Jump to content
Sign in to follow this  
jopereira

Virus c:\Windows\System32\services.exe

Recommended Posts

Ok....looks like the fix from Post 22 did not take. Please try to run those instructions again. :)

Share this post


Link to post
Share on other sites

i am running the teet again..

meanwhile, in the last log i posted i noticed that it says that C:\Windows\System32\drivers\afd.sys is infected and should be replaced.. is this meaning anything that could help us?

Share this post


Link to post
Share on other sites
meanwhile, in the last log i posted i noticed that it says that C:\Windows\System32\drivers\afd.sys is infected and should be replaced.. is this meaning anything that could help us?
Oh yes...that is what we are trying to fix. :)

Share this post


Link to post
Share on other sites

ComboFix 12-12-19.02 - Mr Fox 20-12-2012 0:18.4.2 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.351.2070.18.3455.2187 [GMT 0:00]

Executando de: c:\users\Mr Fox\Desktop\ComboFix.exe

Comandos utilizados :: c:\users\Mr Fox\Desktop\CFScript.txt

AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}

FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}

SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2012-11-20 to 2012-12-20 ))))))))))))))))))))))))))))

.

.

2012-12-20 00:52 . 2012-12-20 00:52 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-19 20:15 . 2011-04-24 23:13 110992 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru\components\abhelperxpcom.dll

2012-12-19 20:15 . 2011-04-24 23:13 147856 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll

2012-12-19 20:14 . 2012-12-19 20:14 -------- d-----w- c:\program files (x86)\Kaspersky Lab

2012-12-19 20:14 . 2012-12-20 00:14 -------- d-----w- c:\programdata\Kaspersky Lab

2012-12-19 20:13 . 2012-12-19 20:13 615728 ----a-w- c:\windows\system32\drivers\klif.sys

2012-12-19 16:34 . 2012-12-19 16:34 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-12-19 12:57 . 2012-12-19 12:57 -------- d-----w- c:\users\Mr Fox\AppData\Roaming\Malwarebytes

2012-12-19 12:57 . 2012-12-19 12:57 -------- d-----w- c:\programdata\Malwarebytes

2012-12-19 12:57 . 2012-12-19 12:57 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-12-19 12:57 . 2012-09-29 19:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-17 07:59 . 2012-12-17 07:59 -------- d-----w- c:\programdata\KONAMI

2012-12-17 07:59 . 2012-12-17 07:59 -------- d-----w- c:\program files (x86)\KONAMI

2012-12-15 11:23 . 2012-12-15 11:23 -------- d-----w- c:\programdata\FLEXnet

2012-12-15 11:18 . 2012-12-15 11:18 -------- d-----w- c:\program files\Adobe

2012-12-15 11:15 . 2012-12-15 11:15 -------- d-----w- c:\programdata\ALM

2012-12-15 11:04 . 2012-12-15 11:04 -------- d-----w- c:\windows\SysWow64\spool

2012-12-15 11:01 . 2012-12-15 11:01 -------- d-----w- c:\program files\Common Files\Macrovision Shared

2012-12-15 11:01 . 2012-12-15 11:19 -------- d-----w- c:\program files\Common Files\Adobe

2012-12-15 10:59 . 2012-12-15 10:59 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared

2012-12-15 09:59 . 2012-12-15 10:00 -------- d-----w- C:\temp

2012-12-08 18:33 . 2012-12-08 18:34 -------- d-----w- c:\users\Mr Fox\Cisco Packet Tracer 5.3.3

2012-12-08 18:32 . 2012-12-08 18:32 -------- d-----w- c:\program files (x86)\Cisco Packet Tracer 5.3.3

2012-11-21 21:18 . 2012-11-21 21:19 -------- d-----w- c:\users\Mr Fox\AppData\Roaming\DVDVideoSoft

2012-11-21 21:18 . 2012-11-21 21:18 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft

2012-11-21 21:18 . 2012-11-21 21:18 -------- d-----w- c:\program files (x86)\DVDVideoSoft

.

.

.

((((((((((((((((((((((((((((((((((((( Relatуrio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-19 17:10 . 2012-08-06 18:13 22368 ----a-w- c:\windows\system32\drivers\AFD.SYS

2012-12-19 17:10 . 2009-07-14 00:10 22368 ----a-w- c:\windows\system32\drivers\WS2IFSL.SYS

2012-10-31 00:28 . 2012-09-22 16:27 2478272 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll

2012-10-17 01:31 . 2012-10-21 12:11 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1D8AE8D9-96E3-49B3-BDBC-3E3E82201B8D}\mpengine.dll

2012-09-28 00:18 . 2012-08-06 18:28 65309168 ----a-w- c:\windows\system32\MRT.exe

2012-09-24 23:16 . 2012-11-03 13:10 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-09-22 16:00 . 2012-09-22 16:00 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2012-09-21 20:41 . 2012-09-21 20:42 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-09-21 20:41 . 2012-09-21 20:42 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legнtimas por padrгo nгo sгo apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]

2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\Mr Fox\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\Mr Fox\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\Mr Fox\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BitTorrent"="c:\program files (x86)\BitTorrent\BitTorrent.exe" [2012-10-20 1398680]

"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2012-04-26 3111744]

"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-10-29 3093624]

"Browser Infrastructure Helper"="c:\users\Mr Fox\AppData\Local\Smartbar\Application\Linkury.exe" [2012-11-26 13824]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]

"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2012-08-06 868352]

"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2012-06-28 74752]

"Win7PDF"="c:\program files\PDF Printer for Windows 7\PDF.exe" [bU]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]

"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]

.

c:\users\Mr Fox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Mr Fox\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-17 29428448]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-12-15 1038088]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-17 68440]

R3 WatAdminSvc;Serviзo de Tecnologias de Activaзгo do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-07 1255736]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-09-22 283200]

S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 29488]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]

S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 22544]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]

.

.

Conteъdo da pasta 'Tarefas Agendadas'

.

2012-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4020319423-4195463559-611360456-1000Core.job

- c:\users\Mr Fox\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-06 14:44]

.

2012-12-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4020319423-4195463559-611360456-1000UA.job

- c:\users\Mr Fox\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-06 14:44]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Mr Fox\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Mr Fox\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Mr Fox\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Mr Fox\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-11 2345848]

.

------- Scan Suplementar -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uSearchAssistant = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=PT&userid=71e3e8cf-fb27-464f-ad5c-9d7df577e835&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}

IE: Adicionar ao Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm

FF - ProfilePath - c:\users\Mr Fox\AppData\Roaming\Mozilla\Firefox\Profiles\2vzxlubo.default\

FF - prefs.js: browser.search.selectedEngine - Web Search

FF - prefs.js: browser.startup.homepage - hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=PT&userid=71e3e8cf-fb27-464f-ad5c-9d7df577e835&affid=111583&searchtype=hp&babsrc=lnkry

FF - prefs.js: keyword.URL - hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=PT&userid=71e3e8cf-fb27-464f-ad5c-9d7df577e835&affid=111583&searchtype=ds&babsrc=lnkry&q=

FF - ExtSQL: 2012-11-21 21:18; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\users\Mr Fox\AppData\Roaming\Mozilla\Firefox\Profiles\2vzxlubo.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi

.

- - - - ORFГOS REMOVIDOS - - - -

.

AddRemove-Atlantica Lite Version - c:\ndoors\Atlantica_BR\uninst.exe

.

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,

91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27

"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"=hex:51,66,7a,6c,4c,1d,38,12,f1,9d,97,

02,e5,86,37,08,c7,6b,3b,0b,78,35,a4,a7

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,

9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:ba,32,cb,6c,06,95,cd,01

.

[HKEY_USERS\S-1-5-21-4020319423-4195463559-611360456-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-4020319423-4195463559-611360456-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tempo para conclusгo: 2012-12-20 00:56:05

ComboFix-quarantined-files.txt 2012-12-20 00:56

ComboFix2.txt 2012-12-19 23:37

.

Prй-execuзгo: 18.582.532.096 bytes livres

Pуs execuзгo: 18.514.530.304 bytes livres

.

- - End Of File - - 9A70B497622AA8219C3C563B3DEB4041

Share this post


Link to post
Share on other sites

This infection is blocking us. It is very resilient so I appreciate your patience. :)

FRST

Download the 64 bit version for your system of FRST and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

----------

Share this post


Link to post
Share on other sites

everything is fine until i vet to F8 part.

I select boot with the pen drive i have that FRST, but i cant find anything saying repair your computer. i got the folowing options:

AVG Rescue CD

AVG Rescue CD with disabled framebuffer

AVG rescue CD with resolution selection

boot from floppy disc

boot from hard disk

boot from next device in the bios boot sequence

memtest86+ - advanced memory diagnostic tool

exit to the syslinux boot prompt

Share this post


Link to post
Share on other sites

I guess we will have to do this manually. :)

OTL

  • Download OTL to your desktop.
  • Right-click and Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

----------

Share this post


Link to post
Share on other sites

OTL Extras logfile created on: 20-12-2012 10:50:14 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mr Fox\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000816 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy

3,37 Gb Total Physical Memory | 2,67 Gb Available Physical Memory | 78,99% Memory free

6,75 Gb Paging File | 5,48 Gb Available in Paging File | 81,25% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 84,14 Gb Total Space | 17,32 Gb Free Space | 20,58% Space Free | Partition Type: NTFS

Drive D: | 195,32 Gb Total Space | 12,53 Gb Free Space | 6,42% Space Free | Partition Type: NTFS

Drive G: | 1,90 Gb Total Space | 0,67 Gb Free Space | 35,30% Space Free | Partition Type: FAT32

Computer Name: MRFOX-PC | User Name: Mr Fox | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |

"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |

"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |

"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |

"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{326A48FC-6ABD-4909-9432-952557EE7DCA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{4C892A96-1DF4-4D86-8800-FA1F6AD5CD05}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |

"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |

"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |

"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |

"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |

"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |

"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |

"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |

"{C64B4A71-9105-42D5-AC55-47B5A8D04766}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |

"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{E2C92006-5E40-4198-9897-88FCCDF2D868}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |

"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"TCP Query User{21E46908-0407-4DC2-A450-5BC44805B8A0}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |

"TCP Query User{6F4B14F7-3982-4886-9A63-BCC9F930E44A}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"UDP Query User{C37EF18D-2203-465D-A921-0E91F2FEB7D1}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |

"UDP Query User{CB695722-ABB7-42A7-B005-ABFE14AF2A57}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector

"{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool

"{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{1CB6C387-65A7-327F-B4A5-7DDC75A291AF}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)

"{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables

"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)

"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64

"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64

"{4A8CE6D7-4D52-43B9-970B-03FC75FAD667}" = Microsoft SQL Server System CLR Types (x64)

"{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English

"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64

"{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)

"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64

"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4

"{88BAE373-00F4-3E33-828F-96E89E5E0CB9}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64)

"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4

"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{8FF0ACBD-17A5-3637-95F4-D7C69723E2BF}" = Microsoft Visual Studio 2010 Performance Collection Tools - ENU

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-002A-0816-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Portuguese (Portugal)) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4

"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9D00A8DA-650F-21C6-E787-78756733F15F}" = ATI Catalyst Install Manager

"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{BD430C50-784F-32CD-87E7-A8C47EE6107F}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)

"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DA67488A-2689-4F10-B90F-D2F6977509D6}" = Microsoft SQL Server 2008 R2 Management Objects (x64)

"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4

"{E5A509B4-D9B1-4FD9-B3EF-EDB216AA8651}" = ccc-utility64

"{E6B7BD80-A921-4C72-A68B-44A9EB438BE4}" = Microsoft IntelliType Pro 7.1

"{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0

"Bullzip PDF Printer_is1" = Bullzip PDF Printer 8.2.0.1406

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0

"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU

"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4

"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser

"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4

"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4

"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4

"{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework

"{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1

"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4

"{0FFAC7BB-50DC-CB54-6CA7-A8B74513280B}" = CCC Help Chinese Traditional

"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU

"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4

"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB

"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2

"{1C802083-6D79-78ED-BF1C-601DDF908DD1}" = Catalyst Control Center Core Implementation

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK

"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9

"{28728178-FF15-218B-0B63-012692F42C28}" = CCC Help Danish

"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types

"{2AEBE10C-D819-4EBF-BC60-03BF2327D340}" = Microsoft XML Parser and SDK

"{2D9FEBEE-F1B7-344F-BFDF-760E18332D96}" = Microsoft Visual Studio 2010 SharePoint Developer Tools

"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4

"{32851025-1E46-83A3-1320-471619254E39}" = Catalyst Control Center Localization All

"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4

"{3889988F-762B-4B85-AB17-71C9CC3AE445}" = Messenger Companion

"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4

"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU

"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4

"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin

"{40217B2F-462B-94A4-E84E-6A1C6EDBCE2F}" = CCC Help Swedish

"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools

"{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition

"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials

"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012

"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources

"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace

"{4E6D2462-AB33-40BB-AA9F-3FA3E0DD0290}" = FlatOut 2

"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects

"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs

"{5343A801-92E5-C234-9F27-AB27EC738BF6}" = CCC Help Japanese

"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4

"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter

"{5D22226D-EBC1-C95F-7746-2E3A9F4C97BA}" = CCC Help Russian

"{600C37F2-098B-A165-C1DB-6AE2B89D8D49}" = Catalyst Control Center Graphics Previews Common

"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection

"{61F8CA2C-9A80-8A1B-D3B9-347530CB387F}" = CCC Help Norwegian

"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4

"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support

"{674B407D-EAB1-B6B6-F9BF-C34CEE4CD83F}" = Catalyst Control Center Graphics Light

"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content

"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{69F411C5-4851-6DA9-EA4C-160BEF8788AA}" = CCC Help French

"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319

"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools

"{6DD27E54-2598-0FEC-7CE1-BE00924C0570}" = Catalyst Control Center Graphics Previews Vista

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service

"{7C27114E-6FC8-21F5-E501-FE48F09243DF}" = CCC Help Dutch

"{80237C20-CBF3-F841-4AD5-E727AA86FBD1}" = CCC Help Italian

"{802EE127-D32A-1447-09DC-77419772BCDC}" = CCC Help Portuguese

"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer

"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4

"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable

"{836AFA32-7B8B-2C19-99D9-36EF32B42EB8}" = CCC Help Thai

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4

"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8EA6A274-9C75-40B4-991F-01482D89D1A7}" = Linkury Smartbar

"{90120000-0015-0816-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Portugal)) 2007

"{90120000-0016-0816-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Portugal)) 2007

"{90120000-0017-0000-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer 2007

"{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{37180755-CA2B-40AD-9637-89FB0CE7CB36}" = Microsoft Office SharePoint Designer 2007 Service Pack 1 (SP1)

"{90120000-0017-0409-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (English) 2007

"{90120000-0017-0409-0000-0000000FF1CE}_SharePointDesigner_{E3FED5B9-29D7-42E7-B10D-88AFEAF470F0}" = Microsoft Office SharePoint Designer 2007 Service Pack 1 (SP1)

"{90120000-0018-0816-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2007

"{90120000-0019-0816-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Portugal)) 2007

"{90120000-001A-0816-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Portugal)) 2007

"{90120000-001B-0816-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Portugal)) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0409-0000-0000000FF1CE}_SharePointDesigner_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-040C-0000-0000000FF1CE}_SharePointDesigner_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0816-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Portugal)) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0C0A-0000-0000000FF1CE}_SharePointDesigner_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{00C5525B-3CB3-467D-8100-2E6FB306CD86}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-002A-0000-1000-0000000FF1CE}_SharePointDesigner_{00C5525B-3CB3-467D-8100-2E6FB306CD86}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-002A-0409-1000-0000000FF1CE}_SharePointDesigner_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-002C-0816-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Portugal)) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0044-0816-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Portugal)) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_SharePointDesigner_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-006E-0816-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Portugal)) 2007

"{90120000-00A1-0816-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Portugal)) 2007

"{90120000-00BA-0816-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Portugal)) 2007

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_SharePointDesigner_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0116-0409-1000-0000000FF1CE}_SharePointDesigner_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4

"{946942CB-D078-F33A-A3CD-27E0393507FD}" = CCC Help Turkish

"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail

"{9DBCF44B-77AC-81D8-0F8E-1E60D6330AC2}" = Catalyst Control Center InstallProxy

"{A02CC93A-134F-0319-1438-B1E895B52577}" = CCC Help German

"{A7E1ADB8-162B-7C33-60FB-0561A17BD876}" = CCC Help Spanish

"{A96EEF55-155C-552E-ABB1-6FDAEF5BD944}" = CCC Help Polish

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio

"{AC76BA86-7AD7-1046-7B44-AB0000000001}" = Adobe Reader XI - Portugu�s

"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4

"{ADB25FF0-AEC4-2CFB-130C-2C60D80C5934}" = CCC Help Greek

"{B04D5DA5-11DA-830C-85C6-0FF9185787E7}" = Skins

"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect

"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common

"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4

"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974

"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module

"{BB603E9F-ECE8-7713-B0AC-7E0614E8C058}" = Catalyst Control Center HydraVision Full

"{BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}" = Microsoft Visual Studio 2010 Ultimate - ENU

"{BE232D60-AEA5-502F-ACBF-9AC188A82C21}" = CCC Help Finnish

"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter

"{C15C4AB5-EF5D-5050-273C-4636E3FBE301}" = CCC Help Czech

"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4

"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content

"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger

"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4

"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4

"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E09CD13D-7CE3-351C-1625-8DC7F21A99C0}" = ccc-core-static

"{E373E0E2-20F5-90DF-B315-615EA6E52101}" = Catalyst Control Center Graphics Full Existing

"{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{E6DA746E-1175-88BD-2B16-1DC62018E060}" = CCC Help Chinese Standard

"{E737A098-F161-4B6F-AF22-86AAE34F6FBD}" = Pro Evolution Soccer 2012

"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup

"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager

"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby

"{F053BFD9-4357-6A82-6042-CF919667448F}" = CCC Help English

"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F17EB02C-DA0D-EDEF-2E16-501FB700A710}" = CCC Help Hungarian

"{F5DDC0CD-F13A-83F0-5103-563A17EA306F}" = CCC Help Korean

"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4

"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4

"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs

"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"AC3Filter_is1" = AC3Filter 2.5b

"Adobe Acrobat 5.0" = Adobe Acrobat 5.0

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection

"Atlantica" = Atlantica

"Atlantica Lite Version" = Atlantica Lite Version

"BitTorrent" = BitTorrent

"BSPlayerf" = BS.Player FREE

"Cisco Packet Tracer 5.3.3_is1" = Cisco Packet Tracer 5.3.3

"DAEMON Tools Pro" = DAEMON Tools Pro

"ENTERPRISE" = Microsoft Office Enterprise 2007

"Free YouTube Download_is1" = Free YouTube Download version 3.1.40.1031

"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware vers�o 1.65.1.1000

"Microsoft Visual Studio 2010 Ultimate - ENU" = Microsoft Visual Studio 2010 Ultimate - ENU

"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools

"Mozilla Firefox 16.0.2 (x86 pt-PT)" = Mozilla Firefox 16.0.2 (x86 pt-PT)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Notepad++" = Notepad++

"SharePointDesigner" = Microsoft Office SharePoint Designer 2007

"VLC media player" = VLC media player 2.0.3

"WampServer 2_is1" = WampServer 2.2

"Winamp" = Winamp

"WinLiveSuite" = Windows Live Essentials

"WinRAR archiver" = WinRAR 4.20 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4020319423-4195463559-611360456-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

"Google Chrome" = Google Chrome

"Upshift StrikeRacer" = Upshift StrikeRacer

"Winamp Detect" = Winamp Detectar Aplica��o

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 19-12-2012 15:44:51 | Computer Name = MrFox-PC | Source = Schedule | ID = 0

Description =

Error - 19-12-2012 15:51:25 | Computer Name = MrFox-PC | Source = Schedule | ID = 0

