376 a------- c:\windows\system32\psisdecd.dll
2011-03-17 08:19 217,088 a------- c:\windows\system32\psisrndr.ax
2011-03-17 07:37 <DIR> --d----- c:\users\joao\appdata\roaming\AVG10
2011-03-17 04:40 293,376 a------- c:\windows\system32\browserchoice.exe
2011-03-17 04:05 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2011-03-17 04:05 97,800 a------- c:\windows\system32\infocardapi.dll
2011-03-17 04:05 622,080 a------- c:\windows\system32\icardagt.exe
2011-03-17 04:05 37,384 a------- c:\windows\system32\infocardcpl.cpl
2011-03-17 04:05 11,264 a------- c:\windows\system32\icardres.dll
2011-03-17 04:05 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2011-03-17 03:53 158,720 a------- c:\windows\system32\mscorier.dll
2011-03-17 03:53 83,968 a------- c:\windows\system32\mscories.dll
2011-03-17 03:47 24,064 a------- c:\windows\system32\nshhttp.dll
2011-03-17 03:47 411,136 a------- c:\windows\system32\drivers\http.sys
2011-03-17 03:47 31,232 a------- c:\windows\system32\httpapi.dll
2011-03-17 03:46 231,936 a------- c:\windows\system32\msshsq.dll
2011-03-17 03:42 2,048 a------- c:\windows\system32\winrsmgr.dll
2011-03-17 03:37 409,600 a------- c:\windows\system32\odbc32.dll
2011-03-17 03:37 2,927,104 a------- c:\windows\explorer.exe
2011-03-17 03:37 213,504 a------- c:\windows\system32\msv1_0.dll
2011-03-17 03:37 1,399,296 a------- c:\windows\system32\msxml6.dll
2011-03-17 03:36 104,960 a------- c:\windows\system32\netiohlp.dll
2011-03-17 03:36 27,136 a------- c:\windows\system32\NETSTAT.EXE
2011-03-17 03:36 19,968 a------- c:\windows\system32\ARP.EXE
2011-03-17 03:36 17,920 a------- c:\windows\system32\ROUTE.EXE
2011-03-17 03:36 11,264 a------- c:\windows\system32\MRINFO.EXE
2011-03-17 03:36 10,240 a------- c:\windows\system32\finger.exe
2011-03-17 03:36 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2011-03-17 03:36 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2011-03-17 03:36 2,868,224 a------- c:\windows\system32\mf.dll
2011-03-17 03:34 2,038,784 a------- c:\windows\system32\win32k.sys
2011-03-17 03:34 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2011-03-17 03:34 81,920 a------- c:\windows\system32\iccvid.dll
2011-03-17 03:34 274,432 a------- c:\windows\system32\schannel.dll
2011-03-17 03:34 126,464 a------- c:\windows\system32\spoolsv.exe
2011-03-17 03:34 296,960 a------- c:\windows\system32\gdi32.dll
2011-03-17 03:34 67,072 a------- c:\windows\system32\asycfilt.dll
2011-03-17 03:34 562,176 a------- c:\windows\system32\msdtcprx.dll
2011-03-17 03:34 38,912 a------- c:\windows\system32\xolehlp.dll
2011-03-17 03:33 71,680 a------- c:\windows\system32\atl.dll
2011-03-17 03:33 160,256 a------- c:\windows\system32\wkssvc.dll
2011-03-17 03:32 28,672 a------- c:\windows\system32\Apphlpdm.dll
2011-03-17 03:32 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2011-03-17 03:32 499,712 a------- c:\windows\system32\kerberos.dll
2011-03-17 03:32 175,104 a------- c:\windows\system32\wdigest.dll
2011-03-17 03:32 1,256,448 a------- c:\windows\system32\lsasrv.dll
2011-03-17 03:32 439,896 a------- c:\windows\system32\drivers\ksecdd.sys
2011-03-17 03:32 72,704 a------- c:\windows\system32\secur32.dll
2011-03-17 03:32 9,728 a------- c:\windows\system32\lsass.exe
2011-03-17 03:31 636,928 a------- c:\windows\system32\localspl.dll
2011-03-17 03:31 2,048 a------- c:\windows\system32\tzres.dll
2011-03-17 03:31 36,352 a------- c:\windows\system32\rtutils.dll
2011-03-17 03:29 329,216 a------- c:\windows\system32\msdrm.dll
2011-03-17 03:29 151,040 a------- c:\windows\system32\secproc_ssp_isv.dll
2011-03-17 03:29 151,040 a------- c:\windows\system32\secproc_ssp.dll
2011-03-17 03:21 898,952 a------- c:\windows\system32\drivers\tcpip.sys
2011-03-17 03:18 996,352 a------- c:\windows\system32\WMNetMgr.dll
2011-03-17 03:18 94,720 a------- c:\windows\system32\logagent.exe
2011-03-17 03:18 313,344 a------- c:\windows\system32\wmpdxm.dll
2011-03-17 03:18 43,520 a------- c:\windows\system32\msdxm.tlb
2011-03-17 03:18 18,432 a------- c:\windows\system32\amcompat.tlb
2011-03-17 03:18 13,824 a------- c:\windows\system32\apilogen.dll
2011-03-17 03:16 351,232 a------- c:\windows\system32\WSDApi.dll
2011-03-17 03:09 <DIR> --d-h--- c:\programdata\Common Files
2011-03-17 03:09 <DIR> --d-h--- c:\progra~2\Common Files
2011-03-17 03:05 <DIR> --d----- c:\programdata\AVG10
2011-03-17 03:05 <DIR> --d----- c:\progra~2\AVG10
2011-03-17 03:02 31,744 a------- c:\windows\system32\msvidc32.dll
2011-03-17 03:02 50,176 a------- c:\windows\system32\iyuv_32.dll
2011-03-17 03:02 22,528 a------- c:\windows\system32\msyuv.dll
2011-03-17 03:02 13,312 a------- c:\windows\system32\msrle32.dll
2011-03-17 03:02 11,776 a------- c:\windows\system32\tsbyuv.dll
2011-03-17 03:02 123,904 a------- c:\windows\system32\msvfw32.dll
2011-03-17 03:02 91,136 a------- c:\windows\system32\avifil32.dll
2011-03-17 03:02 82,944 a------- c:\windows\system32\mciavi32.dll
2011-03-17 03:02 65,024 a------- c:\windows\system32\avicap32.dll
2011-03-17 02:11 310,784 a------- c:\windows\system32\unregmp2.exe
2011-03-17 02:11 7,680 a------- c:\windows\system32\spwmp.dll
2011-03-17 02:11 4,096 a------- c:\windows\system32\msdxm.ocx
2011-03-17 02:11 4,096 a------- c:\windows\system32\dxmasf.dll
2011-03-17 02:09 604,672 a------- c:\windows\system32\WMSPDMOD.DLL
2011-03-17 02:06 <DIR> --d----- c:\programdata\MFAData
2011-03-17 02:06 <DIR> --d----- c:\progra~2\MFAData
2011-03-17 01:39 256,512 a------- c:\windows\PEV.exe
2011-03-17 01:39 161,792 a------- c:\windows\SWREG.exe
2011-03-17 01:39 98,816 a------- c:\windows\sed.exe
2011-03-17 01:39 89,088 a------- c:\windows\MBR.exe
2011-03-17 01:33 171,520 a------- c:\windows\system32\wintrust.dll
2011-03-17 01:33 98,304 a------- c:\windows\system32\cabview.dll
2011-03-17 01:17 2,421,760 a------- c:\windows\system32\wucltux.dll
2011-03-17 01:16 87,552 a------- c:\windows\system32\wudriver.dll
2011-03-17 01:16 171,608 a------- c:\windows\system32\wuwebv.dll
2011-03-17 01:16 33,792 a------- c:\windows\system32\wuapp.exe
2011-03-17 01:07 156,771 a------- c:\windows\system32\netathr.inf
2011-03-17 01:07 49,217 a------- c:\windows\system32\athrext.cat
2011-03-17 01:07 1,183,744 a------- c:\windows\system32\drivers\athr.sys
2011-03-17 01:07 1,183,744 a------- c:\windows\system32\athr.sys
2011-03-17 01:07 397,312 a------- c:\windows\system32\athihvs.dll
2011-03-17 01:07 61,440 a------- c:\windows\system32\athihvui.dll
2011-03-17 01:07 <DIR> --d----- c:\windows\system32\nn-NO
2011-03-17 01:07 <DIR> --d----- c:\program files\Atheros
2011-03-17 01:07 <DIR> --d----- c:\program files\Cisco
2011-03-17 01:06 <DIR> --dsh--- c:\windows\Installer
2011-03-17 01:06 <DIR> --d----- c:\programdata\Atheros
2011-03-17 01:06 <DIR> --d----- c:\progra~2\Atheros
2011-03-17 01:05 14,592 a------- c:\windows\system32\results.xml
2011-03-17 01:02 1,002,008 a------- c:\windows\system32\igxpun.exe
2011-03-17 01:02 319,456 a------- c:\windows\system32\difxapi.dll
2011-03-17 01:02 <DIR> --d----- c:\windows\system32\Lang
2011-03-17 01:02 <DIR> --d----- C:\Intel
2011-03-17 00:56 <DIR> --d----- c:\users\Joao
2011-03-17 00:50 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf

==================== Find3M ====================

2011-03-20 15:16 332,682 a------- c:\windows\inf\perflib\0816\perfi.dat
2011-03-20 15:16 332,682 a------- c:\windows\inf\perflib\0816\perfh.dat
2011-03-20 15:16 39,514 a------- c:\windows\inf\perflib\0816\perfd.dat
2011-03-20 15:16 39,514 a------- c:\windows\inf\perflib\0816\perfc.dat
2011-03-17 01:08 51,200 a------- c:\windows\inf\infpub.dat
2011-03-17 01:08 86,016 a------- c:\windows\inf\infstrng.dat
2011-03-17 01:08 86,016 a------- c:\windows\inf\infstor.dat
2011-01-08 07:50 34,304 a------- c:\windows\system32\atmlib.dll
2011-01-08 05:57 292,352 a------- c:\windows\system32\atmfd.dll
2010-12-29 17:41 323,072 a------- c:\windows\system32\sbe.dll
2010-12-29 17:41 153,088 a------- c:\windows\system32\sbeio.dll
2010-12-29 17:41 429,056 a------- c:\windows\system32\EncDec.dll
2008-06-12 00:03 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-21 02:41 174 a--sh--- c:\program files\desktop.ini
2006-11-02 12:40 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:40 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 12:40 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:40 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 09:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-04-09 23:35 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 23:07:21,93 ===============

**Blade81** · 2011-03-22, 06:24

Hi,

1. Download TDSSKiller and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
2. Execute the file TDSSKiller.exe.
3. Click Start Scan. If threats are found, select cure and click Continue (tool may prompt for a reboot).
4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)

Thread: Help with Malware Removal

Thread Tools

Display

Help with Malware Removal

Help with Malware Removal

Help with Malware Remover

Posting Permissions