PDA

View Full Version : Spybot won't install



Adolfo Aguiar
2011-10-18, 01:58
Spybot won't install. The screen to select the language opens and then closes.

DDS:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Adolfo Aguiar at 20:42:16 on 2011-10-17
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.991.429 [GMT -2:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Arquivos de programas\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\Arquivos de programas\Clarus\Samsung SecretZone\MSSvc.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe
C:\Arquivos de programas\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\NVATray.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\Arquivos de programas\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Page = hxxp://search.searchcompletion.com/?si=10197&home=1
uWindow Title = Windows Internet Explorer provided by MSN & Bing
uDefault_Search_URL = hxxp://search.searchcompletion.com/?si=10197&home=1
uSearch Bar = hxxp://search.searchcompletion.com/?si=10197&home=1
uInternet Settings,ProxyOverride = 127.0.0.1
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\arquivos de programas\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\arquivos de programas\hp\smart web printing\hpswp_framework.dll
BHO: Facilitador de Leitor de Link Adobe PDF: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ssh2 Class: {2e3c3651-b19c-4dd9-a979-901ec3e930af} - c:\arquivos de programas\scpad\scpsssh2.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\arquivos de programas\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540008} - c:\arquivos de programas\gbplugin\gbiehuni.dll
BHO: Complitly: {d27fc31c-6e3d-4305-8d53-acdaefa5f862} - c:\documents and settings\adolfo aguiar.naim\dados de aplicativos\complitly\Complitly.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - c:\arquivos de programas\microsoft visual studio 10.0\common7\ide\privateassemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Web Test Recorder 10.0: {5802d092-1784-4908-8cdb-99b6842d353d} - mscoree.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
mRun: [nwiz] nwiz.exe /install
mRun: [NVIDIA nForce APU1 Utilities] NVATray.exe
mRun: [avgnt] "c:\arquivos de programas\avira\antivir desktop\avgnt.exe" /min
mRun: [Windows Defender] "c:\arquivos de programas\windows defender\MSASCui.exe" -hide
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1.win\menuin~1\progra~1\inicia~1\autoru~1\samsun~1.lnk - c:\arquivos de programas\clarus\samsung auto backup\ISFGuage.exe
StartupFolder: c:\docume~1\alluse~1.win\menuin~1\progra~1\inicia~1\autoru~1\samsun~2.lnk - c:\arquivos de programas\clarus\samsung auto backup\ISFRealTimeD.exe
StartupFolder: c:\docume~1\alluse~1.win\menuin~1\progra~1\inicia~1\autoru~1\samsun~3.lnk - c:\arquivos de programas\clarus\samsung auto backup\ISFTimerD.exe
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\arquivos de programas\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\arquivos de programas\hp\smart web printing\hpswp_extensions.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\arquivos de programas\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157284703812
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} - hxxps://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab
TCP: DhcpNameServer = 201.6.2.143 201.6.2.23
TCP: Interfaces\{7F08B6E6-944E-42D8-95E8-D7E57E3E7F11} : DhcpNameServer = 201.6.2.143 201.6.2.23
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\arquivos de programas\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\arquiv~1\arquiv~1\skype\SKYPE4~1.DLL
Notify: GbPluginUni - c:\arquivos de programas\gbplugin\gbiehuni.dll
SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - c:\arquivos de programas\scpad\scpLIB.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: compIB Class: {a3717295-941d-416f-9384-ed1736729f1c} - c:\arquivos de programas\scpad\scpLIB.dll
SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399008} - c:\arquivos de programas\gbplugin\gbiehuni.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\arquiv~1\wifd1f~1\MpShHook.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\adolfo aguiar.naim\dados de aplicativos\mozilla\firefox\profiles\6g0jl2j8.default\
FF - prefs.js: browser.search.selectedEngine - Complitly
FF - prefs.js: browser.startup.homepage - hxxp://search.searchcompletion.com/?si=10197&home=1
FF - prefs.js: keyword.URL - hxxp://search.searchcompletion.com/?bs=1&si=10197&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\arquivos de programas\microsoft\web platform installer\NPWPIDetector.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\arquivos de programas\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Complitly - Speed up your search with your personal search suggestions tool: {33e0daa6-3af3-d8b5-6752-10e949c61516} - %profile%\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
.
============= SERVICES / DRIVERS ===============
.
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [2008-12-10 46624]
R1 avgio;avgio;c:\arquivos de programas\avira\antivir desktop\avgio.sys [2011-2-13 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\avira\antivir desktop\sched.exe [2011-2-13 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\arquivos de programas\avira\antivir desktop\avguard.exe [2011-2-13 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-2-13 66616]
R2 GbpSv;Gbp Service;c:\arquiv~1\gbplugin\GbpSv.exe [2007-9-14 57336]
R2 MSR Service;Virtual Disk Service Manager;c:\arquivos de programas\clarus\samsung secretzone\MSSvc.exe [2010-6-28 114688]
R2 Proteq;Proteq;c:\windows\system32\drivers\proteq.sys [2006-9-16 7598]
R2 WinDefend;Windows Defender;c:\arquivos de programas\windows defender\MsMpEng.exe [2006-11-3 13592]
RUnknown mdf15;mdf15; [x]
RUnknown mvd20;mvd20; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Ca2001v;CA2001 WebCam Driver;c:\windows\system32\drivers\Ca2001v.sys [2008-2-19 2333568]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 oad;Visibroker Activation Daemon;c:\arquiv~1\borland\vbroker\bin\oad.exe [2011-7-15 1781248]
S3 osagent;VisiBroker Smart Agent;c:\arquiv~1\borland\vbroker\bin\osagent.exe [2011-7-15 193536]
S3 vadspdif;vadspdif;c:\windows\system32\drivers\vadspdif.sys [2010-6-16 33720]
S3 VSPerfDrv100;Performance Tools Driver 10.0;c:\arquivos de programas\microsoft visual studio 10.0\team tools\performance tools\VSPerfDrv100.sys [2009-12-8 48128]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\arquivos de programas\microsoft sql server\100\shared\sqladhlp.exe [2009-7-23 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\arquivos de programas\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
.
=============== Created Last 30 ================
.
2011-10-17 22:18:15 56200 ----a-w- c:\documents and settings\all users.windows\dados de aplicativos\microsoft\windows defender\definition updates\{31d11ce9-95eb-4ca0-acba-599ec5fa4052}\offreg.dll
2011-10-17 20:19:44 -------- d-----w- c:\documents and settings\adolfo aguiar.naim\dados de aplicativos\Malwarebytes
2011-10-17 20:19:22 -------- d-----w- c:\documents and settings\all users.windows\dados de aplicativos\Malwarebytes
2011-10-17 20:19:17 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-17 20:19:17 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware
2011-10-16 21:44:29 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-10-16 21:04:46 2321288 ----a-w- c:\documents and settings\all users.windows\dados de aplicativos\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-10-16 21:04:23 7269712 ----a-w- c:\documents and settings\all users.windows\dados de aplicativos\microsoft\windows defender\definition updates\{31d11ce9-95eb-4ca0-acba-599ec5fa4052}\mpengine.dll
2011-10-16 19:05:15 -------- d-----w- c:\arquivos de programas\Greatis
2011-10-16 18:15:44 -------- d-----w- c:\arquivos de programas\Codeforge
.
==================== Find3M ====================
.
2011-09-26 13:41:48 613376 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 13:41:48 22016 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 13:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-25 10:19:01 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-09 09:12:07 605184 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 14:10:12 1859072 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:41:22 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:41:21 43520 ------w- c:\windows\system32\licmgr10.dll
2011-08-22 23:41:21 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:58:29 385024 ------w- c:\windows\system32\html.iec
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2004-10-01 17:00:16 40960 ----a-w- c:\arquivos de programas\Uninstall_CDS.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): O arquivo já está sendo usado por outro processo.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x85CDEAB8]
3 CLASSPNP[0xF74D7FD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\0000005f[0x85D2F2E0]
5 ACPI[0xF743E620] -> nt!IofCallDriver[0x804E37D5] -> \Device\Ide\IdeDeviceP0T0L0-4[0x85D31940]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user != kernel MBR !!!
.
============= FINISH: 20:44:45,67 ===============

Thanks for the help!

Adolfo Aguiar

ken545
2011-10-18, 23:29
:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.


Adolfo, you may have to help me at times to translate your logs into english.


You may be infected with a Rootkit, lets run these scans



Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png

On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png




Download MBRCheck.exe (http://ad13.geekstogo.com/MBRCheck.exe) to your desktop.
Be sure to disable your security programs
Double click on the file to run it
A window will open on your desktop
if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
If nothing unusual is found just press Enter A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
Please post the contents of that file.

Adolfo Aguiar
2011-10-19, 10:37
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003d

