Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

"Successfully blocked access to a potentially malicious website


  • Please log in to reply

#1
dreamhouse

dreamhouse

    New Member

  • Member
  • Pip
  • 2 posts
Hi there, :)

I got an "attack site" banner from firefox for my site some days ago. My site has been attacked constantly in my shared server 1and1 and despite me cleaning the scripts from some files in the server, strong passwording all my accounts (sftp primarily and including email ones) and spending all day yesterday hunting the cause (online antivirus scanners, running full scans from Malwarebytes, Microsoft Security Essentials and System Protect from Advanced System Optimizer), I keep getting the following message from Malwarebytes: Successfully blocked access to a potentially malicious website: 93.125.99.4 (it´s a russian IP and it varies a bit, of course) type: outgoing, port: 49690 (this also varies) and process: iexplore.exe or firefox.exe (depending on what browser I use). This happens everytime I try to access my site http://www.saudefrugal.com. I also decided to run Combofix as a last alternative, and althogh it cleaned my computer even more the popups from Malwarebytes are still popping and my site, although apparently clean, gets "attack site" banners in firefox. I report to stopbadware after cleaning, it gets liberated and after some hours it gets the banner sign again, so it is really worriesome. I also get some popups from Malwarebytes of outgoing blocked access from skype.exe. I run Windows 7 Ultimate x64.

Please, DO help me find the problem inside my computer, PLEASE!!!!! I thank you in advance!

OTL logfile created on: 26/06/2011 11:50:18 - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Clarita Maia\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brazil | Language: PTB | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 1,50 Gb Available Physical Memory | 37,39% Memory free
8,00 Gb Paging File | 5,25 Gb Available in Paging File | 65,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 43,95 Gb Total Space | 2,92 Gb Free Space | 6,66% Space Free | Partition Type: NTFS
Drive D: | 58,64 Gb Total Space | 8,99 Gb Free Space | 15,33% Space Free | Partition Type: NTFS
Drive E: | 40,98 Gb Total Space | 14,95 Gb Free Space | 36,50% Space Free | Partition Type: NTFS
Drive F: | 89,31 Gb Total Space | 10,10 Gb Free Space | 11,31% Space Free | Partition Type: NTFS
Drive G: | 8,00 Mb Total Space | 4,25 Mb Free Space | 53,10% Space Free | Partition Type: NTFS
Drive H: | 67,38 Gb Total Space | 14,88 Gb Free Space | 22,08% Space Free | Partition Type: NTFS
Drive I: | 27,34 Gb Total Space | 13,03 Gb Free Space | 47,65% Space Free | Partition Type: NTFS
Drive J: | 27,34 Gb Total Space | 24,86 Gb Free Space | 90,91% Space Free | Partition Type: NTFS
Drive K: | 26,86 Gb Total Space | 4,33 Gb Free Space | 16,12% Space Free | Partition Type: NTFS
Drive N: | 931,28 Gb Total Space | 164,20 Gb Free Space | 17,63% Space Free | Partition Type: FAT32

Computer Name: DREAMHOUSE | User Name: Clarita Maia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/26 11:41:25 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Clarita Maia\Desktop\OTL.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/05/10 21:29:57 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/04/25 10:30:52 | 003,298,712 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
PRC - [2011/04/08 02:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010/10/05 13:59:34 | 001,433,912 | ---- | M] (Systweak Inc., (www.systweak.com)) -- C:\Program Files (x86)\Advanced System Optimizer 3\SystemCleaner.exe
PRC - [2010/10/05 13:59:32 | 001,048,376 | ---- | M] (Systweak Inc., (www.systweak.com)) -- C:\Program Files (x86)\Advanced System Optimizer 3\RegClean.exe
PRC - [2010/10/05 13:59:30 | 003,521,848 | ---- | M] (Systweak Inc., (www.systweak.com)) -- C:\Program Files (x86)\Advanced System Optimizer 3\ASO3.exe
PRC - [2010/10/05 13:59:28 | 010,000,184 | ---- | M] (Systweak Inc., (www.systweak.com)) -- C:\Program Files (x86)\Advanced System Optimizer 3\SystemProtector.exe
PRC - [2010/10/05 13:59:14 | 001,538,872 | ---- | M] (Systweak Inc., (www.systweak.com)) -- C:\Program Files (x86)\Advanced System Optimizer 3\PrivacyProtector.exe
PRC - [2010/05/25 11:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
PRC - [2010/02/09 16:48:10 | 000,016,184 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2009/11/19 17:51:54 | 000,139,264 | ---- | M] (ITSamples.com) -- C:\Program Files (x86)\network-indicator\NetworkIndicator.exe


========== Modules (SafeList) ==========

MOD - [2011/06/26 11:41:25 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Clarita Maia\Desktop\OTL.exe
MOD - [2010/11/20 08:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/11 13:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010/11/11 13:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/10/07 11:08:14 | 001,486,088 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe -- (PDEngine)
SRV:64bit: - [2009/10/07 11:08:10 | 001,503,496 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe -- (PDAgent)
SRV:64bit: - [2009/07/13 22:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 22:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/08 02:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/11/20 09:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 09:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 09:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/10/05 13:59:24 | 000,263,480 | ---- | M] (Systweak Inc., (www.systweak.com)) [Auto | Running] -- C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe -- (ASO3DiskOptimizer)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/16 12:56:18 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/03/28 14:46:40 | 000,146,568 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:64bit: - [2011/03/14 11:53:42 | 000,412,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2011/03/11 03:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 03:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/07 16:03:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/11/20 10:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 08:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 08:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/10/24 20:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/06/10 18:00:06 | 000,036,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelsmb.sys -- (smbusp) Intel®
DRV:64bit: - [2010/05/26 10:39:08 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\A28E.tmp -- (MEMSWEEP2)
DRV:64bit: - [2009/11/18 21:11:10 | 000,037,392 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hotcore3.sys -- (hotcore3)
DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 17:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/20 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2008/09/26 17:06:24 | 000,045,320 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\uimx64.sys -- (UimBus)
DRV:64bit: - [2007/11/08 10:29:22 | 000,527,872 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PAC7302.SYS -- (PAC7302)
DRV:64bit: - [2007/09/25 11:59:52 | 000,018,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfoX64.sys -- (CrystalSysInfo)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0E 84 7F 57 AC 5F CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.selectedEngine: "IMDB"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {2bfc8624-5b8a-4060-b86a-e78ccbc38509}:2.4
FF - prefs.js..extensions.enabledItems: [email protected]:0.7.10
FF - prefs.js..extensions.enabledItems: [email protected]:2.5.0
FF - prefs.js..extensions.enabledItems: {1cff04ef-0c75-4621-ba2a-2efb77346996}:2.3
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.3.2
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.9.3
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: {DB2EA31C-58F5-48b7-8D60-CB0739257904}:0.21
FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E886C}:1.0.18.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.0
FF - prefs.js..extensions.enabledItems: {FCAB6FDD-5585-425b-95C1-5ED856F3FD08}:6.1
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.6
FF - prefs.js..extensions.enabledItems: {84b24861-62f6-364b-eba5-2e5e2061d7e6}:0.9.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {4D144BC3-23FB-47de-90C5-63CCB0139CCF}:1.0
FF - prefs.js..extensions.enabledItems: {5B52016C-D097-4aec-BE61-9F129D8FDDBA}:2.0
FF - prefs.js..extensions.enabledItems: [email protected]:7.1.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {038dc421-b19e-4711-a218-1fd10de9163b}:1.0.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.91
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.1
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.5
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 9666
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2010/02/09 16:48:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/10 21:30:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/24 18:50:35 | 000,000,000 | ---D | M]

[2009/12/15 09:56:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clarita Maia\AppData\Roaming\mozilla\Extensions
[2011/06/25 19:48:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clarita Maia\AppData\Roaming\mozilla\Firefox\Profiles\j6dvnkqw.default\extensions
[2011/02/28 22:00:49 | 000,000,000 | ---D | M] (Add N Edit Cookies) -- C:\Users\Clarita Maia\AppData\Roaming\mozilla\Firefox\Profiles\j6dvnkqw.default\extensions\{038dc421-b19e-4711-a218-1fd10de9163b}
[2010/09/26 18:52:14 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Users\Clarita Maia\AppData\Roaming\mozilla\Firefox\Profiles\j6dvnkqw.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/05/28 09:02:06 | 000,000,000 | ---D | M] (Vista-aero) -- C:\Users\Clarita Maia\AppData\Roaming\mozilla\Firefox\Profiles\j6dvnkqw.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
[2010/02/03 13:18:08 | 000,000,000 | ---D | M] ("ChromaTabs Plus") -- C:\Users\Clarita Maia\AppData\Roaming\mozilla\Firefox\Profiles\j6dvnkqw.default\extensions\{1cff04ef-0c75-4621-ba2a-2efb77346996}
[2010/04/27 18:21:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Clarita Maia\AppData\Roaming\mozilla\Firefox\Profiles\j6dvnkqw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/07 07:24:17 | 000,000,000 | ---D | M] ("BetterSearch") -- C:\Users\Clarita Maia\AppData\Roaming\mozilla\Firefox\Profiles\j6dvnkqw.default\extensions\{2bfc8624-5b8a-4060-b86a-e78ccbc38509}
[2011/06/05 20:11:22 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Clarita Maia\AppData\Roaming\mozilla\Firefox\Profiles\j6dvnkqw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/12/19 07:26:00 | 000,000,000 | ---D | M] (Faviconiac Search Engines) -- C:\Users\Clarita Maia\AppData\Roaming\mozilla\Firefox\Profiles\j6dvnkqw.default\extensions\{3b3de59b-70d2-4ff9-91a2-64d72c89d5a3}
[2010/10/14 08:26:07 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Clarita Maia\AppData\Roaming\mozilla\Firefox\Profiles\j6dvnkqw.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/08/19 14:22:46 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Clarita Maia\AppData\Roaming\mozilla\Firefox\Profiles\j6dvnkqw.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2010/07/02 19:37:43 | 000,000,000 | ---D | M] (TradeManager-Plugin) -- C:\Users\Clarita Maia\AppData\Roaming\mozilla\Firefox\Profiles\j6dvnkqw.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF}
[2010/07/28 09:37:07 | 000,000,000 | ---D | M] ("UltraSurf Firefox Tool") -- C:\Users\Clarita Maia\AppData\Roaming\mozilla\Firefox\Profiles\j6dvnkqw.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}
[2010/06/11 12:06:56 | 000,000,000 | ---D | M] (mediaplayerconnectivity) -- C:\Users\Clarita Maia\AppData\Roaming\mozilla\Firefox\Profiles\j6dvnkqw.default\extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6}
[2011/06/24 19:16:34 | 000,000,000 | ---D | M] ("Módulo de Segurança - Banco do Brasil") -- C:\Users\Clarita Maia\AppData\Roaming\mozilla\Firefox\Profiles\j6dvnkqw.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}
[2011/05/10 21:19:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clarita Maia\AppData\Roaming\mozilla\Firefox\Profiles\j6dvnkqw.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2011/04/06 13:22:13 | 000,000,000 | ---D | M] (Cache Status) -- C:\Users\Clarita Maia\AppData\Roaming\mozilla\Firefox\Profiles\j6dvnkqw.default\extensions\[email protected]
[2011/03/06 12:38:22 | 000,000,000 | ---D | M] (Chromifox Basic) -- C:\Users\Clarita Maia\AppData\Roaming\mozilla\Firefox\Profiles\j6dvnkqw.default\extensions\[email protected]
[2010/08/24 09:38:34 | 000,000,000 | ---D | M] (Link Checker) -- C:\Users\Clarita Maia\AppData\Roaming\mozilla\Firefox\Profiles\j6dvnkqw.default\extensions\[email protected]
[2010/03/13 14:49:00 | 000,000,000 | ---D | M] (SearchIMDB) -- C:\Users\Clarita Maia\AppData\Roaming\mozilla\Firefox\Profiles\j6dvnkqw.default\extensions\[email protected]
[2011/01/16 15:10:23 | 000,000,000 | ---D | M] (SkipScreen) -- C:\Users\Clarita Maia\AppData\Roaming\mozilla\Firefox\Profiles\j6dvnkqw.default\extensions\[email protected]
[2011/03/06 12:37:03 | 000,000,000 | ---D | M] (Bluetacular) -- C:\Users\Clarita Maia\AppData\Roaming\mozilla\Firefox\Profiles\j6dvnkqw.default\extensions\[email protected]
[2010/05/28 09:02:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clarita Maia\AppData\Roaming\mozilla\Firefox\Profiles\j6dvnkqw.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}\chrome\mozapps\extensions
