Solved Hotspot killing my Machine, 3x Kobeface deleted. 16H fighting 2ltr coffee Help wanted

Status
Not open for further replies.
D

deepblue

Posts: 30   +0
Hi all,
My wife installed Hotspot on my machine, (only God knows why) and i been fighting with it ever since i discovered it. nothing seems to work. it just WILL NOT die. tried my best but i have to admit defeat (insert expletive here). (use caps!)

This damned thing does all kind of nasty things to my machine, and on top of all for the first time i had a worm ..in 3 files...(insert bigger expletive here)

been reading forums since this morning...my brain has melted. and i need this machine desperately. or ill be making Goldfish Stew and Roasted Cat very soon.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6288

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

06-04-2011 22:20:42
mbam-log-2011-04-06 (22-20-42).txt

Scan type: Full scan (C:\|)
Objects scanned: 337346
Time elapsed: 1 hour(s), 1 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{f306cba0-b8b7-4015-b057-55af5a7a3a35}\RP306\A0087408.exe (Worm.Koobface) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f306cba0-b8b7-4015-b057-55af5a7a3a35}\RP306\A0087409.exe (Worm.Koobface) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f306cba0-b8b7-4015-b057-55af5a7a3a35}\RP306\A0087410.exe (Worm.Koobface) -> Quarantined and deleted successfully.

What else should i post? forgive my weak mind...too much info today..

PS: I hate the dude who invented Hotspot Shield !
 
gmer.log

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit quick scan 2011-04-07 00:35:29
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HDT721010SLA360 rev.ST6OA31B
Running: 18s3bm3g.exe; Driver: C:\DOCUME~1\Greg\DEFINI~1\Temp\kwrcraoc.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
sure thing...thx :)

here goes the log

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Greg at 0:41:02,64 on 07-04-2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.3.1252.351.2070.18.3327.2382 [GMT 2:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\n52te\n52teHid.exe
C:\Program Files\ASUS\Six Engine\SixEngine.exe
svchost.exe
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Programas\ASUS\AI Direct Link\AsShare.exe
C:\Programas\AVG\AVG10\avgwdsvc.exe
C:\Programas\Ficheiros comuns\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programas\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programas\DivX\DivX Plus Web Player\DDmService.exe
C:\Programas\AVG\AVG10\avgtray.exe
C:\Programas\Ficheiros comuns\Java\Java Update\jusched.exe
C:\Programas\Hotspot Shield\bin\openvpnas.exe
C:\Programas\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\Windows Live\Messenger\msnmsgr.exe
C:\Programas\Hotspot Shield\HssWPR\hsssrv.exe
C:\Programas\Hotspot Shield\bin\hsswd.exe
C:\Programas\Java\jre6\bin\jqs.exe
C:\Programas\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Programas\n52te\n52teTra.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programas\nHancer\nHancerService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programas\Hotspot Shield\bin\openvpntray.exe
C:\Programas\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Greg\Os meus documentos\Downloads\18s3bm3g.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programas\AVG\AVG10\avgui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Greg\Os meus documentos\Downloads\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com/?SearchSource=10&ctid=CT1561552
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\programas\avg\avg10\toolbar\IEToolbar.dll
uURLSearchHooks: HotSpot International Toolbar: {0002ee26-8c11-49eb-9cdf-56eeffef664f} - c:\programas\hotspot_international\tbHotS.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\programas\avg\avg10\toolbar\IEToolbar.dll
BHO: HotSpot International Toolbar: {0002ee26-8c11-49eb-9cdf-56eeffef664f} - c:\programas\hotspot_international\tbHotS.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programas\ficheiros comuns\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\programas\divx\divx plus web player\npdivx32.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\programas\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\programas\divx\divx plus web player\npdivx32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programas\ficheiros comuns\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\programas\avg\avg10\toolbar\IEToolbar.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\programas\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programas\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programas\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Cooliris Plug-In for Internet Explorer: {eaee5c74-6d0d-4aca-9232-0da4a7b866ba} - c:\programas\piclensie\cooliris.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\programas\hotspot shield\hssie\HssIE.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\programas\avg\avg10\toolbar\IEToolbar.dll
TB: HotSpot International Toolbar: {0002ee26-8c11-49eb-9cdf-56eeffef664f} - c:\programas\hotspot_international\tbHotS.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\programas\windows live\messenger\msnmsgr.exe" /background
uRun: [Google Update] "c:\documents and settings\greg\definições locais\application data\google\update\GoogleUpdate.exe" /c
uRunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "c:\programas\ficheiros comuns\wise installation wizard\wisdd1865f0ad7340fbb23e1822e02396ff_9_09_0203.msi" transforms="c:\programas\ficheiros comuns\wise installation

wizard\wisdd1865f0ad7340fbb23e1822e02396ff_9_09_0203.mst" wise_setup_exe_path="d:\win2kxp\PhysX_9.09.0203_SystemSoftware.exe"
mRun: [Jomantha] c:\programas\n52te\n52teHid.exe
mRun: [Six Engine] "c:\program files\asus\six engine\SixEngine.exe" -r
mRun: [Ai Nap] "c:\program files\asus\ai suite\ainap\AiNap.exe"
mRun: [QFan Help] "c:\program files\asus\ai suite\qfan3\QFanHelp.exe"
mRun: [Cpu Level Up help] c:\program files\asus\ai suite\CpuLevelUpHelp.exe
mRun: [Launch Direct Link] "c:\programas\asus\ai direct link\AsShare.exe"
mRun: [Launch As Cmd Runner] "c:\programas\asus\ai direct link\AsCmd.exe" -reg
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [ZoneAlarm Client] "c:\programas\zone labs\zonealarm\zlclient.exe"
mRun: [DivX Download Manager] "c:\programas\divx\divx plus web player\DDmService.exe" start
mRun: [Adobe Reader Speed Launcher] "c:\programas\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\programas\ficheiros comuns\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] c:\programas\avg\avg10\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\programas\ficheiros comuns\java\java update\jusched.exe"
mRun: [DivXUpdate] "c:\programas\divx\divx update\DivXUpdate.exe" /CHECKNOW
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\arranque\epsons~1.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programas\messenger\msmsgs.exe
IE: {3437D640-C91A-458f-89F5-B9095EA4C28B} - {04F93351-81D2-4484-9982-0D55DEFFFAE6} - c:\programas\piclensie\cooliris.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\programas\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1244304484828
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1244306135750
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - hxxp://www.cooliris.com/shared/plinstll.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\programas\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\programas\avg\avg10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\programas\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\fichei~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\greg\applic~1\mozilla\firefox\profiles\0nlvzg9x.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\greg\application data\mozilla\firefox\profiles\0nlvzg9x.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\programas\avg\avg10\firefox\components\avgssff.dll
FF - component: c:\programas\avg\avg10\firefox4\components\avgssff4.dll
FF - plugin: c:\documents and settings\greg\application data\mozilla\firefox\profiles\0nlvzg9x.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\greg\application data\mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\greg\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\greg\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\greg\definiã§ãµes locais\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\programas\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\programas\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\programas\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\programas\google\google updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\programas\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\programas\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\programas\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programas\microsoft silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: c:\programas\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\programas\nos\bin\np_gp.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2008-7-22 151592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 299984]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-7-2 532224]
R2 avgwd;AVG WatchDog;c:\programas\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 hshld;Hotspot Shield Service;c:\programas\hotspot shield\bin\openvpnas.exe [2011-3-25 271408]
R2 HssWd;Hotspot Shield Monitoring Service;c:\programas\hotspot shield\bin\hsswd.exe -product hss --> c:\programas\hotspot shield\bin\hsswd.exe -product HSS [?]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
R3 camvid20;Philips ToUcam Camera; Video;c:\windows\system32\drivers\camdrv21.sys [2009-7-11 223232]
R3 JmtFltr;n52te;c:\windows\system32\drivers\JmtFltr.sys [2009-6-6 48896]
S2 AVGIDSAgent;AVGIDSAgent;c:\programas\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9fc9288585f4c;Serviço Google Update (gupdate1c9fc9288585f4c);c:\programas\google\update\GoogleUpdate.exe [2009-7-4 133104]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\programas\avg\avg10\toolbar\ToolbarBroker.exe [2010-11-28 517448]
S3 EPUSBSTOR;EPSON USB Storage Driver;c:\windows\system32\drivers\epusbsto.sys [2001-9-10 17976]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-4 14336]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-4-6 27064]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WN4501HLFIR(Arcor);Arcor-Easy Stick A 50 WLAN(Arcor);c:\windows\system32\drivers\ARWUSB.sys [2010-12-31 489472]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-04-06 19:13:38 -------- d-----w- c:\docume~1\greg\applic~1\Malwarebytes
2011-04-06 19:13:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-06 19:13:33 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-04-06 19:13:29 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-06 19:13:29 -------- d-----w- c:\programas\Malwarebytes' Anti-Malware
2011-04-06 17:42:37 -------- d-----w- c:\docume~1\greg\defini~1\applic~1\Conduit
2011-04-06 17:42:36 -------- d-----w- c:\programas\Conduit
2011-04-06 17:42:35 -------- d-----w- c:\docume~1\greg\defini~1\applic~1\HotSpot_International
2011-04-06 17:42:34 -------- d-----w- c:\programas\HotSpot_International
2011-04-06 17:41:22 -------- d-----w- C:\Hotspot Shield
2011-04-06 17:30:14 -------- d-----w- c:\docume~1\greg\applic~1\CheeseSoft
2011-04-06 17:30:13 -------- d-----w- C:\FU_Backup
2011-04-06 17:30:08 -------- d-----w- c:\programas\FinalUninstaller
2011-04-06 16:58:11 -------- d-----w- c:\programas\Hotspot Shield
2011-04-06 16:14:46 506880 ----a-w- c:\programas\mozilla firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor.dll
2011-04-06 15:24:02 -------- d-----w- c:\windows\system32\winrm
2011-04-06 15:23:57 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-04-06 15:22:59 -------- d-----w- c:\windows\system32\GroupPolicy
2011-04-06 15:22:59 -------- d-----w- c:\programas\Windows Desktop Search
2011-04-06 15:22:08 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2011-04-06 15:22:08 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2011-04-06 15:22:07 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2011-04-06 14:59:42 -------- d-----w- c:\windows\system32\XPSViewer
2011-04-06 12:23:11 -------- d-----w- c:\windows\pss
2011-04-06 12:14:41 -------- d-----w- c:\docume~1\greg\defini~1\applic~1\VS Revo Group
2011-04-06 12:14:35 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2011-04-06 12:14:34 -------- d-----w- c:\programas\VS Revo Group
2011-04-06 09:48:24 -------- d-----w- c:\docume~1\greg\defini~1\applic~1\Thunderbird
2011-03-23 23:36:40 -------- d-----w- C:\ConvertTemp
2011-03-23 23:33:12 -------- d-----w- c:\docume~1\greg\applic~1\SAMSUNG
2011-03-23 23:26:47 749568 ----a-w- c:\programas\ficheiros comuns\installshield\professional\runtime\10\50\intel32\iKernel.dll
2011-03-23 23:26:47 69715 ----a-w- c:\programas\ficheiros comuns\installshield\professional\runtime\10\50\intel32\ctor.dll
2011-03-23 23:26:47 5632 ----a-w- c:\programas\ficheiros comuns\installshield\professional\runtime\10\50\intel32\DotNetInstaller.exe
2011-03-23 23:26:47 274432 ----a-w- c:\programas\ficheiros comuns\installshield\professional\runtime\10\50\intel32\iscript.dll
2011-03-23 23:26:47 180224 ----a-w- c:\programas\ficheiros comuns\installshield\professional\runtime\10\50\intel32\iuser.dll
2011-03-23 23:26:41 323716 ----a-w- c:\programas\ficheiros comuns\installshield\professional\runtime\10\50\intel32\setup.dll
2011-03-23 23:26:41 192644 ----a-w- c:\programas\ficheiros comuns\installshield\professional\runtime\10\50\intel32\iGdi.dll
2011-03-23 23:08:24 -------- d-----w- c:\windows\system32\Samsung PC Studio Codecs
2011-03-23 23:06:46 94000 ----a-w- c:\windows\system32\drivers\ss_mdm.sys
2011-03-23 23:06:46 8304 ----a-w- c:\windows\system32\drivers\ss_mdfl.sys
2011-03-23 23:06:46 6144 ----a-w- c:\windows\system32\drivers\ss_cmnt.sys
2011-03-23 23:06:46 6144 ----a-w- c:\windows\system32\drivers\ss_cm.sys
2011-03-23 23:06:46 58320 ----a-w- c:\windows\system32\drivers\ss_bus.sys
2011-03-23 23:06:45 5808 ----a-w- c:\windows\system32\drivers\ss_whnt.sys
2011-03-23 23:06:45 5808 ----a-w- c:\windows\system32\drivers\ss_wh.sys
2011-03-23 23:06:45 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers
2011-03-23 17:34:15 781272 ----a-w- c:\programas\mozilla firefox\mozsqlite3.dll
2011-03-23 17:34:15 728024 ----a-w- c:\programas\mozilla firefox\libGLESv2.dll
2011-03-23 17:34:15 1975768 ----a-w- c:\programas\mozilla firefox\D3DCompiler_42.dll
2011-03-23 17:34:15 1893336 ----a-w- c:\programas\mozilla firefox\d3dx9_42.dll
2011-03-23 17:34:15 1874904 ----a-w- c:\programas\mozilla firefox\mozjs.dll
2011-03-23 17:34:15 15832 ----a-w- c:\programas\mozilla firefox\mozalloc.dll
2011-03-23 17:34:15 142296 ----a-w- c:\programas\mozilla firefox\libEGL.dll
2011-03-23 17:34:15 142296 ----a-w- c:\programas\mozilla firefox\components\browsercomps.dll
2011-03-12 11:28:40 103864 ----a-w- c:\programas\mozilla firefox\plugins\nppdf32.dll
2011-03-12 11:28:40 103864 ----a-w- c:\programas\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-04-06 15:07:08 252316 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-04-06 15:07:08 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-04-05 22:26:24 189480 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-04-05 22:26:24 189480 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-03-07 15:47:15 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-02-23 06:27:00 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-02-23 06:27:00 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-02-23 06:27:00 6398720 ----a-w- c:\windows\system32\nv4_disp.dll
2011-02-23 06:27:00 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-02-23 06:27:00 4980736 ----a-w- c:\windows\system32\nvcuda.dll
2011-02-23 06:27:00 2916968 ----a-w- c:\windows\system32\nvcuvid.dll
2011-02-23 06:27:00 2292678 ----a-w- c:\windows\system32\nvdata.bin
2011-02-23 06:27:00 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-02-23 06:27:00 1958400 ----a-w- c:\windows\system32\nvapi.dll
2011-02-23 06:27:00 14671872 ----a-w- c:\windows\system32\nvoglnt.dll
2011-02-23 06:27:00 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-02-09 13:54:07 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:54:07 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 20:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 18:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:59:08 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:10 441344 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
.
============= FINISH: 0:41:55,32 ===============
 