Kernel Drivers (total 135):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806F0000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF7438000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7427000 pci.sys
0xF7487000 isapnp.sys
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7497000 MountMgr.sys
0xF7408000 ftdisk.sys
0xF798B000 dmload.sys
0xF73E2000 dmio.sys
0xF770F000 PartMgr.sys
0xF74A7000 VolSnap.sys
0xF73CA000 atapi.sys
0xF74B7000 disk.sys
0xF74C7000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF73AA000 fltmgr.sys
0xF7398000 sr.sys
0xF74D7000 PxHelp20.sys
0xF7381000 KSecDD.sys
0xF72F4000 Ntfs.sys
0xF74E7000 gbpkm.sys
0xF72C7000 NDIS.sys
0xF789B000 nv_agp.sys
0xF72AD000 Mup.sys
0xF75A7000 \SystemRoot\system32\DRIVERS\amdk7.sys
0xF774F000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF68C2000 \SystemRoot\system32\DRIVERS\parport.sys
0xF75B7000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7269000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF75C7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7757000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7265000 \SystemRoot\system32\DRIVERS\gameenum.sys
0xF775F000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF689E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF688A000 \SystemRoot\system32\DRIVERS\NVENET.sys
0xF790F000 \SystemRoot\system32\drivers\nvax.sys
0xF7767000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF75D7000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF75E7000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF75F7000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6867000 \SystemRoot\system32\DRIVERS\ks.sys
0xF776F000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF678A000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF6776000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7B45000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7607000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF68F6000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF675F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7617000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7627000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7777000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF674E000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7637000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF777F000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7787000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF671E000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF7647000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF778F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF79F7000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF66C0000 \SystemRoot\system32\DRIVERS\update.sys
0xF68DA000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7677000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7797000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF7697000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7A01000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF35D1000 \SystemRoot\system32\drivers\nvapu.sys
0xF35AD000 \SystemRoot\system32\drivers\portcls.sys
0xF76A7000 \SystemRoot\system32\drivers\drmk.sys
0xF3504000 \SystemRoot\system32\drivers\nvmcp.sys
0xF76B7000 \SystemRoot\system32\drivers\nvarm.sys
0xF7A03000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7A9C000 \SystemRoot\System32\Drivers\Null.SYS
0xF7A05000 \SystemRoot\System32\Drivers\Beep.SYS
0xF77CF000 \SystemRoot\System32\drivers\vga.sys
0xF7A07000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7A09000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF77D7000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF77DF000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7963000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF340A000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF33B1000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF3389000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF796B000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xF3367000 \SystemRoot\System32\drivers\afd.sys
0xF76D7000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF77E7000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xF333C000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF797F000 \SystemRoot\system32\ckldrv.sys
0xF32CC000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF76E7000 \SystemRoot\System32\Drivers\Fips.SYS
0xF32A6000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF76F7000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF77EF000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF7279000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF697E000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF77F7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF36A8000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xF77FF000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xF7807000 \SystemRoot\system32\DRIVERS\HPZius12.sys
0xF36A4000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF696E000 \SystemRoot\system32\DRIVERS\HPZid412.sys
0xF3698000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
0xF318F000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF7A13000 \??\C:\Arquivos de programas\Avira\AntiVir Desktop\avgio.sys
0xF7537000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF3177000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7A47000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF32A2000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7827000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7B9B000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBF367000 \SystemRoot\System32\ATMFD.DLL
0xF2F87000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xF2F57000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xF2CCA000 \SystemRoot\system32\drivers\wdmaud.sys
0xF2ED7000 \SystemRoot\system32\drivers\sysaudio.sys
0xF29C7000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF79D9000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF7B58000 \??\C:\WINDOWS\system32\drivers\aslm75.sys
0xF287F000 \SystemRoot\system32\DRIVERS\srv.sys
0xF79E7000 \SystemRoot\System32\Drivers\Proteq.SYS
0xF1AEE000 \SystemRoot\System32\Drivers\HTTP.sys
0xF19ED000 \??\C:\Arquivos de programas\Clarus\Samsung SecretZone\mvd20.sys
0xF25FF000 \??\C:\Arquivos de programas\Clarus\Samsung SecretZone\mdf15.sys
0xF168D000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF31BA000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xF31EE000 \??\C:\DOCUME~1\ADOLFO~1.NAI\CONFIG~1\Temp\aswMBR.sys
0xF147F000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 42):
0 System Idle Process
4 System
560 C:\WINDOWS\system32\smss.exe
624 csrss.exe
648 C:\WINDOWS\system32\winlogon.exe
692 C:\WINDOWS\system32\services.exe
704 C:\WINDOWS\system32\lsass.exe
872 C:\ARQUIV~1\GbPlugin\gbpsv.exe
944 C:\WINDOWS\system32\svchost.exe
1032 svchost.exe
1128 C:\Arquivos de programas\Windows Defender\MsMpEng.exe
1168 C:\WINDOWS\system32\svchost.exe
1272 svchost.exe
1480 svchost.exe
1612 C:\WINDOWS\system32\spoolsv.exe
1664 C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
1888 C:\WINDOWS\explorer.exe
168 svchost.exe
224 C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
304 C:\WINDOWS\system32\CRYPSERV.EXE
392 C:\WINDOWS\system32\svchost.exe
428 C:\WINDOWS\system32\inetsrv\inetinfo.exe
528 C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe
548 C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe
772 C:\Arquivos de programas\Clarus\Samsung SecretZone\MSSvc.exe
1196 sqlservr.exe
1728 C:\WINDOWS\system32\NVATray.exe
1748 C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
1756 C:\Arquivos de programas\Windows Defender\MSASCui.exe
1956 C:\WINDOWS\system32\ctfmon.exe
384 C:\WINDOWS\system32\nvsvc32.exe
504 C:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe
980 C:\WINDOWS\system32\svchost.exe
2980 alg.exe
3192 C:\WINDOWS\system32\dllhost.exe
2412 msdtc.exe
1140 C:\Arquivos de programas\Internet Explorer\iexplore.exe
2856 C:\Arquivos de programas\Internet Explorer\iexplore.exe
7460 C:\Arquivos de programas\Internet Explorer\iexplore.exe
3644 C:\WINDOWS\system32\wscntfy.exe
7020 C:\Documents and Settings\Adolfo Aguiar.NAIM\Meus documentos\Downloads\MBRCheck.exe
6368 C:\Arquivos de programas\Skype\Toolbars\Shared\SkypeNames2.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: Maxtor6Y080L0, Rev: YAR41VW0
PhysicalDrive1 Model Number: ST3500630A, Rev: 3.AAE
PhysicalDrive2 Model Number: ST3160021A, Rev: 3.06

Size Device Name MBR Status
--------------------------------------------
76 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: 2C6D77F4F50AA9DE10FCE2024558166E9012FC6F
465 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
149 GB \\.\PhysicalDrive2 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!




aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-18 20:39:27
-----------------------------
20:39:27.062 OS Version: Windows 5.1.2600 Service Pack 3
20:39:27.062 Number of processors: 1 586 0x801
20:39:27.062 ComputerName: ADOLFO UserName:
20:39:28.468 Initialize success
20:46:09.593 AVAST engine defs: 11101801
20:46:40.578 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
20:46:40.578 Disk 0 Vendor: Size: 0MB BusType: 0
20:46:40.625 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
20:46:40.625 Disk 1 Vendor: ST3500630A 3.AAE Size: 476940MB BusType: 3
20:46:40.625 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T1L0-20
20:46:40.625 Disk 2 Vendor: ST3160021A 3.06 Size: 152627MB BusType: 3
20:46:42.656 Disk 0 MBR read successfully
20:46:42.671 Disk 0 MBR scan
20:46:42.843 Disk 0 Windows XP default MBR code
20:46:42.843 Disk 0 MBR hidden
20:46:43.031 Disk 0 scanning C:\WINDOWS\system32\drivers
20:47:32.546 Service scanning
20:47:33.218 Service GbpKm C:\WINDOWS\system32\drivers\gbpkm.sys **LOCKED** 32
20:47:34.843 Modules scanning
20:47:54.171 Disk 0 trace - called modules:
20:47:54.218 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
20:47:54.234 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85cc9ab8]
20:47:54.234 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\0000005f[0x85cd9f18]
20:47:54.234 5 ACPI.sys[f743e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x85d32940]
20:47:55.125 AVAST engine scan C:\WINDOWS
20:48:50.500 AVAST engine scan C:\WINDOWS\system32
20:53:52.203 AVAST engine scan C:\WINDOWS\system32\drivers
20:54:18.921 AVAST engine scan C:\Documents and Settings\Adolfo Aguiar.NAIM
22:06:40.250 AVAST engine scan C:\Documents and Settings\All Users.WINDOWS
22:12:25.062 Scan finished successfully
05:26:05.500 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Adolfo Aguiar.NAIM\Desktop\MBR.dat"
05:26:05.500 The log file has been saved successfully to "C:\Documents and Settings\Adolfo Aguiar.NAIM\Desktop\aswMBR.txt"

ken545
2011-10-19, 11:06
Good Morning,

Both logs look fine , lets do this

Download TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop

Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean








Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please

Adolfo Aguiar
2011-10-19, 23:43
Hi Ken,

Thanks for the support.
Follows the log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7984

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

19/10/2011 18:36:36
mbam-log-2011-10-19 (18-36-36).txt

Scan type: Quick scan
Objects scanned: 299176
Time elapsed: 30 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Spybot still doesn't install.
Regards.

Adolfo

ken545
2011-10-19, 23:55
Adolfo,

Not being able to install Spybot may not be malware related. Some of the current threats do prevent installing removal programs, we checked for a rootkit and none was found, Malwarebytes came back clean, lets run a free online virus scanner and if it comes back clean also than I will link you to our Spybot forum and they can help you install it, but what I am trying to do is eliminate any possibility that malware is preventing its installation .


Go grab a beer, this may take awhile

ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.

Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.

Adolfo Aguiar
2011-10-20, 22:15
Hi Ken,

I got drunk with so much beer!
It seems nothing relevant was found.

C:\Arquivos de programas\Unlocker\eBay_shortcuts_1016.exe Win32/Adware.ADON application
C:\Documents and Settings\Adolfo Aguiar.NAIM\Meus documentos\Downloads\Nero-7.8.5.0_eng_trial.exe Win32/Toolbar.AskSBar application
C:\Documents and Settings\Adolfo Aguiar.NAIM\Meus documentos\Downloads\unlocker1.8.6.exe Win32/Adware.ADON application

Regards.

Adolfo

ken545
2011-10-20, 22:56
Hi,

I got drunk with so much beer! :nono:

Are you having any other issues besides not being able to install Spybot, any browser redirects or things like that ?

You have Ask and SearchCompletion installed , see if you can uninstall them via Add Remove Programs in the Control Panel

Run this quick scan and lets take a final look



OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Adolfo Aguiar
2011-10-21, 00:37
Hi Ken,

1. It happened twice lately that I could not navigate with IE using Favorites. I rebooted and the issue disappeared.

2. Ask and SearchCompletion doesn´t show in the installed programs list.

Follows the OTL.txt:

OTL logfile created on: 20/10/2011 19:14:43 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Adolfo Aguiar.NAIM\Meus documentos\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

991,35 Mb Total Physical Memory | 554,20 Mb Available Physical Memory | 55,90% Memory free
2,34 Gb Paging File | 1,93 Gb Available in Paging File | 82,70% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 76,32 Gb Total Space | 27,11 Gb Free Space | 35,52% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 84,79 Gb Free Space | 18,21% Space Free | Partition Type: NTFS
Drive E: | 149,05 Gb Total Space | 4,11 Gb Free Space | 2,76% Space Free | Partition Type: NTFS

Computer Name: ADOLFO | User Name: Adolfo Aguiar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Adolfo Aguiar.NAIM\Meus documentos\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Arquivos de programas\GbPlugin\gbpsv.exe ( )
PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Arquivos de programas\Clarus\Samsung SecretZone\MSSvc.exe ()
PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Arquivos de programas\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Arquivos de programas\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\NVATray.exe (NVIDIA Corporation)
PRC - C:\WINDOWS\system32\CRYPSERV.EXE ()


