webdesigner
2011-04-16, 02:13
Dear moderators:
Now I have Windows XP Professional and I also have the following softwares intalled in my pc (a Compaq Preasrio 5000): Internet Explorer 8.0, MS Office Pofessional 2003 Real Player SP, SpyBot Search & Destroy (latest version), HijckThis (latest version), PcTools Antivirus (latest version) and broadband internet connection. But it was not always like this. I had original Windows XP Home Editon and MS Office XP, Internet Explorer 6, Norton Antivirus (which version I can't recall in this moment), and dial-up internet connection when I started noticing the symptoms of infection I will list later in this post. if I asked for help in another forum at that time? Yes, I did. Nothing solved the problem. The last advice was to reformat the system; although I said that my pc was bought with windows previously installed and I had no installation cd. The guy from the local service installed the new version I have now; but I thought it was a copy of his pc's operating system. The reason? becasue there were folders with his name in it and the version is for notebook. But old problems persisted. So I returned to the "Spyware Warriors" site, where I asked help before. The moderator aked me to download and run MGADiag, and then post. I did and, for my surprise, the program stated that it is genuine. I confess that I do not trust MGADiag... Anyway, let me tell you about the symptoms I mentioned beforehand.
I have been dealing with the following symptoms of infection by browser hijacker: slow internet connection, and, sites I accessed before, I cannot access anymore. I have also dealed with the following symptoms of infection by virus: corrupted files(my pendrives were infected so as my protable HD) and contents added to files (in html files that I created and which size is small).
And the most important: I know there is some kind of ghost software in my pc. The symptoms? Simple. First: my printer is crazy (it prints only the first and the last pages (slowly), or it doesn't print anything but looks like something is beeing printed (and it's fast in this case)), or it starts printing and stops in the middle of the paper (when only one page is being printed), or it starts printing and stops in the middle of the printing (when more than one page was supposed to be printed). Second, slow inicialization. Third: while browsing the internet, sometimes the pc freezes, depending on the site I access. Forth: my account was corrupted and disappeared according to Spybot. I had just installed Real Player SP when Spybot detected a process belonging to "Coulomb Ltd." and finalized it. No, I din't take not of the name of the process (I didn't have the idea of doing it... how little fool I was) but I checked the guide for manual removal of this virtual rubbish even then. I can affirm that the name is not in it; but I'm not really sure of it.
If I installed and uninstalled a series of security tools trying to get rid of the pelagues? The answer is yes. If I reached the point of turning system restore off? Yes, I did. That's why I had to take the pc to a local service to be reformatted. All this happened before Windows XP Professional's installation. But after that, I unistalled some software that came with it (all trial versions) and then, installed Flash Player 10 and Acrobat Reader 9 (that came with free scan by MCAffee AntiVirus (that Iuninstalled (after running, of course) because my pc was slower).
I ran SpyBot but, at that time I did not know about the problem with TeaTimer; so it didn't detect anything. However, when I disabled TeaTimer for a while, I sudenly got a message saying that my account (that was an admnistrator's one before the system's reformatting, and is a common one now) was corrupted and is missing, and advising me to talk to the system's administator. This is the reason I decided to ask for help here. I don't want to do any fix before being advised; I do not want to make the same mistake again.
DDS ran and I saw the two files (I ran it in the system manager's account, as I do with all security tools). Then, I copied the fiels to my account. I was going to attach it but when I opened it to copy, it was shown empty. Anyway, the "Attach" file was ok; so it could be attached to the post.
The only problem is that, at that time, I tried to post for at least four times, but I wasn't successful. This is what took place: I logged in and got the messages "Wellcome, webdesigner", and "One user browsing the site"; I entered the "Malware Removal Forum", wrote the message, attached the requested file, and pressed the "post" button, but I received the "No users browsing the site" and my message wasn't posted.
And before I forget, there's something strange with PCTools Antivirus: I discovered that I have two versions of it in my pc (the brazilian portuguese version and the english one). The former is installed in the Windows account, but the ladder one is in the mine one, as well as in my mother's, father's and sister's accounts. I know you're going to say that it's wierd...I agree. I would risk saying that I installed it twice without noticing...