[2011/05/10 21:19:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clarita Maia\AppData\Roaming\mozilla\Firefox\Profiles\j6dvnkqw.default\extensions\{dc572301-7619-498c-a57d-39143191b318}\modules\extensions
[2009/03/19 06:23:54 | 000,002,438 | ---- | M] () -- C:\Users\Clarita Maia\AppData\Roaming\Mozilla\Firefox\Profiles\j6dvnkqw.default\searchplugins\album-cover-artorg.xml
[2010/07/02 19:42:31 | 000,002,548 | ---- | M] () -- C:\Users\Clarita Maia\AppData\Roaming\Mozilla\Firefox\Profiles\j6dvnkqw.default\searchplugins\alibaba.xml
[2009/12/03 07:44:58 | 000,001,782 | ---- | M] () -- C:\Users\Clarita Maia\AppData\Roaming\Mozilla\Firefox\Profiles\j6dvnkqw.default\searchplugins\amazon-search.xml
[2009/03/19 06:17:28 | 000,001,872 | ---- | M] () -- C:\Users\Clarita Maia\AppData\Roaming\Mozilla\Firefox\Profiles\j6dvnkqw.default\searchplugins\expediacom.xml
[2009/03/19 06:17:58 | 000,001,504 | ---- | M] () -- C:\Users\Clarita Maia\AppData\Roaming\Mozilla\Firefox\Profiles\j6dvnkqw.default\searchplugins\imdb.xml
[2008/10/31 17:32:08 | 000,001,749 | ---- | M] () -- C:\Users\Clarita Maia\AppData\Roaming\Mozilla\Firefox\Profiles\j6dvnkqw.default\searchplugins\live-search-video.xml
[2009/03/19 06:16:18 | 000,001,620 | ---- | M] () -- C:\Users\Clarita Maia\AppData\Roaming\Mozilla\Firefox\Profiles\j6dvnkqw.default\searchplugins\mozilla-add-ons.xml
[2009/03/19 06:19:38 | 000,001,976 | ---- | M] () -- C:\Users\Clarita Maia\AppData\Roaming\Mozilla\Firefox\Profiles\j6dvnkqw.default\searchplugins\rapidshare-google-arama.xml
[2009/03/19 06:21:00 | 000,005,358 | ---- | M] () -- C:\Users\Clarita Maia\AppData\Roaming\Mozilla\Firefox\Profiles\j6dvnkqw.default\searchplugins\umibozu-search.xml
[2009/03/19 06:21:28 | 000,001,632 | ---- | M] () -- C:\Users\Clarita Maia\AppData\Roaming\Mozilla\Firefox\Profiles\j6dvnkqw.default\searchplugins\weathercom.xml
[2009/12/16 09:00:51 | 000,001,042 | ---- | M] () -- C:\Users\Clarita Maia\AppData\Roaming\Mozilla\Firefox\Profiles\j6dvnkqw.default\searchplugins\wikipedia-eng.xml
[2011/06/01 19:03:58 | 000,002,319 | ---- | M] () -- C:\Users\Clarita Maia\AppData\Roaming\Mozilla\Firefox\Profiles\j6dvnkqw.default\searchplugins\yorapidcom.xml
[2011/06/23 22:21:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011/06/03 18:48:39 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/04/21 18:16:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/05/16 23:22:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/07 12:19:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/13 12:29:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/06 11:36:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
[2011/05/31 13:25:13 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\CLARITA MAIA\APPDATA\ROAMING\IDM\IDMMZCC3
() (No name found) -- C:\USERS\CLARITA MAIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J6DVNKQW.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\USERS\CLARITA MAIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J6DVNKQW.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\CLARITA MAIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J6DVNKQW.DEFAULT\EXTENSIONS\{DB2EA31C-58F5-48B7-8D60-CB0739257904}.XPI
() (No name found) -- C:\USERS\CLARITA MAIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J6DVNKQW.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\USERS\CLARITA MAIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J6DVNKQW.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
() (No name found) -- C:\USERS\CLARITA MAIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J6DVNKQW.DEFAULT\EXTENSIONS\{FCAB6FDD-5585-425B-95C1-5ED856F3FD08}.XPI
() (No name found) -- C:\USERS\CLARITA MAIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J6DVNKQW.DEFAULT\EXTENSIONS\[email protected]
[2011/05/10 21:29:56 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/10 21:29:59 | 000,001,027 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\buscape.xml
[2011/03/26 18:33:00 | 000,002,046 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchost.xml
[2011/05/10 21:29:59 | 000,001,212 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mercadolivre.xml
[2011/05/10 21:29:59 | 000,001,168 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-br.xml
[2011/05/10 21:29:59 | 000,000,952 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-br.xml