========== Modules (No Company Name) ==========

MOD - C:\Arquivos de programas\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Arquivos de programas\Clarus\Samsung SecretZone\MSSvc.exe ()
MOD - C:\Arquivos de programas\Clarus\Samsung SecretZone\MSMgrSDK.dll ()
MOD - C:\Arquivos de programas\Clarus\Samsung SecretZone\MSMgrSDK.EN ()
MOD - C:\Arquivos de programas\Clarus\Samsung SecretZone\MSUtilSDK.dll ()
MOD - C:\WINDOWS\system32\Primomonnt.dll ()
MOD - C:\WINDOWS\system32\CRYPSERV.EXE ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (CLTNetCnService) -- File not found
SRV - (AntiVirService) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (GbpSv) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe ( )
SRV - (MSR Service) -- C:\Arquivos de programas\Clarus\Samsung SecretZone\MSSvc.exe ()
SRV - (Apple Mobile Device) -- C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (SMTPSVC) Simple Mail Transfer Protocol (SMTP) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (LiveUpdate) -- C:\Arquivos de programas\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (WinDefend) -- C:\Arquivos de programas\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (ose) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
SRV - (Crypkey License) -- C:\WINDOWS\System32\CRYPSERV.EXE ()


========== Driver Services (SafeList) ==========

DRV - (mvd20) -- File not found
DRV - (mdf15) -- File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (GbpKm) -- C:\WINDOWS\system32\drivers\gbpkm.sys (GAS Tecnologia)
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (vadspdif) -- C:\WINDOWS\system32\drivers\vadspdif.sys (M2Tech)
DRV - (VSPerfDrv100) -- c:\Arquivos de programas\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys (Microsoft Corporation)
DRV - (RsFx0103) -- C:\WINDOWS\system32\drivers\RsFx0103.sys (Microsoft Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (Ca2001v) -- C:\WINDOWS\system32\drivers\Ca2001v.sys (Digital Camera)
DRV - (Proteq) -- C:\WINDOWS\System32\drivers\proteq.sys (PROTEQ)
DRV - (NVENET) -- C:\WINDOWS\system32\drivers\NVENET.sys (NVIDIA Corporation)
DRV - (nvnforce) Service for NVIDIA® nForce(TM) -- C:\WINDOWS\system32\drivers\nvapu.sys (NVIDIA Corporation)
DRV - (nvax) Service for NVIDIA® nForce(TM) -- C:\WINDOWS\system32\drivers\nvax.sys (NVIDIA Corporation)
DRV - (nv_agp) -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys (NVIDIA Corporation)
DRV - (aslm75) -- C:\WINDOWS\system32\drivers\ASLM75.SYS ()
DRV - (Networkx) -- C:\WINDOWS\system32\ckldrv.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/
IE - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.searchcompletion.com/?si=10197&home=1
IE - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.searchcompletion.com/?si=10197&home=1
IE - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.searchcompletion.com/?si=10197&home=1
IE - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.searchcompletion.com/?si=10197&home=1
IE - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
IE - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 04 A5 30 3C DE CA CB 01 [binary data]
IE - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.searchcompletion.com/?si=10197&home=1
IE - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.searchcompletion.com/?si=10197&home=1
IE - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Complitly"
FF - prefs.js..browser.search.defaultenginename: "Complitly"
FF - prefs.js..browser.search.order.1: "Complitly"
FF - prefs.js..browser.search.selectedEngine: "Complitly"
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..browser.startup.homepage: "http://search.searchcompletion.com/?si=10197&home=1"
FF - prefs.js..extensions.enabledItems: {9CE11043-9A15-4207-A565-0C94C42D590D}:2.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {33e0daa6-3af3-d8b5-6752-10e949c61516}:1.1
FF - prefs.js..keyword.URL: "http://search.searchcompletion.com/?bs=1&si=10197&q="
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Arquivos de programas\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Arquivos de programas\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Arquivos de programas\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Arquivos de programas\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.3: C:\Arquivos de programas\Microsoft\Web Platform Installer\\npwpidetector.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2011/02/28 10:25:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins [2011/09/16 14:12:45 | 000,000,000 | ---D | M]

[2011/02/28 10:25:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Dados de aplicativos\Mozilla\Extensions
[2011/07/14 17:11:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Dados de aplicativos\Mozilla\Firefox\Profiles\6g0jl2j8.default\extensions
[2011/03/28 10:49:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Dados de aplicativos\Mozilla\Firefox\Profiles\6g0jl2j8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/06 11:58:41 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Dados de aplicativos\Mozilla\Firefox\Profiles\6g0jl2j8.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
[2011/07/14 17:11:06 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de programas\Mozilla Firefox\extensions
[2008/12/10 07:19:06 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\ARQUIVOS DE PROGRAMAS\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\ARQUIVOS DE PROGRAMAS\MOZILLA FIREFOX\EXTENSIONS\{9CE11043-9A15-4207-A565-0C94C42D590D}
[2011/06/06 11:58:40 | 000,003,195 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\Complitly.xml

O1 HOSTS File: ([2008/05/09 09:50:19 | 000,000,776 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Facilitador de Leitor de Link Adobe PDF) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ssh2 Class) - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll (Scopus Tecnologia Ltda)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Arquivos de programas\GbPlugin\gbiehuni.dll (Banco Unibanco)
O2 - BHO: (Complitly) - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Documents and Settings\Adolfo Aguiar.NAIM\Dados de aplicativos\Complitly\Complitly.dll (SimplyGen)
O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - c:\Arquivos de programas\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx (Microsoft Corporation)
O3 - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize File not found
O4 - HKLM..\Run: [NVIDIA nForce APU1 Utilities] C:\WINDOWS\System32\NVATray.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Arquivos de programas\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 189
O7 - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O9 - Extra Button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab (DLM Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157284703812 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab (CTAdjust Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} https://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab (GbPluginObj Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.6.2.143 201.6.2.23
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F08B6E6-944E-42D8-95E8-D7E57E3E7F11}: DhcpNameServer = 201.6.2.143 201.6.2.23
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de programas\Arquivos comuns\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ GbPluginUni: DllName - (C:\Arquivos de programas\GbPlugin\gbiehuni.dll) - C:\Arquivos de programas\GbPlugin\gbiehuni.dll (Banco Unibanco)
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll (Scopus Tecnologia Ltda)
O22 - SharedTaskScheduler: {A3717295-941D-416F-9384-ED1736729F1C} - scpLIB - C:\Arquivos de programas\Scpad\scpLIB.dll (Scopus Tecnologia Ltda)
O24 - Desktop Components:0 (Minha página inicial atual) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Adolfo Aguiar.NAIM\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Adolfo Aguiar.NAIM\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Arquivos de programas\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Arquivos de programas\GbPlugin\gbiehuni.dll (Banco Unibanco)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/06 01:07:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/19 21:10:28 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\ESET
[2011/10/17 20:40:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/10/17 18:19:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Dados de aplicativos\Malwarebytes
[2011/10/17 18:19:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Menu Iniciar\Programas\Malwarebytes' Anti-Malware
[2011/10/17 18:19:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Malwarebytes
[2011/10/17 18:19:17 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/10/17 18:19:17 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Malwarebytes' Anti-Malware
[2011/10/16 19:00:39 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Windows Defender
[2011/10/16 17:05:15 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Greatis
[2011/10/16 16:15:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Menu Iniciar\Programas\Codeforge
[2011/10/16 16:15:44 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Codeforge
[2006/12/31 16:25:04 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Dados de aplicativos\pcouffin.sys
[2004/11/24 16:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll

========== Files - Modified Within 30 Days ==========

[2011/10/20 17:55:37 | 000,000,346 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/10/20 17:53:58 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/20 17:52:32 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2011/10/20 17:52:25 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/10/20 17:52:23 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1390067357-1060284298-682003330-1003.job
[2011/10/20 17:52:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/19 20:50:02 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/17 20:56:22 | 000,005,246 | ---- | M] () -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Desktop\attach.zip
[2011/10/17 18:19:25 | 000,000,847 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/16 18:03:34 | 000,139,648 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/16 17:40:26 | 000,660,096 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat
[2011/10/16 17:40:26 | 000,620,892 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/16 17:40:26 | 000,147,168 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat
[2011/10/16 17:40:26 | 000,134,356 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/16 17:32:56 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/10/03 06:31:16 | 005,971,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/10/01 23:16:00 | 000,000,318 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1390067357-1060284298-682003330-1003.job
[2011/09/26 11:41:48 | 000,613,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\uiautomationcore.dll
[2011/09/26 11:41:48 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\oleaccrc.dll
[2011/09/26 11:41:48 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaccrc.dll
[2011/09/26 11:41:20 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleacc.dll
[2011/09/25 08:19:01 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2011/10/17 20:56:22 | 000,005,246 | ---- | C] () -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Desktop\attach.zip
[2011/10/17 18:19:25 | 000,000,847 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/16 19:44:29 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2011/10/16 19:03:54 | 000,000,346 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/10/16 19:00:43 | 000,001,018 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Menu Iniciar\Programas\Windows Defender.lnk
[2011/08/03 16:09:11 | 000,149,504 | ---- | C] () -- C:\WINDOWS\System32\UNWISE32.EXE
[2011/07/15 10:35:48 | 000,000,125 | ---- | C] () -- C:\WINDOWS\ISLV.INI
[2011/07/15 10:25:24 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\nmocod.dll
[2011/07/15 10:24:56 | 000,066,560 | ---- | C] () -- C:\WINDOWS\System32\D4UNINST.DLL
[2011/07/11 17:15:51 | 000,000,130 | ---- | C] () -- C:\WINDOWS\SConvsft.ini
[2011/02/28 11:54:34 | 000,023,157 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2011/02/28 11:54:33 | 000,001,096 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2011/02/28 11:53:53 | 000,059,801 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2011/02/28 11:53:52 | 000,015,177 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2011/02/28 11:53:51 | 000,017,790 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2011/02/28 10:25:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/01/30 13:35:40 | 000,732,557 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/01/30 13:35:40 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2011/01/30 13:35:40 | 000,206,789 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2011/01/30 13:35:40 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2011/01/30 13:35:39 | 001,557,504 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2011/01/30 13:35:39 | 000,874,647 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2011/01/30 13:35:39 | 000,484,864 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2011/01/30 13:35:39 | 000,257,024 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2011/01/30 13:35:39 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2011/01/30 13:35:39 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2011/01/30 13:35:39 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2011/01/30 13:35:38 | 003,831,004 | ---- | C] () -- C:\WINDOWS\System32\ffmpeg.dll
[2011/01/30 13:35:38 | 001,174,611 | ---- | C] () -- C:\WINDOWS\System32\unins000.exe
[2011/01/30 13:35:38 | 000,047,111 | ---- | C] () -- C:\WINDOWS\System32\unins000.dat
[2010/11/27 20:17:18 | 000,000,135 | -H-- | C] () -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Dados de aplicativos\lakerda1967.sys
[2010/11/27 20:16:37 | 000,010,584 | ---- | C] () -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Dados de aplicativos\docXConverter (3).ini
[2010/07/24 20:55:58 | 000,000,219 | ---- | C] () -- C:\WINDOWS\ImgTool.INI
[2010/07/23 22:17:33 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Dados de aplicativos\iasna_FB9AECF7-F56E-7B2E-A862-9892AA545101.dll
[2009/10/21 10:34:22 | 001,878,831 | ---- | C] () -- C:\WINDOWS\System32\CalculoV32.dll
[2009/10/11 21:02:40 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009/09/12 16:13:15 | 000,003,210 | ---- | C] () -- C:\WINDOWS\DEXT2001.ini
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/30 23:58:42 | 000,000,330 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2009/04/14 22:44:13 | 000,000,064 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2009/04/03 14:44:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2009/03/14 12:19:04 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\MSJCE.dll
[2008/11/01 13:21:10 | 000,040,960 | ---- | C] () -- C:\Arquivos de programas\Uninstall_CDS.exe
[2008/10/25 19:31:13 | 000,154,686 | ---- | C] () -- C:\WINDOWS\hpwins16.dat
[2008/09/09 23:20:46 | 000,108,845 | ---- | C] () -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Configurações locais\Dados de aplicativos\debuggee.mdmp
[2008/08/10 18:48:16 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/06/01 20:25:01 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2008/05/31 22:19:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\MMAVILNG.exe
[2008/05/31 21:50:30 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\qvpqapi.sys
[2008/05/31 21:50:30 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\ijdcapi.sys
[2007/12/24 08:47:52 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/12/22 17:02:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2007/12/03 11:34:32 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2007/11/05 09:42:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2007/09/27 15:48:10 | 000,014,100 | ---- | C] () -- C:\WINDOWS\twspmm.ini
[2007/06/29 08:16:45 | 000,011,244 | ---- | C] () -- C:\WINDOWS\hpwscr16.dat
[2007/06/29 08:14:56 | 000,001,160 | ---- | C] () -- C:\WINDOWS\hpwmdl16.dat
[2007/05/13 11:57:50 | 000,005,644 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\LUUnInstall.LiveUpdate
[2007/03/25 19:15:30 | 000,128,000 | ---- | C] () -- C:\WINDOWS\DesinstWRecnet.exe
[2007/03/25 19:15:30 | 000,122,880 | ---- | C] () -- C:\WINDOWS\DesinstRecnet.exe
[2007/03/25 19:15:30 | 000,005,361 | ---- | C] () -- C:\WINDOWS\DesinstWRecnet.ini
[2007/03/25 12:01:47 | 000,244,984 | ---- | C] () -- C:\WINDOWS\System32\Tutil32.dll
[2006/12/31 16:25:04 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Dados de aplicativos\ezpinst.exe
[2006/12/31 16:25:04 | 000,007,176 | ---- | C] () -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Dados de aplicativos\pcouffin.cat
[2006/12/31 16:25:04 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Dados de aplicativos\pcouffin.inf
[2006/12/21 20:15:32 | 000,000,151 | ---- | C] () -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Configurações locais\Dados de aplicativos\fusioncache.dat
[2006/11/12 16:31:17 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\QTSBandwidthCache
[2006/11/02 13:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe
[2006/09/16 12:52:38 | 000,000,035 | ---- | C] () -- C:\WINDOWS\System32\Program Settings.ini
[2006/09/16 12:52:38 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\winemu51.sys
[2006/09/16 12:49:43 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\winemu60.sys
[2006/09/16 12:40:33 | 000,000,011 | ---- | C] () -- C:\WINDOWS\Indusoft Web Studio 60.ini
[2006/09/16 12:40:29 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\CRYPSERV.EXE
[2006/09/16 12:40:29 | 000,027,648 | ---- | C] () -- C:\WINDOWS\SETUP_CK.EXE
[2006/09/16 12:40:29 | 000,020,768 | ---- | C] () -- C:\WINDOWS\System32\CKLDRV.SYS
[2006/09/16 12:40:29 | 000,011,776 | ---- | C] () -- C:\WINDOWS\CKRFRESH.EXE
[2006/09/16 12:40:29 | 000,000,301 | ---- | C] () -- C:\WINDOWS\PROTEQ.INI
[2006/09/16 12:40:29 | 000,000,197 | ---- | C] () -- C:\WINDOWS\KBDBLOCK.INI
[2006/09/16 12:40:29 | 000,000,070 | ---- | C] () -- C:\WINDOWS\CRYPKEY.INI
[2006/09/16 12:40:28 | 000,153,600 | ---- | C] () -- C:\WINDOWS\CKCONFIG.EXE
[2006/09/16 12:40:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2006/09/16 12:40:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\UniPad.ini
[2006/09/16 12:40:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\UNIODBC.INI
[2006/09/16 12:40:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\UniNDde.ini
[2006/09/16 12:40:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\UniDdeCl.ini
[2006/09/16 12:40:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\UniDde.ini
[2006/09/16 12:40:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\UddeConf.ini
[2006/09/16 12:40:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Trans.ini
[2006/09/16 12:40:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TCPServer.ini
[2006/09/16 12:40:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TCPConf.ini
[2006/09/16 12:40:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TCPClient.ini
[2006/09/16 12:40:27 | 000,004,363 | ---- | C] () -- C:\WINDOWS\Dbm.ini
[2006/09/16 12:40:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Studio Manager.ini
[2006/09/16 12:40:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Slave.ini
[2006/09/16 12:40:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SECURITY.INI
[2006/09/16 12:40:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ReportWriter.ini
[2006/09/16 12:40:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Project.ini
[2006/09/16 12:40:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OPCConf.ini
[2006/09/16 12:40:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OPCClient.ini
[2006/09/16 12:40:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OdbcConf.ini
[2006/09/16 12:40:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\LogWin.ini
[2006/09/16 12:40:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\LOGON.INI
[2006/09/16 12:40:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DrvConf.ini
[2006/09/16 12:40:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Driver.ini
[2006/09/16 12:40:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DdeConf.ini
[2006/09/16 12:40:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DBSPY.INI
[2006/09/16 12:40:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DBFINDER.INI
[2006/09/16 12:40:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AppBuild.ini
[2006/09/16 12:39:55 | 000,004,458 | ---- | C] () -- C:\WINDOWS\IWebStudio51.ini
[2006/09/14 12:51:44 | 000,000,125 | ---- | C] () -- C:\WINDOWS\CDBROWSER.INI
[2006/09/13 15:55:02 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/09/02 20:19:39 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\PMSBFN32.DLL
[2006/09/02 20:19:39 | 000,000,419 | ---- | C] () -- C:\WINDOWS\UMXADDIN.INI
[2006/09/02 14:34:05 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL
[2006/09/01 19:35:42 | 000,000,075 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/09/01 13:23:30 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2006/08/31 21:52:41 | 000,045,568 | ---- | C] () -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/31 21:41:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PRESTOPM.INI
[2006/08/31 21:37:15 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2006/08/31 21:34:43 | 000,000,029 | ---- | C] () -- C:\WINDOWS\SCNDRVP.INI
[2006/08/31 19:56:52 | 000,000,066 | ---- | C] () -- C:\WINDOWS\EPSC45.ini
[2006/08/31 18:33:26 | 000,000,020 | ---- | C] () -- C:\WINDOWS\InfModM.ini
[2006/08/31 18:06:52 | 000,000,015 | ---- | C] () -- C:\WINDOWS\wgedit.ini
[2006/08/31 16:03:14 | 000,000,772 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/31 13:15:18 | 000,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS
[2006/08/31 10:25:32 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\drivers\jedih2rx.bin
[2006/08/31 10:25:32 | 000,000,122 | R--- | C] () -- C:\WINDOWS\System32\drivers\ramsed.bin
[2006/08/31 10:25:23 | 001,499,136 | R--- | C] () -- C:\WINDOWS\System32\NVAPanel.exe
[2006/08/31 10:24:13 | 000,002,429 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2006/08/31 10:24:12 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/08/31 10:18:12 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/08/31 10:08:40 | 000,021,844 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/08/31 06:33:57 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/08/31 06:32:19 | 000,139,648 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/10/03 14:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2004/08/04 10:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 10:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/04 10:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 10:00:00 | 000,660,096 | ---- | C] () -- C:\WINDOWS\System32\perfh016.dat
[2004/08/04 10:00:00 | 000,620,892 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 10:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/04 10:00:00 | 000,301,776 | ---- | C] () -- C:\WINDOWS\System32\perfi016.dat
[2004/08/04 10:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 10:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 10:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/04 10:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/04 10:00:00 | 000,147,168 | ---- | C] () -- C:\WINDOWS\System32\perfc016.dat
[2004/08/04 10:00:00 | 000,134,356 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 10:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2004/08/04 10:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 10:00:00 | 000,035,178 | ---- | C] () -- C:\WINDOWS\System32\perfd016.dat
[2004/08/04 10:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 10:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 10:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 10:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 10:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/09/16 13:52:28 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2003/09/16 13:43:31 | 000,884,736 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2003/09/16 13:41:43 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2003/04/07 11:30:02 | 000,005,383 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/09/08 21:32:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Dados de aplicativos\BitTorrent
[2008/10/29 21:26:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Dados de aplicativos\Canneverbe_Limited
[2011/06/06 11:58:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Dados de aplicativos\Complitly
[2008/07/15 10:15:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Dados de aplicativos\DNA
[2009/03/21 13:45:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Dados de aplicativos\Downloaded Installations
[2008/08/21 21:25:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Dados de aplicativos\F-Secure
[2011/10/19 20:54:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Dados de aplicativos\foobar2000
[2011/05/27 09:37:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Dados de aplicativos\GetRightToGo
[2008/09/03 20:06:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Dados de aplicativos\GlarySoft
[2008/06/07 21:24:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Dados de aplicativos\ImgBurn
[2011/01/29 22:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Dados de aplicativos\Local
[2011/06/20 11:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Dados de aplicativos\NCH Swift Sound
[2011/05/25 22:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Dados de aplicativos\NwDocx
[2008/12/31 15:54:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Dados de aplicativos\OfficeUpdate12
[2010/09/18 08:55:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Dados de aplicativos\PrimoPDF
[2009/10/04 17:48:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Dados de aplicativos\Uniblue
[2007/01/01 17:35:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Dados de aplicativos\Vso
[2011/07/10 22:31:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Dados de aplicativos\xrecode2
[2004/11/03 22:19:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\BVRP Software
[2006/08/25 15:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin
[2010/06/28 22:15:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Clarus
[2008/08/22 20:52:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\F-Secure
[2011/05/19 17:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\FactoryStudio
[2008/08/21 21:16:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\fssg
[2011/07/23 14:35:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\GbPlugin
[2011/06/20 11:50:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\NCH Swift Sound
[2009/10/10 14:48:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\OrbNetworks
[2009/06/21 11:55:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\PC Drivers HeadQuarters
[2011/05/28 23:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\PreEmptive Solutions
[2011/05/30 10:23:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Red Gate
[2009/10/04 18:28:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Sophos
[2011/09/04 20:37:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Soulseek
[2011/07/10 22:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\TEMP
[2008/05/18 22:15:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\WinZip
[2009/11/18 21:50:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/27 22:40:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/05/12 17:06:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\{C38E43DB-855A-4411-A10D-C4CF08162810}
[2011/10/20 17:52:32 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2011/10/20 17:55:37 | 000,000,346 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/10/20 17:52:25 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 208 bytes -> C:\WINDOWS\System32\drivers:GbpKmAp.lst
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\TEMP:B5B2FD38

< End of report >

Adolfo Aguiar
2011-10-21, 00:41
Extras.txt:

OTL Extras logfile created on: 20/10/2011 19:14:43 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Adolfo Aguiar.NAIM\Meus documentos\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

991,35 Mb Total Physical Memory | 554,20 Mb Available Physical Memory | 55,90% Memory free
2,34 Gb Paging File | 1,93 Gb Available in Paging File | 82,70% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 76,32 Gb Total Space | 27,11 Gb Free Space | 35,52% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 84,79 Gb Free Space | 18,21% Space Free | Partition Type: NTFS
Drive E: | 149,05 Gb Total Space | 4,11 Gb Free Space | 2,76% Space Free | Partition Type: NTFS

Computer Name: ADOLFO | User Name: Adolfo Aguiar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Arquivos de programas\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Arquivos de programas\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Arquivos de programas\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Arquivos de programas\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Arquivos de programas\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Arquivos de programas\AboutTime\AboutTime.exe" = C:\Arquivos de programas\AboutTime\AboutTime.exe:*:Enabled:AboutTime cient/server -- ()
"C:\Arquivos de programas\Soulseek\slsk.exe" = C:\Arquivos de programas\Soulseek\slsk.exe:*:Enabled:SoulSeek -- ()
"C:\Arquivos de programas\Real\RealPlayer\realplay.exe" = C:\Arquivos de programas\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer
"C:\Arquivos de programas\Indusoft Web Studio v6.0\Bin\Studio Manager.exe" = C:\Arquivos de programas\Indusoft Web Studio v6.0\Bin\Studio Manager.exe:*:Enabled:Studio Manager
"C:\Arquivos de programas\Indusoft Web Studio v6.0\Demos\NTDemo\web\NTWebServer.exe" = C:\Arquivos de programas\Indusoft Web Studio v6.0\Demos\NTDemo\web\NTWebServer.exe:*:Enabled:NTWebServer
"C:\Documents and Settings\Adolfo Aguiar.NAIM\Meus documentos\Downloads\eMule0.48a\emule.exe" = C:\Documents and Settings\Adolfo Aguiar.NAIM\Meus documentos\Downloads\eMule0.48a\emule.exe:*:Enabled:eMule
"C:\Arquivos de programas\eMule0.48a\emule.exe" = C:\Arquivos de programas\eMule0.48a\emule.exe:*:Enabled:eMule
"C:\Arquivos de programas\Grisoft\AVG7\avginet.exe" = C:\Arquivos de programas\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe
"C:\Arquivos de programas\Grisoft\AVG7\avgamsvr.exe" = C:\Arquivos de programas\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe
"C:\Arquivos de programas\Grisoft\AVG7\avgcc.exe" = C:\Arquivos de programas\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe
"C:\Arquivos de programas\eMule\emule.exe" = C:\Arquivos de programas\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"C:\Arquivos de programas\Soulseek-Test\slsk.exe" = C:\Arquivos de programas\Soulseek-Test\slsk.exe:*:Enabled:SoulSeek
"C:\Arquivos de programas\DNA\btdna.exe" = C:\Arquivos de programas\DNA\btdna.exe:*:Enabled:DNA
"C:\Arquivos de programas\BitTorrent\bittorrent.exe" = C:\Arquivos de programas\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Arquivos de programas\realplay.exe" = C:\Arquivos de programas\realplay.exe:*:Enabled:RealPlayer
"C:\Arquivos de programas\Google\Google Talk\googletalk.exe" = C:\Arquivos de programas\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Arquivos de programas\Winamp Remote\bin\Orb.exe" = C:\Arquivos de programas\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- (Orb Networks, Inc.)
"C:\Arquivos de programas\Winamp Remote\bin\OrbTray.exe" = C:\Arquivos de programas\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- (Orb Networks)
"C:\Arquivos de programas\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Arquivos de programas\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- ()
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Console de gerenciamento Microsoft -- (Microsoft Corporation)
"C:\Arquivos de programas\Java\jre6\bin\javaw.exe" = C:\Arquivos de programas\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Arquivos de programas\SoulseekNS\slsk.exe" = C:\Arquivos de programas\SoulseekNS\slsk.exe:*:Enabled:SoulSeek -- ()
"C:\Documents and Settings\Adolfo Aguiar.NAIM\Meus documentos\Visual Studio 2010\Projects\WCFServiceHost\WCFServiceHost\bin\Debug\WCFServiceHost.vshost.exe" = C:\Documents and Settings\Adolfo Aguiar.NAIM\Meus documentos\Visual Studio 2010\Projects\WCFServiceHost\WCFServiceHost\bin\Debug\WCFServiceHost.vshost.exe:*:Enabled:vshost32.exe -- (Microsoft Corporation)
"C:\Dev\Tatsoft\Bin\TServer.exe" = C:\Dev\Tatsoft\Bin\TServer.exe:*:Enabled:TServer


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{035400A4-29BD-3723-BEED-E2718A68CDE0}" = Microsoft Visual Studio 2010 Office Developer Tools (x86)
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{170DE2A7-4768-370C-9671-D8D17826EFBF}" = Microsoft Visual Studio 2010 Performance Collection Tools - ENU
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{17B66E83-1BC9-11D5-A54A-0090278A1BB8}" = Microsoft FrontPage Client - English
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{1D76A52C-87A6-4AB0-A7B0-08C8D5DF1D75}" = Motorola Mobile Drivers Installation 5.2.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2D9FEBEE-F1B7-344F-BFDF-760E18332D96}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{307BFD68-0886-47AD-B461-5607F63B8B42}" = Microsoft Web Platform Installer 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A417047-2E30-4D05-8977-F706D40BFF39}" = Windows Live installer
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3BB19A2B-B9C5-3872-8FDF-3047CC9F9841}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4D04C9A1-F28C-4F6F-9D66-81BB000693D9}" = BPDSoftware_Ini
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
"{518E6808-4B41-4577-ADA8-B74ECB661046}" = Nero 8 Essentials
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5721A8EA-A30F-4F66-9046-3F40C43AE1DC}" = Driver Detective
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{5A39D5C2-A28B-421D-925A-0390FD1E5529}_is1" = Hot CPU Tester Pro 4.4.1
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{66491E5A-7899-4863-A2E9-057E10BCB578}" = Samsung SecretZone
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6ED37A91-7710-3183-BE50-AB043FF6689E}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6F60CD17-EE34-4f77-83B7-F8ADBDC31D46}" = ProductContext
"{7148F0A8-6813-11D6-A77B-00B0D0142140}" = Java 2 Runtime Environment, SE v1.4.2_14
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{821D6F49-1B20-4809-8C73-286CFC52B1B1}" = Samsung Auto Backup
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{88FBDCF4-8ACF-46e6-9C33-231FBA6378D8}" = J3600
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CE4CB34-8187-42A1-B597-517760BEE8EC}" = BPD_Scan
"{8EADB73B-026D-4978-A8F0-1EEF5E1ECEC7}" = Windows Live Messenger
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0020-0416-0000-0000000FF1CE}" = Pacote de Compatibilidade para o sistema Office 2007
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{91120416-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edição 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{974B49BC-0F92-455E-B103-DC41EED9706C}" = AB4D Products (Trial)
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{97CE8B73-AA5A-4987-A1BE-50DD1A187478}" = Microsoft Sync Framework SDK v1.0 SP1
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2010.07.14
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-7AD7-1046-7B44-A83000000003}" = Adobe Reader 8.3.1 - Português
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AFE83615-88BE-47F6-B3E4-A3FEF8B7B57F}_is1" = xrecode II 1.0.0.173
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter
"{BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}" = Microsoft Visual Studio 2010 Ultimate - ENU
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C6DD625F-4B61-4561-8286-87CA0275CEA1}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86)
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D27F8BF7-61A4-4F0D-A190-9E2CE8C0773B}" = 3600_Help
"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files
"{D4D24FE5-FAB3-4FE2-AFFC-623955F4DF3A}" = Visual Studio.NET Baseline - English
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DC3D6AFB-78B4-489F-81D7-30B66E0C2417}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)
"{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{ECAD4F6A-0BF3-4028-9C81-E5D9F9606CBA}" = BPDSoftware
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F11D6791-FBE8-4817-B5D4-D3191DDDCDC8}" = USB Video Camera
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F793385C-5F01-4b46-B974-15A81FB86FF1}" = HP Officejet J3600 Series
"{F990B526-8F7C-46E0-B1F1-6C893A8B478F}" = Microsoft Sync Framework Services v1.0 SP1 (x86)
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"19E2067D5B6CE49B232A2485FBB3475CB7D828C3" = Pacote de Driver do Windows - M2Tech (vadspdif) MEDIA (02/05/2010 1.0.3.141)
"AB4D Products (Trial)" = AB4D Products (Trial)
"AboutTime_is1" = AboutTime
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Album Art Downloader XUI" = Album Art Downloader XUI 0.38.3
"ASUS Probe V2.17.07" = ASUS Probe V2.17.07
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Complitly_is1" = Complitly
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"DVD Flick_is1" = DVD Flick
"Elecard MPEG-2 Decoder&Streaming Plug-in for WMP 3.4.70328" = Elecard MPEG-2 Decoder&Streaming Plug-in for WMP
"eMule" = eMule
"EPSON Printer and Utilities" = EPSON Printer Software
"ESET Online Scanner" = ESET Online Scanner v3
"Exact Audio Copy" = Exact Audio Copy 0.99pb5
"ffdshow_is1" = ffdshow v1.1.3721 [2011-01-07]
"FLVPlayer" = FLV Player 1.3.3
"foobar2000" = foobar2000 v1.1.1
"Glary Utilities_is1" = Glary Utilities 2.6.1
"GoogleVideoPlayer" = Google Video Player
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"HTPE3" = HyperTerminal Private Edition v6.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"Ink Monitor" = Ink Monitor
"InstallShield_{F11D6791-FBE8-4817-B5D4-D3191DDDCDC8}" = USB Video Camera
"IRPF2007 - Declaração de Ajuste Anual" = IRPF2007 - Declaração de Ajuste Anual
"IRPF2008 - Declaração de Ajuste Anual" = IRPF2008 - Declaração de Ajuste Anual
"IRPF2009 - Declaração de Ajuste Anual e Final de Espólio" = IRPF2009 - Declaração de Ajuste Anual e Final de Espólio
"IRPF2010 - Declaração de Ajuste Anual e Final de Espólio" = IRPF2010 - Declaração de Ajuste Anual e Final de Espólio
"IRPF2011" = IRPF2011 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Magic ISO Maker v5.3 (build 0216)" = Magic ISO Maker v5.3 (build 0216)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio 2010 Ultimate - ENU" = Microsoft Visual Studio 2010 Ultimate - ENU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVAUtils" = NVIDIA nForce APU1 Utilities
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"Orb" = Winamp Remote
"PrimoPDF" = PrimoPDF -- by Nitro PDF Software
"Receitanet Java 2010.02d" = Receitanet Java 2010.02d
"Room Arranger" = Room Arranger (remove only)
"Sicalc Auto Atendimento" = Sicalc Auto Atendimento
"smartmontools" = smartmontools
"Soulseek" = SoulSeek Client 156c
"Soulseek2" = SoulSeek 157 NS 13e
"Supervisório Conversoft (Versão 1.7.4.2)_is1" = Supervisório Conversoft
"TweakAll_is1" = TweakAll 3.0
"Ultralingua 6_is1" = Ultralingua 6.1
"Unlocker" = Unlocker 1.8.6
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VLC media player" = VLC media player 1.1.10
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XP Codec Pack" = XP Codec Pack
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Delphi4" = Borland Delphi 4

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 28/9/2011 15:38:46 | Computer Name = ADOLFO | Source = Application Hang | ID = 1002
Description = Aplicativo com falha msimn.exe, versão 6.0.2900.5512, módulo com falha
hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

Error - 28/9/2011 19:05:48 | Computer Name = ADOLFO | Source = Application Hang | ID = 1002
Description = Aplicativo com falha msimn.exe, versão 6.0.2900.5512, módulo com falha
hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

Error - 28/9/2011 19:12:19 | Computer Name = ADOLFO | Source = Application Hang | ID = 1002
Description = Aplicativo com falha msimn.exe, versão 6.0.2900.5512, módulo com falha
hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

Error - 1/10/2011 11:57:33 | Computer Name = ADOLFO | Source = Application Error | ID = 1000
Description = Aplicativo com falha iexplore.exe, versão 8.0.6001.18702, módulo com
falha mshtml.dll, versão 8.0.6001.19120, endereço com falha 0x000e187d.

Error - 4/10/2011 16:34:09 | Computer Name = ADOLFO | Source = Application Hang | ID = 1002
Description = Aplicativo com falha iexplore.exe, versão 8.0.6001.18702, módulo com
falha hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

Error - 5/10/2011 15:31:01 | Computer Name = ADOLFO | Source = VSTTExecution | ID = 0
Description =

Error - 5/10/2011 15:31:05 | Computer Name = ADOLFO | Source = VSTTExecution | ID = 0
Description =

Error - 15/10/2011 13:28:11 | Computer Name = ADOLFO | Source = Application Hang | ID = 1002
Description = Aplicativo com falha iexplore.exe, versão 8.0.6001.18702, módulo com
falha hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

Error - 16/10/2011 10:00:27 | Computer Name = ADOLFO | Source = Application Hang | ID = 1002
Description = Aplicativo com falha iexplore.exe, versão 8.0.6001.18702, módulo com
falha hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

Error - 16/10/2011 16:06:16 | Computer Name = ADOLFO | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

[ System Events ]
Error - 19/10/2011 15:41:16 | Computer Name = ADOLFO | Source = Service Control Manager | ID = 7031
Description = O serviço Serviço de administração do IIS foi finalizado inesperadamente.
Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 1 milissegundos:
Executar o programa de recuperação configurado.

Error - 19/10/2011 15:41:16 | Computer Name = ADOLFO | Source = Service Control Manager | ID = 7034
Description = O serviço Simple Mail Transfer Protocol (SMTP) foi encerrado inesperadamente.
Isso aconteceu 1 vez(es).

Error - 19/10/2011 15:41:16 | Computer Name = ADOLFO | Source = Service Control Manager | ID = 7034
Description = O serviço Publicação na World Wide Web foi encerrado inesperadamente.
Isso aconteceu 1 vez(es).

Error - 19/10/2011 15:41:16 | Computer Name = ADOLFO | Source = Service Control Manager | ID = 7034
Description = O serviço Virtual Disk Service Manager foi encerrado inesperadamente.
Isso aconteceu 1 vez(es).

Error - 19/10/2011 15:41:16 | Computer Name = ADOLFO | Source = Service Control Manager | ID = 7034
Description = O serviço Machine Debug Manager foi encerrado inesperadamente. Isso
aconteceu 1 vez(es).

Error - 19/10/2011 15:41:16 | Computer Name = ADOLFO | Source = Service Control Manager | ID = 7034
Description = O serviço NVIDIA Driver Helper Service foi encerrado inesperadamente.
Isso aconteceu 1 vez(es).

Error - 19/10/2011 15:41:16 | Computer Name = ADOLFO | Source = Service Control Manager | ID = 7034
Description = O serviço SQL Server VSS Writer foi encerrado inesperadamente. Isso
aconteceu 1 vez(es).

Error - 19/10/2011 15:55:17 | Computer Name = ADOLFO | Source = sr | ID = 1
Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'
ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume
foi interrompido.

Error - 19/10/2011 16:03:14 | Computer Name = ADOLFO | Source = Service Control Manager | ID = 7000
Description = Não foi possível iniciar o serviço MBAMSwissArmy devido ao seguinte
erro: %%2

Error - 20/10/2011 15:52:43 | Computer Name = ADOLFO | Source = sr | ID = 1
Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'
ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume
foi interrompido.


< End of report >

ken545
2011-10-21, 02:21
Hi,

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL




:processes
killallprocesses

:OTL
IE - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.searchcompletion.com/?si=10197&home=1
IE - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.searchcompletion.com/?si=10197&home=1
IE - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.searchcompletion.com/?si=10197&home=1
IE - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.searchcompletion.com/?
IE - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.searchcompletion.com/?si=10197&home=1
IE - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.searchcompletion.com/?
O3 - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.


:Services

:Reg

:Files
ipconfig /flushdns /c





:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

Adolfo Aguiar
2011-10-21, 11:12
Hi Ken,

This is the OTL fix log:

All processes killed
========== PROCESSES ==========
========== OTL ==========
HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search\\Search Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1390067357-1060284298-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Configuração de IP do Windows
Liberação do cache do DNS Resolver bem-sucedida.
C:\Documents and Settings\Adolfo Aguiar.NAIM\Meus documentos\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Adolfo Aguiar.NAIM\Meus documentos\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrador
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: ADOLFO

User: Adolfo Aguiar.NAIM
->Temp folder emptied: 177764 bytes
->Temporary Internet Files folder emptied: 2869564 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: ADOLFO_

User: ADOLFO~1~NAI

User: All Users

User: All Users.WINDOWS

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService.AUTORIDADE NT
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.AUTORIDADE NT.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.AUTORIDADE NT
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.AUTORIDADE NT.000
->Temp folder emptied: 3016 bytes
->Temporary Internet Files folder emptied: 49554 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 44419 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 3,00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 10212011_053336

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Adolfo Aguiar.NAIM\Configurações locais\Temp\~DF2D9A.tmp not found!
File\Folder C:\Documents and Settings\Adolfo Aguiar.NAIM\Configurações locais\Temp\~DF2DAC.tmp not found!
File\Folder C:\Documents and Settings\Adolfo Aguiar.NAIM\Configurações locais\Temp\~DF2E0D.tmp not found!
File\Folder C:\Documents and Settings\Adolfo Aguiar.NAIM\Configurações locais\Temp\~DF2E1F.tmp not found!
File\Folder C:\Documents and Settings\Adolfo Aguiar.NAIM\Configurações locais\Temp\~DF2F2D.tmp not found!
File\Folder C:\Documents and Settings\Adolfo Aguiar.NAIM\Configurações locais\Temp\~DF2F3F.tmp not found!
File\Folder C:\Documents and Settings\Adolfo Aguiar.NAIM\Configurações locais\Temp\~DF2F7B.tmp not found!
File\Folder C:\Documents and Settings\Adolfo Aguiar.NAIM\Configurações locais\Temp\~DF2F8D.tmp not found!
C:\Documents and Settings\Adolfo Aguiar.NAIM\Configurações locais\Temporary Internet Files\Content.IE5\IO02RAZM\showthread[1].htm moved successfully.
C:\Documents and Settings\Adolfo Aguiar.NAIM\Configurações locais\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_e94.dat not found!

Registry entries deleted on Reboot...