By the way, As I should report about the existence of other computers in my house, so I do it now. I also have three other computers of the same brand of the one with which I'm asking for help (Compaq). Two of them are of an older model: Presario 3000 (one has Windows 95 and MS Office, MS Works and Borland Delphi 5.0; the other has Windows 98 with MS Office and MS Works(the HD was exchanged for a new one), both slow). The third one is also a Presario 5000 (with Windows XP and office XP, but also with Kazaa and aal of its rubbish), and is so slow that, if I want to use it at 8:00pm, I have to initialize it at 10:00am; adn I get a message sayint that the HD is about to fail.
I backed up the system again, and run DDS. It ran and I got the files. here is the DDS log:
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Windows at 20:49:42,68 on sex 15/04/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.255.42 [GMT -3:00]
.
AV: PC Tools AntiVirus 6.1.0.25 *Enabled/Updated* {832E7172-E406-4bb2-8B19-6D29F2C93A98}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\PC Tools AntiVirus\PCTAVSvc.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\PC Tools AntiVirus\PCTAV.exe
C:\WINDOWS\WinLogT.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Windows\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.br/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\dados de aplicativos\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\arquivos de programas\arquivos comuns\ahead\lib\NMBgMonitor.exe"
uRun: [K-Lite Nitro BETA] c:\arquivos de programas\k-litenitro\K-LiteNitro.exe /hide
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\arquivos de programas\spybot - search & destroy\TeaTimer.exe
mRun: [WinLogT] c:\windows\WinLogT.exe
mRun: [PCTAVApp] "c:\arquivos de programas\pc tools antivirus\PCTAV.exe" /MONITORSCAN
mRun: [TkBellExe] "c:\arquivos de programas\arquivos comuns\real\update_ob\realsched.exe" -osboot
mRun: [zzzHPSETUP] F:\Setup.exe
mRun: [Adobe Reader Speed Launcher] "c:\arquivos de programas\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\arquivos de programas\arquivos comuns\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\windows\menuin~1\progra~1\inicia~1\erunta~1.lnk - c:\arquivos de programas\erunt\AUTOBACK.EXE
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~3\office11\REFIEBAR.DLL
Trusted Zone: americanas.com\www
Trusted Zone: angeloni.com.br\www
Trusted Zone: aol.com\www
Trusted Zone: avg.com\www
Trusted Zone: beiramar.com\www
Trusted Zone: big.com.br\www
Trusted Zone: bol.com.br\www
Trusted Zone: buscape.com.br\www
Trusted Zone: cade.com.br\www
Trusted Zone: caixa.gov.br\www
Trusted Zone: casasbahia.com.br\www
Trusted Zone: colombo.com.br\www
Trusted Zone: dell.com\www
Trusted Zone: fazenda.gov.br\www.receita
Trusted Zone: fiat.com\www
Trusted Zone: garoto.com\www
Trusted Zone: globo.com\www
Trusted Zone: gm.com\www
Trusted Zone: google.com\www
Trusted Zone: google.com.br\www
Trusted Zone: havan.com.br\www
Trusted Zone: hp.com\www
Trusted Zone: ig.com.br\www
Trusted Zone: iguatemi.com.br\www
Trusted Zone: itaguacu.com.br\www
Trusted Zone: lacta.com\www
Trusted Zone: lavasoft.com\www
Trusted Zone: lenovo.com\www
Trusted Zone: machintosh.com\www
Trusted Zone: makro.com.br\www
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: microsoft.com\www
Trusted Zone: msn.com\www
Trusted Zone: msn.com.br\www
Trusted Zone: nestle.com\www
Trusted Zone: netscape.com\www
Trusted Zone: neugebauer.com\www
Trusted Zone: pandasoftware.com\www
Trusted Zone: pctools.com\www
Trusted Zone: philips.com\www
Trusted Zone: pontofrio.com.br\www
Trusted Zone: quaker.com\www
Trusted Zone: real.com\brazil
Trusted Zone: real.com\www
Trusted Zone: safernetworking.com\www
Trusted Zone: samsung.com\www
Trusted Zone: sony.com\www
Trusted Zone: spywarewarrior.com\www
Trusted Zone: symantec.com\www
Trusted Zone: sysinternals.com\www
Trusted Zone: terra.com.br\www
Trusted Zone: toshiba.com\www
Trusted Zone: trendmicro.com\www
Trusted Zone: twitter.com\www
Trusted Zone: uol.com\www
Trusted Zone: w3.org\www
Trusted Zone: w3schools.com\www
Trusted Zone: wdvl.com\www
Trusted Zone: windowsupdate.com
Trusted Zone: wolkswagen.com\www
Trusted Zone: yahoo.com\www
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {8F074FC7-2730-4446-9E10-8089CEE4685B} = 10.1.1.1,10.1.1.3
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-5-11 206256]
R2 AVFilter;AVFilter;c:\windows\system32\drivers\AVFilter.sys [2010-5-11 21904]
R3 AVHook;AVHook;c:\windows\system32\drivers\AVHook.sys [2010-5-11 28560]
S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\google\update\GoogleUpdate.exe [2010-8-15 136176]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-5-8 27064]
.
