Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Request: Analysis of Logs

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Request: Analysis of Logs

Unread postby x4ng3l » April 28th, 2009, 4:59 am

Request for Analysis of Logs

I've done all the procedures required in Topic Journal ...

======================================

1 - The Problem:
Whenever I open the folder: C: \ Documents and Settings \ x4NG3L.X4NG3L-DE17A6A0
Appears a message suspicion that I had never seen before in my life.
A Message pops up, the simple fact of opening the folder:
This is my folder of User.
Other folders in the system, eg
"All Users" or "Default User.WINDOWS" for example, nothing unusual happens.

Below a picture of the suspected message:

http://img403.imageshack.us/img403/6677/problema1j.jpg

======================================

2 - What has been done by me:

2.1 - Complete Virus Scan using AVG 8.0
2.2 - Full Scan for Malware, using SpyBot
2.3 - Full Scan for Malware, Using Malwarebytes Anti-Malware
2.4 - Cleaning and corraçao of record, using CCleaner
2.5 - Cleaning and correction the registry, using Marcos Velozo Reg Clean

All procedures above were carried out with software update.

======================================

Here my log for examination:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:30:39, on 28/4/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Microsoft IntelliType Pro\type32.exe
C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe
C:\ARQUIV~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe
C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\Sandboxie\SbieSvc.exe
C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\svchost.exe
C:\ARQUIV~1\AVG\AVG8\avgrsx.exe
C:\ARQUIV~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\MSN Messenger\usnsvc.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\CCleaner\CCleaner.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 200.179.72.132:80
R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehuni.dll
O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Arquivos de programas\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O3 - Toolbar: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - (no file)
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\ARQUIV~1\TEXTAL~1\TAForIE.dll
O4 - HKLM\..\Run: [type32] "C:\Arquivos de programas\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [MVFolder] C:\Arquivos de programas\Marcos Velasco Security\MV Folder Protector 3.04\MVFOLDER.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MVFolder] C:\Arquivos de programas\Marcos Velasco Security\MV Folder Protector 3.04\MVFOLDER.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Arquivos de programas\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/Gb ... ginUni.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0986A3E-533C-4DD3-8462-2A3CFBAB44DC}: NameServer = 200.165.132.147 200.149.55.140
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehuni.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Arquivos de programas\Sandboxie\SbieSvc.exe

--
End of file - 8044 bytes
x4ng3l
Active Member
 
Posts: 8
Joined: April 28th, 2009, 4:53 am
Advertisement
Register to Remove

Re: Request: Analysis of Logs

Unread postby MWR 3 day Mod » May 2nd, 2009, 6:29 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Request: Analysis of Logs

Unread postby peku006 » May 4th, 2009, 12:40 pm

Hi x4ng3l

It has come to my attention that you have posted for help with your computer at other forums.

http://www.geekstogo.com/forum/Request-Analysis-Logs-t237173.html

May I draw your attention to the Forum Guidelines on Multi-Posting
  • If you wish to continue here, please notify the other forums so they can close your threads.
  • If you wish to be helped elsewhere let me know so I can close your thread here.
If I do not hear back from you on this matter within 24 hours, this thread will be closed.
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Request: Analysis of Logs

Unread postby x4ng3l » May 5th, 2009, 12:34 am

I posted in another forum, because nobody answered me.
Sorry =/
x4ng3l
Active Member
 
Posts: 8
Joined: April 28th, 2009, 4:53 am

Re: Request: Analysis of Logs

Unread postby x4ng3l » May 5th, 2009, 12:35 am

But nobody helped me anywhere.
x4ng3l
Active Member
 
Posts: 8
Joined: April 28th, 2009, 4:53 am

Re: Request: Analysis of Logs

Unread postby peku006 » May 5th, 2009, 1:50 am

Hi x4ng3l

1 - download and run RSIT

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)

2 - Status Check
Please reply with

1.the logs from RSIT (log.txt ,info.txt)

description of any problems you are having with your PC

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Request: Analysis of Logs

Unread postby x4ng3l » May 5th, 2009, 1:14 pm

Logfile of random's system information tool 1.06 (written by random/random)
Run by x4NG3L at 2009-05-05 14:09:30
Microsoft Windows XP Professional Service Pack 3
System drive C: has 2 GB (2%) free of 92 GB
Total RAM: 1023 MB (24% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:09:51, on 5/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Microsoft IntelliType Pro\type32.exe
C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe
C:\ARQUIV~1\AVG\AVG8\avgrsx.exe
C:\ARQUIV~1\AVG\AVG8\avgtray.exe
C:\ARQUIV~1\AVG\AVG8\avgnsx.exe
C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\MSN Messenger\usnsvc.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\Arquivos de programas\Microsoft Visual Studio\VB98\vb6.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\system32\notepad.exe
C:\Arquivos de programas\Winamp\winamp.exe
C:\WINDOWS\system32\notepad.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\x4NG3L.X4NG3L-DE17A6A0\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Arquivos de programas\Trend Micro\HijackThis\x4NG3L.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 200.179.72.132:80
R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehuni.dll
O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Arquivos de programas\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O3 - Toolbar: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - (no file)
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\ARQUIV~1\TEXTAL~1\TAForIE.dll
O4 - HKLM\..\Run: [type32] "C:\Arquivos de programas\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [MVFolder] C:\Arquivos de programas\Marcos Velasco Security\MV Folder Protector 3.04\MVFOLDER.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MVFolder] C:\Arquivos de programas\Marcos Velasco Security\MV Folder Protector 3.04\MVFOLDER.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Arquivos de programas\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/Gb ... ginUni.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0986A3E-533C-4DD3-8462-2A3CFBAB44DC}: NameServer = 200.165.132.147 200.149.55.140
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehuni.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Arquivos de programas\Sandboxie\SbieSvc.exe

--
End of file - 9224 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Arquivos de programas\AVG\AVG8\avgssie.dll [2009-05-02 1107224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2008-08-21 94736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Auxiliar de Conexão do Windows Live - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540008}]
GbIehObj Class - C:\ARQUIV~1\GbPlugin\gbiehuni.dll [2009-03-25 414624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC7E636D-39AA-49b6-B511-65413DA137A1}]
IE Developer Toolbar BHO - C:\Arquivos de programas\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll [2007-03-01 623992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068}
{F053C368-5458-45B2-9B4D-D8914BDDDBFF} - TextAloud - C:\ARQUIV~1\TEXTAL~1\TAForIE.dll [2006-10-24 527360]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"type32"=C:\Arquivos de programas\Microsoft IntelliType Pro\type32.exe [2004-03-19 184320]
"UnlockerAssistant"=C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe [2008-05-02 15872]
"AVG8_TRAY"=C:\ARQUIV~1\AVG\AVG8\avgtray.exe [2009-05-02 1947928]
"StartCCC"=C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-02-25 61440]
"MVFolder"=C:\Arquivos de programas\Marcos Velasco Security\MV Folder Protector 3.04\MVFOLDER.EXE [2003-06-23 77824]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MsnMsgr"=C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe [2008-11-05 5674352]
"MVFolder"=C:\Arquivos de programas\Marcos Velasco Security\MV Folder Protector 3.04\MVFOLDER.EXE [2003-06-23 77824]
"MSMSGS"=C:\Arquivos de programas\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginUni]
C:\ARQUIV~1\GbPlugin\gbiehuni.dll [2009-03-25 414624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-02-25 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-05-02 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399008}"=C:\ARQUIV~1\GbPlugin\gbiehuni.dll [2009-03-25 414624]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=181

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Arquivos de programas\mIRC\mirc.exe"="C:\Arquivos de programas\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Arquivos de programas\Emule\emule.exe"="C:\Arquivos de programas\Emule\emule.exe:*:Enabled:eMule"
"C:\Arquivos de programas\HTTP-Tunnel\HTTP-TunnelClient.exe"="C:\Arquivos de programas\HTTP-Tunnel\HTTP-TunnelClient.exe:*:Enabled:HTTP-Tunnel Client"
"C:\Bifrost\bifrost1.2.1\bifrost121\Bifrost.exe"="C:\Bifrost\bifrost1.2.1\bifrost121\Bifrost.exe:*:Enabled:Bifrost 1.2.1"
"C:\Arquivos de programas\MessengerDiscovery\MessengerDiscovery Live.exe"="C:\Arquivos de programas\MessengerDiscovery\MessengerDiscovery Live.exe:*:Disabled:MessengerDiscovery Live the Windows Live Messenger addon"
"C:\Bifrost\Bifrost.exe"="C:\Bifrost\Bifrost.exe:*:Enabled:Bifrost 1.2.1"
"C:\Documents and Settings\x4NG3L.X4NG3L-DE17A6A0\Configurações locais\Temp\Rar$EX00.172\Charon.exe"="C:\Documents and Settings\x4NG3L.X4NG3L-DE17A6A0\Configurações locais\Temp\Rar$EX00.172\Charon.exe:*:Enabled:Charon - A proxy checking / scanning program."
"C:\Arquivos de programas\AVG\AVG8\avgupd.exe"="C:\Arquivos de programas\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Arquivos de programas\AVG\AVG8\avgnsx.exe"="C:\Arquivos de programas\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Arquivos de programas\CABALOnlineBR\launcher\update\ESTdnheadless.exe"="C:\Arquivos de programas\CABALOnlineBR\launcher\update\ESTdnheadless.exe:*:Enabled:EST! download engine"
"C:\Bifrost\bifrost1.2.1\bifrost1.2.1\bifrost121\Bifrost.exe"="C:\Bifrost\bifrost1.2.1\bifrost1.2.1\bifrost121\Bifrost.exe:*:Enabled:Bifrost 1.2.1"
"C:\Documents and Settings\x4NG3L.X4NG3L-DE17A6A0\Desktop\Halloween.2\Halloween.2\Halloween.2.exe"="C:\Documents and Settings\x4NG3L.X4NG3L-DE17A6A0\Desktop\Halloween.2\Halloween.2\Halloween.2.exe:*:Disabled:Halloween2 Slots"
"C:\Arquivos de programas\Valve\hl.exe"="C:\Arquivos de programas\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Arquivos de programas\MSN Messenger\msnmsgr.exe"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Arquivos de programas\MSN Messenger\livecall.exe"="C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Arquivos de programas\Microsoft Visual Studio\VB98\VB6.EXE"="C:\Arquivos de programas\Microsoft Visual Studio\VB98\VB6.EXE:*:Enabled:Visual Basic"
"C:\Documents and Settings\x4NG3L.X4NG3L-DE17A6A0\Desktop\A_Great_Wi2047322102007\Winsock Example Part 2 for PSC\server\Project1.exe"="C:\Documents and Settings\x4NG3L.X4NG3L-DE17A6A0\Desktop\A_Great_Wi2047322102007\Winsock Example Part 2 for PSC\server\Project1.exe:*:Enabled:Project1"
"C:\Documents and Settings\x4NG3L.X4NG3L-DE17A6A0\Desktop\RPGServer.exe"="C:\Documents and Settings\x4NG3L.X4NG3L-DE17A6A0\Desktop\RPGServer.exe:*:Enabled:RPGServer"
"C:\Documents and Settings\x4NG3L.X4NG3L-DE17A6A0\Desktop\RPG Server 04.exe"="C:\Documents and Settings\x4NG3L.X4NG3L-DE17A6A0\Desktop\RPG Server 04.exe:*:Enabled:RPG Server 04"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Arquivos de programas\MSN Messenger\msnmsgr.exe"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Arquivos de programas\MSN Messenger\livecall.exe"="C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4654576c-f7b1-11dd-92f3-0015f2918c37}]
shell\AutoRun\command - nideiect.com
shell\explore\command - nideiect.com
shell\open\command - nideiect.com


======File associations======

.js - open -
.txt - open -
.vbs - open - NOTEPAD.EXE %1

======List of files/folders created in the last 1 months======

2009-05-05 14:09:30 ----D---- C:\rsit
2009-05-02 02:32:27 ----D---- C:\Arquivos de programas\RPG Online
2009-04-30 20:37:58 ----D---- C:\WINDOWS\Prefetch
2009-04-30 20:32:58 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-04-30 20:32:34 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-04-30 20:31:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-30 20:28:21 ----N---- C:\WINDOWS\system32\smtpapi.dll
2009-04-30 20:28:21 ----N---- C:\WINDOWS\system32\rwnh.dll
2009-04-30 20:28:21 ----N---- C:\WINDOWS\system32\comsdupd.exe
2009-04-30 20:28:18 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-04-30 20:28:18 ----N---- C:\WINDOWS\system32\azroles.dll
2009-04-30 20:28:18 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2009-04-30 20:28:18 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2009-04-30 20:28:18 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-04-30 20:28:17 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-04-30 20:28:17 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-04-30 20:28:17 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-04-30 20:28:17 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-04-30 20:28:17 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-04-30 20:28:17 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-04-30 20:28:17 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-04-30 20:28:17 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-04-30 20:28:17 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-04-30 20:28:17 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-04-30 20:28:17 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-04-30 20:28:17 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-04-30 20:28:17 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-04-30 20:28:17 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-04-30 20:28:17 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-04-30 20:28:17 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-04-30 20:28:17 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-04-30 20:28:17 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-04-30 20:28:17 ----N---- C:\WINDOWS\system32\credssp.dll
2009-04-30 20:28:16 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-04-30 20:28:16 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-04-30 20:28:16 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-04-30 20:28:16 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-04-30 20:28:16 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2009-04-30 20:28:15 ----N---- C:\WINDOWS\system32\napmontr.dll
2009-04-30 20:28:15 ----N---- C:\WINDOWS\system32\napipsec.dll
2009-04-30 20:28:15 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2009-04-30 20:28:15 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-04-30 20:28:15 ----N---- C:\WINDOWS\system32\mssha.dll
2009-04-30 20:28:15 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-04-30 20:28:15 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-04-30 20:28:15 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-04-30 20:28:15 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-04-30 20:28:15 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2009-04-30 20:28:15 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-04-30 20:28:15 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-04-30 20:28:14 ----N---- C:\WINDOWS\system32\onex.dll
2009-04-30 20:28:14 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2009-04-30 20:28:14 ----N---- C:\WINDOWS\system32\napstat.exe
2009-04-30 20:28:13 ----N---- C:\WINDOWS\system32\slserv.exe
2009-04-30 20:28:13 ----N---- C:\WINDOWS\system32\slrundll.exe
2009-04-30 20:28:13 ----N---- C:\WINDOWS\system32\slgen.dll
2009-04-30 20:28:13 ----N---- C:\WINDOWS\system32\slextspk.dll
2009-04-30 20:28:13 ----N---- C:\WINDOWS\system32\slcoinst.dll
2009-04-30 20:28:13 ----N---- C:\WINDOWS\system32\setupn.exe
2009-04-30 20:28:13 ----N---- C:\WINDOWS\system32\s3gnb.dll
2009-04-30 20:28:13 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2009-04-30 20:28:13 ----N---- C:\WINDOWS\system32\rasqec.dll
2009-04-30 20:28:13 ----N---- C:\WINDOWS\system32\qutil.dll
2009-04-30 20:28:13 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-04-30 20:28:13 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-04-30 20:28:13 ----N---- C:\WINDOWS\system32\qagent.dll
2009-04-30 20:28:12 ----N---- C:\WINDOWS\system32\xpsp3res.dll
2009-04-30 20:28:12 ----N---- C:\WINDOWS\system32\verclsid.exe
2009-04-30 20:28:12 ----N---- C:\WINDOWS\system32\tzchange.exe
2009-04-30 20:28:12 ----N---- C:\WINDOWS\system32\tspkg.dll
2009-04-30 20:28:12 ----N---- C:\WINDOWS\system32\tsgqec.dll
2009-04-30 20:28:11 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-04-30 20:28:11 ----N---- C:\WINDOWS\slrundll.exe
2009-04-30 20:28:10 ----D---- C:\WINDOWS\l2schemas
2009-04-30 20:28:09 ----D---- C:\WINDOWS\system32\bits
2009-04-30 20:25:32 ----D---- C:\WINDOWS\ServicePackFiles
2009-04-30 20:24:11 ----D---- C:\WINDOWS\network diagnostic
2009-04-30 20:23:19 ----A---- C:\WINDOWS\002893_.tmp
2009-04-30 20:21:05 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-04-29 21:29:16 ----D---- C:\Sandbox
2009-04-28 20:37:22 ----D---- C:\ComboFix
2009-04-28 20:37:22 ----A---- C:\WINDOWS\system32\CF7909.exe
2009-04-28 20:35:01 ----A---- C:\WINDOWS\system32\CF7448.exe
2009-04-28 20:27:16 ----A---- C:\WINDOWS\zip.exe
2009-04-28 20:27:16 ----A---- C:\WINDOWS\vFind.exe
2009-04-28 20:27:16 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-04-28 20:27:16 ----A---- C:\WINDOWS\SWSC.exe
2009-04-28 20:27:16 ----A---- C:\WINDOWS\SWREG.exe
2009-04-28 20:27:16 ----A---- C:\WINDOWS\sed.exe
2009-04-28 20:27:16 ----A---- C:\WINDOWS\NIRCMD.exe
2009-04-28 20:27:16 ----A---- C:\WINDOWS\grep.exe
2009-04-28 20:27:12 ----A---- C:\WINDOWS\system32\CF5920.exe
2009-04-28 20:26:02 ----D---- C:\WINDOWS\ERDNT
2009-04-28 20:26:00 ----D---- C:\Qoobox
2009-04-28 02:29:31 ----D---- C:\Arquivos de programas\Trend Micro
2009-04-27 23:05:01 ----D---- C:\Documents and Settings\x4NG3L.X4NG3L-DE17A6A0\Dados de aplicativos\Malwarebytes
2009-04-27 23:04:57 ----D---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Malwarebytes
2009-04-27 23:04:57 ----D---- C:\Arquivos de programas\Malwarebytes' Anti-Malware
2009-04-25 18:31:08 ----HDC---- C:\WINDOWS\$NtUninstallKB896358$
2009-04-25 18:31:01 ----HDC---- C:\WINDOWS\$NtUninstallKB952004_0$
2009-04-25 18:30:54 ----HDC---- C:\WINDOWS\$NtUninstallKB958690_0$
2009-04-25 18:30:47 ----HDC---- C:\WINDOWS\$NtUninstallKB954600_0$
2009-04-24 06:42:52 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-04-24 01:40:06 ----D---- C:\Arquivos de programas\Arquivos comuns\fwc
2009-04-24 01:40:05 ----D---- C:\Arquivos de programas\Fake Webcam
2009-04-18 19:56:47 ----D---- C:\Arquivos de programas\MSECache
2009-04-18 19:43:02 ----A---- C:\WINDOWS\system32\pdfmonnt.dll
2009-04-18 19:35:58 ----D---- C:\Arquivos de programas\Free PDF to Word Doc Converter
2009-04-17 21:29:47 ----D---- C:\Arquivos de programas\Marcos Velasco Security
2009-04-17 21:26:41 ----D---- C:\Documents and Settings\x4NG3L.X4NG3L-DE17A6A0\Dados de aplicativos\GetRightToGo
2009-04-16 11:46:39 ----D---- C:\Documents and Settings\x4NG3L.X4NG3L-DE17A6A0\Dados de aplicativos\AVG8
2009-04-16 02:24:05 ----D---- C:\Arquivos de programas\NextUp-ScanSoft
2009-04-16 02:20:41 ----D---- C:\WINDOWS\speech
2009-04-16 02:20:28 ----D---- C:\Arquivos de programas\TextAloud
2009-04-15 22:29:01 ----A---- C:\WINDOWS\pdf2word.INI
2009-04-11 18:24:56 ----D---- C:\Arquivos de programas\Valve
2009-04-11 13:00:02 ----D---- C:\Documents and Settings\x4NG3L.X4NG3L-DE17A6A0\Dados de aplicativos\ATI
2009-04-11 13:00:02 ----D---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\ATI
2009-04-11 12:54:02 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2009-04-11 12:53:42 ----D---- C:\Arquivos de programas\ATI Technologies
2009-04-11 12:53:12 ----D---- C:\ATI