haa well the thread says paste both, so if you need zip just let me know.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 17-03-2010 9:50:02
System Uptime: 07-04-2011 0:24:57 (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5Q-PRO
Processor: Processador Intel Pentium III Xeon | LGA 775 | 2833/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 932 GiB total, 775,129 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Hotspot Shield Helper Miniport
Device ID: ROOT\MS_HSSDRVMP\0000
Manufacturer: Hotspot Shield
Name: Arcor-Easy Stick A 50 WLAN - Hotspot Shield Helper Miniport
PNP Device ID: ROOT\MS_HSSDRVMP\0000
Service: HssDrv
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Hotspot Shield Helper Miniport
Device ID: ROOT\MS_HSSDRVMP\0002
Manufacturer: Hotspot Shield
Name: Miniport WAN (IP) - Hotspot Shield Helper Miniport
PNP Device ID: ROOT\MS_HSSDRVMP\0002
Service: HssDrv
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Hotspot Shield Helper Miniport
Device ID: ROOT\MS_HSSDRVMP\0003
Manufacturer: Hotspot Shield
Name: Anchorfree HSS Adapter - Hotspot Shield Helper Miniport
PNP Device ID: ROOT\MS_HSSDRVMP\0003
Service: HssDrv
.
==== System Restore Points ===================
.
RP241: 07-01-2011 19:44:45 - Ponto de verificação do sistema
RP242: 11-01-2011 9:01:33 - Ponto de verificação do sistema
RP243: 12-01-2011 15:10:17 - Software Distribution Service 3.0
RP244: 14-01-2011 0:01:37 - Ponto de verificação do sistema
RP245: 15-01-2011 14:02:25 - Ponto de verificação do sistema
RP246: 16-01-2011 16:35:52 - Ponto de verificação do sistema
RP247: 17-01-2011 17:56:44 - Ponto de verificação do sistema
RP248: 18-01-2011 18:13:30 - Ponto de verificação do sistema
RP249: 20-01-2011 19:54:03 - Ponto de verificação do sistema
RP250: 26-01-2011 10:39:23 - Ponto de verificação do sistema
RP251: 27-01-2011 22:12:22 - Ponto de verificação do sistema
RP252: 28-01-2011 23:07:45 - Ponto de verificação do sistema
RP253: 30-01-2011 0:07:18 - Ponto de verificação do sistema
RP254: 31-01-2011 0:54:28 - Ponto de verificação do sistema
RP255: 01-02-2011 1:53:09 - Ponto de verificação do sistema
RP256: 02-02-2011 2:41:32 - Ponto de verificação do sistema
RP257: 03-02-2011 3:56:39 - Ponto de verificação do sistema
RP258: 04-02-2011 12:43:46 - Ponto de verificação do sistema
RP259: 05-02-2011 13:02:08 - Ponto de verificação do sistema
RP260: 06-02-2011 13:33:18 - Ponto de verificação do sistema
RP261: 07-02-2011 14:07:53 - Ponto de verificação do sistema
RP262: 08-02-2011 18:29:28 - Ponto de verificação do sistema
RP263: 09-02-2011 20:39:30 - Ponto de verificação do sistema
RP264: 10-02-2011 2:22:10 - Software Distribution Service 3.0
RP265: 10-02-2011 9:53:09 - Software Distribution Service 3.0
RP266: 11-02-2011 13:31:34 - Ponto de verificação do sistema
RP267: 12-02-2011 14:13:07 - Ponto de verificação do sistema
RP268: 13-02-2011 14:33:32 - Ponto de verificação do sistema
RP269: 14-02-2011 11:52:15 - Installed Java(TM) 6 Update 23
RP270: 15-02-2011 12:34:42 - Ponto de verificação do sistema
RP271: 16-02-2011 12:44:38 - Ponto de verificação do sistema
RP272: 17-02-2011 14:58:16 - Ponto de verificação do sistema
RP273: 18-02-2011 15:26:24 - Ponto de verificação do sistema
RP274: 19-02-2011 15:32:15 - Ponto de verificação do sistema
RP275: 20-02-2011 18:22:53 - Ponto de verificação do sistema
RP276: 22-02-2011 0:10:22 - Ponto de verificação do sistema
RP277: 23-02-2011 0:25:51 - Ponto de verificação do sistema
RP278: 24-02-2011 2:00:10 - Ponto de verificação do sistema
RP279: 25-02-2011 2:31:30 - Ponto de verificação do sistema
RP280: 26-02-2011 17:18:19 - Ponto de verificação do sistema
RP281: 27-02-2011 17:31:23 - Ponto de verificação do sistema
RP282: 28-02-2011 17:45:04 - Ponto de verificação do sistema
RP283: 01-03-2011 22:04:48 - Ponto de verificação do sistema
RP284: 03-03-2011 13:00:41 - Ponto de verificação do sistema
RP285: 04-03-2011 15:26:54 - Ponto de verificação do sistema
RP286: 05-03-2011 18:02:42 - Ponto de verificação do sistema
RP287: 06-03-2011 18:06:43 - Ponto de verificação do sistema
RP288: 07-03-2011 18:41:01 - Ponto de verificação do sistema
RP289: 09-03-2011 16:23:55 - Ponto de verificação do sistema
RP290: 10-03-2011 1:31:45 - Software Distribution Service 3.0
RP291: 11-03-2011 12:15:34 - Ponto de verificação do sistema
RP292: 12-03-2011 1:07:54 - Installed Java(TM) 6 Update 24
RP293: 13-03-2011 15:17:08 - Ponto de verificação do sistema
RP294: 15-03-2011 7:33:12 - Ponto de verificação do sistema
RP295: 16-03-2011 12:26:01 - Ponto de verificação do sistema
RP296: 17-03-2011 1:37:33 - Software Distribution Service 3.0
RP297: 17-03-2011 13:13:21 - Software Distribution Service 3.0
RP298: 18-03-2011 17:57:53 - Ponto de verificação do sistema
RP299: 19-03-2011 18:00:40 - Ponto de verificação do sistema
RP300: 20-03-2011 22:39:33 - Ponto de verificação do sistema
RP301: 21-03-2011 23:27:54 - Ponto de verificação do sistema
RP302: 23-03-2011 12:51:02 - Ponto de verificação do sistema
RP303: 24-03-2011 0:06:43 - Installed Samsung PC Studio 3 USB Driver

Installer
RP304: 24-03-2011 0:08:15 - Installed Samsung PC Studio
RP305: 24-03-2011 0:18:54 - Removed Samsung PC Studio 3 USB Driver

Installer
RP306: 24-03-2011 0:24:57 - Removed Samsung PC Studio
RP307: 24-03-2011 0:26:58 - Installed Samsung PC Studio 3 USB Driver

Installer
RP308: 24-03-2011 0:28:15 - Installed Samsung PC Studio
RP309: 24-03-2011 0:53:13 - Installed Samsung Samples Installer
RP310: 24-03-2011 5:54:23 - Software Distribution Service 3.0
RP311: 25-03-2011 15:18:17 - Ponto de verificação do sistema
RP312: 26-03-2011 17:17:43 - Ponto de verificação do sistema
RP313: 27-03-2011 19:39:45 - Ponto de verificação do sistema
RP314: 28-03-2011 22:39:32 - Ponto de verificação do sistema
RP315: 30-03-2011 11:49:18 - Ponto de verificação do sistema
RP316: 31-03-2011 13:44:43 - Ponto de verificação do sistema
RP317: 01-04-2011 14:17:08 - Ponto de verificação do sistema
RP318: 02-04-2011 14:57:10 - Ponto de verificação do sistema
RP319: 03-04-2011 20:40:53 - Ponto de verificação do sistema
RP320: 05-04-2011 10:39:34 - Ponto de verificação do sistema
RP321: 06-04-2011 10:57:14 - Ponto de verificação do sistema
RP322: 06-04-2011 12:53:55 - Installed Java(TM) 6 Update 22
RP323: 06-04-2011 12:54:29 - Installed OpenOffice.org 3.3
RP324: 06-04-2011 12:59:52 - Removed Ventrilo Client
RP325: 06-04-2011 13:02:32 - Removed OpenOffice.org 3.3
RP326: 06-04-2011 13:48:27 - Removed EveHQ
RP327: 06-04-2011 14:19:55 - Revo Uninstaller Pro's restore point -

Hotspot shield
RP328: 06-04-2011 15:41:13 - Revo Uninstaller Pro's restore point -

hsssrv.exe
RP329: 06-04-2011 16:49:41 - Removido Microsoft .NET Framework 3.0

Service Pack 2 Language Pack - PTG
RP330: 06-04-2011 16:52:45 - Removido Microsoft .NET Framework 3.0

Service Pack 2
RP331: 06-04-2011 16:58:39 - Software Distribution Service 3.0
RP332: 06-04-2011 17:01:26 - Software Distribution Service 3.0
RP333: 06-04-2011 17:02:54 - Software Distribution Service 3.0
RP334: 06-04-2011 17:06:42 - Software Distribution Service 3.0
RP335: 06-04-2011 17:17:22 - Software Distribution Service 3.0
RP336: 06-04-2011 17:20:38 - Software Distribution Service 3.0
RP337: 06-04-2011 17:31:18 - Software Distribution Service 3.0
RP338: 06-04-2011 17:37:53 - Software Distribution Service 3.0
RP339: 06-04-2011 17:39:10 - Software Distribution Service 3.0
RP340: 06-04-2011 17:46:42 - Software Distribution Service 3.0
RP341: 06-04-2011 17:48:19 - Software Distribution Service 3.0
RP342: 06-04-2011 17:56:50 - Revo Uninstaller Pro's restore point -

Windows Search 4.0
RP343: 06-04-2011 18:15:50 - Revo Uninstaller Pro's restore point -

Hotspot Shield 1.57
RP344: 06-04-2011 18:26:55 - Revo Uninstaller Pro's restore point -

hotspot shield
RP345: 06-04-2011 19:34:50 - Revo Uninstaller Pro's restore point -

Final Uninstaller
.
==== Installed Programs ======================
.
7-Zip 9.20
AA3Deploy
Acrobat.com
Actualização de Segurança para o Windows Media Player (KB2378111)
Actualização de Segurança para o Windows Media Player (KB973540)
Actualização de Segurança para o Windows Media Player (KB975558)
Actualização de Segurança para o Windows Media Player (KB978695)
Actualização de Segurança para o Windows Media Player (KB979402)
Actualização de segurança para Windows Internet Explorer 8 (KB2183461)
Actualização de segurança para Windows Internet Explorer 8 (KB2360131)
Actualização de segurança para Windows Internet Explorer 8 (KB2416400)
Actualização de segurança para Windows Internet Explorer 8 (KB2482017)
Actualização de segurança para Windows Internet Explorer 8 (KB971961)
Actualização de segurança para Windows Internet Explorer 8 (KB976325)
Actualização de segurança para Windows Internet Explorer 8 (KB978207)
Actualização de segurança para Windows Internet Explorer 8 (KB981332)
Actualização de segurança para Windows Internet Explorer 8 (KB982381)
Actualização de segurança para Windows XP (KB2079403)
Actualização de segurança para Windows XP (KB2115168)
Actualização de segurança para Windows XP (KB2121546)
Actualização de segurança para Windows XP (KB2160329)
Actualização de segurança para Windows XP (KB2229593)
Actualização de segurança para Windows XP (KB2259922)
Actualização de segurança para Windows XP (KB2279986)
Actualização de segurança para Windows XP (KB2286198)
Actualização de segurança para Windows XP (KB2296011)
Actualização de segurança para Windows XP (KB2296199)
Actualização de segurança para Windows XP (KB2347290)
Actualização de segurança para Windows XP (KB2360937)
Actualização de segurança para Windows XP (KB2387149)
Actualização de segurança para Windows XP (KB2393802)
Actualização de segurança para Windows XP (KB2419632)
Actualização de segurança para Windows XP (KB2423089)
Actualização de segurança para Windows XP (KB2436673)
Actualização de segurança para Windows XP (KB2440591)
Actualização de segurança para Windows XP (KB2443105)
Actualização de segurança para Windows XP (KB2476687)
Actualização de segurança para Windows XP (KB2478960)
Actualização de segurança para Windows XP (KB2478971)
Actualização de segurança para Windows XP (KB2479628)
Actualização de segurança para Windows XP (KB2479943)
Actualização de segurança para Windows XP (KB2481109)
Actualização de segurança para Windows XP (KB2483185)
Actualização de segurança para Windows XP (KB2485376)
Actualização de segurança para Windows XP (KB2524375)
Actualização de segurança para Windows XP (KB923561)
Actualização de segurança para Windows XP (KB923789)
Actualização de Segurança para Windows XP (KB941569)
Actualização de segurança para Windows XP (KB946648)
Actualização de segurança para Windows XP (KB950762)
Actualização de segurança para Windows XP (KB950974)
Actualização de segurança para Windows XP (KB951066)
Actualização de segurança para Windows XP (KB951376-v2)
Actualização de segurança para Windows XP (KB951748)
Actualização de segurança para Windows XP (KB952004)
Actualização de segurança para Windows XP (KB952954)
Actualização de segurança para Windows XP (KB955069)
Actualização de segurança para Windows XP (KB956572)
Actualização de segurança para Windows XP (KB956744)
Actualização de segurança para Windows XP (KB956802)
Actualização de segurança para Windows XP (KB956803)
Actualização de segurança para Windows XP (KB956844)
Actualização de segurança para Windows XP (KB958644)
Actualização de segurança para Windows XP (KB958869)
Actualização de segurança para Windows XP (KB959426)
Actualização de segurança para Windows XP (KB960225)
Actualização de segurança para Windows XP (KB960803)
Actualização de segurança para Windows XP (KB960859)
Actualização de segurança para Windows XP (KB961501)
Actualização de segurança para Windows XP (KB969059)
Actualização de segurança para Windows XP (KB969947)
Actualização de segurança para Windows XP (KB970238)
Actualização de segurança para Windows XP (KB970430)
Actualização de segurança para Windows XP (KB971468)
Actualização de segurança para Windows XP (KB971657)
Actualização de segurança para Windows XP (KB972270)
Actualização de segurança para Windows XP (KB973354)
Actualização de segurança para Windows XP (KB973507)
Actualização de segurança para Windows XP (KB973869)
Actualização de segurança para Windows XP (KB973904)
Actualização de segurança para Windows XP (KB974112)
Actualização de segurança para Windows XP (KB974318)
Actualização de segurança para Windows XP (KB974392)
Actualização de segurança para Windows XP (KB974571)
Actualização de segurança para Windows XP (KB975025)
Actualização de segurança para Windows XP (KB975467)
Actualização de segurança para Windows XP (KB975560)
Actualização de segurança para Windows XP (KB975561)
Actualização de segurança para Windows XP (KB975562)
Actualização de segurança para Windows XP (KB975713)
Actualização de segurança para Windows XP (KB977165-v2)
Actualização de segurança para Windows XP (KB977816)
Actualização de segurança para Windows XP (KB977914)
Actualização de segurança para Windows XP (KB978037)
Actualização de segurança para Windows XP (KB978251)
Actualização de segurança para Windows XP (KB978338)
Actualização de segurança para Windows XP (KB978542)
Actualização de segurança para Windows XP (KB978601)
Actualização de segurança para Windows XP (KB978706)
Actualização de segurança para Windows XP (KB979309)
Actualização de segurança para Windows XP (KB979482)
Actualização de segurança para Windows XP (KB979559)
Actualização de segurança para Windows XP (KB979683)
Actualização de segurança para Windows XP (KB979687)
Actualização de segurança para Windows XP (KB980195)
Actualização de segurança para Windows XP (KB980218)
Actualização de segurança para Windows XP (KB980232)
Actualização de segurança para Windows XP (KB980436)
Actualização de segurança para Windows XP (KB981322)
Actualização de segurança para Windows XP (KB981852)
Actualização de segurança para Windows XP (KB981957)
Actualização de segurança para Windows XP (KB981997)
Actualização de segurança para Windows XP (KB982132)
Actualização de segurança para Windows XP (KB982214)
Actualização de segurança para Windows XP (KB982665)
Actualização de segurança para Windows XP (KB982802)
Actualização para Microsoft Windows (KB971513)
Actualização para Windows Internet Explorer 8 (KB2447568)
Actualização para Windows Internet Explorer 8 (KB976662)
Actualização para Windows Internet Explorer 8 (KB978506)
Actualização para Windows Internet Explorer 8 (KB980182)
Actualização para Windows XP (KB2141007)
Actualização para Windows XP (KB2345886)
Actualização para Windows XP (KB2467659)
Actualização para Windows XP (KB951978)
Actualização para Windows XP (KB955759)
Actualização para Windows XP (KB961503)
Actualização para Windows XP (KB967715)
Actualização para Windows XP (KB968389)
Actualização para Windows XP (KB971029)
Actualização para Windows XP (KB971737)
Actualização para Windows XP (KB973687)
Actualização para Windows XP (KB973815)
Actualização para Windows XP (KB978207)
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.3
Adobe Shockwave Player 11.5
AI Direct Link
AI Suite
ASUSUpdate
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast

Ethernet Driver
Atheros Ethernet Utility
AVG 2011
Badaboom 1.1.1.241
CCleaner
Compatibility Pack for the 2007 Office system
Cooliris for Internet Explorer
CorelDRAW Graphics Suite 12
Curse Client
DivX Author 1.5
DivX Setup
DivX Version Checker
ElsterFormular 2008/2009
Entropia Universe
EPSON Printer Software
EPU-6 Engine
Eraser 5.8.7
Express Gate
FileZilla Client 3.3.4.1
Fraps (remove only)
FW LiveUpdate
Google Earth
Google Talk Plugin
Google Update Helper
Google Updater
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB976002-v5)
Hotfix para Windows XP (KB2158563)
Hotfix para Windows XP (KB2443685)
Hotfix para Windows XP (KB952287)
Hotfix para Windows XP (KB961118)
Hotfix para Windows XP (KB981793)
HotSpot International Toolbar
Hotspot Shield 1.57
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 24
Malwarebytes' Anti-Malware
marvell 61xx
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Portuguese Language Pack
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PTG
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PTG
Microsoft .NET Framework 3.5 Language Pack SP1 - PTG
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile PTG Language Pack
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 4.0 (x86 en-US)
Mozilla Firefox 4.0b7 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
n52te Editor
nHancer
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
NVIDIA WDM Drivers
Octoshape add-in for Adobe Flash Player
OGA Notifier 2.0.0048.0
Pacote do Fornecedor de Serviço Criptográfico para Cartão Inteligente

Base da Microsoft
PC Probe II
Realtek High Definition Audio Driver
Recuva
Revo Uninstaller Pro 2.5.1
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio
Samsung PC Studio 3 USB Driver Installer
Samsung Samples Installer
Samsung_MonSetup
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Search 4 - KB963093
Segoe UI
Silent Hunter 4 Wolves of the Pacific
Skype Toolbars
Skype™ 4.2
Spybot - Search & Destroy
System Requirements Lab
TeamSpeak 2 RC2
TeamSpeak 3 Client
Ulead Burn.Now 4.5
Ulead Burn.Now 4.5 SE
Ulead PhotoImpact 12
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.4053
VLC media player 1.1.7
Vodafone 804SS USB driver Software
Vtune 7.4
WebFldrs XP
Windows 7 Upgrade Advisor
Windows Driver Package - Belkin (HidUsb) HIDClass (01/11/2007 1.0)
Windows Driver Package - MOTOROLA (uisp) USB (09/08/2006 1.2.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
World of Warcraft
World of Warcraft Public Test
X3 Terran Conflict Rolling Demo
XML Paper Specification Shared Components Language Pack 1.0
Zero Assumption Recovery Version 8.4
ZoneAlarm
.
==== End Of File ===========================


I'll set the coffee going for you :)
 
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
removing Anti virus, so i can scan, but got a question, are you gonna need a scan from Gmer? 'cause i only posted the initial auto scan, looks rather smallish
...er... is it gonna be a prob that my Xp is in Portuguese? (my brother thought it was fun at the time since i was born in Portugal but hardly speak the language...it's ...interesting at times like this )
 
comboFix Log

ComboFix 11-04-06.01 - Greg 07-04-2011 2:57.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.351.2070.18.3327.2707 [GMT 2:00]
Executando de: c:\documents and settings\Greg\Os meus documentos\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Greg\Application Data\Local
c:\documents and settings\Greg\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\0.ddi
c:\documents and settings\Greg\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\1.ddi
c:\documents and settings\Greg\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\2.ddi
c:\documents and settings\Greg\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\3.ddi
c:\documents and settings\Greg\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\4.ddi
c:\documents and settings\Greg\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\5.ddi
c:\documents and settings\Greg\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\6.ddi
c:\documents and settings\Greg\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\7.ddi
c:\documents and settings\Greg\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\get_video
c:\documents and settings\Greg\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\get_video(2)
c:\documents and settings\Greg\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\get_video(2).ddr
c:\documents and settings\Greg\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\get_video(3)
c:\documents and settings\Greg\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\get_video(3).ddr
c:\documents and settings\Greg\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\get_video(4)
c:\documents and settings\Greg\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\get_video(4).ddr
c:\documents and settings\Greg\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\get_video(5)
c:\documents and settings\Greg\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\get_video(5).ddr
c:\documents and settings\Greg\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\get_video(6)
c:\documents and settings\Greg\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\get_video(6).ddr
c:\documents and settings\Greg\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\get_video(7)
c:\documents and settings\Greg\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\get_video(7).ddr
c:\documents and settings\Greg\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\get_video.ddr
c:\documents and settings\Greg\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en.divx
c:\documents and settings\Greg\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en.divx.ddr
C:\install.exe
C:\Thumbs.db
c:\windows\system32\Thumbs.db
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2011-03-07 to 2011-04-07 ))))))))))))))))))))))))))))
.
.
2011-04-06 23:02 . 2011-04-06 23:02 -------- d-----w- c:\programas\Ficheiros comuns\Adobe
2011-04-06 19:13 . 2011-04-06 19:13 -------- d-----w- c:\documents and settings\Greg\Application Data\Malwarebytes
2011-04-06 19:13 . 2011-04-06 19:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-04-06 19:13 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-06 19:13 . 2011-04-06 20:20 -------- d-----w- c:\programas\Malwarebytes' Anti-Malware
2011-04-06 19:13 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-06 17:42 . 2011-04-06 17:42 -------- d-----w- c:\documents and settings\Greg\Definições locais\Application Data\Conduit
2011-04-06 17:42 . 2011-04-06 17:42 -------- d-----w- c:\programas\Conduit
2011-04-06 17:42 . 2011-04-06 18:07 -------- d-----w- c:\documents and settings\Greg\Definições locais\Application Data\HotSpot_International
2011-04-06 17:42 . 2011-04-06 18:08 -------- d-----w- c:\programas\HotSpot_International
2011-04-06 17:41 . 2011-04-06 17:41 -------- d-----w- C:\Hotspot Shield
2011-04-06 17:30 . 2011-04-06 17:30 -------- d-----w- c:\documents and settings\Greg\Application Data\CheeseSoft
2011-04-06 17:30 . 2011-04-06 17:33 -------- d-----w- C:\FU_Backup
2011-04-06 17:30 . 2011-04-06 17:35 -------- d-----w- c:\programas\FinalUninstaller
2011-04-06 16:58 . 2011-04-06 17:41 -------- d-----w- c:\programas\Hotspot Shield
2011-04-06 16:14 . 2010-11-04 18:43 506880 ----a-w- c:\programas\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor.dll
2011-04-06 15:24 . 2011-04-06 15:24 -------- d-----w- c:\documents and settings\LocalService\Definições locais\Application Data\Adobe
2011-04-06 15:24 . 2011-04-06 15:24 -------- d-----w- c:\windows\system32\winrm
2011-04-06 15:23 . 2011-04-06 15:24 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-04-06 15:22 . 2011-04-06 16:05 -------- d-----w- c:\programas\Windows Desktop Search
2011-04-06 15:22 . 2011-04-06 15:22 -------- d-----w- c:\windows\system32\GroupPolicy
2011-04-06 15:22 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2011-04-06 15:22 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2011-04-06 15:22 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2011-04-06 14:59 . 2011-04-06 15:17 -------- d-----w- c:\windows\system32\XPSViewer
2011-04-06 14:59 . 2011-04-06 14:59 -------- d-----w- c:\programas\MSBuild
2011-04-06 14:59 . 2011-04-06 14:59 -------- d-----w- c:\programas\Reference Assemblies
2011-04-06 12:14 . 2011-04-06 12:14 -------- d-----w- c:\documents and settings\Greg\Definições locais\Application Data\VS Revo Group
2011-04-06 12:14 . 2009-12-30 09:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2011-04-06 12:14 . 2011-04-06 12:14 -------- d-----w- c:\programas\VS Revo Group
2011-04-06 09:48 . 2011-04-06 09:48 -------- d-----w- c:\documents and settings\Greg\Definições locais\Application Data\Thunderbird
2011-04-06 09:48 . 2011-04-06 09:48 -------- d-----w- c:\documents and settings\Greg\Application Data\Thunderbird
2011-03-23 23:36 . 2011-03-23 23:36 -------- d-----w- C:\ConvertTemp
2011-03-23 23:33 . 2011-03-23 23:33 -------- d-----w- c:\documents and settings\Greg\Application Data\SAMSUNG
2011-03-23 23:26 . 2004-10-22 01:18 749568 ----a-w- c:\programas\Ficheiros comuns\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2011-03-23 23:26 . 2004-10-22 01:17 69715 ----a-w- c:\programas\Ficheiros comuns\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2011-03-23 23:26 . 2004-10-22 01:17 274432 ----a-w- c:\programas\Ficheiros comuns\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2011-03-23 23:26 . 2004-10-22 01:16 180224 ----a-w- c:\programas\Ficheiros comuns\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2011-03-23 23:26 . 2004-10-22 01:16 5632 ----a-w- c:\programas\Ficheiros comuns\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2011-03-23 23:26 . 2011-03-23 23:26 323716 ----a-w- c:\programas\Ficheiros comuns\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2011-03-23 23:26 . 2011-03-23 23:26 192644 ----a-w- c:\programas\Ficheiros comuns\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2011-03-23 23:08 . 2011-03-23 23:28 -------- d-----w- c:\windows\system32\Samsung PC Studio Codecs
2011-03-23 23:06 . 2005-08-30 16:59 94000 ----a-w- c:\windows\system32\drivers\ss_mdm.sys
2011-03-23 23:06 . 2005-08-30 16:58 8304 ----a-w- c:\windows\system32\drivers\ss_mdfl.sys
2011-03-23 23:06 . 2005-08-30 16:58 6144 ----a-w- c:\windows\system32\drivers\ss_cmnt.sys
2011-03-23 23:06 . 2005-08-30 16:58 6144 ----a-w- c:\windows\system32\drivers\ss_cm.sys
2011-03-23 23:06 . 2005-08-30 16:57 58320 ----a-w- c:\windows\system32\drivers\ss_bus.sys
2011-03-23 23:06 . 2011-03-23 23:06 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers
2011-03-23 23:06 . 2005-08-30 16:57 5808 ----a-w- c:\windows\system32\drivers\ss_whnt.sys
2011-03-23 23:06 . 2005-08-30 16:57 5808 ----a-w- c:\windows\system32\drivers\ss_wh.sys
2011-03-23 17:34 . 2011-03-18 17:53 142296 ----a-w- c:\programas\Mozilla Firefox\components\browsercomps.dll
2011-03-23 17:34 . 2011-03-18 17:53 781272 ----a-w- c:\programas\Mozilla Firefox\mozsqlite3.dll
2011-03-23 17:34 . 2011-03-18 17:53 1874904 ----a-w- c:\programas\Mozilla Firefox\mozjs.dll
2011-03-23 17:34 . 2011-03-18 17:53 15832 ----a-w- c:\programas\Mozilla Firefox\mozalloc.dll
2011-03-23 17:34 . 2011-03-18 17:53 728024 ----a-w- c:\programas\Mozilla Firefox\libGLESv2.dll
2011-03-23 17:34 . 2011-03-18 17:53 142296 ----a-w- c:\programas\Mozilla Firefox\libEGL.dll
2011-03-23 17:34 . 2011-03-18 17:53 1893336 ----a-w- c:\programas\Mozilla Firefox\d3dx9_42.dll
2011-03-23 17:34 . 2011-03-18 17:53 1975768 ----a-w- c:\programas\Mozilla Firefox\D3DCompiler_42.dll
2011-03-12 00:08 . 2011-03-12 00:08 -------- d-----w- c:\programas\Ficheiros comuns\Java
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-05 22:26 . 2011-03-07 15:42 189480 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-04-05 22:26 . 2009-07-01 22:30 189480 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-04-05 16:40 . 2011-03-07 15:42 137544 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-03-07 15:47 . 2011-03-07 15:42 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-02-23 06:27 . 2011-02-23 06:27 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-02-23 06:27 . 2011-02-23 06:27 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-02-23 06:27 . 2010-01-12 11:03 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-02-23 06:27 . 2010-01-12 11:03 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-02-23 06:27 . 2009-04-30 21:02 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-02-23 06:27 . 2009-04-03 09:32 9888384 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-02-23 06:27 . 2009-04-03 09:32 6398720 ----a-w- c:\windows\system32\nv4_disp.dll
2011-02-23 06:27 . 2009-04-03 09:32 4980736 ----a-w- c:\windows\system32\nvcuda.dll
2011-02-23 06:27 . 2009-04-03 09:32 2916968 ----a-w- c:\windows\system32\nvcuvid.dll
2011-02-23 06:27 . 2009-04-03 09:32 1958400 ----a-w- c:\windows\system32\nvapi.dll
2011-02-23 06:27 . 2009-04-03 09:32 14671872 ----a-w- c:\windows\system32\nvoglnt.dll
2011-02-09 13:54 . 2004-08-04 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:54 . 2004-08-04 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 20:40 . 2010-05-02 10:00 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 18:19 . 2009-06-26 09:33 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:59 . 2009-06-06 15:46 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2009-06-06 15:46 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-04 12:00 441344 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2011-03-18 17:53 . 2011-03-23 17:34 142296 ----a-w- c:\programas\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0002ee26-8c11-49eb-9cdf-56eeffef664f}"= "c:\programas\HotSpot_International\tbHotS.dll" [2010-06-13 2734688]
.
[HKEY_CLASSES_ROOT\clsid\{0002ee26-8c11-49eb-9cdf-56eeffef664f}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0002ee26-8c11-49eb-9cdf-56eeffef664f}]
2010-06-13 17:10 2734688 ----a-w- c:\programas\HotSpot_International\tbHotS.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0002ee26-8c11-49eb-9cdf-56eeffef664f}"= "c:\programas\HotSpot_International\tbHotS.dll" [2010-06-13 2734688]
.
[HKEY_CLASSES_ROOT\clsid\{0002ee26-8c11-49eb-9cdf-56eeffef664f}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{0002EE26-8C11-49EB-9CDF-56EEFFEF664F}"= "c:\programas\HotSpot_International\tbHotS.dll" [2010-06-13 2734688]
.
[HKEY_CLASSES_ROOT\clsid\{0002ee26-8c11-49eb-9cdf-56eeffef664f}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\programas\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"Google Update"="c:\documents and settings\Greg\Definições locais\Application Data\Google\Update\GoogleUpdate.exe" [2010-10-14 136176]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Jomantha"="c:\programas\n52te\n52teHid.exe" [2008-06-13 159744]
"Six Engine"="c:\program files\ASUS\Six Engine\SixEngine.exe" [2008-06-03 5964800]
"Ai Nap"="c:\program files\ASUS\Ai Suite\AiNap\AiNap.exe" [2008-05-21 1423360]
"QFan Help"="c:\program files\ASUS\Ai Suite\QFan3\QFanHelp.exe" [2008-05-06 594432]
"Cpu Level Up help"="c:\program files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-11-30 881152]
"Launch Direct Link"="c:\programas\ASUS\AI Direct Link\AsShare.exe" [2007-11-16 1209856]
"Launch As Cmd Runner"="c:\programas\ASUS\AI Direct Link\AsCmd.exe" [2007-04-11 376832]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-03 16876032]
"ZoneAlarm Client"="c:\programas\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
"DivX Download Manager"="c:\programas\DivX\DivX Plus Web Player\DDmService.exe" [2010-09-02 62776]
"SunJavaUpdateSched"="c:\programas\Ficheiros comuns\Java\Java Update\jusched.exe" [2010-10-29 249064]
"DivXUpdate"="c:\programas\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Adobe Reader Speed Launcher"="c:\programas\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\programas\Ficheiros comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\WORK\Menu Iniciar\Programas\Arranque\
OpenOffice.org 3.2.lnk - c:\programas\OpenOffice.org 3\program\quickstart.exe [N/A]
.
c:\documents and settings\All Users\Menu Iniciar\Programas\Arranque\
EPSON Status Monitor 3 Environment Check 2.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2009-7-1 131584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Name of App]
2010-08-04 12:55 692317 ----a-w- c:\programas\SAMSUNG\FW LiveUpdate\FWManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Programas\\Curse\\CurseClient.exe"=
"c:\\Programas\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe"=
"c:\\Programas\\World of Warcraft\\Launcher.exe"=
"c:\\Programas\\Java\\jre6\\bin\\java.exe"=
"c:\\Programas\\World of Warcraft Public Test\\WoW-0.3.0.10522-enGB-ptr-downloader.exe"=
"c:\\Programas\\World of Warcraft Public Test\\Launcher.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Programas\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programas\\Skype\\Phone\\Skype.exe"=
"c:\\Programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\Greg\\Definições locais\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"5985:TCP"= 5985:TCP:*:Disabled:Gestão Remota do Windows
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13-09-2010 16:27 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07-09-2010 4:48 26064]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [22-07-2008 10:01 151592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07-09-2010 4:48 251728]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [09-11-2010 23:20 299984]
R2 hshld;Hotspot Shield Service;c:\programas\Hotspot Shield\bin\openvpnas.exe [25-03-2011 3:13 271408]
R2 HssWd;Hotspot Shield Monitoring Service;c:\programas\Hotspot Shield\bin\hsswd.exe -product HSS --> c:\programas\Hotspot Shield\bin\hsswd.exe -product HSS [?]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19-08-2010 21:42 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19-08-2010 21:42 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19-08-2010 21:42 26192]
R3 camvid20;Philips ToUcam Camera; Video;c:\windows\system32\drivers\camdrv21.sys [11-07-2009 2:06 223232]
R3 JmtFltr;n52te;c:\windows\system32\drivers\JmtFltr.sys [06-06-2009 21:09 48896]
S2 AVGIDSAgent;AVGIDSAgent;"c:\programas\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" --> c:\programas\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [?]
S2 avgwd;AVG WatchDog;c:\programas\AVG\AVG10\avgwdsvc.exe --> c:\programas\AVG\AVG10\avgwdsvc.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-03-2010 13:16 130384]
S2 gupdate1c9fc9288585f4c;Serviço Google Update (gupdate1c9fc9288585f4c);c:\programas\Google\Update\GoogleUpdate.exe [04-07-2009 12:30 133104]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\programas\AVG\AVG10\Toolbar\ToolbarBroker.exe --> c:\programas\AVG\AVG10\Toolbar\ToolbarBroker.exe [?]
S3 EPUSBSTOR;EPSON USB Storage Driver;c:\windows\system32\drivers\epusbsto.sys [10-09-2001 17976]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [04-08-2004 14:00 14336]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [06-04-2011 14:14 27064]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [04-08-2004 14:00 14336]
S3 WN4501HLFIR(Arcor);Arcor-Easy Stick A 50 WLAN(Arcor);c:\windows\system32\drivers\ARWUSB.sys [31-12-2010 17:21 489472]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-03-2010 13:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
WINRM REG_MULTI_SZ WINRM
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2011-04-07 c:\windows\Tasks\Google Software Updater.job
- c:\programas\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-04 10:29]
.
2011-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programas\Google\Update\GoogleUpdate.exe [2009-07-04 10:30]
.
2011-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programas\Google\Update\GoogleUpdate.exe [2009-07-04 10:30]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://search.conduit.com/?SearchSource=10&ctid=CT1561552
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - hxxp://www.cooliris.com/shared/plinstll.cab
FF - ProfilePath - c:\documents and settings\Greg\Application Data\Mozilla\Firefox\Profiles\0nlvzg9x.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORFÃOS REMOVIDOS - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
AddRemove-AVG - c:\programas\AVG\AVG10\avgmfapx.exe
AddRemove-HotspotShield - c:\programas\Hotspot Shield\Uninstall.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Greg\Application Data\Macromedia\Flash Player\
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-07 03:02
Windows 5.1.2600 Service Pack 3 NTFS
.
Procurando processos ocultos ...
.
Procurando entradas auto inicializáveis ocultas ...
.
Procurando ficheiros/arquivos ocultos ...
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
.
- - - - - - - > 'explorer.exe'(3808)
c:\programas\Windows Media Player\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\programas\Ficheiros comuns\EPSON\EBAPI\SAgent2.exe
c:\programas\Hotspot Shield\HssWPR\hsssrv.exe
c:\programas\Hotspot Shield\bin\hsswd.exe
c:\programas\Java\jre6\bin\jqs.exe
c:\programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programas\nHancer\nHancerService.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\PSIService.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\programas\n52te\n52teTra.exe
c:\windows\RTHDCPL.EXE
c:\programas\Hotspot Shield\bin\openvpntray.exe
.
**************************************************************************
.
Tempo para conclusão: 2011-04-07 03:07:21 - Máquina reiniciou
ComboFix-quarantined-files.txt 2011-04-07 01:07
.
Pré-execução: 831.457.239.040 bytes livres
Pós execução: 831.439.880.192 bytes livres
.
WindowsXP-KB310994-SP2-Pro-BootDisk-PTB.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 7C66B51A6A3B4062AF6BC827958684BD
 
signing off for tonight, but "I'll be back" tomorrow morning.
thx for all the nice work you guys do. BIG KUDOS.
 
GMER log looks fine.

Combofix log looks good now.

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Good Morning.

(fixing coffee drip to my arm)

MORNING :)

here goes the scan results, keep getting this stupid Hotspot trying to connect to the web, but as i tried and failed to completely uninstall it i re installed it before we started this all in an attempt to do a forced uninstall with Revo, but as my brain was "glazing" i decided to leave it alone and come to you guys.

OTL Extras logfile created on: 07-04-2011 10:05:55 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Greg\Os meus documentos\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000816 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 72,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programas
Drive C: | 931,50 Gb Total Space | 781,35 Gb Free Space | 83,88% Space Free | Partition Type: NTFS

Computer Name: DEEPBLUE12 | User Name: Greg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-527237240-884357618-1801674531-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programas\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programas\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programas\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
"5985:TCP" = 5985:TCP:*:Disabled:Gestão Remota do Windows

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programas\Curse\CurseClient.exe" = C:\Programas\Curse\CurseClient.exe:*:Enabled:Curse Client -- ()
"C:\Programas\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe" = C:\Programas\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Programas\World of Warcraft\Launcher.exe" = C:\Programas\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Programas\Java\jre6\bin\java.exe" = C:\Programas\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programas\World of Warcraft Public Test\WoW-0.3.0.10522-enGB-ptr-downloader.exe" = C:\Programas\World of Warcraft Public Test\WoW-0.3.0.10522-enGB-ptr-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Programas\World of Warcraft Public Test\Launcher.exe" = C:\Programas\World of Warcraft Public Test\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)
"C:\Documents and Settings\Greg\Definições locais\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Greg\Definições locais\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Programas\AVG\AVG10\avgnsx.exe" = C:\Programas\AVG\AVG10\avgnsx.exe:*:Enabled:protecção Online -- (AVG Technologies CZ, s.r.o.)
"C:\Programas\AVG\AVG10\avgmfapx.exe" = C:\Programas\AVG\AVG10\avgmfapx.exe:*:Enabled:Instalador AVG -- (AVG Technologies CZ, s.r.o.)
"C:\Programas\AVG\AVG10\avgemcx.exe" = C:\Programas\AVG\AVG10\avgemcx.exe:*:Enabled:Verificador de E-mail Pessoal -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{005F78AF-110D-398A-8430-BE98950A1E22}" = Google Talk Plugin
"{01EAA7C8-C141-44BA-92E4-0B196A9DD0E9}" = Cooliris for Internet Explorer
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{0800E395-4DD7-3A93-BB96-08596C0D725F}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PTG
"{0AC8162B-5175-41D7-B963-8307A40BD456}" = n52te Editor
"{0D005F09-A5F4-473B-A901-5735C6AF5628}" = Silent Hunter 4 Wolves of the Pacific
"{0D70FCFE-2102-4951-A56E-22DD07DFA5B6}" = Microsoft .NET Framework 1.1 Portuguese Language Pack
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{11F5D779-7BD9-465A-BBC4-10701386BCB9}" = FW LiveUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{2D622A15-11C6-489D-84A3-78C7D7EA2789}" = Cooliris for Internet Explorer
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C9816-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12
"{55718B4B90B54F7EADC5621C750A14E6}" = DivX Author 1.5
"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AC15160-A49B-4A89-B181-D4619C025FFF}" = Samsung Samples Installer
"{7B1DBCBE-DF17-3B58-844C-F572F70EF5C4}" = Microsoft .NET Framework 3.5 Language Pack SP1 - ptg
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{88528F28-E04A-3A93-B3C0-14651148FE82}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PTG
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A0494B41-EBD7-4C0D-91B7-DC39741B27BB}" = Express Gate
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5
"{A5C92CF6-7B3E-4892-8DE5-125E44D1AD06}" = nHancer
"{A7894110-9C15-43EF-89E9-060363290188}" = Samsung PC Studio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{B023185F-F1EF-4F97-B0BD-AE6D802226D1}" = NVIDIA WDM Drivers
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3AEF776-7FFF-4C50-A402-9119E3849EE0}" = AVG 2011
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1" = Eraser 5.8.7
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C312984C-E386-4C2D-B33E-7B54355FB16E}" = AI Direct Link
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D4E53304-1F6C-4111-9872-1BCD2CF5B642}" = AVG 2011
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{F855451C-21E2-3034-B042-E1E66923548A}" = Microsoft .NET Framework 4 Client Profile PTG Language Pack
"{FB686487-C637-4EEF-BCB1-C92463F2CC05}" = Atheros Ethernet Utility
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFE62AAA-60EC-71CF-0505-740B8E797647}" = Acrobat.com
"0D91165CEEB2095316E8A04A59CDF0AE4B957C61" = Windows Driver Package - MOTOROLA (uisp) USB (09/08/2006 1.2.0.0)
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AVG" = AVG 2011
"B3F2F39D9A48AD78A74BA5D236210A6E48B1333C" = Windows Driver Package - Belkin (HidUsb) HIDClass (01/11/2007 1.0)
"Badaboom" = Badaboom 1.1.1.241
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Setup.divx.com" = DivX Setup
"Entropia Universe" = Entropia Universe
"EPSON Printer and Utilities" = EPSON Printer Software
"FileZilla Client" = FileZilla Client 3.3.4.1
"Fraps" = Fraps (remove only)
"Google Updater" = Google Updater
"HotSpot_International Toolbar" = HotSpot International Toolbar
"ie8" = Windows Internet Explorer 8
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5 SE
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - ptg" = Microsoft .NET Framework 3.5 Language Pack SP1 - PTG
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PTG Language Pack" = Microsoft .NET Framework 4 Client Profile PTG Language Pack
"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
"Mozilla Firefox 4.0b7 (x86 en-US)" = Mozilla Firefox 4.0b7 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"mv61xxDriver" = marvell 61xx
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Recuva" = Recuva
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 1.1.7
"Vodafone 804SS USB driver" = Vodafone 804SS USB driver Software
"Vtune_is1" = Vtune 7.4
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"World of Warcraft Public Test" = World of Warcraft Public Test
"X3TerranConflictRDemo_is1" = X3 Terran Conflict Rolling Demo
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Zero Assumption Recovery_is1" = Zero Assumption Recovery Version 8.4
"ZoneAlarm" = ZoneAlarm

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-527237240-884357618-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"2a4f70b48f669acd" = AA3Deploy

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 03-04-2011 21:25:10 | Computer Name = DEEPBLUE12 | Source = Application Error | ID = 1000
Description = Aplicação em falha , versão 0.0.0.0, módulo em falha unknown, versão
0.0.0.0, endereço em falha 0x00000000.

Error - 04-04-2011 16:30:37 | Computer Name = DEEPBLUE12 | Source = Application Error | ID = 1000
Description = Aplicação em falha , versão 0.0.0.0, módulo em falha unknown, versão
0.0.0.0, endereço em falha 0x00000000.

Error - 04-04-2011 21:54:21 | Computer Name = DEEPBLUE12 | Source = Application Error | ID = 1000
Description = Aplicação em falha , versão 0.0.0.0, módulo em falha unknown, versão
0.0.0.0, endereço em falha 0x00000000.

Error - 06-04-2011 7:47:26 | Computer Name = DEEPBLUE12 | Source = Application Hang | ID = 1002
Description = A desligar a aplicação Au_.exe, versão 6.30.46218.0, modulo de desligar
hungapp, versão 0.0.0.0, endereço de desligar 0x00000000.

Error - 06-04-2011 8:36:52 | Computer Name = DEEPBLUE12 | Source = Application Error | ID = 1000
Description = Aplicação em falha , versão 0.0.0.0, módulo em falha unknown, versão
0.0.0.0, endereço em falha 0x00000000.

Error - 06-04-2011 10:49:30 | Computer Name = DEEPBLUE12 | Source = MsiInstaller | ID = 1013
Description = Produto: Microsoft .NET Framework 3.0 Service Pack 2 -- Microsoft
.NET Framework 3.0 Service Pack 2 cannot be uninstalled because it will affect other
applications that are installed. For more information, see http://go.microsoft.com/fwlink/?LinkId=91126.

Error - 06-04-2011 11:23:31 | Computer Name = DEEPBLUE12 | Source = Windows Search Service | ID = 3024
Description =

Error - 06-04-2011 16:40:18 | Computer Name = DEEPBLUE12 | Source = Application Error | ID = 1000
Description = Aplicação em falha openvpn.exe, versão 0.0.0.0, módulo em falha msvcrt.dll,
versão 7.0.2600.5512, endereço em falha 0x00037740.

Error - 06-04-2011 16:40:44 | Computer Name = DEEPBLUE12 | Source = Application Error | ID = 1000
Description = Aplicação em falha openvpn.exe, versão 0.0.0.0, módulo em falha msvcrt.dll,
versão 7.0.2600.5512, endereço em falha 0x00037740.

Error - 06-04-2011 16:41:10 | Computer Name = DEEPBLUE12 | Source = Application Error | ID = 1000
Description = Aplicação em falha openvpn.exe, versão 0.0.0.0, módulo em falha msvcrt.dll,
versão 7.0.2600.5512, endereço em falha 0x00037740.

[ System Events ]
Error - 06-04-2011 20:51:58 | Computer Name = DEEPBLUE12 | Source = Service Control Manager | ID = 7024
Description = O serviço Encaminhamento e acesso remoto terminou com o erro específico
do serviço 2 (0x2).

Error - 06-04-2011 21:01:45 | Computer Name = DEEPBLUE12 | Source = RemoteAccess | ID = 20103
Description = Não é possível carregar C:\WINDOWS\System32\iprtrmgr.dll.

Error - 06-04-2011 21:01:47 | Computer Name = DEEPBLUE12 | Source = Service Control Manager | ID = 7000
Description = O serviço AVG WatchDog falhou o arranque devido ao seguinte erro:
%%2

Error - 06-04-2011 21:01:47 | Computer Name = DEEPBLUE12 | Source = Service Control Manager | ID = 7000
Description = O serviço AVGIDSAgent falhou o arranque devido ao seguinte erro: %%2

Error - 06-04-2011 21:01:47 | Computer Name = DEEPBLUE12 | Source = Service Control Manager | ID = 7024
Description = O serviço Encaminhamento e acesso remoto terminou com o erro específico
do serviço 2 (0x2).

Error - 06-04-2011 21:21:16 | Computer Name = DEEPBLUE12 | Source = BROWSER | ID = 8032
Description = O serviço de browser falhou na obtenção da lista de secundários demasiadas
vezes no transporte \Device\NetBT_Tcpip_{7DD2F84C-3982-4C56-84AB-2B3E62C430B0}.
O
browser secundário está a ser parado.

Error - 06-04-2011 21:33:10 | Computer Name = DEEPBLUE12 | Source = RemoteAccess | ID = 20103
Description = Não é possível carregar C:\WINDOWS\System32\iprtrmgr.dll.

Error - 06-04-2011 21:33:27 | Computer Name = DEEPBLUE12 | Source = Service Control Manager | ID = 7024
Description = O serviço Encaminhamento e acesso remoto terminou com o erro específico
do serviço 2 (0x2).

Error - 06-04-2011 21:37:38 | Computer Name = DEEPBLUE12 | Source = BROWSER | ID = 8032
Description = O serviço de browser falhou na obtenção da lista de secundários demasiadas
vezes no transporte \Device\NetBT_Tcpip_{7DD2F84C-3982-4C56-84AB-2B3E62C430B0}.
O
browser secundário está a ser parado.

Error - 06-04-2011 21:51:33 | Computer Name = DEEPBLUE12 | Source = atapi | ID = 262153
Description = O dispositivo, \Device\Ide\IdePort0, não respondeu dentro do tempo
limite.


< End of report >
 
OTL logfile created on: 07-04-2011 10:05:55 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Greg\Os meus documentos\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000816 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 72,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programas
Drive C: | 931,50 Gb Total Space | 781,35 Gb Free Space | 83,88% Space Free | Partition Type: NTFS

Computer Name: DEEPBLUE12 | User Name: Greg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-04-07 10:02:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Greg\Os meus documentos\Downloads\OTL.exe
PRC - [2011-03-25 03:14:46 | 000,108,080 | ---- | M] () -- C:\Programas\Hotspot Shield\bin\openvpntray.exe
PRC - [2011-03-25 03:13:06 | 000,271,408 | ---- | M] () -- C:\Programas\Hotspot Shield\bin\openvpnas.exe
PRC - [2011-03-21 23:10:00 | 001,230,704 | ---- | M] () -- C:\Programas\DivX\DivX Update\DivXUpdate.exe
PRC - [2011-03-18 19:53:06 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programas\Mozilla Firefox\firefox.exe
PRC - [2011-01-07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programas\AVG\AVG10\avgtray.exe
PRC - [2011-01-06 15:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programas\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011-01-05 20:30:36 | 000,352,304 | ---- | M] (AnchorFree Inc.) -- C:\Programas\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2010-10-29 15:49:28 | 000,249,064 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programas\Ficheiros comuns\Java\Java Update\jusched.exe
PRC - [2010-10-22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programas\AVG\AVG10\avgwdsvc.exe
PRC - [2010-10-15 20:42:14 | 000,326,704 | ---- | M] () -- C:\Programas\Hotspot Shield\bin\hsswd.exe
PRC - [2010-09-02 06:38:58 | 000,062,776 | ---- | M] () -- C:\Programas\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2009-04-26 13:15:18 | 000,039,936 | ---- | M] (KSE - Korndörfer Software Engineering) -- C:\Programas\nHancer\nHancerService.exe
PRC - [2008-06-13 12:19:46 | 000,159,744 | ---- | M] (Razer USA Ltd.) -- C:\Programas\n52te\n52teHid.exe
PRC - [2008-06-03 02:06:34 | 005,964,800 | ---- | M] () -- C:\Program Files\ASUS\Six Engine\SixEngine.exe
PRC - [2008-05-21 14:30:26 | 001,423,360 | ---- | M] () -- C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
PRC - [2008-04-24 18:57:12 | 000,110,592 | ---- | M] () -- C:\Programas\n52te\n52teTra.exe
PRC - [2008-04-14 18:09:47 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-11-16 16:12:44 | 001,209,856 | ---- | M] () -- C:\Programas\ASUS\AI Direct Link\AsShare.exe
PRC - [2007-06-05 14:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2003-06-20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2001-10-25 02:02:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programas\Ficheiros comuns\EPSON\EBAPI\SAgent2.exe


========== Modules (SafeList) ==========

MOD - [2011-04-07 10:02:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Greg\Os meus documentos\Downloads\OTL.exe
MOD - [2010-08-23 18:12:34 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AVG Security Toolbar Service)
SRV - [2011-03-25 03:14:52 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Programas\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2011-03-25 03:13:06 | 000,271,408 | ---- | M] () [Auto | Running] -- C:\Programas\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2011-01-06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Programas\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011-01-05 20:30:36 | 000,352,304 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Programas\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2010-10-22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programas\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010-10-15 20:42:14 | 000,326,704 | ---- | M] () [Auto | Running] -- C:\Programas\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2010-08-13 09:13:32 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programas\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010-06-23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stopped] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009-04-26 13:15:18 | 000,039,936 | ---- | M] (KSE - Korndörfer Software Engineering) [Auto | Running] -- C:\Programas\nHancer\nHancerService.exe -- (nHancer)
SRV - [2007-06-05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2003-07-28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programas\Ficheiros comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003-06-20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
SRV - [2001-10-25 02:02:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programas\Ficheiros comuns\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2)


========== Driver Services (SafeList) ==========

DRV - [2011-04-05 18:40:08 | 000,137,544 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2010-12-08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010-11-12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010-09-22 21:19:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2010-09-13 15:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010-09-07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010-09-07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010-08-03 15:23:36 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010-08-03 15:23:34 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010-08-03 15:23:32 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010-05-13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2009-12-30 11:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009-04-03 11:32:06 | 000,141,246 | ---- | M] (NVIDIA Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\NVCAP.SYS -- (nvcap) nVidia WDM Video Capture (universal)
DRV - [2009-04-03 11:32:06 | 000,016,176 | ---- | M] (NVIDIA Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\NVXBAR.SYS -- (NVXBAR)
DRV - [2008-09-23 19:15:00 | 000,038,400 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2008-07-22 10:01:34 | 000,151,592 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mv61xx.sys -- (mv61xx)
DRV - [2008-07-03 11:03:00 | 004,745,216 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007-12-17 11:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2007-09-27 15:46:12 | 000,048,896 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\JmtFltr.sys -- (JmtFltr)
DRV - [2007-09-19 18:01:06 | 000,012,672 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vhidmini.sys -- (vhidmini)
DRV - [2007-03-16 11:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2006-12-04 13:10:34 | 000,489,472 | R--- | M] (Arcor) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ARWUSB.sys -- (WN4501HLFIR(Arcor)) Arcor-Easy Stick A 50 WLAN(Arcor)
DRV - [2005-08-30 18:59:00 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2005-08-30 18:58:56 | 000,008,304 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2005-08-30 18:57:18 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2004-12-23 05:47:10 | 000,027,392 | R--- | M] (Ulead Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ULCDRHlp.sys -- (ULCDRHlp)
DRV - [2004-08-13 12:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2001-09-10 00:00:00 | 000,017,976 | ---- | M] (SEIKO EPSON CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\epusbsto.sys -- (EPUSBSTOR)
DRV - [2001-08-17 21:04:46 | 000,223,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camdrv21.sys -- (camvid20)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-527237240-884357618-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?SearchSource=10&ctid=CT1561552
IE - HKU\S-1-5-21-527237240-884357618-1801674531-1003\..\URLSearchHook: {0002ee26-8c11-49eb-9cdf-56eeffef664f} - C:\Programas\HotSpot_International\tbHotS.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-527237240-884357618-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36605
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.4.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1167
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: djziggy@gmail.com:1.2.9

FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programas\DivX\DivX Plus Web Player\firefox\html5video [2010-09-12 01:17:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Programas\DivX\DivX Plus Web Player\firefox\wpa [2010-09-12 01:18:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Programas\AVG\AVG10\Firefox\ [2011-04-07 03:28:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Programas\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Programas\AVG\AVG10\Firefox4\ [2011-04-07 03:28:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Programas\Mozilla Firefox\components [2011-03-23 19:34:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Programas\Mozilla Firefox\plugins [2011-04-07 01:02:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Components: C:\Programas\Mozilla Firefox 4.0 Beta 7\components [2010-12-10 14:12:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Plugins: C:\Programas\Mozilla Firefox 4.0 Beta 7\plugins

[2011-04-06 11:48:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Greg\Application Data\mozilla\Extensions
[2011-04-06 11:48:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Greg\Application Data\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011-04-07 02:29:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Greg\Application Data\mozilla\Firefox\Profiles\0nlvzg9x.default\extensions
[2010-04-28 07:08:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Greg\Application Data\mozilla\Firefox\Profiles\0nlvzg9x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010-12-10 14:12:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Greg\Application Data\mozilla\Firefox\Profiles\0nlvzg9x.default\extensions\nostmp
[2011-03-25 23:10:07 | 000,000,000 | ---D | M] (Cooliris) -- C:\Documents and Settings\Greg\Application Data\mozilla\Firefox\Profiles\0nlvzg9x.default\extensions\piclens@cooliris.com
[2011-04-06 18:14:45 | 000,000,000 | ---D | M] (No name found) -- C:\Programas\Mozilla Firefox\extensions
[2010-05-02 12:00:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-07-29 12:42:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010-10-21 07:54:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011-03-12 02:08:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011-04-06 18:14:45 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Programas\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0NLVZG9X.DEFAULT\EXTENSIONS\{75CEEE46-9B64-46F8-94BF-54012DE155F0}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0NLVZG9X.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011-04-07 03:28:21 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAMAS\AVG\AVG10\FIREFOX4
[2009-06-26 11:32:55 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMAS\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011-03-18 19:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programas\Mozilla Firefox\components\browsercomps.dll
[2011-02-02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programas\Mozilla Firefox\plugins\npdeployJava1.dll
[2010-01-01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programas\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011-04-07 03:02:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HotSpot International Toolbar) - {0002ee26-8c11-49eb-9cdf-56eeffef664f} - C:\Programas\HotSpot_International\tbHotS.dll (Conduit Ltd.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programas\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programas\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programas\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programas\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Programas\PicLensIE\cooliris.dll (Cooliris Inc.)
O3 - HKLM\..\Toolbar: (HotSpot International Toolbar) - {0002ee26-8c11-49eb-9cdf-56eeffef664f} - C:\Programas\HotSpot_International\tbHotS.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-527237240-884357618-1801674531-1003\..\Toolbar\WebBrowser: (HotSpot International Toolbar) - {0002EE26-8C11-49EB-9CDF-56EEFFEF664F} - C:\Programas\HotSpot_International\tbHotS.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programas\Ficheiros comuns\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programas\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ai Nap] C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Programas\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [DivX Download Manager] C:\Programas\DivX\DivX Plus Web Player\DDmService.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Programas\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Jomantha] C:\Programas\n52te\n52teHid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [Launch As Cmd Runner] C:\Programas\ASUS\AI Direct Link\AsCmd.exe ()
O4 - HKLM..\Run: [Launch Direct Link] C:\Programas\ASUS\AI Direct Link\AsShare.exe ()
O4 - HKLM..\Run: [QFan Help] C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe ()
O4 - HKLM..\Run: [Six Engine] C:\Program Files\ASUS\Six Engine\SixEngine.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programas\Ficheiros comuns\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Programas\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque\EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\WORK\Menu Iniciar\Programas\Arranque\OpenOffice.org 3.2.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-527237240-884357618-1801674531-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-527237240-884357618-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-527237240-884357618-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-527237240-884357618-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Programas\PicLensIE\cooliris.dll (Cooliris Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programas\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1244304484828 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1244306135750 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} http://www.cooliris.com/shared/plinstll.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programas\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programas\Ficheiros comuns\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programas\Ficheiros comuns\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programas\Ficheiros comuns\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programas\Ficheiros comuns\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programas\Ficheiros comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (A minha home page actual) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Greg\Definições locais\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Greg\Definições locais\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-06 17:48:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Programas\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Programas\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.dvacm - C:\Programas\Ficheiros comuns\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.dvacm - C:\Programas\Ficheiros comuns\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011-04-07 03:28:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\AVG 2011
[2011-04-07 02:56:30 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011-04-07 02:53:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011-04-07 02:53:18 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011-04-07 02:53:18 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011-04-07 02:53:18 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011-04-07 02:53:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011-04-07 02:22:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011-04-07 01:02:12 | 000,000,000 | ---D | C] -- C:\Programas\Ficheiros comuns\Adobe
[2011-04-07 00:34:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Ambiente de trabalho\HOTSHIELD PROB
[2011-04-06 21:13:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Application Data\Malwarebytes
[2011-04-06 21:13:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011-04-06 21:13:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Malwarebytes' Anti-Malware
[2011-04-06 21:13:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011-04-06 21:13:29 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011-04-06 21:13:29 | 000,000,000 | ---D | C] -- C:\Programas\Malwarebytes' Anti-Malware
[2011-04-06 19:42:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Definições locais\Application Data\Conduit
[2011-04-06 19:42:36 | 000,000,000 | ---D | C] -- C:\Programas\Conduit
[2011-04-06 19:42:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Definições locais\Application Data\HotSpot_International
[2011-04-06 19:42:34 | 000,000,000 | ---D | C] -- C:\Programas\HotSpot_International
[2011-04-06 19:41:22 | 000,000,000 | ---D | C] -- C:\Hotspot Shield
[2011-04-06 19:41:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Hotspot Shield
[2011-04-06 19:30:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Application Data\CheeseSoft
[2011-04-06 19:30:13 | 000,000,000 | ---D | C] -- C:\FU_Backup
[2011-04-06 19:30:08 | 000,000,000 | ---D | C] -- C:\Programas\FinalUninstaller
[2011-04-06 18:58:11 | 000,000,000 | ---D | C] -- C:\Programas\Hotspot Shield
[2011-04-06 17:24:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Definições locais\Application Data\Adobe
[2011-04-06 17:24:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2011-04-06 17:24:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2011-04-06 17:23:57 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2011-04-06 17:22:59 | 000,000,000 | ---D | C] -- C:\Programas\Windows Desktop Search
[2011-04-06 17:22:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011-04-06 16:59:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2011-04-06 16:59:38 | 000,000,000 | ---D | C] -- C:\Programas\MSBuild
[2011-04-06 16:59:29 | 000,000,000 | ---D | C] -- C:\Programas\Reference Assemblies
[2011-04-06 14:23:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011-04-06 14:14:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Definições locais\Application Data\VS Revo Group
[2011-04-06 14:14:35 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys
[2011-04-06 14:14:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Revo Uninstaller Pro
[2011-04-06 14:14:34 | 000,000,000 | ---D | C] -- C:\Programas\VS Revo Group
[2011-04-06 12:51:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Ambiente de trabalho\OpenOffice.org 3.3 (en-US) Installation Files
[2011-04-06 11:48:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Definições locais\Application Data\Thunderbird
[2011-04-06 11:48:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Application Data\Thunderbird
[2011-03-30 02:14:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\7-Zip
[2011-03-24 01:36:40 | 000,000,000 | ---D | C] -- C:\ConvertTemp
[2011-03-24 01:36:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Os meus documentos\Samsung PC Studio 3
[2011-03-24 01:33:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Application Data\SAMSUNG
[2011-03-24 01:28:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Samsung PC Studio
[2011-03-24 01:28:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Os meus documentos\Samsung PC Studio
[2011-03-24 01:08:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Samsung PC Studio Codecs
[2011-03-24 01:06:46 | 000,094,000 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\ss_mdm.sys
[2011-03-24 01:06:46 | 000,058,320 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\ss_bus.sys
[2011-03-24 01:06:46 | 000,008,304 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\ss_mdfl.sys
[2011-03-24 01:06:46 | 000,006,144 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\ss_cmnt.sys
[2011-03-24 01:06:46 | 000,006,144 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\ss_cm.sys
[2011-03-24 01:06:45 | 000,005,808 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\ss_whnt.sys
[2011-03-24 01:06:45 | 000,005,808 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\ss_wh.sys
[2011-03-24 01:06:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Samsung_USB_Drivers
[2011-03-12 02:08:57 | 000,000,000 | ---D | C] -- C:\Programas\Ficheiros comuns\Java
[2009-06-26 21:47:25 | 001,469,952 | ---- | C] (Toshiba Samsung Storage Technology Corporation) -- C:\Documents and Settings\Greg\Application Data\tsdnwin.dll

========== Files - Modified Within 30 Days ==========

[2011-04-07 09:30:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011-04-07 03:34:50 | 111,823,162 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011-04-07 03:33:44 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-04-07 03:32:59 | 000,000,952 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011-04-07 03:32:48 | 000,000,874 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011-04-07 03:32:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-04-07 03:28:46 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\AVG 2011.lnk
[2011-04-07 03:02:37 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011-04-07 02:56:34 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011-04-07 02:25:03 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\Greg\Ambiente de trabalho\Atalho para ComboFix.lnk
[2011-04-07 01:02:24 | 000,001,714 | ---- | M] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Adobe Reader X.lnk
[2011-04-06 21:13:33 | 000,000,756 | ---- | M] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Malwarebytes' Anti-Malware.lnk
[2011-04-06 19:41:05 | 006,014,048 | ---- | M] () -- C:\Documents and Settings\Greg\Ambiente de trabalho\HSS-1.57-install-anchorfree-238-conduit2[1].exe
[2011-04-06 18:57:50 | 005,807,264 | ---- | M] () -- C:\Documents and Settings\Greg\Ambiente de trabalho\HSS-1.57-install-anchorfree-76-conduit.exe
[2011-04-06 18:14:13 | 006,014,048 | ---- | M] () -- C:\Documents and Settings\Greg\Ambiente de trabalho\HSS-1.57-install-anchorfree-238-conduit2.exe
[2011-04-06 17:58:13 | 000,531,716 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat
[2011-04-06 17:58:13 | 000,481,136 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-04-06 17:58:13 | 000,093,326 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat
[2011-04-06 17:58:13 | 000,079,210 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011-04-06 17:32:39 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011-04-06 17:27:19 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011-04-06 17:27:18 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011-04-06 17:21:52 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011-04-06 17:09:15 | 000,327,504 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-04-06 17:07:08 | 000,252,316 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011-04-06 17:07:08 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011-04-06 14:44:21 | 000,001,721 | ---- | M] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\DivX Plus Converter.lnk
[2011-04-06 14:44:21 | 000,001,493 | ---- | M] () -- C:\Documents and Settings\Greg\Ambiente de trabalho\DivX Movies.lnk
[2011-04-06 14:14:36 | 000,000,897 | ---- | M] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Revo Uninstaller Pro.lnk
[2011-04-06 00:26:24 | 000,189,480 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2011-04-05 18:40:08 | 000,137,544 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011-04-01 13:42:56 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003 (2).lnk
[2011-03-30 02:13:52 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\CCleaner.lnk
[2011-03-29 23:56:40 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\Greg\Ambiente de trabalho\World of Warcraft.lnk
[2011-03-24 01:50:08 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2011-03-24 01:28:41 | 000,001,747 | ---- | M] () -- C:\Documents and Settings\Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung PC Studio 3.lnk
[2011-03-24 01:28:41 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Samsung PC Studio 3.lnk
[2011-03-23 19:34:17 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011-03-23 19:34:17 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Mozilla Firefox.lnk
[2011-03-16 19:03:47 | 000,060,847 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011-03-16 12:12:32 | 000,002,465 | ---- | M] () -- C:\Documents and Settings\Greg\Ambiente de trabalho\CorelDRAW 12.lnk
[2011-03-13 00:20:13 | 000,000,691 | ---- | M] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\VLC media player.lnk
[2011-03-08 18:54:33 | 000,000,316 | ---- | M] () -- C:\Documents and Settings\Greg\Ambiente de trabalho\AA3Deploy.appref-ms

========== Files Created - No Company Name ==========

[2011-04-07 03:28:46 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\AVG 2011.lnk
[2011-04-07 02:56:34 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011-04-07 02:56:31 | 000,261,920 | RHS- | C] () -- C:\cmldr
[2011-04-07 02:53:18 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011-04-07 02:53:18 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011-04-07 02:53:18 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011-04-07 02:53:18 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011-04-07 02:53:18 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011-04-07 02:25:03 | 000,000,944 | ---- | C] () -- C:\Documents and Settings\Greg\Ambiente de trabalho\Atalho para ComboFix.lnk
[2011-04-07 01:02:24 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Adobe Reader X.lnk
[2011-04-07 01:02:24 | 000,001,714 | ---- | C] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Adobe Reader X.lnk
[2011-04-06 21:13:33 | 000,000,756 | ---- | C] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Malwarebytes' Anti-Malware.lnk
[2011-04-06 19:40:48 | 006,014,048 | ---- | C] () -- C:\Documents and Settings\Greg\Ambiente de trabalho\HSS-1.57-install-anchorfree-238-conduit2[1].exe
[2011-04-06 18:57:33 | 005,807,264 | ---- | C] () -- C:\Documents and Settings\Greg\Ambiente de trabalho\HSS-1.57-install-anchorfree-76-conduit.exe
[2011-04-06 18:13:55 | 006,014,048 | ---- | C] () -- C:\Documents and Settings\Greg\Ambiente de trabalho\HSS-1.57-install-anchorfree-238-conduit2.exe
[2011-04-06 14:44:21 | 000,001,721 | ---- | C] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\DivX Plus Converter.lnk
[2011-04-06 14:14:36 | 000,000,897 | ---- | C] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Revo Uninstaller Pro.lnk
[2011-03-24 01:28:41 | 000,001,747 | ---- | C] () -- C:\Documents and Settings\Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung PC Studio 3.lnk
[2011-03-24 01:28:41 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Samsung PC Studio 3.lnk
[2011-03-24 01:09:15 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2011-03-23 19:34:17 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Mozilla Firefox.lnk
[2011-03-13 00:20:13 | 000,000,691 | ---- | C] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\VLC media player.lnk
[2011-03-10 02:32:48 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011-03-08 18:54:33 | 000,000,316 | ---- | C] () -- C:\Documents and Settings\Greg\Ambiente de trabalho\AA3Deploy.appref-ms
[2011-03-07 17:42:18 | 000,137,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011-03-07 17:42:07 | 000,189,480 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2011-03-07 17:42:02 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2011-02-23 21:55:07 | 000,000,431 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2011-02-23 21:55:07 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2010-10-10 14:19:42 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010-10-10 14:19:39 | 000,252,316 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010-10-10 14:19:39 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010-03-13 19:21:31 | 000,000,013 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2010-02-11 17:12:00 | 002,128,896 | ---- | C] () -- C:\Documents and Settings\Greg\Definições locais\Application Data\cooliris-win-ie-release-1.11.7.31969.en-US.msi
[2009-10-19 15:55:27 | 002,124,288 | ---- | C] () -- C:\Documents and Settings\Greg\Definições locais\Application Data\cooliris-win-ie-release-1.11.5.29501.en-US.msi
[2009-08-03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009-08-03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009-08-01 23:34:07 | 002,119,680 | ---- | C] () -- C:\Documents and Settings\Greg\Definições locais\Application Data\cooliris-win-ie-release-1.11.2.27471.en-US.msi
[2009-07-20 17:34:14 | 000,079,872 | ---- | C] () -- C:\Documents and Settings\Greg\Definições locais\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-07-11 02:04:07 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009-07-02 00:29:32 | 000,139,152 | ---- | C] () -- C:\Documents and Settings\Greg\Application Data\PnkBstrK.sys
[2009-07-01 18:22:36 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[2009-06-26 21:45:57 | 000,000,438 | ---- | C] () -- C:\Documents and Settings\Greg\Application Data\SamsungLiveUpdateConfig.ini
[2009-06-12 22:02:04 | 002,177,024 | ---- | C] () -- C:\Documents and Settings\Greg\Definições locais\Application Data\cooliris-win-ie-release-1.10.1.25877.en-US.msi
[2009-06-12 20:33:50 | 000,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009-06-12 20:33:50 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\2F70016F8B.sys
[2009-06-08 10:32:42 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009-06-06 21:09:25 | 000,048,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\JmtFltr.sys
[2009-06-06 19:11:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009-06-06 18:57:28 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2009-06-06 18:30:01 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009-06-06 18:27:30 | 000,327,504 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009-06-06 17:56:10 | 000,038,061 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2009-06-06 17:52:57 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009-06-06 17:52:49 | 000,037,154 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009-06-06 17:52:49 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009-06-06 17:49:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009-06-06 17:46:42 | 000,023,668 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009-06-06 17:12:54 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2009-06-06 17:12:54 | 000,012,400 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2009-06-06 17:12:52 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2009-06-06 17:12:52 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2009-04-30 23:02:00 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2008-11-06 18:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007-06-05 14:20:32 | 000,177,704 | ---- | C] () -- C:\WINDOWS\System32\PSIService.exe
[2005-07-12 15:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2004-08-04 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004-08-04 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004-08-04 14:00:00 | 000,531,716 | ---- | C] () -- C:\WINDOWS\System32\perfh016.dat
[2004-08-04 14:00:00 | 000,481,136 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004-08-04 14:00:00 | 000,314,414 | ---- | C] () -- C:\WINDOWS\System32\perfi016.dat
[2004-08-04 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004-08-04 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004-08-04 14:00:00 | 000,093,326 | ---- | C] () -- C:\WINDOWS\System32\perfc016.dat
[2004-08-04 14:00:00 | 000,079,210 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004-08-04 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004-08-04 14:00:00 | 000,036,952 | ---- | C] () -- C:\WINDOWS\System32\perfd016.dat
[2004-08-04 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004-08-04 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004-08-04 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004-08-04 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004-08-04 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004-03-23 17:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2003-03-14 13:24:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ZyDelReg.exe
[2003-01-07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2011-02-25 18:27:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AA2DeployClient
[2009-07-15 11:55:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AA3DeployClient
[2010-12-08 15:20:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011-04-07 03:29:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010-11-28 13:18:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010-06-03 18:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2010-11-02 19:18:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CCP
[2010-11-28 13:25:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011-04-07 03:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009-08-10 16:39:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nHancer
[2010-04-20 03:02:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009-06-12 20:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009-06-12 22:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010-07-29 12:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fofinha\Application Data\n52te
[2010-11-28 13:26:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\AVG10
[2011-04-06 19:30:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\CheeseSoft
[2009-11-24 19:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\com.adobe.example.avatarAirApplication.199ED43C2CFEB351CD0244628B93195D7C58F98C.1
[2010-03-31 11:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010-10-30 16:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\EveHQ
[2010-11-17 03:19:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\EVEMon
[2010-11-11 05:31:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\FileZilla
[2010-08-11 15:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\ICQ
[2009-06-06 21:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\n52te
[2009-07-02 18:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\nHancer
[2010-10-21 18:18:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\OpenOffice.org
[2010-08-20 21:40:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\Pegasys Inc
[2011-03-24 01:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\SAMSUNG
[2010-08-20 22:22:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\Sony
[2009-08-10 16:23:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\SystemRequirementsLab
[2011-04-06 11:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\Thunderbird
[2010-11-12 04:53:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\TS3Client
[2010-08-11 15:46:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\TuneUp Software
[2009-06-12 21:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\Ulead Systems
[2010-04-26 14:07:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\uTorrent
[2010-07-06 00:54:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WORK\Application Data\n52te
[2010-07-06 02:28:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WORK\Application Data\OpenOffice.org
[2010-07-06 01:27:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WORK\Application Data\Thunderbird

========== Purity Check ==========



========== Custom Scans ==========


< >

< %SYSTEMDRIVE%\*.* >
[2009-06-06 17:48:32 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010-03-17 10:44:21 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011-04-07 02:56:34 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004-08-04 14:00:00 | 000,004,952 | RHS- | M] () -- C:\bootfont.bin
[2004-08-03 23:00:02 | 000,261,920 | RHS- | M] () -- C:\cmldr
[2011-04-07 03:07:21 | 000,023,086 | ---- | M] () -- C:\ComboFix.txt
[2009-06-06 17:48:32 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007-11-07 09:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007-11-07 09:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007-11-07 09:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2007-11-07 09:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007-11-07 09:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007-11-07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007-11-07 09:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007-11-07 09:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007-11-07 09:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007-11-07 09:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007-11-07 09:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007-11-07 09:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007-11-07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2009-06-06 17:48:32 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009-06-06 17:48:32 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004-08-04 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009-06-06 18:22:10 | 000,251,120 | RHS- | M] () -- C:\ntldr
[2011-04-07 03:32:20 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2009-06-12 19:21:16 | 000,000,789 | ---- | M] () -- C:\RHDSetup.log
[2010-08-11 12:57:12 | 000,000,046 | -H-- | M] () -- C:\splash.idx
[2007-11-07 09:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007-11-07 09:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007-11-07 09:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[2008-08-15 20:02:18 | 000,005,632 | -H-- | M] () -- C:\version

< %systemroot%\Fonts\*.com >
[2006-04-18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006-06-29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006-04-18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006-06-29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2010-03-17 10:47:33 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008-07-06 14:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007-04-09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008-07-06 12:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2010-12-31 15:51:51 | 000,001,666 | -H-- | M] () -- C:\Documents and Settings\Greg\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2010-03-17 11:24:32 | 000,524,288 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010-03-17 10:09:24 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2010-03-17 11:24:32 | 027,000,832 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010-03-17 11:24:32 | 005,242,880 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >
[2009-06-12 21:42:19 | 000,006,144 | ---- | M] () -- C:\WINDOWS\system32\SV_SQL3_Config.db
[2009-06-12 21:41:07 | 000,002,048 | ---- | M] () -- C:\WINDOWS\system32\SV_SQL3_Events.db

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010-03-17 10:54:12 | 000,000,138 | -HS- | M] () -- C:\Documents and Settings\Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2009-06-06 17:52:01 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Mostrar ambiente de trabalho.scf

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >

< %systemroot%\system32\*.bk >
 
< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011-04-07 10:03:37 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\Greg\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007-06-27 16:05:44 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe
[2006-06-24 08:48:54 | 000,032,768 | R--- | M] (AsusTek Inc.) -- C:\WINDOWS\inf\UpdateUSB.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008-04-14 18:09:07 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Programas\Messenger\custsat.dll
[2004-08-04 02:10:10 | 000,004,821 | ---- | M] () -- C:\Programas\Messenger\logowin.gif
[2004-08-04 02:10:10 | 000,007,047 | ---- | M] () -- C:\Programas\Messenger\lvback.gif
[2008-05-02 16:01:55 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Programas\Messenger\msgsc.dll
[2008-04-13 19:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Programas\Messenger\msgslang.dll
[2008-04-14 18:09:55 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Programas\Messenger\msmsgs.exe
[2007-04-02 20:07:23 | 000,002,882 | ---- | M] () -- C:\Programas\Messenger\newalert.wav
[2007-04-02 20:07:23 | 000,006,156 | ---- | M] () -- C:\Programas\Messenger\newemail.wav
[2007-04-02 20:07:24 | 000,006,160 | ---- | M] () -- C:\Programas\Messenger\online.wav
[2009-08-29 00:43:15 | 000,005,120 | -HS- | M] () -- C:\Programas\Messenger\Thumbs.db
[2004-08-04 02:10:10 | 000,004,454 | ---- | M] () -- C:\Programas\Messenger\type.wav
[2004-08-04 02:10:10 | 000,123,995 | ---- | M] () -- C:\Programas\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< %SYSTEMDRIVE%\*.* >
[2009-06-06 17:48:32 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010-03-17 10:44:21 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011-04-07 02:56:34 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004-08-04 14:00:00 | 000,004,952 | RHS- | M] () -- C:\bootfont.bin
[2004-08-03 23:00:02 | 000,261,920 | RHS- | M] () -- C:\cmldr
[2011-04-07 03:07:21 | 000,023,086 | ---- | M] () -- C:\ComboFix.txt
[2009-06-06 17:48:32 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007-11-07 09:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007-11-07 09:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007-11-07 09:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2007-11-07 09:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007-11-07 09:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007-11-07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007-11-07 09:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007-11-07 09:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007-11-07 09:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007-11-07 09:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007-11-07 09:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007-11-07 09:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007-11-07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2009-06-06 17:48:32 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009-06-06 17:48:32 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004-08-04 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009-06-06 18:22:10 | 000,251,120 | RHS- | M] () -- C:\ntldr
[2011-04-07 03:32:20 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2009-06-12 19:21:16 | 000,000,789 | ---- | M] () -- C:\RHDSetup.log
[2010-08-11 12:57:12 | 000,000,046 | -H-- | M] () -- C:\splash.idx
[2007-11-07 09:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007-11-07 09:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007-11-07 09:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[2008-08-15 20:02:18 | 000,005,632 | -H-- | M] () -- C:\version

< %systemroot%\Fonts\*.com >
[2006-04-18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006-06-29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006-04-18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006-06-29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2010-03-17 10:47:33 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008-07-06 14:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007-04-09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008-07-06 12:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2010-12-31 15:51:51 | 000,001,666 | -H-- | M] () -- C:\Documents and Settings\Greg\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2010-03-17 11:24:32 | 000,524,288 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010-03-17 10:09:24 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2010-03-17 11:24:32 | 027,000,832 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010-03-17 11:24:32 | 005,242,880 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >
[2009-06-12 21:42:19 | 000,006,144 | ---- | M] () -- C:\WINDOWS\system32\SV_SQL3_Config.db
[2009-06-12 21:41:07 | 000,002,048 | ---- | M] () -- C:\WINDOWS\system32\SV_SQL3_Events.db

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010-03-17 10:54:12 | 000,000,138 | -HS- | M] () -- C:\Documents and Settings\Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2009-06-06 17:52:01 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Mostrar ambiente de trabalho.scf

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011-04-07 10:03:37 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\Greg\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007-06-27 16:05:44 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe
[2006-06-24 08:48:54 | 000,032,768 | R--- | M] (AsusTek Inc.) -- C:\WINDOWS\inf\UpdateUSB.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008-04-14 18:09:07 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Programas\Messenger\custsat.dll
[2004-08-04 02:10:10 | 000,004,821 | ---- | M] () -- C:\Programas\Messenger\logowin.gif
[2004-08-04 02:10:10 | 000,007,047 | ---- | M] () -- C:\Programas\Messenger\lvback.gif
[2008-05-02 16:01:55 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Programas\Messenger\msgsc.dll
[2008-04-13 19:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Programas\Messenger\msgslang.dll
[2008-04-14 18:09:55 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Programas\Messenger\msmsgs.exe
[2007-04-02 20:07:23 | 000,002,882 | ---- | M] () -- C:\Programas\Messenger\newalert.wav
[2007-04-02 20:07:23 | 000,006,156 | ---- | M] () -- C:\Programas\Messenger\newemail.wav
[2007-04-02 20:07:24 | 000,006,160 | ---- | M] () -- C:\Programas\Messenger\online.wav
[2009-08-29 00:43:15 | 000,005,120 | -HS- | M] () -- C:\Programas\Messenger\Thumbs.db
[2004-08-04 02:10:10 | 000,004,454 | ---- | M] () -- C:\Programas\Messenger\type.wav
[2004-08-04 02:10:10 | 000,123,995 | ---- | M] () -- C:\Programas\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C895616B

< End of report >
 
The prob about this Hotspot Shield thing , amongst others is that it does not allow the user to uninstall,

it re install itself or something, i tried editing the registry, hunting file by file, the extensions, and out of desperation even renamed Hsssv in the system32 drivers folder to HsssvBIGABADFOKER ...just in case you wonder lol but nothing works...sniff

my brousers keep randomly redirecting me, Cooliris will not respond to what i want, and this thing is trying every 5m or so to access the net, and i presume that is how i got those worms in the first place
 
AnchoorFree Hotspot Shield

This a really pernicious piece of software, can't really understand how come it's spreading like wildfire on the Net without people crying foul.

This "thing" seems to serve only the dark purposes of Anchorfree, as of now i cant control my browsers and addons i keep getting hits that have nothing to do with my search, and once you have it on your machine a search on google will give you 95 % hits telling you how good this thing is.

Some websites are almost impossible to connect to, keeps sending me to an alternative site when i want to go to you tube, My net has slowed to a crawl, on a T50 (Mb) net, witch now gives me at most 8Mb.

Planted a Hotspot shield logo on my explorer that its not user removable, Uninstall does NOT work, Control panel Add/Remove Programs will not remove most of it, Revo fails at it after trying all it's options, tried most programs i knew of NOTHING can remove the damned thing.

Edited the Registry, line by line, extension by extension...to no avail
regedit will NOT do the trick..at least for me...and all other forms or variations all seem to fail.

tried blocking t with Zonealarm..NO GO
AGV will not see it
Spybot also fails..at least with me

and then comes the fun stuff in the form of a new network for ZoneAlarm that leaves me open to weird stuff

there has to be a really dark and nasty purppose for this "THING"

BE WARNED

a little sample of what they write ...

; -- NETHSS_M.INF --
;
; HssDrv Miniport INF file
;
; Copyright (c) 2009, AnchorFree Inc.

; ----------------------------------------------------------------------
; Changed Original Microsoft netsf_m.inf file to generate this file
; ----------------------------------------------------------------------

[Version]
signature = "$Windows NT$"
CatalogFile = hssdrv_m.cat
Class = Net
ClassGUID = {4d36e972-e325-11ce-bfc1-08002be10318}
Provider = %Msft%
DriverVer = 01/13/2009,1.00.0.1

[ControlFlags]
ExcludeFromSelect = ms_HssDrvmp

[DestinationDirs]
DefaultDestDir=12
; No files to copy

[Manufacturer]
%Msft%=MSFT,NTx86,NTia64,NTamd64

[MSFT.NTx86]
%HssDrvMP_Desc% = HssDrvMP.ndi, ms_HssDrvmp

[MSFT.NTAMD64]
%HssDrvMP_Desc% = HssDrvMP.ndi, ms_HssDrvmp

[MSFT.NTia64]
%HssDrvMP_Desc% = HssDrvMP.ndi, ms_HssDrvmp

[HssDrvMP.ndi]
Characteristics = 0x29 ;NCF_NOT_USER_REMOVABLE | NCF_VIRTUAL | NCF_HIDDEN
CopyFiles =

[HssDrvMP.ndi.Services]
AddService = HssDrv,0x2, HssDrvMP.AddService
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
PRC - [2011-03-25 03:14:46 | 000,108,080 | ---- | M] () -- C:\Programas\Hotspot Shield\bin\openvpntray.exe
PRC - [2011-03-25 03:13:06 | 000,271,408 | ---- | M] () -- C:\Programas\Hotspot Shield\bin\openvpnas.exe
PRC - [2011-01-05 20:30:36 | 000,352,304 | ---- | M] (AnchorFree Inc.) -- C:\Programas\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2010-10-15 20:42:14 | 000,326,704 | ---- | M] () -- C:\Programas\Hotspot Shield\bin\hsswd.exe
SRV - [2011-03-25 03:14:52 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Programas\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2011-03-25 03:13:06 | 000,271,408 | ---- | M] () [Auto | Running] -- C:\Programas\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2011-01-05 20:30:36 | 000,352,304 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Programas\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2010-10-15 20:42:14 | 000,326,704 | ---- | M] () [Auto | Running] -- C:\Programas\Hotspot Shield\bin\hsswd.exe -- (HssWd)
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-527237240-884357618-1801674531-1003\..\URLSearchHook: {0002ee26-8c11-49eb-9cdf-56eeffef664f} - C:\Programas\HotSpot_International\tbHotS.dll (Conduit Ltd.)
O2 - BHO: (HotSpot International Toolbar) - {0002ee26-8c11-49eb-9cdf-56eeffef664f} - C:\Programas\HotSpot_International\tbHotS.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (HotSpot International Toolbar) - {0002ee26-8c11-49eb-9cdf-56eeffef664f} - C:\Programas\HotSpot_International\tbHotS.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-527237240-884357618-1801674531-1003\..\Toolbar\WebBrowser: (HotSpot International Toolbar) - {0002EE26-8C11-49EB-9CDF-56EEFFEF664F} - C:\Programas\HotSpot_International\tbHotS.dll (Conduit Ltd.)
O4 - Startup: C:\Documents and Settings\WORK\Menu Iniciar\Programas\Arranque\OpenOffice.org 3.2.lnk = File not found
O16 - DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} http://www.cooliris.com/shared/plinstll.cab (Reg Error: Value error.)
[2011-04-07 00:34:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Ambiente de trabalho\HOTSHIELD PROB
[2011-04-06 19:41:22 | 000,000,000 | ---D | C] -- C:\Hotspot Shield
[2011-04-06 19:41:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Hotspot Shield
[2011-04-06 19:40:48 | 006,014,048 | ---- | C] () -- C:\Documents and Settings\Greg\Ambiente de trabalho\HSS-1.57-install-anchorfree-238-conduit2[1].exe
[2011-04-06 18:57:33 | 005,807,264 | ---- | C] () -- C:\Documents and Settings\Greg\Ambiente de trabalho\HSS-1.57-install-anchorfree-76-conduit.exe
[2011-04-06 18:13:55 | 006,014,048 | ---- | C] () -- C:\Documents and Settings\Greg\Ambiente de trabalho\HSS-1.57-install-anchorfree-238-conduit2.exe
[2009-06-12 20:33:50 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\2F70016F8B.sys
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C895616B


:Files
C:\Programas\Hotspot Shield
C:\Programas\HotSpot_International

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply. Only one log will be created.
 
run the scrip, removed pretty much everything i can see with the exception of the logo and some references on IE8 that are still there.

this is the end result report :

All processes killed
========== OTL ==========
No active process named openvpntray.exe was found!
Process openvpnas.exe killed successfully!
Process hsssrv.exe killed successfully!
No active process named hsswd.exe was found!
Service HssTrayService stopped successfully!
Service HssTrayService deleted successfully!
C:\Programas\Hotspot Shield\bin\HssTrayService.exe moved successfully.
Error: Unable to stop service hshld!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hshld deleted successfully.
C:\Programas\Hotspot Shield\bin\openvpnas.exe moved successfully.
Service HssSrv stopped successfully!
Service HssSrv deleted successfully!
C:\Programas\Hotspot Shield\HssWPR\hsssrv.exe moved successfully.
Service HssWd stopped successfully!
Service HssWd deleted successfully!
C:\Programas\Hotspot Shield\bin\hsswd.exe moved successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-21-527237240-884357618-1801674531-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0002ee26-8c11-49eb-9cdf-56eeffef664f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0002ee26-8c11-49eb-9cdf-56eeffef664f}\ deleted successfully.
C:\Programas\HotSpot_International\tbHotS.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0002ee26-8c11-49eb-9cdf-56eeffef664f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0002ee26-8c11-49eb-9cdf-56eeffef664f}\ not found.
File C:\Programas\HotSpot_International\tbHotS.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0002ee26-8c11-49eb-9cdf-56eeffef664f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0002ee26-8c11-49eb-9cdf-56eeffef664f}\ not found.
File C:\Programas\HotSpot_International\tbHotS.dll not found.
Registry value HKEY_USERS\S-1-5-21-527237240-884357618-1801674531-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0002EE26-8C11-49EB-9CDF-56EEFFEF664F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0002EE26-8C11-49EB-9CDF-56EEFFEF664F}\ not found.
File C:\Programas\HotSpot_International\tbHotS.dll not found.
C:\Documents and Settings\WORK\Menu Iniciar\Programas\Arranque\OpenOffice.org 3.2.lnk moved successfully.
Starting removal of ActiveX control {EAC139A9-D22D-4C29-8D1C-252BE63750F9}
C:\WINDOWS\Downloaded Program Files\plinstll.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{EAC139A9-D22D-4C29-8D1C-252BE63750F9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EAC139A9-D22D-4C29-8D1C-252BE63750F9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{EAC139A9-D22D-4C29-8D1C-252BE63750F9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EAC139A9-D22D-4C29-8D1C-252BE63750F9}\ not found.
C:\Documents and Settings\Greg\Ambiente de trabalho\HOTSHIELD PROB folder moved successfully.
C:\Hotspot Shield\hsswd\config folder moved successfully.
C:\Hotspot Shield\hsswd folder moved successfully.
C:\Hotspot Shield folder moved successfully.
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Hotspot Shield folder moved successfully.
C:\Documents and Settings\Greg\Ambiente de trabalho\HSS-1.57-install-anchorfree-238-conduit2[1].exe moved successfully.
C:\Documents and Settings\Greg\Ambiente de trabalho\HSS-1.57-install-anchorfree-76-conduit.exe moved successfully.
C:\Documents and Settings\Greg\Ambiente de trabalho\HSS-1.57-install-anchorfree-238-conduit2.exe moved successfully.
C:\WINDOWS\system32\2F70016F8B.sys moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C895616B deleted successfully.
========== FILES ==========
C:\Programas\Hotspot Shield\update folder moved successfully.
C:\Programas\Hotspot Shield\log\verify folder moved successfully.
C:\Programas\Hotspot Shield\log folder moved successfully.
C:\Programas\Hotspot Shield\htdocs folder moved successfully.
C:\Programas\Hotspot Shield\HssWPR folder moved successfully.
C:\Programas\Hotspot Shield\hsswd\default folder moved successfully.
C:\Programas\Hotspot Shield\hsswd\config folder moved successfully.
C:\Programas\Hotspot Shield\hsswd folder moved successfully.
C:\Programas\Hotspot Shield\HssIE folder moved successfully.
C:\Programas\Hotspot Shield\HssFF folder moved successfully.
C:\Programas\Hotspot Shield\driver folder moved successfully.
C:\Programas\Hotspot Shield\config\hss_data folder moved successfully.
C:\Programas\Hotspot Shield\config folder moved successfully.
C:\Programas\Hotspot Shield\bin\lang folder moved successfully.
C:\Programas\Hotspot Shield\bin folder moved successfully.
C:\Programas\Hotspot Shield folder moved successfully.
C:\Programas\HotSpot_International folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Fofinha
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Greg
->Temp folder emptied: 21023017 bytes
->Temporary Internet Files folder emptied: 64882 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 49514595 bytes
->Flash cache emptied: 456 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: WORK
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 653 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 67,00 mb


[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Fofinha
->Flash cache emptied: 0 bytes

User: Greg
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: WORK
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04072011_185142

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
this is the Quick Scan Report


OTL logfile created on: 07-04-2011 19:04:42 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Greg\Os meus documentos\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000816 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 72,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programas
Drive C: | 931,50 Gb Total Space | 781,31 Gb Free Space | 83,88% Space Free | Partition Type: NTFS

Computer Name: DEEPBLUE12 | User Name: Greg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-04-07 19:04:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Greg\Os meus documentos\Downloads\OTL(1).exe
PRC - [2011-03-21 23:10:00 | 001,230,704 | ---- | M] () -- C:\Programas\DivX\DivX Update\DivXUpdate.exe
PRC - [2011-03-18 19:53:06 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programas\Mozilla Firefox\firefox.exe
PRC - [2011-01-07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programas\AVG\AVG10\avgtray.exe
PRC - [2011-01-07 01:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programas\AVG\AVG10\avgnsx.exe
PRC - [2011-01-06 15:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programas\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011-01-06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programas\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010-12-05 16:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programas\AVG\AVG10\avgrsx.exe
PRC - [2010-12-05 16:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programas\AVG\AVG10\avgchsvx.exe
PRC - [2010-10-29 15:49:28 | 000,249,064 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programas\Ficheiros comuns\Java\Java Update\jusched.exe
PRC - [2010-10-22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programas\AVG\AVG10\avgwdsvc.exe
PRC - [2010-10-22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programas\AVG\AVG10\avgcsrvx.exe
PRC - [2010-09-02 06:38:58 | 000,062,776 | ---- | M] () -- C:\Programas\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010-06-23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2010-06-23 13:51:30 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Programas\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009-04-26 13:15:18 | 000,039,936 | ---- | M] (KSE - Korndörfer Software Engineering) -- C:\Programas\nHancer\nHancerService.exe
PRC - [2008-06-13 12:19:46 | 000,159,744 | ---- | M] (Razer USA Ltd.) -- C:\Programas\n52te\n52teHid.exe
PRC - [2008-06-03 02:06:34 | 005,964,800 | ---- | M] () -- C:\Program Files\ASUS\Six Engine\SixEngine.exe
PRC - [2008-05-21 14:30:26 | 001,423,360 | ---- | M] () -- C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
PRC - [2008-04-24 18:57:12 | 000,110,592 | ---- | M] () -- C:\Programas\n52te\n52teTra.exe
PRC - [2008-04-14 18:09:47 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-11-16 16:12:44 | 001,209,856 | ---- | M] () -- C:\Programas\ASUS\AI Direct Link\AsShare.exe
PRC - [2007-06-05 14:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2003-06-20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2001-10-25 02:02:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programas\Ficheiros comuns\EPSON\EBAPI\SAgent2.exe


========== Modules (SafeList) ==========

MOD - [2011-04-07 19:04:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Greg\Os meus documentos\Downloads\OTL(1).exe
MOD - [2010-08-23 18:12:34 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AVG Security Toolbar Service)
SRV - [2011-01-06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programas\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010-10-22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programas\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010-08-13 09:13:32 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programas\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010-06-23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009-04-26 13:15:18 | 000,039,936 | ---- | M] (KSE - Korndörfer Software Engineering) [Auto | Running] -- C:\Programas\nHancer\nHancerService.exe -- (nHancer)
SRV - [2007-06-05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2003-07-28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programas\Ficheiros comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003-06-20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
SRV - [2001-10-25 02:02:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programas\Ficheiros comuns\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2)


========== Driver Services (SafeList) ==========

DRV - [2011-04-05 18:40:08 | 000,137,544 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2010-12-08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010-11-12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010-09-22 21:19:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2010-09-13 15:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010-09-07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010-09-07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010-08-03 15:23:36 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010-08-03 15:23:34 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010-08-03 15:23:32 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010-05-13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2009-12-30 11:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009-04-03 11:32:06 | 000,141,246 | ---- | M] (NVIDIA Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\NVCAP.SYS -- (nvcap) nVidia WDM Video Capture (universal)
DRV - [2009-04-03 11:32:06 | 000,016,176 | ---- | M] (NVIDIA Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\NVXBAR.SYS -- (NVXBAR)
DRV - [2008-09-23 19:15:00 | 000,038,400 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2008-07-22 10:01:34 | 000,151,592 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mv61xx.sys -- (mv61xx)
DRV - [2008-07-03 11:03:00 | 004,745,216 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007-12-17 11:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2007-09-27 15:46:12 | 000,048,896 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\JmtFltr.sys -- (JmtFltr)
DRV - [2007-09-19 18:01:06 | 000,012,672 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vhidmini.sys -- (vhidmini)
DRV - [2007-03-16 11:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2006-12-04 13:10:34 | 000,489,472 | R--- | M] (Arcor) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ARWUSB.sys -- (WN4501HLFIR(Arcor)) Arcor-Easy Stick A 50 WLAN(Arcor)
DRV - [2005-08-30 18:59:00 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2005-08-30 18:58:56 | 000,008,304 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2005-08-30 18:57:18 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2004-12-23 05:47:10 | 000,027,392 | R--- | M] (Ulead Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ULCDRHlp.sys -- (ULCDRHlp)
DRV - [2004-08-13 12:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2001-09-10 00:00:00 | 000,017,976 | ---- | M] (SEIKO EPSON CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\epusbsto.sys -- (EPUSBSTOR)
DRV - [2001-08-17 21:04:46 | 000,223,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camdrv21.sys -- (camvid20)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?SearchSource=10&ctid=CT1561552
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36605
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.4.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1167
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: djziggy@gmail.com:1.2.9

FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programas\DivX\DivX Plus Web Player\firefox\html5video [2010-09-12 01:17:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Programas\DivX\DivX Plus Web Player\firefox\wpa [2010-09-12 01:18:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Programas\AVG\AVG10\Firefox\ [2011-04-07 03:28:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Programas\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Programas\AVG\AVG10\Firefox4\ [2011-04-07 03:28:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Programas\Mozilla Firefox\components [2011-03-23 19:34:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Programas\Mozilla Firefox\plugins [2011-04-07 01:02:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Components: C:\Programas\Mozilla Firefox 4.0 Beta 7\components [2010-12-10 14:12:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Plugins: C:\Programas\Mozilla Firefox 4.0 Beta 7\plugins

[2011-04-06 11:48:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Greg\Application Data\mozilla\Extensions
[2011-04-06 11:48:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Greg\Application Data\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011-04-07 02:29:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Greg\Application Data\mozilla\Firefox\Profiles\0nlvzg9x.default\extensions
[2010-04-28 07:08:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Greg\Application Data\mozilla\Firefox\Profiles\0nlvzg9x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010-12-10 14:12:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Greg\Application Data\mozilla\Firefox\Profiles\0nlvzg9x.default\extensions\nostmp
[2011-03-25 23:10:07 | 000,000,000 | ---D | M] (Cooliris) -- C:\Documents and Settings\Greg\Application Data\mozilla\Firefox\Profiles\0nlvzg9x.default\extensions\piclens@cooliris.com
[2011-04-06 18:14:45 | 000,000,000 | ---D | M] (No name found) -- C:\Programas\Mozilla Firefox\extensions
[2010-05-02 12:00:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-07-29 12:42:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010-10-21 07:54:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011-03-12 02:08:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011-04-06 18:14:45 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Programas\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0NLVZG9X.DEFAULT\EXTENSIONS\{75CEEE46-9B64-46F8-94BF-54012DE155F0}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0NLVZG9X.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011-04-07 03:28:21 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAMAS\AVG\AVG10\FIREFOX4
[2009-06-26 11:32:55 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMAS\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011-03-18 19:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programas\Mozilla Firefox\components\browsercomps.dll
[2011-02-02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programas\Mozilla Firefox\plugins\npdeployJava1.dll
[2010-01-01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programas\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011-04-07 03:02:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programas\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programas\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programas\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programas\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Programas\PicLensIE\cooliris.dll (Cooliris Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programas\Ficheiros comuns\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programas\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ai Nap] C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Programas\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [DivX Download Manager] C:\Programas\DivX\DivX Plus Web Player\DDmService.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Programas\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Jomantha] C:\Programas\n52te\n52teHid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [Launch As Cmd Runner] C:\Programas\ASUS\AI Direct Link\AsCmd.exe ()
O4 - HKLM..\Run: [Launch Direct Link] C:\Programas\ASUS\AI Direct Link\AsShare.exe ()
O4 - HKLM..\Run: [QFan Help] C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe ()
O4 - HKLM..\Run: [Six Engine] C:\Program Files\ASUS\Six Engine\SixEngine.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programas\Ficheiros comuns\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Programas\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque\EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE (SEIKO EPSON CORPORATION)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Programas\PicLensIE\cooliris.dll (Cooliris Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programas\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1244304484828 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1244306135750 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programas\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programas\Ficheiros comuns\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programas\Ficheiros comuns\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programas\Ficheiros comuns\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programas\Ficheiros comuns\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programas\Ficheiros comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (A minha home page actual) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Greg\Definições locais\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Greg\Definições locais\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-06 17:48:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Programas\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Programas\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011-04-07 19:01:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Ambiente de trabalho\PROBLEM
[2011-04-07 18:53:09 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011-04-07 18:51:42 | 000,000,000 | ---D | C] -- C:\_OTL
[2011-04-07 03:28:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\AVG 2011
[2011-04-07 02:56:30 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011-04-07 02:53:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011-04-07 02:53:18 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011-04-07 02:53:18 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011-04-07 02:53:18 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011-04-07 02:53:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011-04-07 02:22:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011-04-07 01:02:12 | 000,000,000 | ---D | C] -- C:\Programas\Ficheiros comuns\Adobe
[2011-04-06 21:13:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Application Data\Malwarebytes
[2011-04-06 21:13:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011-04-06 21:13:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Malwarebytes' Anti-Malware
[2011-04-06 21:13:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011-04-06 21:13:29 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011-04-06 21:13:29 | 000,000,000 | ---D | C] -- C:\Programas\Malwarebytes' Anti-Malware
[2011-04-06 19:42:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Definições locais\Application Data\Conduit
[2011-04-06 19:42:36 | 000,000,000 | ---D | C] -- C:\Programas\Conduit
[2011-04-06 19:42:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Definições locais\Application Data\HotSpot_International
[2011-04-06 19:30:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Application Data\CheeseSoft
[2011-04-06 19:30:13 | 000,000,000 | ---D | C] -- C:\FU_Backup
[2011-04-06 19:30:08 | 000,000,000 | ---D | C] -- C:\Programas\FinalUninstaller
[2011-04-06 17:24:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Definições locais\Application Data\Adobe
[2011-04-06 17:24:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2011-04-06 17:24:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2011-04-06 17:23:57 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2011-04-06 17:22:59 | 000,000,000 | ---D | C] -- C:\Programas\Windows Desktop Search
[2011-04-06 17:22:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011-04-06 16:59:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2011-04-06 16:59:38 | 000,000,000 | ---D | C] -- C:\Programas\MSBuild
[2011-04-06 16:59:29 | 000,000,000 | ---D | C] -- C:\Programas\Reference Assemblies
[2011-04-06 14:23:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011-04-06 14:14:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Definições locais\Application Data\VS Revo Group
[2011-04-06 14:14:35 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys
[2011-04-06 14:14:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Revo Uninstaller Pro
[2011-04-06 14:14:34 | 000,000,000 | ---D | C] -- C:\Programas\VS Revo Group
[2011-04-06 12:51:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Ambiente de trabalho\OpenOffice.org 3.3 (en-US) Installation Files
[2011-04-06 11:48:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Definições locais\Application Data\Thunderbird
[2011-04-06 11:48:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Application Data\Thunderbird
[2011-03-30 02:14:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\7-Zip
[2011-03-24 01:36:40 | 000,000,000 | ---D | C] -- C:\ConvertTemp
[2011-03-24 01:36:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Os meus documentos\Samsung PC Studio 3
[2011-03-24 01:33:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Application Data\SAMSUNG
[2011-03-24 01:28:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Samsung PC Studio
[2011-03-24 01:28:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Os meus documentos\Samsung PC Studio
[2011-03-24 01:08:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Samsung PC Studio Codecs
[2011-03-24 01:06:46 | 000,094,000 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\ss_mdm.sys
[2011-03-24 01:06:46 | 000,058,320 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\ss_bus.sys
[2011-03-24 01:06:46 | 000,008,304 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\ss_mdfl.sys
[2011-03-24 01:06:46 | 000,006,144 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\ss_cmnt.sys
[2011-03-24 01:06:46 | 000,006,144 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\ss_cm.sys
[2011-03-24 01:06:45 | 000,005,808 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\ss_whnt.sys
[2011-03-24 01:06:45 | 000,005,808 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\ss_wh.sys
[2011-03-24 01:06:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Samsung_USB_Drivers
[2011-03-12 02:08:57 | 000,000,000 | ---D | C] -- C:\Programas\Ficheiros comuns\Java
[2009-06-26 21:47:25 | 001,469,952 | ---- | C] (Toshiba Samsung Storage Technology Corporation) -- C:\Documents and Settings\Greg\Application Data\tsdnwin.dll

========== Files - Modified Within 30 Days ==========

[2011-04-07 18:55:39 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-04-07 18:55:20 | 000,000,952 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011-04-07 18:55:04 | 000,000,874 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011-04-07 18:54:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-04-07 18:30:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011-04-07 17:19:49 | 111,875,749 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011-04-07 03:28:46 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\AVG 2011.lnk
[2011-04-07 03:02:37 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011-04-07 02:56:34 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011-04-07 02:25:03 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\Greg\Ambiente de trabalho\Atalho para ComboFix.lnk
[2011-04-07 01:02:24 | 000,001,714 | ---- | M] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Adobe Reader X.lnk
[2011-04-06 21:13:33 | 000,000,756 | ---- | M] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Malwarebytes' Anti-Malware.lnk
[2011-04-06 17:58:13 | 000,531,716 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat
[2011-04-06 17:58:13 | 000,481,136 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-04-06 17:58:13 | 000,093,326 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat
[2011-04-06 17:58:13 | 000,079,210 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011-04-06 17:32:39 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011-04-06 17:27:19 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011-04-06 17:27:18 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011-04-06 17:21:52 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011-04-06 17:09:15 | 000,327,504 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-04-06 17:07:08 | 000,252,316 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011-04-06 17:07:08 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011-04-06 14:44:21 | 000,001,721 | ---- | M] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\DivX Plus Converter.lnk
[2011-04-06 14:44:21 | 000,001,493 | ---- | M] () -- C:\Documents and Settings\Greg\Ambiente de trabalho\DivX Movies.lnk
[2011-04-06 14:14:36 | 000,000,897 | ---- | M] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Revo Uninstaller Pro.lnk
[2011-04-06 00:26:24 | 000,189,480 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2011-04-05 18:40:08 | 000,137,544 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011-04-01 13:42:56 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003 (2).lnk
[2011-03-30 02:13:52 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\CCleaner.lnk
[2011-03-29 23:56:40 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\Greg\Ambiente de trabalho\World of Warcraft.lnk
[2011-03-24 01:50:08 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2011-03-24 01:28:41 | 000,001,747 | ---- | M] () -- C:\Documents and Settings\Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung PC Studio 3.lnk
[2011-03-24 01:28:41 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Samsung PC Studio 3.lnk
[2011-03-23 19:34:17 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011-03-23 19:34:17 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Mozilla Firefox.lnk
[2011-03-16 19:03:47 | 000,060,847 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011-03-16 12:12:32 | 000,002,465 | ---- | M] () -- C:\Documents and Settings\Greg\Ambiente de trabalho\CorelDRAW 12.lnk
[2011-03-13 00:20:13 | 000,000,691 | ---- | M] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\VLC media player.lnk

========== Files Created - No Company Name ==========

[2011-04-07 03:28:46 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\AVG 2011.lnk
[2011-04-07 02:56:34 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011-04-07 02:56:31 | 000,261,920 | RHS- | C] () -- C:\cmldr
[2011-04-07 02:53:18 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011-04-07 02:53:18 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011-04-07 02:53:18 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011-04-07 02:53:18 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011-04-07 02:53:18 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011-04-07 02:25:03 | 000,000,944 | ---- | C] () -- C:\Documents and Settings\Greg\Ambiente de trabalho\Atalho para ComboFix.lnk
[2011-04-07 01:02:24 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Adobe Reader X.lnk
[2011-04-07 01:02:24 | 000,001,714 | ---- | C] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Adobe Reader X.lnk
[2011-04-06 21:13:33 | 000,000,756 | ---- | C] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Malwarebytes' Anti-Malware.lnk
[2011-04-06 14:44:21 | 000,001,721 | ---- | C] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\DivX Plus Converter.lnk
[2011-04-06 14:14:36 | 000,000,897 | ---- | C] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Revo Uninstaller Pro.lnk
[2011-03-24 01:28:41 | 000,001,747 | ---- | C] () -- C:\Documents and Settings\Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung PC Studio 3.lnk
[2011-03-24 01:28:41 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Samsung PC Studio 3.lnk
[2011-03-24 01:09:15 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2011-03-23 19:34:17 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Mozilla Firefox.lnk
[2011-03-13 00:20:13 | 000,000,691 | ---- | C] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\VLC media player.lnk
[2011-03-10 02:32:48 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011-03-07 17:42:18 | 000,137,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011-03-07 17:42:07 | 000,189,480 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2011-03-07 17:42:02 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2011-02-23 21:55:07 | 000,000,431 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2011-02-23 21:55:07 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2010-10-10 14:19:42 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010-10-10 14:19:39 | 000,252,316 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010-10-10 14:19:39 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010-03-13 19:21:31 | 000,000,013 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2010-02-11 17:12:00 | 002,128,896 | ---- | C] () -- C:\Documents and Settings\Greg\Definições locais\Application Data\cooliris-win-ie-release-1.11.7.31969.en-US.msi
[2009-10-19 15:55:27 | 002,124,288 | ---- | C] () -- C:\Documents and Settings\Greg\Definições locais\Application Data\cooliris-win-ie-release-1.11.5.29501.en-US.msi
[2009-08-03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009-08-03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009-08-01 23:34:07 | 002,119,680 | ---- | C] () -- C:\Documents and Settings\Greg\Definições locais\Application Data\cooliris-win-ie-release-1.11.2.27471.en-US.msi
[2009-07-20 17:34:14 | 000,079,872 | ---- | C] () -- C:\Documents and Settings\Greg\Definições locais\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-07-11 02:04:07 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009-07-02 00:29:32 | 000,139,152 | ---- | C] () -- C:\Documents and Settings\Greg\Application Data\PnkBstrK.sys
[2009-07-01 18:22:36 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[2009-06-26 21:45:57 | 000,000,438 | ---- | C] () -- C:\Documents and Settings\Greg\Application Data\SamsungLiveUpdateConfig.ini
[2009-06-12 22:02:04 | 002,177,024 | ---- | C] () -- C:\Documents and Settings\Greg\Definições locais\Application Data\cooliris-win-ie-release-1.10.1.25877.en-US.msi
[2009-06-12 20:33:50 | 000,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009-06-08 10:32:42 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009-06-06 21:09:25 | 000,048,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\JmtFltr.sys
[2009-06-06 19:11:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009-06-06 18:57:28 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2009-06-06 18:30:01 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009-06-06 18:27:30 | 000,327,504 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009-06-06 17:56:10 | 000,038,061 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2009-06-06 17:52:57 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009-06-06 17:52:49 | 000,037,154 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009-06-06 17:52:49 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009-06-06 17:49:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009-06-06 17:46:42 | 000,023,668 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009-06-06 17:12:54 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2009-06-06 17:12:54 | 000,012,400 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2009-06-06 17:12:52 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2009-06-06 17:12:52 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2009-04-30 23:02:00 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2008-11-06 18:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007-06-05 14:20:32 | 000,177,704 | ---- | C] () -- C:\WINDOWS\System32\PSIService.exe
[2005-07-12 15:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2004-08-04 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004-08-04 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004-08-04 14:00:00 | 000,531,716 | ---- | C] () -- C:\WINDOWS\System32\perfh016.dat
[2004-08-04 14:00:00 | 000,481,136 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004-08-04 14:00:00 | 000,314,414 | ---- | C] () -- C:\WINDOWS\System32\perfi016.dat
[2004-08-04 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004-08-04 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004-08-04 14:00:00 | 000,093,326 | ---- | C] () -- C:\WINDOWS\System32\perfc016.dat
[2004-08-04 14:00:00 | 000,079,210 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004-08-04 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004-08-04 14:00:00 | 000,036,952 | ---- | C] () -- C:\WINDOWS\System32\perfd016.dat
[2004-08-04 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004-08-04 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004-08-04 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004-08-04 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004-08-04 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004-03-23 17:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2003-03-14 13:24:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ZyDelReg.exe
[2003-01-07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2011-02-25 18:27:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AA2DeployClient
[2009-07-15 11:55:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AA3DeployClient
[2010-12-08 15:20:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011-04-07 03:29:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010-11-28 13:18:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010-06-03 18:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2010-11-02 19:18:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CCP
[2010-11-28 13:25:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011-04-07 03:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009-08-10 16:39:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nHancer
[2010-04-20 03:02:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009-06-12 20:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009-06-12 22:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010-11-28 13:26:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\AVG10
[2011-04-06 19:30:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\CheeseSoft
[2009-11-24 19:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\com.adobe.example.avatarAirApplication.199ED43C2CFEB351CD0244628B93195D7C58F98C.1
[2010-03-31 11:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010-10-30 16:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\EveHQ
[2010-11-17 03:19:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\EVEMon
[2010-11-11 05:31:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\FileZilla
[2010-08-11 15:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\ICQ
[2009-06-06 21:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\n52te
[2009-07-02 18:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\nHancer
[2010-10-21 18:18:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\OpenOffice.org
[2010-08-20 21:40:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\Pegasys Inc
[2011-03-24 01:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\SAMSUNG
[2010-08-20 22:22:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\Sony
[2009-08-10 16:23:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\SystemRequirementsLab
[2011-04-06 11:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\Thunderbird
[2010-11-12 04:53:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\TS3Client
[2010-08-11 15:46:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\TuneUp Software
[2009-06-12 21:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\Ulead Systems
[2010-04-26 14:07:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\uTorrent

========== Purity Check ==========



< End of report >
 
with the exception of the logo and some references on IE8 that are still there
Click to expand...
I need more detailed info. What logo, where and what references in IE?

You can also....
Open IE. Go Tools>Internet options>Advanced tab, click on "Reset" button.
Restart IE.
 
so far the only thing i found is on the IE 8



<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="ctl00_Head1"><title>

</title><meta http-equiv="CACHE-CONTROL" content="NO-CACHE" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link type='text/css' rel='stylesheet' href='http://resources1.search.conduit.com/version-styles/default.695283127.axd' />
</head>
<body>

<div id="ctl00_main_container" class="container">
<div class="center" style="padding-top:118px;">
<div style="padding-bottom:25px">

<a href="http://www.hotspotshield.com/" id="ctl00_main_logo_lnkPub"><img src="http://storage.conduit.com/52/156/CT1561552/Images/633403982692500000.gif" id="ctl00_main_logo_publisher" /></a>

</div>

<div class="center">
<div id="ctl00_main_nav_divCont" class="navigation"><div>
<table>
<tr>
<td class="selected"><a>Web</a></td><td onclick="Log.SearchEngineClick({&quot;SearchEngineTypeId&quot;:3,&quot;MajorSearchEngine&quot;:&quot;BING_COM&quot;}); return ChangeQueryTerm(this);"><a href="http://www.bing.com/images/search?q=&amp;pc=conduit&amp;form=CONMHP&amp;ptag=A4C32A678B078410AA9F&amp;conlogo=CT1561552">Bilder</a></td><td onclick=" return ChangeQueryTerm(this);"><a href="http://apps.conduit.com/search?q=&amp;ctid=CT1561552&amp;SearchSourceOrigin=10">Apps</a></td><td onclick="Log.SearchEngineClick({&quot;SearchEngineTypeId&quot;:15,&quot;MajorSearchEngine&quot;:&quot;BING_COM&quot;}); return ChangeQueryTerm(this);"><a href="http://www.bing.com/videos/search?q=&amp;pc=conduit&amp;form=CONMHP&amp;ptag=A4C32A678B078410AA9F&amp;conlogo=CT1561552">Videos</a></td><td id="liMore" onclick="Log.GeneralClick({&quot;ClickSource&quot;:4,&quot;ClickTime&quot;:null,&quot;SearchGuid&quot;:&quot;e7f62a18-a473-467a-965f-14c76ac2dc51&quot;,&quot;UserGuid&quot;:null,&quot;TestGroupId&quot;:0});" class="nounderline"><a href="javascript:Search.showHideMore('liMore','ctl00_main_nav__pnlMore');"><u>Mehr</u>&nbsp;<small>▼</small></a></td>
</tr>
</table><div id="ctl00_main_nav__pnlMore" class="more" style="display:none;">
<div style="white-space:nowrap;text-align:left;">
<div onclick="folowLink(this);return ChangeQueryTerm(this);" onmouseover="this.className='over';" onmouseout="this.className='out';">
<a href="/Results.aspx?q=&amp;SearchType=SearchWeather&amp;ctid=CT1561552&amp;octid=CT1561552&amp;SearchSourceOrigin=10">Wetter</a>
</div><div onclick="folowLink(this);Log.SearchEngineClick({&quot;SearchEngineTypeId&quot;:6,&quot;MajorSearchEngine&quot;:&quot;BING_COM&quot;}); return ChangeQueryTerm(this);" onmouseover="this.className='over';" onmouseout="this.className='out';">
<a href="http://www.bing.com/shopping/search?q=&amp;pc=conduit&amp;form=CONMHP&amp;ptag=A4C32A678B078410AA9F&amp;conlogo=CT1561552">Einkaufen</a>
</div><div onclick="folowLink(this);Log.SearchEngineClick({&quot;SearchEngineTypeId&quot;:5,&quot;MajorSearchEngine&quot;:&quot;BING_COM&quot;}); return ChangeQueryTerm(this);" onmouseover="this.className='over';" onmouseout="this.className='out';">
<a href="http://www.bing.com/news/search?q=&amp;pc=conduit&amp;form=CONMHP&amp;ptag=A4C32A678B078410AA9F&amp;conlogo=CT1561552">Nachrichten</a>
</div>
</div>
</div>
</div></div>
</div>

<div class="searchBar bing">
<form action="/Results.aspx" id="frm" name="frm" method="get">

<table id="ctl00_main_tblform" style="margin:auto;" >
<tr>
<td style="width:110px;" rowspan="3"></td>
<td>
<div id="ctl00_main_inptw" class="inputwrp">
<input type="text" id="q_top" name="q" autocomplete="off" class="txtbox" title="Suchen" />
<input type="submit" value="" class="btnhome" title="Suchen" />
<div id="sgstWrap">
</div>
</div>
</td>
<td class="bp">
<img src="http://storage.conduit.com/Images/Search/homepage/Logo_bing1.png" id="ctl00_main_bi" onclick="Search.submitForm();" title="bing.com" alt="Suchen mit Bing" />
</td>
</tr>
<tr valign="top">
<td align="center">

<input type="submit" value="Suchen" class="btnhome" />

</td>
<td></td>
</tr>
<tr>
<td style="padding-top:28px;">
<div class="footerLinks">
<table cellspacing="0" cellpadding="2" style="border-collapse:collapse;">
<tr valign="top">
<td style="margin-left:5px;padding-left:5px;"><a id="ctl00_main_lngPrefs_contact" class="menu" href="http://HotspotShield.OurToolbar.com/contact" target="_blank">Kontakt</a></td><td class="textaslink">-</td><td style="margin-left:5px;padding-left:5px;"><a id="ctl00_main_lngPrefs_lng" href="javascript:ChangeInterfaceLang('GOOGLE_COM')">English</a></td><td class="textaslink">-</td><td style="margin-left:5px;padding-left:5px;"><a href="javascript:void(0);" onclick="this.style.behavior='url(#default#homepage)';this.setHomePage('http://search.conduit.com/?ctid=CT1561552&amp;SearchSource=10');return Log.GeneralClick({&quot;ClickSource&quot;:3,&quot;ClickTime&quot;:null,&quot;SearchGuid&quot;:&quot;e7f62a18-a473-467a-965f-14c76ac2dc51&quot;,&quot;UserGuid&quot;:null,&quot;TestGroupId&quot;:0});">Make Bing my homepage</a></td>
</tr>
</table>
</div>

<div class="copyright" style="padding-top:16px;">&copy; 2011 <a href="http://www.conduit.com/">Conduit</a></div>
</td>
<td></td>
</tr>
</table>

<input type="hidden" name="SelfSearch" value="1" /><input type="hidden" name="SearchType" value="SearchWeb" /><input type="hidden" name="SearchSourceOrigin" value="10" /><input type="hidden" name="ctid" value="CT1561552" /><input type="hidden" name="octid" value="CT1561552" />
</form>
</div>
</div>
</div>

<script type='text/javascript' src='http://resources1.search.conduit.com/version-scripts/default.1737394103.axd' ></script>
<script>Log.Init({"ProductVersion":"2.8.3.0","SearchSource":10,"SearchSourceOrigin":10,"ToolbarCreationDate":null,"ToolbarId":"CT1561552","ToolbarOriginalId":"CT1561552","ToolbarVersion":null,"UserLanguage":"de-DE"},'http://usage.search.conduit-services.com');Search.initHome();Search.initHome();</script>

</body>
</html>
 
Status
Not open for further replies.

Similar threads

C
Solved Malware \ProductData + possibly more, on two devices
Replies
4
Views
7K
Broni
Broni
B
Solved MachineLearning/Anomalous.94%
2
Replies
29
Views
11K
Broni
Broni
W
Solved HackTool:Wind32/Mailpassview found
Replies
10
Views
5K
Broni
Broni

Latest posts

Back