This is the OTL scan log:

OTL logfile created on: 21/10/2011 05:47:04 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Adolfo Aguiar.NAIM\Meus documentos\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

991,35 Mb Total Physical Memory | 431,81 Mb Available Physical Memory | 43,56% Memory free
2,34 Gb Paging File | 1,87 Gb Available in Paging File | 80,16% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 76,32 Gb Total Space | 27,08 Gb Free Space | 35,48% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 84,79 Gb Free Space | 18,21% Space Free | Partition Type: NTFS
Drive E: | 149,05 Gb Total Space | 4,11 Gb Free Space | 2,76% Space Free | Partition Type: NTFS

Computer Name: ADOLFO | User Name: Adolfo Aguiar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Adolfo Aguiar.NAIM\Meus documentos\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Arquivos de programas\GbPlugin\gbpsv.exe ( )
PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Arquivos de programas\Clarus\Samsung SecretZone\MSSvc.exe ()
PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Arquivos de programas\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Arquivos de programas\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\NVATray.exe (NVIDIA Corporation)
PRC - C:\WINDOWS\system32\CRYPSERV.EXE ()


========== Modules (No Company Name) ==========

MOD - C:\Arquivos de programas\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Arquivos de programas\Clarus\Samsung SecretZone\MSSvc.exe ()
MOD - C:\Arquivos de programas\Clarus\Samsung SecretZone\MSMgrSDK.dll ()
MOD - C:\Arquivos de programas\Clarus\Samsung SecretZone\MSMgrSDK.EN ()
MOD - C:\Arquivos de programas\Clarus\Samsung SecretZone\MSUtilSDK.dll ()
MOD - C:\WINDOWS\system32\Primomonnt.dll ()
MOD - C:\WINDOWS\system32\CRYPSERV.EXE ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (CLTNetCnService) -- File not found
SRV - (AntiVirService) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (GbpSv) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe ( )
SRV - (MSR Service) -- C:\Arquivos de programas\Clarus\Samsung SecretZone\MSSvc.exe ()
SRV - (Apple Mobile Device) -- C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (SMTPSVC) Simple Mail Transfer Protocol (SMTP) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (LiveUpdate) -- C:\Arquivos de programas\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (WinDefend) -- C:\Arquivos de programas\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (ose) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
SRV - (Crypkey License) -- C:\WINDOWS\System32\CRYPSERV.EXE ()


========== Driver Services (SafeList) ==========

DRV - (mvd20) -- File not found
DRV - (mdf15) -- File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (GbpKm) -- C:\WINDOWS\system32\drivers\gbpkm.sys (GAS Tecnologia)
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (vadspdif) -- C:\WINDOWS\system32\drivers\vadspdif.sys (M2Tech)
DRV - (VSPerfDrv100) -- c:\Arquivos de programas\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys (Microsoft Corporation)
DRV - (RsFx0103) -- C:\WINDOWS\system32\drivers\RsFx0103.sys (Microsoft Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (Ca2001v) -- C:\WINDOWS\system32\drivers\Ca2001v.sys (Digital Camera)
DRV - (Proteq) -- C:\WINDOWS\System32\drivers\proteq.sys (PROTEQ)
DRV - (NVENET) -- C:\WINDOWS\system32\drivers\NVENET.sys (NVIDIA Corporation)
DRV - (nvnforce) Service for NVIDIA® nForce(TM) -- C:\WINDOWS\system32\drivers\nvapu.sys (NVIDIA Corporation)
DRV - (nvax) Service for NVIDIA® nForce(TM) -- C:\WINDOWS\system32\drivers\nvax.sys (NVIDIA Corporation)
DRV - (nv_agp) -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys (NVIDIA Corporation)
DRV - (aslm75) -- C:\WINDOWS\system32\drivers\ASLM75.SYS ()
DRV - (Networkx) -- C:\WINDOWS\system32\ckldrv.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/
IE - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL =
IE - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
IE - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 04 A5 30 3C DE CA CB 01 [binary data]
IE - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page =
IE - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Complitly"
FF - prefs.js..browser.search.defaultenginename: "Complitly"
FF - prefs.js..browser.search.order.1: "Complitly"
FF - prefs.js..browser.search.selectedEngine: "Complitly"
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..browser.startup.homepage: "http://search.searchcompletion.com/?si=10197&home=1"
FF - prefs.js..extensions.enabledItems: {9CE11043-9A15-4207-A565-0C94C42D590D}:2.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {33e0daa6-3af3-d8b5-6752-10e949c61516}:1.1
FF - prefs.js..keyword.URL: "http://search.searchcompletion.com/?bs=1&si=10197&q="
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Arquivos de programas\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Arquivos de programas\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Arquivos de programas\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Arquivos de programas\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.3: C:\Arquivos de programas\Microsoft\Web Platform Installer\\npwpidetector.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2011/02/28 10:25:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins [2011/09/16 14:12:45 | 000,000,000 | ---D | M]

[2011/02/28 10:25:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Dados de aplicativos\Mozilla\Extensions
[2011/07/14 17:11:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Dados de aplicativos\Mozilla\Firefox\Profiles\6g0jl2j8.default\extensions
[2011/03/28 10:49:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Dados de aplicativos\Mozilla\Firefox\Profiles\6g0jl2j8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/06 11:58:41 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Dados de aplicativos\Mozilla\Firefox\Profiles\6g0jl2j8.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
[2011/07/14 17:11:06 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de programas\Mozilla Firefox\extensions
[2008/12/10 07:19:06 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\ARQUIVOS DE PROGRAMAS\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\ARQUIVOS DE PROGRAMAS\MOZILLA FIREFOX\EXTENSIONS\{9CE11043-9A15-4207-A565-0C94C42D590D}
[2011/06/06 11:58:40 | 000,003,195 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\Complitly.xml

O1 HOSTS File: ([2011/10/21 05:33:39 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Facilitador de Leitor de Link Adobe PDF) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ssh2 Class) - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll (Scopus Tecnologia Ltda)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Arquivos de programas\GbPlugin\gbiehuni.dll (Banco Unibanco)
O2 - BHO: (Complitly) - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Documents and Settings\Adolfo Aguiar.NAIM\Dados de aplicativos\Complitly\Complitly.dll (SimplyGen)
O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - c:\Arquivos de programas\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize File not found
O4 - HKLM..\Run: [NVIDIA nForce APU1 Utilities] C:\WINDOWS\System32\NVATray.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Arquivos de programas\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 189
O7 - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O9 - Extra Button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab (DLM Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157284703812 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab (CTAdjust Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} https://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab (GbPluginObj Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.6.2.143 201.6.2.23
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F08B6E6-944E-42D8-95E8-D7E57E3E7F11}: DhcpNameServer = 201.6.2.143 201.6.2.23
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de programas\Arquivos comuns\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ GbPluginUni: DllName - (C:\Arquivos de programas\GbPlugin\gbiehuni.dll) - C:\Arquivos de programas\GbPlugin\gbiehuni.dll (Banco Unibanco)
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll (Scopus Tecnologia Ltda)
O22 - SharedTaskScheduler: {A3717295-941D-416F-9384-ED1736729F1C} - scpLIB - C:\Arquivos de programas\Scpad\scpLIB.dll (Scopus Tecnologia Ltda)
O24 - Desktop Components:0 (Minha página inicial atual) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Adolfo Aguiar.NAIM\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Adolfo Aguiar.NAIM\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Arquivos de programas\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Arquivos de programas\GbPlugin\gbiehuni.dll (Banco Unibanco)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/06 01:07:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/21 05:33:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/19 21:10:28 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\ESET
[2011/10/17 20:40:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/10/17 18:19:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Dados de aplicativos\Malwarebytes
[2011/10/17 18:19:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Menu Iniciar\Programas\Malwarebytes' Anti-Malware
[2011/10/17 18:19:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Malwarebytes
[2011/10/17 18:19:17 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/10/17 18:19:17 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Malwarebytes' Anti-Malware
[2011/10/16 19:00:39 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Windows Defender
[2011/10/16 17:05:15 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Greatis
[2011/10/16 16:15:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Menu Iniciar\Programas\Codeforge
[2011/10/16 16:15:44 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Codeforge
[2006/12/31 16:25:04 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Dados de aplicativos\pcouffin.sys
[2004/11/24 16:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll

========== Files - Modified Within 30 Days ==========

[2011/10/21 05:38:40 | 000,000,346 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/10/21 05:36:45 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/21 05:35:40 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2011/10/21 05:35:39 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/10/21 05:35:35 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1390067357-1060284298-682003330-1003.job
[2011/10/21 05:35:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/21 05:33:39 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/10/19 20:50:02 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/17 20:56:22 | 000,005,246 | ---- | M] () -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Desktop\attach.zip
[2011/10/17 18:19:25 | 000,000,847 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/16 18:03:34 | 000,139,648 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/16 17:40:26 | 000,660,096 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat
[2011/10/16 17:40:26 | 000,620,892 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/16 17:40:26 | 000,147,168 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat
[2011/10/16 17:40:26 | 000,134,356 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/16 17:32:56 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/10/03 06:31:16 | 005,971,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/10/01 23:16:00 | 000,000,318 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1390067357-1060284298-682003330-1003.job
[2011/09/26 11:41:48 | 000,613,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\uiautomationcore.dll
[2011/09/26 11:41:48 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\oleaccrc.dll
[2011/09/26 11:41:48 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaccrc.dll
[2011/09/26 11:41:20 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleacc.dll
[2011/09/25 08:19:01 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2011/10/17 20:56:22 | 000,005,246 | ---- | C] () -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Desktop\attach.zip
[2011/10/17 18:19:25 | 000,000,847 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/16 19:44:29 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2011/10/16 19:03:54 | 000,000,346 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/10/16 19:00:43 | 000,001,018 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Menu Iniciar\Programas\Windows Defender.lnk
[2011/08/03 16:09:11 | 000,149,504 | ---- | C] () -- C:\WINDOWS\System32\UNWISE32.EXE
[2011/07/15 10:35:48 | 000,000,125 | ---- | C] () -- C:\WINDOWS\ISLV.INI
[2011/07/15 10:25:24 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\nmocod.dll
[2011/07/15 10:24:56 | 000,066,560 | ---- | C] () -- C:\WINDOWS\System32\D4UNINST.DLL
[2011/07/11 17:15:51 | 000,000,130 | ---- | C] () -- C:\WINDOWS\SConvsft.ini
[2011/02/28 11:54:34 | 000,023,157 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2011/02/28 11:54:33 | 000,001,096 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2011/02/28 11:53:53 | 000,059,801 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2011/02/28 11:53:52 | 000,015,177 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2011/02/28 11:53:51 | 000,017,790 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2011/02/28 10:25:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/01/30 13:35:40 | 000,732,557 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/01/30 13:35:40 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2011/01/30 13:35:40 | 000,206,789 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2011/01/30 13:35:40 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2011/01/30 13:35:39 | 001,557,504 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2011/01/30 13:35:39 | 000,874,647 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2011/01/30 13:35:39 | 000,484,864 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2011/01/30 13:35:39 | 000,257,024 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2011/01/30 13:35:39 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2011/01/30 13:35:39 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2011/01/30 13:35:39 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2011/01/30 13:35:38 | 003,831,004 | ---- | C] () -- C:\WINDOWS\System32\ffmpeg.dll
[2011/01/30 13:35:38 | 001,174,611 | ---- | C] () -- C:\WINDOWS\System32\unins000.exe
[2011/01/30 13:35:38 | 000,047,111 | ---- | C] () -- C:\WINDOWS\System32\unins000.dat
[2010/11/27 20:17:18 | 000,000,135 | -H-- | C] () -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Dados de aplicativos\lakerda1967.sys
[2010/11/27 20:16:37 | 000,010,584 | ---- | C] () -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Dados de aplicativos\docXConverter (3).ini
[2010/07/24 20:55:58 | 000,000,219 | ---- | C] () -- C:\WINDOWS\ImgTool.INI
[2010/07/23 22:17:33 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Dados de aplicativos\iasna_FB9AECF7-F56E-7B2E-A862-9892AA545101.dll
[2009/10/21 10:34:22 | 001,878,831 | ---- | C] () -- C:\WINDOWS\System32\CalculoV32.dll
[2009/10/11 21:02:40 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009/09/12 16:13:15 | 000,003,210 | ---- | C] () -- C:\WINDOWS\DEXT2001.ini
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/30 23:58:42 | 000,000,330 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2009/04/14 22:44:13 | 000,000,064 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2009/04/03 14:44:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2009/03/14 12:19:04 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\MSJCE.dll
[2008/11/01 13:21:10 | 000,040,960 | ---- | C] () -- C:\Arquivos de programas\Uninstall_CDS.exe
[2008/10/25 19:31:13 | 000,154,686 | ---- | C] () -- C:\WINDOWS\hpwins16.dat
[2008/09/09 23:20:46 | 000,108,845 | ---- | C] () -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Configurações locais\Dados de aplicativos\debuggee.mdmp
[2008/08/10 18:48:16 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/06/01 20:25:01 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2008/05/31 22:19:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\MMAVILNG.exe
[2008/05/31 21:50:30 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\qvpqapi.sys
[2008/05/31 21:50:30 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\ijdcapi.sys
[2007/12/24 08:47:52 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/12/22 17:02:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2007/12/03 11:34:32 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2007/11/05 09:42:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2007/09/27 15:48:10 | 000,014,100 | ---- | C] () -- C:\WINDOWS\twspmm.ini
[2007/06/29 08:16:45 | 000,011,244 | ---- | C] () -- C:\WINDOWS\hpwscr16.dat
[2007/06/29 08:14:56 | 000,001,160 | ---- | C] () -- C:\WINDOWS\hpwmdl16.dat
[2007/05/13 11:57:50 | 000,005,644 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\LUUnInstall.LiveUpdate
[2007/03/25 19:15:30 | 000,128,000 | ---- | C] () -- C:\WINDOWS\DesinstWRecnet.exe
[2007/03/25 19:15:30 | 000,122,880 | ---- | C] () -- C:\WINDOWS\DesinstRecnet.exe
[2007/03/25 19:15:30 | 000,005,361 | ---- | C] () -- C:\WINDOWS\DesinstWRecnet.ini
[2007/03/25 12:01:47 | 000,244,984 | ---- | C] () -- C:\WINDOWS\System32\Tutil32.dll
[2006/12/31 16:25:04 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Dados de aplicativos\ezpinst.exe
[2006/12/31 16:25:04 | 000,007,176 | ---- | C] () -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Dados de aplicativos\pcouffin.cat
[2006/12/31 16:25:04 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Dados de aplicativos\pcouffin.inf
[2006/12/21 20:15:32 | 000,000,151 | ---- | C] () -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Configurações locais\Dados de aplicativos\fusioncache.dat
[2006/11/12 16:31:17 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\QTSBandwidthCache
[2006/11/02 13:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe
[2006/09/16 12:52:38 | 000,000,035 | ---- | C] () -- C:\WINDOWS\System32\Program Settings.ini
[2006/09/16 12:52:38 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\winemu51.sys
[2006/09/16 12:49:43 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\winemu60.sys
[2006/09/16 12:40:33 | 000,000,011 | ---- | C] () -- C:\WINDOWS\Indusoft Web Studio 60.ini
[2006/09/16 12:40:29 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\CRYPSERV.EXE
[2006/09/16 12:40:29 | 000,027,648 | ---- | C] () -- C:\WINDOWS\SETUP_CK.EXE
[2006/09/16 12:40:29 | 000,020,768 | ---- | C] () -- C:\WINDOWS\System32\CKLDRV.SYS
[2006/09/16 12:40:29 | 000,011,776 | ---- | C] () -- C:\WINDOWS\CKRFRESH.EXE
[2006/09/16 12:40:29 | 000,000,301 | ---- | C] () -- C:\WINDOWS\PROTEQ.INI
[2006/09/16 12:40:29 | 000,000,197 | ---- | C] () -- C:\WINDOWS\KBDBLOCK.INI
[2006/09/16 12:40:29 | 000,000,070 | ---- | C] () -- C:\WINDOWS\CRYPKEY.INI
[2006/09/16 12:40:28 | 000,153,600 | ---- | C] () -- C:\WINDOWS\CKCONFIG.EXE
[2006/09/16 12:40:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2006/09/16 12:40:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\UniPad.ini
[2006/09/16 12:40:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\UNIODBC.INI
[2006/09/16 12:40:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\UniNDde.ini
[2006/09/16 12:40:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\UniDdeCl.ini
[2006/09/16 12:40:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\UniDde.ini
[2006/09/16 12:40:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\UddeConf.ini
[2006/09/16 12:40:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Trans.ini
[2006/09/16 12:40:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TCPServer.ini
[2006/09/16 12:40:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TCPConf.ini
[2006/09/16 12:40:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TCPClient.ini
[2006/09/16 12:40:27 | 000,004,363 | ---- | C] () -- C:\WINDOWS\Dbm.ini
[2006/09/16 12:40:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Studio Manager.ini
[2006/09/16 12:40:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Slave.ini
[2006/09/16 12:40:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SECURITY.INI
[2006/09/16 12:40:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ReportWriter.ini
[2006/09/16 12:40:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Project.ini
[2006/09/16 12:40:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OPCConf.ini
[2006/09/16 12:40:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OPCClient.ini
[2006/09/16 12:40:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OdbcConf.ini
[2006/09/16 12:40:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\LogWin.ini
[2006/09/16 12:40:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\LOGON.INI
[2006/09/16 12:40:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DrvConf.ini
[2006/09/16 12:40:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Driver.ini
[2006/09/16 12:40:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DdeConf.ini
[2006/09/16 12:40:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DBSPY.INI
[2006/09/16 12:40:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DBFINDER.INI
[2006/09/16 12:40:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AppBuild.ini
[2006/09/16 12:39:55 | 000,004,458 | ---- | C] () -- C:\WINDOWS\IWebStudio51.ini
[2006/09/14 12:51:44 | 000,000,125 | ---- | C] () -- C:\WINDOWS\CDBROWSER.INI
[2006/09/13 15:55:02 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/09/02 20:19:39 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\PMSBFN32.DLL
[2006/09/02 20:19:39 | 000,000,419 | ---- | C] () -- C:\WINDOWS\UMXADDIN.INI
[2006/09/02 14:34:05 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL
[2006/09/01 19:35:42 | 000,000,075 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/09/01 13:23:30 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2006/08/31 21:52:41 | 000,045,568 | ---- | C] () -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/31 21:41:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PRESTOPM.INI
[2006/08/31 21:37:15 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2006/08/31 21:34:43 | 000,000,029 | ---- | C] () -- C:\WINDOWS\SCNDRVP.INI
[2006/08/31 19:56:52 | 000,000,066 | ---- | C] () -- C:\WINDOWS\EPSC45.ini
[2006/08/31 18:33:26 | 000,000,020 | ---- | C] () -- C:\WINDOWS\InfModM.ini
[2006/08/31 18:06:52 | 000,000,015 | ---- | C] () -- C:\WINDOWS\wgedit.ini
[2006/08/31 16:03:14 | 000,000,772 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/31 13:15:18 | 000,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS
[2006/08/31 10:25:32 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\drivers\jedih2rx.bin
[2006/08/31 10:25:32 | 000,000,122 | R--- | C] () -- C:\WINDOWS\System32\drivers\ramsed.bin
[2006/08/31 10:25:23 | 001,499,136 | R--- | C] () -- C:\WINDOWS\System32\NVAPanel.exe
[2006/08/31 10:24:13 | 000,002,429 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2006/08/31 10:24:12 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/08/31 10:18:12 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/08/31 10:08:40 | 000,021,844 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/08/31 06:33:57 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/08/31 06:32:19 | 000,139,648 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/10/03 14:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2004/08/04 10:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 10:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 10:00:00 | 000,660,096 | ---- | C] () -- C:\WINDOWS\System32\perfh016.dat
[2004/08/04 10:00:00 | 000,620,892 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 10:00:00 | 000,301,776 | ---- | C] () -- C:\WINDOWS\System32\perfi016.dat
[2004/08/04 10:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 10:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 10:00:00 | 000,147,168 | ---- | C] () -- C:\WINDOWS\System32\perfc016.dat
[2004/08/04 10:00:00 | 000,134,356 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 10:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 10:00:00 | 000,035,178 | ---- | C] () -- C:\WINDOWS\System32\perfd016.dat
[2004/08/04 10:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 10:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 10:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 10:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 10:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/09/16 13:52:28 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2003/09/16 13:43:31 | 000,884,736 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2003/09/16 13:41:43 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2003/04/07 11:30:02 | 000,005,383 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 208 bytes -> C:\WINDOWS\System32\drivers:GbpKmAp.lst
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\TEMP:B5B2FD38

< End of report >

SpyBot installs now.
Congratulations. You are a wizard.
Could you please explain what happened?
Regards.

Adolfo

ken545
2011-10-21, 11:55
Good Morning

1. It happened twice lately that I could not navigate with IE using Favorites Are you still having this issue ?

Fix and log look fine. Still having issues installing Spybot ?

Adolfo Aguiar
2011-10-21, 13:25
Hi Ken,

Please read the end of my previous post.
I'm very interested in knowing what was causing the issue.
Thanks again.

Adolfo

ken545
2011-10-21, 14:06
Well, hard to say, nothing extremely malicious was found in previous scans Search.searchcompletion did alter your search setting in Internet Explorer, we removed that and also reset your hosts file and cleared your DNS cache which was partially responsible for the redirects from your favorites. Its possible that that malware was preventing Spybot from installing, note sure, anyway I am happy that we got you back to normal.


Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups

Malwarebytes is the free version and yours to keep and will not be removed

Keeping your Java updated is very important to the security of your system, info here on how to update
http://forums.spybot.info/showpost.php?p=12880&postcount=2



How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)



Safe Surfn
Ken

ken545
2011-10-25, 11:27
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.