=============== Created Last 30 ================
.
2011-04-15 06:19:09 -------- d-----w- C:\fbb23bc91bbc636391ca6ddc
.
==================== Find3M ====================
.
2011-03-07 05:33:42 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:36:11 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:53:05 1858048 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:08:02 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:08:01 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:08:01 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:43:15 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 12:54:06 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53:27 270848 ------w- c:\windows\system32\sbe.dll
2011-02-09 13:53:27 186880 ------w- c:\windows\system32\encdec.dll
2011-02-08 13:33:34 978944 --sh--w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:34 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58:28 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:12 440832 ----a-w- c:\windows\system32\shimgvw.dll
2001-09-28 12:00:00 94832 --sh--w- c:\windows\twain.dll
2008-04-14 02:20:40 50688 --sh--w- c:\windows\twain_32.dll
2008-04-14 02:20:34 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 02:20:34 413696 --sha-w- c:\windows\system32\msvcp60.dll
2008-04-14 02:20:34 343040 --sha-w- c:\windows\system32\msvcrt.dll
2008-04-14 02:20:37 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 02:20:37 84992 --sh--w- c:\windows\system32\olepro32.dll
2008-04-14 02:21:16 11776 --sh--w- c:\windows\system32\regsvr32.exe
.
============= FINISH: 20:53:00,06 ===============
Now I have Windows XP Professional and I also have the following softwares intalled in my pc (a Compaq Preasrio 5000): Internet Explorer 8.0, MS Office Pofessional 2003 Real Player SP, SpyBot Search & Destroy (latest version), HijckThis (latest version), PcTools Antivirus (latest version) and broadband internet connection. But it was not always like this. I had original Windows XP Home Editon and MS Office XP, Internet Explorer 6, Norton Antivirus (which version I can't recall in this moment), and dial-up internet connection when I started noticing the symptoms of infection I will list later in this post. if I asked for help in another forum at that time? Yes, I did. Nothing solved the problem. The last advice was to reformat the system; although I said that my pc was bought with windows previously installed and I had no installation cd. The guy from the local service installed the new version I have now; but I thought it was a copy of his pc's operating system. The reason? becasue there were folders with his name in it and the version is for notebook. But old problems persisted. So I returned to the "Spyware Warriors" site, where I asked help before. The moderator aked me to download and run MGADiag, and then post. I did and, for my surprise, the program stated that it is genuine. I confess that I do not trust MGADiag... Anyway, let me tell you about the symptoms I mentioned beforehand.
I have been dealing with the following symptoms of infection by browser hijacker: slow internet connection, and, sites I accessed before, I cannot access anymore. I have also dealed with the following symptoms of infection by virus: corrupted files(my pendrives were infected so as my protable HD) and contents added to files (in html files that I created and which size is small).
And the most important: I know there is some kind of ghost software in my pc. The symptoms? Simple. First: my printer is crazy (it prints only the first and the last pages (slowly), or it doesn't print anything but looks like something is beeing printed (and it's fast in this case)), or it starts printing and stops in the middle of the paper (when only one page is being printed), or it starts printing and stops in the middle of the printing (when more than one page was supposed to be printed). Second, slow inicialization. Third: while browsing the internet, sometimes the pc freezes, depending on the site I access. Forth: my account was corrupted and disappeared according to Spybot. I had just installed Real Player SP when Spybot detected a process belonging to "Coulomb Ltd." and finalized it. No, I din't take not of the name of the process (I didn't have the idea of doing it... how little fool I was) but I checked the guide for manual removal of this virtual rubbish even then. I can affirm that the name is not in it; but I'm not really sure of it.
If I installed and uninstalled a series of security tools trying to get rid of the pelagues? The answer is yes. If I reached the point of turning system restore off? Yes, I did. That's why I had to take the pc to a local service to be reformatted. All this happened before Windows XP Professional's installation. But after that, I unistalled some software that came with it (all trial versions) and then, installed Flash Player 10 and Acrobat Reader 9 (that came with free scan by MCAffee AntiVirus (that Iuninstalled (after running, of course) because my pc was slower).
I ran SpyBot but, at that time I did not know about the problem with TeaTimer; so it didn't detect anything. However, when I disabled TeaTimer for a while, I sudenly got a message saying that my account (that was an admnistrator's one before the system's reformatting, and is a common one now) was corrupted and is missing, and advising me to talk to the system's administator. This is the reason I decided to ask for help here. I don't want to do any fix before being advised; I do not want to make the same mistake again.
DDS ran and I saw the two files (I ran it in the system manager's account, as I do with all security tools). Then, I copied the fiels to my account. I was going to attach it but when I opened it to copy, it was shown empty. Anyway, the "Attach" file was ok; so it could be attached to the post.
The only problem is that, at that time, I tried to post for at least four times, but I wasn't successful. This is what took place: I logged in and got the messages "Wellcome, webdesigner", and "One user browsing the site"; I entered the "Malware Removal Forum", wrote the message, attached the requested file, and pressed the "post" button, but I received the "No users browsing the site" and my message wasn't posted.
And before I forget, there's something strange with PCTools Antivirus: I discovered that I have two versions of it in my pc (the brazilian portuguese version and the english one). The former is installed in the Windows account, but the ladder one is in the mine one, as well as in my mother's, father's and sister's accounts. I know you're going to say that it's wierd...I agree. I would risk saying that I installed it twice without noticing...
By the way, As I should report about the existence of other computers in my house, so I do it now. I also have three other computers of the same brand of the one with which I'm asking for help (Compaq). Two of them are of an older model: Presario 3000 (one has Windows 95 and MS Office, MS Works and Borland Delphi 5.0; the other has Windows 98 with MS Office and MS Works(the HD was exchanged for a new one), both slow). The third one is also a Presario 5000 (with Windows XP and office XP, but also with Kazaa and aal of its rubbish), and is so slow that, if I want to use it at 8:00pm, I have to initialize it at 10:00am; adn I get a message sayint that the HD is about to fail.
I backed up the system again, and run DDS. It ran and I got the files. here is the DDS log:
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Windows at 20:49:42,68 on sex 15/04/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.255.42 [GMT -3:00]
.
AV: PC Tools AntiVirus 6.1.0.25 *Enabled/Updated* {832E7172-E406-4bb2-8B19-6D29F2C93A98}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\PC Tools AntiVirus\PCTAVSvc.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\PC Tools AntiVirus\PCTAV.exe
C:\WINDOWS\WinLogT.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Windows\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.br/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\dados de aplicativos\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\arquivos de programas\arquivos comuns\ahead\lib\NMBgMonitor.exe"
uRun: [K-Lite Nitro BETA] c:\arquivos de programas\k-litenitro\K-LiteNitro.exe /hide
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\arquivos de programas\spybot - search & destroy\TeaTimer.exe
mRun: [WinLogT] c:\windows\WinLogT.exe
mRun: [PCTAVApp] "c:\arquivos de programas\pc tools antivirus\PCTAV.exe" /MONITORSCAN
mRun: [TkBellExe] "c:\arquivos de programas\arquivos comuns\real\update_ob\realsched.exe" -osboot
mRun: [zzzHPSETUP] F:\Setup.exe
mRun: [Adobe Reader Speed Launcher] "c:\arquivos de programas\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\arquivos de programas\arquivos comuns\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\windows\menuin~1\progra~1\inicia~1\erunta~1.lnk - c:\arquivos de programas\erunt\AUTOBACK.EXE
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~3\office11\REFIEBAR.DLL
Trusted Zone: americanas.com\www
Trusted Zone: angeloni.com.br\www
Trusted Zone: aol.com\www
Trusted Zone: avg.com\www
Trusted Zone: beiramar.com\www
Trusted Zone: big.com.br\www
Trusted Zone: bol.com.br\www
Trusted Zone: buscape.com.br\www
Trusted Zone: cade.com.br\www
Trusted Zone: caixa.gov.br\www
Trusted Zone: casasbahia.com.br\www
Trusted Zone: colombo.com.br\www
Trusted Zone: dell.com\www
Trusted Zone: fazenda.gov.br\www.receita
Trusted Zone: fiat.com\www
Trusted Zone: garoto.com\www
Trusted Zone: globo.com\www
Trusted Zone: gm.com\www
Trusted Zone: google.com\www
Trusted Zone: google.com.br\www
Trusted Zone: havan.com.br\www
Trusted Zone: hp.com\www
Trusted Zone: ig.com.br\www
Trusted Zone: iguatemi.com.br\www
Trusted Zone: itaguacu.com.br\www
Trusted Zone: lacta.com\www
Trusted Zone: lavasoft.com\www
Trusted Zone: lenovo.com\www
Trusted Zone: machintosh.com\www
Trusted Zone: makro.com.br\www
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: microsoft.com\www
Trusted Zone: msn.com\www
Trusted Zone: msn.com.br\www
Trusted Zone: nestle.com\www
Trusted Zone: netscape.com\www
Trusted Zone: neugebauer.com\www
Trusted Zone: pandasoftware.com\www
Trusted Zone: pctools.com\www
Trusted Zone: philips.com\www
Trusted Zone: pontofrio.com.br\www
Trusted Zone: quaker.com\www
Trusted Zone: real.com\brazil
Trusted Zone: real.com\www
Trusted Zone: safernetworking.com\www
Trusted Zone: samsung.com\www
Trusted Zone: sony.com\www
Trusted Zone: spywarewarrior.com\www
Trusted Zone: symantec.com\www
Trusted Zone: sysinternals.com\www
Trusted Zone: terra.com.br\www
Trusted Zone: toshiba.com\www
Trusted Zone: trendmicro.com\www
Trusted Zone: twitter.com\www
Trusted Zone: uol.com\www
Trusted Zone: w3.org\www
Trusted Zone: w3schools.com\www
Trusted Zone: wdvl.com\www
Trusted Zone: windowsupdate.com
Trusted Zone: wolkswagen.com\www
Trusted Zone: yahoo.com\www
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {8F074FC7-2730-4446-9E10-8089CEE4685B} = 10.1.1.1,10.1.1.3
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-5-11 206256]
R2 AVFilter;AVFilter;c:\windows\system32\drivers\AVFilter.sys [2010-5-11 21904]
R3 AVHook;AVHook;c:\windows\system32\drivers\AVHook.sys [2010-5-11 28560]
S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\google\update\GoogleUpdate.exe [2010-8-15 136176]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-5-8 27064]
.
=============== Created Last 30 ================
.
2011-04-15 06:19:09 -------- d-----w- C:\fbb23bc91bbc636391ca6ddc
.
==================== Find3M ====================
.
2011-03-07 05:33:42 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:36:11 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:53:05 1858048 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:08:02 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:08:01 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:08:01 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:43:15 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 12:54:06 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53:27 270848 ------w- c:\windows\system32\sbe.dll
2011-02-09 13:53:27 186880 ------w- c:\windows\system32\encdec.dll
2011-02-08 13:33:34 978944 --sh--w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:34 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58:28 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:12 440832 ----a-w- c:\windows\system32\shimgvw.dll
2001-09-28 12:00:00 94832 --sh--w- c:\windows\twain.dll
2008-04-14 02:20:40 50688 --sh--w- c:\windows\twain_32.dll
2008-04-14 02:20:34 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 02:20:34 413696 --sha-w- c:\windows\system32\msvcp60.dll
2008-04-14 02:20:34 343040 --sha-w- c:\windows\system32\msvcrt.dll
2008-04-14 02:20:37 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 02:20:37 84992 --sh--w- c:\windows\system32\olepro32.dll
2008-04-14 02:21:16 11776 --sh--w- c:\windows\system32\regsvr32.exe
.
============= FINISH: 20:53:00,06 ===============