Page 1 of 4 1234 LastLast
Results 1 to 10 of 31

Thread: SB doesn't remove "Somoto.BetterInstaller"

  1. #1
    Junior Member
    Join Date
    Oct 2013
    Posts
    22

    Default SB doesn't remove "Somoto.BetterInstaller"

    Spybot has found "Somoto.BetterInstaller" malware in my PC. Then, after it has been fixed by SB, it is detected in the next scan again.
    I would like to know how to remove definitely this threat from my PC.
    The software from Somoto is already uninstalled but this malware is identified as a registry key type by SB.

  2. #2
    Malware Team: Emeritus
    Join Date
    Oct 2012
    Posts
    246

    Default

    Hi and Welcome!! Adriano Cruz

    My name is Robybel.

    I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
    • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
    • The fixes are specific to your problem and should only be used for the issues on this machine.
    • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
    • It's often worth reading through these instructions and printing them for ease of reference.
    • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
    • Please reply to this thread. Do not start a new topic.


    IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
    DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.


    Vista and Windows 7 users:

    These tools MUST be run from the executable. (.exe) every time you run them
    with Admin Rights (Right click, choose "Run as Administrator")


    Stay with this topic until I give you the all clean post.

    Having said that....Let's get going!!

    ==============================

    Scan with OTL
    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Under Custom Scan paste this in


      netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      explorer.exe
      winlogon.exe
      Userinit.exe
      svchost.exe
      services.exe
      /md5stop
      %systemroot%\*. /rp /s
      %systemdrive%\$Recycle.Bin|@;true;true;true /fp
      DRIVES
      CREATERESTOREPOINT

    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
      • You may need two posts to fit them both in.


    =============================== Next =======================================


    Please download aswMBR.exe and save it to your desktop.
    • Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
    • Allow it to update where necessary
    • Click Scan

      • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
      • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.


    On your next reply please post :
    • OTL.txt
    • Extras.txt
    • aswMBR log

    Let me know if you have any problems in performing with the steps above or any questions you may have.

    Good Day!
    - Proud Graduate of WTT Classroom -

    - Member of UNITE -

  3. #3
    Junior Member
    Join Date
    Oct 2013
    Posts
    22

    Default OTL.txt

    Hi Robybel!

    I appreciate your help and attention!!!!

    Below is the archive OTL.txt. In future posts, I will send the others archives.


    OTL logfile created on: 04/10/2013 16:54:11 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Program Files\OTL
    Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16686)
    Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

    1,99 Gb Total Physical Memory | 0,75 Gb Available Physical Memory | 37,80% Memory free
    3,98 Gb Paging File | 2,46 Gb Available in Paging File | 61,90% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 288,32 Gb Total Space | 245,12 Gb Free Space | 85,02% Space Free | Partition Type: NTFS
    Drive F: | 232,88 Gb Total Space | 89,66 Gb Free Space | 38,50% Space Free | Partition Type: NTFS

    Computer Name: ANAEANO-PC | User Name: anaeano | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Arquivos de Programas\OTL\OTL.exe (OldTimer Tools)
    PRC - C:\Arquivos de Programas\AVG Secure Search\vprot.exe ()
    PRC - C:\Arquivos de Programas\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe (AVG Secure Search)
    PRC - C:\Arquivos de Programas\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe ()
    PRC - C:\Arquivos de Programas\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe (Adobe Systems, Inc.)
    PRC - C:\Arquivos de Programas\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
    PRC - C:\Arquivos de Programas\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Arquivos de Programas\GbPlugin\gbpsv.exe (GAS Tecnologia)
    PRC - C:\Arquivos de Programas\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Arquivos de Programas\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Arquivos de Programas\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Arquivos de Programas\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Arquivos de Programas\PDF24\pdf24.exe (Geek Software GmbH)
    PRC - C:\Arquivos de Programas\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
    PRC - C:\Arquivos de Programas\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
    PRC - C:\Arquivos de Programas\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
    PRC - C:\Arquivos de Programas\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    PRC - C:\Arquivos de Programas\AVG\AVG2013\avgemcx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Arquivos de Programas\DoNotTrackPlus\IE\DNTPService.exe (Abine Inc.)
    PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
    PRC - C:\Arquivos de Programas\Oceanis\SystemSetting\WallPaperAgent.exe (Oceanis)
    PRC - C:\Arquivos de Programas\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
    PRC - C:\Arquivos de Programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
    PRC - C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)


    ========== Modules (No Company Name) ==========

    MOD - C:\Arquivos de Programas\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\log4cplusU.dll ()
    MOD - C:\Arquivos de Programas\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\SiteSafety.dll ()
    MOD - C:\Arquivos de Programas\AVG Secure Search\vprot.exe ()
    MOD - C:\Arquivos de Programas\Mozilla Firefox\mozjs.dll ()
    MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
    MOD - C:\Arquivos de Programas\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
    MOD - C:\Arquivos de Programas\Spybot - Search & Destroy 2\DEC150.bpl ()
    MOD - C:\Arquivos de Programas\DoNotTrackPlus\IE\DNTPButton.dll ()
    MOD - C:\Arquivos de Programas\IZArc\IZArcCM.dll ()


    ========== Services (SafeList) ==========

    SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
    SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
    SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
    SRV - (vToolbarUpdater17.0.12) -- C:\Arquivos de Programas\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe (AVG Secure Search)
    SRV - (MozillaMaintenance) -- C:\Arquivos de Programas\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
    SRV - (avgwd) -- C:\Arquivos de Programas\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    SRV - (GbpSv) -- C:\Arquivos de Programas\GbPlugin\gbpsv.exe (GAS Tecnologia)
    SRV - (AVGIDSAgent) -- C:\Arquivos de Programas\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
    SRV - (SkypeUpdate) -- C:\Arquivos de Programas\Skype\Updater\Updater.exe (Skype Technologies)
    SRV - (WinDefend) -- C:\Arquivos de Programas\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (AdobeARMservice) -- C:\Arquivos de Programas\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    SRV - (WMPNetworkSvc) -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
    SRV - (FreeAgentGoNext Service) -- C:\Arquivos de Programas\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
    SRV - (SeaPort) -- C:\Arquivos de Programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (TVICHW32) -- File not found
    DRV - (BootDefragDriver) -- System32\drivers\BootDefragDriver.sys File not found
    DRV - (NdisrdMP) -- C:\Windows\System32\drivers\GbpNdisrd.sys (GbPlugin NDIS Device Driver)
    DRV - (Ndisrd) -- C:\Windows\System32\drivers\GbpNdisrd.sys (GbPlugin NDIS Device Driver)
    DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)
    DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avglogx) -- C:\Windows\System32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (GbpKm) -- C:\Windows\System32\drivers\gbpkm.sys (GAS Tecnologia)
    DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
    DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
    DRV - (vflt) -- C:\Windows\System32\drivers\vfilter.sys (Shrew Soft Inc)
    DRV - (vnet) -- C:\Windows\System32\drivers\virtualnet.sys (Shrew Soft Inc)
    DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
    DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
    DRV - (AtcL001) -- C:\Windows\System32\drivers\l160x86.sys (Atheros Communications, Inc.)
    DRV - (PAC7302) -- C:\Windows\System32\drivers\PAC7302.SYS (PixArt Imaging Inc.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {96E5BEB0-9B21-4A0F-9ACE-870255201492}
    IE - HKLM\..\SearchScopes\{96E5BEB0-9B21-4A0F-9ACE-870255201492}: "URL" = http://www.bing.com/search?q={searchTerms}&form=POSTDF&pc=MAPT&src=IE-SearchBox


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://positivo.br.msn.comhttp:// [Binary data over 200 bytes]
    IE - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
    IE - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
    IE - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 65 0F 96 0A CD A2 CA 01 [binary data]
    IE - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\..\SearchScopes,DefaultScope = {4869887B-18B6-4360-A362-D83D7786FC3A}
    IE - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\..\SearchScopes\{4869887B-18B6-4360-A362-D83D7786FC3A}: "URL" = http://www.google.com/search?hl=en&q={searchTerms}
    IE - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.suggest.enabled: false
    FF - prefs.js..extensions.enabledAddons: %7B87F8774F-B485-47E2-A755-A40A8A5E886C%7D:3.4.0
    FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:2.2.9.618
    FF - prefs.js..extensions.enabledAddons: idme%40abine.com:1.27.318
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E886C}:1.0.18.2
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E8873}:1.0.11.9
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
    FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid={F3DD3E25-2060-41CB-9696-49ACCD9DFF77}&mid=b1d1872d123f47d6b732d16f5e4fd5b2-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=pt-br&ds=AVG&pr=fr&d=2013-05-14 14:58:13&pid=avg&sg=0&v=15.3.0.11&sap=ku&q="
    FF - prefs.js..network.proxy.no_proxies_on: ""
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
    FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\\npsitesafety.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\gastecnologia.com.br/sf/bb: C:\Users\anaeano\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll (GAS Tecnologia)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\17.0.1.12 [2013/10/02 15:39:53 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/10/01 14:35:51 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{87F8774F-B485-47E2-A755-A40A8A5E886C}: C:\Users\anaeano\AppData\Local\GAS Tecnologia\GBBD\bb\xpi [2013/09/09 15:45:56 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/10/01 14:35:51 | 000,000,000 | ---D | M]

    [2010/01/31 22:21:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\anaeano\AppData\Roaming\mozilla\Extensions
    [2013/09/29 21:41:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\anaeano\AppData\Roaming\mozilla\Firefox\Profiles\rz6dwnof.default\extensions
    [2013/05/28 20:13:13 | 000,000,000 | ---D | M] (Guardiao Itau Unibanco) -- C:\Users\anaeano\AppData\Roaming\mozilla\Firefox\Profiles\rz6dwnof.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8873}
    [2013/07/12 15:33:10 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Users\anaeano\AppData\Roaming\mozilla\Firefox\Profiles\rz6dwnof.default\extensions\donottrackplus@abine.com
    [2013/09/27 15:35:12 | 000,000,000 | ---D | M] (MaskMe) -- C:\Users\anaeano\AppData\Roaming\mozilla\Firefox\Profiles\rz6dwnof.default\extensions\idme@abine.com
    [2013/07/23 19:25:34 | 000,269,092 | ---- | M] () (No name found) -- C:\Users\anaeano\AppData\Roaming\mozilla\firefox\profiles\rz6dwnof.default\extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi
    [2013/07/30 21:03:26 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\anaeano\AppData\Roaming\mozilla\firefox\profiles\rz6dwnof.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2013/10/01 14:35:49 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de Programas\Mozilla Firefox\extensions
    [2013/10/01 14:35:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Arquivos de Programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
    [2013/10/01 14:35:49 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de Programas\Mozilla Firefox\browser\extensions
    [2013/10/01 14:35:57 | 000,000,000 | ---D | M] (Default) -- C:\Arquivos de Programas\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2013/09/09 15:45:56 | 000,000,000 | ---D | M] (GBBD Banco do Brasil) -- C:\USERS\ANAEANO\APPDATA\LOCAL\GAS TECNOLOGIA\GBBD\BB\XPI
    [2013/02/12 01:33:44 | 001,904,472 | ---- | M] (Caminova, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
    [2013/05/20 21:40:17 | 000,003,717 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml

    O1 HOSTS File: ([2013/10/03 15:20:13 | 000,449,438 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 127.0.0.1 123fporn.info
    O1 - Hosts: 15429 more lines...
    O2 - BHO: (ssh2 Class) - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de Programas\Scpad\scpsssh2.dll (Scopus Tecnologia Ltda)
    O2 - BHO: (Do Not Track Me) - {6E45F3E8-2683-4824-A6BE-08108022FB36} - C:\Arquivos de Programas\DoNotTrackPlus\IE\DNTPAddon.dll (Abine)
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de Programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de Programas\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
    O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de Programas\GbPlugin\gbieh.dll (Banco do Brasil)
    O2 - BHO: (Windows 7 Starter Helper) - {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} - C:\Arquivos de Programas\Oceanis\SystemSetting\StarterHelper.dll (Oceanis)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de Programas\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
    O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
    O4 - HKLM..\Run: [PDFPrint] C:\Arquivos de Programas\PDF24\pdf24.exe (Geek Software GmbH)
    O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
    O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Console Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
    O9 - Extra Button: Do Not Track Me (c) Abine - {6E45F3E8-2683-4824-A6BE-08108022FB36} - C:\Arquivos de Programas\DoNotTrackPlus\IE\DNTPAddon.dll (Abine)
    O13 - gopher Prefix: missing
    O15 - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\..Trusted Domains: bancobrasil.com.br ([www] * in Sites confiáveis)
    O15 - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\..Trusted Domains: bancobrasil.com.br ([www14] * in Sites confiáveis)
    O15 - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\..Trusted Domains: bancobrasil.com.br ([www2] * in Sites confiáveis)
    O15 - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\..Trusted Domains: bb.com.br ([www] * in Sites confiáveis)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.204.0.10 200.204.0.138
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03EB143E-8F5A-41A7-B3A9-2827929C5192}: DhcpNameServer = 200.204.0.10 200.204.0.138
    O18 - Protocol\Handler\linkscanner - No CLSID value found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de Programas\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de Programas\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Arquivos de Programas\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de Programas\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Arquivos de Programas\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll (AVG Secure Search)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKU\S-1-5-21-3550818114-746151525-2354952759-1000 Winlogon: Shell - (C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe) - C:\Arquivos de Programas\Oceanis\SystemSetting\WallPaperAgent.exe (Oceanis)
    O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Program Files\GbPlugin\gbieh.dll) - C:\Arquivos de Programas\GbPlugin\gbieh.dll (Banco do Brasil)
    O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
    O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de Programas\Scpad\scpLIB.dll (Scopus Tecnologia Ltda)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Arquivos de Programas\GbPlugin\gbieh.dll (Banco do Brasil)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2010/03/02 21:49:08 | 000,000,062 | ---- | M] () - F:\autorun.inf -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (BootDefrag.exe)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/10/04 16:43:04 | 000,000,000 | ---D | C] -- C:\Program Files\aswMBR
    [2013/10/04 16:42:23 | 000,000,000 | ---D | C] -- C:\Program Files\OTL
    [2013/10/01 14:35:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2013/09/29 21:36:29 | 000,000,000 | ---D | C] -- C:\Users\anaeano\dwhelper
    [2013/09/29 21:20:06 | 000,000,000 | ---D | C] -- C:\Users\anaeano\Local Settings
    [2013/09/26 12:03:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
    [2013/09/26 12:02:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2013/09/26 12:02:50 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
    [2013/09/26 12:02:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    [2013/09/26 12:02:39 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
    [2013/09/26 12:02:39 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
    [2013/09/26 12:02:39 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
    [2013/09/25 17:31:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2013/09/25 17:31:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    [2013/09/25 17:31:42 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
    [2013/09/25 17:31:36 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
    [2013/09/23 20:21:13 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
    [2013/09/20 17:25:19 | 000,000,000 | ---D | C] -- C:\Users\anaeano\AppData\Roaming\vlc
    [2013/09/13 21:28:21 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2013/09/13 21:28:20 | 002,876,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
    [2013/09/13 21:28:20 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2013/09/13 21:28:19 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2013/09/13 21:28:19 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
    [2013/09/13 21:28:18 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
    [2013/09/13 21:28:18 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
    [2013/09/13 21:28:18 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
    [2013/09/13 21:28:18 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
    [2013/09/13 21:28:18 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
    [2013/09/13 13:54:56 | 000,133,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
    [2013/09/13 13:54:55 | 002,348,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2013/09/13 13:54:53 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
    [2013/09/13 13:54:53 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
    [2013/09/13 13:54:53 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
    [2013/09/13 13:54:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
    [2013/09/13 13:54:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
    [2013/09/13 13:54:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
    [2013/09/13 13:54:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    [2013/09/13 13:54:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
    [2013/09/13 13:54:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
    [2013/09/13 13:54:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
    [2013/09/13 13:54:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
    [2013/09/13 13:54:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    [2013/09/13 13:54:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
    [2013/09/13 13:54:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
    [2013/09/13 13:54:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
    [2013/09/13 13:54:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
    [2013/09/13 13:54:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
    [2013/09/13 13:54:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
    [2013/09/13 13:54:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
    [2013/09/13 13:54:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
    [2013/09/13 13:54:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
    [2013/09/13 13:54:50 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    [2013/09/13 13:54:50 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
    [2013/09/13 13:54:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
    [2013/09/13 13:54:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
    [2013/09/13 13:54:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
    [2013/09/13 13:54:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
    [2013/09/13 13:54:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
    [2013/09/13 13:54:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
    [2013/09/13 13:54:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
    [2013/09/12 13:37:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    [2013/09/10 01:34:48 | 000,022,328 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidsshimx.sys
    [2013/09/05 01:43:42 | 000,039,224 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys

    ========== Files - Modified Within 30 Days ==========

    [2013/10/04 16:33:14 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/10/04 16:22:31 | 000,673,162 | ---- | M] () -- C:\Windows\System32\prfh0416.dat
    [2013/10/04 16:22:31 | 000,624,850 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2013/10/04 16:22:31 | 000,131,290 | ---- | M] () -- C:\Windows\System32\prfc0416.dat
    [2013/10/04 16:22:31 | 000,109,232 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2013/10/04 16:22:02 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/10/04 10:33:12 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/10/04 10:33:12 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/10/04 10:25:39 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
    [2013/10/04 10:25:27 | 000,031,088 | ---- | M] (GbPlugin NDIS Device Driver) -- C:\Windows\System32\drivers\GbpNdisrd.sys
    [2013/10/04 10:25:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/10/04 10:25:16 | 1602,936,832 | -HS- | M] () -- C:\hiberfil.sys
    [2013/10/03 15:20:13 | 000,449,438 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2013/10/03 14:54:04 | 000,102,682 | ---- | M] () -- C:\Users\anaeano\Desktop\Sanessol201309.pdf
    [2013/10/02 15:39:55 | 000,003,729 | ---- | M] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml
    [2013/10/02 15:39:28 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
    [2013/09/30 09:44:54 | 000,368,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2013/09/27 16:11:15 | 000,449,438 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20131003-152013.backup
    [2013/09/26 12:02:31 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
    [2013/09/26 12:02:30 | 000,868,264 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
    [2013/09/26 12:02:30 | 000,790,440 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
    [2013/09/26 12:02:30 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
    [2013/09/26 12:02:30 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
    [2013/09/26 12:02:30 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
    [2013/09/25 18:01:09 | 000,449,438 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130927-161115.backup
    [2013/09/20 16:33:26 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
    [2013/09/20 16:33:25 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2013/09/16 19:31:21 | 000,012,288 | ---- | M] () -- C:\Users\anaeano\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/09/10 01:34:48 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidsshimx.sys
    [2013/09/05 01:43:42 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys

    ========== Files Created - No Company Name ==========

    [2013/10/03 14:54:40 | 000,102,682 | ---- | C] () -- C:\Users\anaeano\Desktop\Sanessol201309.pdf
    [2013/09/30 09:44:37 | 000,368,512 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2013/09/25 17:31:50 | 000,002,131 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    [2013/08/10 16:35:18 | 000,720,082 | ---- | C] () -- C:\Users\anaeano\AppData\Roaming\unins000.exe
    [2013/06/26 19:43:41 | 000,003,729 | ---- | C] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml
    [2013/06/25 22:06:50 | 000,029,020 | ---- | C] () -- C:\Users\anaeano\AppData\Roaming\unins000.dat
    [2013/05/09 15:47:31 | 000,000,000 | ---- | C] () -- C:\Program Files\SysTools Outlook PST ViewerArchiving.jpg
    [2013/05/09 15:47:31 | 000,000,000 | ---- | C] () -- C:\Program Files\SysTools Outlook PST ViewerArchiving.C
    [2013/03/29 18:31:01 | 000,000,176 | ---- | C] () -- C:\Windows\REC-NET.INI
    [2011/07/18 07:02:51 | 000,000,000 | ---- | C] () -- C:\Users\anaeano\AppData\Local\{1AE04D38-2B6D-464E-AEBE-CE14B7E98C7D}
    [2011/03/12 16:20:14 | 000,012,288 | ---- | C] () -- C:\Users\anaeano\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/05/09 21:51:19 | 000,000,600 | ---- | C] () -- C:\Users\anaeano\PUTTY.RND
    [2010/03/26 13:27:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/01/31 21:30:24 | 000,007,597 | ---- | C] () -- C:\Users\anaeano\AppData\Local\Resmon.ResmonCfg

    ========== ZeroAccess Check ==========

    [2009/07/14 01:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 22:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 09:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 22:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2013/07/04 16:03:46 | 000,000,000 | ---D | M] -- C:\Users\anaeano\AppData\Roaming\Autodesk
    [2012/12/20 10:16:17 | 000,000,000 | ---D | M] -- C:\Users\anaeano\AppData\Roaming\AVG2013
    [2013/10/01 09:11:38 | 000,000,000 | ---D | M] -- C:\Users\anaeano\AppData\Roaming\DiskDefrag
    [2013/07/07 21:11:34 | 000,000,000 | ---D | M] -- C:\Users\anaeano\AppData\Roaming\GlarySoft
    [2010/05/09 21:38:10 | 000,000,000 | ---D | M] -- C:\Users\anaeano\AppData\Roaming\Hide IP NG
    [2013/07/06 20:52:25 | 000,000,000 | ---D | M] -- C:\Users\anaeano\AppData\Roaming\IrfanView
    [2012/12/20 10:13:56 | 000,000,000 | ---D | M] -- C:\Users\anaeano\AppData\Roaming\TuneUp Software
    [2013/01/10 17:21:17 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
    [2013/01/10 17:21:17 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
    [2013/01/10 17:21:17 | 000,000,000 | ---D | M] -- C:\Users\Usuário Padrão\AppData\Roaming\TuneUp Software

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.exe >

    < MD5 for: EXPLORER.EXE >
    [2013/05/16 10:58:12 | 003,859,928 | ---- | M] (Safer-Networking Ltd.) MD5=03250DB0886A23B1F6C077C5D9F152B0 -- C:\Program Files\Spybot - Search & Destroy 2\explorer.exe
    [2011/02/26 02:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
    [2010/11/20 09:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
    [2011/02/25 02:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
    [2011/02/25 02:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe

    < MD5 for: SERVICES.EXE >
    [2009/07/13 22:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
    [2009/07/13 22:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

    < MD5 for: SVCHOST.EXE >
    [2009/07/13 22:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
    [2009/07/13 22:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
    [2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

    < MD5 for: USERINIT.EXE >
    [2010/11/20 09:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
    [2010/11/20 09:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2010/11/20 09:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
    [2010/11/20 09:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
    [2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

    < %systemroot%\*. /rp /s >

    < %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

    ========== Drive Information ==========

    Physical Drives
    ---------------

    Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
    Interface type: IDE
    Media Type: Fixed hard disk media
    Model: WDC WD3200AAJS-00B4A0 ATA Device
    Partitions: 2
    Status: OK
    Status Info: 0

    Drive: \\\\.\\PHYSICALDRIVE1 -
    Interface type: USB
    Media Type:
    Model: Multi Flash Reader USB Device
    Partitions: 0
    Status: OK
    Status Info: 0

    Drive: \\\\.\\PHYSICALDRIVE2 - External hard disk media
    Interface type: USB
    Media Type: External hard disk media
    Model: Seagate FreeAgent Go USB Device
    Partitions: 1
    Status: OK
    Status Info: 0

    Partitions
    ---------------

    DeviceID: Disk #0, Partition #0
    PartitionType: Unknown
    Bootable: True
    BootPartition: True
    PrimaryPartition: True
    Size: 10,00GB
    Starting Offset: 1048576
    Hidden sectors: 0


    DeviceID: Disk #0, Partition #1
    PartitionType: Installable File System
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 288,00GB
    Starting Offset: 10486808576
    Hidden sectors: 0


    DeviceID: Disk #2, Partition #0
    PartitionType: Installable File System
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 233,00GB
    Starting Offset: 32256
    Hidden sectors: 0


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 2 bytes -> C:\Windows\System32:19C2A9A4_Bb.gbp
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:0B4227B4
    @Alternate Data Stream - 110 bytes -> C:\Windows\System32\drivers:GbpKmAp.lst

    < End of report >

  4. #4
    Junior Member
    Join Date
    Oct 2013
    Posts
    22

    Default Extras.txt

    OTL Extras logfile created on: 04/10/2013 16:54:11 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Program Files\OTL
    Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16686)
    Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

    1,99 Gb Total Physical Memory | 0,75 Gb Available Physical Memory | 37,80% Memory free
    3,98 Gb Paging File | 2,46 Gb Available in Paging File | 61,90% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 288,32 Gb Total Space | 245,12 Gb Free Space | 85,02% Space Free | Partition Type: NTFS
    Drive F: | 232,88 Gb Total Space | 89,66 Gb Free Space | 38,50% Space Free | Partition Type: NTFS

    Computer Name: ANAEANO-PC | User Name: anaeano | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-3550818114-746151525-2354952759-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
    "C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
    "C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
    "C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{012E8031-7144-46A4-B049-AB3B3FDC3CFD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{04A9D2B6-C854-4B07-9883-6DE9BB6AAB26}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{1126F98D-0964-482B-97E9-7F3C401C7DC0}" = rport=137 | protocol=17 | dir=out | app=system |
    "{15AD5EFC-EFB6-4D40-83F0-3D99E1A44A82}" = lport=139 | protocol=6 | dir=in | app=system |
    "{5CA10901-46BB-49E0-B8A4-86B8CB7A0EC1}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{746A0C57-0C83-4D67-B11C-7A86694C4785}" = lport=138 | protocol=17 | dir=in | app=system |
    "{8471C675-6DC8-4AA5-A416-501B8A741486}" = lport=137 | protocol=17 | dir=in | app=system |
    "{9E012FD6-DC6B-4D25-AB44-57029A62C8A7}" = lport=445 | protocol=6 | dir=in | app=system |
    "{9EE2C044-2AD6-4019-93A6-08D0B79D99D0}" = rport=139 | protocol=6 | dir=out | app=system |
    "{AE96FB60-8FCE-4D0B-A356-D884DD4FDFA4}" = rport=445 | protocol=6 | dir=out | app=system |
    "{BE75854B-B99A-4D55-B3A6-C781EB156C23}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{C14D3FCD-E7F2-4253-83BA-0A57373E5A52}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{CA8BA78E-AA3A-4A1E-9534-9DCC02C98F6B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{CCEB6C29-D344-46CA-A0EC-66D18652E722}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{DDC8757C-5B69-4B57-8600-281274B3FA76}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{FCBEA455-58C3-41BC-8B53-8C9797937ABC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{01AC1207-CDEB-46F0-9E10-AF556C2E60F8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{1728057D-4C61-4E9F-A259-0A809CAB0A3D}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
    "{1C8DFE47-8A42-4FFF-AEAF-7F9374CAADDC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{25BA88ED-995E-4034-9E73-14C50C9F5C23}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
    "{27DCA6D6-7D07-4956-B21E-33ED3CA9C295}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
    "{347E3C2C-9995-4541-A5C7-5A0E830990AF}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
    "{355C16FA-7BA7-42DA-A1E8-1D8DD4B82A60}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
    "{4190BE0A-68D2-45C0-8A03-4F03D2A17CB2}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
    "{43F20C69-B04A-47A2-BA22-CFDC8F8515F9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{49C031E9-89C7-4C66-AB86-3D7755763E5F}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
    "{64825EA7-6ADE-4B88-9B4B-4ABA8F268696}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
    "{68448CBC-3D7C-473C-9119-D919E10D3624}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{89AA7339-F6F0-4DC0-BFAC-798B85EA6C3F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{98DE85DB-B481-452D-864E-47028D0A9FB9}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
    "{AE8C3F42-994D-47F2-9CE0-C02AD814279E}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
    "{BC9A260A-887A-4D38-AA5F-7194F719C267}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
    "{BCA2B3A9-8050-4E02-94EB-00A0AD58D2C9}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
    "{CB66A313-251B-4315-A202-46A1660FE26F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{CE8F6EF6-5872-4D1F-8143-5105DD1CBBF2}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
    "{DD6FD93E-94F9-4585-A1AA-25A8DE148CBD}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
    "{DD8414ED-3FEE-4314-9055-A5DACB3D12FC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E18D9D3B-67AE-4400-A719-26BE64A29928}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
    "{E338D381-D763-4CB7-8ED2-9D9996423FC6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{ED0DC637-B8AE-4C3B-8369-574BAD74FE68}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
    "TCP Query User{10CEAFE8-652E-4B3A-8DC8-B929CC06FED0}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
    "TCP Query User{56095BFA-9EDD-4741-A187-34CA9B851705}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
    "TCP Query User{EC243B45-7D2C-43F8-B988-74487D13BAAA}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
    "TCP Query User{F4F02E18-43B5-4CBA-B0DF-01BFE10F4408}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
    "UDP Query User{5B86A2B9-BFC0-4B6C-92BC-2CBBEED432D8}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
    "UDP Query User{9C347BD5-AD13-4294-983F-298F8AAAAAB0}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
    "UDP Query User{CF28B3A2-0D24-40CA-A63E-9D9DDA21DB9D}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
    "UDP Query User{D194D660-96A3-41E9-BE59-46901FF60814}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{03CDDD00-BD57-4326-9480-4C74449AF597}" = PhotoStitch
    "{1C8A4EE2-9D97-440F-9D8D-DA19C9657178}" = AVG 2013
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{20A15757-4AE4-3C82-9711-863C84AFE6AA}" = Microsoft .NET Framework 4 Client Profile PTB Language Pack
    "{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 40
    "{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
    "{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1" = GBBD Banco do Brasil
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
    "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
    "{5df13c1b-bef1-4e1d-b581-44ea38f0e276}_is1" = SysTools Outlook PST Viewer v2.0
    "{631E66F3-5BCC-4FF8-9F42-95AF0BFA38B7}" = AVG 2013
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.6.0
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-0020-0416-0000-0000000FF1CE}" = Pacote de Compatibilidade para o sistema Office 2007
    "{90300416-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
    "{91130416-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business
    "{95120000-00AF-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Portuguese (Brazil))
    "{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth
    "{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.2
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A59AB961-BE82-41E0-B0FB-648DFA6DDEA4}" = PC Camera
    "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1046-7B44-AB0000000001}" = Adobe Reader XI (11.0.04) - Português
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
    "{EB1534A9-7C4F-49A6-B0D9-74D955FB7AF1}" = Document Express DjVu Plug-in
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "A Bíblia Sagrada Versão Digital 6.7 Freeware_is1" = A Bíblia Sagrada Versão Digital 6.7 Freeware
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "AVG" = AVG 2013
    "AVG Secure Search" = AVG Security Toolbar
    "CameraWindowDC8" = Canon Utilities CameraWindow DC 8
    "CameraWindowLauncher" = Canon Utilities CameraWindow
    "Canon MOV Decoder" = Canon MOV Decoder
    "Canon MOV Encoder" = Canon MOV Encoder
    "CCleaner" = CCleaner
    "Do Not Track Me Add-on_is1" = Do Not Track Me Add-on 2.2.8.122
    "ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5" = Receitanet
    "Glary Utilities_is1" = Glary Utilities 2.56.0.1822
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "InstallShield_{03CDDD00-BD57-4326-9480-4C74449AF597}" = Canon Utilities PhotoStitch 3.1
    "InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
    "IrfanView" = IrfanView (remove only)
    "IRPF2013" = IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versão 1.75.0.1300
    "MEPOR" = DIC Michaelis Escolar - Espanhol
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile PTB Language Pack" = Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)
    "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
    "Mozilla Firefox 24.0 (x86 pt-BR)" = Mozilla Firefox 24.0 (x86 pt-BR)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MyCamera" = Canon Utilities MyCamera
    "Oceanis Change Background Windows 7_is1" = Oceanis Change Background Windows 7
    "SMSERIAL" = Motorola SM56 Speakerphone Modem
    "TVWiz" = Intel(R) TV Wizard
    "VLC media player" = VLC media player 2.0.8
    "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
    "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3550818114-746151525-2354952759-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "5b0e7647ff8fae74" = IBA Reader

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 16/12/2012 16:21:02 | Computer Name = anaeano-PC | Source = SideBySide | ID = 16842811
    Description = Falha na geração de contexto de ativação para "c:\program files\microsoft\search
    enhancement pack\search helper\sepsearchhelperie.dll". Erro no arquivo de manifesto
    ou de diretiva c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll",
    na linha 2. Sintaxe XMl inválida.

    Error - 16/12/2012 17:00:16 | Computer Name = anaeano-PC | Source = Windows Backup | ID = 4103
    Description =

    Error - 16/12/2012 17:55:18 | Computer Name = anaeano-PC | Source = Application Error | ID = 1000
    Description = Nome de aplicativo com falha: Explorer.exe, versão: 6.1.7601.17567,
    carimbo de hora: 0x4d6727a7 Nome do módulo de falhas: MSONSEXT.DLL, versão: 10.145.7329.0,
    carimbo de hora: 0x4019138d Código de exceção: 0xc0000005 Deslocamento com falha:
    0x0004f8b5 Identificação do processo com falha: 0xd98 Hora de início do aplicativo
    com falha: 0x01cddbd65c39c207 Caminho do aplicativo com falha: C:\Windows\Explorer.exe
    FCaminho
    do módulo de falhas: C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL Identificação
    do Relatório: 473b17eb-47cb-11e2-b69c-002618ab3c41

    Error - 17/12/2012 16:07:30 | Computer Name = anaeano-PC | Source = SideBySide | ID = 16842811
    Description = Falha na geração de contexto de ativação para "c:\program files\microsoft\search
    enhancement pack\search helper\sepsearchhelperie.dll". Erro no arquivo de manifesto
    ou de diretiva c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll",
    na linha 2. Sintaxe XMl inválida.

    Error - 18/12/2012 16:39:12 | Computer Name = anaeano-PC | Source = SideBySide | ID = 16842811
    Description = Falha na geração de contexto de ativação para "c:\program files\microsoft\search
    enhancement pack\search helper\sepsearchhelperie.dll". Erro no arquivo de manifesto
    ou de diretiva c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll",
    na linha 2. Sintaxe XMl inválida.

    Error - 19/12/2012 16:36:59 | Computer Name = anaeano-PC | Source = SideBySide | ID = 16842811
    Description = Falha na geração de contexto de ativação para "c:\program files\microsoft\search
    enhancement pack\search helper\sepsearchhelperie.dll". Erro no arquivo de manifesto
    ou de diretiva c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll",
    na linha 2. Sintaxe XMl inválida.

    Error - 20/12/2012 10:35:20 | Computer Name = anaeano-PC | Source = SideBySide | ID = 16842811
    Description = Falha na geração de contexto de ativação para "c:\program files\microsoft\search
    enhancement pack\search helper\sepsearchhelperie.dll". Erro no arquivo de manifesto
    ou de diretiva c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll",
    na linha 2. Sintaxe XMl inválida.

    Error - 21/12/2012 11:11:57 | Computer Name = anaeano-PC | Source = SideBySide | ID = 16842811
    Description = Falha na geração de contexto de ativação para "c:\program files\microsoft\search
    enhancement pack\search helper\sepsearchhelperie.dll". Erro no arquivo de manifesto
    ou de diretiva c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll",
    na linha 2. Sintaxe XMl inválida.

    Error - 22/12/2012 15:41:40 | Computer Name = anaeano-PC | Source = SideBySide | ID = 16842811
    Description = Falha na geração de contexto de ativação para "c:\program files\microsoft\search
    enhancement pack\search helper\sepsearchhelperie.dll". Erro no arquivo de manifesto
    ou de diretiva c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll",
    na linha 2. Sintaxe XMl inválida.

    Error - 24/12/2012 13:05:34 | Computer Name = anaeano-PC | Source = Windows Backup | ID = 4103
    Description =

    [ System Events ]
    Error - 02/10/2013 18:17:39 | Computer Name = anaeano-PC | Source = Service Control Manager | ID = 7026
    Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema
    ou de inicialização: vflt

    Error - 02/10/2013 18:17:59 | Computer Name = anaeano-PC | Source = Microsoft-Windows-Application-Experience | ID = 205
    Description = O serviço Auxiliar de Compatibilidade de Programas não pôde executar
    a inicialização da fase dois.

    Error - 02/10/2013 20:37:30 | Computer Name = anaeano-PC | Source = Service Control Manager | ID = 7006
    Description = A chamada ScRegSetValueExW falhou para FailureActions com o seguinte
    erro: %%5

    Error - 03/10/2013 13:45:27 | Computer Name = anaeano-PC | Source = Service Control Manager | ID = 7009
    Description = Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão
    do serviço Spybot-S&D 2 Scanner Service.

    Error - 03/10/2013 13:45:27 | Computer Name = anaeano-PC | Source = Service Control Manager | ID = 7000
    Description = Não foi possível iniciar o serviço Spybot-S&D 2 Scanner Service devido
    ao seguinte erro: %%1053

    Error - 03/10/2013 13:45:33 | Computer Name = anaeano-PC | Source = Service Control Manager | ID = 7026
    Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema
    ou de inicialização: vflt

    Error - 03/10/2013 20:04:40 | Computer Name = anaeano-PC | Source = Service Control Manager | ID = 7006
    Description = A chamada ScRegSetValueExW falhou para FailureActions com o seguinte
    erro: %%5

    Error - 04/10/2013 09:25:59 | Computer Name = anaeano-PC | Source = Service Control Manager | ID = 7009
    Description = Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão
    do serviço Spybot-S&D 2 Scanner Service.

    Error - 04/10/2013 09:25:59 | Computer Name = anaeano-PC | Source = Service Control Manager | ID = 7000
    Description = Não foi possível iniciar o serviço Spybot-S&D 2 Scanner Service devido
    ao seguinte erro: %%1053

    Error - 04/10/2013 09:26:08 | Computer Name = anaeano-PC | Source = Service Control Manager | ID = 7026
    Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema
    ou de inicialização: vflt


    < End of report >

  5. #5
    Junior Member
    Join Date
    Oct 2013
    Posts
    22

    Default aswMBR.log and MBR.dat (zipped)

    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-10-04 17:37:47
    -----------------------------
    17:37:47.077 OS Version: Windows 6.1.7601 Service Pack 1
    17:37:47.077 Number of processors: 2 586 0x170A
    17:37:47.079 ComputerName: ANAEANO-PC UserName: anaeano
    17:37:47.763 Initialize success
    17:52:24.522 AVAST engine defs: 13100401
    17:52:33.701 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
    17:52:33.704 Disk 0 Vendor: WDC_WD3200AAJS-00B4A0 01.03A01 Size: 305245MB BusType: 3
    17:52:33.810 Disk 0 MBR read successfully
    17:52:33.815 Disk 0 MBR scan
    17:52:33.828 Disk 0 Windows 7 default MBR code
    17:52:33.834 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 10000 MB offset 2048
    17:52:33.861 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 295243 MB offset 20482048
    17:52:33.877 Disk 0 scanning sectors +625139712
    17:52:33.966 Disk 0 scanning C:\Windows\system32\drivers
    17:52:50.178 Service scanning
    17:52:58.163 Service GbpKm C:\Windows\system32\drivers\gbpkm.sys **LOCKED** 32
    17:53:20.384 Modules scanning
    17:53:25.358 Disk 0 trace - called modules:
    17:53:25.376 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
    17:53:25.380 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a32030]
    17:53:25.386 3 CLASSPNP.SYS[88fb159e] -> nt!IofCallDriver -> [0x8595a7e0]
    17:53:25.391 5 ACPI.sys[88aab3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x8594d338]
    17:53:26.206 AVAST engine scan C:\Windows
    17:53:29.549 AVAST engine scan C:\Windows\system32
    17:59:27.509 AVAST engine scan C:\Windows\system32\drivers
    17:59:52.500 AVAST engine scan C:\Users\anaeano
    18:03:28.212 AVAST engine scan C:\ProgramData
    18:04:40.973 Scan finished successfully
    18:20:40.404 Disk 0 MBR has been saved successfully to "C:\Program Files\aswMBR\MBR.dat"
    18:20:40.411 The log file has been saved successfully to "C:\Program Files\aswMBR\aswMBR.txt"
    Attached Files Attached Files

  6. #6
    Malware Team: Emeritus
    Join Date
    Oct 2012
    Posts
    246

    Default

    Hi Adriano Cruz

    Good job

    Download Security Check by screen317 from here or here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    Next

    AdwCleaner

    Please download AdwCleaner by Xplode and save to your Desktop.
    • Double click on AdwCleaner.exe to run the tool
      Vista/Windows 7/8 users right-click and select Run As Administrator.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.


    Next

    Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.



    Next


    • Download RogueKiller and save it to your desktop.
    • Quit all other programs
    • Start RogueKiller.exe
    • Wait until the Prescan has finished ...
    • Click on Scan
    • Wait for the end of the scan
    • A report will be created on your desktop.
    • Click on the Delete button
    • Next click on the ShortcutsFix
    • another report will be created on your desktop.


    Please post: All RKreport.txt text files located on your desktop.

    On your next reply please post :
    • checkup.txt
    • AdwCleaner[R0].txt
    • JRT.txt
    • All RKreport.txt

    Let me know if you have any problems in performing with the steps above or any questions you may have.

    Good Day!
    - Proud Graduate of WTT Classroom -

    - Member of UNITE -

  7. #7
    Junior Member
    Join Date
    Oct 2013
    Posts
    22

    Default checkup.txt

    Robybell,

    Here goes the requested files.

    Results of screen317's Security Check version 0.99.74
    Windows 7 Service Pack 1 x86 (UAC is enabled)
    Internet Explorer 10
    ``````````````Antivirus/Firewall Check:``````````````
    AVG AntiVirus Free Edition 2013
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    MVPS Hosts File
    Spybot - Search & Destroy
    CCleaner
    Java 7 Update 40
    Adobe Flash Player 11.8.800.168
    Adobe Reader XI
    Mozilla Firefox (24.0)
    ````````Process Check: objlist.exe by Laurent````````
    Spybot Teatimer.exe is disabled!
    AVG avgwdsvc.exe
    AVG avgrsx.exe
    AVG avgnsx.exe
    AVG avgemc.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:
    ````````````````````End of Log``````````````````````

  8. #8
    Junior Member
    Join Date
    Oct 2013
    Posts
    22

    Default AdwCleaner[R0].txt

    I didn't click on the cleaning\delete button after the scan.

    The softwares configurations I would like to keep is:
    - AVG
    - Internet Explorer
    - Mozilla Firefox


    # AdwCleaner v3.006 - Relatório criado 07/10/2013 às 16:27:37
    # Atualizado 01/10/2013 por Xplode
    # Sistema Operacional : Windows 7 Starter Service Pack 1 (32 bits)
    # Usuário : anaeano - ANAEANO-PC
    # Executando de : C:\Program Files\Adwcleaner\AdwCleaner.exe
    # Opção : Examinar

    ***** [ Serviços ] *****


    ***** [ Arquivos / Pastas ] *****

    Arquivo Encontrado : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
    Pasta Encontrado C:\Program Files\AVG Secure Search
    Pasta Encontrado C:\Program Files\Common Files\AVG Secure Search
    Pasta Encontrado C:\ProgramData\AVG Secure Search
    Pasta Encontrado C:\ProgramData\boost_interprocess
    Pasta Encontrado C:\Users\anaeano\AppData\Local\AVG Secure Search
    Pasta Encontrado C:\Users\anaeano\AppData\LocalLow\AVG Secure Search
    Pasta Encontrado C:\Users\anaeano\AppData\Roaming\Mozilla\Firefox\Profiles\rz6dwnof.default\jetpack

    ***** [ Atalhos ] *****


    ***** [ Registro ] *****

    Chave Encontrada : HKCU\Software\AVG Secure Search
    Chave Encontrada : HKCU\Software\BI
    Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E45F3E8-2683-4824-A6BE-08108022FB36}
    Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E45F3E8-2683-4824-A6BE-08108022FB36}
    Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
    Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
    Chave Encontrada : HKCU\Software\Softonic
    Chave Encontrada : HKCU\Software\YahooPartnerToolbar
    Chave Encontrada : HKLM\Software\AVG Secure Search
    Chave Encontrada : HKLM\Software\AVG Security Toolbar
    Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
    Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
    Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
    Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
    Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
    Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
    Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Chave Encontrada : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
    Chave Encontrada : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Chave Encontrada : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Chave Encontrada : HKLM\SOFTWARE\Classes\ScriptHost.Tool
    Chave Encontrada : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
    Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
    Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
    Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
    Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
    Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Chave Encontrada : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Chave Encontrada : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{6E45F3E8-2683-4824-A6BE-08108022FB36}
    Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
    Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
    Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
    Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
    Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
    Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_barcapture_RASAPI32
    Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_barcapture_RASMANCS
    Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E45F3E8-2683-4824-A6BE-08108022FB36}
    Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
    Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
    Chave Encontrada : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Valor Encontrada : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
    Valor Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
    Valor Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
    Valor Encontrada : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

    ***** [ Navegadores ] *****

    -\\ Internet Explorer v10.0.9200.16686


    -\\ Mozilla Firefox v24.0 (pt-BR)

    [ Arquivo : C:\Users\anaeano\AppData\Roaming\Mozilla\Firefox\Profiles\rz6dwnof.default\prefs.js ]

    Linha encontrada : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\14.0.0.14");
    Linha encontrada : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid={F3DD3E25-2060-41CB-9696-49ACCD9DFF77}&mid=b1d1872d123f47d6b732d16f5e4fd5b2-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=pt-br&ds=AVG&pr=fr[...]

    *************************

    AdwCleaner[R0].txt - [7196 octets] - [07/10/2013 16:27:37]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [7256 octets] ##########

  9. #9
    Junior Member
    Join Date
    Oct 2013
    Posts
    22

    Default JRT.txt

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.0.4 (10.06.2013:1)
    OS: Windows 7 Starter x86
    Ran by anaeano on 07/10/2013 at 16:35:40,95
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\scripthelper.exe
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\viprotocol.dll
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\bi
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthost.tool
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthost.tool.1
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_para_barcapture_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_para_barcapture_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
    Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{031559F6-88B1-46FA-83A8-9901AE84933C}
    Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{03A8C0D7-3246-4186-89F9-7CB4B87962D0}
    Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{04D7AFA4-DAD8-48EB-BE3C-52A12DB15875}
    Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{12329A2A-05E4-44D3-A005-BD1F41B517B0}
    Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{18054F79-DEE3-42E3-9102-727959DA0558}
    Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{18D02EC4-FD7E-4B52-B742-FA93C86A7200}
    Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{1DF0D558-3CDE-471F-9DA3-9C685500C2F8}
    Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{1FE87E6A-99E5-4BAC-8ABE-477A38F377E8}
    Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{2D19DBFC-F96D-46E7-BC82-B3C75E78BBD7}
    Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{303BD25C-51D0-4714-8E5F-05252979B473}
    Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{30DCC627-19E0-4593-940C-7A68667A9C9A}
    Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{32C1BA2B-E6E8-4681-B81D-53325B331040}
    Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{39FE50C8-74F1-42C7-ABB7-1C6060235DE0}
    Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{53B372C2-962B-432D-8C4A-89AA393C9455}
    Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{554A827C-12D7-457D-91C7-D52DEB0CDC2A}
    Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{5A51A726-12E1-4496-8AC2-73CADF5E315D}
    Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{5BCE3297-D65B-4D2B-ADBD-AB8E8D346F0C}
    Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{60CBEB59-D43E-4E64-B5FF-44B0E6CF3572}
    Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{654F156A-EFE5-460F-8C8B-E51F2CA22CB3}
    Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{65F0103B-4352-492F-AEF8-18001E08E9C1}
    Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{6ABA4C57-0DE3-410E-9EE9-8089643CA6BB}
    Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{6AEC1C52-C729-41B6-B164-6A88AA3778F3}
    Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{6DC649FB-91A6-4964-9AF2-8FF11D2FC323}
    Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{788E8F0F-14D0-4330-83AB-50AD4B758645}
    Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{7D03AC96-11D3-4D3E-9E1C-9B7BF890F14A}
    Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{8561B2B7-C0B2-48B1-8C37-6AF83BF7505F}
    Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{8696A651-6D39-46C9-BE9C-BF7F2BCD3DD2}
    Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{8F994AAC-E2F6-4F0C-BE31-6EE2D43B9A74}
    Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{8FF34E29-732F-482A-AD3A-459F9CD12065}
    Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{907F07C6-B720-4FEA-A12B-AC1E94B6B39F}
    Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{91DE90D0-5FD6-4A6B-ADD7-BDB7429794C6}
    Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{A9FC49CB-B88A-440C-ACBA-91AC3994B00C}
    Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{BD2B4D78-F098-4EBC-B9B1-BF289775CF74}
    Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{C14999AF-D8A2-4B98-9BCE-A29E138DC6F3}
    Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{C6A3A253-7FFC-435F-8145-9253EAEF55E9}
    Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{CDE37E5F-D09D-444B-9FD5-BD9503200E5D}
    Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{CF8687CB-BFC1-41C2-9540-BC83C35A492C}
    Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{CFD46C27-5419-4834-A55A-20EFF49EA39D}
    Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{D6D95AE4-1663-45E3-A1F5-9F57B07A0C65}
    Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{DA9482D1-C580-4F9B-B087-20C484336043}
    Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{DCA8DE6B-C842-45C5-940C-669B753A3AA8}
    Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{DE4CB351-22CC-4EBC-84A1-EFDA0044FDB3}
    Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{E3D34EAF-5525-4B40-AF6F-5185B6A64847}
    Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{E64CB22B-716A-49A0-9030-FA35F288414F}
    Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{E8AFA693-A12A-450F-BB01-E464E1A2118F}
    Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{EDD9F07C-18AD-4B15-8D6F-643865BF4BBF}
    Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{F7BFC302-04CA-4C9D-8779-46CE88B6485E}
    Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{F9383060-5475-4F05-9487-9E8DE4CFE778}
    Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{FF204A29-A7AA-41B2-AFBF-DD3365360E1A}



    ~~~ FireFox

    Successfully deleted the following from C:\Users\anaeano\AppData\Roaming\mozilla\firefox\profiles\rz6dwnof.default\prefs.js

    user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid={F3DD3E25-2060-41CB-9696-49ACCD9DFF77}&mid=b1d1872d123f47d6b732d16f5e4fd5b2-ad1491be2ce6c122f6b66faa90e70c2decf7d34
    Emptied folder: C:\Users\anaeano\AppData\Roaming\mozilla\firefox\profiles\rz6dwnof.default\minidumps [36 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 07/10/2013 at 16:37:19,73
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  10. #10
    Junior Member
    Join Date
    Oct 2013
    Posts
    22

    Default RKreport[0]_D_10072013_165239

    RogueKiller V8.7.1 [Oct 3 2013] Por Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Site : http://www.adlice.com/softwares/roguekiller/
    Blog : http://tigzyrk.blogspot.com/

    Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
    Iniciado em : Modo Normal
    Usuario : anaeano [Privilegios de Admnistrador]
    Modo : Remover -- Data : 10/07/2013 16:52:39
    | ARK || FAK || MBR |

    ¤¤¤ Entradas ruins : 0 ¤¤¤

    ¤¤¤ Entradas do Registro : 4 ¤¤¤
    [HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETADO
    [HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETADO
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> SUBSTITUIDO (0)
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> SUBSTITUIDO (0)

    ¤¤¤ As tarefas agendadas : 2 ¤¤¤
    [V1][SUSP PATH] ROC_REG_JAN_DELETE.job : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [7] -> DELETADO
    [V2][SUSP PATH] ROC_REG_JAN_DELETE : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [7] -> DELETADO

    ¤¤¤ entradas de inicialização : 0 ¤¤¤

    ¤¤¤ Os navegadores da Web : 0 ¤¤¤

    ¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤

    ¤¤¤ Driver : [Carregado] ¤¤¤
    [Inline] EAT @explorer.exe (?s_pClassInfo@Bind@DirectUI@@0PAUIClassInfo@2@A) : DUI70.dll -> HOOKED (Unknown @ 0xFF3F8A75)
    [Inline] EAT @explorer.exe (?s_pClassInfo@CCProgressBar@DirectUI@@0PAUIClassInfo@2@A) : DUI70.dll -> HOOKED (Unknown @ 0x6F3F8A92)
    [Inline] EAT @explorer.exe (?s_pClassInfo@CCRadioButton@DirectUI@@0PAUIClassInfo@2@A) : DUI70.dll -> HOOKED (Unknown @ 0x6F3F8A92)
    [Inline] EAT @explorer.exe (?s_pClassInfo@ScrollViewer@DirectUI@@0PAUIClassInfo@2@A) : DUI70.dll -> HOOKED (Unknown @ 0x6F3F8576)
    [Inline] EAT @explorer.exe (RegCreateKeyExW) : pkmws.dll -> HOOKED (C:\Windows\system32\ADVAPI32.dll @ 0x759240FE)
    [Inline] EAT @explorer.exe (RegEnumKeyW) : pkmws.dll -> HOOKED (C:\Windows\system32\ADVAPI32.dll @ 0x7592445B)
    [Inline] EAT @explorer.exe (RegOpenKeyExW) : pkmws.dll -> HOOKED (C:\Windows\system32\ADVAPI32.dll @ 0x7592468D)
    [Inline] EAT @explorer.exe (RegQueryValueExW) : pkmws.dll -> HOOKED (C:\Windows\system32\ADVAPI32.dll @ 0x759246AD)
    [Inline] EAT @explorer.exe (RegisterClipboardFormatW) : pkmws.dll -> HOOKED (C:\Windows\system32\USER32.dll @ 0x7513DF8D)

    ¤¤¤ Hives externas: ¤¤¤

    ¤¤¤ Infecção : ¤¤¤

    ¤¤¤ Arquivo de Hosts: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    [...]


    ¤¤¤ Verificaçao do MBR: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Unidades de disco padrão) - WDC WD3200AAJS-00B4A0 ATA Device +++++
    --- User ---
    [MBR] a3c0de2d82b0627ed1d91fd1074efef4
    [BSP] 081e1d9b6ef823f10f987314a2fbb8ab : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10000 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 20482048 | Size: 295243 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Concluido : << RKreport[0]_D_10072013_165239.txt >>
    RKreport[0]_S_10072013_165157.txt

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •