TechSpot

Hotspot killing my Machine, 3x Kobeface deleted. 16H fighting 2ltr coffee Help wanted

By deepblue
Apr 6, 2011
  1. Hi all,
    My wife installed Hotspot on my machine, (only God knows why) and i been fighting with it ever since i discovered it. nothing seems to work. it just WILL NOT die. tried my best but i have to admit defeat (insert expletive here). (use caps!)

    This damned thing does all kind of nasty things to my machine, and on top of all for the first time i had a worm ..in 3 files...(insert bigger expletive here)

    been reading forums since this morning...my brain has melted. and i need this machine desperately. or ill be making Goldfish Stew and Roasted Cat very soon.

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6288

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    06-04-2011 22:20:42
    mbam-log-2011-04-06 (22-20-42).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 337346
    Time elapsed: 1 hour(s), 1 minute(s), 27 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 3

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\system volume information\_restore{f306cba0-b8b7-4015-b057-55af5a7a3a35}\RP306\A0087408.exe (Worm.Koobface) -> Quarantined and deleted successfully.
    c:\system volume information\_restore{f306cba0-b8b7-4015-b057-55af5a7a3a35}\RP306\A0087409.exe (Worm.Koobface) -> Quarantined and deleted successfully.
    c:\system volume information\_restore{f306cba0-b8b7-4015-b057-55af5a7a3a35}\RP306\A0087410.exe (Worm.Koobface) -> Quarantined and deleted successfully.

    What else should i post? forgive my weak mind...too much info today..

    PS: I hate the dude who invented Hotspot Shield !
     
  2. deepblue

    deepblue TS Rookie Topic Starter Posts: 31

    gmer.log

    GMER 1.0.15.15570 - http://www.gmer.net
    Rootkit quick scan 2011-04-07 00:35:29
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HDT721010SLA360 rev.ST6OA31B
    Running: 18s3bm3g.exe; Driver: C:\DOCUME~1\Greg\DEFINI~1\Temp\kwrcraoc.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

    Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    ---- EOF - GMER 1.0.15 ----
     
  3. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  4. deepblue

    deepblue TS Rookie Topic Starter Posts: 31

    sure thing...thx :)

    here goes the log

    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Greg at 0:41:02,64 on 07-04-2011
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
    Microsoft Windows XP Professional 5.1.2600.3.1252.351.2070.18.3327.2382 [GMT 2:00]
    .
    AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: ZoneAlarm Firewall *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programas\n52te\n52teHid.exe
    C:\Program Files\ASUS\Six Engine\SixEngine.exe
    svchost.exe
    C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
    C:\Programas\ASUS\AI Direct Link\AsShare.exe
    C:\Programas\AVG\AVG10\avgwdsvc.exe
    C:\Programas\Ficheiros comuns\EPSON\EBAPI\SAgent2.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Programas\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Programas\DivX\DivX Plus Web Player\DDmService.exe
    C:\Programas\AVG\AVG10\avgtray.exe
    C:\Programas\Ficheiros comuns\Java\Java Update\jusched.exe
    C:\Programas\Hotspot Shield\bin\openvpnas.exe
    C:\Programas\DivX\DivX Update\DivXUpdate.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programas\Windows Live\Messenger\msnmsgr.exe
    C:\Programas\Hotspot Shield\HssWPR\hsssrv.exe
    C:\Programas\Hotspot Shield\bin\hsswd.exe
    C:\Programas\Java\jre6\bin\jqs.exe
    C:\Programas\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Programas\n52te\n52teTra.exe
    C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Programas\nHancer\nHancerService.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Programas\Hotspot Shield\bin\openvpntray.exe
    C:\Programas\Mozilla Firefox\firefox.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Documents and Settings\Greg\Os meus documentos\Downloads\18s3bm3g.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Programas\AVG\AVG10\avgui.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\Greg\Os meus documentos\Downloads\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.conduit.com/?SearchSource=10&ctid=CT1561552
    uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\programas\avg\avg10\toolbar\IEToolbar.dll
    uURLSearchHooks: HotSpot International Toolbar: {0002ee26-8c11-49eb-9cdf-56eeffef664f} - c:\programas\hotspot_international\tbHotS.dll
    mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\programas\avg\avg10\toolbar\IEToolbar.dll
    BHO: HotSpot International Toolbar: {0002ee26-8c11-49eb-9cdf-56eeffef664f} - c:\programas\hotspot_international\tbHotS.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programas\ficheiros comuns\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\programas\divx\divx plus web player\npdivx32.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\programas\avg\avg10\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\programas\divx\divx plus web player\npdivx32.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programas\ficheiros comuns\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\programas\avg\avg10\toolbar\IEToolbar.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\programas\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programas\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programas\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: Cooliris Plug-In for Internet Explorer: {eaee5c74-6d0d-4aca-9232-0da4a7b866ba} - c:\programas\piclensie\cooliris.dll
    BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\programas\hotspot shield\hssie\HssIE.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\programas\avg\avg10\toolbar\IEToolbar.dll
    TB: HotSpot International Toolbar: {0002ee26-8c11-49eb-9cdf-56eeffef664f} - c:\programas\hotspot_international\tbHotS.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [msnmsgr] "c:\programas\windows live\messenger\msnmsgr.exe" /background
    uRun: [Google Update] "c:\documents and settings\greg\definições locais\application data\google\update\GoogleUpdate.exe" /c
    uRunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "c:\programas\ficheiros comuns\wise installation wizard\wisdd1865f0ad7340fbb23e1822e02396ff_9_09_0203.msi" transforms="c:\programas\ficheiros comuns\wise installation

    wizard\wisdd1865f0ad7340fbb23e1822e02396ff_9_09_0203.mst" wise_setup_exe_path="d:\win2kxp\PhysX_9.09.0203_SystemSoftware.exe"
    mRun: [Jomantha] c:\programas\n52te\n52teHid.exe
    mRun: [Six Engine] "c:\program files\asus\six engine\SixEngine.exe" -r
    mRun: [Ai Nap] "c:\program files\asus\ai suite\ainap\AiNap.exe"
    mRun: [QFan Help] "c:\program files\asus\ai suite\qfan3\QFanHelp.exe"
    mRun: [Cpu Level Up help] c:\program files\asus\ai suite\CpuLevelUpHelp.exe
    mRun: [Launch Direct Link] "c:\programas\asus\ai direct link\AsShare.exe"
    mRun: [Launch As Cmd Runner] "c:\programas\asus\ai direct link\AsCmd.exe" -reg
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [ZoneAlarm Client] "c:\programas\zone labs\zonealarm\zlclient.exe"
    mRun: [DivX Download Manager] "c:\programas\divx\divx plus web player\DDmService.exe" start
    mRun: [Adobe Reader Speed Launcher] "c:\programas\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\programas\ficheiros comuns\adobe\arm\1.0\AdobeARM.exe"
    mRun: [AVG_TRAY] c:\programas\avg\avg10\avgtray.exe
    mRun: [SunJavaUpdateSched] "c:\programas\ficheiros comuns\java\java update\jusched.exe"
    mRun: [DivXUpdate] "c:\programas\divx\divx update\DivXUpdate.exe" /CHECKNOW
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\arranque\epsons~1.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programas\messenger\msmsgs.exe
    IE: {3437D640-C91A-458f-89F5-B9095EA4C28B} - {04F93351-81D2-4484-9982-0D55DEFFFAE6} - c:\programas\piclensie\cooliris.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\programas\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1244304484828
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1244306135750
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - hxxp://www.cooliris.com/shared/plinstll.cab
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\programas\avg\avg10\toolbar\IEToolbar.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\programas\avg\avg10\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\programas\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\fichei~1\skype\SKYPE4~1.DLL
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\docume~1\greg\applic~1\mozilla\firefox\profiles\0nlvzg9x.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - component: c:\documents and settings\greg\application data\mozilla\firefox\profiles\0nlvzg9x.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
    FF - component: c:\programas\avg\avg10\firefox\components\avgssff.dll
    FF - component: c:\programas\avg\avg10\firefox4\components\avgssff4.dll
    FF - plugin: c:\documents and settings\greg\application data\mozilla\firefox\profiles\0nlvzg9x.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
    FF - plugin: c:\documents and settings\greg\application data\mozilla\plugins\npcoolirisplugin.dll
    FF - plugin: c:\documents and settings\greg\application data\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\documents and settings\greg\application data\mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: c:\documents and settings\greg\definiã§ãµes locais\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\programas\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\programas\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\programas\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\programas\google\google updater\2.4.1636.7222\npCIDetect13.dll
    FF - plugin: c:\programas\google\update\1.2.183.17\npGoogleOneClick8.dll
    FF - plugin: c:\programas\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\programas\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\programas\microsoft silverlight\4.0.60129.0\npctrlui.dll
    FF - plugin: c:\programas\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\programas\nos\bin\np_gp.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
    R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2008-7-22 151592]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 251728]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 299984]
    R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-7-2 532224]
    R2 avgwd;AVG WatchDog;c:\programas\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
    R2 hshld;Hotspot Shield Service;c:\programas\hotspot shield\bin\openvpnas.exe [2011-3-25 271408]
    R2 HssWd;Hotspot Shield Monitoring Service;c:\programas\hotspot shield\bin\hsswd.exe -product hss --> c:\programas\hotspot shield\bin\hsswd.exe -product HSS [?]
    R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
    R3 camvid20;Philips ToUcam Camera; Video;c:\windows\system32\drivers\camdrv21.sys [2009-7-11 223232]
    R3 JmtFltr;n52te;c:\windows\system32\drivers\JmtFltr.sys [2009-6-6 48896]
    S2 AVGIDSAgent;AVGIDSAgent;c:\programas\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate1c9fc9288585f4c;Serviço Google Update (gupdate1c9fc9288585f4c);c:\programas\google\update\GoogleUpdate.exe [2009-7-4 133104]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\programas\avg\avg10\toolbar\ToolbarBroker.exe [2010-11-28 517448]
    S3 EPUSBSTOR;EPSON USB Storage Driver;c:\windows\system32\drivers\epusbsto.sys [2001-9-10 17976]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-4 14336]
    S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-4-6 27064]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
    S3 WN4501HLFIR(Arcor);Arcor-Easy Stick A 50 WLAN(Arcor);c:\windows\system32\drivers\ARWUSB.sys [2010-12-31 489472]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2011-04-06 19:13:38 -------- d-----w- c:\docume~1\greg\applic~1\Malwarebytes
    2011-04-06 19:13:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-04-06 19:13:33 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2011-04-06 19:13:29 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-04-06 19:13:29 -------- d-----w- c:\programas\Malwarebytes' Anti-Malware
    2011-04-06 17:42:37 -------- d-----w- c:\docume~1\greg\defini~1\applic~1\Conduit
    2011-04-06 17:42:36 -------- d-----w- c:\programas\Conduit
    2011-04-06 17:42:35 -------- d-----w- c:\docume~1\greg\defini~1\applic~1\HotSpot_International
    2011-04-06 17:42:34 -------- d-----w- c:\programas\HotSpot_International
    2011-04-06 17:41:22 -------- d-----w- C:\Hotspot Shield
    2011-04-06 17:30:14 -------- d-----w- c:\docume~1\greg\applic~1\CheeseSoft
    2011-04-06 17:30:13 -------- d-----w- C:\FU_Backup
    2011-04-06 17:30:08 -------- d-----w- c:\programas\FinalUninstaller
    2011-04-06 16:58:11 -------- d-----w- c:\programas\Hotspot Shield
    2011-04-06 16:14:46 506880 ----a-w- c:\programas\mozilla firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor.dll
    2011-04-06 15:24:02 -------- d-----w- c:\windows\system32\winrm
    2011-04-06 15:23:57 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
    2011-04-06 15:22:59 -------- d-----w- c:\windows\system32\GroupPolicy
    2011-04-06 15:22:59 -------- d-----w- c:\programas\Windows Desktop Search
    2011-04-06 15:22:08 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
    2011-04-06 15:22:08 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
    2011-04-06 15:22:07 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
    2011-04-06 14:59:42 -------- d-----w- c:\windows\system32\XPSViewer
    2011-04-06 12:23:11 -------- d-----w- c:\windows\pss
    2011-04-06 12:14:41 -------- d-----w- c:\docume~1\greg\defini~1\applic~1\VS Revo Group
    2011-04-06 12:14:35 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
    2011-04-06 12:14:34 -------- d-----w- c:\programas\VS Revo Group
    2011-04-06 09:48:24 -------- d-----w- c:\docume~1\greg\defini~1\applic~1\Thunderbird
    2011-03-23 23:36:40 -------- d-----w- C:\ConvertTemp
    2011-03-23 23:33:12 -------- d-----w- c:\docume~1\greg\applic~1\SAMSUNG
    2011-03-23 23:26:47 749568 ----a-w- c:\programas\ficheiros comuns\installshield\professional\runtime\10\50\intel32\iKernel.dll
    2011-03-23 23:26:47 69715 ----a-w- c:\programas\ficheiros comuns\installshield\professional\runtime\10\50\intel32\ctor.dll
    2011-03-23 23:26:47 5632 ----a-w- c:\programas\ficheiros comuns\installshield\professional\runtime\10\50\intel32\DotNetInstaller.exe
    2011-03-23 23:26:47 274432 ----a-w- c:\programas\ficheiros comuns\installshield\professional\runtime\10\50\intel32\iscript.dll
    2011-03-23 23:26:47 180224 ----a-w- c:\programas\ficheiros comuns\installshield\professional\runtime\10\50\intel32\iuser.dll
    2011-03-23 23:26:41 323716 ----a-w- c:\programas\ficheiros comuns\installshield\professional\runtime\10\50\intel32\setup.dll
    2011-03-23 23:26:41 192644 ----a-w- c:\programas\ficheiros comuns\installshield\professional\runtime\10\50\intel32\iGdi.dll
    2011-03-23 23:08:24 -------- d-----w- c:\windows\system32\Samsung PC Studio Codecs
    2011-03-23 23:06:46 94000 ----a-w- c:\windows\system32\drivers\ss_mdm.sys
    2011-03-23 23:06:46 8304 ----a-w- c:\windows\system32\drivers\ss_mdfl.sys
    2011-03-23 23:06:46 6144 ----a-w- c:\windows\system32\drivers\ss_cmnt.sys
    2011-03-23 23:06:46 6144 ----a-w- c:\windows\system32\drivers\ss_cm.sys
    2011-03-23 23:06:46 58320 ----a-w- c:\windows\system32\drivers\ss_bus.sys
    2011-03-23 23:06:45 5808 ----a-w- c:\windows\system32\drivers\ss_whnt.sys
    2011-03-23 23:06:45 5808 ----a-w- c:\windows\system32\drivers\ss_wh.sys
    2011-03-23 23:06:45 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers
    2011-03-23 17:34:15 781272 ----a-w- c:\programas\mozilla firefox\mozsqlite3.dll
    2011-03-23 17:34:15 728024 ----a-w- c:\programas\mozilla firefox\libGLESv2.dll
    2011-03-23 17:34:15 1975768 ----a-w- c:\programas\mozilla firefox\D3DCompiler_42.dll
    2011-03-23 17:34:15 1893336 ----a-w- c:\programas\mozilla firefox\d3dx9_42.dll
    2011-03-23 17:34:15 1874904 ----a-w- c:\programas\mozilla firefox\mozjs.dll
    2011-03-23 17:34:15 15832 ----a-w- c:\programas\mozilla firefox\mozalloc.dll
    2011-03-23 17:34:15 142296 ----a-w- c:\programas\mozilla firefox\libEGL.dll
    2011-03-23 17:34:15 142296 ----a-w- c:\programas\mozilla firefox\components\browsercomps.dll
    2011-03-12 11:28:40 103864 ----a-w- c:\programas\mozilla firefox\plugins\nppdf32.dll
    2011-03-12 11:28:40 103864 ----a-w- c:\programas\internet explorer\plugins\nppdf32.dll
    .
    ==================== Find3M ====================
    .
    2011-04-06 15:07:08 252316 ----a-w- c:\windows\system32\nvdrsdb1.bin
    2011-04-06 15:07:08 1 ----a-w- c:\windows\system32\nvdrssel.bin
    2011-04-05 22:26:24 189480 ----a-w- c:\windows\system32\PnkBstrB.xtr
    2011-04-05 22:26:24 189480 ----a-w- c:\windows\system32\PnkBstrB.exe
    2011-03-07 15:47:15 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
    2011-02-23 06:27:00 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
    2011-02-23 06:27:00 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
    2011-02-23 06:27:00 6398720 ----a-w- c:\windows\system32\nv4_disp.dll
    2011-02-23 06:27:00 61440 ----a-w- c:\windows\system32\OpenCL.dll
    2011-02-23 06:27:00 4980736 ----a-w- c:\windows\system32\nvcuda.dll
    2011-02-23 06:27:00 2916968 ----a-w- c:\windows\system32\nvcuvid.dll
    2011-02-23 06:27:00 2292678 ----a-w- c:\windows\system32\nvdata.bin
    2011-02-23 06:27:00 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
    2011-02-23 06:27:00 1958400 ----a-w- c:\windows\system32\nvapi.dll
    2011-02-23 06:27:00 14671872 ----a-w- c:\windows\system32\nvoglnt.dll
    2011-02-23 06:27:00 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
    2011-02-09 13:54:07 270848 ----a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:54:07 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-02-02 20:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-02-02 18:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-02-02 07:59:08 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-01-21 14:44:10 441344 ----a-w- c:\windows\system32\shimgvw.dll
    2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
    .
    ============= FINISH: 0:41:55,32 ===============
     
  5. deepblue

    deepblue TS Rookie Topic Starter Posts: 31

    attach Log

    hmm the attach Log says i should Zippitup ...should i or should i paste?
     
  6. deepblue

    deepblue TS Rookie Topic Starter Posts: 31

    haa well the thread says paste both, so if you need zip just let me know.

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 17-03-2010 9:50:02
    System Uptime: 07-04-2011 0:24:57 (0 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | P5Q-PRO
    Processor: Processador Intel Pentium III Xeon | LGA 775 | 2833/333mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 932 GiB total, 775,129 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Hotspot Shield Helper Miniport
    Device ID: ROOT\MS_HSSDRVMP\0000
    Manufacturer: Hotspot Shield
    Name: Arcor-Easy Stick A 50 WLAN - Hotspot Shield Helper Miniport
    PNP Device ID: ROOT\MS_HSSDRVMP\0000
    Service: HssDrv
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Hotspot Shield Helper Miniport
    Device ID: ROOT\MS_HSSDRVMP\0002
    Manufacturer: Hotspot Shield
    Name: Miniport WAN (IP) - Hotspot Shield Helper Miniport
    PNP Device ID: ROOT\MS_HSSDRVMP\0002
    Service: HssDrv
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Hotspot Shield Helper Miniport
    Device ID: ROOT\MS_HSSDRVMP\0003
    Manufacturer: Hotspot Shield
    Name: Anchorfree HSS Adapter - Hotspot Shield Helper Miniport
    PNP Device ID: ROOT\MS_HSSDRVMP\0003
    Service: HssDrv
    .
    ==== System Restore Points ===================
    .
    RP241: 07-01-2011 19:44:45 - Ponto de verificação do sistema
    RP242: 11-01-2011 9:01:33 - Ponto de verificação do sistema
    RP243: 12-01-2011 15:10:17 - Software Distribution Service 3.0
    RP244: 14-01-2011 0:01:37 - Ponto de verificação do sistema
    RP245: 15-01-2011 14:02:25 - Ponto de verificação do sistema
    RP246: 16-01-2011 16:35:52 - Ponto de verificação do sistema
    RP247: 17-01-2011 17:56:44 - Ponto de verificação do sistema
    RP248: 18-01-2011 18:13:30 - Ponto de verificação do sistema
    RP249: 20-01-2011 19:54:03 - Ponto de verificação do sistema
    RP250: 26-01-2011 10:39:23 - Ponto de verificação do sistema
    RP251: 27-01-2011 22:12:22 - Ponto de verificação do sistema
    RP252: 28-01-2011 23:07:45 - Ponto de verificação do sistema
    RP253: 30-01-2011 0:07:18 - Ponto de verificação do sistema
    RP254: 31-01-2011 0:54:28 - Ponto de verificação do sistema
    RP255: 01-02-2011 1:53:09 - Ponto de verificação do sistema
    RP256: 02-02-2011 2:41:32 - Ponto de verificação do sistema
    RP257: 03-02-2011 3:56:39 - Ponto de verificação do sistema
    RP258: 04-02-2011 12:43:46 - Ponto de verificação do sistema
    RP259: 05-02-2011 13:02:08 - Ponto de verificação do sistema
    RP260: 06-02-2011 13:33:18 - Ponto de verificação do sistema
    RP261: 07-02-2011 14:07:53 - Ponto de verificação do sistema
    RP262: 08-02-2011 18:29:28 - Ponto de verificação do sistema
    RP263: 09-02-2011 20:39:30 - Ponto de verificação do sistema
    RP264: 10-02-2011 2:22:10 - Software Distribution Service 3.0
    RP265: 10-02-2011 9:53:09 - Software Distribution Service 3.0
    RP266: 11-02-2011 13:31:34 - Ponto de verificação do sistema
    RP267: 12-02-2011 14:13:07 - Ponto de verificação do sistema
    RP268: 13-02-2011 14:33:32 - Ponto de verificação do sistema
    RP269: 14-02-2011 11:52:15 - Installed Java(TM) 6 Update 23
    RP270: 15-02-2011 12:34:42 - Ponto de verificação do sistema
    RP271: 16-02-2011 12:44:38 - Ponto de verificação do sistema
    RP272: 17-02-2011 14:58:16 - Ponto de verificação do sistema
    RP273: 18-02-2011 15:26:24 - Ponto de verificação do sistema
    RP274: 19-02-2011 15:32:15 - Ponto de verificação do sistema
    RP275: 20-02-2011 18:22:53 - Ponto de verificação do sistema
    RP276: 22-02-2011 0:10:22 - Ponto de verificação do sistema
    RP277: 23-02-2011 0:25:51 - Ponto de verificação do sistema
    RP278: 24-02-2011 2:00:10 - Ponto de verificação do sistema
    RP279: 25-02-2011 2:31:30 - Ponto de verificação do sistema
    RP280: 26-02-2011 17:18:19 - Ponto de verificação do sistema
    RP281: 27-02-2011 17:31:23 - Ponto de verificação do sistema
    RP282: 28-02-2011 17:45:04 - Ponto de verificação do sistema
    RP283: 01-03-2011 22:04:48 - Ponto de verificação do sistema
    RP284: 03-03-2011 13:00:41 - Ponto de verificação do sistema
    RP285: 04-03-2011 15:26:54 - Ponto de verificação do sistema
    RP286: 05-03-2011 18:02:42 - Ponto de verificação do sistema
    RP287: 06-03-2011 18:06:43 - Ponto de verificação do sistema
    RP288: 07-03-2011 18:41:01 - Ponto de verificação do sistema
    RP289: 09-03-2011 16:23:55 - Ponto de verificação do sistema
    RP290: 10-03-2011 1:31:45 - Software Distribution Service 3.0
    RP291: 11-03-2011 12:15:34 - Ponto de verificação do sistema
    RP292: 12-03-2011 1:07:54 - Installed Java(TM) 6 Update 24
    RP293: 13-03-2011 15:17:08 - Ponto de verificação do sistema
    RP294: 15-03-2011 7:33:12 - Ponto de verificação do sistema
    RP295: 16-03-2011 12:26:01 - Ponto de verificação do sistema
    RP296: 17-03-2011 1:37:33 - Software Distribution Service 3.0
    RP297: 17-03-2011 13:13:21 - Software Distribution Service 3.0
    RP298: 18-03-2011 17:57:53 - Ponto de verificação do sistema
    RP299: 19-03-2011 18:00:40 - Ponto de verificação do sistema
    RP300: 20-03-2011 22:39:33 - Ponto de verificação do sistema
    RP301: 21-03-2011 23:27:54 - Ponto de verificação do sistema
    RP302: 23-03-2011 12:51:02 - Ponto de verificação do sistema
    RP303: 24-03-2011 0:06:43 - Installed Samsung PC Studio 3 USB Driver

    Installer
    RP304: 24-03-2011 0:08:15 - Installed Samsung PC Studio
    RP305: 24-03-2011 0:18:54 - Removed Samsung PC Studio 3 USB Driver

    Installer
    RP306: 24-03-2011 0:24:57 - Removed Samsung PC Studio
    RP307: 24-03-2011 0:26:58 - Installed Samsung PC Studio 3 USB Driver

    Installer
    RP308: 24-03-2011 0:28:15 - Installed Samsung PC Studio
    RP309: 24-03-2011 0:53:13 - Installed Samsung Samples Installer
    RP310: 24-03-2011 5:54:23 - Software Distribution Service 3.0
    RP311: 25-03-2011 15:18:17 - Ponto de verificação do sistema
    RP312: 26-03-2011 17:17:43 - Ponto de verificação do sistema
    RP313: 27-03-2011 19:39:45 - Ponto de verificação do sistema
    RP314: 28-03-2011 22:39:32 - Ponto de verificação do sistema
    RP315: 30-03-2011 11:49:18 - Ponto de verificação do sistema
    RP316: 31-03-2011 13:44:43 - Ponto de verificação do sistema
    RP317: 01-04-2011 14:17:08 - Ponto de verificação do sistema
    RP318: 02-04-2011 14:57:10 - Ponto de verificação do sistema
    RP319: 03-04-2011 20:40:53 - Ponto de verificação do sistema
    RP320: 05-04-2011 10:39:34 - Ponto de verificação do sistema
    RP321: 06-04-2011 10:57:14 - Ponto de verificação do sistema
    RP322: 06-04-2011 12:53:55 - Installed Java(TM) 6 Update 22
    RP323: 06-04-2011 12:54:29 - Installed OpenOffice.org 3.3
    RP324: 06-04-2011 12:59:52 - Removed Ventrilo Client
    RP325: 06-04-2011 13:02:32 - Removed OpenOffice.org 3.3
    RP326: 06-04-2011 13:48:27 - Removed EveHQ
    RP327: 06-04-2011 14:19:55 - Revo Uninstaller Pro's restore point -

    Hotspot shield
    RP328: 06-04-2011 15:41:13 - Revo Uninstaller Pro's restore point -

    hsssrv.exe
    RP329: 06-04-2011 16:49:41 - Removido Microsoft .NET Framework 3.0

    Service Pack 2 Language Pack - PTG
    RP330: 06-04-2011 16:52:45 - Removido Microsoft .NET Framework 3.0

    Service Pack 2
    RP331: 06-04-2011 16:58:39 - Software Distribution Service 3.0
    RP332: 06-04-2011 17:01:26 - Software Distribution Service 3.0
    RP333: 06-04-2011 17:02:54 - Software Distribution Service 3.0
    RP334: 06-04-2011 17:06:42 - Software Distribution Service 3.0
    RP335: 06-04-2011 17:17:22 - Software Distribution Service 3.0
    RP336: 06-04-2011 17:20:38 - Software Distribution Service 3.0
    RP337: 06-04-2011 17:31:18 - Software Distribution Service 3.0
    RP338: 06-04-2011 17:37:53 - Software Distribution Service 3.0
    RP339: 06-04-2011 17:39:10 - Software Distribution Service 3.0
    RP340: 06-04-2011 17:46:42 - Software Distribution Service 3.0
    RP341: 06-04-2011 17:48:19 - Software Distribution Service 3.0
    RP342: 06-04-2011 17:56:50 - Revo Uninstaller Pro's restore point -

    Windows Search 4.0
    RP343: 06-04-2011 18:15:50 - Revo Uninstaller Pro's restore point -

    Hotspot Shield 1.57
    RP344: 06-04-2011 18:26:55 - Revo Uninstaller Pro's restore point -

    hotspot shield
    RP345: 06-04-2011 19:34:50 - Revo Uninstaller Pro's restore point -

    Final Uninstaller
    .
    ==== Installed Programs ======================
    .
    7-Zip 9.20
    AA3Deploy
    Acrobat.com
    Actualização de Segurança para o Windows Media Player (KB2378111)
    Actualização de Segurança para o Windows Media Player (KB973540)
    Actualização de Segurança para o Windows Media Player (KB975558)
    Actualização de Segurança para o Windows Media Player (KB978695)
    Actualização de Segurança para o Windows Media Player (KB979402)
    Actualização de segurança para Windows Internet Explorer 8 (KB2183461)
    Actualização de segurança para Windows Internet Explorer 8 (KB2360131)
    Actualização de segurança para Windows Internet Explorer 8 (KB2416400)
    Actualização de segurança para Windows Internet Explorer 8 (KB2482017)
    Actualização de segurança para Windows Internet Explorer 8 (KB971961)
    Actualização de segurança para Windows Internet Explorer 8 (KB976325)
    Actualização de segurança para Windows Internet Explorer 8 (KB978207)
    Actualização de segurança para Windows Internet Explorer 8 (KB981332)
    Actualização de segurança para Windows Internet Explorer 8 (KB982381)
    Actualização de segurança para Windows XP (KB2079403)
    Actualização de segurança para Windows XP (KB2115168)
    Actualização de segurança para Windows XP (KB2121546)
    Actualização de segurança para Windows XP (KB2160329)
    Actualização de segurança para Windows XP (KB2229593)
    Actualização de segurança para Windows XP (KB2259922)
    Actualização de segurança para Windows XP (KB2279986)
    Actualização de segurança para Windows XP (KB2286198)
    Actualização de segurança para Windows XP (KB2296011)
    Actualização de segurança para Windows XP (KB2296199)
    Actualização de segurança para Windows XP (KB2347290)
    Actualização de segurança para Windows XP (KB2360937)
    Actualização de segurança para Windows XP (KB2387149)
    Actualização de segurança para Windows XP (KB2393802)
    Actualização de segurança para Windows XP (KB2419632)
    Actualização de segurança para Windows XP (KB2423089)
    Actualização de segurança para Windows XP (KB2436673)
    Actualização de segurança para Windows XP (KB2440591)
    Actualização de segurança para Windows XP (KB2443105)
    Actualização de segurança para Windows XP (KB2476687)
    Actualização de segurança para Windows XP (KB2478960)
    Actualização de segurança para Windows XP (KB2478971)
    Actualização de segurança para Windows XP (KB2479628)
    Actualização de segurança para Windows XP (KB2479943)
    Actualização de segurança para Windows XP (KB2481109)
    Actualização de segurança para Windows XP (KB2483185)
    Actualização de segurança para Windows XP (KB2485376)
    Actualização de segurança para Windows XP (KB2524375)
    Actualização de segurança para Windows XP (KB923561)
    Actualização de segurança para Windows XP (KB923789)
    Actualização de Segurança para Windows XP (KB941569)
    Actualização de segurança para Windows XP (KB946648)
    Actualização de segurança para Windows XP (KB950762)
    Actualização de segurança para Windows XP (KB950974)
    Actualização de segurança para Windows XP (KB951066)
    Actualização de segurança para Windows XP (KB951376-v2)
    Actualização de segurança para Windows XP (KB951748)
    Actualização de segurança para Windows XP (KB952004)
    Actualização de segurança para Windows XP (KB952954)
    Actualização de segurança para Windows XP (KB955069)
    Actualização de segurança para Windows XP (KB956572)
    Actualização de segurança para Windows XP (KB956744)
    Actualização de segurança para Windows XP (KB956802)
    Actualização de segurança para Windows XP (KB956803)
    Actualização de segurança para Windows XP (KB956844)
    Actualização de segurança para Windows XP (KB958644)
    Actualização de segurança para Windows XP (KB958869)
    Actualização de segurança para Windows XP (KB959426)
    Actualização de segurança para Windows XP (KB960225)
    Actualização de segurança para Windows XP (KB960803)
    Actualização de segurança para Windows XP (KB960859)
    Actualização de segurança para Windows XP (KB961501)
    Actualização de segurança para Windows XP (KB969059)
    Actualização de segurança para Windows XP (KB969947)
    Actualização de segurança para Windows XP (KB970238)
    Actualização de segurança para Windows XP (KB970430)
    Actualização de segurança para Windows XP (KB971468)
    Actualização de segurança para Windows XP (KB971657)
    Actualização de segurança para Windows XP (KB972270)
    Actualização de segurança para Windows XP (KB973354)
    Actualização de segurança para Windows XP (KB973507)
    Actualização de segurança para Windows XP (KB973869)
    Actualização de segurança para Windows XP (KB973904)
    Actualização de segurança para Windows XP (KB974112)
    Actualização de segurança para Windows XP (KB974318)
    Actualização de segurança para Windows XP (KB974392)
    Actualização de segurança para Windows XP (KB974571)
    Actualização de segurança para Windows XP (KB975025)
    Actualização de segurança para Windows XP (KB975467)
    Actualização de segurança para Windows XP (KB975560)
    Actualização de segurança para Windows XP (KB975561)
    Actualização de segurança para Windows XP (KB975562)
    Actualização de segurança para Windows XP (KB975713)
    Actualização de segurança para Windows XP (KB977165-v2)
    Actualização de segurança para Windows XP (KB977816)
    Actualização de segurança para Windows XP (KB977914)
    Actualização de segurança para Windows XP (KB978037)
    Actualização de segurança para Windows XP (KB978251)
    Actualização de segurança para Windows XP (KB978338)
    Actualização de segurança para Windows XP (KB978542)
    Actualização de segurança para Windows XP (KB978601)
    Actualização de segurança para Windows XP (KB978706)
    Actualização de segurança para Windows XP (KB979309)
    Actualização de segurança para Windows XP (KB979482)
    Actualização de segurança para Windows XP (KB979559)
    Actualização de segurança para Windows XP (KB979683)
    Actualização de segurança para Windows XP (KB979687)
    Actualização de segurança para Windows XP (KB980195)
    Actualização de segurança para Windows XP (KB980218)
    Actualização de segurança para Windows XP (KB980232)
    Actualização de segurança para Windows XP (KB980436)
    Actualização de segurança para Windows XP (KB981322)
    Actualização de segurança para Windows XP (KB981852)
    Actualização de segurança para Windows XP (KB981957)
    Actualização de segurança para Windows XP (KB981997)
    Actualização de segurança para Windows XP (KB982132)
    Actualização de segurança para Windows XP (KB982214)
    Actualização de segurança para Windows XP (KB982665)
    Actualização de segurança para Windows XP (KB982802)
    Actualização para Microsoft Windows (KB971513)
    Actualização para Windows Internet Explorer 8 (KB2447568)
    Actualização para Windows Internet Explorer 8 (KB976662)
    Actualização para Windows Internet Explorer 8 (KB978506)
    Actualização para Windows Internet Explorer 8 (KB980182)
    Actualização para Windows XP (KB2141007)
    Actualização para Windows XP (KB2345886)
    Actualização para Windows XP (KB2467659)
    Actualização para Windows XP (KB951978)
    Actualização para Windows XP (KB955759)
    Actualização para Windows XP (KB961503)
    Actualização para Windows XP (KB967715)
    Actualização para Windows XP (KB968389)
    Actualização para Windows XP (KB971029)
    Actualização para Windows XP (KB971737)
    Actualização para Windows XP (KB973687)
    Actualização para Windows XP (KB973815)
    Actualização para Windows XP (KB978207)
    Adobe AIR
    Adobe Download Manager
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.3
    Adobe Shockwave Player 11.5
    AI Direct Link
    AI Suite
    ASUSUpdate
    Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast

    Ethernet Driver
    Atheros Ethernet Utility
    AVG 2011
    Badaboom 1.1.1.241
    CCleaner
    Compatibility Pack for the 2007 Office system
    Cooliris for Internet Explorer
    CorelDRAW Graphics Suite 12
    Curse Client
    DivX Author 1.5
    DivX Setup
    DivX Version Checker
    ElsterFormular 2008/2009
    Entropia Universe
    EPSON Printer Software
    EPU-6 Engine
    Eraser 5.8.7
    Express Gate
    FileZilla Client 3.3.4.1
    Fraps (remove only)
    FW LiveUpdate
    Google Earth
    Google Talk Plugin
    Google Update Helper
    Google Updater
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix para Windows XP (KB2158563)
    Hotfix para Windows XP (KB2443685)
    Hotfix para Windows XP (KB952287)
    Hotfix para Windows XP (KB961118)
    Hotfix para Windows XP (KB981793)
    HotSpot International Toolbar
    Hotspot Shield 1.57
    Java Auto Updater
    Java(TM) 6 Update 22
    Java(TM) 6 Update 24
    Malwarebytes' Anti-Malware
    marvell 61xx
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Portuguese Language Pack
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PTG
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PTG
    Microsoft .NET Framework 3.5 Language Pack SP1 - PTG
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Client Profile PTG Language Pack
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Office Professional Edition 2003
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mozilla Firefox 4.0 (x86 en-US)
    Mozilla Firefox 4.0b7 (x86 en-US)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    n52te Editor
    nHancer
    NVIDIA Drivers
    NVIDIA nView Desktop Manager
    NVIDIA PhysX
    NVIDIA WDM Drivers
    Octoshape add-in for Adobe Flash Player
    OGA Notifier 2.0.0048.0
    Pacote do Fornecedor de Serviço Criptográfico para Cartão Inteligente

    Base da Microsoft
    PC Probe II
    Realtek High Definition Audio Driver
    Recuva
    Revo Uninstaller Pro 2.5.1
    SAMSUNG CDMA Modem Driver Set
    SAMSUNG Mobile USB Modem 1.0 Software
    SAMSUNG Mobile USB Modem Software
    Samsung PC Studio
    Samsung PC Studio 3 USB Driver Installer
    Samsung Samples Installer
    Samsung_MonSetup
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Search 4 - KB963093
    Segoe UI
    Silent Hunter 4 Wolves of the Pacific
    Skype Toolbars
    Skype™ 4.2
    Spybot - Search & Destroy
    System Requirements Lab
    TeamSpeak 2 RC2
    TeamSpeak 3 Client
    Ulead Burn.Now 4.5
    Ulead Burn.Now 4.5 SE
    Ulead PhotoImpact 12
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    VC 9.0 Runtime
    VC80CRTRedist - 8.0.50727.4053
    VLC media player 1.1.7
    Vodafone 804SS USB driver Software
    Vtune 7.4
    WebFldrs XP
    Windows 7 Upgrade Advisor
    Windows Driver Package - Belkin (HidUsb) HIDClass (01/11/2007 1.0)
    Windows Driver Package - MOTOROLA (uisp) USB (09/08/2006 1.2.0.0)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows Management Framework Core
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    World of Warcraft
    World of Warcraft Public Test
    X3 Terran Conflict Rolling Demo
    XML Paper Specification Shared Components Language Pack 1.0
    Zero Assumption Recovery Version 8.4
    ZoneAlarm
    .
    ==== End Of File ===========================


    I'll set the coffee going for you :)
     
  7. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  8. deepblue

    deepblue TS Rookie Topic Starter Posts: 31

    removing Anti virus, so i can scan, but got a question, are you gonna need a scan from Gmer? 'cause i only posted the initial auto scan, looks rather smallish
    ...er... is it gonna be a prob that my Xp is in Portuguese? (my brother thought it was fun at the time since i was born in Portugal but hardly speak the language...it's ...interesting at times like this )
     
  9. deepblue

    deepblue TS Rookie Topic Starter Posts: 31

    comboFix Log

    ComboFix 11-04-06.01 - Greg 07-04-2011 2:57.1.4 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.351.2070.18.3327.2707 [GMT 2:00]
    Executando de: c:\documents and settings\Greg\Os meus documentos\Downloads\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
    .
    .
    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Greg\Application Data\Local
    c:\documents and settings\Greg\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\0.ddi
    c:\documents and settings\Greg\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\1.ddi
    c:\documents and settings\Greg\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\2.ddi
    c:\documents and settings\Greg\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\3.ddi
    c:\documents and settings\Greg\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\4.ddi
    c:\documents and settings\Greg\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\5.ddi
    c:\documents and settings\Greg\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\6.ddi
    c:\documents and settings\Greg\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\7.ddi
    c:\documents and settings\Greg\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\get_video
    c:\documents and settings\Greg\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\get_video(2)
    c:\documents and settings\Greg\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\get_video(2).ddr
    c:\documents and settings\Greg\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\get_video(3)
    c:\documents and settings\Greg\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\get_video(3).ddr
    c:\documents and settings\Greg\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\get_video(4)
    c:\documents and settings\Greg\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\get_video(4).ddr
    c:\documents and settings\Greg\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\get_video(5)
    c:\documents and settings\Greg\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\get_video(5).ddr
    c:\documents and settings\Greg\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\get_video(6)
    c:\documents and settings\Greg\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\get_video(6).ddr
    c:\documents and settings\Greg\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\get_video(7)
    c:\documents and settings\Greg\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\get_video(7).ddr
    c:\documents and settings\Greg\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\get_video.ddr
    c:\documents and settings\Greg\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en.divx
    c:\documents and settings\Greg\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en.divx.ddr
    C:\install.exe
    C:\Thumbs.db
    c:\windows\system32\Thumbs.db
    .
    .
    (((((((((((((((( Arquivos/Ficheiros criados de 2011-03-07 to 2011-04-07 ))))))))))))))))))))))))))))
    .
    .
    2011-04-06 23:02 . 2011-04-06 23:02 -------- d-----w- c:\programas\Ficheiros comuns\Adobe
    2011-04-06 19:13 . 2011-04-06 19:13 -------- d-----w- c:\documents and settings\Greg\Application Data\Malwarebytes
    2011-04-06 19:13 . 2011-04-06 19:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-04-06 19:13 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-04-06 19:13 . 2011-04-06 20:20 -------- d-----w- c:\programas\Malwarebytes' Anti-Malware
    2011-04-06 19:13 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-04-06 17:42 . 2011-04-06 17:42 -------- d-----w- c:\documents and settings\Greg\Definições locais\Application Data\Conduit
    2011-04-06 17:42 . 2011-04-06 17:42 -------- d-----w- c:\programas\Conduit
    2011-04-06 17:42 . 2011-04-06 18:07 -------- d-----w- c:\documents and settings\Greg\Definições locais\Application Data\HotSpot_International
    2011-04-06 17:42 . 2011-04-06 18:08 -------- d-----w- c:\programas\HotSpot_International
    2011-04-06 17:41 . 2011-04-06 17:41 -------- d-----w- C:\Hotspot Shield
    2011-04-06 17:30 . 2011-04-06 17:30 -------- d-----w- c:\documents and settings\Greg\Application Data\CheeseSoft
    2011-04-06 17:30 . 2011-04-06 17:33 -------- d-----w- C:\FU_Backup
    2011-04-06 17:30 . 2011-04-06 17:35 -------- d-----w- c:\programas\FinalUninstaller
    2011-04-06 16:58 . 2011-04-06 17:41 -------- d-----w- c:\programas\Hotspot Shield
    2011-04-06 16:14 . 2010-11-04 18:43 506880 ----a-w- c:\programas\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor.dll
    2011-04-06 15:24 . 2011-04-06 15:24 -------- d-----w- c:\documents and settings\LocalService\Definições locais\Application Data\Adobe
    2011-04-06 15:24 . 2011-04-06 15:24 -------- d-----w- c:\windows\system32\winrm
    2011-04-06 15:23 . 2011-04-06 15:24 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
    2011-04-06 15:22 . 2011-04-06 16:05 -------- d-----w- c:\programas\Windows Desktop Search
    2011-04-06 15:22 . 2011-04-06 15:22 -------- d-----w- c:\windows\system32\GroupPolicy
    2011-04-06 15:22 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
    2011-04-06 15:22 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
    2011-04-06 15:22 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
    2011-04-06 14:59 . 2011-04-06 15:17 -------- d-----w- c:\windows\system32\XPSViewer
    2011-04-06 14:59 . 2011-04-06 14:59 -------- d-----w- c:\programas\MSBuild
    2011-04-06 14:59 . 2011-04-06 14:59 -------- d-----w- c:\programas\Reference Assemblies
    2011-04-06 12:14 . 2011-04-06 12:14 -------- d-----w- c:\documents and settings\Greg\Definições locais\Application Data\VS Revo Group
    2011-04-06 12:14 . 2009-12-30 09:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
    2011-04-06 12:14 . 2011-04-06 12:14 -------- d-----w- c:\programas\VS Revo Group
    2011-04-06 09:48 . 2011-04-06 09:48 -------- d-----w- c:\documents and settings\Greg\Definições locais\Application Data\Thunderbird
    2011-04-06 09:48 . 2011-04-06 09:48 -------- d-----w- c:\documents and settings\Greg\Application Data\Thunderbird
    2011-03-23 23:36 . 2011-03-23 23:36 -------- d-----w- C:\ConvertTemp
    2011-03-23 23:33 . 2011-03-23 23:33 -------- d-----w- c:\documents and settings\Greg\Application Data\SAMSUNG
    2011-03-23 23:26 . 2004-10-22 01:18 749568 ----a-w- c:\programas\Ficheiros comuns\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
    2011-03-23 23:26 . 2004-10-22 01:17 69715 ----a-w- c:\programas\Ficheiros comuns\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
    2011-03-23 23:26 . 2004-10-22 01:17 274432 ----a-w- c:\programas\Ficheiros comuns\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
    2011-03-23 23:26 . 2004-10-22 01:16 180224 ----a-w- c:\programas\Ficheiros comuns\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
    2011-03-23 23:26 . 2004-10-22 01:16 5632 ----a-w- c:\programas\Ficheiros comuns\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
    2011-03-23 23:26 . 2011-03-23 23:26 323716 ----a-w- c:\programas\Ficheiros comuns\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
    2011-03-23 23:26 . 2011-03-23 23:26 192644 ----a-w- c:\programas\Ficheiros comuns\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
    2011-03-23 23:08 . 2011-03-23 23:28 -------- d-----w- c:\windows\system32\Samsung PC Studio Codecs
    2011-03-23 23:06 . 2005-08-30 16:59 94000 ----a-w- c:\windows\system32\drivers\ss_mdm.sys
    2011-03-23 23:06 . 2005-08-30 16:58 8304 ----a-w- c:\windows\system32\drivers\ss_mdfl.sys
    2011-03-23 23:06 . 2005-08-30 16:58 6144 ----a-w- c:\windows\system32\drivers\ss_cmnt.sys
    2011-03-23 23:06 . 2005-08-30 16:58 6144 ----a-w- c:\windows\system32\drivers\ss_cm.sys
    2011-03-23 23:06 . 2005-08-30 16:57 58320 ----a-w- c:\windows\system32\drivers\ss_bus.sys
    2011-03-23 23:06 . 2011-03-23 23:06 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers
    2011-03-23 23:06 . 2005-08-30 16:57 5808 ----a-w- c:\windows\system32\drivers\ss_whnt.sys
    2011-03-23 23:06 . 2005-08-30 16:57 5808 ----a-w- c:\windows\system32\drivers\ss_wh.sys
    2011-03-23 17:34 . 2011-03-18 17:53 142296 ----a-w- c:\programas\Mozilla Firefox\components\browsercomps.dll
    2011-03-23 17:34 . 2011-03-18 17:53 781272 ----a-w- c:\programas\Mozilla Firefox\mozsqlite3.dll
    2011-03-23 17:34 . 2011-03-18 17:53 1874904 ----a-w- c:\programas\Mozilla Firefox\mozjs.dll
    2011-03-23 17:34 . 2011-03-18 17:53 15832 ----a-w- c:\programas\Mozilla Firefox\mozalloc.dll
    2011-03-23 17:34 . 2011-03-18 17:53 728024 ----a-w- c:\programas\Mozilla Firefox\libGLESv2.dll
    2011-03-23 17:34 . 2011-03-18 17:53 142296 ----a-w- c:\programas\Mozilla Firefox\libEGL.dll
    2011-03-23 17:34 . 2011-03-18 17:53 1893336 ----a-w- c:\programas\Mozilla Firefox\d3dx9_42.dll
    2011-03-23 17:34 . 2011-03-18 17:53 1975768 ----a-w- c:\programas\Mozilla Firefox\D3DCompiler_42.dll
    2011-03-12 00:08 . 2011-03-12 00:08 -------- d-----w- c:\programas\Ficheiros comuns\Java
    .
    .
    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-04-05 22:26 . 2011-03-07 15:42 189480 ----a-w- c:\windows\system32\PnkBstrB.exe
    2011-04-05 22:26 . 2009-07-01 22:30 189480 ----a-w- c:\windows\system32\PnkBstrB.xtr
    2011-04-05 16:40 . 2011-03-07 15:42 137544 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2011-03-07 15:47 . 2011-03-07 15:42 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
    2011-02-23 06:27 . 2011-02-23 06:27 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
    2011-02-23 06:27 . 2011-02-23 06:27 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
    2011-02-23 06:27 . 2010-01-12 11:03 61440 ----a-w- c:\windows\system32\OpenCL.dll
    2011-02-23 06:27 . 2010-01-12 11:03 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
    2011-02-23 06:27 . 2009-04-30 21:02 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
    2011-02-23 06:27 . 2009-04-03 09:32 9888384 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
    2011-02-23 06:27 . 2009-04-03 09:32 6398720 ----a-w- c:\windows\system32\nv4_disp.dll
    2011-02-23 06:27 . 2009-04-03 09:32 4980736 ----a-w- c:\windows\system32\nvcuda.dll
    2011-02-23 06:27 . 2009-04-03 09:32 2916968 ----a-w- c:\windows\system32\nvcuvid.dll
    2011-02-23 06:27 . 2009-04-03 09:32 1958400 ----a-w- c:\windows\system32\nvapi.dll
    2011-02-23 06:27 . 2009-04-03 09:32 14671872 ----a-w- c:\windows\system32\nvoglnt.dll
    2011-02-09 13:54 . 2004-08-04 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:54 . 2004-08-04 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-02-02 20:40 . 2010-05-02 10:00 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-02-02 18:19 . 2009-06-26 09:33 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-02-02 07:59 . 2009-06-06 15:46 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2011-01-27 11:57 . 2009-06-06 15:46 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-01-21 14:44 . 2004-08-04 12:00 441344 ----a-w- c:\windows\system32\shimgvw.dll
    2011-01-07 14:09 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
    2011-03-18 17:53 . 2011-03-23 17:34 142296 ----a-w- c:\programas\mozilla firefox\components\browsercomps.dll
    .
    .
    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* entradas vazias e legítimas por defeito não são mostradas.
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{0002ee26-8c11-49eb-9cdf-56eeffef664f}"= "c:\programas\HotSpot_International\tbHotS.dll" [2010-06-13 2734688]
    .
    [HKEY_CLASSES_ROOT\clsid\{0002ee26-8c11-49eb-9cdf-56eeffef664f}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0002ee26-8c11-49eb-9cdf-56eeffef664f}]
    2010-06-13 17:10 2734688 ----a-w- c:\programas\HotSpot_International\tbHotS.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{0002ee26-8c11-49eb-9cdf-56eeffef664f}"= "c:\programas\HotSpot_International\tbHotS.dll" [2010-06-13 2734688]
    .
    [HKEY_CLASSES_ROOT\clsid\{0002ee26-8c11-49eb-9cdf-56eeffef664f}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{0002EE26-8C11-49EB-9CDF-56EEFFEF664F}"= "c:\programas\HotSpot_International\tbHotS.dll" [2010-06-13 2734688]
    .
    [HKEY_CLASSES_ROOT\clsid\{0002ee26-8c11-49eb-9cdf-56eeffef664f}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\programas\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
    "Google Update"="c:\documents and settings\Greg\Definições locais\Application Data\Google\Update\GoogleUpdate.exe" [2010-10-14 136176]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Jomantha"="c:\programas\n52te\n52teHid.exe" [2008-06-13 159744]
    "Six Engine"="c:\program files\ASUS\Six Engine\SixEngine.exe" [2008-06-03 5964800]
    "Ai Nap"="c:\program files\ASUS\Ai Suite\AiNap\AiNap.exe" [2008-05-21 1423360]
    "QFan Help"="c:\program files\ASUS\Ai Suite\QFan3\QFanHelp.exe" [2008-05-06 594432]
    "Cpu Level Up help"="c:\program files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-11-30 881152]
    "Launch Direct Link"="c:\programas\ASUS\AI Direct Link\AsShare.exe" [2007-11-16 1209856]
    "Launch As Cmd Runner"="c:\programas\ASUS\AI Direct Link\AsCmd.exe" [2007-04-11 376832]
    "RTHDCPL"="RTHDCPL.EXE" [2008-07-03 16876032]
    "ZoneAlarm Client"="c:\programas\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
    "DivX Download Manager"="c:\programas\DivX\DivX Plus Web Player\DDmService.exe" [2010-09-02 62776]
    "SunJavaUpdateSched"="c:\programas\Ficheiros comuns\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "DivXUpdate"="c:\programas\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
    "Adobe Reader Speed Launcher"="c:\programas\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
    "Adobe ARM"="c:\programas\Ficheiros comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    c:\documents and settings\WORK\Menu Iniciar\Programas\Arranque\
    OpenOffice.org 3.2.lnk - c:\programas\OpenOffice.org 3\program\quickstart.exe [N/A]
    .
    c:\documents and settings\All Users\Menu Iniciar\Programas\Arranque\
    EPSON Status Monitor 3 Environment Check 2.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2009-7-1 131584]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Name of App]
    2010-08-04 12:55 692317 ----a-w- c:\programas\SAMSUNG\FW LiveUpdate\FWManager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "c:\\Programas\\Curse\\CurseClient.exe"=
    "c:\\Programas\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe"=
    "c:\\Programas\\World of Warcraft\\Launcher.exe"=
    "c:\\Programas\\Java\\jre6\\bin\\java.exe"=
    "c:\\Programas\\World of Warcraft Public Test\\WoW-0.3.0.10522-enGB-ptr-downloader.exe"=
    "c:\\Programas\\World of Warcraft Public Test\\Launcher.exe"=
    "c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
    "c:\\Programas\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Programas\\Skype\\Phone\\Skype.exe"=
    "c:\\Programas\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Documents and Settings\\Greg\\Definições locais\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
    "5985:TCP"= 5985:TCP:*:Disabled:Gestão Remota do Windows
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13-09-2010 16:27 25680]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07-09-2010 4:48 26064]
    R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [22-07-2008 10:01 151592]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07-09-2010 4:48 251728]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [09-11-2010 23:20 299984]
    R2 hshld;Hotspot Shield Service;c:\programas\Hotspot Shield\bin\openvpnas.exe [25-03-2011 3:13 271408]
    R2 HssWd;Hotspot Shield Monitoring Service;c:\programas\Hotspot Shield\bin\hsswd.exe -product HSS --> c:\programas\Hotspot Shield\bin\hsswd.exe -product HSS [?]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19-08-2010 21:42 123472]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19-08-2010 21:42 30288]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19-08-2010 21:42 26192]
    R3 camvid20;Philips ToUcam Camera; Video;c:\windows\system32\drivers\camdrv21.sys [11-07-2009 2:06 223232]
    R3 JmtFltr;n52te;c:\windows\system32\drivers\JmtFltr.sys [06-06-2009 21:09 48896]
    S2 AVGIDSAgent;AVGIDSAgent;"c:\programas\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" --> c:\programas\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [?]
    S2 avgwd;AVG WatchDog;c:\programas\AVG\AVG10\avgwdsvc.exe --> c:\programas\AVG\AVG10\avgwdsvc.exe [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-03-2010 13:16 130384]
    S2 gupdate1c9fc9288585f4c;Serviço Google Update (gupdate1c9fc9288585f4c);c:\programas\Google\Update\GoogleUpdate.exe [04-07-2009 12:30 133104]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\programas\AVG\AVG10\Toolbar\ToolbarBroker.exe --> c:\programas\AVG\AVG10\Toolbar\ToolbarBroker.exe [?]
    S3 EPUSBSTOR;EPSON USB Storage Driver;c:\windows\system32\drivers\epusbsto.sys [10-09-2001 17976]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [04-08-2004 14:00 14336]
    S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [06-04-2011 14:14 27064]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [04-08-2004 14:00 14336]
    S3 WN4501HLFIR(Arcor);Arcor-Easy Stick A 50 WLAN(Arcor);c:\windows\system32\drivers\ARWUSB.sys [31-12-2010 17:21 489472]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-03-2010 13:16 753504]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
    WINRM REG_MULTI_SZ WINRM
    .
    Conteúdo da pasta 'Tarefas Agendadas'
    .
    2011-04-07 c:\windows\Tasks\Google Software Updater.job
    - c:\programas\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-04 10:29]
    .
    2011-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\programas\Google\Update\GoogleUpdate.exe [2009-07-04 10:30]
    .
    2011-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\programas\Google\Update\GoogleUpdate.exe [2009-07-04 10:30]
    .
    .
    ------- Scan Suplementar -------
    .
    uStart Page = hxxp://search.conduit.com/?SearchSource=10&ctid=CT1561552
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - hxxp://www.cooliris.com/shared/plinstll.cab
    FF - ProfilePath - c:\documents and settings\Greg\Application Data\Mozilla\Firefox\Profiles\0nlvzg9x.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    .
    - - - - ORFÃOS REMOVIDOS - - - -
    .
    URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
    AddRemove-AVG - c:\programas\AVG\AVG10\avgmfapx.exe
    AddRemove-HotspotShield - c:\programas\Hotspot Shield\Uninstall.exe
    AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Greg\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-04-07 03:02
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    Procurando processos ocultos ...
    .
    Procurando entradas auto inicializáveis ocultas ...
    .
    Procurando ficheiros/arquivos ocultos ...
    .
    Varredura completada com sucesso
    arquivos/ficheiros ocultos: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
    .
    - - - - - - - > 'explorer.exe'(3808)
    c:\programas\Windows Media Player\wmpband.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Outros Processos em Execução ------------------------
    .
    c:\programas\Ficheiros comuns\EPSON\EBAPI\SAgent2.exe
    c:\programas\Hotspot Shield\HssWPR\hsssrv.exe
    c:\programas\Hotspot Shield\bin\hsswd.exe
    c:\programas\Java\jre6\bin\jqs.exe
    c:\programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\programas\nHancer\nHancerService.exe
    c:\windows\system32\PnkBstrA.exe
    c:\windows\system32\PnkBstrB.exe
    c:\windows\system32\PSIService.exe
    c:\windows\system32\wbem\wmiapsrv.exe
    c:\windows\system32\wscntfy.exe
    c:\programas\n52te\n52teTra.exe
    c:\windows\RTHDCPL.EXE
    c:\programas\Hotspot Shield\bin\openvpntray.exe
    .
    **************************************************************************
    .
    Tempo para conclusão: 2011-04-07 03:07:21 - Máquina reiniciou
    ComboFix-quarantined-files.txt 2011-04-07 01:07
    .
    Pré-execução: 831.457.239.040 bytes livres
    Pós execução: 831.439.880.192 bytes livres
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-PTB.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    - - End Of File - - 7C66B51A6A3B4062AF6BC827958684BD
     
  10. deepblue

    deepblue TS Rookie Topic Starter Posts: 31

    signing off for tonight, but "I'll be back" tomorrow morning.
    thx for all the nice work you guys do. BIG KUDOS.
     
  11. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    GMER log looks fine.

    Combofix log looks good now.

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  12. deepblue

    deepblue TS Rookie Topic Starter Posts: 31

    Good Morning.

    (fixing coffee drip to my arm)

    MORNING :)

    here goes the scan results, keep getting this stupid Hotspot trying to connect to the web, but as i tried and failed to completely uninstall it i re installed it before we started this all in an attempt to do a forced uninstall with Revo, but as my brain was "glazing" i decided to leave it alone and come to you guys.

    OTL Extras logfile created on: 07-04-2011 10:05:55 - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Greg\Os meus documentos\Downloads
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000816 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy

    3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 72,00% Memory free
    5,00 Gb Paging File | 4,00 Gb Available in Paging File | 86,00% Paging File free
    Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programas
    Drive C: | 931,50 Gb Total Space | 781,35 Gb Free Space | 83,88% Space Free | Partition Type: NTFS

    Computer Name: DEEPBLUE12 | User Name: Greg | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-527237240-884357618-1801674531-1003\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Programas\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Programas\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Programas\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring" = 1

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "5985:TCP" = 5985:TCP:*:Disabled:Gestão Remota do Windows

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Programas\Curse\CurseClient.exe" = C:\Programas\Curse\CurseClient.exe:*:Enabled:Curse Client -- ()
    "C:\Programas\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe" = C:\Programas\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
    "C:\Programas\World of Warcraft\Launcher.exe" = C:\Programas\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
    "C:\Programas\Java\jre6\bin\java.exe" = C:\Programas\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
    "C:\Programas\World of Warcraft Public Test\WoW-0.3.0.10522-enGB-ptr-downloader.exe" = C:\Programas\World of Warcraft Public Test\WoW-0.3.0.10522-enGB-ptr-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
    "C:\Programas\World of Warcraft Public Test\Launcher.exe" = C:\Programas\World of Warcraft Public Test\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
    "C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)
    "C:\Documents and Settings\Greg\Definições locais\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Greg\Definições locais\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
    "C:\Programas\AVG\AVG10\avgnsx.exe" = C:\Programas\AVG\AVG10\avgnsx.exe:*:Enabled:protecção Online -- (AVG Technologies CZ, s.r.o.)
    "C:\Programas\AVG\AVG10\avgmfapx.exe" = C:\Programas\AVG\AVG10\avgmfapx.exe:*:Enabled:Instalador AVG -- (AVG Technologies CZ, s.r.o.)
    "C:\Programas\AVG\AVG10\avgemcx.exe" = C:\Programas\AVG\AVG10\avgemcx.exe:*:Enabled:Verificador de E-mail Pessoal -- (AVG Technologies CZ, s.r.o.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{005F78AF-110D-398A-8430-BE98950A1E22}" = Google Talk Plugin
    "{01EAA7C8-C141-44BA-92E4-0B196A9DD0E9}" = Cooliris for Internet Explorer
    "{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
    "{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
    "{0800E395-4DD7-3A93-BB96-08596C0D725F}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PTG
    "{0AC8162B-5175-41D7-B963-8307A40BD456}" = n52te Editor
    "{0D005F09-A5F4-473B-A901-5735C6AF5628}" = Silent Hunter 4 Wolves of the Pacific
    "{0D70FCFE-2102-4951-A56E-22DD07DFA5B6}" = Microsoft .NET Framework 1.1 Portuguese Language Pack
    "{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
    "{11F5D779-7BD9-465A-BBC4-10701386BCB9}" = FW LiveUpdate
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 24
    "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
    "{2D622A15-11C6-489D-84A3-78C7D7EA2789}" = Cooliris for Internet Explorer
    "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
    "{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{350C9816-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
    "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12
    "{55718B4B90B54F7EADC5621C750A14E6}" = DivX Author 1.5
    "{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine
    "{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.1
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7AC15160-A49B-4A89-B181-D4619C025FFF}" = Samsung Samples Installer
    "{7B1DBCBE-DF17-3B58-844C-F572F70EF5C4}" = Microsoft .NET Framework 3.5 Language Pack SP1 - ptg
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{88528F28-E04A-3A93-B3C0-14651148FE82}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PTG
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
    "{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{A0494B41-EBD7-4C0D-91B7-DC39741B27BB}" = Express Gate
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5
    "{A5C92CF6-7B3E-4892-8DE5-125E44D1AD06}" = nHancer
    "{A7894110-9C15-43EF-89E9-060363290188}" = Samsung PC Studio
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
    "{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
    "{B023185F-F1EF-4F97-B0BD-AE6D802226D1}" = NVIDIA WDM Drivers
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B3AEF776-7FFF-4C50-A402-9119E3849EE0}" = AVG 2011
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1" = Eraser 5.8.7
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C312984C-E386-4C2D-B33E-7B54355FB16E}" = AI Direct Link
    "{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{D4E53304-1F6C-4111-9872-1BCD2CF5B642}" = AVG 2011
    "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
    "{F855451C-21E2-3034-B042-E1E66923548A}" = Microsoft .NET Framework 4 Client Profile PTG Language Pack
    "{FB686487-C637-4EEF-BCB1-C92463F2CC05}" = Atheros Ethernet Utility
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "{FFE62AAA-60EC-71CF-0505-740B8E797647}" = Acrobat.com
    "0D91165CEEB2095316E8A04A59CDF0AE4B957C61" = Windows Driver Package - MOTOROLA (uisp) USB (09/08/2006 1.2.0.0)
    "7-Zip" = 7-Zip 9.20
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "AVG" = AVG 2011
    "B3F2F39D9A48AD78A74BA5D236210A6E48B1333C" = Windows Driver Package - Belkin (HidUsb) HIDClass (01/11/2007 1.0)
    "Badaboom" = Badaboom 1.1.1.241
    "CCleaner" = CCleaner
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "DivX Setup.divx.com" = DivX Setup
    "Entropia Universe" = Entropia Universe
    "EPSON Printer and Utilities" = EPSON Printer Software
    "FileZilla Client" = FileZilla Client 3.3.4.1
    "Fraps" = Fraps (remove only)
    "Google Updater" = Google Updater
    "HotSpot_International Toolbar" = HotSpot International Toolbar
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5 SE
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 Language Pack SP1 - ptg" = Microsoft .NET Framework 3.5 Language Pack SP1 - PTG
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile PTG Language Pack" = Microsoft .NET Framework 4 Client Profile PTG Language Pack
    "Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
    "Mozilla Firefox 4.0b7 (x86 en-US)" = Mozilla Firefox 4.0b7 (x86 en-US)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "mv61xxDriver" = marvell 61xx
    "NVIDIA Drivers" = NVIDIA Drivers
    "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
    "Recuva" = Recuva
    "SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
    "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
    "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
    "SystemRequirementsLab" = System Requirements Lab
    "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
    "TeamSpeak 3 Client" = TeamSpeak 3 Client
    "VLC media player" = VLC media player 1.1.7
    "Vodafone 804SS USB driver" = Vodafone 804SS USB driver Software
    "Vtune_is1" = Vtune 7.4
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "World of Warcraft" = World of Warcraft
    "World of Warcraft Public Test" = World of Warcraft Public Test
    "X3TerranConflictRDemo_is1" = X3 Terran Conflict Rolling Demo
    "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
    "Zero Assumption Recovery_is1" = Zero Assumption Recovery Version 8.4
    "ZoneAlarm" = ZoneAlarm

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-527237240-884357618-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "090215de958f1060" = Curse Client
    "2a4f70b48f669acd" = AA3Deploy

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 03-04-2011 21:25:10 | Computer Name = DEEPBLUE12 | Source = Application Error | ID = 1000
    Description = Aplicação em falha , versão 0.0.0.0, módulo em falha unknown, versão
    0.0.0.0, endereço em falha 0x00000000.

    Error - 04-04-2011 16:30:37 | Computer Name = DEEPBLUE12 | Source = Application Error | ID = 1000
    Description = Aplicação em falha , versão 0.0.0.0, módulo em falha unknown, versão
    0.0.0.0, endereço em falha 0x00000000.

    Error - 04-04-2011 21:54:21 | Computer Name = DEEPBLUE12 | Source = Application Error | ID = 1000
    Description = Aplicação em falha , versão 0.0.0.0, módulo em falha unknown, versão
    0.0.0.0, endereço em falha 0x00000000.

    Error - 06-04-2011 7:47:26 | Computer Name = DEEPBLUE12 | Source = Application Hang | ID = 1002
    Description = A desligar a aplicação Au_.exe, versão 6.30.46218.0, modulo de desligar
    hungapp, versão 0.0.0.0, endereço de desligar 0x00000000.

    Error - 06-04-2011 8:36:52 | Computer Name = DEEPBLUE12 | Source = Application Error | ID = 1000
    Description = Aplicação em falha , versão 0.0.0.0, módulo em falha unknown, versão
    0.0.0.0, endereço em falha 0x00000000.

    Error - 06-04-2011 10:49:30 | Computer Name = DEEPBLUE12 | Source = MsiInstaller | ID = 1013
    Description = Produto: Microsoft .NET Framework 3.0 Service Pack 2 -- Microsoft
    .NET Framework 3.0 Service Pack 2 cannot be uninstalled because it will affect other
    applications that are installed. For more information, see http://go.microsoft.com/fwlink/?LinkId=91126.

    Error - 06-04-2011 11:23:31 | Computer Name = DEEPBLUE12 | Source = Windows Search Service | ID = 3024
    Description =

    Error - 06-04-2011 16:40:18 | Computer Name = DEEPBLUE12 | Source = Application Error | ID = 1000
    Description = Aplicação em falha openvpn.exe, versão 0.0.0.0, módulo em falha msvcrt.dll,
    versão 7.0.2600.5512, endereço em falha 0x00037740.

    Error - 06-04-2011 16:40:44 | Computer Name = DEEPBLUE12 | Source = Application Error | ID = 1000
    Description = Aplicação em falha openvpn.exe, versão 0.0.0.0, módulo em falha msvcrt.dll,
    versão 7.0.2600.5512, endereço em falha 0x00037740.

    Error - 06-04-2011 16:41:10 | Computer Name = DEEPBLUE12 | Source = Application Error | ID = 1000
    Description = Aplicação em falha openvpn.exe, versão 0.0.0.0, módulo em falha msvcrt.dll,
    versão 7.0.2600.5512, endereço em falha 0x00037740.

    [ System Events ]
    Error - 06-04-2011 20:51:58 | Computer Name = DEEPBLUE12 | Source = Service Control Manager | ID = 7024
    Description = O serviço Encaminhamento e acesso remoto terminou com o erro específico
    do serviço 2 (0x2).

    Error - 06-04-2011 21:01:45 | Computer Name = DEEPBLUE12 | Source = RemoteAccess | ID = 20103
    Description = Não é possível carregar C:\WINDOWS\System32\iprtrmgr.dll.

    Error - 06-04-2011 21:01:47 | Computer Name = DEEPBLUE12 | Source = Service Control Manager | ID = 7000
    Description = O serviço AVG WatchDog falhou o arranque devido ao seguinte erro:
    %%2

    Error - 06-04-2011 21:01:47 | Computer Name = DEEPBLUE12 | Source = Service Control Manager | ID = 7000
    Description = O serviço AVGIDSAgent falhou o arranque devido ao seguinte erro: %%2

    Error - 06-04-2011 21:01:47 | Computer Name = DEEPBLUE12 | Source = Service Control Manager | ID = 7024
    Description = O serviço Encaminhamento e acesso remoto terminou com o erro específico
    do serviço 2 (0x2).

    Error - 06-04-2011 21:21:16 | Computer Name = DEEPBLUE12 | Source = BROWSER | ID = 8032
    Description = O serviço de browser falhou na obtenção da lista de secundários demasiadas
    vezes no transporte \Device\NetBT_Tcpip_{7DD2F84C-3982-4C56-84AB-2B3E62C430B0}.
    O
    browser secundário está a ser parado.

    Error - 06-04-2011 21:33:10 | Computer Name = DEEPBLUE12 | Source = RemoteAccess | ID = 20103
    Description = Não é possível carregar C:\WINDOWS\System32\iprtrmgr.dll.

    Error - 06-04-2011 21:33:27 | Computer Name = DEEPBLUE12 | Source = Service Control Manager | ID = 7024
    Description = O serviço Encaminhamento e acesso remoto terminou com o erro específico
    do serviço 2 (0x2).

    Error - 06-04-2011 21:37:38 | Computer Name = DEEPBLUE12 | Source = BROWSER | ID = 8032
    Description = O serviço de browser falhou na obtenção da lista de secundários demasiadas
    vezes no transporte \Device\NetBT_Tcpip_{7DD2F84C-3982-4C56-84AB-2B3E62C430B0}.
    O
    browser secundário está a ser parado.

    Error - 06-04-2011 21:51:33 | Computer Name = DEEPBLUE12 | Source = atapi | ID = 262153
    Description = O dispositivo, \Device\Ide\IdePort0, não respondeu dentro do tempo
    limite.


    < End of report >
     
  13. deepblue

    deepblue TS Rookie Topic Starter Posts: 31

    OTL logfile created on: 07-04-2011 10:05:55 - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Greg\Os meus documentos\Downloads
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000816 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy

    3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 72,00% Memory free
    5,00 Gb Paging File | 4,00 Gb Available in Paging File | 86,00% Paging File free
    Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programas
    Drive C: | 931,50 Gb Total Space | 781,35 Gb Free Space | 83,88% Space Free | Partition Type: NTFS

    Computer Name: DEEPBLUE12 | User Name: Greg | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011-04-07 10:02:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Greg\Os meus documentos\Downloads\OTL.exe
    PRC - [2011-03-25 03:14:46 | 000,108,080 | ---- | M] () -- C:\Programas\Hotspot Shield\bin\openvpntray.exe
    PRC - [2011-03-25 03:13:06 | 000,271,408 | ---- | M] () -- C:\Programas\Hotspot Shield\bin\openvpnas.exe
    PRC - [2011-03-21 23:10:00 | 001,230,704 | ---- | M] () -- C:\Programas\DivX\DivX Update\DivXUpdate.exe
    PRC - [2011-03-18 19:53:06 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programas\Mozilla Firefox\firefox.exe
    PRC - [2011-01-07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programas\AVG\AVG10\avgtray.exe
    PRC - [2011-01-06 15:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programas\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
    PRC - [2011-01-05 20:30:36 | 000,352,304 | ---- | M] (AnchorFree Inc.) -- C:\Programas\Hotspot Shield\HssWPR\hsssrv.exe
    PRC - [2010-10-29 15:49:28 | 000,249,064 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programas\Ficheiros comuns\Java\Java Update\jusched.exe
    PRC - [2010-10-22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programas\AVG\AVG10\avgwdsvc.exe
    PRC - [2010-10-15 20:42:14 | 000,326,704 | ---- | M] () -- C:\Programas\Hotspot Shield\bin\hsswd.exe
    PRC - [2010-09-02 06:38:58 | 000,062,776 | ---- | M] () -- C:\Programas\DivX\DivX Plus Web Player\DDMService.exe
    PRC - [2009-04-26 13:15:18 | 000,039,936 | ---- | M] (KSE - Korndörfer Software Engineering) -- C:\Programas\nHancer\nHancerService.exe
    PRC - [2008-06-13 12:19:46 | 000,159,744 | ---- | M] (Razer USA Ltd.) -- C:\Programas\n52te\n52teHid.exe
    PRC - [2008-06-03 02:06:34 | 005,964,800 | ---- | M] () -- C:\Program Files\ASUS\Six Engine\SixEngine.exe
    PRC - [2008-05-21 14:30:26 | 001,423,360 | ---- | M] () -- C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
    PRC - [2008-04-24 18:57:12 | 000,110,592 | ---- | M] () -- C:\Programas\n52te\n52teTra.exe
    PRC - [2008-04-14 18:09:47 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007-11-16 16:12:44 | 001,209,856 | ---- | M] () -- C:\Programas\ASUS\AI Direct Link\AsShare.exe
    PRC - [2007-06-05 14:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
    PRC - [2003-06-20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
    PRC - [2001-10-25 02:02:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programas\Ficheiros comuns\EPSON\EBAPI\SAgent2.exe


    ========== Modules (SafeList) ==========

    MOD - [2011-04-07 10:02:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Greg\Os meus documentos\Downloads\OTL.exe
    MOD - [2010-08-23 18:12:34 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- -- (AVG Security Toolbar Service)
    SRV - [2011-03-25 03:14:52 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Programas\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
    SRV - [2011-03-25 03:13:06 | 000,271,408 | ---- | M] () [Auto | Running] -- C:\Programas\Hotspot Shield\bin\openvpnas.exe -- (hshld)
    SRV - [2011-01-06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Programas\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
    SRV - [2011-01-05 20:30:36 | 000,352,304 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Programas\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
    SRV - [2010-10-22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programas\AVG\AVG10\avgwdsvc.exe -- (avgwd)
    SRV - [2010-10-15 20:42:14 | 000,326,704 | ---- | M] () [Auto | Running] -- C:\Programas\Hotspot Shield\bin\hsswd.exe -- (HssWd)
    SRV - [2010-08-13 09:13:32 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programas\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
    SRV - [2010-06-23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stopped] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
    SRV - [2009-04-26 13:15:18 | 000,039,936 | ---- | M] (KSE - Korndörfer Software Engineering) [Auto | Running] -- C:\Programas\nHancer\nHancerService.exe -- (nHancer)
    SRV - [2007-06-05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
    SRV - [2003-07-28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programas\Ficheiros comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
    SRV - [2003-06-20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
    SRV - [2001-10-25 02:02:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programas\Ficheiros comuns\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2)


    ========== Driver Services (SafeList) ==========

    DRV - [2011-04-05 18:40:08 | 000,137,544 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
    DRV - [2010-12-08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2010-11-12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2010-09-22 21:19:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
    DRV - [2010-09-13 15:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
    DRV - [2010-09-07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2010-09-07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
    DRV - [2010-08-03 15:23:36 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
    DRV - [2010-08-03 15:23:34 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
    DRV - [2010-08-03 15:23:32 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
    DRV - [2010-05-13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
    DRV - [2009-12-30 11:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
    DRV - [2009-04-03 11:32:06 | 000,141,246 | ---- | M] (NVIDIA Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\NVCAP.SYS -- (nvcap) nVidia WDM Video Capture (universal)
    DRV - [2009-04-03 11:32:06 | 000,016,176 | ---- | M] (NVIDIA Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\NVXBAR.SYS -- (NVXBAR)
    DRV - [2008-09-23 19:15:00 | 000,038,400 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
    DRV - [2008-07-22 10:01:34 | 000,151,592 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mv61xx.sys -- (mv61xx)
    DRV - [2008-07-03 11:03:00 | 004,745,216 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2007-12-17 11:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
    DRV - [2007-09-27 15:46:12 | 000,048,896 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\JmtFltr.sys -- (JmtFltr)
    DRV - [2007-09-19 18:01:06 | 000,012,672 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vhidmini.sys -- (vhidmini)
    DRV - [2007-03-16 11:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel)
    DRV - [2006-12-04 13:10:34 | 000,489,472 | R--- | M] (Arcor) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ARWUSB.sys -- (WN4501HLFIR(Arcor)) Arcor-Easy Stick A 50 WLAN(Arcor)
    DRV - [2005-08-30 18:59:00 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
    DRV - [2005-08-30 18:58:56 | 000,008,304 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
    DRV - [2005-08-30 18:57:18 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
    DRV - [2004-12-23 05:47:10 | 000,027,392 | R--- | M] (Ulead Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ULCDRHlp.sys -- (ULCDRHlp)
    DRV - [2004-08-13 12:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
    DRV - [2001-09-10 00:00:00 | 000,017,976 | ---- | M] (SEIKO EPSON CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\epusbsto.sys -- (EPUSBSTOR)
    DRV - [2001-08-17 21:04:46 | 000,223,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camdrv21.sys -- (camvid20)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-527237240-884357618-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?SearchSource=10&ctid=CT1561552
    IE - HKU\S-1-5-21-527237240-884357618-1801674531-1003\..\URLSearchHook: {0002ee26-8c11-49eb-9cdf-56eeffef664f} - C:\Programas\HotSpot_International\tbHotS.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-527237240-884357618-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
    FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36605
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.4.6
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1167
    FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1178
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: djziggy@gmail.com:1.2.9

    FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programas\DivX\DivX Plus Web Player\firefox\html5video [2010-09-12 01:17:59 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Programas\DivX\DivX Plus Web Player\firefox\wpa [2010-09-12 01:18:00 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Programas\AVG\AVG10\Firefox\ [2011-04-07 03:28:21 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Programas\AVG\AVG10\Toolbar\Firefox\avg@igeared
    FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Programas\AVG\AVG10\Firefox4\ [2011-04-07 03:28:21 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Programas\Mozilla Firefox\components [2011-03-23 19:34:15 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Programas\Mozilla Firefox\plugins [2011-04-07 01:02:24 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Components: C:\Programas\Mozilla Firefox 4.0 Beta 7\components [2010-12-10 14:12:02 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Plugins: C:\Programas\Mozilla Firefox 4.0 Beta 7\plugins

    [2011-04-06 11:48:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Greg\Application Data\mozilla\Extensions
    [2011-04-06 11:48:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Greg\Application Data\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2011-04-07 02:29:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Greg\Application Data\mozilla\Firefox\Profiles\0nlvzg9x.default\extensions
    [2010-04-28 07:08:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Greg\Application Data\mozilla\Firefox\Profiles\0nlvzg9x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010-12-10 14:12:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Greg\Application Data\mozilla\Firefox\Profiles\0nlvzg9x.default\extensions\nostmp
    [2011-03-25 23:10:07 | 000,000,000 | ---D | M] (Cooliris) -- C:\Documents and Settings\Greg\Application Data\mozilla\Firefox\Profiles\0nlvzg9x.default\extensions\piclens@cooliris.com
    [2011-04-06 18:14:45 | 000,000,000 | ---D | M] (No name found) -- C:\Programas\Mozilla Firefox\extensions
    [2010-05-02 12:00:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010-07-29 12:42:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010-10-21 07:54:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011-03-12 02:08:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2011-04-06 18:14:45 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Programas\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
    File not found (No name found) --
    () (No name found) -- C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0NLVZG9X.DEFAULT\EXTENSIONS\{75CEEE46-9B64-46F8-94BF-54012DE155F0}.XPI
    () (No name found) -- C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0NLVZG9X.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
    [2011-04-07 03:28:21 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAMAS\AVG\AVG10\FIREFOX4
    [2009-06-26 11:32:55 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMAS\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2011-03-18 19:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programas\Mozilla Firefox\components\browsercomps.dll
    [2011-02-02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programas\Mozilla Firefox\plugins\npdeployJava1.dll
    [2010-01-01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programas\Mozilla Firefox\searchplugins\bing.xml

    O1 HOSTS File: ([2011-04-07 03:02:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (HotSpot International Toolbar) - {0002ee26-8c11-49eb-9cdf-56eeffef664f} - C:\Programas\HotSpot_International\tbHotS.dll (Conduit Ltd.)
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programas\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programas\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programas\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programas\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
    O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Programas\PicLensIE\cooliris.dll (Cooliris Inc.)
    O3 - HKLM\..\Toolbar: (HotSpot International Toolbar) - {0002ee26-8c11-49eb-9cdf-56eeffef664f} - C:\Programas\HotSpot_International\tbHotS.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-527237240-884357618-1801674531-1003\..\Toolbar\WebBrowser: (HotSpot International Toolbar) - {0002EE26-8C11-49EB-9CDF-56EEFFEF664F} - C:\Programas\HotSpot_International\tbHotS.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [Adobe ARM] C:\Programas\Ficheiros comuns\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programas\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Ai Nap] C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe ()
    O4 - HKLM..\Run: [AVG_TRAY] C:\Programas\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe ()
    O4 - HKLM..\Run: [DivX Download Manager] C:\Programas\DivX\DivX Plus Web Player\DDmService.exe ()
    O4 - HKLM..\Run: [DivXUpdate] C:\Programas\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [Jomantha] C:\Programas\n52te\n52teHid.exe (Razer USA Ltd.)
    O4 - HKLM..\Run: [Launch As Cmd Runner] C:\Programas\ASUS\AI Direct Link\AsCmd.exe ()
    O4 - HKLM..\Run: [Launch Direct Link] C:\Programas\ASUS\AI Direct Link\AsShare.exe ()
    O4 - HKLM..\Run: [QFan Help] C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe ()
    O4 - HKLM..\Run: [Six Engine] C:\Program Files\ASUS\Six Engine\SixEngine.exe ()
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programas\Ficheiros comuns\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [ZoneAlarm Client] C:\Programas\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
    O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque\EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE (SEIKO EPSON CORPORATION)
    O4 - Startup: C:\Documents and Settings\WORK\Menu Iniciar\Programas\Arranque\OpenOffice.org 3.2.lnk = File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-527237240-884357618-1801674531-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-527237240-884357618-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-527237240-884357618-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-527237240-884357618-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Programas\PicLensIE\cooliris.dll (Cooliris Inc.)
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programas\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1244304484828 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1244306135750 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
    O16 - DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} http://www.cooliris.com/shared/plinstll.cab (Reg Error: Value error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programas\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programas\Ficheiros comuns\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programas\Ficheiros comuns\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programas\Ficheiros comuns\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programas\Ficheiros comuns\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programas\Ficheiros comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop Components:0 (A minha home page actual) - About:Home
    O24 - Desktop WallPaper: C:\Documents and Settings\Greg\Definições locais\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Greg\Definições locais\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009-06-06 17:48:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Programas\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Programas\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.dvacm - C:\Programas\Ficheiros comuns\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
    Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
     
  14. deepblue

    deepblue TS Rookie Topic Starter Posts: 31

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902109354000384)

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.dvacm - C:\Programas\Ficheiros comuns\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
    Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902109354000384)

    ========== Files/Folders - Created Within 30 Days ==========

    [2011-04-07 03:28:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\AVG 2011
    [2011-04-07 02:56:30 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011-04-07 02:53:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011-04-07 02:53:18 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011-04-07 02:53:18 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011-04-07 02:53:18 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011-04-07 02:53:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011-04-07 02:22:27 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011-04-07 01:02:12 | 000,000,000 | ---D | C] -- C:\Programas\Ficheiros comuns\Adobe
    [2011-04-07 00:34:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Ambiente de trabalho\HOTSHIELD PROB
    [2011-04-06 21:13:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Application Data\Malwarebytes
    [2011-04-06 21:13:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2011-04-06 21:13:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Malwarebytes' Anti-Malware
    [2011-04-06 21:13:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2011-04-06 21:13:29 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011-04-06 21:13:29 | 000,000,000 | ---D | C] -- C:\Programas\Malwarebytes' Anti-Malware
    [2011-04-06 19:42:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Definições locais\Application Data\Conduit
    [2011-04-06 19:42:36 | 000,000,000 | ---D | C] -- C:\Programas\Conduit
    [2011-04-06 19:42:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Definições locais\Application Data\HotSpot_International
    [2011-04-06 19:42:34 | 000,000,000 | ---D | C] -- C:\Programas\HotSpot_International
    [2011-04-06 19:41:22 | 000,000,000 | ---D | C] -- C:\Hotspot Shield
    [2011-04-06 19:41:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Hotspot Shield
    [2011-04-06 19:30:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Application Data\CheeseSoft
    [2011-04-06 19:30:13 | 000,000,000 | ---D | C] -- C:\FU_Backup
    [2011-04-06 19:30:08 | 000,000,000 | ---D | C] -- C:\Programas\FinalUninstaller
    [2011-04-06 18:58:11 | 000,000,000 | ---D | C] -- C:\Programas\Hotspot Shield
    [2011-04-06 17:24:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Definições locais\Application Data\Adobe
    [2011-04-06 17:24:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
    [2011-04-06 17:24:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
    [2011-04-06 17:23:57 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
    [2011-04-06 17:22:59 | 000,000,000 | ---D | C] -- C:\Programas\Windows Desktop Search
    [2011-04-06 17:22:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
    [2011-04-06 16:59:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
    [2011-04-06 16:59:38 | 000,000,000 | ---D | C] -- C:\Programas\MSBuild
    [2011-04-06 16:59:29 | 000,000,000 | ---D | C] -- C:\Programas\Reference Assemblies
    [2011-04-06 14:23:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
    [2011-04-06 14:14:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Definições locais\Application Data\VS Revo Group
    [2011-04-06 14:14:35 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys
    [2011-04-06 14:14:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Revo Uninstaller Pro
    [2011-04-06 14:14:34 | 000,000,000 | ---D | C] -- C:\Programas\VS Revo Group
    [2011-04-06 12:51:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Ambiente de trabalho\OpenOffice.org 3.3 (en-US) Installation Files
    [2011-04-06 11:48:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Definições locais\Application Data\Thunderbird
    [2011-04-06 11:48:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Application Data\Thunderbird
    [2011-03-30 02:14:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\7-Zip
    [2011-03-24 01:36:40 | 000,000,000 | ---D | C] -- C:\ConvertTemp
    [2011-03-24 01:36:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Os meus documentos\Samsung PC Studio 3
    [2011-03-24 01:33:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Application Data\SAMSUNG
    [2011-03-24 01:28:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Samsung PC Studio
    [2011-03-24 01:28:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Os meus documentos\Samsung PC Studio
    [2011-03-24 01:08:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Samsung PC Studio Codecs
    [2011-03-24 01:06:46 | 000,094,000 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\ss_mdm.sys
    [2011-03-24 01:06:46 | 000,058,320 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\ss_bus.sys
    [2011-03-24 01:06:46 | 000,008,304 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\ss_mdfl.sys
    [2011-03-24 01:06:46 | 000,006,144 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\ss_cmnt.sys
    [2011-03-24 01:06:46 | 000,006,144 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\ss_cm.sys
    [2011-03-24 01:06:45 | 000,005,808 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\ss_whnt.sys
    [2011-03-24 01:06:45 | 000,005,808 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\ss_wh.sys
    [2011-03-24 01:06:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Samsung_USB_Drivers
    [2011-03-12 02:08:57 | 000,000,000 | ---D | C] -- C:\Programas\Ficheiros comuns\Java
    [2009-06-26 21:47:25 | 001,469,952 | ---- | C] (Toshiba Samsung Storage Technology Corporation) -- C:\Documents and Settings\Greg\Application Data\tsdnwin.dll

    ========== Files - Modified Within 30 Days ==========

    [2011-04-07 09:30:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011-04-07 03:34:50 | 111,823,162 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
    [2011-04-07 03:33:44 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011-04-07 03:32:59 | 000,000,952 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
    [2011-04-07 03:32:48 | 000,000,874 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011-04-07 03:32:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011-04-07 03:28:46 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\AVG 2011.lnk
    [2011-04-07 03:02:37 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011-04-07 02:56:34 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2011-04-07 02:25:03 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\Greg\Ambiente de trabalho\Atalho para ComboFix.lnk
    [2011-04-07 01:02:24 | 000,001,714 | ---- | M] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Adobe Reader X.lnk
    [2011-04-06 21:13:33 | 000,000,756 | ---- | M] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Malwarebytes' Anti-Malware.lnk
    [2011-04-06 19:41:05 | 006,014,048 | ---- | M] () -- C:\Documents and Settings\Greg\Ambiente de trabalho\HSS-1.57-install-anchorfree-238-conduit2[1].exe
    [2011-04-06 18:57:50 | 005,807,264 | ---- | M] () -- C:\Documents and Settings\Greg\Ambiente de trabalho\HSS-1.57-install-anchorfree-76-conduit.exe
    [2011-04-06 18:14:13 | 006,014,048 | ---- | M] () -- C:\Documents and Settings\Greg\Ambiente de trabalho\HSS-1.57-install-anchorfree-238-conduit2.exe
    [2011-04-06 17:58:13 | 000,531,716 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat
    [2011-04-06 17:58:13 | 000,481,136 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011-04-06 17:58:13 | 000,093,326 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat
    [2011-04-06 17:58:13 | 000,079,210 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011-04-06 17:32:39 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011-04-06 17:27:19 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
    [2011-04-06 17:27:18 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
    [2011-04-06 17:21:52 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2011-04-06 17:09:15 | 000,327,504 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011-04-06 17:07:08 | 000,252,316 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
    [2011-04-06 17:07:08 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
    [2011-04-06 14:44:21 | 000,001,721 | ---- | M] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\DivX Plus Converter.lnk
    [2011-04-06 14:44:21 | 000,001,493 | ---- | M] () -- C:\Documents and Settings\Greg\Ambiente de trabalho\DivX Movies.lnk
    [2011-04-06 14:14:36 | 000,000,897 | ---- | M] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Revo Uninstaller Pro.lnk
    [2011-04-06 00:26:24 | 000,189,480 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
    [2011-04-05 18:40:08 | 000,137,544 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
    [2011-04-01 13:42:56 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003 (2).lnk
    [2011-03-30 02:13:52 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\CCleaner.lnk
    [2011-03-29 23:56:40 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\Greg\Ambiente de trabalho\World of Warcraft.lnk
    [2011-03-24 01:50:08 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
    [2011-03-24 01:28:41 | 000,001,747 | ---- | M] () -- C:\Documents and Settings\Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung PC Studio 3.lnk
    [2011-03-24 01:28:41 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Samsung PC Studio 3.lnk
    [2011-03-23 19:34:17 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2011-03-23 19:34:17 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Mozilla Firefox.lnk
    [2011-03-16 19:03:47 | 000,060,847 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
    [2011-03-16 12:12:32 | 000,002,465 | ---- | M] () -- C:\Documents and Settings\Greg\Ambiente de trabalho\CorelDRAW 12.lnk
    [2011-03-13 00:20:13 | 000,000,691 | ---- | M] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\VLC media player.lnk
    [2011-03-08 18:54:33 | 000,000,316 | ---- | M] () -- C:\Documents and Settings\Greg\Ambiente de trabalho\AA3Deploy.appref-ms

    ========== Files Created - No Company Name ==========

    [2011-04-07 03:28:46 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\AVG 2011.lnk
    [2011-04-07 02:56:34 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2011-04-07 02:56:31 | 000,261,920 | RHS- | C] () -- C:\cmldr
    [2011-04-07 02:53:18 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011-04-07 02:53:18 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011-04-07 02:53:18 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011-04-07 02:53:18 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011-04-07 02:53:18 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011-04-07 02:25:03 | 000,000,944 | ---- | C] () -- C:\Documents and Settings\Greg\Ambiente de trabalho\Atalho para ComboFix.lnk
    [2011-04-07 01:02:24 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Adobe Reader X.lnk
    [2011-04-07 01:02:24 | 000,001,714 | ---- | C] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Adobe Reader X.lnk
    [2011-04-06 21:13:33 | 000,000,756 | ---- | C] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Malwarebytes' Anti-Malware.lnk
    [2011-04-06 19:40:48 | 006,014,048 | ---- | C] () -- C:\Documents and Settings\Greg\Ambiente de trabalho\HSS-1.57-install-anchorfree-238-conduit2[1].exe
    [2011-04-06 18:57:33 | 005,807,264 | ---- | C] () -- C:\Documents and Settings\Greg\Ambiente de trabalho\HSS-1.57-install-anchorfree-76-conduit.exe
    [2011-04-06 18:13:55 | 006,014,048 | ---- | C] () -- C:\Documents and Settings\Greg\Ambiente de trabalho\HSS-1.57-install-anchorfree-238-conduit2.exe
    [2011-04-06 14:44:21 | 000,001,721 | ---- | C] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\DivX Plus Converter.lnk
    [2011-04-06 14:14:36 | 000,000,897 | ---- | C] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Revo Uninstaller Pro.lnk
    [2011-03-24 01:28:41 | 000,001,747 | ---- | C] () -- C:\Documents and Settings\Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung PC Studio 3.lnk
    [2011-03-24 01:28:41 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Samsung PC Studio 3.lnk
    [2011-03-24 01:09:15 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
    [2011-03-23 19:34:17 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Mozilla Firefox.lnk
    [2011-03-13 00:20:13 | 000,000,691 | ---- | C] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\VLC media player.lnk
    [2011-03-10 02:32:48 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
    [2011-03-08 18:54:33 | 000,000,316 | ---- | C] () -- C:\Documents and Settings\Greg\Ambiente de trabalho\AA3Deploy.appref-ms
    [2011-03-07 17:42:18 | 000,137,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
    [2011-03-07 17:42:07 | 000,189,480 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
    [2011-03-07 17:42:02 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
    [2011-02-23 21:55:07 | 000,000,431 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
    [2011-02-23 21:55:07 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
    [2010-10-10 14:19:42 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
    [2010-10-10 14:19:39 | 000,252,316 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
    [2010-10-10 14:19:39 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
    [2010-03-13 19:21:31 | 000,000,013 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
    [2010-02-11 17:12:00 | 002,128,896 | ---- | C] () -- C:\Documents and Settings\Greg\Definições locais\Application Data\cooliris-win-ie-release-1.11.7.31969.en-US.msi
    [2009-10-19 15:55:27 | 002,124,288 | ---- | C] () -- C:\Documents and Settings\Greg\Definições locais\Application Data\cooliris-win-ie-release-1.11.5.29501.en-US.msi
    [2009-08-03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2009-08-03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
    [2009-08-01 23:34:07 | 002,119,680 | ---- | C] () -- C:\Documents and Settings\Greg\Definições locais\Application Data\cooliris-win-ie-release-1.11.2.27471.en-US.msi
    [2009-07-20 17:34:14 | 000,079,872 | ---- | C] () -- C:\Documents and Settings\Greg\Definições locais\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009-07-11 02:04:07 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
    [2009-07-02 00:29:32 | 000,139,152 | ---- | C] () -- C:\Documents and Settings\Greg\Application Data\PnkBstrK.sys
    [2009-07-01 18:22:36 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
    [2009-06-26 21:45:57 | 000,000,438 | ---- | C] () -- C:\Documents and Settings\Greg\Application Data\SamsungLiveUpdateConfig.ini
    [2009-06-12 22:02:04 | 002,177,024 | ---- | C] () -- C:\Documents and Settings\Greg\Definições locais\Application Data\cooliris-win-ie-release-1.10.1.25877.en-US.msi
    [2009-06-12 20:33:50 | 000,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
    [2009-06-12 20:33:50 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\2F70016F8B.sys
    [2009-06-08 10:32:42 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2009-06-06 21:09:25 | 000,048,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\JmtFltr.sys
    [2009-06-06 19:11:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2009-06-06 18:57:28 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
    [2009-06-06 18:30:01 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2009-06-06 18:27:30 | 000,327,504 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2009-06-06 17:56:10 | 000,038,061 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
    [2009-06-06 17:52:57 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
    [2009-06-06 17:52:49 | 000,037,154 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
    [2009-06-06 17:52:49 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
    [2009-06-06 17:49:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2009-06-06 17:46:42 | 000,023,668 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2009-06-06 17:12:54 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
    [2009-06-06 17:12:54 | 000,012,400 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
    [2009-06-06 17:12:52 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
    [2009-06-06 17:12:52 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
    [2009-04-30 23:02:00 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
    [2008-11-06 18:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
    [2007-06-05 14:20:32 | 000,177,704 | ---- | C] () -- C:\WINDOWS\System32\PSIService.exe
    [2005-07-12 15:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
    [2004-08-04 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2004-08-04 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2004-08-04 14:00:00 | 000,531,716 | ---- | C] () -- C:\WINDOWS\System32\perfh016.dat
    [2004-08-04 14:00:00 | 000,481,136 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2004-08-04 14:00:00 | 000,314,414 | ---- | C] () -- C:\WINDOWS\System32\perfi016.dat
    [2004-08-04 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2004-08-04 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2004-08-04 14:00:00 | 000,093,326 | ---- | C] () -- C:\WINDOWS\System32\perfc016.dat
    [2004-08-04 14:00:00 | 000,079,210 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2004-08-04 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2004-08-04 14:00:00 | 000,036,952 | ---- | C] () -- C:\WINDOWS\System32\perfd016.dat
    [2004-08-04 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2004-08-04 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004-08-04 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2004-08-04 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2004-08-04 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2004-03-23 17:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
    [2003-03-14 13:24:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ZyDelReg.exe
    [2003-01-07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

    ========== LOP Check ==========

    [2011-02-25 18:27:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AA2DeployClient
    [2009-07-15 11:55:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AA3DeployClient
    [2010-12-08 15:20:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
    [2011-04-07 03:29:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
    [2010-11-28 13:18:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2010-06-03 18:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
    [2010-11-02 19:18:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CCP
    [2010-11-28 13:25:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2011-04-07 03:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2009-08-10 16:39:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nHancer
    [2010-04-20 03:02:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2009-06-12 20:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
    [2009-06-12 22:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
    [2010-07-29 12:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fofinha\Application Data\n52te
    [2010-11-28 13:26:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\AVG10
    [2011-04-06 19:30:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\CheeseSoft
    [2009-11-24 19:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\com.adobe.example.avatarAirApplication.199ED43C2CFEB351CD0244628B93195D7C58F98C.1
    [2010-03-31 11:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2010-10-30 16:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\EveHQ
    [2010-11-17 03:19:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\EVEMon
    [2010-11-11 05:31:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\FileZilla
    [2010-08-11 15:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\ICQ
    [2009-06-06 21:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\n52te
    [2009-07-02 18:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\nHancer
    [2010-10-21 18:18:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\OpenOffice.org
    [2010-08-20 21:40:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\Pegasys Inc
    [2011-03-24 01:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\SAMSUNG
    [2010-08-20 22:22:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\Sony
    [2009-08-10 16:23:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\SystemRequirementsLab
    [2011-04-06 11:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\Thunderbird
    [2010-11-12 04:53:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\TS3Client
    [2010-08-11 15:46:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\TuneUp Software
    [2009-06-12 21:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\Ulead Systems
    [2010-04-26 14:07:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\uTorrent
    [2010-07-06 00:54:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WORK\Application Data\n52te
    [2010-07-06 02:28:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WORK\Application Data\OpenOffice.org
    [2010-07-06 01:27:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WORK\Application Data\Thunderbird

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < >

    < %SYSTEMDRIVE%\*.* >
    [2009-06-06 17:48:32 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2010-03-17 10:44:21 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2011-04-07 02:56:34 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2004-08-04 14:00:00 | 000,004,952 | RHS- | M] () -- C:\bootfont.bin
    [2004-08-03 23:00:02 | 000,261,920 | RHS- | M] () -- C:\cmldr
    [2011-04-07 03:07:21 | 000,023,086 | ---- | M] () -- C:\ComboFix.txt
    [2009-06-06 17:48:32 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
    [2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
    [2007-11-07 09:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
    [2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
    [2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
    [2007-11-07 09:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
    [2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
    [2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
    [2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
    [2007-11-07 09:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2007-11-07 09:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2007-11-07 09:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2007-11-07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2007-11-07 09:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2007-11-07 09:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2007-11-07 09:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2007-11-07 09:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2007-11-07 09:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2007-11-07 09:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2007-11-07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2009-06-06 17:48:32 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2009-06-06 17:48:32 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2004-08-04 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2009-06-06 18:22:10 | 000,251,120 | RHS- | M] () -- C:\ntldr
    [2011-04-07 03:32:20 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
    [2009-06-12 19:21:16 | 000,000,789 | ---- | M] () -- C:\RHDSetup.log
    [2010-08-11 12:57:12 | 000,000,046 | -H-- | M] () -- C:\splash.idx
    [2007-11-07 09:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2007-11-07 09:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
    [2007-11-07 09:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
    [2008-08-15 20:02:18 | 000,005,632 | -H-- | M] () -- C:\version

    < %systemroot%\Fonts\*.com >
    [2006-04-18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006-06-29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006-04-18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006-06-29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2010-03-17 10:47:33 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008-07-06 14:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2007-04-09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
    [2008-07-06 12:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >
    [2010-12-31 15:51:51 | 000,001,666 | -H-- | M] () -- C:\Documents and Settings\Greg\Application Data\Microsoft\LastFlashConfig.WFC

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2010-03-17 11:24:32 | 000,524,288 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2010-03-17 10:09:24 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
    [2010-03-17 11:24:32 | 027,000,832 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2010-03-17 11:24:32 | 005,242,880 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >
    [2009-06-12 21:42:19 | 000,006,144 | ---- | M] () -- C:\WINDOWS\system32\SV_SQL3_Config.db
    [2009-06-12 21:41:07 | 000,002,048 | ---- | M] () -- C:\WINDOWS\system32\SV_SQL3_Events.db

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010-03-17 10:54:12 | 000,000,138 | -HS- | M] () -- C:\Documents and Settings\Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2009-06-06 17:52:01 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Mostrar ambiente de trabalho.scf

    < %USERPROFILE%\Desktop\*.exe >

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >

    < %systemroot%\system32\*.bk >
     
  15. deepblue

    deepblue TS Rookie Topic Starter Posts: 31

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2011-04-07 10:03:37 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\Greg\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007-06-27 16:05:44 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe
    [2006-06-24 08:48:54 | 000,032,768 | R--- | M] (AsusTek Inc.) -- C:\WINDOWS\inf\UpdateUSB.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008-04-14 18:09:07 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Programas\Messenger\custsat.dll
    [2004-08-04 02:10:10 | 000,004,821 | ---- | M] () -- C:\Programas\Messenger\logowin.gif
    [2004-08-04 02:10:10 | 000,007,047 | ---- | M] () -- C:\Programas\Messenger\lvback.gif
    [2008-05-02 16:01:55 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Programas\Messenger\msgsc.dll
    [2008-04-13 19:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Programas\Messenger\msgslang.dll
    [2008-04-14 18:09:55 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Programas\Messenger\msmsgs.exe
    [2007-04-02 20:07:23 | 000,002,882 | ---- | M] () -- C:\Programas\Messenger\newalert.wav
    [2007-04-02 20:07:23 | 000,006,156 | ---- | M] () -- C:\Programas\Messenger\newemail.wav
    [2007-04-02 20:07:24 | 000,006,160 | ---- | M] () -- C:\Programas\Messenger\online.wav
    [2009-08-29 00:43:15 | 000,005,120 | -HS- | M] () -- C:\Programas\Messenger\Thumbs.db
    [2004-08-04 02:10:10 | 000,004,454 | ---- | M] () -- C:\Programas\Messenger\type.wav
    [2004-08-04 02:10:10 | 000,123,995 | ---- | M] () -- C:\Programas\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < %SYSTEMDRIVE%\*.* >
    [2009-06-06 17:48:32 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2010-03-17 10:44:21 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2011-04-07 02:56:34 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2004-08-04 14:00:00 | 000,004,952 | RHS- | M] () -- C:\bootfont.bin
    [2004-08-03 23:00:02 | 000,261,920 | RHS- | M] () -- C:\cmldr
    [2011-04-07 03:07:21 | 000,023,086 | ---- | M] () -- C:\ComboFix.txt
    [2009-06-06 17:48:32 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
    [2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
    [2007-11-07 09:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
    [2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
    [2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
    [2007-11-07 09:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
    [2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
    [2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
    [2007-11-07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
    [2007-11-07 09:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2007-11-07 09:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2007-11-07 09:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2007-11-07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2007-11-07 09:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2007-11-07 09:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2007-11-07 09:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2007-11-07 09:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2007-11-07 09:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2007-11-07 09:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2007-11-07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2009-06-06 17:48:32 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2009-06-06 17:48:32 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2004-08-04 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2009-06-06 18:22:10 | 000,251,120 | RHS- | M] () -- C:\ntldr
    [2011-04-07 03:32:20 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
    [2009-06-12 19:21:16 | 000,000,789 | ---- | M] () -- C:\RHDSetup.log
    [2010-08-11 12:57:12 | 000,000,046 | -H-- | M] () -- C:\splash.idx
    [2007-11-07 09:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2007-11-07 09:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
    [2007-11-07 09:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
    [2008-08-15 20:02:18 | 000,005,632 | -H-- | M] () -- C:\version

    < %systemroot%\Fonts\*.com >
    [2006-04-18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006-06-29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006-04-18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006-06-29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2010-03-17 10:47:33 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008-07-06 14:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2007-04-09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
    [2008-07-06 12:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >
    [2010-12-31 15:51:51 | 000,001,666 | -H-- | M] () -- C:\Documents and Settings\Greg\Application Data\Microsoft\LastFlashConfig.WFC

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2010-03-17 11:24:32 | 000,524,288 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2010-03-17 10:09:24 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
    [2010-03-17 11:24:32 | 027,000,832 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2010-03-17 11:24:32 | 005,242,880 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >
    [2009-06-12 21:42:19 | 000,006,144 | ---- | M] () -- C:\WINDOWS\system32\SV_SQL3_Config.db
    [2009-06-12 21:41:07 | 000,002,048 | ---- | M] () -- C:\WINDOWS\system32\SV_SQL3_Events.db

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010-03-17 10:54:12 | 000,000,138 | -HS- | M] () -- C:\Documents and Settings\Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2009-06-06 17:52:01 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Mostrar ambiente de trabalho.scf

    < %USERPROFILE%\Desktop\*.exe >

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2011-04-07 10:03:37 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\Greg\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007-06-27 16:05:44 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe
    [2006-06-24 08:48:54 | 000,032,768 | R--- | M] (AsusTek Inc.) -- C:\WINDOWS\inf\UpdateUSB.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008-04-14 18:09:07 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Programas\Messenger\custsat.dll
    [2004-08-04 02:10:10 | 000,004,821 | ---- | M] () -- C:\Programas\Messenger\logowin.gif
    [2004-08-04 02:10:10 | 000,007,047 | ---- | M] () -- C:\Programas\Messenger\lvback.gif
    [2008-05-02 16:01:55 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Programas\Messenger\msgsc.dll
    [2008-04-13 19:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Programas\Messenger\msgslang.dll
    [2008-04-14 18:09:55 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Programas\Messenger\msmsgs.exe
    [2007-04-02 20:07:23 | 000,002,882 | ---- | M] () -- C:\Programas\Messenger\newalert.wav
    [2007-04-02 20:07:23 | 000,006,156 | ---- | M] () -- C:\Programas\Messenger\newemail.wav
    [2007-04-02 20:07:24 | 000,006,160 | ---- | M] () -- C:\Programas\Messenger\online.wav
    [2009-08-29 00:43:15 | 000,005,120 | -HS- | M] () -- C:\Programas\Messenger\Thumbs.db
    [2004-08-04 02:10:10 | 000,004,454 | ---- | M] () -- C:\Programas\Messenger\type.wav
    [2004-08-04 02:10:10 | 000,123,995 | ---- | M] () -- C:\Programas\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C895616B

    < End of report >
     
  16. deepblue

    deepblue TS Rookie Topic Starter Posts: 31

    The prob about this Hotspot Shield thing , amongst others is that it does not allow the user to uninstall,

    it re install itself or something, i tried editing the registry, hunting file by file, the extensions, and out of desperation even renamed Hsssv in the system32 drivers folder to HsssvBIGABADFOKER ...just in case you wonder lol but nothing works...sniff

    my brousers keep randomly redirecting me, Cooliris will not respond to what i want, and this thing is trying every 5m or so to access the net, and i presume that is how i got those worms in the first place
     
  17. deepblue

    deepblue TS Rookie Topic Starter Posts: 31

    AnchoorFree Hotspot Shield

    This a really pernicious piece of software, can't really understand how come it's spreading like wildfire on the Net without people crying foul.

    This "thing" seems to serve only the dark purposes of Anchorfree, as of now i cant control my browsers and addons i keep getting hits that have nothing to do with my search, and once you have it on your machine a search on google will give you 95 % hits telling you how good this thing is.

    Some websites are almost impossible to connect to, keeps sending me to an alternative site when i want to go to you tube, My net has slowed to a crawl, on a T50 (Mb) net, witch now gives me at most 8Mb.

    Planted a Hotspot shield logo on my explorer that its not user removable, Uninstall does NOT work, Control panel Add/Remove Programs will not remove most of it, Revo fails at it after trying all it's options, tried most programs i knew of NOTHING can remove the damned thing.

    Edited the Registry, line by line, extension by extension...to no avail
    regedit will NOT do the trick..at least for me...and all other forms or variations all seem to fail.

    tried blocking t with Zonealarm..NO GO
    AGV will not see it
    Spybot also fails..at least with me

    and then comes the fun stuff in the form of a new network for ZoneAlarm that leaves me open to weird stuff

    there has to be a really dark and nasty purppose for this "THING"

    BE WARNED

    a little sample of what they write ...

    ; -- NETHSS_M.INF --
    ;
    ; HssDrv Miniport INF file
    ;
    ; Copyright (c) 2009, AnchorFree Inc.

    ; ----------------------------------------------------------------------
    ; Changed Original Microsoft netsf_m.inf file to generate this file
    ; ----------------------------------------------------------------------

    [Version]
    signature = "$Windows NT$"
    CatalogFile = hssdrv_m.cat
    Class = Net
    ClassGUID = {4d36e972-e325-11ce-bfc1-08002be10318}
    Provider = %Msft%
    DriverVer = 01/13/2009,1.00.0.1

    [ControlFlags]
    ExcludeFromSelect = ms_HssDrvmp

    [DestinationDirs]
    DefaultDestDir=12
    ; No files to copy

    [Manufacturer]
    %Msft%=MSFT,NTx86,NTia64,NTamd64

    [MSFT.NTx86]
    %HssDrvMP_Desc% = HssDrvMP.ndi, ms_HssDrvmp

    [MSFT.NTAMD64]
    %HssDrvMP_Desc% = HssDrvMP.ndi, ms_HssDrvmp

    [MSFT.NTia64]
    %HssDrvMP_Desc% = HssDrvMP.ndi, ms_HssDrvmp

    [HssDrvMP.ndi]
    Characteristics = 0x29 ;NCF_NOT_USER_REMOVABLE | NCF_VIRTUAL | NCF_HIDDEN
    CopyFiles =

    [HssDrvMP.ndi.Services]
    AddService = HssDrv,0x2, HssDrvMP.AddService
     
  18. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      PRC - [2011-03-25 03:14:46 | 000,108,080 | ---- | M] () -- C:\Programas\Hotspot Shield\bin\openvpntray.exe
      PRC - [2011-03-25 03:13:06 | 000,271,408 | ---- | M] () -- C:\Programas\Hotspot Shield\bin\openvpnas.exe
      PRC - [2011-01-05 20:30:36 | 000,352,304 | ---- | M] (AnchorFree Inc.) -- C:\Programas\Hotspot Shield\HssWPR\hsssrv.exe
      PRC - [2010-10-15 20:42:14 | 000,326,704 | ---- | M] () -- C:\Programas\Hotspot Shield\bin\hsswd.exe
      SRV - [2011-03-25 03:14:52 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Programas\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
      SRV - [2011-03-25 03:13:06 | 000,271,408 | ---- | M] () [Auto | Running] -- C:\Programas\Hotspot Shield\bin\openvpnas.exe -- (hshld)
      SRV - [2011-01-05 20:30:36 | 000,352,304 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Programas\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
      SRV - [2010-10-15 20:42:14 | 000,326,704 | ---- | M] () [Auto | Running] -- C:\Programas\Hotspot Shield\bin\hsswd.exe -- (HssWd)
      IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
      IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
      IE - HKU\S-1-5-21-527237240-884357618-1801674531-1003\..\URLSearchHook: {0002ee26-8c11-49eb-9cdf-56eeffef664f} - C:\Programas\HotSpot_International\tbHotS.dll (Conduit Ltd.)
      O2 - BHO: (HotSpot International Toolbar) - {0002ee26-8c11-49eb-9cdf-56eeffef664f} - C:\Programas\HotSpot_International\tbHotS.dll (Conduit Ltd.)
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (HotSpot International Toolbar) - {0002ee26-8c11-49eb-9cdf-56eeffef664f} - C:\Programas\HotSpot_International\tbHotS.dll (Conduit Ltd.)
      O3 - HKU\S-1-5-21-527237240-884357618-1801674531-1003\..\Toolbar\WebBrowser: (HotSpot International Toolbar) - {0002EE26-8C11-49EB-9CDF-56EEFFEF664F} - C:\Programas\HotSpot_International\tbHotS.dll (Conduit Ltd.)
      O4 - Startup: C:\Documents and Settings\WORK\Menu Iniciar\Programas\Arranque\OpenOffice.org 3.2.lnk = File not found
      O16 - DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} http://www.cooliris.com/shared/plinstll.cab (Reg Error: Value error.)
      [2011-04-07 00:34:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Ambiente de trabalho\HOTSHIELD PROB
      [2011-04-06 19:41:22 | 000,000,000 | ---D | C] -- C:\Hotspot Shield
      [2011-04-06 19:41:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Hotspot Shield
      [2011-04-06 19:40:48 | 006,014,048 | ---- | C] () -- C:\Documents and Settings\Greg\Ambiente de trabalho\HSS-1.57-install-anchorfree-238-conduit2[1].exe
      [2011-04-06 18:57:33 | 005,807,264 | ---- | C] () -- C:\Documents and Settings\Greg\Ambiente de trabalho\HSS-1.57-install-anchorfree-76-conduit.exe
      [2011-04-06 18:13:55 | 006,014,048 | ---- | C] () -- C:\Documents and Settings\Greg\Ambiente de trabalho\HSS-1.57-install-anchorfree-238-conduit2.exe
      [2009-06-12 20:33:50 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\2F70016F8B.sys
      @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C895616B
      
      
      :Files
      C:\Programas\Hotspot Shield
      C:\Programas\HotSpot_International
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply. Only one log will be created.
     
  19. deepblue

    deepblue TS Rookie Topic Starter Posts: 31

    run the scrip, removed pretty much everything i can see with the exception of the logo and some references on IE8 that are still there.

    this is the end result report :

    All processes killed
    ========== OTL ==========
    No active process named openvpntray.exe was found!
    Process openvpnas.exe killed successfully!
    Process hsssrv.exe killed successfully!
    No active process named hsswd.exe was found!
    Service HssTrayService stopped successfully!
    Service HssTrayService deleted successfully!
    C:\Programas\Hotspot Shield\bin\HssTrayService.exe moved successfully.
    Error: Unable to stop service hshld!
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hshld deleted successfully.
    C:\Programas\Hotspot Shield\bin\openvpnas.exe moved successfully.
    Service HssSrv stopped successfully!
    Service HssSrv deleted successfully!
    C:\Programas\Hotspot Shield\HssWPR\hsssrv.exe moved successfully.
    Service HssWd stopped successfully!
    Service HssWd deleted successfully!
    C:\Programas\Hotspot Shield\bin\hsswd.exe moved successfully.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    Registry value HKEY_USERS\S-1-5-21-527237240-884357618-1801674531-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0002ee26-8c11-49eb-9cdf-56eeffef664f} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0002ee26-8c11-49eb-9cdf-56eeffef664f}\ deleted successfully.
    C:\Programas\HotSpot_International\tbHotS.dll moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0002ee26-8c11-49eb-9cdf-56eeffef664f}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0002ee26-8c11-49eb-9cdf-56eeffef664f}\ not found.
    File C:\Programas\HotSpot_International\tbHotS.dll not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0002ee26-8c11-49eb-9cdf-56eeffef664f} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0002ee26-8c11-49eb-9cdf-56eeffef664f}\ not found.
    File C:\Programas\HotSpot_International\tbHotS.dll not found.
    Registry value HKEY_USERS\S-1-5-21-527237240-884357618-1801674531-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0002EE26-8C11-49EB-9CDF-56EEFFEF664F} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0002EE26-8C11-49EB-9CDF-56EEFFEF664F}\ not found.
    File C:\Programas\HotSpot_International\tbHotS.dll not found.
    C:\Documents and Settings\WORK\Menu Iniciar\Programas\Arranque\OpenOffice.org 3.2.lnk moved successfully.
    Starting removal of ActiveX control {EAC139A9-D22D-4C29-8D1C-252BE63750F9}
    C:\WINDOWS\Downloaded Program Files\plinstll.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{EAC139A9-D22D-4C29-8D1C-252BE63750F9}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EAC139A9-D22D-4C29-8D1C-252BE63750F9}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{EAC139A9-D22D-4C29-8D1C-252BE63750F9}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EAC139A9-D22D-4C29-8D1C-252BE63750F9}\ not found.
    C:\Documents and Settings\Greg\Ambiente de trabalho\HOTSHIELD PROB folder moved successfully.
    C:\Hotspot Shield\hsswd\config folder moved successfully.
    C:\Hotspot Shield\hsswd folder moved successfully.
    C:\Hotspot Shield folder moved successfully.
    C:\Documents and Settings\All Users\Menu Iniciar\Programas\Hotspot Shield folder moved successfully.
    C:\Documents and Settings\Greg\Ambiente de trabalho\HSS-1.57-install-anchorfree-238-conduit2[1].exe moved successfully.
    C:\Documents and Settings\Greg\Ambiente de trabalho\HSS-1.57-install-anchorfree-76-conduit.exe moved successfully.
    C:\Documents and Settings\Greg\Ambiente de trabalho\HSS-1.57-install-anchorfree-238-conduit2.exe moved successfully.
    C:\WINDOWS\system32\2F70016F8B.sys moved successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:C895616B deleted successfully.
    ========== FILES ==========
    C:\Programas\Hotspot Shield\update folder moved successfully.
    C:\Programas\Hotspot Shield\log\verify folder moved successfully.
    C:\Programas\Hotspot Shield\log folder moved successfully.
    C:\Programas\Hotspot Shield\htdocs folder moved successfully.
    C:\Programas\Hotspot Shield\HssWPR folder moved successfully.
    C:\Programas\Hotspot Shield\hsswd\default folder moved successfully.
    C:\Programas\Hotspot Shield\hsswd\config folder moved successfully.
    C:\Programas\Hotspot Shield\hsswd folder moved successfully.
    C:\Programas\Hotspot Shield\HssIE folder moved successfully.
    C:\Programas\Hotspot Shield\HssFF folder moved successfully.
    C:\Programas\Hotspot Shield\driver folder moved successfully.
    C:\Programas\Hotspot Shield\config\hss_data folder moved successfully.
    C:\Programas\Hotspot Shield\config folder moved successfully.
    C:\Programas\Hotspot Shield\bin\lang folder moved successfully.
    C:\Programas\Hotspot Shield\bin folder moved successfully.
    C:\Programas\Hotspot Shield folder moved successfully.
    C:\Programas\HotSpot_International folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Fofinha
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Greg
    ->Temp folder emptied: 21023017 bytes
    ->Temporary Internet Files folder emptied: 64882 bytes
    ->Java cache emptied: 2027 bytes
    ->FireFox cache emptied: 49514595 bytes
    ->Flash cache emptied: 456 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: WORK
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 653 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 67,00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Fofinha
    ->Flash cache emptied: 0 bytes

    User: Greg
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    User: WORK
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0,00 mb


    OTL by OldTimer - Version 3.2.22.3 log created on 04072011_185142

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
  20. deepblue

    deepblue TS Rookie Topic Starter Posts: 31

    this is the Quick Scan Report


    OTL logfile created on: 07-04-2011 19:04:42 - Run 2
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Greg\Os meus documentos\Downloads
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000816 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy

    3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 72,00% Memory free
    5,00 Gb Paging File | 4,00 Gb Available in Paging File | 84,00% Paging File free
    Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programas
    Drive C: | 931,50 Gb Total Space | 781,31 Gb Free Space | 83,88% Space Free | Partition Type: NTFS

    Computer Name: DEEPBLUE12 | User Name: Greg | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011-04-07 19:04:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Greg\Os meus documentos\Downloads\OTL(1).exe
    PRC - [2011-03-21 23:10:00 | 001,230,704 | ---- | M] () -- C:\Programas\DivX\DivX Update\DivXUpdate.exe
    PRC - [2011-03-18 19:53:06 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programas\Mozilla Firefox\firefox.exe
    PRC - [2011-01-07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programas\AVG\AVG10\avgtray.exe
    PRC - [2011-01-07 01:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programas\AVG\AVG10\avgnsx.exe
    PRC - [2011-01-06 15:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programas\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
    PRC - [2011-01-06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programas\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    PRC - [2010-12-05 16:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programas\AVG\AVG10\avgrsx.exe
    PRC - [2010-12-05 16:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programas\AVG\AVG10\avgchsvx.exe
    PRC - [2010-10-29 15:49:28 | 000,249,064 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programas\Ficheiros comuns\Java\Java Update\jusched.exe
    PRC - [2010-10-22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programas\AVG\AVG10\avgwdsvc.exe
    PRC - [2010-10-22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programas\AVG\AVG10\avgcsrvx.exe
    PRC - [2010-09-02 06:38:58 | 000,062,776 | ---- | M] () -- C:\Programas\DivX\DivX Plus Web Player\DDMService.exe
    PRC - [2010-06-23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    PRC - [2010-06-23 13:51:30 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Programas\Zone Labs\ZoneAlarm\zlclient.exe
    PRC - [2009-04-26 13:15:18 | 000,039,936 | ---- | M] (KSE - Korndörfer Software Engineering) -- C:\Programas\nHancer\nHancerService.exe
    PRC - [2008-06-13 12:19:46 | 000,159,744 | ---- | M] (Razer USA Ltd.) -- C:\Programas\n52te\n52teHid.exe
    PRC - [2008-06-03 02:06:34 | 005,964,800 | ---- | M] () -- C:\Program Files\ASUS\Six Engine\SixEngine.exe
    PRC - [2008-05-21 14:30:26 | 001,423,360 | ---- | M] () -- C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
    PRC - [2008-04-24 18:57:12 | 000,110,592 | ---- | M] () -- C:\Programas\n52te\n52teTra.exe
    PRC - [2008-04-14 18:09:47 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007-11-16 16:12:44 | 001,209,856 | ---- | M] () -- C:\Programas\ASUS\AI Direct Link\AsShare.exe
    PRC - [2007-06-05 14:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
    PRC - [2003-06-20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
    PRC - [2001-10-25 02:02:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programas\Ficheiros comuns\EPSON\EBAPI\SAgent2.exe


    ========== Modules (SafeList) ==========

    MOD - [2011-04-07 19:04:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Greg\Os meus documentos\Downloads\OTL(1).exe
    MOD - [2010-08-23 18:12:34 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- -- (AVG Security Toolbar Service)
    SRV - [2011-01-06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programas\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
    SRV - [2010-10-22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programas\AVG\AVG10\avgwdsvc.exe -- (avgwd)
    SRV - [2010-08-13 09:13:32 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programas\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
    SRV - [2010-06-23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
    SRV - [2009-04-26 13:15:18 | 000,039,936 | ---- | M] (KSE - Korndörfer Software Engineering) [Auto | Running] -- C:\Programas\nHancer\nHancerService.exe -- (nHancer)
    SRV - [2007-06-05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
    SRV - [2003-07-28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programas\Ficheiros comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
    SRV - [2003-06-20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
    SRV - [2001-10-25 02:02:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programas\Ficheiros comuns\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2)


    ========== Driver Services (SafeList) ==========

    DRV - [2011-04-05 18:40:08 | 000,137,544 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
    DRV - [2010-12-08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2010-11-12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2010-09-22 21:19:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
    DRV - [2010-09-13 15:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
    DRV - [2010-09-07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2010-09-07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
    DRV - [2010-08-03 15:23:36 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
    DRV - [2010-08-03 15:23:34 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
    DRV - [2010-08-03 15:23:32 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
    DRV - [2010-05-13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
    DRV - [2009-12-30 11:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
    DRV - [2009-04-03 11:32:06 | 000,141,246 | ---- | M] (NVIDIA Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\NVCAP.SYS -- (nvcap) nVidia WDM Video Capture (universal)
    DRV - [2009-04-03 11:32:06 | 000,016,176 | ---- | M] (NVIDIA Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\NVXBAR.SYS -- (NVXBAR)
    DRV - [2008-09-23 19:15:00 | 000,038,400 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
    DRV - [2008-07-22 10:01:34 | 000,151,592 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mv61xx.sys -- (mv61xx)
    DRV - [2008-07-03 11:03:00 | 004,745,216 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2007-12-17 11:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
    DRV - [2007-09-27 15:46:12 | 000,048,896 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\JmtFltr.sys -- (JmtFltr)
    DRV - [2007-09-19 18:01:06 | 000,012,672 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vhidmini.sys -- (vhidmini)
    DRV - [2007-03-16 11:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel)
    DRV - [2006-12-04 13:10:34 | 000,489,472 | R--- | M] (Arcor) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ARWUSB.sys -- (WN4501HLFIR(Arcor)) Arcor-Easy Stick A 50 WLAN(Arcor)
    DRV - [2005-08-30 18:59:00 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
    DRV - [2005-08-30 18:58:56 | 000,008,304 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
    DRV - [2005-08-30 18:57:18 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
    DRV - [2004-12-23 05:47:10 | 000,027,392 | R--- | M] (Ulead Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ULCDRHlp.sys -- (ULCDRHlp)
    DRV - [2004-08-13 12:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
    DRV - [2001-09-10 00:00:00 | 000,017,976 | ---- | M] (SEIKO EPSON CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\epusbsto.sys -- (EPUSBSTOR)
    DRV - [2001-08-17 21:04:46 | 000,223,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camdrv21.sys -- (camvid20)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?SearchSource=10&ctid=CT1561552
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
    FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36605
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.4.6
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1167
    FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1178
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: djziggy@gmail.com:1.2.9

    FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programas\DivX\DivX Plus Web Player\firefox\html5video [2010-09-12 01:17:59 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Programas\DivX\DivX Plus Web Player\firefox\wpa [2010-09-12 01:18:00 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Programas\AVG\AVG10\Firefox\ [2011-04-07 03:28:21 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Programas\AVG\AVG10\Toolbar\Firefox\avg@igeared
    FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Programas\AVG\AVG10\Firefox4\ [2011-04-07 03:28:21 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Programas\Mozilla Firefox\components [2011-03-23 19:34:15 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Programas\Mozilla Firefox\plugins [2011-04-07 01:02:24 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Components: C:\Programas\Mozilla Firefox 4.0 Beta 7\components [2010-12-10 14:12:02 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Plugins: C:\Programas\Mozilla Firefox 4.0 Beta 7\plugins

    [2011-04-06 11:48:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Greg\Application Data\mozilla\Extensions
    [2011-04-06 11:48:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Greg\Application Data\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2011-04-07 02:29:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Greg\Application Data\mozilla\Firefox\Profiles\0nlvzg9x.default\extensions
    [2010-04-28 07:08:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Greg\Application Data\mozilla\Firefox\Profiles\0nlvzg9x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010-12-10 14:12:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Greg\Application Data\mozilla\Firefox\Profiles\0nlvzg9x.default\extensions\nostmp
    [2011-03-25 23:10:07 | 000,000,000 | ---D | M] (Cooliris) -- C:\Documents and Settings\Greg\Application Data\mozilla\Firefox\Profiles\0nlvzg9x.default\extensions\piclens@cooliris.com
    [2011-04-06 18:14:45 | 000,000,000 | ---D | M] (No name found) -- C:\Programas\Mozilla Firefox\extensions
    [2010-05-02 12:00:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010-07-29 12:42:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010-10-21 07:54:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011-03-12 02:08:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2011-04-06 18:14:45 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Programas\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
    File not found (No name found) --
    () (No name found) -- C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0NLVZG9X.DEFAULT\EXTENSIONS\{75CEEE46-9B64-46F8-94BF-54012DE155F0}.XPI
    () (No name found) -- C:\DOCUMENTS AND SETTINGS\GREG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0NLVZG9X.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
    [2011-04-07 03:28:21 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAMAS\AVG\AVG10\FIREFOX4
    [2009-06-26 11:32:55 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMAS\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2011-03-18 19:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programas\Mozilla Firefox\components\browsercomps.dll
    [2011-02-02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programas\Mozilla Firefox\plugins\npdeployJava1.dll
    [2010-01-01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programas\Mozilla Firefox\searchplugins\bing.xml

    O1 HOSTS File: ([2011-04-07 03:02:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programas\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programas\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programas\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programas\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
    O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
    O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Programas\PicLensIE\cooliris.dll (Cooliris Inc.)
    O4 - HKLM..\Run: [Adobe ARM] C:\Programas\Ficheiros comuns\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programas\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Ai Nap] C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe ()
    O4 - HKLM..\Run: [AVG_TRAY] C:\Programas\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe ()
    O4 - HKLM..\Run: [DivX Download Manager] C:\Programas\DivX\DivX Plus Web Player\DDmService.exe ()
    O4 - HKLM..\Run: [DivXUpdate] C:\Programas\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [Jomantha] C:\Programas\n52te\n52teHid.exe (Razer USA Ltd.)
    O4 - HKLM..\Run: [Launch As Cmd Runner] C:\Programas\ASUS\AI Direct Link\AsCmd.exe ()
    O4 - HKLM..\Run: [Launch Direct Link] C:\Programas\ASUS\AI Direct Link\AsShare.exe ()
    O4 - HKLM..\Run: [QFan Help] C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe ()
    O4 - HKLM..\Run: [Six Engine] C:\Program Files\ASUS\Six Engine\SixEngine.exe ()
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programas\Ficheiros comuns\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [ZoneAlarm Client] C:\Programas\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
    O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque\EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE (SEIKO EPSON CORPORATION)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Programas\PicLensIE\cooliris.dll (Cooliris Inc.)
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programas\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1244304484828 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1244306135750 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programas\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programas\Ficheiros comuns\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programas\Ficheiros comuns\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programas\Ficheiros comuns\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programas\Ficheiros comuns\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programas\Ficheiros comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop Components:0 (A minha home page actual) - About:Home
    O24 - Desktop WallPaper: C:\Documents and Settings\Greg\Definições locais\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Greg\Definições locais\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009-06-06 17:48:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Programas\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Programas\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011-04-07 19:01:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Ambiente de trabalho\PROBLEM
    [2011-04-07 18:53:09 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2011-04-07 18:51:42 | 000,000,000 | ---D | C] -- C:\_OTL
    [2011-04-07 03:28:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\AVG 2011
    [2011-04-07 02:56:30 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011-04-07 02:53:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011-04-07 02:53:18 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011-04-07 02:53:18 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011-04-07 02:53:18 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011-04-07 02:53:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011-04-07 02:22:27 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011-04-07 01:02:12 | 000,000,000 | ---D | C] -- C:\Programas\Ficheiros comuns\Adobe
    [2011-04-06 21:13:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Application Data\Malwarebytes
    [2011-04-06 21:13:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2011-04-06 21:13:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Malwarebytes' Anti-Malware
    [2011-04-06 21:13:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2011-04-06 21:13:29 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011-04-06 21:13:29 | 000,000,000 | ---D | C] -- C:\Programas\Malwarebytes' Anti-Malware
    [2011-04-06 19:42:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Definições locais\Application Data\Conduit
    [2011-04-06 19:42:36 | 000,000,000 | ---D | C] -- C:\Programas\Conduit
    [2011-04-06 19:42:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Definições locais\Application Data\HotSpot_International
    [2011-04-06 19:30:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Application Data\CheeseSoft
    [2011-04-06 19:30:13 | 000,000,000 | ---D | C] -- C:\FU_Backup
    [2011-04-06 19:30:08 | 000,000,000 | ---D | C] -- C:\Programas\FinalUninstaller
    [2011-04-06 17:24:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Definições locais\Application Data\Adobe
    [2011-04-06 17:24:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
    [2011-04-06 17:24:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
    [2011-04-06 17:23:57 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
    [2011-04-06 17:22:59 | 000,000,000 | ---D | C] -- C:\Programas\Windows Desktop Search
    [2011-04-06 17:22:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
    [2011-04-06 16:59:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
    [2011-04-06 16:59:38 | 000,000,000 | ---D | C] -- C:\Programas\MSBuild
    [2011-04-06 16:59:29 | 000,000,000 | ---D | C] -- C:\Programas\Reference Assemblies
    [2011-04-06 14:23:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
    [2011-04-06 14:14:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Definições locais\Application Data\VS Revo Group
    [2011-04-06 14:14:35 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys
    [2011-04-06 14:14:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Revo Uninstaller Pro
    [2011-04-06 14:14:34 | 000,000,000 | ---D | C] -- C:\Programas\VS Revo Group
    [2011-04-06 12:51:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Ambiente de trabalho\OpenOffice.org 3.3 (en-US) Installation Files
    [2011-04-06 11:48:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Definições locais\Application Data\Thunderbird
    [2011-04-06 11:48:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Application Data\Thunderbird
    [2011-03-30 02:14:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\7-Zip
    [2011-03-24 01:36:40 | 000,000,000 | ---D | C] -- C:\ConvertTemp
    [2011-03-24 01:36:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Os meus documentos\Samsung PC Studio 3
    [2011-03-24 01:33:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Application Data\SAMSUNG
    [2011-03-24 01:28:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Samsung PC Studio
    [2011-03-24 01:28:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Os meus documentos\Samsung PC Studio
    [2011-03-24 01:08:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Samsung PC Studio Codecs
    [2011-03-24 01:06:46 | 000,094,000 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\ss_mdm.sys
    [2011-03-24 01:06:46 | 000,058,320 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\ss_bus.sys
    [2011-03-24 01:06:46 | 000,008,304 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\ss_mdfl.sys
    [2011-03-24 01:06:46 | 000,006,144 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\ss_cmnt.sys
    [2011-03-24 01:06:46 | 000,006,144 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\ss_cm.sys
    [2011-03-24 01:06:45 | 000,005,808 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\ss_whnt.sys
    [2011-03-24 01:06:45 | 000,005,808 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\ss_wh.sys
    [2011-03-24 01:06:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Samsung_USB_Drivers
    [2011-03-12 02:08:57 | 000,000,000 | ---D | C] -- C:\Programas\Ficheiros comuns\Java
    [2009-06-26 21:47:25 | 001,469,952 | ---- | C] (Toshiba Samsung Storage Technology Corporation) -- C:\Documents and Settings\Greg\Application Data\tsdnwin.dll

    ========== Files - Modified Within 30 Days ==========

    [2011-04-07 18:55:39 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011-04-07 18:55:20 | 000,000,952 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
    [2011-04-07 18:55:04 | 000,000,874 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011-04-07 18:54:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011-04-07 18:30:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011-04-07 17:19:49 | 111,875,749 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
    [2011-04-07 03:28:46 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\AVG 2011.lnk
    [2011-04-07 03:02:37 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011-04-07 02:56:34 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2011-04-07 02:25:03 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\Greg\Ambiente de trabalho\Atalho para ComboFix.lnk
    [2011-04-07 01:02:24 | 000,001,714 | ---- | M] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Adobe Reader X.lnk
    [2011-04-06 21:13:33 | 000,000,756 | ---- | M] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Malwarebytes' Anti-Malware.lnk
    [2011-04-06 17:58:13 | 000,531,716 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat
    [2011-04-06 17:58:13 | 000,481,136 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011-04-06 17:58:13 | 000,093,326 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat
    [2011-04-06 17:58:13 | 000,079,210 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011-04-06 17:32:39 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011-04-06 17:27:19 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
    [2011-04-06 17:27:18 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
    [2011-04-06 17:21:52 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2011-04-06 17:09:15 | 000,327,504 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011-04-06 17:07:08 | 000,252,316 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
    [2011-04-06 17:07:08 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
    [2011-04-06 14:44:21 | 000,001,721 | ---- | M] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\DivX Plus Converter.lnk
    [2011-04-06 14:44:21 | 000,001,493 | ---- | M] () -- C:\Documents and Settings\Greg\Ambiente de trabalho\DivX Movies.lnk
    [2011-04-06 14:14:36 | 000,000,897 | ---- | M] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Revo Uninstaller Pro.lnk
    [2011-04-06 00:26:24 | 000,189,480 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
    [2011-04-05 18:40:08 | 000,137,544 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
    [2011-04-01 13:42:56 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003 (2).lnk
    [2011-03-30 02:13:52 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\CCleaner.lnk
    [2011-03-29 23:56:40 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\Greg\Ambiente de trabalho\World of Warcraft.lnk
    [2011-03-24 01:50:08 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
    [2011-03-24 01:28:41 | 000,001,747 | ---- | M] () -- C:\Documents and Settings\Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung PC Studio 3.lnk
    [2011-03-24 01:28:41 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Samsung PC Studio 3.lnk
    [2011-03-23 19:34:17 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2011-03-23 19:34:17 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Mozilla Firefox.lnk
    [2011-03-16 19:03:47 | 000,060,847 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
    [2011-03-16 12:12:32 | 000,002,465 | ---- | M] () -- C:\Documents and Settings\Greg\Ambiente de trabalho\CorelDRAW 12.lnk
    [2011-03-13 00:20:13 | 000,000,691 | ---- | M] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\VLC media player.lnk

    ========== Files Created - No Company Name ==========

    [2011-04-07 03:28:46 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\AVG 2011.lnk
    [2011-04-07 02:56:34 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2011-04-07 02:56:31 | 000,261,920 | RHS- | C] () -- C:\cmldr
    [2011-04-07 02:53:18 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011-04-07 02:53:18 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011-04-07 02:53:18 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011-04-07 02:53:18 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011-04-07 02:53:18 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011-04-07 02:25:03 | 000,000,944 | ---- | C] () -- C:\Documents and Settings\Greg\Ambiente de trabalho\Atalho para ComboFix.lnk
    [2011-04-07 01:02:24 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Adobe Reader X.lnk
    [2011-04-07 01:02:24 | 000,001,714 | ---- | C] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Adobe Reader X.lnk
    [2011-04-06 21:13:33 | 000,000,756 | ---- | C] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Malwarebytes' Anti-Malware.lnk
    [2011-04-06 14:44:21 | 000,001,721 | ---- | C] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\DivX Plus Converter.lnk
    [2011-04-06 14:14:36 | 000,000,897 | ---- | C] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Revo Uninstaller Pro.lnk
    [2011-03-24 01:28:41 | 000,001,747 | ---- | C] () -- C:\Documents and Settings\Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung PC Studio 3.lnk
    [2011-03-24 01:28:41 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Samsung PC Studio 3.lnk
    [2011-03-24 01:09:15 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
    [2011-03-23 19:34:17 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Mozilla Firefox.lnk
    [2011-03-13 00:20:13 | 000,000,691 | ---- | C] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\VLC media player.lnk
    [2011-03-10 02:32:48 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
    [2011-03-07 17:42:18 | 000,137,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
    [2011-03-07 17:42:07 | 000,189,480 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
    [2011-03-07 17:42:02 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
    [2011-02-23 21:55:07 | 000,000,431 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
    [2011-02-23 21:55:07 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
    [2010-10-10 14:19:42 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
    [2010-10-10 14:19:39 | 000,252,316 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
    [2010-10-10 14:19:39 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
    [2010-03-13 19:21:31 | 000,000,013 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
    [2010-02-11 17:12:00 | 002,128,896 | ---- | C] () -- C:\Documents and Settings\Greg\Definições locais\Application Data\cooliris-win-ie-release-1.11.7.31969.en-US.msi
    [2009-10-19 15:55:27 | 002,124,288 | ---- | C] () -- C:\Documents and Settings\Greg\Definições locais\Application Data\cooliris-win-ie-release-1.11.5.29501.en-US.msi
    [2009-08-03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2009-08-03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
    [2009-08-01 23:34:07 | 002,119,680 | ---- | C] () -- C:\Documents and Settings\Greg\Definições locais\Application Data\cooliris-win-ie-release-1.11.2.27471.en-US.msi
    [2009-07-20 17:34:14 | 000,079,872 | ---- | C] () -- C:\Documents and Settings\Greg\Definições locais\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009-07-11 02:04:07 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
    [2009-07-02 00:29:32 | 000,139,152 | ---- | C] () -- C:\Documents and Settings\Greg\Application Data\PnkBstrK.sys
    [2009-07-01 18:22:36 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
    [2009-06-26 21:45:57 | 000,000,438 | ---- | C] () -- C:\Documents and Settings\Greg\Application Data\SamsungLiveUpdateConfig.ini
    [2009-06-12 22:02:04 | 002,177,024 | ---- | C] () -- C:\Documents and Settings\Greg\Definições locais\Application Data\cooliris-win-ie-release-1.10.1.25877.en-US.msi
    [2009-06-12 20:33:50 | 000,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
    [2009-06-08 10:32:42 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2009-06-06 21:09:25 | 000,048,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\JmtFltr.sys
    [2009-06-06 19:11:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2009-06-06 18:57:28 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
    [2009-06-06 18:30:01 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2009-06-06 18:27:30 | 000,327,504 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2009-06-06 17:56:10 | 000,038,061 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
    [2009-06-06 17:52:57 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
    [2009-06-06 17:52:49 | 000,037,154 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
    [2009-06-06 17:52:49 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
    [2009-06-06 17:49:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2009-06-06 17:46:42 | 000,023,668 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2009-06-06 17:12:54 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
    [2009-06-06 17:12:54 | 000,012,400 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
    [2009-06-06 17:12:52 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
    [2009-06-06 17:12:52 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
    [2009-04-30 23:02:00 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
    [2008-11-06 18:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
    [2007-06-05 14:20:32 | 000,177,704 | ---- | C] () -- C:\WINDOWS\System32\PSIService.exe
    [2005-07-12 15:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
    [2004-08-04 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2004-08-04 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2004-08-04 14:00:00 | 000,531,716 | ---- | C] () -- C:\WINDOWS\System32\perfh016.dat
    [2004-08-04 14:00:00 | 000,481,136 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2004-08-04 14:00:00 | 000,314,414 | ---- | C] () -- C:\WINDOWS\System32\perfi016.dat
    [2004-08-04 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2004-08-04 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2004-08-04 14:00:00 | 000,093,326 | ---- | C] () -- C:\WINDOWS\System32\perfc016.dat
    [2004-08-04 14:00:00 | 000,079,210 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2004-08-04 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2004-08-04 14:00:00 | 000,036,952 | ---- | C] () -- C:\WINDOWS\System32\perfd016.dat
    [2004-08-04 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2004-08-04 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004-08-04 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2004-08-04 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2004-08-04 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2004-03-23 17:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
    [2003-03-14 13:24:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ZyDelReg.exe
    [2003-01-07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

    ========== LOP Check ==========

    [2011-02-25 18:27:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AA2DeployClient
    [2009-07-15 11:55:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AA3DeployClient
    [2010-12-08 15:20:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
    [2011-04-07 03:29:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
    [2010-11-28 13:18:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2010-06-03 18:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
    [2010-11-02 19:18:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CCP
    [2010-11-28 13:25:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2011-04-07 03:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2009-08-10 16:39:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nHancer
    [2010-04-20 03:02:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2009-06-12 20:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
    [2009-06-12 22:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
    [2010-11-28 13:26:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\AVG10
    [2011-04-06 19:30:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\CheeseSoft
    [2009-11-24 19:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\com.adobe.example.avatarAirApplication.199ED43C2CFEB351CD0244628B93195D7C58F98C.1
    [2010-03-31 11:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2010-10-30 16:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\EveHQ
    [2010-11-17 03:19:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\EVEMon
    [2010-11-11 05:31:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\FileZilla
    [2010-08-11 15:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\ICQ
    [2009-06-06 21:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\n52te
    [2009-07-02 18:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\nHancer
    [2010-10-21 18:18:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\OpenOffice.org
    [2010-08-20 21:40:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\Pegasys Inc
    [2011-03-24 01:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\SAMSUNG
    [2010-08-20 22:22:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\Sony
    [2009-08-10 16:23:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\SystemRequirementsLab
    [2011-04-06 11:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\Thunderbird
    [2010-11-12 04:53:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\TS3Client
    [2010-08-11 15:46:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\TuneUp Software
    [2009-06-12 21:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\Ulead Systems
    [2010-04-26 14:07:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\uTorrent

    ========== Purity Check ==========



    < End of report >
     
  21. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    I need more detailed info. What logo, where and what references in IE?

    You can also....
    Open IE. Go Tools>Internet options>Advanced tab, click on "Reset" button.
    Restart IE.
     
  22. deepblue

    deepblue TS Rookie Topic Starter Posts: 31

    so far the only thing i found is on the IE 8



    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml" >
    <head id="ctl00_Head1"><title>

    </title><meta http-equiv="CACHE-CONTROL" content="NO-CACHE" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link type='text/css' rel='stylesheet' href='http://resources1.search.conduit.com/version-styles/default.695283127.axd' />
    </head>
    <body>

    <div id="ctl00_main_container" class="container">
    <div class="center" style="padding-top:118px;">
    <div style="padding-bottom:25px">

    <a href="http://www.hotspotshield.com/" id="ctl00_main_logo_lnkPub"><img src="http://storage.conduit.com/52/156/CT1561552/Images/633403982692500000.gif" id="ctl00_main_logo_publisher" /></a>

    </div>

    <div class="center">
    <div id="ctl00_main_nav_divCont" class="navigation"><div>
    <table>
    <tr>
    <td class="selected"><a>Web</a></td><td onclick="Log.SearchEngineClick({&quot;SearchEngineTypeId&quot;:3,&quot;MajorSearchEngine&quot;:&quot;BING_COM&quot;}); return ChangeQueryTerm(this);"><a href="http://www.bing.com/images/search?q=&amp;pc=conduit&amp;form=CONMHP&amp;ptag=A4C32A678B078410AA9F&amp;conlogo=CT1561552">Bilder</a></td><td onclick=" return ChangeQueryTerm(this);"><a href="http://apps.conduit.com/search?q=&amp;ctid=CT1561552&amp;SearchSourceOrigin=10">Apps</a></td><td onclick="Log.SearchEngineClick({&quot;SearchEngineTypeId&quot;:15,&quot;MajorSearchEngine&quot;:&quot;BING_COM&quot;}); return ChangeQueryTerm(this);"><a href="http://www.bing.com/videos/search?q=&amp;pc=conduit&amp;form=CONMHP&amp;ptag=A4C32A678B078410AA9F&amp;conlogo=CT1561552">Videos</a></td><td id="liMore" onclick="Log.GeneralClick({&quot;ClickSource&quot;:4,&quot;ClickTime&quot;:null,&quot;SearchGuid&quot;:&quot;e7f62a18-a473-467a-965f-14c76ac2dc51&quot;,&quot;UserGuid&quot;:null,&quot;TestGroupId&quot;:0});" class="nounderline"><a href="javascript:Search.showHideMore('liMore','ctl00_main_nav__pnlMore');"><u>Mehr</u>&nbsp;<small>▼</small></a></td>
    </tr>
    </table><div id="ctl00_main_nav__pnlMore" class="more" style="display:none;">
    <div style="white-space:nowrap;text-align:left;">
    <div onclick="folowLink(this);return ChangeQueryTerm(this);" onmouseover="this.className='over';" onmouseout="this.className='out';">
    <a href="/Results.aspx?q=&amp;SearchType=SearchWeather&amp;ctid=CT1561552&amp;octid=CT1561552&amp;SearchSourceOrigin=10">Wetter</a>
    </div><div onclick="folowLink(this);Log.SearchEngineClick({&quot;SearchEngineTypeId&quot;:6,&quot;MajorSearchEngine&quot;:&quot;BING_COM&quot;}); return ChangeQueryTerm(this);" onmouseover="this.className='over';" onmouseout="this.className='out';">
    <a href="http://www.bing.com/shopping/search?q=&amp;pc=conduit&amp;form=CONMHP&amp;ptag=A4C32A678B078410AA9F&amp;conlogo=CT1561552">Einkaufen</a>
    </div><div onclick="folowLink(this);Log.SearchEngineClick({&quot;SearchEngineTypeId&quot;:5,&quot;MajorSearchEngine&quot;:&quot;BING_COM&quot;}); return ChangeQueryTerm(this);" onmouseover="this.className='over';" onmouseout="this.className='out';">
    <a href="http://www.bing.com/news/search?q=&amp;pc=conduit&amp;form=CONMHP&amp;ptag=A4C32A678B078410AA9F&amp;conlogo=CT1561552">Nachrichten</a>
    </div>
    </div>
    </div>
    </div></div>
    </div>

    <div class="searchBar bing">
    <form action="/Results.aspx" id="frm" name="frm" method="get">

    <table id="ctl00_main_tblform" style="margin:auto;" border="0">
    <tr>
    <td style="width:110px;" rowspan="3"></td>
    <td>
    <div id="ctl00_main_inptw" class="inputwrp">
    <input type="text" id="q_top" name="q" autocomplete="off" class="txtbox" title="Suchen" />
    <input type="submit" value="" class="btnhome" title="Suchen" />
    <div id="sgstWrap">
    </div>
    </div>
    </td>
    <td class="bp">
    <img src="http://storage.conduit.com/Images/Search/homepage/Logo_bing1.png" id="ctl00_main_bi" onclick="Search.submitForm();" title="bing.com" alt="Suchen mit Bing" />
    </td>
    </tr>
    <tr valign="top">
    <td align="center">

    <input type="submit" value="Suchen" class="btnhome" />

    </td>
    <td></td>
    </tr>
    <tr>
    <td style="padding-top:28px;">
    <div class="footerLinks">
    <table cellspacing="0" cellpadding="2" border="0" style="border-collapse:collapse;">
    <tr valign="top">
    <td style="margin-left:5px;padding-left:5px;"><a id="ctl00_main_lngPrefs_contact" class="menu" href="http://HotspotShield.OurToolbar.com/contact" target="_blank">Kontakt</a></td><td class="textaslink">-</td><td style="margin-left:5px;padding-left:5px;"><a id="ctl00_main_lngPrefs_lng" href="javascript:ChangeInterfaceLang('GOOGLE_COM')">English</a></td><td class="textaslink">-</td><td style="margin-left:5px;padding-left:5px;"><a href="javascript:void(0);" onclick="this.style.behavior='url(#default#homepage)';this.setHomePage('http://search.conduit.com/?ctid=CT1561552&amp;SearchSource=10');return Log.GeneralClick({&quot;ClickSource&quot;:3,&quot;ClickTime&quot;:null,&quot;SearchGuid&quot;:&quot;e7f62a18-a473-467a-965f-14c76ac2dc51&quot;,&quot;UserGuid&quot;:null,&quot;TestGroupId&quot;:0});">Make Bing my homepage</a></td>
    </tr>
    </table>
    </div>

    <div class="copyright" style="padding-top:16px;">&copy; 2011 <a href="http://www.conduit.com/">Conduit</a></div>
    </td>
    <td></td>
    </tr>
    </table>

    <input type="hidden" name="SelfSearch" value="1" /><input type="hidden" name="SearchType" value="SearchWeb" /><input type="hidden" name="SearchSourceOrigin" value="10" /><input type="hidden" name="ctid" value="CT1561552" /><input type="hidden" name="octid" value="CT1561552" />
    </form>
    </div>
    </div>
    </div>

    <script type='text/javascript' src='http://resources1.search.conduit.com/version-scripts/default.1737394103.axd' ></script>
    <script>Log.Init({"ProductVersion":"2.8.3.0","SearchSource":10,"SearchSourceOrigin":10,"ToolbarCreationDate":null,"ToolbarId":"CT1561552","ToolbarOriginalId":"CT1561552","ToolbarVersion":null,"UserLanguage":"de-DE"},'http://usage.search.conduit-services.com');Search.initHome();Search.initHome();</script>

    </body>
    </html>
     
  23. deepblue

    deepblue TS Rookie Topic Starter Posts: 31

    this is a fresh after the reboot. you were faster then me posting :)
     
  24. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Where is that HTML code from?
     
  25. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    We posted at the same time, so I'm making sure, you saw my last question.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...