======List of files/folders modified in the last 1 months======

2009-05-05 12:58:37 ----A---- C:\WINDOWS\NeroDigital.ini
2009-05-05 11:36:16 ----A---- C:\WINDOWS\vbaddin.ini
2009-05-05 08:24:36 ----D---- C:\WINDOWS\Temp
2009-05-05 07:01:38 ----HD---- C:\$AVG8.VAULT$
2009-05-05 05:29:59 ----SD---- C:\Documents and Settings\x4NG3L.X4NG3L-DE17A6A0\Dados de aplicativos\Microsoft
2009-05-05 05:05:31 ----D---- C:\Arquivos de programas\Mozilla Firefox
2009-05-05 00:57:37 ----D---- C:\WINDOWS
2009-05-04 11:14:42 ----D---- C:\Arquivos de programas\Emule
2009-05-03 15:04:05 ----AD---- C:\WINDOWS\system32\drivers
2009-05-03 14:25:43 ----D---- C:\Projetos
2009-05-03 14:01:14 ----D---- C:\WINDOWS\system32
2009-05-03 12:33:37 ----D---- C:\WINDOWS\Registration
2009-05-02 20:20:20 ----SHD---- C:\Config.Msi
2009-05-02 08:13:23 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-05-02 02:32:27 ----RD---- C:\Arquivos de programas
2009-05-02 00:08:34 ----D---- C:\Arquivos de programas\mIRC
2009-05-01 04:25:19 ----D---- C:\WINDOWS\Debug
2009-05-01 04:02:55 ----SHD---- C:\WINDOWS\Installer
2009-05-01 04:02:19 ----D---- C:\Arquivos de programas\Arquivos comuns\designer
2009-04-30 20:41:09 ----D---- C:\Arquivos de programas\MSN Messenger
2009-04-30 20:40:59 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-30 20:38:17 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-30 20:37:33 ----D---- C:\WINDOWS\system32\wbem
2009-04-30 20:37:33 ----D---- C:\WINDOWS\system32\Setup
2009-04-30 20:37:33 ----D---- C:\WINDOWS\AppPatch
2009-04-30 20:37:32 ----RSD---- C:\WINDOWS\Fonts
2009-04-30 20:36:45 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-04-30 20:33:12 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-04-30 20:33:12 ----D---- C:\WINDOWS\system32\CatRoot
2009-04-30 20:32:58 ----D---- C:\WINDOWS\inf
2009-04-30 20:31:51 ----D---- C:\WINDOWS\security
2009-04-30 20:30:26 ----D---- C:\WINDOWS\WinSxS
2009-04-30 20:28:36 ----D---- C:\Arquivos de programas\Messenger
2009-04-30 20:28:34 ----D---- C:\Arquivos de programas\windows media player
2009-04-30 20:28:33 ----D---- C:\WINDOWS\Help
2009-04-30 20:28:21 ----D---- C:\WINDOWS\ehome
2009-04-30 20:28:20 ----D---- C:\WINDOWS\system32\inetsrv
2009-04-30 20:28:20 ----D---- C:\WINDOWS\ime
2009-04-30 20:28:10 ----D---- C:\WINDOWS\system32\usmt
2009-04-30 20:28:10 ----D---- C:\WINDOWS\system32\pt-br
2009-04-30 20:28:09 ----D---- C:\WINDOWS\PeerNet
2009-04-30 20:28:09 ----D---- C:\Arquivos de programas\movie maker
2009-04-30 20:25:25 ----D---- C:\WINDOWS\system32\Restore
2009-04-30 20:25:25 ----D---- C:\WINDOWS\system32\npp
2009-04-30 20:25:25 ----D---- C:\WINDOWS\msagent
2009-04-30 20:25:24 ----D---- C:\WINDOWS\srchasst
2009-04-30 20:25:23 ----D---- C:\Arquivos de programas\netmeeting
2009-04-30 20:25:22 ----D---- C:\WINDOWS\system32\Com
2009-04-30 20:25:21 ----D---- C:\Arquivos de programas\windows nt
2009-04-30 20:25:21 ----D---- C:\Arquivos de programas\outlook express
2009-04-30 20:25:19 ----D---- C:\Arquivos de programas\Arquivos comuns\system
2009-04-30 20:25:07 ----D---- C:\WINDOWS\system32\oobe
2009-04-30 20:25:06 ----D---- C:\WINDOWS\system
2009-04-30 20:23:15 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-04-30 07:24:47 ----D---- C:\WINDOWS\Minidump
2009-04-29 23:51:09 ----D---- C:\WINDOWS\Downloaded Installations
2009-04-29 21:29:15 ----A---- C:\WINDOWS\Sandboxie.ini
2009-04-28 21:34:44 ----D---- C:\Arquivos de programas\Cheat Engine
2009-04-28 02:34:39 ----D---- C:\Documents and Settings
2009-04-25 21:44:36 ----D---- C:\Arquivos de programas\BSplayerPro
2009-04-25 18:31:14 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Microsoft
2009-04-25 18:30:59 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-25 05:25:57 ----A---- C:\WINDOWS\Iedit_.INI
2009-04-25 05:24:45 ----D---- C:\Fotos
2009-04-24 22:08:21 ----D---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\GbPlugin
2009-04-24 22:08:16 ----D---- C:\Arquivos de programas\GbPlugin
2009-04-24 07:21:38 ----D---- C:\Arquivos de programas\MV RegClean 5.5
2009-04-24 06:52:02 ----D---- C:\Signs
2009-04-24 06:52:00 ----D---- C:\Arquivos de programas\GoldWave
2009-04-24 06:46:57 ----D---- C:\Documents and Settings\x4NG3L.X4NG3L-DE17A6A0\Dados de aplicativos\Alchemy Mindworks
2009-04-24 06:46:57 ----D---- C:\Arquivos de programas\Alchemy Mindworks
2009-04-24 06:36:53 ----D---- C:\Arquivos de programas\Google
2009-04-24 06:33:00 ----D---- C:\Arquivos de programas\Arquivos comuns\microsoft shared
2009-04-24 06:26:32 ----D---- C:\Arquivos de programas\YFB - Youtube Friend Bomber
2009-04-24 06:16:08 ----D---- C:\Arquivos de programas\Arquivos comuns\Adobe
2009-04-24 06:16:07 ----D---- C:\Arquivos de programas\Arquivos comuns
2009-04-24 06:15:08 ----D---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Adobe
2009-04-24 06:15:07 ----D---- C:\Arquivos de programas\Adobe
2009-04-24 06:14:07 ----D---- C:\Documents and Settings\x4NG3L.X4NG3L-DE17A6A0\Dados de aplicativos\Adobe
2009-04-24 05:56:27 ----D---- C:\Arquivos de programas\CCleaner
2009-04-22 21:06:01 ----D---- C:\Filmes
2009-04-18 19:53:18 ----D---- C:\Arquivos de programas\FriendBlasterPro
2009-04-17 21:30:33 ----A---- C:\WINDOWS\system32\MVFOLDER.INI
2009-04-16 12:08:04 ----D---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\avg8
2009-04-11 20:39:14 ----D---- C:\Arquivos de programas\CABALOnlineBR
2009-04-11 18:24:55 ----HD---- C:\Arquivos de programas\InstallShield Installation Information
2009-04-11 17:37:14 ----D---- C:\gamesX
2009-04-11 13:23:54 ----D---- C:\Documents and Settings\x4NG3L.X4NG3L-DE17A6A0\Dados de aplicativos\BSplayer Pro
2009-04-11 13:00:03 ----D---- C:\WINDOWS\system32\config
2009-04-11 12:55:09 ----RSD---- C:\WINDOWS\assembly
2009-04-07 19:03:09 ----A---- C:\WINDOWS\ModemLog_Lucent Win Modem.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-05-02 325896]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-05-02 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-02 108552]
R1 hwinterface;hwinterface; C:\WINDOWS\System32\Drivers\hwinterface.sys [2009-03-26 3026]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720]
R1 vmm;Virtual Machine Monitor; \??\C:\WINDOWS\system32\Drivers\vmm.sys []
R1 WS2IFSL;Ambiente de suporte a provedores de serviços não-IFS do Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [1782-01-19 12032]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1997-12-23 23936]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2008-09-04 56344]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-06-16 2324160]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-02-25 3565568]
R3 CCCP106;D-Link CIF Webcam; C:\WINDOWS\system32\DRIVERS\cccp106.sys [2003-04-09 227200]
R3 hidusb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 MODEMCSA;Dispositivo de filtro de fluxo unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [1782-01-19 12288]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-07-26 33024]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-07-26 12928]
R3 SbieDrv;SbieDrv; \??\C:\Arquivos de programas\Sandboxie\SbieDrv.sys []
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2005-01-10 923826]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys [2007-01-29 59280]
R4 VELASCO;VELASCO; \??\C:\WINDOWS\system32\velasco.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\X4NG3L~1.X4N\CONFIG~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MSTEE;Conversor em T entre locais de fluxo contínuo Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Conexão de TV e vídeo da Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PPJoyBus;Parallel Port Joystick Bus device driver; C:\WINDOWS\system32\drivers\PPJoyBus.sys [2004-10-24 13952]
S3 PPortJoystick;Parallel Port Joystick device driver; C:\WINDOWS\system32\drivers\PPortJoy.sys [2004-10-24 28800]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 Drtddeogs;Drtddeogs; C:\WINDOWS\system32\drivers\Drtddeogs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-02-25 602112]
R2 avg8wd;AVG Free8 WatchDog; C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe [2009-05-02 298776]
R2 GbpSv;Gbp Service; C:\ARQUIV~1\GbPlugin\GbpSv.exe [2009-03-25 52608]
R2 MDM;Machine Debug Manager; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 SbieSvc;Sandboxie Service; C:\Arquivos de programas\Sandboxie\SbieSvc.exe [2008-06-30 49664]
R3 usnjsvc;Serviço de Compartilhamento de Pastas Messenger do USN Journal Reader; C:\Arquivos de programas\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-02-25 593920]
S3 Adobe LM Service;Adobe LM Service; C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-06-09 68096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WLSetupSvc;Windows Live Setup Service; C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------








Logfile of random's system information tool 1.06 (written by random/random)
Run by x4NG3L at 2009-05-05 14:09:30
Microsoft Windows XP Professional Service Pack 3
System drive C: has 2 GB (2%) free of 92 GB
Total RAM: 1023 MB (24% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:09:51, on 5/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Microsoft IntelliType Pro\type32.exe
C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe
C:\ARQUIV~1\AVG\AVG8\avgrsx.exe
C:\ARQUIV~1\AVG\AVG8\avgtray.exe
C:\ARQUIV~1\AVG\AVG8\avgnsx.exe
C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\MSN Messenger\usnsvc.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\Arquivos de programas\Microsoft Visual Studio\VB98\vb6.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\system32\notepad.exe
C:\Arquivos de programas\Winamp\winamp.exe
C:\WINDOWS\system32\notepad.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\x4NG3L.X4NG3L-DE17A6A0\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Arquivos de programas\Trend Micro\HijackThis\x4NG3L.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 200.179.72.132:80
R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehuni.dll
O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Arquivos de programas\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O3 - Toolbar: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - (no file)
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\ARQUIV~1\TEXTAL~1\TAForIE.dll
O4 - HKLM\..\Run: [type32] "C:\Arquivos de programas\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [MVFolder] C:\Arquivos de programas\Marcos Velasco Security\MV Folder Protector 3.04\MVFOLDER.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MVFolder] C:\Arquivos de programas\Marcos Velasco Security\MV Folder Protector 3.04\MVFOLDER.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Arquivos de programas\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/Gb ... ginUni.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0986A3E-533C-4DD3-8462-2A3CFBAB44DC}: NameServer = 200.165.132.147 200.149.55.140
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehuni.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Arquivos de programas\Sandboxie\SbieSvc.exe

--
End of file - 9224 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Arquivos de programas\AVG\AVG8\avgssie.dll [2009-05-02 1107224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2008-08-21 94736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Auxiliar de Conexão do Windows Live - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540008}]
GbIehObj Class - C:\ARQUIV~1\GbPlugin\gbiehuni.dll [2009-03-25 414624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC7E636D-39AA-49b6-B511-65413DA137A1}]
IE Developer Toolbar BHO - C:\Arquivos de programas\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll [2007-03-01 623992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068}
{F053C368-5458-45B2-9B4D-D8914BDDDBFF} - TextAloud - C:\ARQUIV~1\TEXTAL~1\TAForIE.dll [2006-10-24 527360]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"type32"=C:\Arquivos de programas\Microsoft IntelliType Pro\type32.exe [2004-03-19 184320]
"UnlockerAssistant"=C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe [2008-05-02 15872]
"AVG8_TRAY"=C:\ARQUIV~1\AVG\AVG8\avgtray.exe [2009-05-02 1947928]
"StartCCC"=C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-02-25 61440]
"MVFolder"=C:\Arquivos de programas\Marcos Velasco Security\MV Folder Protector 3.04\MVFOLDER.EXE [2003-06-23 77824]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MsnMsgr"=C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe [2008-11-05 5674352]
"MVFolder"=C:\Arquivos de programas\Marcos Velasco Security\MV Folder Protector 3.04\MVFOLDER.EXE [2003-06-23 77824]
"MSMSGS"=C:\Arquivos de programas\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginUni]
C:\ARQUIV~1\GbPlugin\gbiehuni.dll [2009-03-25 414624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-02-25 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-05-02 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399008}"=C:\ARQUIV~1\GbPlugin\gbiehuni.dll [2009-03-25 414624]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=181

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Arquivos de programas\mIRC\mirc.exe"="C:\Arquivos de programas\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Arquivos de programas\Emule\emule.exe"="C:\Arquivos de programas\Emule\emule.exe:*:Enabled:eMule"
"C:\Arquivos de programas\HTTP-Tunnel\HTTP-TunnelClient.exe"="C:\Arquivos de programas\HTTP-Tunnel\HTTP-TunnelClient.exe:*:Enabled:HTTP-Tunnel Client"
"C:\Bifrost\bifrost1.2.1\bifrost121\Bifrost.exe"="C:\Bifrost\bifrost1.2.1\bifrost121\Bifrost.exe:*:Enabled:Bifrost 1.2.1"
"C:\Arquivos de programas\MessengerDiscovery\MessengerDiscovery Live.exe"="C:\Arquivos de programas\MessengerDiscovery\MessengerDiscovery Live.exe:*:Disabled:MessengerDiscovery Live the Windows Live Messenger addon"
"C:\Bifrost\Bifrost.exe"="C:\Bifrost\Bifrost.exe:*:Enabled:Bifrost 1.2.1"
"C:\Documents and Settings\x4NG3L.X4NG3L-DE17A6A0\Configurações locais\Temp\Rar$EX00.172\Charon.exe"="C:\Documents and Settings\x4NG3L.X4NG3L-DE17A6A0\Configurações locais\Temp\Rar$EX00.172\Charon.exe:*:Enabled:Charon - A proxy checking / scanning program."
"C:\Arquivos de programas\AVG\AVG8\avgupd.exe"="C:\Arquivos de programas\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Arquivos de programas\AVG\AVG8\avgnsx.exe"="C:\Arquivos de programas\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Arquivos de programas\CABALOnlineBR\launcher\update\ESTdnheadless.exe"="C:\Arquivos de programas\CABALOnlineBR\launcher\update\ESTdnheadless.exe:*:Enabled:EST! download engine"
"C:\Bifrost\bifrost1.2.1\bifrost1.2.1\bifrost121\Bifrost.exe"="C:\Bifrost\bifrost1.2.1\bifrost1.2.1\bifrost121\Bifrost.exe:*:Enabled:Bifrost 1.2.1"
"C:\Documents and Settings\x4NG3L.X4NG3L-DE17A6A0\Desktop\Halloween.2\Halloween.2\Halloween.2.exe"="C:\Documents and Settings\x4NG3L.X4NG3L-DE17A6A0\Desktop\Halloween.2\Halloween.2\Halloween.2.exe:*:Disabled:Halloween2 Slots"
"C:\Arquivos de programas\Valve\hl.exe"="C:\Arquivos de programas\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Arquivos de programas\MSN Messenger\msnmsgr.exe"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Arquivos de programas\MSN Messenger\livecall.exe"="C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Arquivos de programas\Microsoft Visual Studio\VB98\VB6.EXE"="C:\Arquivos de programas\Microsoft Visual Studio\VB98\VB6.EXE:*:Enabled:Visual Basic"
"C:\Documents and Settings\x4NG3L.X4NG3L-DE17A6A0\Desktop\A_Great_Wi2047322102007\Winsock Example Part 2 for PSC\server\Project1.exe"="C:\Documents and Settings\x4NG3L.X4NG3L-DE17A6A0\Desktop\A_Great_Wi2047322102007\Winsock Example Part 2 for PSC\server\Project1.exe:*:Enabled:Project1"
"C:\Documents and Settings\x4NG3L.X4NG3L-DE17A6A0\Desktop\RPGServer.exe"="C:\Documents and Settings\x4NG3L.X4NG3L-DE17A6A0\Desktop\RPGServer.exe:*:Enabled:RPGServer"
"C:\Documents and Settings\x4NG3L.X4NG3L-DE17A6A0\Desktop\RPG Server 04.exe"="C:\Documents and Settings\x4NG3L.X4NG3L-DE17A6A0\Desktop\RPG Server 04.exe:*:Enabled:RPG Server 04"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Arquivos de programas\MSN Messenger\msnmsgr.exe"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Arquivos de programas\MSN Messenger\livecall.exe"="C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4654576c-f7b1-11dd-92f3-0015f2918c37}]
shell\AutoRun\command - nideiect.com
shell\explore\command - nideiect.com
shell\open\command - nideiect.com


======File associations======

.js - open -
.txt - open -
.vbs - open - NOTEPAD.EXE %1

======List of files/folders created in the last 1 months======

2009-05-05 14:09:30 ----D---- C:\rsit
2009-05-02 02:32:27 ----D---- C:\Arquivos de programas\RPG Online
2009-04-30 20:37:58 ----D---- C:\WINDOWS\Prefetch
2009-04-30 20:32:58 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-04-30 20:32:34 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-04-30 20:31:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-30 20:28:21 ----N---- C:\WINDOWS\system32\smtpapi.dll
2009-04-30 20:28:21 ----N---- C:\WINDOWS\system32\rwnh.dll
2009-04-30 20:28:21 ----N---- C:\WINDOWS\system32\comsdupd.exe
2009-04-30 20:28:18 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-04-30 20:28:18 ----N---- C:\WINDOWS\system32\azroles.dll
2009-04-30 20:28:18 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2009-04-30 20:28:18 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2009-04-30 20:28:18 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-04-30 20:28:17 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-04-30 20:28:17 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-04-30 20:28:17 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-04-30 20:28:17 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-04-30 20:28:17 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-04-30 20:28:17 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-04-30 20:28:17 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-04-30 20:28:17 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-04-30 20:28:17 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-04-30 20:28:17 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-04-30 20:28:17 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-04-30 20:28:17 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-04-30 20:28:17 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-04-30 20:28:17 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-04-30 20:28:17 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-04-30 20:28:17 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-04-30 20:28:17 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-04-30 20:28:17 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-04-30 20:28:17 ----N---- C:\WINDOWS\system32\credssp.dll
2009-04-30 20:28:16 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-04-30 20:28:16 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-04-30 20:28:16 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-04-30 20:28:16 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-04-30 20:28:16 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2009-04-30 20:28:15 ----N---- C:\WINDOWS\system32\napmontr.dll
2009-04-30 20:28:15 ----N---- C:\WINDOWS\system32\napipsec.dll
2009-04-30 20:28:15 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2009-04-30 20:28:15 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-04-30 20:28:15 ----N---- C:\WINDOWS\system32\mssha.dll
2009-04-30 20:28:15 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-04-30 20:28:15 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-04-30 20:28:15 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-04-30 20:28:15 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-04-30 20:28:15 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2009-04-30 20:28:15 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-04-30 20:28:15 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-04-30 20:28:14 ----N---- C:\WINDOWS\system32\onex.dll
2009-04-30 20:28:14 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2009-04-30 20:28:14 ----N---- C:\WINDOWS\system32\napstat.exe
2009-04-30 20:28:13 ----N---- C:\WINDOWS\system32\slserv.exe
2009-04-30 20:28:13 ----N---- C:\WINDOWS\system32\slrundll.exe
2009-04-30 20:28:13 ----N---- C:\WINDOWS\system32\slgen.dll
2009-04-30 20:28:13 ----N---- C:\WINDOWS\system32\slextspk.dll
2009-04-30 20:28:13 ----N---- C:\WINDOWS\system32\slcoinst.dll
2009-04-30 20:28:13 ----N---- C:\WINDOWS\system32\setupn.exe
2009-04-30 20:28:13 ----N---- C:\WINDOWS\system32\s3gnb.dll
2009-04-30 20:28:13 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2009-04-30 20:28:13 ----N---- C:\WINDOWS\system32\rasqec.dll
2009-04-30 20:28:13 ----N---- C:\WINDOWS\system32\qutil.dll
2009-04-30 20:28:13 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-04-30 20:28:13 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-04-30 20:28:13 ----N---- C:\WINDOWS\system32\qagent.dll
2009-04-30 20:28:12 ----N---- C:\WINDOWS\system32\xpsp3res.dll
2009-04-30 20:28:12 ----N---- C:\WINDOWS\system32\verclsid.exe
2009-04-30 20:28:12 ----N---- C:\WINDOWS\system32\tzchange.exe
2009-04-30 20:28:12 ----N---- C:\WINDOWS\system32\tspkg.dll
2009-04-30 20:28:12 ----N---- C:\WINDOWS\system32\tsgqec.dll
2009-04-30 20:28:11 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-04-30 20:28:11 ----N---- C:\WINDOWS\slrundll.exe
2009-04-30 20:28:10 ----D---- C:\WINDOWS\l2schemas
2009-04-30 20:28:09 ----D---- C:\WINDOWS\system32\bits
2009-04-30 20:25:32 ----D---- C:\WINDOWS\ServicePackFiles
2009-04-30 20:24:11 ----D---- C:\WINDOWS\network diagnostic
2009-04-30 20:23:19 ----A---- C:\WINDOWS\002893_.tmp
2009-04-30 20:21:05 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-04-29 21:29:16 ----D---- C:\Sandbox
2009-04-28 20:37:22 ----D---- C:\ComboFix
2009-04-28 20:37:22 ----A---- C:\WINDOWS\system32\CF7909.exe
2009-04-28 20:35:01 ----A---- C:\WINDOWS\system32\CF7448.exe
2009-04-28 20:27:16 ----A---- C:\WINDOWS\zip.exe
2009-04-28 20:27:16 ----A---- C:\WINDOWS\vFind.exe
2009-04-28 20:27:16 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-04-28 20:27:16 ----A---- C:\WINDOWS\SWSC.exe
2009-04-28 20:27:16 ----A---- C:\WINDOWS\SWREG.exe
2009-04-28 20:27:16 ----A---- C:\WINDOWS\sed.exe
2009-04-28 20:27:16 ----A---- C:\WINDOWS\NIRCMD.exe
2009-04-28 20:27:16 ----A---- C:\WINDOWS\grep.exe
2009-04-28 20:27:12 ----A---- C:\WINDOWS\system32\CF5920.exe
2009-04-28 20:26:02 ----D---- C:\WINDOWS\ERDNT
2009-04-28 20:26:00 ----D---- C:\Qoobox
2009-04-28 02:29:31 ----D---- C:\Arquivos de programas\Trend Micro
2009-04-27 23:05:01 ----D---- C:\Documents and Settings\x4NG3L.X4NG3L-DE17A6A0\Dados de aplicativos\Malwarebytes
2009-04-27 23:04:57 ----D---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Malwarebytes
2009-04-27 23:04:57 ----D---- C:\Arquivos de programas\Malwarebytes' Anti-Malware
2009-04-25 18:31:08 ----HDC---- C:\WINDOWS\$NtUninstallKB896358$
2009-04-25 18:31:01 ----HDC---- C:\WINDOWS\$NtUninstallKB952004_0$
2009-04-25 18:30:54 ----HDC---- C:\WINDOWS\$NtUninstallKB958690_0$
2009-04-25 18:30:47 ----HDC---- C:\WINDOWS\$NtUninstallKB954600_0$
2009-04-24 06:42:52 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-04-24 01:40:06 ----D---- C:\Arquivos de programas\Arquivos comuns\fwc
2009-04-24 01:40:05 ----D---- C:\Arquivos de programas\Fake Webcam
2009-04-18 19:56:47 ----D---- C:\Arquivos de programas\MSECache
2009-04-18 19:43:02 ----A---- C:\WINDOWS\system32\pdfmonnt.dll
2009-04-18 19:35:58 ----D---- C:\Arquivos de programas\Free PDF to Word Doc Converter
2009-04-17 21:29:47 ----D---- C:\Arquivos de programas\Marcos Velasco Security
2009-04-17 21:26:41 ----D---- C:\Documents and Settings\x4NG3L.X4NG3L-DE17A6A0\Dados de aplicativos\GetRightToGo
2009-04-16 11:46:39 ----D---- C:\Documents and Settings\x4NG3L.X4NG3L-DE17A6A0\Dados de aplicativos\AVG8
2009-04-16 02:24:05 ----D---- C:\Arquivos de programas\NextUp-ScanSoft
2009-04-16 02:20:41 ----D---- C:\WINDOWS\speech
2009-04-16 02:20:28 ----D---- C:\Arquivos de programas\TextAloud
2009-04-15 22:29:01 ----A---- C:\WINDOWS\pdf2word.INI
2009-04-11 18:24:56 ----D---- C:\Arquivos de programas\Valve
2009-04-11 13:00:02 ----D---- C:\Documents and Settings\x4NG3L.X4NG3L-DE17A6A0\Dados de aplicativos\ATI
2009-04-11 13:00:02 ----D---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\ATI
2009-04-11 12:54:02 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2009-04-11 12:53:42 ----D---- C:\Arquivos de programas\ATI Technologies
2009-04-11 12:53:12 ----D---- C:\ATI

======List of files/folders modified in the last 1 months======

2009-05-05 12:58:37 ----A---- C:\WINDOWS\NeroDigital.ini
2009-05-05 11:36:16 ----A---- C:\WINDOWS\vbaddin.ini
2009-05-05 08:24:36 ----D---- C:\WINDOWS\Temp
2009-05-05 07:01:38 ----HD---- C:\$AVG8.VAULT$
2009-05-05 05:29:59 ----SD---- C:\Documents and Settings\x4NG3L.X4NG3L-DE17A6A0\Dados de aplicativos\Microsoft
2009-05-05 05:05:31 ----D---- C:\Arquivos de programas\Mozilla Firefox
2009-05-05 00:57:37 ----D---- C:\WINDOWS
2009-05-04 11:14:42 ----D---- C:\Arquivos de programas\Emule
2009-05-03 15:04:05 ----AD---- C:\WINDOWS\system32\drivers
2009-05-03 14:25:43 ----D---- C:\Projetos
2009-05-03 14:01:14 ----D---- C:\WINDOWS\system32
2009-05-03 12:33:37 ----D---- C:\WINDOWS\Registration
2009-05-02 20:20:20 ----SHD---- C:\Config.Msi
2009-05-02 08:13:23 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-05-02 02:32:27 ----RD---- C:\Arquivos de programas
2009-05-02 00:08:34 ----D---- C:\Arquivos de programas\mIRC
2009-05-01 04:25:19 ----D---- C:\WINDOWS\Debug
2009-05-01 04:02:55 ----SHD---- C:\WINDOWS\Installer
2009-05-01 04:02:19 ----D---- C:\Arquivos de programas\Arquivos comuns\designer
2009-04-30 20:41:09 ----D---- C:\Arquivos de programas\MSN Messenger
2009-04-30 20:40:59 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-30 20:38:17 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-30 20:37:33 ----D---- C:\WINDOWS\system32\wbem
2009-04-30 20:37:33 ----D---- C:\WINDOWS\system32\Setup
2009-04-30 20:37:33 ----D---- C:\WINDOWS\AppPatch
2009-04-30 20:37:32 ----RSD---- C:\WINDOWS\Fonts
2009-04-30 20:36:45 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-04-30 20:33:12 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-04-30 20:33:12 ----D---- C:\WINDOWS\system32\CatRoot
2009-04-30 20:32:58 ----D---- C:\WINDOWS\inf
2009-04-30 20:31:51 ----D---- C:\WINDOWS\security
2009-04-30 20:30:26 ----D---- C:\WINDOWS\WinSxS
2009-04-30 20:28:36 ----D---- C:\Arquivos de programas\Messenger
2009-04-30 20:28:34 ----D---- C:\Arquivos de programas\windows media player
2009-04-30 20:28:33 ----D---- C:\WINDOWS\Help
2009-04-30 20:28:21 ----D---- C:\WINDOWS\ehome
2009-04-30 20:28:20 ----D---- C:\WINDOWS\system32\inetsrv
2009-04-30 20:28:20 ----D---- C:\WINDOWS\ime
2009-04-30 20:28:10 ----D---- C:\WINDOWS\system32\usmt
2009-04-30 20:28:10 ----D---- C:\WINDOWS\system32\pt-br
2009-04-30 20:28:09 ----D---- C:\WINDOWS\PeerNet
2009-04-30 20:28:09 ----D---- C:\Arquivos de programas\movie maker
2009-04-30 20:25:25 ----D---- C:\WINDOWS\system32\Restore
2009-04-30 20:25:25 ----D---- C:\WINDOWS\system32\npp
2009-04-30 20:25:25 ----D---- C:\WINDOWS\msagent
2009-04-30 20:25:24 ----D---- C:\WINDOWS\srchasst
2009-04-30 20:25:23 ----D---- C:\Arquivos de programas\netmeeting
2009-04-30 20:25:22 ----D---- C:\WINDOWS\system32\Com
2009-04-30 20:25:21 ----D---- C:\Arquivos de programas\windows nt
2009-04-30 20:25:21 ----D---- C:\Arquivos de programas\outlook express
2009-04-30 20:25:19 ----D---- C:\Arquivos de programas\Arquivos comuns\system
2009-04-30 20:25:07 ----D---- C:\WINDOWS\system32\oobe
2009-04-30 20:25:06 ----D---- C:\WINDOWS\system
2009-04-30 20:23:15 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-04-30 07:24:47 ----D---- C:\WINDOWS\Minidump
2009-04-29 23:51:09 ----D---- C:\WINDOWS\Downloaded Installations
2009-04-29 21:29:15 ----A---- C:\WINDOWS\Sandboxie.ini
2009-04-28 21:34:44 ----D---- C:\Arquivos de programas\Cheat Engine
2009-04-28 02:34:39 ----D---- C:\Documents and Settings
2009-04-25 21:44:36 ----D---- C:\Arquivos de programas\BSplayerPro
2009-04-25 18:31:14 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Microsoft
2009-04-25 18:30:59 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-25 05:25:57 ----A---- C:\WINDOWS\Iedit_.INI
2009-04-25 05:24:45 ----D---- C:\Fotos
2009-04-24 22:08:21 ----D---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\GbPlugin
2009-04-24 22:08:16 ----D---- C:\Arquivos de programas\GbPlugin
2009-04-24 07:21:38 ----D---- C:\Arquivos de programas\MV RegClean 5.5
2009-04-24 06:52:02 ----D---- C:\Signs
2009-04-24 06:52:00 ----D---- C:\Arquivos de programas\GoldWave
2009-04-24 06:46:57 ----D---- C:\Documents and Settings\x4NG3L.X4NG3L-DE17A6A0\Dados de aplicativos\Alchemy Mindworks
2009-04-24 06:46:57 ----D---- C:\Arquivos de programas\Alchemy Mindworks
2009-04-24 06:36:53 ----D---- C:\Arquivos de programas\Google
2009-04-24 06:33:00 ----D---- C:\Arquivos de programas\Arquivos comuns\microsoft shared
2009-04-24 06:26:32 ----D---- C:\Arquivos de programas\YFB - Youtube Friend Bomber
2009-04-24 06:16:08 ----D---- C:\Arquivos de programas\Arquivos comuns\Adobe
2009-04-24 06:16:07 ----D---- C:\Arquivos de programas\Arquivos comuns
2009-04-24 06:15:08 ----D---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Adobe
2009-04-24 06:15:07 ----D---- C:\Arquivos de programas\Adobe
2009-04-24 06:14:07 ----D---- C:\Documents and Settings\x4NG3L.X4NG3L-DE17A6A0\Dados de aplicativos\Adobe
2009-04-24 05:56:27 ----D---- C:\Arquivos de programas\CCleaner
2009-04-22 21:06:01 ----D---- C:\Filmes
2009-04-18 19:53:18 ----D---- C:\Arquivos de programas\FriendBlasterPro
2009-04-17 21:30:33 ----A---- C:\WINDOWS\system32\MVFOLDER.INI
2009-04-16 12:08:04 ----D---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\avg8
2009-04-11 20:39:14 ----D---- C:\Arquivos de programas\CABALOnlineBR
2009-04-11 18:24:55 ----HD---- C:\Arquivos de programas\InstallShield Installation Information
2009-04-11 17:37:14 ----D---- C:\gamesX
2009-04-11 13:23:54 ----D---- C:\Documents and Settings\x4NG3L.X4NG3L-DE17A6A0\Dados de aplicativos\BSplayer Pro
2009-04-11 13:00:03 ----D---- C:\WINDOWS\system32\config
2009-04-11 12:55:09 ----RSD---- C:\WINDOWS\assembly
2009-04-07 19:03:09 ----A---- C:\WINDOWS\ModemLog_Lucent Win Modem.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-05-02 325896]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-05-02 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-02 108552]
R1 hwinterface;hwinterface; C:\WINDOWS\System32\Drivers\hwinterface.sys [2009-03-26 3026]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720]
R1 vmm;Virtual Machine Monitor; \??\C:\WINDOWS\system32\Drivers\vmm.sys []
R1 WS2IFSL;Ambiente de suporte a provedores de serviços não-IFS do Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [1782-01-19 12032]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1997-12-23 23936]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2008-09-04 56344]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-06-16 2324160]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-02-25 3565568]
R3 CCCP106;D-Link CIF Webcam; C:\WINDOWS\system32\DRIVERS\cccp106.sys [2003-04-09 227200]
R3 hidusb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 MODEMCSA;Dispositivo de filtro de fluxo unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [1782-01-19 12288]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-07-26 33024]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-07-26 12928]
R3 SbieDrv;SbieDrv; \??\C:\Arquivos de programas\Sandboxie\SbieDrv.sys []
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2005-01-10 923826]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys [2007-01-29 59280]
R4 VELASCO;VELASCO; \??\C:\WINDOWS\system32\velasco.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\X4NG3L~1.X4N\CONFIG~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MSTEE;Conversor em T entre locais de fluxo contínuo Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Conexão de TV e vídeo da Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PPJoyBus;Parallel Port Joystick Bus device driver; C:\WINDOWS\system32\drivers\PPJoyBus.sys [2004-10-24 13952]
S3 PPortJoystick;Parallel Port Joystick device driver; C:\WINDOWS\system32\drivers\PPortJoy.sys [2004-10-24 28800]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 Drtddeogs;Drtddeogs; C:\WINDOWS\system32\drivers\Drtddeogs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-02-25 602112]
R2 avg8wd;AVG Free8 WatchDog; C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe [2009-05-02 298776]
R2 GbpSv;Gbp Service; C:\ARQUIV~1\GbPlugin\GbpSv.exe [2009-03-25 52608]
R2 MDM;Machine Debug Manager; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 SbieSvc;Sandboxie Service; C:\Arquivos de programas\Sandboxie\SbieSvc.exe [2008-06-30 49664]
R3 usnjsvc;Serviço de Compartilhamento de Pastas Messenger do USN Journal Reader; C:\Arquivos de programas\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-02-25 593920]
S3 Adobe LM Service;Adobe LM Service; C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-06-09 68096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WLSetupSvc;Windows Live Setup Service; C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------
x4ng3l
Active Member
 
Posts: 8
Joined: April 28th, 2009, 4:53 am

Re: Request: Analysis of Logs

Unread postby x4ng3l » May 5th, 2009, 1:15 pm

info.txt logfile of random's system information tool 1.06 2009-05-05 14:09:53

======Uninstall list======

Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop CS-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Reader 9 - Português-->MsiExec.exe /I{AC76BA86-7AD7-1046-7B44-A90000000001}
Arquivo do WinRAR-->C:\Arquivos de programas\WinRAR\uninstall.exe
Assistente de Conexão do Windows Live-->MsiExec.exe /I{381C70F0-FC2C-4BEF-B16C-B88FA67A6B7B}
Assistente de Conexão do Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
ATI - Software Uninstall Utility-->C:\Arquivos de programas\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Atualização de Segurança para Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
AVG 8.5-->C:\Arquivos de programas\AVG\AVG8\setup.exe /UNINSTALL
BSPlayer-->"C:\Arquivos de programas\BSplayerPro\uninstall.exe"
CABAL Online-->"C:\Arquivos de programas\CABALOnlineBR\unins000.exe"
Canon iP1300-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1300\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1300 /L0x0016
Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
CCleaner (remove only)-->"C:\Arquivos de programas\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{EBD5E7A9-DBB8-4E24-AE3A-CF9390AF1CCB}
Counter-Strike 1.6-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{13B792AA-C078-43A4-8A3A-8B12D629940D}\Setup.exe" -l0x19
DAEMON Tools-->MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
D-Link CIF Webcam-->C:\WINDOWS\CleanDev.exe C:\WINDOWS\DC2110a.ini
eMule-->"C:\Arquivos de programas\eMule\Uninstall.exe"
EVEREST Ultimate Edition v4.60-->"C:\Arquivos de programas\Lavalys\EVEREST Ultimate Edition\unins000.exe"
EZ Macros-->C:\WINDOWS\amuninst.exe -fC:\WINDOWS\unezmac.ini
Fake Webcam 5.1.0-->"C:\Arquivos de programas\Fake Webcam\unins000.exe"
Free PDF to Word Doc Converter v1.1-->"C:\Arquivos de programas\Free PDF to Word Doc Converter\unins000.exe"
GoldWave v5.08-->"C:\Arquivos de programas\GoldWave\unstall.exe" "GoldWave v5.08" "C:\Arquivos de programas\GoldWave\unstall.log"
Google Earth-->MsiExec.exe /X{548EAC70-EE00-11DD-908C-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Guitar Flash 1.0.1-->"C:\gamesX\unins000.exe"
HijackThis 2.0.2-->"C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Housoft MKT 4.91-->"C:\Arquivos de programas\Housoft MKT\unins000.exe"
Image Resizer Powertoy for Windows XP-->MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
Internet Explorer Developer Toolbar-->MsiExec.exe /I{E7081891-BC7F-43F9-9CE6-B5DD2F497156}
iRPG Chat -->C:\Arquivos de programas\RPG Online\iRPG Chat\uninst.exe
Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
K-Lite Codec Pack 2.71 Full-->"C:\Arquivos de programas\K-Lite Codec Pack\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Arquivos de programas\Malwarebytes' Anti-Malware\unins000.exe"
Messenger Plus! Live-->"C:\Arquivos de programas\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 2.0 Language Pack - PTB-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - PTB\install.exe
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft .NET Framework 3.0 Brazilian Portuguese Language Pack-->MsiExec.exe /X{F407D6FB-D3AD-44CC-B77B-5B3F0FF1F22C}
Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edição 2003-->MsiExec.exe /I{90110416-6000-11D3-8CFE-0150048383C9}
Microsoft Search Enhancement Pack-->MsiExec.exe /I{A853BEB2-B270-4645-AAAA-9D83C2233BD3}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Text-to-Speech Engine 4.0 (English)-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTSf22.inf, Uninstall
Microsoft Virtual PC 2007-->MsiExec.exe /X{8A7CAA24-7B23-410B-A7C3-F994B0944160}
Microsoft Visual Basic 6.0 Enterprise Edition-->"C:\Arquivos de programas\Microsoft Visual Studio\VB98\Setup\1033\Setup.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
mIRC-->"C:\Arquivos de programas\mIRC\mirc.exe" -uninstall
Mozilla Firefox (2.0.0.20)-->C:\ARQUIV~1\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 6.0 Parser (KB927977)-->MsiExec.exe /I{5A710547-B58E-488B-828D-CA9A25A0533C}
MV Folder Protector 3.04-->"C:\Arquivos de programas\Marcos Velasco Security\MV Folder Protector 3.04\unins000.exe"
MV RegClean 5.5-->"C:\Arquivos de programas\MV RegClean 5.5\unins000.exe"
My Screen Recorder 2.34-->"C:\Arquivos de programas\My Screen Recorder\unins000.exe"
Nero 6 Ultra Edition-->C:\Arquivos de programas\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NextUp-ScanSoft Raquel Brazilian Portuguese Voice-->MsiExec.exe /I{5FAFC823-5E8C-40FB-8238-F2C536B2FB11}
No-IP.com DUC (remove only)-->"C:\Arquivos de programas\No-IP\DUC20.exe" -uninstall
Opera 9.50-->MsiExec.exe /X{F76FFCC7-DFCE-4764-954F-DBB03CE89AF5}
Pacote de Idiomas do Português (Brasil) para Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 Brazilian Portuguese Language Pack\setup.exe
Privoxy 3.0.6-->"C:\Arquivos de programas\Vidalia Bundle\Uninstall.exe"
ProxyCap-->MsiExec.exe /I{0872A205-06FF-40BA-AE38-92B188A0649B}
QuickTime-->MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
Real Alternative 1.29-->"C:\Arquivos de programas\Real Alternative\unins000.exe"
Revo Uninstaller 1.80-->C:\Arquivos de programas\VS Revo Group\Revo Uninstaller\uninst.exe
Sandboxie 3.28-->"C:\WINDOWS\Installer\SandboxieInstall.exe" /remove
Smart Defrag 1.03-->"C:\Arquivos de programas\IObit\IObit SmartDefrag\unins000.exe"
Sothink SWF Decompiler-->"C:\Arquivos de programas\Sothink SWF Decompiler\unins000.exe"
Spybot - Search & Destroy-->"C:\Arquivos de programas\Spybot - Search & Destroy\unins000.exe"
STOIK Capturer-->MsiExec.exe /X{CD7F9976-33AE-4C07-BAE5-FCB50CA6E371}
TextAloud-->"C:\Arquivos de programas\TextAloud\unins000.exe"
Tor 0.1.2.19-->"C:\Arquivos de programas\Vidalia Bundle\Uninstall.exe"
Tube Increaser-->MsiExec.exe /I{F6C8EA3D-A031-4F10-AC85-C008A26D5C81}
Tubeinator-->"C:\Arquivos de programas\Tubeinator\unins000.exe"
Unlocker 1.8.7-->C:\Arquivos de programas\Unlocker\uninst.exe
Vidalia 0.0.16-->"C:\Arquivos de programas\Vidalia Bundle\Uninstall.exe"
Winamp-->"C:\Arquivos de programas\Winamp\UninstWA.exe"
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Family Safety-->MsiExec.exe /X{3491D278-AF52-4A0E-A1F5-D1A57B4F2222}
Windows Live Messenger-->MsiExec.exe /I{37FD253D-5064-4034-8CEC-CC3995F823A4}
Windows Live Toolbar Beta-->MsiExec.exe /X{5524A0D4-F826-4961-9B53-EFF6C615251B}
Windows Live Writer-->MsiExec.exe /X{AC5568AB-C3E3-490E-BE40-50977C12288D}
Windows Presentation Foundation Language Pack (PTB)-->MsiExec.exe /X{93676FC6-C7DB-45A6-A62B-74A324F17313}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation BR Language Pack-->MsiExec.exe /I{6A288CAE-32D0-4CA7-8166-210D380A8045}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: X4NG3L-DE17A6A0
Event Code: 62486
Message: Invalid parameters

Record Number: 11600
Source Name: ati2mtag
Time Written: 20090423194008.000000-180
Event Type: Informações
User:

Computer Name: X4NG3L-DE17A6A0
Event Code: 62486
Message: Invalid parameters

Record Number: 11599
Source Name: ati2mtag
Time Written: 20090423194008.000000-180
Event Type: Informações
User:

Computer Name: X4NG3L-DE17A6A0
Event Code: 62486
Message: Invalid parameters

Record Number: 11598
Source Name: ati2mtag
Time Written: 20090423194008.000000-180
Event Type: Informações
User:

Computer Name: X4NG3L-DE17A6A0
Event Code: 62486
Message: Invalid parameters

Record Number: 11597
Source Name: ati2mtag
Time Written: 20090423194008.000000-180
Event Type: Informações
User:

Computer Name: X4NG3L-DE17A6A0
Event Code: 62486
Message: Invalid parameters

Record Number: 11596
Source Name: ati2mtag
Time Written: 20090423194008.000000-180
Event Type: Informações
User:

=====Application event log=====

Computer Name: X4NG3L-DE17A6A0
Event Code: 300
Message: MsnMsgr (1292) \\.\C:\Documents and Settings\x4NG3L.X4NG3L-DE17A6A0\Configurações locais\Dados de aplicativos\Microsoft\Messenger\x4ng3l@hotmail.com\SharingMetadata\Working\database_C640_D202_40D1_F8DF\dfsr.db: O mecanismo de banco de dados está iniciando as etapas de recuperação.

Record Number: 16694
Source Name: ESENT
Time Written: 20090410142108.000000-180
Event Type: Informações
User:

Computer Name: X4NG3L-DE17A6A0
Event Code: 102
Message: MsnMsgr (1292) \\.\C:\Documents and Settings\x4NG3L.X4NG3L-DE17A6A0\Configurações locais\Dados de aplicativos\Microsoft\Messenger\x4ng3l@hotmail.com\SharingMetadata\Working\database_C640_D202_40D1_F8DF\dfsr.db: O mecanismo de banco de dados iniciou uma nova instância (0).

Record Number: 16693
Source Name: ESENT
Time Written: 20090410142108.000000-180
Event Type: Informações
User:

Computer Name: X4NG3L-DE17A6A0
Event Code: 100
Message: MsnMsgr (1292) O mecanismo de banco de dados 5.01.2600.2180 foi iniciado.

Record Number: 16692
Source Name: ESENT
Time Written: 20090410142108.000000-180
Event Type: Informações
User:

Computer Name: X4NG3L-DE17A6A0
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.

Record Number: 16691
Source Name: usnjsvc
Time Written: 20090410142107.000000-180
Event Type:
User:

Computer Name: X4NG3L-DE17A6A0
Event Code: 1800
Message: O Serviço da Central de Segurança do Windows foi iniciado.

Record Number: 16690
Source Name: SecurityCenter
Time Written: 20090410140721.000000-180
Event Type: Informações
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Arquivos de programas\QuickTime\QTSystem;C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 44 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2c02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Arquivos de programas\Java\jre1.6.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Arquivos de programas\Java\jre1.6.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------
x4ng3l
Active Member
 
Posts: 8
Joined: April 28th, 2009, 4:53 am

Re: Request: Analysis of Logs

Unread postby peku006 » May 5th, 2009, 2:04 pm

Hi x4ng3l

that " suspected message" what it says ,English ...please
and can you also translate these :

O mecanismo de banco de dados está iniciando as etapas de recuperação.
O mecanismo de banco de dados iniciou uma nova instância (0).

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Request: Analysis of Logs

Unread postby x4ng3l » May 6th, 2009, 8:57 am

Suspecious Text:

Title: Error connecting to Internet.

Menssagem: Your request can not be completed because the server can not be found or did not respond. It is possible that the server is experiencing technical difficulties, or may be you have to adjust their network settings.

Buttons: Try Again - Cancel

=============================

And your text is:

O mecanismo de banco de dados está iniciando as etapas de recuperação.
=>The Mechanisms of the database is beginning stages of recovery

O mecanismo de banco de dados iniciou uma nova instância (0).
=>The mechanism of the database started a new instance (0).

=============================
x4ng3l
Active Member
 
Posts: 8
Joined: April 28th, 2009, 4:53 am

Re: Request: Analysis of Logs

Unread postby peku006 » May 6th, 2009, 1:46 pm

Hi x4ng3l

There is no malware that would be causing your problem.May be software,hardware,windows problem.
Unfortunately you are now outside my area of knowledge, so I'm going to have to recommend that you visit one of the tech forums for assistance.
http://www.techsupportforum.com/
http://www.bleepingcomputer.com/forums/
http://forums.whatthetech.com/forums.html
http://forums.pcpitstop.com/
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Request: Analysis of Logs

Unread postby x4ng3l » May 6th, 2009, 5:14 pm

Ok.

Thanks for All :D
x4ng3l
Active Member
 
Posts: 8
Joined: April 28th, 2009, 4:53 am

Re: Request: Analysis of Logs

Unread postby NonSuch » May 10th, 2009, 3:12 pm

As this issue does not involve malware and therefore falls outside the scope of this forum, this topic is now closed.

You can help support this site from this link :
Donations For Malware Removal
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27302
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 28 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware