SB doesn't remove "Somoto.BetterInstaller"

**Adriano Cruz** · 2013-10-07, 22:11

RogueKiller V8.7.1 [Oct 3 2013] Por Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Site : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Iniciado em : Modo Normal
Usuario : anaeano [Privilegios de Admnistrador]
Modo : Atalhos HJfix -- Data : 10/07/2013 16:53:15
| ARK || FAK || MBR |

¤¤¤ Entradas ruins : 0 ¤¤¤

¤¤¤ Driver : [Carregado] ¤¤¤

¤¤¤ Hives externas: ¤¤¤

¤¤¤ Atributos de arquivos restaurados: ¤¤¤
Área de trabalho: Success 0 / Fail 0
Barra de inicialização rapida: Success 0 / Fail 0
Programas: Success 0 / Fail 0
Menu Iniciar: Success 0 / Fail 0
Pasta do Usuario: Success 10 / Fail 0
Meus Documentos: Success 1 / Fail 1
Meus Favoritos: Success 0 / Fail 0
Minhas Imagens: Success 0 / Fail 0
Minhas Musicas: Success 0 / Fail 0
Meus Videos: Success 0 / Fail 0
Unidade Local: Success 11 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[E:] \Device\HarddiskVolume3 -- 0x2 --> Restored

¤¤¤ Infecção : ¤¤¤

Concluido : << RKreport[0]_SC_10072013_165315.txt >>
RKreport[0]_D_10072013_165239.txt;RKreport[0]_S_10072013_165157.txt

**Adriano Cruz** · 2013-10-07, 22:22

Robybell,

What are host archives? I don't remember I have used anyone of that links listed by OTL and JRT...

I wait your instructions for the next steps.

Adriano.

**Adriano Cruz** · 2013-10-07, 22:48

RogueKiller V8.7.1 [Oct 3 2013] Por Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Site : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Iniciado em : Modo Normal
Usuario : anaeano [Privilegios de Admnistrador]
Modo : Verificar -- Data : 10/07/2013 16:51:57
| ARK || FAK || MBR |

¤¤¤ Entradas ruins : 0 ¤¤¤

¤¤¤ Entradas do Registro : 5 ¤¤¤
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (localhost:21320) -> ENCONTRADO
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> ENCONTRADO
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> ENCONTRADO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> ENCONTRADO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ENCONTRADO

¤¤¤ As tarefas agendadas : 2 ¤¤¤
[V1][SUSP PATH] ROC_REG_JAN_DELETE.job : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [7] -> ENCONTRADO
[V2][SUSP PATH] ROC_REG_JAN_DELETE : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [7] -> ENCONTRADO

¤¤¤ entradas de inicialização : 0 ¤¤¤

¤¤¤ Os navegadores da Web : 0 ¤¤¤

¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤

¤¤¤ Driver : [Carregado] ¤¤¤
[Inline] EAT @explorer.exe (?s_pClassInfo@Bind@DirectUI@@0PAUIClassInfo@2@A) : DUI70.dll -> HOOKED (Unknown @ 0xFF3F8A75)
[Inline] EAT @explorer.exe (?s_pClassInfo@CCProgressBar@DirectUI@@0PAUIClassInfo@2@A) : DUI70.dll -> HOOKED (Unknown @ 0x6F3F8A92)
[Inline] EAT @explorer.exe (?s_pClassInfo@CCRadioButton@DirectUI@@0PAUIClassInfo@2@A) : DUI70.dll -> HOOKED (Unknown @ 0x6F3F8A92)
[Inline] EAT @explorer.exe (?s_pClassInfo@ScrollViewer@DirectUI@@0PAUIClassInfo@2@A) : DUI70.dll -> HOOKED (Unknown @ 0x6F3F8576)
[Inline] EAT @explorer.exe (RegCreateKeyExW) : pkmws.dll -> HOOKED (C:\Windows\system32\ADVAPI32.dll @ 0x759240FE)
[Inline] EAT @explorer.exe (RegEnumKeyW) : pkmws.dll -> HOOKED (C:\Windows\system32\ADVAPI32.dll @ 0x7592445B)
[Inline] EAT @explorer.exe (RegOpenKeyExW) : pkmws.dll -> HOOKED (C:\Windows\system32\ADVAPI32.dll @ 0x7592468D)
[Inline] EAT @explorer.exe (RegQueryValueExW) : pkmws.dll -> HOOKED (C:\Windows\system32\ADVAPI32.dll @ 0x759246AD)
[Inline] EAT @explorer.exe (RegisterClipboardFormatW) : pkmws.dll -> HOOKED (C:\Windows\system32\USER32.dll @ 0x7513DF8D)

¤¤¤ Hives externas: ¤¤¤

¤¤¤ Infecção : ¤¤¤

¤¤¤ Arquivo de Hosts: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]

¤¤¤ Verificaçao do MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Unidades de disco padrão) - WDC WD3200AAJS-00B4A0 ATA Device +++++
--- User ---
[MBR] a3c0de2d82b0627ed1d91fd1074efef4
[BSP] 081e1d9b6ef823f10f987314a2fbb8ab : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10000 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 20482048 | Size: 295243 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Concluido : << RKreport[0]_S_10072013_165157.txt >>

**Adriano Cruz** · 2013-10-08, 15:15

Robybell,

Do not bother replying my question about host file.
I did a research and found out what it is.

My AVG detected RK as a threat and it was needed to deactived AVG to run RK properly.

About the dates RK transfers by itself to the its software owner, may I stay peaceful?

**Dakeyras** · 2013-10-08, 22:08

Hi.

Robybel is currently unavailable and I will be assisting you for the time being...

Please acknowledge this post and then we will go from there, thank you.

**Adriano Cruz** · 2013-10-08, 22:45

Hi Dakeyras!

We can go on!

**Dakeyras** · 2013-10-08, 23:22

Hi.

We can go on!

Acknowledged.

Going back to some questions you raised...

My AVG detected RK as a threat and it was needed to deactived AVG to run RK properly.

Not a problem and at times any security software you have installed(in this case AVG 2013) may give warnings for some of the tools you may be asked to download/use. Be assured, any advised are absolutely safe to download etc...

About the dates RK transfers by itself to the its software owner, may I stay peaceful?

Yes you can, lets proceed as follows shall we...

Re-scan with AdwCleaner:

Right-click on adwcleaner.exe and select Run as Administrator to launch the application.
Now click on the Scan tab >> once the scan is complete click on the Clean tab and follow the prompts.
Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

Note: The log can also be located at C: >> AdwCleaner >> AdwCleaner[S0].txt

Re-scan with OTL:

Right-click on OTL.exe and select Run as Administrator to start OTL.
Under Output, ensure that Standard Output is selected.
Under Extra Registry section, select Use SafeList.
Click the Scan All Users checkbox.
Then click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
- OTL.txt <-- Will be opened
- Extra.txt <-- Will be minimized
Please post the contents of these two Notepad files in your next reply.

Next:

When completed the above, please post back the following in the order asked for:

How is your computer performing now, any further symptoms and or problems encountered ?
AdwCleaner Log.
Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.

**Adriano Cruz** · 2013-10-09, 16:32

# AdwCleaner v3.007 - Relatório criado 09/10/2013 às 11:19:23
# Atualizado 09/10/2013 por Xplode
# Sistema Operacional : Windows 7 Starter Service Pack 1 (32 bits)
# Usuário : anaeano - ANAEANO-PC
# Executando de : C:\AdwCleaner\adwcleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\AVG Secure Search
Pasta Deletada : C:\Program Files\AVG Secure Search
Pasta Deletada : C:\Program Files\Common Files\AVG Secure Search
Pasta Deletada : C:\Users\anaeano\AppData\Local\AVG Secure Search
Pasta Deletada : C:\Users\anaeano\AppData\LocalLow\AVG Secure Search
Pasta Deletada : C:\Users\anaeano\AppData\Roaming\Mozilla\Firefox\Profiles\rz6dwnof.default\jetpack
Arquivo Deletada : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml

***** [ Atalhos ] *****

***** [ Registro ] *****

Valor Deletedo : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Chave Deletedo : HKCU\Software\AVG Secure Search
Chave Deletedo : HKLM\Software\AVG Secure Search
Chave Deletedo : HKLM\Software\AVG Security Toolbar
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search

***** [ Navegadores ] *****

-\\ Internet Explorer v10.0.9200.16686

-\\ Mozilla Firefox v24.0 (pt-BR)

[ Arquivo : C:\Users\anaeano\AppData\Roaming\Mozilla\Firefox\Profiles\rz6dwnof.default\prefs.js ]

Linha deletada : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\14.0.0.14");

*************************

AdwCleaner[R0].txt - [7336 octets] - [07/10/2013 16:27:37]
AdwCleaner[R1].txt - [4135 octets] - [09/10/2013 11:15:29]
AdwCleaner[S0].txt - [3995 octets] - [09/10/2013 11:19:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4055 octets] ##########

**Adriano Cruz** · 2013-10-09, 16:42

OTL logfile created on: 09/10/2013 11:35:32 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Program Files\OTL
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

1,99 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 55,34% Memory free
3,98 Gb Paging File | 2,79 Gb Available in Paging File | 70,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,32 Gb Total Space | 243,98 Gb Free Space | 84,62% Space Free | Partition Type: NTFS

Computer Name: ANAEANO-PC | User Name: anaeano | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/04 16:31:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Arquivos de Programas\OTL\OTL.exe
PRC - [2013/10/01 14:35:57 | 000,274,840 | ---- | M] (Mozilla Corporation) -- C:\Arquivos de Programas\Mozilla Firefox\firefox.exe
PRC - [2013/08/15 11:53:50 | 004,411,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de Programas\AVG\AVG2013\avgui.exe
PRC - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de Programas\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/07/15 11:23:42 | 000,409,640 | ---- | M] (GAS Tecnologia) -- C:\Arquivos de Programas\GbPlugin\gbpsv.exe
PRC - [2013/07/10 01:33:22 | 000,452,144 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de Programas\AVG\AVG2013\avgcsrvx.exe
PRC - [2013/07/04 15:53:28 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de Programas\AVG\AVG2013\avgrsx.exe
PRC - [2013/07/04 15:53:26 | 001,117,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de Programas\AVG\AVG2013\avgnsx.exe
PRC - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de Programas\AVG\AVG2013\avgidsagent.exe
PRC - [2013/06/10 12:08:18 | 000,162,856 | ---- | M] (Geek Software GmbH) -- C:\Arquivos de Programas\PDF24\pdf24.exe
PRC - [2013/05/16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Arquivos de Programas\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/05/16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Arquivos de Programas\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/05/15 13:21:32 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Arquivos de Programas\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013/05/11 07:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Arquivos de Programas\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/03/18 02:38:48 | 000,799,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de Programas\AVG\AVG2013\avgemcx.exe
PRC - [2012/11/22 23:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/02/25 02:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 09:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe
PRC - [2009/12/10 01:51:18 | 000,115,888 | ---- | M] (Oceanis) -- C:\Arquivos de Programas\Oceanis\SystemSetting\WallPaperAgent.exe
PRC - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Arquivos de Programas\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2006/11/03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC7302\Monitor.exe

========== Modules (No Company Name) ==========

MOD - [2013/10/01 14:35:56 | 003,279,768 | ---- | M] () -- C:\Arquivos de Programas\Mozilla Firefox\mozjs.dll

========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe -- (vToolbarUpdater17.0.12)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - [2013/10/01 14:35:57 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Arquivos de Programas\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/15 11:23:42 | 000,409,640 | ---- | M] (GAS Tecnologia) [Auto | Running] -- C:\Arquivos de Programas\GbPlugin\gbpsv.exe -- (GbpSv)
SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Arquivos de Programas\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Arquivos de Programas\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/27 01:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/11 07:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Arquivos de Programas\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/11/20 09:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Arquivos de Programas\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de Programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (TVICHW32)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\BootDefragDriver.sys -- (BootDefragDriver)
DRV - [2013/10/09 11:21:31 | 000,031,088 | ---- | M] (GbPlugin NDIS Device Driver) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GbpNdisrd.sys -- (NdisrdMP)
DRV - [2013/10/09 11:21:31 | 000,031,088 | ---- | M] (GbPlugin NDIS Device Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GbpNdisrd.sys -- (Ndisrd)
DRV - [2013/10/02 15:39:28 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/09/10 01:34:48 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/09/05 01:43:42 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/07/20 01:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/07/20 01:50:56 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/07/20 01:50:56 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/07/20 01:50:50 | 000,171,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/07/01 01:45:28 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/05/08 09:52:48 | 000,049,536 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gbpkm.sys -- (GbpKm)
DRV - [2013/03/21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/11/20 07:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 06:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/09/02 04:18:48 | 000,017,920 | ---- | M] (Shrew Soft Inc) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\vfilter.sys -- (vflt)
DRV - [2010/09/02 04:18:48 | 000,013,824 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\virtualnet.sys -- (vnet)
DRV - [2010/03/26 16:07:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2009/10/26 15:09:06 | 001,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2008/11/12 14:42:00 | 000,046,592 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\l160x86.sys -- (AtcL001)
DRV - [2007/11/08 10:29:52 | 000,458,752 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PAC7302.SYS -- (PAC7302)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{96E5BEB0-9B21-4A0F-9ACE-870255201492}: "URL" = http://www.bing.com/search?q={searchTerms}&form=POSTDF&pc=MAPT&src=IE-SearchBox

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://positivo.br.msn.comhttp:// [Binary data over 200 bytes]
IE - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
IE - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 65 0F 96 0A CD A2 CA 01 [binary data]
IE - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\..\SearchScopes\{4869887B-18B6-4360-A362-D83D7786FC3A}: "URL" = http://www.google.com/search?hl=en&q={searchTerms}
IE - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..extensions.enabledAddons: %7B87F8774F-B485-47E2-A755-A40A8A5E886C%7D:3.4.0
FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:2.2.9.618
FF - prefs.js..extensions.enabledAddons: idme%40abine.com:1.27.318
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E886C}:1.0.18.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E8873}:1.0.11.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\gastecnologia.com.br/sf/bb: C:\Users\anaeano\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll (GAS Tecnologia)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/10/01 14:35:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{87F8774F-B485-47E2-A755-A40A8A5E886C}: C:\Users\anaeano\AppData\Local\GAS Tecnologia\GBBD\bb\xpi [2013/09/09 15:45:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/10/01 14:35:51 | 000,000,000 | ---D | M]

[2010/01/31 22:21:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\anaeano\AppData\Roaming\mozilla\Extensions
[2013/09/29 21:41:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\anaeano\AppData\Roaming\mozilla\Firefox\Profiles\rz6dwnof.default\extensions
[2013/05/28 20:13:13 | 000,000,000 | ---D | M] (Guardiao Itau Unibanco) -- C:\Users\anaeano\AppData\Roaming\mozilla\Firefox\Profiles\rz6dwnof.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8873}
[2013/07/12 15:33:10 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Users\anaeano\AppData\Roaming\mozilla\Firefox\Profiles\rz6dwnof.default\extensions\donottrackplus@abine.com
[2013/09/27 15:35:12 | 000,000,000 | ---D | M] (MaskMe) -- C:\Users\anaeano\AppData\Roaming\mozilla\Firefox\Profiles\rz6dwnof.default\extensions\idme@abine.com
[2013/07/23 19:25:34 | 000,269,092 | ---- | M] () (No name found) -- C:\Users\anaeano\AppData\Roaming\mozilla\firefox\profiles\rz6dwnof.default\extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi
[2013/07/30 21:03:26 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\anaeano\AppData\Roaming\mozilla\firefox\profiles\rz6dwnof.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/10/01 14:35:49 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de Programas\Mozilla Firefox\extensions
[2013/10/01 14:35:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Arquivos de Programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/10/01 14:35:49 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de Programas\Mozilla Firefox\browser\extensions
[2013/10/01 14:35:57 | 000,000,000 | ---D | M] (Default) -- C:\Arquivos de Programas\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/09/09 15:45:56 | 000,000,000 | ---D | M] (GBBD Banco do Brasil) -- C:\USERS\ANAEANO\APPDATA\LOCAL\GAS TECNOLOGIA\GBBD\BB\XPI
[2013/02/12 01:33:44 | 001,904,472 | ---- | M] (Caminova, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll

O1 HOSTS File: ([2013/10/03 15:20:13 | 000,449,438 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15429 more lines...
O2 - BHO: (ssh2 Class) - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de Programas\Scpad\scpsssh2.dll (Scopus Tecnologia Ltda)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de Programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de Programas\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de Programas\GbPlugin\gbieh.dll (Banco do Brasil)
O2 - BHO: (Windows 7 Starter Helper) - {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} - C:\Arquivos de Programas\Oceanis\SystemSetting\StarterHelper.dll (Oceanis)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de Programas\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [PDFPrint] C:\Arquivos de Programas\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Console Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\..Trusted Domains: bancobrasil.com.br ([www] * in Sites confiáveis)
O15 - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\..Trusted Domains: bancobrasil.com.br ([www14] * in Sites confiáveis)
O15 - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\..Trusted Domains: bancobrasil.com.br ([www2] * in Sites confiáveis)
O15 - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\..Trusted Domains: bb.com.br ([www] * in Sites confiáveis)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.204.0.10 200.204.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03EB143E-8F5A-41A7-B3A9-2827929C5192}: DhcpNameServer = 200.204.0.10 200.204.0.138
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de Programas\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de Programas\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Arquivos de Programas\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de Programas\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-3550818114-746151525-2354952759-1000 Winlogon: Shell - (C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe) - C:\Arquivos de Programas\Oceanis\SystemSetting\WallPaperAgent.exe (Oceanis)
O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Program Files\GbPlugin\gbieh.dll) - C:\Arquivos de Programas\GbPlugin\gbieh.dll (Banco do Brasil)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de Programas\Scpad\scpLIB.dll (Scopus Tecnologia Ltda)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Arquivos de Programas\GbPlugin\gbieh.dll (Banco do Brasil)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (BootDefrag.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/07 16:43:29 | 000,000,000 | ---D | C] -- C:\Program Files\RogueKiller
[2013/10/07 16:35:39 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/10/07 16:32:29 | 000,000,000 | ---D | C] -- C:\Program Files\Junkware Removal Tool
[2013/10/07 16:27:20 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/07 16:13:45 | 000,000,000 | ---D | C] -- C:\Program Files\Security check
[2013/10/04 16:43:04 | 000,000,000 | ---D | C] -- C:\Program Files\aswMBR
[2013/10/04 16:42:23 | 000,000,000 | ---D | C] -- C:\Program Files\OTL
[2013/10/01 14:35:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/09/29 21:36:29 | 000,000,000 | ---D | C] -- C:\Users\anaeano\dwhelper
[2013/09/29 21:20:06 | 000,000,000 | ---D | C] -- C:\Users\anaeano\Local Settings
[2013/09/26 12:03:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/09/26 12:02:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/09/26 12:02:50 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/09/26 12:02:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/09/26 12:02:39 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/09/26 12:02:39 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/09/26 12:02:39 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/09/25 17:31:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/09/25 17:31:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/09/25 17:31:42 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2013/09/25 17:31:36 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013/09/23 20:21:13 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2013/09/20 17:25:19 | 000,000,000 | ---D | C] -- C:\Users\anaeano\AppData\Roaming\vlc
[2013/09/13 21:28:21 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/09/13 21:28:20 | 002,876,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/09/13 21:28:20 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/09/13 21:28:19 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/09/13 21:28:19 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/09/13 21:28:18 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/09/13 21:28:18 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/09/13 21:28:18 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/09/13 21:28:18 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/09/13 21:28:18 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/09/13 13:54:56 | 000,133,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2013/09/13 13:54:55 | 002,348,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/09/13 13:54:53 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2013/09/13 13:54:53 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/09/13 13:54:53 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013/09/13 13:54:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/13 13:54:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013/09/13 13:54:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/13 13:54:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/13 13:54:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013/09/13 13:54:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/13 13:54:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/13 13:54:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013/09/13 13:54:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013/09/13 13:54:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/13 13:54:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013/09/13 13:54:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/13 13:54:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/13 13:54:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013/09/13 13:54:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013/09/13 13:54:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013/09/13 13:54:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/13 13:54:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/13 13:54:50 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013/09/13 13:54:50 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/13 13:54:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/13 13:54:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013/09/13 13:54:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/13 13:54:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013/09/13 13:54:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/13 13:54:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013/09/13 13:54:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013/09/12 13:37:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/09/10 01:34:48 | 000,022,328 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidsshimx.sys

========== Files - Modified Within 30 Days ==========

[2013/10/09 11:29:02 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/09 11:29:02 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/09 11:27:58 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/09 11:27:00 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/09 11:21:41 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2013/10/09 11:21:31 | 000,031,088 | ---- | M] (GbPlugin NDIS Device Driver) -- C:\Windows\System32\drivers\GbpNdisrd.sys
[2013/10/09 11:21:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/09 11:21:23 | 1602,936,832 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/08 16:51:30 | 000,076,649 | ---- | M] () -- C:\Users\anaeano\Desktop\certidão de Quitação Eleitoral- Adriano.pdf
[2013/10/04 16:22:31 | 000,673,162 | ---- | M] () -- C:\Windows\System32\prfh0416.dat
[2013/10/04 16:22:31 | 000,624,850 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/10/04 16:22:31 | 000,131,290 | ---- | M] () -- C:\Windows\System32\prfc0416.dat
[2013/10/04 16:22:31 | 000,109,232 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/10/03 15:20:13 | 000,449,438 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/10/02 15:39:55 | 000,003,729 | ---- | M] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml
[2013/10/02 15:39:28 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2013/09/30 09:44:54 | 000,368,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/09/27 16:11:15 | 000,449,438 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20131003-152013.backup
[2013/09/26 12:02:31 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/09/26 12:02:30 | 000,868,264 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2013/09/26 12:02:30 | 000,790,440 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013/09/26 12:02:30 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/09/26 12:02:30 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/09/26 12:02:30 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/09/25 18:01:09 | 000,449,438 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130927-161115.backup
[2013/09/20 16:33:26 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/09/20 16:33:25 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/09/16 19:31:21 | 000,012,288 | ---- | M] () -- C:\Users\anaeano\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/09/10 01:34:48 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidsshimx.sys

========== Files Created - No Company Name ==========

[2013/10/08 16:51:50 | 000,076,649 | ---- | C] () -- C:\Users\anaeano\Desktop\certidão de Quitação Eleitoral- Adriano.pdf
[2013/09/30 09:44:37 | 000,368,512 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/09/25 17:31:50 | 000,002,131 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/08/10 16:35:18 | 000,720,082 | ---- | C] () -- C:\Users\anaeano\AppData\Roaming\unins000.exe
[2013/06/26 19:43:41 | 000,003,729 | ---- | C] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml
[2013/06/25 22:06:50 | 000,029,020 | ---- | C] () -- C:\Users\anaeano\AppData\Roaming\unins000.dat
[2013/05/09 15:47:31 | 000,000,000 | ---- | C] () -- C:\Program Files\SysTools Outlook PST ViewerArchiving.jpg
[2013/05/09 15:47:31 | 000,000,000 | ---- | C] () -- C:\Program Files\SysTools Outlook PST ViewerArchiving.C
[2013/03/29 18:31:01 | 000,000,176 | ---- | C] () -- C:\Windows\REC-NET.INI
[2011/07/18 07:02:51 | 000,000,000 | ---- | C] () -- C:\Users\anaeano\AppData\Local\{1AE04D38-2B6D-464E-AEBE-CE14B7E98C7D}
[2011/03/12 16:20:14 | 000,012,288 | ---- | C] () -- C:\Users\anaeano\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/09 21:51:19 | 000,000,600 | ---- | C] () -- C:\Users\anaeano\PUTTY.RND
[2010/03/26 13:27:02 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/31 21:30:24 | 000,007,597 | ---- | C] () -- C:\Users\anaeano\AppData\Local\Resmon.ResmonCfg

========== ZeroAccess Check ==========

[2009/07/14 01:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 22:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 09:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 22:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 208 bytes -> C:\Windows\System32\drivers:GbpKmAp.lst
@Alternate Data Stream - 2 bytes -> C:\Windows\System32:19C2A9A4_Bb.gbp
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:0B4227B4

< End of report >

**Adriano Cruz** · 2013-10-09, 16:43

OTL Extras logfile created on: 09/10/2013 11:35:32 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Program Files\OTL
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

1,99 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 55,34% Memory free
3,98 Gb Paging File | 2,79 Gb Available in Paging File | 70,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,32 Gb Total Space | 243,98 Gb Free Space | 84,62% Space Free | Partition Type: NTFS

Computer Name: ANAEANO-PC | User Name: anaeano | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3550818114-746151525-2354952759-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{012E8031-7144-46A4-B049-AB3B3FDC3CFD}" = rport=138 | protocol=17 | dir=out | app=system |
"{04A9D2B6-C854-4B07-9883-6DE9BB6AAB26}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1126F98D-0964-482B-97E9-7F3C401C7DC0}" = rport=137 | protocol=17 | dir=out | app=system |
"{15AD5EFC-EFB6-4D40-83F0-3D99E1A44A82}" = lport=139 | protocol=6 | dir=in | app=system |
"{5CA10901-46BB-49E0-B8A4-86B8CB7A0EC1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{746A0C57-0C83-4D67-B11C-7A86694C4785}" = lport=138 | protocol=17 | dir=in | app=system |
"{8471C675-6DC8-4AA5-A416-501B8A741486}" = lport=137 | protocol=17 | dir=in | app=system |
"{9E012FD6-DC6B-4D25-AB44-57029A62C8A7}" = lport=445 | protocol=6 | dir=in | app=system |
"{9EE2C044-2AD6-4019-93A6-08D0B79D99D0}" = rport=139 | protocol=6 | dir=out | app=system |
"{AE96FB60-8FCE-4D0B-A356-D884DD4FDFA4}" = rport=445 | protocol=6 | dir=out | app=system |
"{BE75854B-B99A-4D55-B3A6-C781EB156C23}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C14D3FCD-E7F2-4253-83BA-0A57373E5A52}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CA8BA78E-AA3A-4A1E-9534-9DCC02C98F6B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CCEB6C29-D344-46CA-A0EC-66D18652E722}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DDC8757C-5B69-4B57-8600-281274B3FA76}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FCBEA455-58C3-41BC-8B53-8C9797937ABC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01AC1207-CDEB-46F0-9E10-AF556C2E60F8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1728057D-4C61-4E9F-A259-0A809CAB0A3D}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{1C8DFE47-8A42-4FFF-AEAF-7F9374CAADDC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{25BA88ED-995E-4034-9E73-14C50C9F5C23}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{27DCA6D6-7D07-4956-B21E-33ED3CA9C295}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{347E3C2C-9995-4541-A5C7-5A0E830990AF}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{355C16FA-7BA7-42DA-A1E8-1D8DD4B82A60}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{4190BE0A-68D2-45C0-8A03-4F03D2A17CB2}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{43F20C69-B04A-47A2-BA22-CFDC8F8515F9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{49C031E9-89C7-4C66-AB86-3D7755763E5F}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{64825EA7-6ADE-4B88-9B4B-4ABA8F268696}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{68448CBC-3D7C-473C-9119-D919E10D3624}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{89AA7339-F6F0-4DC0-BFAC-798B85EA6C3F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{98DE85DB-B481-452D-864E-47028D0A9FB9}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{AE8C3F42-994D-47F2-9CE0-C02AD814279E}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{BC9A260A-887A-4D38-AA5F-7194F719C267}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{BCA2B3A9-8050-4E02-94EB-00A0AD58D2C9}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{CB66A313-251B-4315-A202-46A1660FE26F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{CE8F6EF6-5872-4D1F-8143-5105DD1CBBF2}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{DD6FD93E-94F9-4585-A1AA-25A8DE148CBD}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{DD8414ED-3FEE-4314-9055-A5DACB3D12FC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E18D9D3B-67AE-4400-A719-26BE64A29928}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{E338D381-D763-4CB7-8ED2-9D9996423FC6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{ED0DC637-B8AE-4C3B-8369-574BAD74FE68}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"TCP Query User{10CEAFE8-652E-4B3A-8DC8-B929CC06FED0}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{56095BFA-9EDD-4741-A187-34CA9B851705}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{EC243B45-7D2C-43F8-B988-74487D13BAAA}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{F4F02E18-43B5-4CBA-B0DF-01BFE10F4408}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{5B86A2B9-BFC0-4B6C-92BC-2CBBEED432D8}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{9C347BD5-AD13-4294-983F-298F8AAAAAB0}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{CF28B3A2-0D24-40CA-A63E-9D9DDA21DB9D}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{D194D660-96A3-41E9-BE59-46901FF60814}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CDDD00-BD57-4326-9480-4C74449AF597}" = PhotoStitch
"{1C8A4EE2-9D97-440F-9D8D-DA19C9657178}" = AVG 2013
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20A15757-4AE4-3C82-9711-863C84AFE6AA}" = Microsoft .NET Framework 4 Client Profile PTB Language Pack
"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 40
"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1" = GBBD Banco do Brasil
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{5df13c1b-bef1-4e1d-b581-44ea38f0e276}_is1" = SysTools Outlook PST Viewer v2.0
"{631E66F3-5BCC-4FF8-9F42-95AF0BFA38B7}" = AVG 2013
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.6.0
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0416-0000-0000000FF1CE}" = Pacote de Compatibilidade para o sistema Office 2007
"{90300416-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{91130416-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business
"{95120000-00AF-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Portuguese (Brazil))
"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A59AB961-BE82-41E0-B0FB-648DFA6DDEA4}" = PC Camera
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1046-7B44-AB0000000001}" = Adobe Reader XI (11.0.04) - Português
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{EB1534A9-7C4F-49A6-B0D9-74D955FB7AF1}" = Document Express DjVu Plug-in
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"A Bíblia Sagrada Versão Digital 6.7 Freeware_is1" = A Bíblia Sagrada Versão Digital 6.7 Freeware
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG" = AVG 2013
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CCleaner" = CCleaner
"Do Not Track Me Add-on_is1" = Do Not Track Me Add-on 2.2.8.122
"ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5" = Receitanet
"Glary Utilities_is1" = Glary Utilities 2.56.0.1822
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{03CDDD00-BD57-4326-9480-4C74449AF597}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"IrfanView" = IrfanView (remove only)
"IRPF2013" = IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versão 1.75.0.1300
"MEPOR" = DIC Michaelis Escolar - Espanhol
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PTB Language Pack" = Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 24.0 (x86 pt-BR)" = Mozilla Firefox 24.0 (x86 pt-BR)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCamera" = Canon Utilities MyCamera
"Oceanis Change Background Windows 7_is1" = Oceanis Change Background Windows 7
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"TVWiz" = Intel(R) TV Wizard
"VLC media player" = VLC media player 2.0.8
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3550818114-746151525-2354952759-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"5b0e7647ff8fae74" = IBA Reader

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 07/10/2013 17:08:34 | Computer Name = anaeano-PC | Source = SideBySide | ID = 16842811
Description = Falha na geração de contexto de ativação para "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll". Erro no arquivo de manifesto
ou de diretiva c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll",
na linha 2. Sintaxe XMl inválida.

[ System Events ]
Error - 07/10/2013 20:00:30 | Computer Name = anaeano-PC | Source = Service Control Manager | ID = 7006
Description = A chamada ScRegSetValueExW falhou para FailureActions com o seguinte
erro: %%5

Error - 08/10/2013 08:54:39 | Computer Name = anaeano-PC | Source = Service Control Manager | ID = 7026
Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema
ou de inicialização: vflt

Error - 08/10/2013 21:22:02 | Computer Name = anaeano-PC | Source = Service Control Manager | ID = 7006
Description = A chamada ScRegSetValueExW falhou para FailureActions com o seguinte
erro: %%5

Error - 09/10/2013 10:03:42 | Computer Name = anaeano-PC | Source = Service Control Manager | ID = 7009
Description = Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão
do serviço Spybot-S&D 2 Scanner Service.

Error - 09/10/2013 10:03:42 | Computer Name = anaeano-PC | Source = Service Control Manager | ID = 7000
Description = Não foi possível iniciar o serviço Spybot-S&D 2 Scanner Service devido
ao seguinte erro: %%1053

Error - 09/10/2013 10:03:50 | Computer Name = anaeano-PC | Source = Service Control Manager | ID = 7026
Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema
ou de inicialização: vflt

Error - 09/10/2013 10:20:24 | Computer Name = anaeano-PC | Source = Service Control Manager | ID = 7006
Description = A chamada ScRegSetValueExW falhou para FailureActions com o seguinte
erro: %%5

Error - 09/10/2013 10:21:54 | Computer Name = anaeano-PC | Source = Service Control Manager | ID = 7000
Description = Não foi possível iniciar o serviço vToolbarUpdater17.0.12 devido ao
seguinte erro: %%2

Error - 09/10/2013 10:21:57 | Computer Name = anaeano-PC | Source = Service Control Manager | ID = 7026
Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema
ou de inicialização: vflt

< End of report >

Thread: SB doesn't remove "Somoto.BetterInstaller"

Thread Tools

Display

RKreport[0]_SC_10072013_165315

Doubt and next steps

RKreport[0]_S_10072013_165157 (missing file..)

acknowledge

AdwCleaner[S0]

OTL.txt

Extras.txt

Posting Permissions