Spybot won't install

**ken545** · 2011-10-21, 01:21

Hi,

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

Code:

:processes
killallprocesses

:OTL
IE - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.searchcompletion.com/?si=10197&home=1
IE - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.searchcompletion.com/?si=10197&home=1
IE - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.searchcompletion.com/?si=10197&home=1
IE - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.searchcompletion.com/?
IE - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.searchcompletion.com/?si=10197&home=1
IE - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.searchcompletion.com/?
O3 - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.


:Services

:Reg

:Files
ipconfig /flushdns /c





:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

**Adolfo Aguiar** · 2011-10-21, 10:12

Hi Ken,

This is the OTL fix log:

All processes killed
========== PROCESSES ==========
========== OTL ==========
HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search\\Search Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1390067357-1060284298-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Configuração de IP do Windows
Liberação do cache do DNS Resolver bem-sucedida.
C:\Documents and Settings\Adolfo Aguiar.NAIM\Meus documentos\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Adolfo Aguiar.NAIM\Meus documentos\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrador
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: ADOLFO

User: Adolfo Aguiar.NAIM
->Temp folder emptied: 177764 bytes
->Temporary Internet Files folder emptied: 2869564 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: ADOLFO_

User: ADOLFO~1~NAI

User: All Users

User: All Users.WINDOWS

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService.AUTORIDADE NT
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.AUTORIDADE NT.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.AUTORIDADE NT
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.AUTORIDADE NT.000
->Temp folder emptied: 3016 bytes
->Temporary Internet Files folder emptied: 49554 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 44419 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 3,00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 10212011_053336

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Adolfo Aguiar.NAIM\Configurações locais\Temp\~DF2D9A.tmp not found!
File\Folder C:\Documents and Settings\Adolfo Aguiar.NAIM\Configurações locais\Temp\~DF2DAC.tmp not found!
File\Folder C:\Documents and Settings\Adolfo Aguiar.NAIM\Configurações locais\Temp\~DF2E0D.tmp not found!
File\Folder C:\Documents and Settings\Adolfo Aguiar.NAIM\Configurações locais\Temp\~DF2E1F.tmp not found!
File\Folder C:\Documents and Settings\Adolfo Aguiar.NAIM\Configurações locais\Temp\~DF2F2D.tmp not found!
File\Folder C:\Documents and Settings\Adolfo Aguiar.NAIM\Configurações locais\Temp\~DF2F3F.tmp not found!
File\Folder C:\Documents and Settings\Adolfo Aguiar.NAIM\Configurações locais\Temp\~DF2F7B.tmp not found!
File\Folder C:\Documents and Settings\Adolfo Aguiar.NAIM\Configurações locais\Temp\~DF2F8D.tmp not found!
C:\Documents and Settings\Adolfo Aguiar.NAIM\Configurações locais\Temporary Internet Files\Content.IE5\IO02RAZM\showthread[1].htm moved successfully.
C:\Documents and Settings\Adolfo Aguiar.NAIM\Configurações locais\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_e94.dat not found!

Registry entries deleted on Reboot...

This is the OTL scan log:

OTL logfile created on: 21/10/2011 05:47:04 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Adolfo Aguiar.NAIM\Meus documentos\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

991,35 Mb Total Physical Memory | 431,81 Mb Available Physical Memory | 43,56% Memory free
2,34 Gb Paging File | 1,87 Gb Available in Paging File | 80,16% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 76,32 Gb Total Space | 27,08 Gb Free Space | 35,48% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 84,79 Gb Free Space | 18,21% Space Free | Partition Type: NTFS
Drive E: | 149,05 Gb Total Space | 4,11 Gb Free Space | 2,76% Space Free | Partition Type: NTFS

Computer Name: ADOLFO | User Name: Adolfo Aguiar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Adolfo Aguiar.NAIM\Meus documentos\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Arquivos de programas\GbPlugin\gbpsv.exe ( )
PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Arquivos de programas\Clarus\Samsung SecretZone\MSSvc.exe ()
PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Arquivos de programas\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Arquivos de programas\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\NVATray.exe (NVIDIA Corporation)
PRC - C:\WINDOWS\system32\CRYPSERV.EXE ()

========== Modules (No Company Name) ==========

MOD - C:\Arquivos de programas\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Arquivos de programas\Clarus\Samsung SecretZone\MSSvc.exe ()
MOD - C:\Arquivos de programas\Clarus\Samsung SecretZone\MSMgrSDK.dll ()
MOD - C:\Arquivos de programas\Clarus\Samsung SecretZone\MSMgrSDK.EN ()
MOD - C:\Arquivos de programas\Clarus\Samsung SecretZone\MSUtilSDK.dll ()
MOD - C:\WINDOWS\system32\Primomonnt.dll ()
MOD - C:\WINDOWS\system32\CRYPSERV.EXE ()

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (CLTNetCnService) -- File not found
SRV - (AntiVirService) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (GbpSv) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe ( )
SRV - (MSR Service) -- C:\Arquivos de programas\Clarus\Samsung SecretZone\MSSvc.exe ()
SRV - (Apple Mobile Device) -- C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (SMTPSVC) Simple Mail Transfer Protocol (SMTP) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (LiveUpdate) -- C:\Arquivos de programas\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (WinDefend) -- C:\Arquivos de programas\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (ose) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
SRV - (Crypkey License) -- C:\WINDOWS\System32\CRYPSERV.EXE ()

========== Driver Services (SafeList) ==========

DRV - (mvd20) -- File not found
DRV - (mdf15) -- File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (GbpKm) -- C:\WINDOWS\system32\drivers\gbpkm.sys (GAS Tecnologia)
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (vadspdif) -- C:\WINDOWS\system32\drivers\vadspdif.sys (M2Tech)
DRV - (VSPerfDrv100) -- c:\Arquivos de programas\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys (Microsoft Corporation)
DRV - (RsFx0103) -- C:\WINDOWS\system32\drivers\RsFx0103.sys (Microsoft Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (Ca2001v) -- C:\WINDOWS\system32\drivers\Ca2001v.sys (Digital Camera)
DRV - (Proteq) -- C:\WINDOWS\System32\drivers\proteq.sys (PROTEQ)
DRV - (NVENET) -- C:\WINDOWS\system32\drivers\NVENET.sys (NVIDIA Corporation)
DRV - (nvnforce) Service for NVIDIA® nForce(TM) -- C:\WINDOWS\system32\drivers\nvapu.sys (NVIDIA Corporation)
DRV - (nvax) Service for NVIDIA® nForce(TM) -- C:\WINDOWS\system32\drivers\nvax.sys (NVIDIA Corporation)
DRV - (nv_agp) -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys (NVIDIA Corporation)
DRV - (aslm75) -- C:\WINDOWS\system32\drivers\ASLM75.SYS ()
DRV - (Networkx) -- C:\WINDOWS\system32\ckldrv.sys ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/
IE - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL =
IE - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
IE - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 04 A5 30 3C DE CA CB 01 [binary data]
IE - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page =
IE - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Complitly"
FF - prefs.js..browser.search.defaultenginename: "Complitly"
FF - prefs.js..browser.search.order.1: "Complitly"
FF - prefs.js..browser.search.selectedEngine: "Complitly"
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..browser.startup.homepage: "http://search.searchcompletion.com/?si=10197&home=1"
FF - prefs.js..extensions.enabledItems: {9CE11043-9A15-4207-A565-0C94C42D590D}:2.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {33e0daa6-3af3-d8b5-6752-10e949c61516}:1.1
FF - prefs.js..keyword.URL: "http://search.searchcompletion.com/?bs=1&si=10197&q="
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Arquivos de programas\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Arquivos de programas\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Arquivos de programas\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Arquivos de programas\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.3: C:\Arquivos de programas\Microsoft\Web Platform Installer\\npwpidetector.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2011/02/28 10:25:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins [2011/09/16 14:12:45 | 000,000,000 | ---D | M]

[2011/02/28 10:25:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Dados de aplicativos\Mozilla\Extensions
[2011/07/14 17:11:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Dados de aplicativos\Mozilla\Firefox\Profiles\6g0jl2j8.default\extensions
[2011/03/28 10:49:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Dados de aplicativos\Mozilla\Firefox\Profiles\6g0jl2j8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/06 11:58:41 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Dados de aplicativos\Mozilla\Firefox\Profiles\6g0jl2j8.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
[2011/07/14 17:11:06 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de programas\Mozilla Firefox\extensions
[2008/12/10 07:19:06 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\ARQUIVOS DE PROGRAMAS\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\ARQUIVOS DE PROGRAMAS\MOZILLA FIREFOX\EXTENSIONS\{9CE11043-9A15-4207-A565-0C94C42D590D}
[2011/06/06 11:58:40 | 000,003,195 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\Complitly.xml

O1 HOSTS File: ([2011/10/21 05:33:39 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Facilitador de Leitor de Link Adobe PDF) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ssh2 Class) - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll (Scopus Tecnologia Ltda)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Arquivos de programas\GbPlugin\gbiehuni.dll (Banco Unibanco)
O2 - BHO: (Complitly) - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Documents and Settings\Adolfo Aguiar.NAIM\Dados de aplicativos\Complitly\Complitly.dll (SimplyGen)
O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - c:\Arquivos de programas\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize File not found
O4 - HKLM..\Run: [NVIDIA nForce APU1 Utilities] C:\WINDOWS\System32\NVATray.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Arquivos de programas\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 189
O7 - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-21-1390067357-1060284298-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O9 - Extra Button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/downlo...OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeup...tent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanage...ex-2.2.4.1.cab (DLM Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsof...?1157284703812 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeup...tent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA} http://java.sun.com/products/plugin/...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.microsoft.com/downlo...4/clearadj.cab (CTAdjust Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} https://clickbanking.unibanco.com.br...bPluginUni.cab (GbPluginObj Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.6.2.143 201.6.2.23
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F08B6E6-944E-42D8-95E8-D7E57E3E7F11}: DhcpNameServer = 201.6.2.143 201.6.2.23
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de programas\Arquivos comuns\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ GbPluginUni: DllName - (C:\Arquivos de programas\GbPlugin\gbiehuni.dll) - C:\Arquivos de programas\GbPlugin\gbiehuni.dll (Banco Unibanco)
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll (Scopus Tecnologia Ltda)
O22 - SharedTaskScheduler: {A3717295-941D-416F-9384-ED1736729F1C} - scpLIB - C:\Arquivos de programas\Scpad\scpLIB.dll (Scopus Tecnologia Ltda)
O24 - Desktop Components:0 (Minha página inicial atual) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Adolfo Aguiar.NAIM\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Adolfo Aguiar.NAIM\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Arquivos de programas\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Arquivos de programas\GbPlugin\gbiehuni.dll (Banco Unibanco)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/06 01:07:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/21 05:33:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/19 21:10:28 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\ESET
[2011/10/17 20:40:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/10/17 18:19:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Dados de aplicativos\Malwarebytes
[2011/10/17 18:19:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Menu Iniciar\Programas\Malwarebytes' Anti-Malware
[2011/10/17 18:19:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Malwarebytes
[2011/10/17 18:19:17 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/10/17 18:19:17 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Malwarebytes' Anti-Malware
[2011/10/16 19:00:39 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Windows Defender
[2011/10/16 17:05:15 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Greatis
[2011/10/16 16:15:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Menu Iniciar\Programas\Codeforge
[2011/10/16 16:15:44 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Codeforge
[2006/12/31 16:25:04 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Dados de aplicativos\pcouffin.sys
[2004/11/24 16:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll

========== Files - Modified Within 30 Days ==========

[2011/10/21 05:38:40 | 000,000,346 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/10/21 05:36:45 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/21 05:35:40 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2011/10/21 05:35:39 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/10/21 05:35:35 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1390067357-1060284298-682003330-1003.job
[2011/10/21 05:35:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/21 05:33:39 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/10/19 20:50:02 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/17 20:56:22 | 000,005,246 | ---- | M] () -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Desktop\attach.zip
[2011/10/17 18:19:25 | 000,000,847 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/16 18:03:34 | 000,139,648 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/16 17:40:26 | 000,660,096 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat
[2011/10/16 17:40:26 | 000,620,892 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/16 17:40:26 | 000,147,168 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat
[2011/10/16 17:40:26 | 000,134,356 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/16 17:32:56 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/10/03 06:31:16 | 005,971,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/10/01 23:16:00 | 000,000,318 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1390067357-1060284298-682003330-1003.job
[2011/09/26 11:41:48 | 000,613,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\uiautomationcore.dll
[2011/09/26 11:41:48 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\oleaccrc.dll
[2011/09/26 11:41:48 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaccrc.dll
[2011/09/26 11:41:20 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleacc.dll
[2011/09/25 08:19:01 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2011/10/17 20:56:22 | 000,005,246 | ---- | C] () -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Desktop\attach.zip
[2011/10/17 18:19:25 | 000,000,847 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/16 19:44:29 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2011/10/16 19:03:54 | 000,000,346 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/10/16 19:00:43 | 000,001,018 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Menu Iniciar\Programas\Windows Defender.lnk
[2011/08/03 16:09:11 | 000,149,504 | ---- | C] () -- C:\WINDOWS\System32\UNWISE32.EXE
[2011/07/15 10:35:48 | 000,000,125 | ---- | C] () -- C:\WINDOWS\ISLV.INI
[2011/07/15 10:25:24 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\nmocod.dll
[2011/07/15 10:24:56 | 000,066,560 | ---- | C] () -- C:\WINDOWS\System32\D4UNINST.DLL
[2011/07/11 17:15:51 | 000,000,130 | ---- | C] () -- C:\WINDOWS\SConvsft.ini
[2011/02/28 11:54:34 | 000,023,157 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2011/02/28 11:54:33 | 000,001,096 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2011/02/28 11:53:53 | 000,059,801 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2011/02/28 11:53:52 | 000,015,177 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2011/02/28 11:53:51 | 000,017,790 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2011/02/28 10:25:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/01/30 13:35:40 | 000,732,557 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/01/30 13:35:40 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2011/01/30 13:35:40 | 000,206,789 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2011/01/30 13:35:40 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2011/01/30 13:35:39 | 001,557,504 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2011/01/30 13:35:39 | 000,874,647 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2011/01/30 13:35:39 | 000,484,864 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2011/01/30 13:35:39 | 000,257,024 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2011/01/30 13:35:39 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2011/01/30 13:35:39 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2011/01/30 13:35:39 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2011/01/30 13:35:38 | 003,831,004 | ---- | C] () -- C:\WINDOWS\System32\ffmpeg.dll
[2011/01/30 13:35:38 | 001,174,611 | ---- | C] () -- C:\WINDOWS\System32\unins000.exe
[2011/01/30 13:35:38 | 000,047,111 | ---- | C] () -- C:\WINDOWS\System32\unins000.dat
[2010/11/27 20:17:18 | 000,000,135 | -H-- | C] () -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Dados de aplicativos\lakerda1967.sys
[2010/11/27 20:16:37 | 000,010,584 | ---- | C] () -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Dados de aplicativos\docXConverter (3).ini
[2010/07/24 20:55:58 | 000,000,219 | ---- | C] () -- C:\WINDOWS\ImgTool.INI
[2010/07/23 22:17:33 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Dados de aplicativos\iasna_FB9AECF7-F56E-7B2E-A862-9892AA545101.dll
[2009/10/21 10:34:22 | 001,878,831 | ---- | C] () -- C:\WINDOWS\System32\CalculoV32.dll
[2009/10/11 21:02:40 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009/09/12 16:13:15 | 000,003,210 | ---- | C] () -- C:\WINDOWS\DEXT2001.ini
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/30 23:58:42 | 000,000,330 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2009/04/14 22:44:13 | 000,000,064 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2009/04/03 14:44:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2009/03/14 12:19:04 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\MSJCE.dll
[2008/11/01 13:21:10 | 000,040,960 | ---- | C] () -- C:\Arquivos de programas\Uninstall_CDS.exe
[2008/10/25 19:31:13 | 000,154,686 | ---- | C] () -- C:\WINDOWS\hpwins16.dat
[2008/09/09 23:20:46 | 000,108,845 | ---- | C] () -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Configurações locais\Dados de aplicativos\debuggee.mdmp
[2008/08/10 18:48:16 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/06/01 20:25:01 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2008/05/31 22:19:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\MMAVILNG.exe
[2008/05/31 21:50:30 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\qvpqapi.sys
[2008/05/31 21:50:30 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\ijdcapi.sys
[2007/12/24 08:47:52 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/12/22 17:02:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2007/12/03 11:34:32 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2007/11/05 09:42:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2007/09/27 15:48:10 | 000,014,100 | ---- | C] () -- C:\WINDOWS\twspmm.ini
[2007/06/29 08:16:45 | 000,011,244 | ---- | C] () -- C:\WINDOWS\hpwscr16.dat
[2007/06/29 08:14:56 | 000,001,160 | ---- | C] () -- C:\WINDOWS\hpwmdl16.dat
[2007/05/13 11:57:50 | 000,005,644 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\LUUnInstall.LiveUpdate
[2007/03/25 19:15:30 | 000,128,000 | ---- | C] () -- C:\WINDOWS\DesinstWRecnet.exe
[2007/03/25 19:15:30 | 000,122,880 | ---- | C] () -- C:\WINDOWS\DesinstRecnet.exe
[2007/03/25 19:15:30 | 000,005,361 | ---- | C] () -- C:\WINDOWS\DesinstWRecnet.ini
[2007/03/25 12:01:47 | 000,244,984 | ---- | C] () -- C:\WINDOWS\System32\Tutil32.dll
[2006/12/31 16:25:04 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Dados de aplicativos\ezpinst.exe
[2006/12/31 16:25:04 | 000,007,176 | ---- | C] () -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Dados de aplicativos\pcouffin.cat
[2006/12/31 16:25:04 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Dados de aplicativos\pcouffin.inf
[2006/12/21 20:15:32 | 000,000,151 | ---- | C] () -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Configurações locais\Dados de aplicativos\fusioncache.dat
[2006/11/12 16:31:17 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\QTSBandwidthCache
[2006/11/02 13:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe
[2006/09/16 12:52:38 | 000,000,035 | ---- | C] () -- C:\WINDOWS\System32\Program Settings.ini
[2006/09/16 12:52:38 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\winemu51.sys
[2006/09/16 12:49:43 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\winemu60.sys
[2006/09/16 12:40:33 | 000,000,011 | ---- | C] () -- C:\WINDOWS\Indusoft Web Studio 60.ini
[2006/09/16 12:40:29 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\CRYPSERV.EXE
[2006/09/16 12:40:29 | 000,027,648 | ---- | C] () -- C:\WINDOWS\SETUP_CK.EXE
[2006/09/16 12:40:29 | 000,020,768 | ---- | C] () -- C:\WINDOWS\System32\CKLDRV.SYS
[2006/09/16 12:40:29 | 000,011,776 | ---- | C] () -- C:\WINDOWS\CKRFRESH.EXE
[2006/09/16 12:40:29 | 000,000,301 | ---- | C] () -- C:\WINDOWS\PROTEQ.INI
[2006/09/16 12:40:29 | 000,000,197 | ---- | C] () -- C:\WINDOWS\KBDBLOCK.INI
[2006/09/16 12:40:29 | 000,000,070 | ---- | C] () -- C:\WINDOWS\CRYPKEY.INI
[2006/09/16 12:40:28 | 000,153,600 | ---- | C] () -- C:\WINDOWS\CKCONFIG.EXE
[2006/09/16 12:40:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2006/09/16 12:40:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\UniPad.ini
[2006/09/16 12:40:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\UNIODBC.INI
[2006/09/16 12:40:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\UniNDde.ini
[2006/09/16 12:40:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\UniDdeCl.ini
[2006/09/16 12:40:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\UniDde.ini
[2006/09/16 12:40:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\UddeConf.ini
[2006/09/16 12:40:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Trans.ini
[2006/09/16 12:40:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TCPServer.ini
[2006/09/16 12:40:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TCPConf.ini
[2006/09/16 12:40:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TCPClient.ini
[2006/09/16 12:40:27 | 000,004,363 | ---- | C] () -- C:\WINDOWS\Dbm.ini
[2006/09/16 12:40:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Studio Manager.ini
[2006/09/16 12:40:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Slave.ini
[2006/09/16 12:40:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SECURITY.INI
[2006/09/16 12:40:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ReportWriter.ini
[2006/09/16 12:40:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Project.ini
[2006/09/16 12:40:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OPCConf.ini
[2006/09/16 12:40:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OPCClient.ini
[2006/09/16 12:40:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OdbcConf.ini
[2006/09/16 12:40:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\LogWin.ini
[2006/09/16 12:40:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\LOGON.INI
[2006/09/16 12:40:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DrvConf.ini
[2006/09/16 12:40:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Driver.ini
[2006/09/16 12:40:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DdeConf.ini
[2006/09/16 12:40:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DBSPY.INI
[2006/09/16 12:40:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DBFINDER.INI
[2006/09/16 12:40:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AppBuild.ini
[2006/09/16 12:39:55 | 000,004,458 | ---- | C] () -- C:\WINDOWS\IWebStudio51.ini
[2006/09/14 12:51:44 | 000,000,125 | ---- | C] () -- C:\WINDOWS\CDBROWSER.INI
[2006/09/13 15:55:02 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/09/02 20:19:39 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\PMSBFN32.DLL
[2006/09/02 20:19:39 | 000,000,419 | ---- | C] () -- C:\WINDOWS\UMXADDIN.INI
[2006/09/02 14:34:05 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL
[2006/09/01 19:35:42 | 000,000,075 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/09/01 13:23:30 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2006/08/31 21:52:41 | 000,045,568 | ---- | C] () -- C:\Documents and Settings\Adolfo Aguiar.NAIM\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/31 21:41:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PRESTOPM.INI
[2006/08/31 21:37:15 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2006/08/31 21:34:43 | 000,000,029 | ---- | C] () -- C:\WINDOWS\SCNDRVP.INI
[2006/08/31 19:56:52 | 000,000,066 | ---- | C] () -- C:\WINDOWS\EPSC45.ini
[2006/08/31 18:33:26 | 000,000,020 | ---- | C] () -- C:\WINDOWS\InfModM.ini
[2006/08/31 18:06:52 | 000,000,015 | ---- | C] () -- C:\WINDOWS\wgedit.ini
[2006/08/31 16:03:14 | 000,000,772 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/31 13:15:18 | 000,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS
[2006/08/31 10:25:32 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\drivers\jedih2rx.bin
[2006/08/31 10:25:32 | 000,000,122 | R--- | C] () -- C:\WINDOWS\System32\drivers\ramsed.bin
[2006/08/31 10:25:23 | 001,499,136 | R--- | C] () -- C:\WINDOWS\System32\NVAPanel.exe
[2006/08/31 10:24:13 | 000,002,429 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2006/08/31 10:24:12 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/08/31 10:18:12 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/08/31 10:08:40 | 000,021,844 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/08/31 06:33:57 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/08/31 06:32:19 | 000,139,648 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/10/03 14:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2004/08/04 10:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 10:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 10:00:00 | 000,660,096 | ---- | C] () -- C:\WINDOWS\System32\perfh016.dat
[2004/08/04 10:00:00 | 000,620,892 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 10:00:00 | 000,301,776 | ---- | C] () -- C:\WINDOWS\System32\perfi016.dat
[2004/08/04 10:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 10:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 10:00:00 | 000,147,168 | ---- | C] () -- C:\WINDOWS\System32\perfc016.dat
[2004/08/04 10:00:00 | 000,134,356 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 10:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 10:00:00 | 000,035,178 | ---- | C] () -- C:\WINDOWS\System32\perfd016.dat
[2004/08/04 10:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 10:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 10:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 10:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 10:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/09/16 13:52:28 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2003/09/16 13:43:31 | 000,884,736 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2003/09/16 13:41:43 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2003/04/07 11:30:02 | 000,005,383 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 208 bytes -> C:\WINDOWS\System32\drivers:GbpKmAp.lst
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\TEMP:B5B2FD38

< End of report >

SpyBot installs now.
Congratulations. You are a wizard.
Could you please explain what happened?
Regards.

Adolfo

**ken545** · 2011-10-21, 10:55

Good Morning

1. It happened twice lately that I could not navigate with IE using Favorites Are you still having this issue ?

Fix and log look fine. Still having issues installing Spybot ?

**Adolfo Aguiar** · 2011-10-21, 12:25

Hi Ken,

Please read the end of my previous post.
I'm very interested in knowing what was causing the issue.
Thanks again.

Adolfo

**ken545** · 2011-10-21, 13:06

Well, hard to say, nothing extremely malicious was found in previous scans Search.searchcompletion did alter your search setting in Internet Explorer, we removed that and also reset your hosts file and cleared your DNS cache which was partially responsible for the redirects from your favorites. Its possible that that malware was preventing Spybot from installing, note sure, anyway I am happy that we got you back to normal.

Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups

Malwarebytes is the free version and yours to keep and will not be removed

Keeping your Java updated is very important to the security of your system, info here on how to update
http://forums.spybot.info/showpost.p...80&postcount=2

How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
WhattheTech
Grinler BleepingComputer
GeeksTo Go
Dslreports

Safe Surfn
Ken

**ken545** · 2011-10-25, 10:27

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Thread: Spybot won't install

Thread Tools

Display

OTL log

Many thanks

Posting Permissions