O1 HOSTS File: ([2011/06/25 19:21:25 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll (Banco do Brasil)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [Domino] File not found
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [VMSnap3] File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [network indicator] C:\Program Files (x86)\network-indicator\NetworkIndicator.exe (ITSamples.com)
O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Barra de Ferramentas do RF - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O8:64bit: - Extra context menu item: Personalizar Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Preencher - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: Salvar Formulários - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Barra de Ferramentas do RF - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O8 - Extra context menu item: Personalizar Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Preencher - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Salvar Formulários - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Preencher - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Preencher - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Salvar - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Salvar Formulários - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : Barra de Ferramentas do RF - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www] * in Sites confiáveis)
O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www14] * in Sites confiáveis)
O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www2] * in Sites confiáveis)
O15 - HKCU\..Trusted Domains: bb.com.br ([www] * in Sites confiáveis)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll (Banco do Brasil)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 18:43:36 | 000,000,024 | ---- | M] () - H:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/01/23 13:19:44 | 000,000,000 | ---D | M] - N:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (PDBoot.exe) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sasnative64) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/26 11:41:32 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Clarita Maia\Desktop\OTL.exe
[2011/06/26 10:10:53 | 000,607,017 | R--- | C] (Swearware) -- C:\Users\Clarita Maia\Desktop\dds.scr
[2011/06/26 09:18:38 | 000,000,000 | ---D | C] -- C:\Users\Clarita Maia\AppData\Local\{4958ABF6-A8D0-4ED6-BDCF-C3C29B27AE78}
[2011/06/25 20:54:44 | 000,000,000 | ---D | C] -- C:\Users\Clarita Maia\AppData\Local\{9CFC643E-CB4C-48F6-B421-5B94808487D9}
[2011/06/25 19:44:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/06/25 19:37:03 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/06/25 19:04:34 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/06/25 18:49:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2011/06/25 18:49:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2011/06/25 14:19:38 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2011/06/25 11:59:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/06/25 08:54:19 | 000,000,000 | ---D | C] -- C:\Users\Clarita Maia\AppData\Local\{8674AC19-AB7C-4885-B3AD-2C3D73426736}
[2011/06/25 08:47:55 | 000,000,000 | ---D | C] -- C:\Users\Clarita Maia\AppData\Roaming\Malwarebytes
[2011/06/25 08:46:34 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/06/25 08:46:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/06/25 08:46:29 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/06/25 08:46:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/06/24 13:41:35 | 000,000,000 | ---D | C] -- C:\Users\Clarita Maia\AppData\Local\{8E0286DF-986E-4651-9766-B3C3C782FC68}
[2011/06/23 22:37:29 | 000,000,000 | ---D | C] -- C:\Users\Clarita Maia\AppData\Roaming\TortoiseSVN
[2011/06/23 22:16:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TortoiseSVN
[2011/06/23 22:16:37 | 000,000,000 | ---D | C] -- C:\Program Files\TortoiseSVN
[2011/06/23 22:16:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TortoiseOverlays
[2011/06/23 13:22:44 | 000,000,000 | ---D | C] -- C:\Users\Clarita Maia\AppData\Local\{8AB4CE45-6C1F-4633-BC24-D0DF08F22060}
[2011/06/22 23:44:57 | 000,000,000 | ---D | C] -- C:\Users\Clarita Maia\AppData\Local\{16DE3943-53A0-4BF0-B8E8-68CE2F1A44EE}
[2011/06/15 17:51:54 | 000,000,000 | ---D | C] -- C:\Users\Clarita Maia\AppData\Local\{5319DC61-6ABF-42D0-9D1E-C24F97B6BA49}
[2011/06/15 17:50:57 | 000,000,000 | ---D | C] -- C:\Users\Clarita Maia\AppData\Local\{3001CB78-0D6B-4EF4-B645-FD03DD9B0AFB}
[2011/06/15 17:41:30 | 000,000,000 | ---D | C] -- C:\Users\Clarita Maia\AppData\Local\{6B8D89D8-C8F9-41C2-905A-66588FA12B54}
[2011/06/15 17:40:46 | 000,000,000 | ---D | C] -- C:\Users\Clarita Maia\AppData\Local\{7D2D9CD0-0EFD-4D47-934A-576A5F077A20}
[2011/06/15 17:39:44 | 000,000,000 | ---D | C] -- C:\Users\Clarita Maia\AppData\Local\{1C817F30-7EB6-47E2-AAE0-3068FDE3340B}
[2011/06/15 17:31:49 | 000,000,000 | ---D | C] -- C:\Users\Clarita Maia\AppData\Local\{8C8F85C5-9873-48E9-832E-4C34A3FC760D}
[2011/06/15 17:30:34 | 000,000,000 | ---D | C] -- C:\Users\Clarita Maia\AppData\Local\{1D89F89E-7441-41A4-B6ED-5C9C2AACC6C3}
[2011/06/15 17:29:44 | 000,000,000 | ---D | C] -- C:\Users\Clarita Maia\AppData\Local\{53137FC6-4FA8-4EA7-9D03-0C01F2874FFA}
[2011/06/08 07:29:24 | 000,000,000 | ---D | C] -- C:\Users\Clarita Maia\AppData\Local\{D1BD08C1-BC11-4E9B-9D13-A1C05F9FB325}
[2011/06/07 08:37:25 | 000,000,000 | ---D | C] -- C:\Users\Clarita Maia\AppData\Local\{6B039C87-8110-459D-BB3F-934064577CB8}
[2011/06/06 20:37:01 | 000,000,000 | ---D | C] -- C:\Users\Clarita Maia\AppData\Local\{E6DF70DA-5348-468C-A067-07ECA822F3E0}
[2011/06/06 08:36:36 | 000,000,000 | ---D | C] -- C:\Users\Clarita Maia\AppData\Local\{6D8CBCC8-6849-4C97-9F30-CDA0FBCF832B}
[2011/06/05 19:54:36 | 000,000,000 | ---D | C] -- C:\Users\Clarita Maia\AppData\Local\{3E44E35D-346E-40D3-9421-A5757CA9289B}
[2011/06/05 07:54:12 | 000,000,000 | ---D | C] -- C:\Users\Clarita Maia\AppData\Local\{03AC6780-F594-4C44-8BB8-3BAAC75E3BA4}
[2011/06/04 22:09:41 | 000,000,000 | ---D | C] -- C:\Users\Clarita Maia\recovered
[2011/06/04 19:40:26 | 000,000,000 | ---D | C] -- C:\Users\Clarita Maia\AppData\Local\{5748731C-7A18-4E9C-8C20-BD05626D9869}
[2011/06/04 07:40:02 | 000,000,000 | ---D | C] -- C:\Users\Clarita Maia\AppData\Local\{D8472D72-2400-4739-B8E0-112B14A0DAD4}
[2011/06/03 19:26:49 | 000,000,000 | ---D | C] -- C:\Users\Clarita Maia\AppData\Local\{2E11BF66-C253-489C-AC65-B893D2BAF295}
[2011/06/03 07:26:24 | 000,000,000 | ---D | C] -- C:\Users\Clarita Maia\AppData\Local\{4FF16397-9B1A-4232-93E8-20B5FA1897D0}
[2011/06/02 09:09:40 | 000,000,000 | ---D | C] -- C:\Users\Clarita Maia\AppData\Local\{27E095FA-DB9F-4711-AC89-693B3F8BBB6F}
[2011/06/01 19:54:01 | 000,000,000 | ---D | C] -- C:\Users\Clarita Maia\AppData\Local\{EEFE75E2-BFF7-48DB-AC77-3F6BC1AAAAB3}
[2011/06/01 07:53:35 | 000,000,000 | ---D | C] -- C:\Users\Clarita Maia\AppData\Local\{26D584BF-7AA4-47C0-A4BF-7E213A6E048B}
[2011/05/31 19:53:08 | 000,000,000 | ---D | C] -- C:\Users\Clarita Maia\AppData\Local\{13F8E24F-1E7D-4838-A8F2-1E9FBF64586C}
[2011/05/31 15:32:56 | 000,000,000 | ---D | C] -- C:\Users\Clarita Maia\Desktop\Processo
[2011/05/31 15:29:49 | 000,000,000 | ---D | C] -- C:\Users\Clarita Maia\Desktop\Anotações
[2011/05/31 14:39:27 | 000,000,000 | ---D | C] -- C:\ProcAlyzer Dumps
[2011/05/31 14:24:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2011/05/31 12:47:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2011/05/31 12:04:40 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/05/31 07:39:41 | 000,000,000 | ---D | C] -- C:\Users\Clarita Maia\AppData\Local\{4CA711DB-2670-430F-B957-44043B17DCDD}
[2011/05/30 11:08:59 | 000,000,000 | ---D | C] -- C:\Users\Clarita Maia\AppData\Local\{61635730-BA97-4B01-A612-A5615C41079F}
[2011/05/29 20:31:23 | 000,000,000 | ---D | C] -- C:\Users\Clarita Maia\AppData\Local\{6E2BE3AD-7352-47F2-8DBF-8997EE86B409}
[2011/05/28 22:06:23 | 000,000,000 | ---D | C] -- C:\Users\Clarita Maia\AppData\Local\{1C6B9BE4-0BDB-45F6-AE50-C5F7A10D69A1}
[2011/05/28 08:01:47 | 000,000,000 | ---D | C] -- C:\Users\Clarita Maia\AppData\Local\{C5FDCAEF-FBF5-4DD7-9E18-D8AFA280FE4B}
[2011/05/27 19:49:40 | 000,000,000 | ---D | C] -- C:\Users\Clarita Maia\AppData\Local\{B321D025-DA65-4B2E-BC79-5A210FCC1D38}
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/26 11:47:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/26 11:41:25 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Clarita Maia\Desktop\OTL.exe
[2011/06/26 10:11:02 | 000,607,017 | R--- | M] (Swearware) -- C:\Users\Clarita Maia\Desktop\dds.scr
[2011/06/26 08:52:09 | 000,019,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/26 08:52:09 | 000,019,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/26 08:47:02 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/26 08:46:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/26 08:46:44 | 3220,873,216 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/25 19:21:25 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/06/25 18:49:42 | 000,001,010 | ---- | M] () -- C:\Users\Clarita Maia\Desktop\SpywareBlaster.lnk
[2011/06/25 10:38:29 | 000,050,477 | ---- | M] () -- C:\Users\Clarita Maia\Desktop\Defogger.exe
[2011/06/25 08:46:35 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/24 17:29:21 | 000,010,326 | ---- | M] () -- C:\Users\Clarita Maia\Desktop\lookforbadguys.php
[2011/06/24 16:39:17 | 000,000,036 | ---- | M] () -- C:\Users\Clarita Maia\AppData\Local\housecall.guid.cache
[2011/06/16 19:29:19 | 003,074,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/06/07 18:06:25 | 000,204,800 | ---- | M] () -- C:\Users\Clarita Maia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/31 22:11:09 | 001,780,246 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/05/31 22:11:09 | 000,761,086 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2011/05/31 22:11:09 | 000,708,350 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/05/31 22:11:09 | 000,162,672 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2011/05/31 22:11:09 | 000,139,338 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/05/29 09:22:43 | 000,001,970 | ---- | M] () -- C:\Users\Clarita Maia\Application Data\Microsoft\Internet Explorer\Quick Launch\4shared Desktop.lnk
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/25 18:49:42 | 000,001,010 | ---- | C] () -- C:\Users\Clarita Maia\Desktop\SpywareBlaster.lnk
[2011/06/25 10:38:30 | 000,050,477 | ---- | C] () -- C:\Users\Clarita Maia\Desktop\Defogger.exe
[2011/06/25 08:46:35 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/24 18:50:35 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/06/24 17:29:21 | 000,010,326 | ---- | C] () -- C:\Users\Clarita Maia\Desktop\lookforbadguys.php
[2011/06/24 16:39:17 | 000,000,036 | ---- | C] () -- C:\Users\Clarita Maia\AppData\Local\housecall.guid.cache
[2011/05/29 09:22:43 | 000,001,970 | ---- | C] () -- C:\Users\Clarita Maia\Application Data\Microsoft\Internet Explorer\Quick Launch\4shared Desktop.lnk
[2011/05/23 21:56:50 | 000,000,321 | ---- | C] () -- C:\Windows\SysWow64\Remover.ini
[2011/05/23 21:56:46 | 000,000,566 | ---- | C] () -- C:\Windows\SysWow64\SP7302.ini
[2011/03/24 13:07:18 | 000,000,050 | ---- | C] () -- C:\Windows\MegaManager.INI
[2011/03/24 13:02:29 | 000,000,285 | ---- | C] () -- C:\Users\Clarita Maia\AppData\Local\DelUnist.bat
[2011/03/11 18:25:19 | 000,000,098 | ---- | C] () -- C:\Windows\BackupManager.INI
[2011/02/13 07:44:42 | 000,081,920 | -H-- | C] () -- C:\Windows\SysWow64\v3shrtkgn.dll
[2010/11/04 09:57:03 | 000,000,135 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2010/09/16 19:25:27 | 000,000,036 | -H-- | C] () -- C:\Users\Clarita Maia\AppData\Roaming\swk.ini
[2010/05/22 18:33:40 | 001,790,364 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/04/09 12:19:45 | 000,010,600 | ---- | C] () -- C:\Windows\SysWow64\IcdSptSvps.dll
[2010/04/09 12:19:44 | 000,124,264 | ---- | C] () -- C:\Windows\SysWow64\mp3dec.dll
[2010/04/09 12:19:44 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\dsp_trc.dll
[2010/02/06 11:48:51 | 000,000,067 | ---- | C] () -- C:\Windows\My Video Converter.INI
[2010/02/01 16:48:58 | 000,000,573 | ---- | C] () -- C:\Users\Clarita Maia\AppData\Roaming\AutoGK.ini
[2010/01/25 16:27:19 | 000,020,520 | ---- | C] () -- C:\Program Files (x86)\init.dat
[2010/01/23 13:47:11 | 000,937,984 | ---- | C] () -- C:\Users\Clarita Maia\AppData\Local\filesync.metadata
[2009/12/02 07:57:34 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/11/18 09:01:05 | 000,001,088 | ---- | C] () -- C:\Windows\UnitConverter.INI
[2009/11/17 06:27:33 | 000,011,407 | ---- | C] () -- C:\Windows\WDIC.INI
[2009/11/15 13:39:42 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009/11/15 13:39:37 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2009/11/15 13:39:37 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/11/15 13:39:37 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/11/15 13:39:34 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/11/13 19:45:59 | 000,204,800 | ---- | C] () -- C:\Users\Clarita Maia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/12 16:13:03 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2009/11/09 17:42:31 | 000,000,017 | ---- | C] () -- C:\Users\Clarita Maia\AppData\Local\resmon.resmoncfg
[2009/11/07 17:02:58 | 000,165,888 | ---- | C] () -- C:\Windows\SysWow64\vmcoinst_zc0301plh.dll
[2009/07/14 02:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 23:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 21:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 20:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 18:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/03/15 09:09:34 | 000,505,344 | ---- | C] () -- C:\Windows\SysWow64\zShare.exe
[2006/08/16 11:13:34 | 001,382,280 | ---- | C] () -- C:\Windows\SysWow64\fftw3.dll
[2004/11/18 09:16:42 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\nktwab.dll
[2002/10/15 19:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