Description =

Error - 19-12-2012 16:25:58 | Computer Name = MrFox-PC | Source = Schedule | ID = 0

Description =

Error - 19-12-2012 19:22:39 | Computer Name = MrFox-PC | Source = Application Hang | ID = 1002

Description = O programa Explorer.EXE vers�o 6.1.7601.17567 deixou de interagir

com o Windows e foi fechado. Para verificar se existem mais informa��es dispon�veis

sobre o problema, consulte o hist�rico de problemas no painel de controlo do Centro

de Ac��o. ID do Processo: 65c Hora de In�cio: 01cdde270f171838 Hora de Fim: 11735 Caminho

da Aplica��o: C:\Windows\Explorer.EXE ID do Relat�rio: f06d4a9e-4a32-11e2-b0d0-0018f3442219

Error - 19-12-2012 19:28:04 | Computer Name = MrFox-PC | Source = Application Error | ID = 1000

Description = Nome da aplica��o com falha: PEV.exe, vers�o: 0.0.0.0, carimbo de

data/hora: 0x4e06cfe8 Nome do m�dulo com falha: PEV.exe, vers�o: 0.0.0.0, carimbo

de data/hora: 0x4e06cfe8 C�digo de excep��o: 0x40000015 Desvio de falha: 0x0008d1c0

ID

do processo com falha: 0xad8 Data/hora de in�cio da aplica��o com falha: 0x01cdde407d7eae84

Caminho

da aplica��o com falha: C:\ComboFix\PEV.exe Caminho do m�dulo com falha: C:\ComboFix\PEV.exe

ID

do Relat�rio: bbfbd821-4a33-11e2-b0d0-0018f3442219

Error - 19-12-2012 19:37:56 | Computer Name = MrFox-PC | Source = Schedule | ID = 0

Description =

Error - 19-12-2012 19:43:49 | Computer Name = MrFox-PC | Source = Schedule | ID = 0

Description =

Error - 19-12-2012 20:56:06 | Computer Name = MrFox-PC | Source = Schedule | ID = 0

Description =

Error - 19-12-2012 21:05:59 | Computer Name = MrFox-PC | Source = Schedule | ID = 0

Description =

Error - 20-12-2012 05:00:46 | Computer Name = MrFox-PC | Source = Schedule | ID = 0

Description =

[ System Events ]

Error - 20-12-2012 06:46:58 | Computer Name = MrFox-PC | Source = Service Control Manager | ID = 7023

Description = O servi�o M�dulos de Cria��o de Chaves IKE e AuthIP IPsec terminou

com o seguinte erro: %%13876

Error - 20-12-2012 06:46:59 | Computer Name = MrFox-PC | Source = Service Control Manager | ID = 7023

Description = O servi�o M�dulos de Cria��o de Chaves IKE e AuthIP IPsec terminou

com o seguinte erro: %%13876

Error - 20-12-2012 06:47:09 | Computer Name = MrFox-PC | Source = Service Control Manager | ID = 7000

Description = O servi�o HTTP falhou o arranque devido ao seguinte erro: %%22

Error - 20-12-2012 06:47:09 | Computer Name = MrFox-PC | Source = Service Control Manager | ID = 7001

Description = O servi�o Anfitri�o do Fornecedor de Detec��o de Fun��es depende do

servi�o HTTP o qual falhou o arranque devido ao seguinte erro: %%22

Error - 20-12-2012 06:47:09 | Computer Name = MrFox-PC | Source = Service Control Manager | ID = 7000

Description = O servi�o HTTP falhou o arranque devido ao seguinte erro: %%22

Error - 20-12-2012 06:47:09 | Computer Name = MrFox-PC | Source = Service Control Manager | ID = 7001

Description = O servi�o Anfitri�o do Fornecedor de Detec��o de Fun��es depende do

servi�o HTTP o qual falhou o arranque devido ao seguinte erro: %%22

Error - 20-12-2012 06:48:15 | Computer Name = MrFox-PC | Source = Service Control Manager | ID = 7000

Description = O servi�o HTTP falhou o arranque devido ao seguinte erro: %%22

Error - 20-12-2012 06:48:15 | Computer Name = MrFox-PC | Source = Service Control Manager | ID = 7001

Description = O servi�o Anfitri�o do Fornecedor de Detec��o de Fun��es depende do

servi�o HTTP o qual falhou o arranque devido ao seguinte erro: %%22

Error - 20-12-2012 06:48:15 | Computer Name = MrFox-PC | Source = Service Control Manager | ID = 7000

Description = O servi�o HTTP falhou o arranque devido ao seguinte erro: %%22

Error - 20-12-2012 06:48:15 | Computer Name = MrFox-PC | Source = Service Control Manager | ID = 7001

Description = O servi�o Anfitri�o do Fornecedor de Detec��o de Fun��es depende do

servi�o HTTP o qual falhou o arranque devido ao seguinte erro: %%22

< End of report >

Share this post


Link to post
Share on other sites

OTL logfile created on: 20-12-2012 10:50:14 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mr Fox\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000816 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy

3,37 Gb Total Physical Memory | 2,67 Gb Available Physical Memory | 78,99% Memory free

6,75 Gb Paging File | 5,48 Gb Available in Paging File | 81,25% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 84,14 Gb Total Space | 17,32 Gb Free Space | 20,58% Space Free | Partition Type: NTFS

Drive D: | 195,32 Gb Total Space | 12,53 Gb Free Space | 6,42% Space Free | Partition Type: NTFS

Drive G: | 1,90 Gb Total Space | 0,67 Gb Free Space | 35,30% Space Free | Partition Type: FAT32

Computer Name: MRFOX-PC | User Name: Mr Fox | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Mr Fox\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Users\Mr Fox\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

PRC - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Linkury.exe (Smartbar)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)

PRC - C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe (DT Soft Ltd)

PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)

========== Modules (No Company Name) ==========

MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.Resources.AutomaticUpdates.dll ()

MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll ()

MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll ()

MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll ()

MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.GUI.Multimedia.Loader.dll ()

MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll ()

MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.Personalization.BusinessLogic.dll ()

MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.XmlSerializers.dll ()

MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.Resources.SideBySide.dll ()

MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll ()

MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\pt\Smartbar.Resources.LanguageSettings.resources.dll ()

MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll ()

MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.Resources.ProcessDownMonitor.dll ()

MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll ()

MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.Resources.Utilities.dll ()

MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll ()

MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll ()

MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll ()

MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\MACTrackBarLib.dll ()

MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll ()

MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.EventManager.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\626d0ac2f4ada682d7ca6c4ebf821469\CustomMarshalers.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\761fd1afc17f11bf6d49c3a7d16465ca\System.Web.Services.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()

MOD - C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll ()

MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtWebKit4.dll ()

MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll ()

MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll ()

MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll ()

MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll ()

MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll ()

MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll ()

MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtWebKit\qmlwebkitplugin.dll ()

MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll ()

MOD - C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt_b77a5c561934e089\mscorlib.resources.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt_b77a5c561934e089\System.resources.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.)

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SRV - (FLEXnet Licensing Service 64) -- C:\Programas\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)

SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)

SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (wampapache) -- c:\wamp\bin\apache\apache2.2.22\bin\httpd.exe (Apache Software Foundation)

SRV - (wampmysqld) -- c:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe ()

SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)

SRV - (wlidsvc) -- C:\Programas\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)

DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)

DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)

DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation)

DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)

DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}

IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?publisher=OC&dpid=OC&co=PT&userid=71e3e8cf-fb27-464f-ad5c-9d7df577e835&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4020319423-4195463559-611360456-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-PT

IE - HKU\S-1-5-21-4020319423-4195463559-611360456-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperbar.com/?publisher=OC&dpid=OC&co=PT&userid=71e3e8cf-fb27-464f-ad5c-9d7df577e835&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}

IE - HKU\S-1-5-21-4020319423-4195463559-611360456-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperbar.com/?publisher=OC&dpid=OC&co=PT&userid=71e3e8cf-fb27-464f-ad5c-9d7df577e835&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}

IE - HKU\S-1-5-21-4020319423-4195463559-611360456-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-4020319423-4195463559-611360456-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Web Search"

FF - prefs.js..browser.startup.homepage: "http://feed.helperbar.com/?publisher=OC&dpid=OC&co=PT&userid=71e3e8cf-fb27-464f-ad5c-9d7df577e835&affid=111583&searchtype=hp&babsrc=lnkry"

FF - prefs.js..extensions.enabledAddons: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:2.0.7

FF - prefs.js..keyword.URL: "http://feed.helperbar.com/?publisher=OC&dpid=OC&co=PT&userid=71e3e8cf-fb27-464f-ad5c-9d7df577e835&affid=111583&searchtype=ds&babsrc=lnkry&q="

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mr Fox\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mr Fox\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012-12-19 20:14:31 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-11-16 15:57:21 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-11-16 15:57:21 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012-09-13 18:15:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mr Fox\AppData\Roaming\mozilla\Extensions

[2012-11-27 23:36:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mr Fox\AppData\Roaming\mozilla\Firefox\Profiles\2vzxlubo.default\extensions

[2012-11-27 23:30:28 | 000,000,000 | ---D | M] ("Linkury Smartbar") -- C:\Users\Mr Fox\AppData\Roaming\mozilla\Firefox\Profiles\2vzxlubo.default\extensions\helperbar@helperbar.com

[2012-09-13 18:21:30 | 000,341,143 | ---- | M] () (No name found) -- C:\Users\Mr Fox\AppData\Roaming\mozilla\firefox\profiles\2vzxlubo.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi

[2012-11-27 23:36:36 | 000,035,614 | ---- | M] () (No name found) -- C:\Users\Mr Fox\AppData\Roaming\mozilla\firefox\profiles\2vzxlubo.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi

[2012-12-16 21:18:11 | 000,002,455 | ---- | M] () -- C:\Users\Mr Fox\AppData\Roaming\mozilla\firefox\profiles\2vzxlubo.default\searchplugins\Web Search.xml

[2012-12-19 20:15:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012-12-19 20:15:25 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\mozilla firefox\extensions\KavAntiBanner@Kaspersky.ru

[2012-12-19 20:15:15 | 000,000,000 | ---D | M] (Conselheiro de URLs da Kaspersky) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru

[2012-11-16 15:57:21 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012-09-06 03:23:16 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml

[2012-09-06 03:23:16 | 000,001,529 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\priberam.xml

[2012-09-06 03:23:16 | 000,002,071 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\sapo.xml

[2012-09-06 03:23:16 | 000,000,942 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-ptpt.xml

========== Chrome ==========

CHR - homepage: http://www.google.pt/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},

CHR - homepage: http://www.google.pt/

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mr Fox\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mr Fox\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Mr Fox\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Mr Fox\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll

CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Mr Fox\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll

CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Mr Fox\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll

CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Mr Fox\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Mr Fox\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - Extension: wareztuga.tv streamer = C:\Users\Mr Fox\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajnommifabkikkfaponcacapkfaghkcj\3.4_0\

CHR - Extension: James White = C:\Users\Mr Fox\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm\3_0\

CHR - Extension: YouTube = C:\Users\Mr Fox\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Adblock Plus = C:\Users\Mr Fox\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\

CHR - Extension: Pesquisa do Google = C:\Users\Mr Fox\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Pixlr-o-matic = C:\Users\Mr Fox\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehcibdjmpjlekgjhepbfmenfppliikcj\1.2_0\

CHR - Extension: AdBlock = C:\Users\Mr Fox\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.52_0\

CHR - Extension: Gmail = C:\Users\Mr Fox\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012-12-19 17:04:24 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)

O2 - BHO: (Facilitador de Leitor de Link Adobe PDF) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)

O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)

O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [Win7PDF] C:\Program Files\PDF Printer for Windows 7\PDF.exe File not found

O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)

O4 - HKU\S-1-5-21-4020319423-4195463559-611360456-1000..\Run: [bitTorrent] C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)

O4 - HKU\S-1-5-21-4020319423-4195463559-611360456-1000..\Run: [browser Infrastructure Helper] C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Linkury.exe (Smartbar)

O4 - HKU\S-1-5-21-4020319423-4195463559-611360456-1000..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)

O4 - HKU\S-1-5-21-4020319423-4195463559-611360456-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()

O4 - Startup: C:\Users\Mr Fox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Mr Fox\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-4020319423-4195463559-611360456-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-4020319423-4195463559-611360456-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: Adicionar ao Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()

O8 - Extra context menu item: Adicionar ao Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()

O9:64bit: - Extra Button: &Teclado virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)

O9:64bit: - Extra Button: Verificação de U&RLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)

O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: &Teclado virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: Verificação de U&RLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O12 - Plugin for: .spop - C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programas\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011-11-22 16:53:20 | 000,000,000 | RHSD | M] - G:\autorun.inf -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012-12-20 10:24:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mr Fox\Desktop\OTL.exe

[2012-12-20 01:18:11 | 001,461,035 | ---- | C] (Farbar) -- C:\Users\Mr Fox\Desktop\FRST64.exe

[2012-12-20 01:06:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012-12-19 20:15:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2012

[2012-12-19 20:14:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab

[2012-12-19 20:14:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab

[2012-12-19 20:13:53 | 000,615,728 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys

[2012-12-19 20:01:03 | 000,697,869 | ---- | C] (Farbar) -- C:\Users\Mr Fox\Desktop\FSS.exe

[2012-12-19 19:10:00 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012-12-19 18:11:15 | 145,618,136 | ---- | C] (Kaspersky Lab) -- C:\Users\Mr Fox\Desktop\kis12.0.0.374pt_pt.exe

[2012-12-19 18:03:46 | 058,676,470 | ---- | C] (Kaspersky Lab) -- C:\Users\Mr Fox\Desktop\Não confirmado 91230.crdownload

[2012-12-19 16:45:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012-12-19 16:45:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012-12-19 16:45:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012-12-19 16:43:30 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{48B7FA61-8D1D-4014-B6FB-0CFF9C8EE542}

[2012-12-19 16:34:15 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%

[2012-12-19 16:32:32 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012-12-19 16:32:21 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012-12-19 16:29:41 | 005,012,372 | R--- | C] (Swearware) -- C:\Users\Mr Fox\Desktop\ComboFix.exe

[2012-12-19 13:48:52 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Mr Fox\Desktop\aswMBR.exe

[2012-12-19 12:58:00 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Mr Fox\Desktop\dds.com

[2012-12-19 12:57:13 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Roaming\Malwarebytes

[2012-12-19 12:57:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012-12-19 12:57:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012-12-19 12:57:04 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012-12-19 12:57:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012-12-18 22:51:59 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\Desktop\Música

[2012-12-18 16:10:41 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{EE8FD508-E5B3-4ACF-8DB6-196959C50018}

[2012-12-17 18:19:19 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\Desktop\Hardwell

[2012-12-17 18:19:10 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\Desktop\Afrojack

[2012-12-17 08:07:58 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\Documents\KONAMI

[2012-12-17 07:59:57 | 000,000,000 | ---D | C] -- C:\ProgramData\KONAMI

[2012-12-17 07:59:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KONAMI

[2012-12-17 07:54:51 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{0955C0CA-954D-4C07-BFFC-C35855B47F99}

[2012-12-16 09:48:02 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{DBCF6190-4D70-4A38-9476-1ED5595BA9B0}

[2012-12-15 21:47:44 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{11080D91-D531-4546-BF73-F737C3332827}

[2012-12-15 12:28:17 | 000,000,000 | R--D | C] -- C:\Users\Mr Fox\Desktop\JOÃO

[2012-12-15 11:29:48 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\Desktop\IMAGENS

[2012-12-15 11:23:44 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet

[2012-12-15 11:18:33 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe

[2012-12-15 11:15:23 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM

[2012-12-15 11:04:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool

[2012-12-15 11:02:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS4

[2012-12-15 11:01:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared

[2012-12-15 11:01:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

[2012-12-15 10:59:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared

[2012-12-15 09:59:49 | 000,000,000 | ---D | C] -- C:\temp

[2012-12-15 09:56:38 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\Desktop\battleship_v9

[2012-12-14 15:38:10 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{98DE45EC-E72C-451B-8A2B-B69F14160733}

[2012-12-13 18:30:33 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{4DBA1B76-71BC-448D-8950-BBCC5ADC79AF}

[2012-12-12 22:19:41 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\Desktop\SS12_13

[2012-12-12 18:44:49 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{E88F6FB8-4FC8-4E5C-A3D8-5EC17E79B143}

[2012-12-11 07:30:15 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{36CCA143-BB9B-4ED9-889E-F9DCEAEFD561}

[2012-12-10 18:30:23 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{017B298B-F55D-4B2F-BD21-888B2799F820}

[2012-12-08 18:33:48 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\Cisco Packet Tracer 5.3.3

[2012-12-08 18:32:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Packet Tracer

[2012-12-08 18:32:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco Packet Tracer 5.3.3

[2012-12-08 18:16:55 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\Desktop\SvM-fds

[2012-12-08 18:00:11 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{DA8164C5-5ABD-4808-9BA3-79096790DF2E}

[2012-12-07 14:48:59 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{982E790E-B35E-4020-8EAB-11952F1B2A66}

[2012-12-06 18:32:19 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{564EFFF2-A244-4DA2-AE8B-BC17425D39E9}

[2012-12-05 18:49:22 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{A3217B5A-DE7A-4EE5-BE87-B0F560C3BBBF}

[2012-12-04 15:08:17 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{AB1658E3-66CB-4143-A347-02A1EBF14B65}

[2012-12-03 18:51:04 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{5BA70093-A411-4DFE-9D97-9950B89B699F}

[2012-12-02 12:57:17 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{EF0887C9-4724-4B28-BF24-E19D10C34E95}

[2012-12-01 12:27:54 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{6214E485-8D57-4775-B139-AE2331DB54F9}

[2012-11-30 15:07:24 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{44E89FC2-48F4-4BF4-A71A-D52996B719CF}

[2012-11-29 19:31:09 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{D38D2B55-479A-49DA-A362-BFCC4740B912}

[2012-11-28 19:36:25 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{F8448C5C-5296-46F2-B7C9-07B38287C0BD}

[2012-11-27 15:05:08 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{8E586098-BEAF-4DA1-A69B-4D4DAA7CD950}

[2012-11-26 19:00:07 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{7E7B9E68-0CAD-4926-BF29-B51450931A7B}

[2012-11-25 12:21:42 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{BBCBCE1D-4549-4677-A124-FC6257B49F7E}

[2012-11-24 13:00:37 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{487D922E-43D9-4878-822E-F8F1AADF4ADC}

[2012-11-23 15:12:11 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{525C1633-4B8D-4B11-948B-EC1AA153A896}

[2012-11-22 18:55:03 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{92FFBFB7-9F07-4D13-978B-769ADD7ADA5D}

[2012-11-21 21:18:52 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Roaming\DVDVideoSoftIEHelpers

[2012-11-21 21:18:51 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Roaming\DVDVideoSoft

[2012-11-21 21:18:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft

[2012-11-21 21:18:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft

[2012-11-21 21:18:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft

[2012-11-21 18:46:10 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{E2C74862-BCEF-463A-9377-27C40CF03109}

[2012-11-20 15:08:15 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{C4F4928F-B755-4CE0-917C-B264A42D004E}

========== Files - Modified Within 30 Days ==========

[2012-12-20 10:51:57 | 001,648,554 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012-12-20 10:51:57 | 000,718,554 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat

[2012-12-20 10:51:57 | 000,651,910 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012-12-20 10:51:57 | 000,151,536 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat

[2012-12-20 10:51:57 | 000,120,842 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012-12-20 10:46:59 | 000,196,608 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl

[2012-12-20 10:46:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012-12-20 10:25:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mr Fox\Desktop\OTL.exe

[2012-12-20 09:07:59 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012-12-20 09:07:59 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012-12-20 09:00:37 | 2717,310,976 | -HS- | M] () -- C:\hiberfil.sys

[2012-12-20 09:00:01 | 000,003,280 | ---- | M] () -- C:\bootsqm.dat

[2012-12-20 01:18:10 | 001,461,035 | ---- | M] (Farbar) -- C:\Users\Mr Fox\Desktop\FRST64.exe

[2012-12-19 20:47:26 | 000,165,376 | ---- | M] () -- C:\Users\Mr Fox\Desktop\SystemLook_x64.exe

[2012-12-19 20:15:30 | 000,151,619 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat

[2012-12-19 20:15:29 | 000,107,075 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat

[2012-12-19 20:13:53 | 000,615,728 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys

[2012-12-19 20:01:02 | 000,697,869 | ---- | M] (Farbar) -- C:\Users\Mr Fox\Desktop\FSS.exe

[2012-12-19 18:19:01 | 145,618,136 | ---- | M] (Kaspersky Lab) -- C:\Users\Mr Fox\Desktop\kis12.0.0.374pt_pt.exe

[2012-12-19 18:15:01 | 000,001,026 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4020319423-4195463559-611360456-1000UA.job

[2012-12-19 18:07:49 | 058,676,470 | ---- | M] (Kaspersky Lab) -- C:\Users\Mr Fox\Desktop\Não confirmado 91230.crdownload

[2012-12-19 17:04:24 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012-12-19 16:44:46 | 000,001,000 | ---- | M] () -- C:\Users\Mr Fox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2012-12-19 16:44:44 | 000,001,020 | ---- | M] () -- C:\Users\Mr Fox\Desktop\Dropbox.lnk

[2012-12-19 16:30:05 | 005,012,372 | R--- | M] (Swearware) -- C:\Users\Mr Fox\Desktop\ComboFix.exe

[2012-12-19 13:54:26 | 000,000,512 | ---- | M] () -- C:\Users\Mr Fox\Desktop\MBR.dat

[2012-12-19 13:49:36 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Mr Fox\Desktop\aswMBR.exe

[2012-12-19 13:19:30 | 000,142,995 | ---- | M] () -- C:\Users\Mr Fox\Desktop\1.png

[2012-12-19 12:58:01 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Mr Fox\Desktop\dds.com

[2012-12-19 12:57:06 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012-12-19 12:52:13 | 000,508,159 | ---- | M] () -- C:\Users\Mr Fox\Desktop\Sem Título.png

[2012-12-18 21:28:26 | 000,000,974 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4020319423-4195463559-611360456-1000Core.job

[2012-12-17 08:11:04 | 000,001,737 | ---- | M] () -- C:\Users\Mr Fox\Desktop\PES - 2012.lnk

[2012-12-15 21:48:05 | 003,023,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012-12-15 11:23:18 | 000,001,682 | ---- | M] () -- C:\Users\Mr Fox\Desktop\Photoshop.exe - Atalho.lnk

[2012-12-15 10:11:31 | 000,001,638 | ---- | M] () -- C:\Users\Mr Fox\Desktop\battleship_v7.sln

[2012-12-08 21:05:44 | 000,000,190 | ---- | M] () -- C:\Users\Mr Fox\.packettracer

[2012-12-08 18:32:57 | 000,001,243 | ---- | M] () -- C:\Users\Mr Fox\Desktop\Cisco Packet Tracer.lnk

[2012-11-27 18:55:29 | 000,001,495 | ---- | M] () -- C:\Users\Mr Fox\Desktop\Visual Studio 2010 - Atalho.lnk

[2012-11-22 20:15:12 | 144,600,276 | ---- | M] () -- C:\Users\Mr Fox\Desktop\Rltion.1.09.rar

========== Files Created - No Company Name ==========

[2012-12-20 09:00:01 | 000,003,280 | ---- | C] () -- C:\bootsqm.dat

[2012-12-19 20:47:27 | 000,165,376 | ---- | C] () -- C:\Users\Mr Fox\Desktop\SystemLook_x64.exe

[2012-12-19 20:15:30 | 000,151,619 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat

[2012-12-19 20:15:29 | 000,107,075 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat

[2012-12-19 16:45:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012-12-19 16:45:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012-12-19 16:45:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012-12-19 16:45:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012-12-19 16:45:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012-12-19 13:54:26 | 000,000,512 | ---- | C] () -- C:\Users\Mr Fox\Desktop\MBR.dat

[2012-12-19 13:19:30 | 000,142,995 | ---- | C] () -- C:\Users\Mr Fox\Desktop\1.png

[2012-12-19 12:57:06 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012-12-19 12:52:13 | 000,508,159 | ---- | C] () -- C:\Users\Mr Fox\Desktop\Sem Título.png

[2012-12-17 08:11:04 | 000,001,737 | ---- | C] () -- C:\Users\Mr Fox\Desktop\PES - 2012.lnk

[2012-12-15 19:20:06 | 000,001,638 | ---- | C] () -- C:\Users\Mr Fox\Desktop\battleship_v7.sln

[2012-12-15 11:23:18 | 000,001,682 | ---- | C] () -- C:\Users\Mr Fox\Desktop\Photoshop.exe - Atalho.lnk

[2012-12-08 18:33:48 | 000,000,190 | ---- | C] () -- C:\Users\Mr Fox\.packettracer

[2012-12-08 18:32:57 | 000,001,243 | ---- | C] () -- C:\Users\Mr Fox\Desktop\Cisco Packet Tracer.lnk

[2012-11-22 19:28:08 | 144,600,276 | ---- | C] () -- C:\Users\Mr Fox\Desktop\Rltion.1.09.rar

[2012-09-22 16:12:22 | 001,616,042 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012-08-06 13:31:58 | 000,017,408 | ---- | C] () -- C:\Users\Mr Fox\AppData\Local\WebpageIcons.db

[2012-08-06 12:29:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2011-09-28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

========== ZeroAccess Check ==========

[2012-12-19 16:32:55 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{051459fb-50a4-d889-e47e-57281b7548f6}\L

[2012-12-19 16:32:55 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{051459fb-50a4-d889-e47e-57281b7548f6}\U

[2009-07-14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012-09-21 14:19:12 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software

[2012-09-21 14:19:12 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software

[2012-10-25 22:01:17 | 000,000,000 | ---D | M] -- C:\Users\Mr Fox\AppData\Roaming\AC3Filter

[2012-08-06 18:09:38 | 000,000,000 | ---D | M] -- C:\Users\Mr Fox\AppData\Roaming\Babylon

[2012-12-20 09:30:41 | 000,000,000 | ---D | M] -- C:\Users\Mr Fox\AppData\Roaming\BitTorrent

[2012-08-12 18:59:45 | 000,000,000 | ---D | M] -- C:\Users\Mr Fox\AppData\Roaming\BSplayer

[2012-08-06 17:48:52 | 000,000,000 | ---D | M] -- C:\Users\Mr Fox\AppData\Roaming\BSplayer Pro

[2012-08-21 21:46:11 | 000,000,000 | ---D | M] -- C:\Users\Mr Fox\AppData\Roaming\Bump Technologies, Inc

[2012-09-22 16:01:25 | 000,000,000 | ---D | M] -- C:\Users\Mr Fox\AppData\Roaming\DAEMON Tools Pro

[2012-12-20 10:48:18 | 000,000,000 | ---D | M] -- C:\Users\Mr Fox\AppData\Roaming\Dropbox

[2012-11-21 21:19:02 | 000,000,000 | ---D | M] -- C:\Users\Mr Fox\AppData\Roaming\DVDVideoSoft

[2012-11-21 21:18:52 | 000,000,000 | ---D | M] -- C:\Users\Mr Fox\AppData\Roaming\DVDVideoSoftIEHelpers

[2012-10-24 23:22:43 | 000,000,000 | ---D | M] -- C:\Users\Mr Fox\AppData\Roaming\Firefly Studios

[2012-08-06 15:00:36 | 000,000,000 | ---D | M] -- C:\Users\Mr Fox\AppData\Roaming\InterTrust

[2012-10-19 14:58:11 | 000,000,000 | ---D | M] -- C:\Users\Mr Fox\AppData\Roaming\Notepad++

[2012-09-22 16:00:02 | 000,000,000 | ---D | M] -- C:\Users\Mr Fox\AppData\Roaming\OpenCandy

[2012-09-06 09:08:06 | 000,000,000 | ---D | M] -- C:\Users\Mr Fox\AppData\Roaming\TuneUp Software

[2012-08-21 22:26:31 | 000,000,000 | ---D | M] -- C:\Users\Mr Fox\AppData\Roaming\Windows Live Writer

========== Purity Check ==========

< End of report >

Share this post


Link to post
Share on other sites

Hi,

Please download and run ERUNT (Emergency Recovery Utility NT). This program allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed. **Remember if you are using Windows Vista as your operating system right-click the executable and Run as Administrator.

----------

Run OTL.exe

Copy/paste the following text written inside of the quote box into the Custom Scans/Fixes box located at the bottom of OTL

:Services

:OTL

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}

IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperba...q={searchTerms}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKU\S-1-5-21-4020319423-4195463559-611360456-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperba...q={searchTerms}

IE - HKU\S-1-5-21-4020319423-4195463559-611360456-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperba...q={searchTerms}

IE - HKU\S-1-5-21-4020319423-4195463559-611360456-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

FF - prefs.js..browser.search.selectedEngine: "Web Search"

FF - prefs.js..browser.startup.homepage: "http://feed.helperbar.com/?publisher=OC&dpid=OC&co=PT&userid=71e3e8cf-fb27-464f-ad5c-9d7df577e835&affid=111583&searchtype=hp&babsrc=lnkry"

FF - prefs.js..keyword.URL: "http://feed.helperbar.com/?publisher=OC&dpid=OC&co=PT&userid=71e3e8cf-fb27-464f-ad5c-9d7df577e835&affid=111583&searchtype=ds&babsrc=lnkry&q="

[2012-11-27 23:30:28 | 000,000,000 | ---D | M] ("Linkury Smartbar") -- C:\Users\Mr Fox\AppData\Roaming\mozilla\Firefox\Profiles\2vzxlubo.default\extensions\helperbar@helperbar.com

[2012-12-16 21:18:11 | 000,002,455 | ---- | M] () -- C:\Users\Mr Fox\AppData\Roaming\mozilla\firefox\profiles\2vzxlubo.default\searchplugins\Web Search.xml

[2012-08-06 18:09:38 | 000,000,000 | ---D | M] -- C:\Users\Mr Fox\AppData\Roaming\Babylon

[2012-09-22 16:00:02 | 000,000,000 | ---D | M] -- C:\Users\Mr Fox\AppData\Roaming\OpenCandy

:Files

copy C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys C:\Windows\System32\drivers\AFD.SYS /c

ipconfig /flushdns /c

:Commands

[emptytemp]

[start explorer]

[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

----------

There will be a log created automatically...please post that when it does. :)

Share this post


Link to post
Share on other sites

can you please re-post the quote u have out of it, lile normal post?

i cant copy that white my phone

btw, is the virus thing solved or would it be better anyway to format the pc?

Share this post


Link to post
Share on other sites
:Services

:OTL

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}

IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperba...q={searchTerms}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKU\S-1-5-21-4020319423-4195463559-611360456-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperba...q={searchTerms}

IE - HKU\S-1-5-21-4020319423-4195463559-611360456-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperba...q={searchTerms}

IE - HKU\S-1-5-21-4020319423-4195463559-611360456-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

FF - prefs.js..browser.search.selectedEngine: "Web Search"

FF - prefs.js..browser.startup.homepage: "http://feed.helperbar.com/?publisher=OC&dpid=OC&co=PT&userid=71e3e8cf-fb27-464f-ad5c-9d7df577e835&affid=111583&searchtype=hp&babsrc=lnkry"

FF - prefs.js..keyword.URL: "http://feed.helperbar.com/?publisher=OC&dpid=OC&co=PT&userid=71e3e8cf-fb27-464f-ad5c-9d7df577e835&affid=111583&searchtype=ds&babsrc=lnkry&q="

[2012-11-27 23:30:28 | 000,000,000 | ---D | M] ("Linkury Smartbar") -- C:\Users\Mr Fox\AppData\Roaming\mozilla\Firefox\Profiles\2vzxlubo.default\extensions\helperbar@helperbar.com

[2012-12-16 21:18:11 | 000,002,455 | ---- | M] () -- C:\Users\Mr Fox\AppData\Roaming\mozilla\firefox\profiles\2vzxlubo.default\searchplugins\Web Search.xml

[2012-08-06 18:09:38 | 000,000,000 | ---D | M] -- C:\Users\Mr Fox\AppData\Roaming\Babylon

[2012-09-22 16:00:02 | 000,000,000 | ---D | M] -- C:\Users\Mr Fox\AppData\Roaming\OpenCandy

:Files

copy C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys C:\Windows\System32\drivers\AFD.SYS /c

ipconfig /flushdns /c

:Commands

[emptytemp]

[start explorer]

[Reboot]

Is that better?

Share this post


Link to post
Share on other sites

:Services

:OTL

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}

IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperba...q={searchTerms}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKU\S-1-5-21-4020319423-4195463559-611360456-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperba...q={searchTerms}

IE - HKU\S-1-5-21-4020319423-4195463559-611360456-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperba...q={searchTerms}

IE - HKU\S-1-5-21-4020319423-4195463559-611360456-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

FF - prefs.js..browser.search.selectedEngine: "Web Search"

FF - prefs.js..browser.startup.homepage: "http://feed.helperbar.com/?publisher=OC&dpid=OC&co=PT&userid=71e3e8cf-fb27-464f-ad5c-9d7df577e835&affid=111583&searchtype=hp&babsrc=lnkry"

FF - prefs.js..keyword.URL: "http://feed.helperbar.com/?publisher=OC&dpid=OC&co=PT&userid=71e3e8cf-fb27-464f-ad5c-9d7df577e835&affid=111583&searchtype=ds&babsrc=lnkry&q="

[2012-11-27 23:30:28 | 000,000,000 | ---D | M] ("Linkury Smartbar") -- C:\Users\Mr Fox\AppData\Roaming\mozilla\Firefox\Profiles\2vzxlubo.default\extensions\helperbar@helperbar.com

[2012-12-16 21:18:11 | 000,002,455 | ---- | M] () -- C:\Users\Mr Fox\AppData\Roaming\mozilla\firefox\profiles\2vzxlubo.default\searchplugins\Web Search.xml

[2012-08-06 18:09:38 | 000,000,000 | ---D | M] -- C:\Users\Mr Fox\AppData\Roaming\Babylon

[2012-09-22 16:00:02 | 000,000,000 | ---D | M] -- C:\Users\Mr Fox\AppData\Roaming\OpenCandy

:Files

copy C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sysC:\Windows\System32\drivers\AFD.SYS /c

ipconfig /flushdns /c

:Commands

[emptytemp]

[start explorer]

[Reboot]

Share this post


Link to post
Share on other sites

still no internet, but here is the log

All processes killed

========== SERVICES/DRIVERS ==========

========== OTL ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

HKU\S-1-5-21-4020319423-4195463559-611360456-1000\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!

HKU\S-1-5-21-4020319423-4195463559-611360456-1000\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!

HKEY_USERS\S-1-5-21-4020319423-4195463559-611360456-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Prefs.js: "Web Search" removed from browser.search.selectedEngine

Prefs.js: "http://feed.helperbar.com/?publisher=OC&dpid=OC&co=PT&userid=71e3e8cf-fb27-464f-ad5c-9d7df577e835&affid=111583&searchtype=hp&babsrc=lnkry" removed from browser.startup.homepage

Prefs.js: "http://feed.helperbar.com/?publisher=OC&dpid=OC&co=PT&userid=71e3e8cf-fb27-464f-ad5c-9d7df577e835&affid=111583&searchtype=ds&babsrc=lnkry&q=" removed from keyword.URL

C:\Users\Mr Fox\AppData\Roaming\mozilla\Firefox\Profiles\2vzxlubo.default\extensions\helperbar@helperbar.com\components folder moved successfully.

C:\Users\Mr Fox\AppData\Roaming\mozilla\Firefox\Profiles\2vzxlubo.default\extensions\helperbar@helperbar.com\chrome\PublisherImages folder moved successfully.

C:\Users\Mr Fox\AppData\Roaming\mozilla\Firefox\Profiles\2vzxlubo.default\extensions\helperbar@helperbar.com\chrome\images folder moved successfully.

C:\Users\Mr Fox\AppData\Roaming\mozilla\Firefox\Profiles\2vzxlubo.default\extensions\helperbar@helperbar.com\chrome folder moved successfully.

C:\Users\Mr Fox\AppData\Roaming\mozilla\Firefox\Profiles\2vzxlubo.default\extensions\helperbar@helperbar.com folder moved successfully.

C:\Users\Mr Fox\AppData\Roaming\mozilla\firefox\profiles\2vzxlubo.default\searchplugins\Web Search.xml moved successfully.

C:\Users\Mr Fox\AppData\Roaming\Babylon folder moved successfully.

C:\Users\Mr Fox\AppData\Roaming\OpenCandy\OpenCandy_8809B49A3DF64006A591ABA7A6355FF3 folder moved successfully.

C:\Users\Mr Fox\AppData\Roaming\OpenCandy\8809B49A3DF64006A591ABA7A6355FF3 folder moved successfully.

C:\Users\Mr Fox\AppData\Roaming\OpenCandy folder moved successfully.

========== FILES ==========

< copy C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sysC:\Windows\System32\drivers\AFD.SYS /c >

C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sysC:\Windows\System32\drivers\AFD.SYS

0 ficheiro(s) copiado(s).

C:\Users\Mr Fox\Desktop\cmd.bat deleted successfully.

C:\Users\Mr Fox\Desktop\cmd.txt deleted successfully.

< ​ipconfig /flushdns /c >

C:\Users\Mr Fox\Desktop\cmd.bat deleted successfully.

C:\Users\Mr Fox\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Mr Fox

->Temp folder emptied: 1863456 bytes

->Temporary Internet Files folder emptied: 2089478 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 129171871 bytes

->Google Chrome cache emptied: 241713236 bytes

->Flash cache emptied: 506 bytes

User: Public

->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 51349 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46427580 bytes

RecycleBin emptied: 212675960 bytes

Total Files Cleaned = 605,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 12212012_135550

Files\Folders moved on Reboot...

C:\Users\Mr Fox\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Share this post


Link to post
Share on other sites
btw, is the virus thing solved or would it be better anyway to format the pc?
This is always an option if you want to do so....just let me know either way. :)

--------

First open an elevated command prompt > Click Start and type cmd in Start Search.

When cmd.exe populates above, right click it and select Run as Administrator to open an elevated command prompt.

Copy the contents below > right click in the command window and select paste >> Press Enter

copy C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys C:\Windows\System32\drivers\AFD.SYS

Close the Command Prompt box.

Reboot your system and check your internet connection. If there is not internet please run a new scan with Farbar Service Scanner.

Share this post


Link to post
Share on other sites

here is the otl log

OTL logfile created on: 21-12-2012 14:08:58 - Run 2

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mr Fox\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000816 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy

3,37 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 75,01% Memory free

6,75 Gb Paging File | 5,38 Gb Available in Paging File | 79,80% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 84,14 Gb Total Space | 17,72 Gb Free Space | 21,06% Space Free | Partition Type: NTFS

Drive D: | 195,32 Gb Total Space | 12,53 Gb Free Space | 6,42% Space Free | Partition Type: NTFS

Computer Name: MRFOX-PC | User Name: Mr Fox | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Mr Fox\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Users\Mr Fox\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

PRC - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Linkury.exe (Smartbar)

PRC - C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)

PRC - C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe (DT Soft Ltd)

PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)

========== Modules (No Company Name) ==========

MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.Resources.AutomaticUpdates.dll ()

MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll ()

MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll ()

MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll ()

MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.GUI.Multimedia.Loader.dll ()

MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll ()

MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.Personalization.BusinessLogic.dll ()

MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.XmlSerializers.dll ()

MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.Resources.SideBySide.dll ()

MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll ()

MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\pt\Smartbar.Resources.LanguageSettings.resources.dll ()

MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll ()

MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.Resources.ProcessDownMonitor.dll ()

MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll ()

MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.Resources.Utilities.dll ()

MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll ()

MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll ()

MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll ()

MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\MACTrackBarLib.dll ()

MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll ()

MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.EventManager.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\626d0ac2f4ada682d7ca6c4ebf821469\CustomMarshalers.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\761fd1afc17f11bf6d49c3a7d16465ca\System.Web.Services.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()

MOD - C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll ()

MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtWebKit4.dll ()

MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll ()

MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll ()

MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll ()

MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll ()

MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll ()

MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll ()

MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtWebKit\qmlwebkitplugin.dll ()

MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll ()

MOD - C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt_b77a5c561934e089\mscorlib.resources.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt_b77a5c561934e089\System.resources.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SRV - (FLEXnet Licensing Service 64) -- C:\Programas\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)

SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)

SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (wampapache) -- c:\wamp\bin\apache\apache2.2.22\bin\httpd.exe (Apache Software Foundation)

SRV - (wampmysqld) -- c:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe ()

SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)

SRV - (wlidsvc) -- C:\Programas\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)

DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)

DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)

DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation)

DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)

DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-PT

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\..\SearchScopes,DefaultScope =

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: ""

FF - prefs.js..browser.startup.homepage: ""

FF - prefs.js..extensions.enabledAddons: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:2.0.7

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mr Fox\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mr Fox\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012-12-19 20:14:31 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-11-16 15:57:21 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-11-16 15:57:21 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012-09-13 18:15:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mr Fox\AppData\Roaming\mozilla\Extensions

[2012-11-27 23:36:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mr Fox\AppData\Roaming\mozilla\Firefox\Profiles\2vzxlubo.default\extensions

[2012-09-13 18:21:30 | 000,341,143 | ---- | M] () (No name found) -- C:\Users\Mr Fox\AppData\Roaming\mozilla\firefox\profiles\2vzxlubo.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi

[2012-11-27 23:36:36 | 000,035,614 | ---- | M] () (No name found) -- C:\Users\Mr Fox\AppData\Roaming\mozilla\firefox\profiles\2vzxlubo.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi

[2012-12-19 20:15:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012-12-19 20:15:25 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\mozilla firefox\extensions\KavAntiBanner@Kaspersky.ru

[2012-12-19 20:15:15 | 000,000,000 | ---D | M] (Conselheiro de URLs da Kaspersky) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru

[2012-11-16 15:57:21 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012-09-06 03:23:16 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml

[2012-09-06 03:23:16 | 000,001,529 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\priberam.xml

[2012-09-06 03:23:16 | 000,002,071 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\sapo.xml

[2012-09-06 03:23:16 | 000,000,942 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-ptpt.xml

========== Chrome ==========

CHR - homepage: http://www.google.pt/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},

CHR - homepage: http://www.google.pt/

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mr Fox\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mr Fox\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Mr Fox\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Mr Fox\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll

CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Mr Fox\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll

CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Mr Fox\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll

CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Mr Fox\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Mr Fox\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - Extension: wareztuga.tv streamer = C:\Users\Mr Fox\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajnommifabkikkfaponcacapkfaghkcj\3.4_0\

CHR - Extension: James White = C:\Users\Mr Fox\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm\3_0\

CHR - Extension: YouTube = C:\Users\Mr Fox\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Adblock Plus = C:\Users\Mr Fox\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\

CHR - Extension: Pesquisa do Google = C:\Users\Mr Fox\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Pixlr-o-matic = C:\Users\Mr Fox\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehcibdjmpjlekgjhepbfmenfppliikcj\1.2_0\

CHR - Extension: AdBlock = C:\Users\Mr Fox\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.52_0\

CHR - Extension: Gmail = C:\Users\Mr Fox\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012-12-19 17:04:24 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)

O2 - BHO: (Facilitador de Leitor de Link Adobe PDF) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)

O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)

O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [Win7PDF] C:\Program Files\PDF Printer for Windows 7\PDF.exe File not found

O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)

O4 - HKCU..\Run: [bitTorrent] C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)

O4 - HKCU..\Run: [browser Infrastructure Helper] C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Linkury.exe (Smartbar)

O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)

O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()

O4 - Startup: C:\Users\Mr Fox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Mr Fox\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O4 - Startup: C:\Users\Mr Fox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: Adicionar ao Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()

O8 - Extra context menu item: Adicionar ao Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()

O9:64bit: - Extra Button: &Teclado virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)

O9:64bit: - Extra Button: Verificação de U&RLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)

O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: &Teclado virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: Verificação de U&RLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O12 - Plugin for: .spop - C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programas\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012-12-21 13:55:50 | 000,000,000 | ---D | C] -- C:\_OTL

[2012-12-20 16:18:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

[2012-12-20 16:18:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT

[2012-12-20 13:16:06 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Mr Fox\Desktop\erunt-setup.exe

[2012-12-20 10:24:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mr Fox\Desktop\OTL.exe

[2012-12-20 01:06:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012-12-19 20:15:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2012

[2012-12-19 20:14:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab

[2012-12-19 20:14:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab

[2012-12-19 20:13:53 | 000,615,728 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys

[2012-12-19 19:10:00 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012-12-19 16:45:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012-12-19 16:45:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012-12-19 16:45:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012-12-19 16:43:30 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{48B7FA61-8D1D-4014-B6FB-0CFF9C8EE542}

[2012-12-19 16:34:15 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%

[2012-12-19 16:32:32 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012-12-19 16:32:21 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012-12-19 13:48:52 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Mr Fox\Desktop\aswMBR.exe

[2012-12-19 12:58:00 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Mr Fox\Desktop\dds.com

[2012-12-19 12:57:13 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Roaming\Malwarebytes

[2012-12-19 12:57:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012-12-19 12:57:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012-12-19 12:57:04 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012-12-19 12:57:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012-12-18 22:51:59 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\Desktop\Música

[2012-12-18 16:10:41 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{EE8FD508-E5B3-4ACF-8DB6-196959C50018}

[2012-12-17 18:19:19 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\Desktop\Hardwell

[2012-12-17 18:19:10 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\Desktop\Afrojack

[2012-12-17 08:07:58 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\Documents\KONAMI

[2012-12-17 07:59:57 | 000,000,000 | ---D | C] -- C:\ProgramData\KONAMI

[2012-12-17 07:59:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KONAMI

[2012-12-17 07:54:51 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{0955C0CA-954D-4C07-BFFC-C35855B47F99}

[2012-12-16 09:48:02 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{DBCF6190-4D70-4A38-9476-1ED5595BA9B0}

[2012-12-15 21:47:44 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{11080D91-D531-4546-BF73-F737C3332827}

[2012-12-15 12:28:17 | 000,000,000 | R--D | C] -- C:\Users\Mr Fox\Desktop\JOÃO

[2012-12-15 11:29:48 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\Desktop\IMAGENS

[2012-12-15 11:23:44 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet

[2012-12-15 11:18:33 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe

[2012-12-15 11:15:23 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM

[2012-12-15 11:04:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool

[2012-12-15 11:02:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS4

[2012-12-15 11:01:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared

[2012-12-15 11:01:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

[2012-12-15 10:59:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared

[2012-12-15 09:59:49 | 000,000,000 | ---D | C] -- C:\temp

[2012-12-15 09:56:38 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\Desktop\battleship_v9

[2012-12-14 15:38:10 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{98DE45EC-E72C-451B-8A2B-B69F14160733}

[2012-12-13 18:30:33 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{4DBA1B76-71BC-448D-8950-BBCC5ADC79AF}

[2012-12-12 22:19:41 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\Desktop\SS12_13

[2012-12-12 18:44:49 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{E88F6FB8-4FC8-4E5C-A3D8-5EC17E79B143}

[2012-12-11 07:30:15 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{36CCA143-BB9B-4ED9-889E-F9DCEAEFD561}

[2012-12-10 18:30:23 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{017B298B-F55D-4B2F-BD21-888B2799F820}

[2012-12-08 18:33:48 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\Cisco Packet Tracer 5.3.3

[2012-12-08 18:32:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Packet Tracer

[2012-12-08 18:32:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco Packet Tracer 5.3.3

[2012-12-08 18:16:55 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\Desktop\SvM-fds

[2012-12-08 18:00:11 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{DA8164C5-5ABD-4808-9BA3-79096790DF2E}

[2012-12-07 14:48:59 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{982E790E-B35E-4020-8EAB-11952F1B2A66}

[2012-12-06 18:32:19 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{564EFFF2-A244-4DA2-AE8B-BC17425D39E9}

[2012-12-05 18:49:22 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{A3217B5A-DE7A-4EE5-BE87-B0F560C3BBBF}

[2012-12-04 15:08:17 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{AB1658E3-66CB-4143-A347-02A1EBF14B65}

[2012-12-03 18:51:04 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{5BA70093-A411-4DFE-9D97-9950B89B699F}

[2012-12-02 12:57:17 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{EF0887C9-4724-4B28-BF24-E19D10C34E95}

[2012-12-01 12:27:54 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{6214E485-8D57-4775-B139-AE2331DB54F9}

[2012-11-30 15:07:24 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{44E89FC2-48F4-4BF4-A71A-D52996B719CF}

[2012-11-29 19:31:09 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{D38D2B55-479A-49DA-A362-BFCC4740B912}

[2012-11-28 19:36:25 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{F8448C5C-5296-46F2-B7C9-07B38287C0BD}

[2012-11-27 15:05:08 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{8E586098-BEAF-4DA1-A69B-4D4DAA7CD950}

[2012-11-26 19:00:07 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{7E7B9E68-0CAD-4926-BF29-B51450931A7B}

[2012-11-25 12:21:42 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{BBCBCE1D-4549-4677-A124-FC6257B49F7E}

[2012-11-24 13:00:37 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{487D922E-43D9-4878-822E-F8F1AADF4ADC}

[2012-11-23 15:12:11 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{525C1633-4B8D-4B11-948B-EC1AA153A896}

[2012-11-22 18:55:03 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{92FFBFB7-9F07-4D13-978B-769ADD7ADA5D}

[2012-11-21 21:18:52 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Roaming\DVDVideoSoftIEHelpers

[2012-11-21 21:18:51 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Roaming\DVDVideoSoft

[2012-11-21 21:18:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft

[2012-11-21 21:18:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft

[2012-11-21 21:18:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft

[2012-11-21 18:46:10 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{E2C74862-BCEF-463A-9377-27C40CF03109}

========== Files - Modified Within 30 Days ==========

[2012-12-21 14:08:53 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012-12-21 14:08:53 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012-12-21 14:08:12 | 000,131,072 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl

[2012-12-21 14:08:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012-12-21 13:57:21 | 2717,310,976 | -HS- | M] () -- C:\hiberfil.sys

[2012-12-20 16:18:42 | 000,001,104 | ---- | M] () -- C:\Users\Mr Fox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2012-12-20 16:18:23 | 000,000,905 | ---- | M] () -- C:\Users\Mr Fox\Desktop\ERUNT.lnk

[2012-12-20 13:16:06 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Mr Fox\Desktop\erunt-setup.exe

[2012-12-20 11:13:37 | 001,648,554 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012-12-20 11:13:37 | 000,718,554 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat

[2012-12-20 11:13:37 | 000,651,910 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012-12-20 11:13:37 | 000,151,536 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat

[2012-12-20 11:13:37 | 000,120,842 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012-12-20 10:25:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mr Fox\Desktop\OTL.exe

[2012-12-20 09:00:01 | 000,003,280 | ---- | M] () -- C:\bootsqm.dat

[2012-12-19 20:47:26 | 000,165,376 | ---- | M] () -- C:\Users\Mr Fox\Desktop\SystemLook_x64.exe

[2012-12-19 20:15:30 | 000,151,619 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat

[2012-12-19 20:15:29 | 000,107,075 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat

[2012-12-19 20:13:53 | 000,615,728 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys

[2012-12-19 18:15:01 | 000,001,026 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4020319423-4195463559-611360456-1000UA.job

[2012-12-19 17:04:24 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012-12-19 16:44:46 | 000,001,000 | ---- | M] () -- C:\Users\Mr Fox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2012-12-19 16:44:44 | 000,001,020 | ---- | M] () -- C:\Users\Mr Fox\Desktop\Dropbox.lnk

[2012-12-19 13:54:26 | 000,000,512 | ---- | M] () -- C:\Users\Mr Fox\Desktop\MBR.dat

[2012-12-19 13:49:36 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Mr Fox\Desktop\aswMBR.exe

[2012-12-19 13:19:30 | 000,142,995 | ---- | M] () -- C:\Users\Mr Fox\Desktop\1.png

[2012-12-19 12:58:01 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Mr Fox\Desktop\dds.com

[2012-12-19 12:57:06 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012-12-19 12:52:13 | 000,508,159 | ---- | M] () -- C:\Users\Mr Fox\Desktop\Sem Título.png

[2012-12-18 21:28:26 | 000,000,974 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4020319423-4195463559-611360456-1000Core.job

[2012-12-17 08:11:04 | 000,001,737 | ---- | M] () -- C:\Users\Mr Fox\Desktop\PES - 2012.lnk

[2012-12-15 21:48:05 | 003,023,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012-12-15 11:23:18 | 000,001,682 | ---- | M] () -- C:\Users\Mr Fox\Desktop\Photoshop.exe - Atalho.lnk

[2012-12-15 10:11:31 | 000,001,638 | ---- | M] () -- C:\Users\Mr Fox\Desktop\battleship_v7.sln

[2012-12-08 21:05:44 | 000,000,190 | ---- | M] () -- C:\Users\Mr Fox\.packettracer

[2012-12-08 18:32:57 | 000,001,243 | ---- | M] () -- C:\Users\Mr Fox\Desktop\Cisco Packet Tracer.lnk

[2012-11-27 18:55:29 | 000,001,495 | ---- | M] () -- C:\Users\Mr Fox\Desktop\Visual Studio 2010 - Atalho.lnk

[2012-11-22 20:15:12 | 144,600,276 | ---- | M] () -- C:\Users\Mr Fox\Desktop\Rltion.1.09.rar

========== Files Created - No Company Name ==========

[2012-12-20 16:18:42 | 000,001,104 | ---- | C] () -- C:\Users\Mr Fox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2012-12-20 16:18:23 | 000,000,905 | ---- | C] () -- C:\Users\Mr Fox\Desktop\ERUNT.lnk

[2012-12-20 09:00:01 | 000,003,280 | ---- | C] () -- C:\bootsqm.dat

[2012-12-19 20:47:27 | 000,165,376 | ---- | C] () -- C:\Users\Mr Fox\Desktop\SystemLook_x64.exe

[2012-12-19 20:15:30 | 000,151,619 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat

[2012-12-19 20:15:29 | 000,107,075 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat

[2012-12-19 16:45:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012-12-19 16:45:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012-12-19 16:45:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012-12-19 16:45:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012-12-19 16:45:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012-12-19 13:54:26 | 000,000,512 | ---- | C] () -- C:\Users\Mr Fox\Desktop\MBR.dat

[2012-12-19 13:19:30 | 000,142,995 | ---- | C] () -- C:\Users\Mr Fox\Desktop\1.png

[2012-12-19 12:57:06 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012-12-19 12:52:13 | 000,508,159 | ---- | C] () -- C:\Users\Mr Fox\Desktop\Sem Título.png

[2012-12-17 08:11:04 | 000,001,737 | ---- | C] () -- C:\Users\Mr Fox\Desktop\PES - 2012.lnk

[2012-12-15 19:20:06 | 000,001,638 | ---- | C] () -- C:\Users\Mr Fox\Desktop\battleship_v7.sln

[2012-12-15 11:23:18 | 000,001,682 | ---- | C] () -- C:\Users\Mr Fox\Desktop\Photoshop.exe - Atalho.lnk

[2012-12-08 18:33:48 | 000,000,190 | ---- | C] () -- C:\Users\Mr Fox\.packettracer

[2012-12-08 18:32:57 | 000,001,243 | ---- | C] () -- C:\Users\Mr Fox\Desktop\Cisco Packet Tracer.lnk

[2012-11-22 19:28:08 | 144,600,276 | ---- | C] () -- C:\Users\Mr Fox\Desktop\Rltion.1.09.rar

[2012-09-22 16:12:22 | 001,616,042 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012-08-06 13:31:58 | 000,017,408 | ---- | C] () -- C:\Users\Mr Fox\AppData\Local\WebpageIcons.db

[2012-08-06 12:29:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2011-09-28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

========== ZeroAccess Check ==========

[2012-12-19 16:32:55 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{051459fb-50a4-d889-e47e-57281b7548f6}\L

[2012-12-19 16:32:55 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{051459fb-50a4-d889-e47e-57281b7548f6}\U

[2009-07-14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Share this post


Link to post
Share on other sites

yeiy! :D

I'm writting this post from my "infected pc"

now I jsut would like to know if my pc is safe now or is there somethign elso to know

I desisntalled avg anti virus and instaled malwarebyte and kaspesky itnernet security 2012

I need to know if I can surf safely in internet on this pc

Share this post


Link to post
Share on other sites
I'm writting this post from my "infected pc"

Alright! Great Job! :)

now I jsut would like to know if my pc is safe now or is there somethign elso to know
Let's get some updates and check for anything else hiding in there.
I desisntalled avg anti virus
Download and run the tool here to remove AVG completely.

I see that your Java software is out of date. Please go to Start >> Control Panel >> Programs and Features >> uninstall all versions of Java.

Now download and install the newest version from here >> http://java.com/en/download/index.jsp

-------------

Clear Java Cache

See this page for instructions on how to clear java's cache.

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)

  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 Checked

    • Downloaded Applets
      Downloaded Applications
      Other Files

    [*]Click OK on Delete Temporary Files Window

    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

    [*]Click OK to leave the Java Control Panel.

----------

Malwarebytes

Please open Malwarebytes, update it and then run a Quick Scan. Save the log that is created for your next reply.

----------

ESET Online Scanner

Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.

----------

Share this post


Link to post
Share on other sites

Malwarebytes Anti-Malware (Período de Avaliação) 1.65.1.1000

www.malwarebytes.org

Versão da base de dados: v2012.12.19.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Mr Fox :: MRFOX-PC [administrador]

Protecção: Activada

21-12-2012 15:32:00

mbam-log-2012-12-21 (15-32-00).txt

Tipo de pesquisa: Rápida

Opções de pesquisa activadas: Memoria | Arranque | Registo | Sistema de Ficheiros | Heurísticos/Extra | Heurísticos/Shuriken | PPI | MPI

Opções de pesquisa desactivadas: P2P

Objectos verificados: 211625

Tempo decorrido: 11 minuto(s), 9 segundo(s)

Processos de memória Detectados: 0

(Nenhum item malicioso detectado)

Módulos de Memória Detectados: 0

(Nenhum item malicioso detectado)

Chaves do Registo Detectadas: 0

(Nenhum item malicioso detectado)

Valores do Registo Detectados: 0

(Nenhum item malicioso detectado)

Itens de dados do Registo Detectados: 0

(Nenhum item malicioso detectado)

Pastas Detectadas: 0

(Nenhum item malicioso detectado)

Ficheiros Detectados: 0

(Nenhum item malicioso detectado)

(fim)

Share this post


Link to post
Share on other sites

Good....when you get the ESET scan post those results. :)

Share this post


Link to post
Share on other sites

Those are fine. They are already quarantined and will be removed when we uninstall our tools.

Did you get ESET ran yet?

Share this post


Link to post
Share on other sites
:)

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.