========== LOP Check ==========

[2009/12/10 06:31:23 | 000,000,000 | ---D | M] -- C:\Users\Clarita Maia\AppData\Roaming\1&1
[2011/05/29 09:24:28 | 000,000,000 | ---D | M] -- C:\Users\Clarita Maia\AppData\Roaming\4shared Desktop
[2010/01/25 15:11:01 | 000,000,000 | ---D | M] -- C:\Users\Clarita Maia\AppData\Roaming\Acronis
[2010/10/15 15:39:47 | 000,000,000 | ---D | M] -- C:\Users\Clarita Maia\AppData\Roaming\adma
[2010/03/21 11:03:12 | 000,000,000 | ---D | M] -- C:\Users\Clarita Maia\AppData\Roaming\Audio Extractor for FREE
[2010/02/11 18:35:08 | 000,000,000 | ---D | M] -- C:\Users\Clarita Maia\AppData\Roaming\Avanquest
[2010/04/12 16:25:09 | 000,000,000 | ---D | M] -- C:\Users\Clarita Maia\AppData\Roaming\Broad Intelligence
[2009/11/19 08:47:30 | 000,000,000 | ---D | M] -- C:\Users\Clarita Maia\AppData\Roaming\cronometer
[2011/06/25 19:19:40 | 000,000,000 | ---D | M] -- C:\Users\Clarita Maia\AppData\Roaming\DMCache
[2011/04/07 09:45:35 | 000,000,000 | ---D | M] -- C:\Users\Clarita Maia\AppData\Roaming\DVDVideoSoft
[2010/03/25 13:06:35 | 000,000,000 | ---D | M] -- C:\Users\Clarita Maia\AppData\Roaming\Efficient Sticky Notes
[2011/06/25 21:58:30 | 000,000,000 | ---D | M] -- C:\Users\Clarita Maia\AppData\Roaming\FileZilla
[2009/11/07 12:44:00 | 000,000,000 | ---D | M] -- C:\Users\Clarita Maia\AppData\Roaming\FlashGet
[2010/07/12 13:18:48 | 000,000,000 | ---D | M] -- C:\Users\Clarita Maia\AppData\Roaming\Foxit Software
[2010/03/29 20:11:35 | 000,000,000 | ---D | M] -- C:\Users\Clarita Maia\AppData\Roaming\hott notes 4
[2009/11/17 06:31:58 | 000,000,000 | ---D | M] -- C:\Users\Clarita Maia\AppData\Roaming\Houaiss3
[2011/06/25 08:30:51 | 000,000,000 | ---D | M] -- C:\Users\Clarita Maia\AppData\Roaming\IDM
[2010/04/07 14:59:24 | 000,000,000 | ---D | M] -- C:\Users\Clarita Maia\AppData\Roaming\LockHunter
[2010/06/27 20:09:53 | 000,000,000 | ---D | M] -- C:\Users\Clarita Maia\AppData\Roaming\LogoMaker
[2009/11/21 16:32:53 | 000,000,000 | ---D | M] -- C:\Users\Clarita Maia\AppData\Roaming\Movie Label
[2010/02/01 13:50:28 | 000,000,000 | ---D | M] -- C:\Users\Clarita Maia\AppData\Roaming\NCH Swift Sound
[2010/06/08 17:40:53 | 000,000,000 | ---D | M] -- C:\Users\Clarita Maia\AppData\Roaming\Offline Explorer
[2009/11/09 17:43:29 | 000,000,000 | ---D | M] -- C:\Users\Clarita Maia\AppData\Roaming\Registry Mechanic
[2010/03/15 07:17:24 | 000,000,000 | ---D | M] -- C:\Users\Clarita Maia\AppData\Roaming\Scooter Software
[2010/05/02 10:20:01 | 000,000,000 | ---D | M] -- C:\Users\Clarita Maia\AppData\Roaming\SendBlaster2
[2011/03/13 16:56:04 | 000,000,000 | ---D | M] -- C:\Users\Clarita Maia\AppData\Roaming\Subversion
[2011/03/05 20:56:02 | 000,000,000 | ---D | M] -- C:\Users\Clarita Maia\AppData\Roaming\Systweak
[2009/11/14 08:22:20 | 000,000,000 | ---D | M] -- C:\Users\Clarita Maia\AppData\Roaming\URSoft
[2010/10/22 18:24:36 | 000,000,000 | ---D | M] -- C:\Users\Clarita Maia\AppData\Roaming\Windows Live Writer
[2011/06/03 18:46:42 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 880 bytes -> D:\Documents\Dados do Antonio - tapeçaria gobelin da Cla.eml:OECustomProperty
@Alternate Data Stream - 865 bytes -> D:\Documents\Hd Manager Paragon Software.eml:OECustomProperty
@Alternate Data Stream - 801 bytes -> D:\Documents\senhormoney.eml:OECustomProperty
@Alternate Data Stream - 668 bytes -> D:\Documents\Quote from Arif.eml:OECustomProperty
@Alternate Data Stream - 618 bytes -> D:\Documents\Email da Marina para DKR.eml:OECustomProperty
@Alternate Data Stream - 176 bytes -> C:\ProgramData\TEMP:B3D74A13
@Alternate Data Stream - 157 bytes -> C:\ProgramData\TEMP:1CE11B51
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 1432 bytes -> D:\Documents\email sobre roubo de alunos por SP.eml:OECustomProperty
@Alternate Data Stream - 1323 bytes -> D:\Documents\OraMedia Dental Self Sufficiency - 5 Facts About Your Teeth, Vitamin D, Walnuts = Drugs__.eml:OECustomProperty
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:774432BA
@Alternate Data Stream - 1159 bytes -> D:\Documents\Re_ URGENT_ Restrictionsfor Booking ref_ 3M3SAG.eml:OECustomProperty
@Alternate Data Stream - 1005 bytes -> D:\Documents\carro na europa.eml:OECustomProperty

< End of report >
  • 0

Advertisements


#2
dreamhouse

dreamhouse

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
I am sorry but I unknowngly posted in other forum for the same problem. I got an answer yesterday (http://forums.malwar...=1)...so I guess this disqualifies me from your help. He has not answered my answer to his post since yesterday....if I get no answers from him at Malwarebytes forum, may I count on you? Thank you so much for your great and generous work and again I´m very sorry for not having thought well before posting at different forums. And, of course, this is a necessary bump.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP