# Trojan downloader and google redirecting



## Shelob (Aug 10, 2002)

The problem: 
A trojan downloader which is persisting even after various scans and fixes claim to have dealt with it; and is now redirecting links (particularly google) and stalling programs.

How it happened: 
Yesterday I suddenly started getting lots of warnings from my AVG Antivirus (paid version), as well as Windows Firewall (which I thought I'd turned off months ago..) 
During this came an alert box saying 'scan computer now'? I stupidly hit 'yes' before realising it wasn't AVG or any program I recognised. I immediately stopped it but couldn't close it, even task manager couldn't stop it, so I had to force a restart.

Since then most of my problems have been with google: 
search links redirect to sales sites (amazon became 'leathercouchsales.com' for example); 
google images only shows the first page of results the rest is blank; 
and since the problem started, Google's been saying "SSL search is off" in an orange text box top right of the screen, although I have all the 'use SSL' buttons ticked on internet options.
(It's not just google though, Facebook and Youtube have also been redirecting links to sales pages).

And at first whenever I opened a new window with IE, a prompt window for *ctfmon.exe* would open simultaneously just for a second and then close again, even though it wasn't showing up at all in task manager! 'Deactivate advanced text service' was already checked, so I unchecked and re-tchecked it again; the ctfmon window stopped appearing.

What I've done so far: 
I did a full computer scan with AVG and then Spybot-SD. I restarted, scanned again with both programs, they found no more problems.

I downloaded and ran Malwarebytes Anti-Malware full scan, it found 7 threats and mentioned trojan downloaders, but seemed to have dealt with them.
But overnight I got about 12 more alerts from AVG to say trojans had been stopped.

Today I noticed web pages seemed to have more adverts on than usual (in general) so I checked my Hosts file only to find it had disappeared. :/ (I've now replaced it with a newer one).

Then I ran an Eset online scan (with everything including AVG off). The result:

C:\Documents and Settings\Alice\Application Data\Sun\Java\Deployment\cache\6.0\43\2767beab-34581ebb	Java/TrojanDownloader.OpenStream.NBL trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Documents and Settings\Alice\Application Data\Sun\Java\Deployment\cache\6.0\7\143b51c7-46b79ff4	a variant of Java/TrojanDownloader.OpenStream.NCC trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C

Then I ran ATF-Cleaner and just cleaned and emptied everything.

I also upgraded AVG And ran its offer of a PC Fix scan. It said there were hundreds of registry errors and bad things, but it didn't fix them.
And my links are still sending me to stupid leather couch sales sites.

I just tried another MalwareBytes scan but the program malfunctioned and shut itself down..

Then I came here and freshly downloaded HJT, DDS and GMER. 
The HJT results are below.
However DDS got 5 minutes in and then froze my entire system, so I had to force a restart. Tried again, same thing.
After a fitful start I did get GMER to work, its results follow those of HJT below.

Enormous thanks in advance to anyone who can help!

------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 03:37:04, on 21/04/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Nero\Nero 7\InCD\InCDsrv.exe
C:\Programas\Java\jre6\bin\jqs.exe
C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
C:\Programas\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Programas\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Programas\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programas\Microsoft IntelliPoint\ipoint.exe
c:\Programas\Microsoft IntelliPoint\dpupdchk.exe
C:\Programas\DivX\DivX Update\DivXUpdate.exe
C:\Programas\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Programas\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Alice\Definições locais\Application Data\Akamai\netsession_win.exe
C:\Documents and Settings\Alice\Definições locais\Application Data\Akamai\netsession_win.exe
C:\Programas\AVG\AVG2012\avgwdsvc.exe
C:\Programas\AVG\AVG2012\avgnsx.exe
C:\Programas\AVG\AVG2012\avgemcx.exe
C:\Programas\AVG\AVG2012\avgrsx.exe
C:\Programas\AVG\AVG2012\avgcsrvx.exe
C:\Programas\AVG\AVG2012\avgcsrvx.exe
C:\Programas\AVG\AVG2012\avgtray.exe
C:\Programas\AVG\AVG2012\AVGIDSAgent.exe
C:\Programas\Windows Live\Messenger\msnmsgr.exe
C:\Programas\Windows Live\Contacts\wlcomm.exe
C:\Programas\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Alice\Os meus documentos\stuff for pc new\HijackThis.exe
C:\Programas\Skype\Toolbars\Shared\SkypeNames2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O1 - Hosts: ::1 localhost #[IPv6]
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programas\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programas\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programas\AVG\AVG2012\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programas\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [IntelliPoint] "c:\Programas\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DivXUpdate] "C:\Programas\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Programas\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Programas\AVG\AVG2012\avgtray.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Documents and Settings\Alice\Definições locais\Application Data\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Alice\Definições locais\Application Data\Google\Update\GoogleUpdate.exe" /c
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Alice\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: Add to Wish List - {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Programas\Amazon\Add to Wish List IE Extension\run.htm
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programas\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programas\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1258385231593
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/da2/PCPitStop2.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programas\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: cryptnet32 - cryptnet32.dll (file missing)
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon da cache de categorias dos componentes - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Programas\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Programas\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programas\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programas\Google\Update\GoogleUpdate.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programas\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programas\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programas\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Programas\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programas\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia - C:\Programas\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 10008 bytes

------------------------------------------------------------------------------

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-21 05:49:51
Windows 5.1.2600 Service Pack 3 
Running: piporqqo.exe; Driver: C:\DOCUME~1\SONIAL~1\DEFINI~1\Temp\ugkcqkog.sys

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\$NtUninstallKB16968$\2433602373 0 bytes
File C:\WINDOWS\$NtUninstallKB16968$\2433602373\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB16968$\2433602373\cfg.ini 204 bytes
File C:\WINDOWS\$NtUninstallKB16968$\2433602373\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB16968$\2433602373\L 0 bytes
File C:\WINDOWS\$NtUninstallKB16968$\2433602373\L\rntebawe 62976 bytes
File C:\WINDOWS\$NtUninstallKB16968$\2433602373\oemid 60 bytes
File C:\WINDOWS\$NtUninstallKB16968$\2433602373\twl.dll 0 bytes
File C:\WINDOWS\$NtUninstallKB16968$\2433602373\U 0 bytes
File C:\WINDOWS\$NtUninstallKB16968$\2433602373\U\[email protected] 2048 bytes
File C:\WINDOWS\$NtUninstallKB16968$\2433602373\U\[email protected] 224768 bytes
File C:\WINDOWS\$NtUninstallKB16968$\2433602373\U\[email protected] 1024 bytes
File C:\WINDOWS\$NtUninstallKB16968$\2433602373\U\[email protected] 66560 bytes
File C:\WINDOWS\$NtUninstallKB16968$\2433602373\U\[email protected] 1024 bytes
File C:\WINDOWS\$NtUninstallKB16968$\2433602373\U\[email protected] 115712 bytes
File C:\WINDOWS\$NtUninstallKB16968$\2433602373\version 1127 bytes
File C:\WINDOWS\$NtUninstallKB16968$\4264020813 0 bytes

---- EOF - GMER 1.0.15 ----


----------



## Glaswegian (Dec 5, 2004)

Hi

My name is Iain and I will be helping you clean your system.

You may wish to *Subscribe* to this thread *(Thread Tools > Subscribe to this thread)* so that you are notified when you receive a reply.

*Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.*

*Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.*

*If there is anything you don't understand, please ask BEFORE proceeding with the fixes.*

*Please ensure that you follow the instructions in the order I have them listed. Note that if you do not respond within 5 days I shall no longer check this thread for replies.*

*Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.*

*IMPORTANT - for Windows Vista and Windows 7 start all tools by using right click > Run as Administrator.*

*Combofix*
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

*Please read all the information carefully! If using Windows XP you should ensure you install the Recovery Console.*

*You MUST disable your AntiVirus and AntiSpyware applications - please read this thread as a guide. They may otherwise interfere with our tools and interrupt the cleansing process.*

Please include the log *C:\ComboFix.txt* in your next reply for further review.


----------



## Shelob (Aug 10, 2002)

Hi Iain,
Firstly thanks so much for taking the time and trouble to help; it's greatly appreciated! (And Glasgow! I lived there for 6 years.  )

Right, I tried ComboFix, turned all the antivirus programs off etc. It got as far as downloading and installing the Microsoft Recovery console okay; then it said it was looking for infected files and archives and just hung like that for about 10 minutes.

Then a text box popped up saying the computer was infected with 'Rootkit.ZeroAcess!', and that it was in the TCP/IP and was particularly 'complicated'.
I clicked okay, nothing happened for 10 minutes. Then it said 'Rootkit found', nothing else. 
After another 10 mins it showed the first message again about being infected, then another 10 mins later the second again. I waited for about 40 minutes, but it was just those 2 messages alternating.

This is what it looked like the entire time, it didn't change my clock or start any 'stages'
http://www.bleepstatic.com/combofix/en/autoscan.jpg

I couldn't get it to turn off either, the whole screen froze and I had to restart.

Is there something I should do differently to make it work?
thanks!


----------



## Glaswegian (Dec 5, 2004)

Hi again

Can you check this location *C:\qoobox* and see if there are any logs named *combofix.txt*? If so, please post the log back in this thread.

In the meantime let's do this

Please download *TDSSKiller.zip* and extract TDSSKiller.exe to your *desktop*.

Execute TDSSKiller.exe by doubleclicking on it. Press *Start Scan*.











If Malicious objects are found, ensure *Cure* is selected (it should be by default)










Click *Continue* then click *Reboot now*










Once complete, a log will be produced at the root drive which is typically C:\

For example, C:\TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt.

Please attach that log.


----------



## Shelob (Aug 10, 2002)

I looked in C:\qoobox and there were 5 folders there but no log files.

Downloaded and unzipped TDSSKiller to my desktop, double-clicked the icon, nothing happened. Tried a few times, nothing. It's not showing up in task manager either. :/


----------



## Glaswegian (Dec 5, 2004)

Hi again

Let's try running ComboFix another way.

Click the Windows 'Start' button and click 'Run' to open the Run box. Then copy/paste the following bolded text into the 'run' box & click OK.

*"%userprofile%\desktop\combofix.exe" /killall*

When finished, it shall produce a log for you. Post that log in your next reply.


----------



## Shelob (Aug 10, 2002)

Sorry, no luck. It started as before (black box with green text saying it's 'extracting') then the blue window, but this time it didn't even get as far as text appearing, just a flashing cursor. I waited for about an hour then restarted.
I tried the desktop icon again which got a bit further than the run command, but not any further than it did before; just gave the same rootkit alerts. I've been trying both methods for 7 hours now without progress.

While running the fix I turned off AVG, spybot, malwarebytes and windows firewall; is there anything else I might have missed that could cause a conflict?
Thanks for your help so far!


----------



## Glaswegian (Dec 5, 2004)

Hi again

Let's try this and see if we can generate a log.

Download *OTL.exe* to your desktop.

Double click the icon to start the tool.
Click *Run Scan *and let the program run uninterrupted.
When the scan is complete, two text files will be created, *OTL.Txt * <- this one will be opened in Notepad and *Extras.txt*, on Desktop.
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of *OTL.Txt *and the *Extras.txt *in your next reply.


----------



## Shelob (Aug 10, 2002)

Hurrah, success at last!

OTL.Txt

-----------------------------------------------------------------------------------------
OTL logfile created on: 23/04/2012 22:07:39 - Run 1
OTL by OldTimer - Version 3.2.41.0 Folder = C:\Documents and Settings\Alice\Ambiente de trabalho
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: Reino Unido | Language: ENG | Date Format: dd/MM/yyyy

3.50 Gb Total Physical Memory | 2.51 Gb Available Physical Memory | 71.66% Memory free
5.34 Gb Paging File | 4.48 Gb Available in Paging File | 83.92% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programas
Drive C: | 465.75 Gb Total Space | 382.85 Gb Free Space | 82.20% Space Free | Partition Type: NTFS

Computer Name: SONI-CACC3DA1EF | User Name: Alice | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/23 22:05:47 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alice\Ambiente de trabalho\OTL.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programas\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programas\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/13 06:37:52 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Documents and Settings\Alice\Definições locais\Application Data\Akamai\netsession_win.exe
PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programas\AVG\AVG2012\avgtray.exe
PRC - [2011/12/02 18:24:02 | 000,031,408 | ---- | M] () -- C:\Programas\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programas\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programas\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 06:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programas\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programas\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programas\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programas\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programas\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programas\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/14 17:09:47 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/05 13:34:52 | 000,079,136 | ---- | M] (Hewlett-Packard Company) -- C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
PRC - [2007/11/26 15:54:12 | 001,554,728 | ---- | M] (Nero AG) -- C:\Programas\Nero\Nero 7\InCD\InCDsrv.exe

========== Modules (No Company Name) ==========

MOD - [2012/03/26 19:35:14 | 003,417,376 | ---- | M] () -- c:\Programas\Ficheiros comuns\Akamai\netsession_win_6c825ce.dll
MOD - [2011/12/02 18:24:02 | 000,031,408 | ---- | M] () -- C:\Programas\RealNetworks\RealDownloader\rndlresolversvc.exe
MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Programas\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programas\DivX\DivX Update\DivXUpdate.exe
MOD - [2008/04/14 17:09:15 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tfsncofs.dll -- (ss_mdm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\portmapper.dll -- (slabbus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\aliide.dll -- (ser2pl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\TICalc.dll -- (s716obex)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\omniusbl.dll -- (rnadiagnosticsservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\interactivelogon.dll -- (Pnp680r)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ATKFUSService.dll -- (oracleorahome92pagingserver)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vaiomediaplatform-photoserver-appserver.dll -- (dlapoolm)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programas\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/26 19:35:14 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\programas\ficheiros comuns\akamai/netsession_win_6c825ce.dll -- (Akamai)
SRV - [2011/12/02 18:24:02 | 000,031,408 | ---- | M] () [Auto | Running] -- C:\Programas\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programas\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programas\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programas\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/06/26 09:26:20 | 000,085,504 | ---- | M] (PC Pitstop LLC) [Disabled | Stopped] -- C:\Programas\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2007/12/05 13:34:52 | 000,079,136 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2007/11/26 15:54:12 | 001,554,728 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programas\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2007/06/27 19:04:00 | 000,279,848 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTGLM7X.sys -- (SetupNTGLM7X)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTACCESS.sys -- (NTACCESS)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\install4\MSICPL.sys -- (MSICPL)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\cdrom.sys -- (Cdrom)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\AL~1\DEFINI~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/02/26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/02/26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/02/26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/02/26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/06/05 08:16:32 | 000,142,336 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/06/02 09:52:36 | 001,374,464 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009/01/13 19:14:02 | 003,455,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/10/31 06:52:16 | 000,093,184 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/02/14 07:12:00 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2007/11/26 15:54:12 | 000,038,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007/11/26 15:54:12 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007/11/26 15:54:12 | 000,016,040 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- C:\WINDOWS\System32\drivers\InCDrec.sys -- (InCDrec)
DRV - [2007/11/26 15:54:02 | 000,118,952 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/08/13 03:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://pt.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 86 40 DD D9 E0 66 CA 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {DB1E8EFF-4FFC-42B6-872F-8E0CBBB751B9}
IE - HKCU\..\SearchScopes\{DB1E8EFF-4FFC-42B6-872F-8E0CBBB751B9}: "URL" = http://www.google.com/search?hl=en&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.pt/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: [email protected]:1.8.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.732
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programas\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programas\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programas\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programas\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programas\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.0.2: C:\Programas\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.0.2: C:\Programas\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programas\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programas\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Alice\Definições locais\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Alice\Definições locais\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Programas\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/08/31 18:56:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Programas\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012/02/06 20:28:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programas\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/03/02 20:30:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Programas\AVG\AVG2012\Firefox4\ [2012/04/21 02:26:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programas\Mozilla Firefox\components [2012/04/09 05:03:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programas\Mozilla Firefox\plugins [2011/05/27 02:22:34 | 000,000,000 | ---D | M]

[2010/04/08 12:10:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Alice\Application Data\mozilla\Extensions
[2012/03/18 04:34:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Alice\Application Data\mozilla\Firefox\Profiles\axnwahfq.default\extensions
[2011/01/27 00:07:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Alice\Application Data\mozilla\Firefox\Profiles\axnwahfq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/21 18:16:01 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Documents and Settings\Alice\Application Data\mozilla\Firefox\Profiles\axnwahfq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/01/27 00:07:04 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Alice\Application Data\mozilla\Firefox\Profiles\axnwahfq.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2012/03/18 04:34:32 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Documents and Settings\Alice\Application Data\mozilla\Firefox\Profiles\axnwahfq.default\extensions\[email protected]
[2011/11/11 08:00:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programas\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ALICE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AXNWAHFQ.DEFAULT\EXTENSIONS\[email protected]
[2012/04/09 05:03:22 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programas\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programas\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/23 00:22:55 | 000,002,252 | ---- | M] () -- C:\Programas\mozilla firefox\searchplugins\bing.xml
[2012/03/23 00:22:55 | 000,002,040 | ---- | M] () -- C:\Programas\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Alice\Defini\u00E7\u00F5es locais\Application Data\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Alice\Defini\u00E7\u00F5es locais\Application Data\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Alice\Defini\u00E7\u00F5es locais\Application Data\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Programas\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Programas\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Programas\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programas\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programas\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programas\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programas\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programas\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programas\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programas\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programas\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programas\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programas\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Alice\Defini\u00E7\u00F5es locais\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Programas\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Programas\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Programas\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Programas\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Programas\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Programas\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: RealNetworks Downloader Extension = C:\Documents and Settings\Alice\Definições locais\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.0_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\Alice\Definições locais\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Alice\Definições locais\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2012/04/21 06:55:06 | 000,600,045 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost #[IPv6]
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 16067 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programas\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (DivX Plus Web Player HTML5 ) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programas\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programas\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programas\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Programas\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Programas\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programas\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Alice\Definições locais\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programas\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Alice\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Add to Wish List - {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Programas\Amazon\Add to Wish List IE Extension\run.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programas\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1258385231593 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/da2/PCPitStop2.cab (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3611113F-71A3-4141-AFA3-0E02486A4C5C}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programas\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programas\Ficheiros comuns\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\cryptnet32: DllName - (cryptnet32.dll) - File not found
O24 - Desktop Components:0 (A minha home page actual) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Alice\Definições locais\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Alice\Definições locais\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programas\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/16 13:49:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/23 22:05:47 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Alice\Ambiente de trabalho\OTL.exe
[2012/04/22 21:38:48 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/04/21 19:08:00 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/04/21 19:02:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/04/21 19:02:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/04/21 19:02:41 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/04/21 19:02:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/04/21 19:01:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/04/21 18:56:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/21 18:45:41 | 004,470,025 | R--- | C] (Swearware) -- C:\Documents and Settings\Alice\Ambiente de trabalho\ComboFix.exe
[2012/04/21 02:27:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alice\Application Data\AVG2012
[2012/04/21 02:26:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\AVG 2012
[2012/04/21 02:26:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2012/04/21 02:26:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2012/04/21 02:18:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/04/21 01:33:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alice\Os meus documentos\stuff for pc new
[2012/04/21 00:23:28 | 000,000,000 | ---D | C] -- C:\Programas\ESET
[2012/04/20 19:50:44 | 002,072,624 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Alice\Ambiente de trabalho\TDSSKiller.exe
[2012/04/20 18:43:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alice\Os meus documentos\DVDVideoSoft
[2012/04/19 19:17:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alice\Application Data\Malwarebytes
[2012/04/19 19:16:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Malwarebytes' Anti-Malware
[2012/04/19 19:16:04 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/19 19:16:04 | 000,000,000 | ---D | C] -- C:\Programas\Malwarebytes' Anti-Malware
[2012/04/19 19:16:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/04/19 19:00:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alice\Application Data\Orwosy
[2012/04/19 19:00:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alice\Application Data\Laiww
[2012/04/19 19:00:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alice\Application Data\Evunu
[2012/04/19 17:41:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Alice\Recent
[2012/04/13 20:05:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alice\Ambiente de trabalho\Nova pasta
[2012/04/09 19:08:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alice\Os meus documentos\CyberLink
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/23 22:12:00 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4ACC2D43-9D5D-40AF-A17B-1EC86773076E}.job
[2012/04/23 22:05:47 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alice\Ambiente de trabalho\OTL.exe
[2012/04/23 21:39:01 | 000,000,992 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/23 21:38:01 | 000,001,004 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-746137067-725345543-1004UA.job
[2012/04/23 18:38:00 | 095,997,857 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/04/23 18:37:35 | 000,010,198 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/04/23 13:55:15 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Alice\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2012/04/23 11:39:01 | 000,000,988 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/23 04:28:07 | 000,098,816 | ---- | M] () -- C:\Documents and Settings\Alice\Definições locais\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/23 04:17:01 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/04/23 03:38:03 | 000,000,952 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-746137067-725345543-1004Core.job
[2012/04/23 00:32:51 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-682003330-746137067-725345543-1004.job
[2012/04/23 00:32:27 | 000,079,008 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2012/04/23 00:32:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/22 20:31:23 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/22 19:13:29 | 000,440,948 | ---- | M] () -- C:\Documents and Settings\Alice\Ambiente de trabalho\fnow.JPG
[2012/04/22 19:02:32 | 000,000,693 | ---- | M] () -- C:\WINDOWS\ulead32.ini
[2012/04/22 16:14:18 | 002,072,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Alice\Ambiente de trabalho\TDSSKiller.exe
[2012/04/21 19:08:16 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2012/04/21 18:45:49 | 004,470,025 | R--- | M] (Swearware) -- C:\Documents and Settings\Alice\Ambiente de trabalho\ComboFix.exe
[2012/04/21 06:55:06 | 000,600,045 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2012/04/21 02:26:51 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\AVG 2012.lnk
[2012/04/20 23:41:14 | 000,601,715 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS.MVP
[2012/04/20 23:41:14 | 000,001,611 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\mvps.bat
[2012/04/20 23:41:14 | 000,001,611 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts files\mvps.bat
[2012/04/19 18:42:00 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Alice\Application Data\Microsoft\Internet Explorer\Quick Launch\Mostrar ambiente de trabalho (2).lnk
[2012/04/19 17:43:11 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/04/19 17:43:08 | 002,302,880 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/04/19 17:38:29 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\hbeliE6a3PILfr
[2012/04/19 17:38:29 | 000,000,176 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-hbeliE6a3PILfrr
[2012/04/19 17:38:29 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-hbeliE6a3PILfr
[2012/04/17 19:58:00 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-682003330-746137067-725345543-1004.job
[2012/04/17 05:50:59 | 000,000,916 | ---- | M] () -- C:\Documents and Settings\Alice\Ambiente de trabalho\sketches.lnk
[2012/04/15 20:00:00 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-682003330-746137067-725345543-1004.job
[2012/04/15 05:53:01 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Alice\Application Data\Microsoft\Internet Explorer\Quick Launch\Mostrar ambiente de trabalho (3).lnk
[2012/04/14 09:39:42 | 000,002,350 | ---- | M] () -- C:\Documents and Settings\Alice\Ambiente de trabalho\Google Chrome.lnk
[2012/04/11 14:24:48 | 000,654,400 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat
[2012/04/11 14:24:48 | 000,589,000 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/11 14:24:48 | 000,159,654 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat
[2012/04/11 14:24:48 | 000,130,618 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/11 14:20:53 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/05 12:47:53 | 000,009,662 | ---- | M] () -- C:\WINDOWS\EPISME00.SWB
[2012/04/05 12:41:06 | 000,054,837 | ---- | M] () -- C:\Documents and Settings\Alice\Ambiente de trabalho\sgepisodeorder.png
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/23 18:38:00 | 095,997,857 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/04/23 18:37:35 | 000,010,198 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/04/23 13:55:15 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Alice\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2012/04/22 19:13:27 | 000,440,948 | ---- | C] () -- C:\Documents and Settings\Alice\Ambiente de trabalho\fnow.JPG
[2012/04/21 19:08:14 | 000,000,212 | ---- | C] () -- C:\Boot.bak
[2012/04/21 19:08:03 | 000,261,856 | RHS- | C] () -- C:\cmldr
[2012/04/21 19:02:41 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/21 19:02:41 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/21 19:02:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/21 19:02:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/21 19:02:41 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/21 02:26:51 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\AVG 2012.lnk
[2012/04/21 02:26:30 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavichjw.avm
[2012/04/19 17:43:11 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/04/19 17:38:29 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-hbeliE6a3PILfrr
[2012/04/19 17:38:29 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-hbeliE6a3PILfr
[2012/04/19 17:38:19 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hbeliE6a3PILfr
[2012/04/17 05:50:59 | 000,000,916 | ---- | C] () -- C:\Documents and Settings\Alice\Ambiente de trabalho\sketches.lnk
[2012/04/15 05:52:43 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Alice\Application Data\Microsoft\Internet Explorer\Quick Launch\Mostrar ambiente de trabalho (3).lnk
[2012/04/15 05:50:56 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Alice\Application Data\Microsoft\Internet Explorer\Quick Launch\Mostrar ambiente de trabalho (2).lnk
[2012/04/05 12:45:02 | 000,054,837 | ---- | C] () -- C:\Documents and Settings\Alice\Ambiente de trabalho\sgepisodeorder.png
[2012/02/15 05:00:27 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/16 05:39:46 | 000,000,246 | ---- | C] () -- C:\WINDOWS\ob1.INI
[2011/08/03 22:50:57 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/24 04:19:56 | 000,295,723 | ---- | C] () -- C:\WINDOWS\System32\shimg.dll
[2011/02/17 02:36:41 | 000,000,016 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2011/02/17 02:36:35 | 000,035,328 | ---- | C] () -- C:\WINDOWS\INETWH32.DLL
[2011/02/17 02:36:35 | 000,009,136 | ---- | C] () -- C:\WINDOWS\INETWH16.DLL
[2011/02/17 02:36:35 | 000,004,528 | ---- | C] () -- C:\WINDOWS\SETBROWS.EXE
[2010/11/28 01:52:55 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/07/08 20:30:55 | 000,134,138 | ---- | C] () -- C:\WINDOWS\ColorPic Uninstaller.exe

< End of report >

-----------------------------------------------------------------------------------------

Extras.txt

-----------------------------------------------------------------------------------------
OTL Extras logfile created on: 23/04/2012 22:07:39 - Run 1
OTL by OldTimer - Version 3.2.41.0 Folder = C:\Documents and Settings\Alice\Ambiente de trabalho
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: Reino Unido | Language: ENG | Date Format: dd/MM/yyyy

3.50 Gb Total Physical Memory | 2.51 Gb Available Physical Memory | 71.66% Memory free
5.34 Gb Paging File | 4.48 Gb Available in Paging File | 83.92% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programas
Drive C: | 465.75 Gb Total Space | 382.85 Gb Free Space | 82.20% Space Free | Partition Type: NTFS

Computer Name: SONI-CACC3DA1EF | User Name: Alice | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programas\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programas\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNetisabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNetisabledxpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Alice\Definições locais\Temp\usmt\migwiz.exe" = C:\Documents and Settings\Alice\Definições locais\Temp\usmt\migwiz.exe:*:Enabled:Assistente de transferência de definições e de ficheiros
"D:\CDS\Nero\Installation\SetupX.exe" = D:\CDS\Nero\Installation\SetupX.exe:*:Enabled:Nero ProductSetup
"C:\Programas\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Programas\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)
"C:\Programas\uTorrent\uTorrent.exe" = C:\Programas\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Programas\Google\Google Earth\client\googleearth.exe" = C:\Programas\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Programas\Google\Google Earth\plugin\geplugin.exe" = C:\Programas\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Documents and Settings\Alice\Definições locais\Application Data\Akamai\netsession_win.exe" = C:\Documents and Settings\Alice\Definições locais\Application Data\Akamai\netsession_win.exe:*isabled:netsession_win -- (Akamai Technologies, Inc)
"C:\Programas\AVG\AVG2012\avgnsx.exe" = C:\Programas\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Programas\AVG\AVG2012\avgdiagex.exe" = C:\Programas\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Programas\AVG\AVG2012\avgmfapx.exe" = C:\Programas\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Programas\AVG\AVG2012\avgemcx.exe" = C:\Programas\AVG\AVG2012\avgemcx.exe:*:Enabledersonal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{05E3D522-E6AB-957A-0505-C1CD27DF11F7}" = CCC Help Finnish
"{069C1AD7-AC72-40E0-A156-7442EA6A48D7}" = AVG 2012
"{0800E395-4DD7-3A93-BB96-08596C0D725F}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PTG
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{09234F0D-5971-4701-94EE-89CB6926E273}" = Serif PhotoPlus SE
"{0D70FCFE-2102-4951-A56E-22DD07DFA5B6}" = Microsoft .NET Framework 1.1 Portuguese Language Pack
"{0F52D504-1EBC-9377-8FA7-BDF14ABEDAB6}" = TweetDeck
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{1596098A-FCEC-48F0-B7C7-08A31B772070}" = Nero 7 Essentials
"{1A0408DB-7E91-3515-59BB-F0DFDDD6C1C1}" = CCC Help Spanish
"{1A197E71-C969-E711-F664-9B2EDBEE8B68}" = CCC Help French
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{21BCE515-D5A3-11D4-8E33-0010B53EC668}" = Ulead Photo Express 4.0 My Custom Edition
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{244E21B9-164C-4EC1-AED8-9BD64161E66D}" = ArcSoft VideoImpression 2
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}" = Next Generation Visualisations
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C9816-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{351254A7-59D7-573A-46A4-1EC65859B43F}" = Catalyst Control Center Graphics Light
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{468B65CE-56CE-CBA5-102A-1B9B2DCABD4C}" = Skins
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{558D6CFC-1E6C-3FE4-1D55-6E8B374DCC0A}" = Catalyst Control Center Graphics Full Existing
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C7CBCE5-E3C0-ABB9-68CD-57561A23B2B7}" = ccc-core-static
"{5DA7BC15-18D3-41A0-9F59-838DA3EAEF17}" = EPSON Easy Photo Print
"{5EF4753D-13BD-3BBC-BFA4-869C0B29F1E0}" = ccc-core-preinstall
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DA24B15-C03B-73FD-0344-013BE69865C8}" = CCC Help Italian
"{6FBA504A-2455-071C-8A9B-DAAA559A8072}" = CCC Help Japanese
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B515EA-AF12-C12A-3365-4A49F433A14D}" = CCC Help Danish
"{757A8A2D-DF90-4533-4C89-62CB406B690B}" = CCC Help Chinese Standard
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C8245B-A18E-ABFC-FEF1-7272725B0348}" = CCC Help German
"{7B1DBCBE-DF17-3B58-844C-F572F70EF5C4}" = Microsoft .NET Framework 3.5 Language Pack SP1 - ptg
"{7EB9DE29-C72C-9120-6276-9288A5FBD625}" = CCC Help Dutch
"{82AF3E91-57E1-4754-84D0-40A46E2479AB}" = OpenOffice.org 3.3
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88528F28-E04A-3A93-B3C0-14651148FE82}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PTG
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A168327-7618-4266-8990-568092659FA3}" = RealDownloader
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A1FAC1AF-5615-47FE-B5C8-5E981EC8522B}_is1" = Free Stopwatch 2.5.0
"{A20DB99F-AD76-F2B6-2913-86585AABE40E}" = CCC Help Swedish
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1046-7B44-A91000000001}" = Adobe Reader 9.1 - Português
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BAB571B0-FD74-44D2-AA40-7A94D6C95CDD}" = Catalyst Control Center - Branding
"{BF5D0357-7617-5200-42E2-555F15E4ADB8}" = CCC Help Chinese Traditional
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBCF859F-04BE-4A07-B6FA-F4FAD69EF1ED}" = LightScribe System Software 1.10.27.1
"{CBF84027-6C67-EA36-8791-031FAC9AD6E2}" = CCC Help Norwegian
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{DA3A4613-9CF7-9F2C-55D8-E8790DF7E656}" = Catalyst Control Center Graphics Full New
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{EB4972E1-B077-D9D5-492A-A8D0D8B8D4A3}" = ccc-utility
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F24C7A16-E946-872E-4A12-21B847291F41}" = Catalyst Control Center Localization All
"{FB52768C-6D14-4696-76AE-9E4A7081D73A}" = Catalyst Control Center Core Implementation
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"{FFEA0531-048F-6A0D-CA64-73283C2B824A}" = CCC Help English
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Pacote de controladores do Windows - Nokia Modem (06/09/2010 4.5)
"504244733D18C8F63FF584AEB290E3904E791693" = Pacote de controladores do Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface Service
"All ATI Software" = ATI - Software Uninstall Utility
"Amazon Add to Wish List IE Extension" = Amazon Add to Wish List IE Extension 1.1
"AMP Font Viewer" = AMP Font Viewer
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.3
"audcle" = Plus! MP3 Audio Converter LE
"AVG" = AVG 2012
"CCleaner" = CCleaner
"ColorPic" = ColorPic
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Setup" = DivX Setup
"EEEE705096F837B7907659F100C9FE6DA001970F" = Pacote de controladores do Windows - Nokia Modem (06/09/2010 7.01.0.7)
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"ESPR800 Reference Guide" = ESPR800 Reference Guide
"FavOrg" = FavOrg
"Filter Forge Freepack 2 - Photo Effects_is1" = Filter Forge Freepack 2 - Photo Effects 2.009
"Filter Forge Freepack 3 - Frames_is1" = Filter Forge Freepack 3 - Frames 2.009
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.4.721
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"ImageSkill Magic Enhancer Lite 1" = ImageSkill Magic Enhancer Lite 1 (Remove only)
"ImageSkill Outliner 2" = ImageSkill Outliner 2 (Remove only)
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Gestor de Dispositivo de Plataforma
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - ptg" = Microsoft .NET Framework 3.5 Language Pack SP1 - PTG
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"mmmusic" = Movie Maker Background Music Files
"mmsounds" = Movie Maker Sound Effects
"mmtitle" = Movie Maker Title Images
"Morpheus Photo Mixer_is1" = Morpheus Photo Mixer v3.11
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"mplibwiz.inf" = Media Library Management Wizard
"mpxptray.inf" = Windows Media Player Tray Control
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nokia PC Suite" = Nokia PC Suite
"PC Pitstop Driver Alert2_is1" = PC Pitstop Driver Alert2 2.0.0.0
"PERF4180P Reference Guide" = PERF4180P Reference Guide
"ReDynaMix HDR (Adobe Photoshop Plug-in)_is1" = DCETools - ReDynaMix HDR 1.01
"Security Task Manager" = Security Task Manager 1.8d
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"Ulead ArtTexture.Plugin 1.0" = Ulead ArtTexture.Plugin 1.0
"Ulead Particle.Plugin 1.0" = Ulead Particle.Plugin 1.0
"uTorrent" = µTorrent
"Veoh Web Player Beta" = Veoh Web Player
"virtualPhotographer_is1" = virtualPhotographer 1.5.6
"VLC media player" = VLC media player 1.1.7
"wa2wmp" = Windows Media Player Skin Importer
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Wisdom-soft Set up ScreenHunter 5.1 Free" = Wisdom-soft Set up ScreenHunter 5.1 Free
"WMBK2" = Windows Media Bonus Pack for Windows XP
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 20/04/2012 21:15:00 | Computer Name = SONI-CACC3DA1EF | Source = Application Error | ID = 1000
Description = Aplicação em falha avgnsx.exe, versão 9.0.0.855, módulo em falha avgnsx.exe,
versão 9.0.0.855, endereço em falha 0x0000cc79.

Error - 20/04/2012 21:15:16 | Computer Name = SONI-CACC3DA1EF | Source = Application Error | ID = 1001
Description = Fault bucket 2050960978.

Error - 20/04/2012 22:35:21 | Computer Name = SONI-CACC3DA1EF | Source = Application Error | ID = 1000
Description = Aplicação em falha mbam.exe, versão 1.60.0.80, módulo em falha version.dll,
versão 5.1.2600.5512, endereço em falha 0x00001ddc.

Error - 20/04/2012 22:35:30 | Computer Name = SONI-CACC3DA1EF | Source = Application Error | ID = 1001
Description = Fault bucket -1393303281.

Error - 22/04/2012 12:48:51 | Computer Name = SONI-CACC3DA1EF | Source = Windows Search Service | ID = 3013
Description = Não foi possível actualizar a entrada <C:\DOCUMENTS AND SETTINGS\
ALICE\TRACING\WINDOWSLIVEMESSENGER-UCCAPI-0.UCCAPILOG> no mapa de hash. Contexto:
Aplicação , Catálogo SystemIndex Detalhes: Um dispositivo ligado ao sistema não está
a funcionar. (0x8007001f)

Error - 22/04/2012 12:48:51 | Computer Name = SONI-CACC3DA1EF | Source = Windows Search Service | ID = 3013
Description = Não foi possível actualizar a entrada <C:\DOCUMENTS AND SETTINGS\ALICE\TRACING\WINDOWSLIVEMESSENGER-UCCAPI-0.UCCAPILOG> no mapa de hash. Contexto:
Aplicação , Catálogo SystemIndex Detalhes: Um dispositivo ligado ao sistema não está
a funcionar. (0x8007001f)

Error - 22/04/2012 14:55:08 | Computer Name = SONI-CACC3DA1EF | Source = Windows Search Service | ID = 3013
Description = Não foi possível actualizar a entrada <C:\DOCUMENTS AND SETTINGS\ALICE\TRACING\WINDOWSLIVEMESSENGER-UCCAPI-0.UCCAPILOG> no mapa de hash. Contexto:
Aplicação , Catálogo SystemIndex Detalhes: Um dispositivo ligado ao sistema não está
a funcionar. (0x8007001f)

Error - 22/04/2012 14:55:25 | Computer Name = SONI-CACC3DA1EF | Source = Windows Search Service | ID = 3013
Description = Não foi possível actualizar a entrada <C:\DOCUMENTS AND SETTINGS\ALICE\TRACING\WINDOWSLIVEMESSENGER-UCCAPI-0.UCCAPILOG> no mapa de hash. Contexto:
Aplicação , Catálogo SystemIndex Detalhes: Um dispositivo ligado ao sistema não está
a funcionar. (0x8007001f)

Error - 22/04/2012 15:50:24 | Computer Name = SONI-CACC3DA1EF | Source = Application Error | ID = 1000
Description = Aplicação em falha teatimer.exe, versão 1.6.6.32, módulo em falha 
teatimer.exe, versão 1.6.6.32, endereço em falha 0x0006e66e.

Error - 22/04/2012 15:50:29 | Computer Name = SONI-CACC3DA1EF | Source = Application Error | ID = 1001
Description = Fault bucket 1180474431.

[ System Events ]
Error - 22/04/2012 19:32:47 | Computer Name = SONI-CACC3DA1EF | Source = Service Control Manager | ID = 7023
Description = O serviço Cwbrxd terminou com o seguinte erro: %%126

Error - 22/04/2012 19:32:47 | Computer Name = SONI-CACC3DA1EF | Source = Service Control Manager | ID = 7023
Description = O serviço RTL8023xp terminou com o seguinte erro: %%126

Error - 22/04/2012 19:32:47 | Computer Name = SONI-CACC3DA1EF | Source = Service Control Manager | ID = 7023
Description = O serviço Vaiomediaplatform-photoserver-appserver terminou com o seguinte
erro: %%126

Error - 22/04/2012 19:32:47 | Computer Name = SONI-CACC3DA1EF | Source = Service Control Manager | ID = 7023
Description = O serviço CT20XUT.DLL terminou com o seguinte erro: %%126

Error - 22/04/2012 19:32:47 | Computer Name = SONI-CACC3DA1EF | Source = Service Control Manager | ID = 7023
Description = O serviço Pnkbstrk terminou com o seguinte erro: %%126

Error - 22/04/2012 19:32:47 | Computer Name = SONI-CACC3DA1EF | Source = Service Control Manager | ID = 7023
Description = O serviço BCMTPM terminou com o seguinte erro: %%126

Error - 22/04/2012 19:32:47 | Computer Name = SONI-CACC3DA1EF | Source = Service Control Manager | ID = 7023
Description = O serviço Wlsetupsvc terminou com o seguinte erro: %%126

Error - 22/04/2012 19:33:03 | Computer Name = SONI-CACC3DA1EF | Source = Service Control Manager | ID = 7026
Description = Falhou o carregamento dos seguintes controladores de início de arranque
ou de início do sistema: Cdrom Imapi

Error - 22/04/2012 19:33:48 | Computer Name = SONI-CACC3DA1EF | Source = Service Control Manager | ID = 7009
Description = Tempo de espera esgotado (30000 milissegundos) a aguardar pela ligação
do serviço SSL de HTTP.

Error - 22/04/2012 19:33:48 | Computer Name = SONI-CACC3DA1EF | Source = Service Control Manager | ID = 7000
Description = O serviço SSL de HTTP falhou o arranque devido ao seguinte erro: %%1053

< End of report >

-----------------------------------------------------------------------------------------


----------



## Glaswegian (Dec 5, 2004)

Hi again

Can you tell me if the folders in bold below mean anything to you?

You may need to unhide your Hidden/System files first.

Go to *My Computer > Tools > Folder Options > View* tab and make sure that Show hidden files and folders is enabled. Also make sure that the System files and Folders are showing / visible. Uncheck the *Hide protected operating system files* option.

C:\Documents and Settings\All Users\Application Data\*hbeliE6a3PILfr*
C:\Documents and Settings\All Users\Application Data\*-hbeliE6a3PILfr*
C:\Documents and Settings\All Users\Application Data\*-hbeliE6a3PILfrr*
C:\Documents and Settings\Alice\Application Data\*Evunu*
C:\Documents and Settings\Alice\Application Data\*Laiww*
C:\Documents and Settings\Alice\Application Data\*Orwosy*

If they are not required then please let me know.


----------



## Shelob (Aug 10, 2002)

No I've not seen those before or know anything about them.


----------



## Glaswegian (Dec 5, 2004)

Hi again

OK  thanks  we shall remove them and see if that helps things.

Please double-click *OTL.exe* to run it. (*Note:* If you are running on Vista/W7, right-click on the file and choose *Run As Administrator*).
*Copy the lines in the codebox below to the clipboard* by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose *Copy*):


```
:OTL
[2012/04/19 19:00:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alice\Application Data\Orwosy
[2012/04/19 19:00:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alice\Application Data\Laiww
[2012/04/19 19:00:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alice\Application Data\Evunu
[2012/04/19 17:38:29 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-hbeliE6a3PILfrr
[2012/04/19 17:38:29 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-hbeliE6a3PILfr
[2012/04/19 17:38:19 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hbeliE6a3PILfr
```

 Return to OTL, right click in the *"Custom Scans/Fixes"* section and choose *Paste*.
Click the red *Run Fix* button.
OTL may ask to reboot the machine. Please do so.
If OTL did not reboot the machine, click OK and the log will open. Post the contents of the log in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Please post a new OTL log.

Now try running ComboFix again and let me know if it works.


----------



## Shelob (Aug 10, 2002)

I did the OTL thing you asked, and it made a log saying that each of those files was 'moved successfully'

And below is the new OTL log you asked for, but even after this I couldn't get ComboFix to get past 'you've been infected with rootkit:zeroaccess!' etc, and then a message saying 'hold on this will take some time' at which it freezes again. Sorry. 

OTL logfile created on: 24/04/2012 17:04:53 - Run 2
OTL by OldTimer - Version 3.2.41.0 Folder = C:\Documents and Settings\Alice\Ambiente de trabalho
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: Reino Unido | Language: ENG | Date Format: dd/MM/yyyy

3.50 Gb Total Physical Memory | 2.58 Gb Available Physical Memory | 73.69% Memory free
5.34 Gb Paging File | 4.44 Gb Available in Paging File | 83.24% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programas
Drive C: | 465.75 Gb Total Space | 382.33 Gb Free Space | 82.09% Space Free | Partition Type: NTFS

Computer Name: SONI-CACC3DA1EF | User Name: Alice | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/23 22:05:47 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alice\Ambiente de trabalho\OTL.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programas\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programas\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/13 06:37:52 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Documents and Settings\Alice\Definições locais\Application Data\Akamai\netsession_win.exe
PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programas\AVG\AVG2012\avgtray.exe
PRC - [2011/12/02 18:24:02 | 000,031,408 | ---- | M] () -- C:\Programas\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programas\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programas\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 06:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programas\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programas\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programas\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programas\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programas\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programas\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/14 17:09:47 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/05 13:34:52 | 000,079,136 | ---- | M] (Hewlett-Packard Company) -- C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
PRC - [2007/11/26 15:54:12 | 001,554,728 | ---- | M] (Nero AG) -- C:\Programas\Nero\Nero 7\InCD\InCDsrv.exe

========== Modules (No Company Name) ==========

MOD - [2012/03/26 19:35:14 | 003,417,376 | ---- | M] () -- c:\Programas\Ficheiros comuns\Akamai\netsession_win_6c825ce.dll
MOD - [2011/12/02 18:24:02 | 000,031,408 | ---- | M] () -- C:\Programas\RealNetworks\RealDownloader\rndlresolversvc.exe
MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Programas\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programas\DivX\DivX Update\DivXUpdate.exe
MOD - [2008/04/14 17:09:15 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tfsncofs.dll -- (ss_mdm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\portmapper.dll -- (slabbus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\aliide.dll -- (ser2pl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\TICalc.dll -- (s716obex)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\omniusbl.dll -- (rnadiagnosticsservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\interactivelogon.dll -- (Pnp680r)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ATKFUSService.dll -- (oracleorahome92pagingserver)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vaiomediaplatform-photoserver-appserver.dll -- (dlapoolm)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programas\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/26 19:35:14 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\programas\ficheiros comuns\akamai/netsession_win_6c825ce.dll -- (Akamai)
SRV - [2011/12/02 18:24:02 | 000,031,408 | ---- | M] () [Auto | Running] -- C:\Programas\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programas\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programas\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programas\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/06/26 09:26:20 | 000,085,504 | ---- | M] (PC Pitstop LLC) [Disabled | Stopped] -- C:\Programas\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2007/12/05 13:34:52 | 000,079,136 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2007/11/26 15:54:12 | 001,554,728 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programas\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2007/06/27 19:04:00 | 000,279,848 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTGLM7X.sys -- (SetupNTGLM7X)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTACCESS.sys -- (NTACCESS)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\install4\MSICPL.sys -- (MSICPL)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\cdrom.sys -- (Cdrom)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ALI~1\DEFINI~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/02/26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/02/26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/02/26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/02/26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/06/05 08:16:32 | 000,142,336 | R--- | M] (Realtek Semiconductor Corporation  ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/06/02 09:52:36 | 001,374,464 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009/01/13 19:14:02 | 003,455,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/10/31 06:52:16 | 000,093,184 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/02/14 07:12:00 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2007/11/26 15:54:12 | 000,038,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007/11/26 15:54:12 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007/11/26 15:54:12 | 000,016,040 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- C:\WINDOWS\System32\drivers\InCDrec.sys -- (InCDrec)
DRV - [2007/11/26 15:54:02 | 000,118,952 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/08/13 03:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://pt.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 86 40 DD D9 E0 66 CA 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {DB1E8EFF-4FFC-42B6-872F-8E0CBBB751B9}
IE - HKCU\..\SearchScopes\{DB1E8EFF-4FFC-42B6-872F-8E0CBBB751B9}: "URL" = http://www.google.com/search?hl=en&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.pt/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: [email protected]:1.8.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.732
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programas\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programas\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programas\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programas\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programas\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.0.2: C:\Programas\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.0.2: C:\Programas\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programas\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programas\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Alice\Definições locais\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Alice\Definições locais\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Programas\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/08/31 18:56:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Programas\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012/02/06 20:28:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programas\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/03/02 20:30:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Programas\AVG\AVG2012\Firefox4\ [2012/04/21 02:26:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programas\Mozilla Firefox\components [2012/04/09 05:03:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programas\Mozilla Firefox\plugins [2011/05/27 02:22:34 | 000,000,000 | ---D | M]

[2010/04/08 12:10:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Alice\Application Data\mozilla\Extensions
[2012/03/18 04:34:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Alice\Application Data\mozilla\Firefox\Profiles\axnwahfq.default\extensions
[2011/01/27 00:07:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Alice\Application Data\mozilla\Firefox\Profiles\axnwahfq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/21 18:16:01 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Documents and Settings\Alice\Application Data\mozilla\Firefox\Profiles\axnwahfq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/01/27 00:07:04 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Alice\Application Data\mozilla\Firefox\Profiles\axnwahfq.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2012/03/18 04:34:32 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Documents and Settings\Alice\Application Data\mozilla\Firefox\Profiles\axnwahfq.default\extensions\[email protected]
[2011/11/11 08:00:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programas\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ALICE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AXNWAHFQ.DEFAULT\EXTENSIONS\[email protected]
[2012/04/09 05:03:22 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programas\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programas\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/23 00:22:55 | 000,002,252 | ---- | M] () -- C:\Programas\mozilla firefox\searchplugins\bing.xml
[2012/03/23 00:22:55 | 000,002,040 | ---- | M] () -- C:\Programas\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Alice\Defini\u00E7\u00F5es locais\Application Data\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Alice\Defini\u00E7\u00F5es locais\Application Data\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Alice\Defini\u00E7\u00F5es locais\Application Data\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Programas\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Programas\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Programas\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programas\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programas\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programas\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programas\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programas\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programas\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programas\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programas\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programas\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programas\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Alice\Defini\u00E7\u00F5es locais\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Programas\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Programas\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Programas\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Programas\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Programas\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Programas\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: RealNetworks Downloader Extension = C:\Documents and Settings\Alice\Definições locais\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.0_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\Alice\Definições locais\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Alice\Definições locais\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2012/04/21 06:55:06 | 000,600,045 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost #[IPv6]
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 16067 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programas\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (DivX Plus Web Player HTML5 ) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programas\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programas\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programas\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Programas\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Programas\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programas\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Alice\Definições locais\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programas\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Alice\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Add to Wish List - {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Programas\Amazon\Add to Wish List IE Extension\run.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programas\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1258385231593 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/da2/PCPitStop2.cab (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3611113F-71A3-4141-AFA3-0E02486A4C5C}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programas\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programas\Ficheiros comuns\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\cryptnet32: DllName - (cryptnet32.dll) - File not found
O24 - Desktop Components:0 (A minha home page actual) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Alice\Definições locais\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Alice\Definições locais\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programas\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/16 13:49:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/24 16:55:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/23 22:05:47 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Alice\Ambiente de trabalho\OTL.exe
[2012/04/22 21:38:48 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/04/21 19:08:00 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/04/21 19:02:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/04/21 19:02:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/04/21 19:02:41 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/04/21 19:02:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/04/21 19:01:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/04/21 18:56:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/21 18:45:41 | 004,470,025 | R--- | C] (Swearware) -- C:\Documents and Settings\Alice\Ambiente de trabalho\ComboFix.exe
[2012/04/21 02:27:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alice\Application Data\AVG2012
[2012/04/21 02:26:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\AVG 2012
[2012/04/21 02:26:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2012/04/21 02:26:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2012/04/21 02:18:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/04/21 01:33:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alice\Os meus documentos\stuff for pc new
[2012/04/21 00:23:28 | 000,000,000 | ---D | C] -- C:\Programas\ESET
[2012/04/20 18:43:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alice\Os meus documentos\DVDVideoSoft
[2012/04/19 19:17:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alice\Application Data\Malwarebytes
[2012/04/19 19:16:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Malwarebytes' Anti-Malware
[2012/04/19 19:16:04 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/19 19:16:04 | 000,000,000 | ---D | C] -- C:\Programas\Malwarebytes' Anti-Malware
[2012/04/19 19:16:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/04/19 17:41:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Alice\Recent
[2012/04/13 20:05:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alice\Ambiente de trabalho\Nova pasta
[2012/04/09 19:08:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alice\Os meus documentos\CyberLink
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/24 17:07:00 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4ACC2D43-9D5D-40AF-A17B-1EC86773076E}.job
[2012/04/24 16:39:01 | 000,000,992 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/24 16:38:01 | 000,001,004 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-746137067-725345543-1004UA.job
[2012/04/24 11:39:01 | 000,000,988 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/24 09:14:39 | 096,059,283 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/04/24 03:38:01 | 000,000,952 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-746137067-725345543-1004Core.job
[2012/04/24 01:01:33 | 000,000,689 | ---- | M] () -- C:\Documents and Settings\Alice\Ambiente de trabalho\Trying to fix 2012 1april 20s.lnk
[2012/04/23 22:05:47 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alice\Ambiente de trabalho\OTL.exe
[2012/04/23 18:37:35 | 000,010,198 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/04/23 13:55:15 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Alice\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2012/04/23 04:28:07 | 000,098,816 | ---- | M] () -- C:\Documents and Settings\Alice\Definições locais\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/23 04:17:01 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/04/23 00:32:51 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-682003330-746137067-725345543-1004.job
[2012/04/23 00:32:27 | 000,079,008 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2012/04/23 00:32:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/22 20:31:23 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/22 19:13:29 | 000,440,948 | ---- | M] () -- C:\Documents and Settings\Alice\Ambiente de trabalho\fnow.JPG
[2012/04/22 19:02:32 | 000,000,693 | ---- | M] () -- C:\WINDOWS\ulead32.ini
[2012/04/21 19:08:16 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2012/04/21 18:45:49 | 004,470,025 | R--- | M] (Swearware) -- C:\Documents and Settings\Alice\Ambiente de trabalho\ComboFix.exe
[2012/04/21 06:55:06 | 000,600,045 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2012/04/21 02:26:51 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\AVG 2012.lnk
[2012/04/20 23:41:14 | 000,601,715 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS.MVP
[2012/04/20 23:41:14 | 000,001,611 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\mvps.bat
[2012/04/20 23:41:14 | 000,001,611 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts files\mvps.bat
[2012/04/19 18:42:00 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Alice\Application Data\Microsoft\Internet Explorer\Quick Launch\Mostrar ambiente de trabalho (2).lnk
[2012/04/19 17:43:11 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/04/19 17:43:08 | 002,302,880 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/04/17 19:58:00 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-682003330-746137067-725345543-1004.job
[2012/04/17 05:50:59 | 000,000,916 | ---- | M] () -- C:\Documents and Settings\Alice\Ambiente de trabalho\sketches.lnk
[2012/04/15 20:00:00 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-682003330-746137067-725345543-1004.job
[2012/04/15 05:53:01 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Alice\Application Data\Microsoft\Internet Explorer\Quick Launch\Mostrar ambiente de trabalho (3).lnk
[2012/04/14 09:39:42 | 000,002,350 | ---- | M] () -- C:\Documents and Settings\Alice\Ambiente de trabalho\Google Chrome.lnk
[2012/04/11 14:24:48 | 000,654,400 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat
[2012/04/11 14:24:48 | 000,589,000 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/11 14:24:48 | 000,159,654 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat
[2012/04/11 14:24:48 | 000,130,618 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/11 14:20:53 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/05 12:47:53 | 000,009,662 | ---- | M] () -- C:\WINDOWS\EPISME00.SWB
[2012/04/05 12:41:06 | 000,054,837 | ---- | M] () -- C:\Documents and Settings\Alice\Ambiente de trabalho\sgepisodeorder.png
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/24 09:14:39 | 096,059,283 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/04/24 01:01:33 | 000,000,689 | ---- | C] () -- C:\Documents and Settings\Alice\Ambiente de trabalho\Trying to fix 2012 1april 20s.lnk
[2012/04/23 18:37:35 | 000,010,198 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/04/23 13:55:15 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Alice\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2012/04/22 19:13:27 | 000,440,948 | ---- | C] () -- C:\Documents and Settings\Alice\Ambiente de trabalho\fnow.JPG
[2012/04/21 19:08:14 | 000,000,212 | ---- | C] () -- C:\Boot.bak
[2012/04/21 19:08:03 | 000,261,856 | RHS- | C] () -- C:\cmldr
[2012/04/21 19:02:41 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/21 19:02:41 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/21 19:02:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/21 19:02:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/21 19:02:41 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/21 02:26:51 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\AVG 2012.lnk
[2012/04/21 02:26:30 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavichjw.avm
[2012/04/19 17:43:11 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/04/17 05:50:59 | 000,000,916 | ---- | C] () -- C:\Documents and Settings\Alice\Ambiente de trabalho\sketches.lnk
[2012/04/15 05:52:43 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Alice\Application Data\Microsoft\Internet Explorer\Quick Launch\Mostrar ambiente de trabalho (3).lnk
[2012/04/15 05:50:56 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Alice\Application Data\Microsoft\Internet Explorer\Quick Launch\Mostrar ambiente de trabalho (2).lnk
[2012/04/05 12:45:02 | 000,054,837 | ---- | C] () -- C:\Documents and Settings\Alice\Ambiente de trabalho\sgepisodeorder.png
[2012/02/15 05:00:27 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/16 05:39:46 | 000,000,246 | ---- | C] () -- C:\WINDOWS\ob1.INI
[2011/08/03 22:50:57 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/24 04:19:56 | 000,295,723 | ---- | C] () -- C:\WINDOWS\System32\shimg.dll
[2011/02/17 02:36:41 | 000,000,016 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2011/02/17 02:36:35 | 000,035,328 | ---- | C] () -- C:\WINDOWS\INETWH32.DLL
[2011/02/17 02:36:35 | 000,009,136 | ---- | C] () -- C:\WINDOWS\INETWH16.DLL
[2011/02/17 02:36:35 | 000,004,528 | ---- | C] () -- C:\WINDOWS\SETBROWS.EXE
[2010/11/28 01:52:55 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/07/08 20:30:55 | 000,134,138 | ---- | C] () -- C:\WINDOWS\ColorPic Uninstaller.exe

< End of report >


----------



## Glaswegian (Dec 5, 2004)

Hi again

No need to apologise.

Please try running ComboFix in *Safe Mode with Networking.*


----------



## Shelob (Aug 10, 2002)

Nope, that didn't work either. Just the same messages as before, except this time the computer kept beeping and saying AVG was still on, although in safemode there's no way to turn it off (if it was actually on at all).

Just for future reference: after working in safe mode is it normal for the monitor resolution to be altered? It was 800x600 and flickery as hell, and actually still is flickery.

Edit - Some of the buttons were greyed out, including monitor properties and even 'stand by'. The only way I could get things back to normal (and non flickery) was to do a system restore to how things were 3am this morning, hope I haven't messed with your system. (but seems to be working normally again now)


----------



## Glaswegian (Dec 5, 2004)

Hi again

No problems. We'll try a different tool.

Download   *Malwarebytes' Anti-Malware* to your desktop.


Double-click *mbam-setup.exe* and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
 *Update Malwarebytes' Anti-Malware*
 *Launch Malwarebytes' Anti-Malware*

Then click *Finish*.
If an update is found, it will download and install the latest version.
Once the program has loaded, select *Perform Full Scan*, then click *Scan*.
When the scan is complete, click *OK*, then *Show Results* to view the results. *Note that the full scan may take quite some time.*
Be sure that everything is checked, and click *Remove Selected*.
When completed, a log will open in Notepad. *Save it to your desktop*.
* Note:* Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, *post that saved log *in your next reply.


----------



## Shelob (Aug 10, 2002)

Hi there, thanks for your replies again.

I'd already downloaded, updated and run a full scan of Mbam last thursday (before coming here). It found some bad things, it deleted them, I ran the full scan again that day and it said it was clear. I've just run another full scan with it though as per your instructions.

I'll include both logs (from the 19th, and today):

---------------------------------------------------------
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.19.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Alice :: SONI-CACC3DA1EF [administrator]

Protection: Enabled

19/04/2012 19:19:46
mbam-log-2012-04-19 (19-19-46).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 397476
Time elapsed: 1 hour(s), 5 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Puzohod (Trojan.Agent) -> Data: "C:\Documents and Settings\Alice\Application Data\Evunu\bioqi.exe" -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Documents and Settings\Alice\Application Data\Evunu\bioqi.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\cdrom.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alice\Application Data\Sun\Java\Deployment\cache\6.0\52\426d1cb4-74a28c5a (Trojan.Agent.VZGen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1250270C-48C6-458B-92D3-5DBB3F646516}\RP1702\A0152604.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\crt.dat (Malware.Trace) -> Quarantined and deleted successfully.

(end)

---------------------------------------------------------
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.25.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Alice :: SONI-CACC3DA1EF [administrator]

Protection: Disabled

25/04/2012 19:04:22
mbam-log-2012-04-25 (19-04-22).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 373429
Time elapsed: 54 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
---------------------------------------------------------


----------



## Glaswegian (Dec 5, 2004)

Hi again

Thanks - while it looks like MBAM removed the rootkit I think it may have missed other components.

Do you have a Windows disk? Do you have a CD/DVD writer on your system?


----------



## Shelob (Aug 10, 2002)

You're right it must have missed something because the problems didn't stop, and the one message I could get from ComboFix (after scanning with Mbam) is 'RootKit: ZeroAccess!' over and over.

I do have a Windows disk; and a dvd writer too though so far it hasn't actually worked. (I usually use a flash drive or external harddrive.)


----------



## Glaswegian (Dec 5, 2004)

Does your CD/DVD read disks? It doesn't need to write but it does need to read them.


----------



## Shelob (Aug 10, 2002)

Yes it does.


----------



## Glaswegian (Dec 5, 2004)

Ack - sorry! 

Will it be able to write as well?


----------



## Shelob (Aug 10, 2002)

I honestly don't know. I've tried writing dvds a couple of times in the past and it always said the blank dvd is already full, I'd put it down to the dvds themselves being crappy. I could try with a better brand of blank dvd, though that would take a few days as I'm in the middle of nowhere (a village in Portugal).


----------



## Glaswegian (Dec 5, 2004)

You only need a CD.

Would you be able to use a friend's PC? All you need to use is the CD drive and your Windows disk. You would also need a flash/USB drive for later use.

Just to explain a bit - we have a particular tool that only operates in the Windows Recovery Environment - something that does not exist on XP. Therefore we need to create a special boot CD using your Windows disk. Using this tool, the infection can be identified but because we do not actually boot into Windows it is not active and can therefore be removed.


----------



## Shelob (Aug 10, 2002)

Actually yes I do have a friend whose pc I could borrow as long as I can promise her I wouldn't mess it up or accidentally reformat it. ;}


----------



## Glaswegian (Dec 5, 2004)

Hehe - I don't think that will happen.

Do you have all your data backed up? An alternative would be to format your drive and re-install Windows - something to think about. Is this a custom built machine or a branded system? Laptop or desktop? What is the make and model?


----------



## Shelob (Aug 10, 2002)

Yeah I've been dreading the reformat possibility, this would be my 3rd (or 4th?) in as many years because of bloody malware; though the first on this machine.
If it comes to that I think I'll take it to my local tech shop and ask them to do it (again) as I'm so scared of screwing it up myself.

It's a custom built desktop made from generic bits, so god knows what the make and model is. If there's some way to find harddrive specs etc, woulld that help?


----------



## Glaswegian (Dec 5, 2004)

No need to do that yet.

If you can enlist the help of your friend then you need to create a boot disk as described here. The main instructions are about half way down the page. Just take your time and read or print the instructions - it's not too complicated as the application does most of the work for you. You will then have a boot CD that we can use.

Let me know what you decide.


----------



## Shelob (Aug 10, 2002)

Okay I think I'll try creating the boot disk as soon as possible, tonight or tomorrow.

For future reference could you please tell me how best to keep a machine safe? I've been paying for antiviruses for the last 4 years or more, but something always gets through. 
Is there some special combination of defences that will keep the nasties out but not conflict with each other? 
Or is Win XP just a buggy awful thing that will always be full of holes? At this point I'm wondering if it wouldn't just be cheaper ultimately to upgrade to Win 7 if that's safer.


----------



## Glaswegian (Dec 5, 2004)

I'll provide security suggestions etc when we are finished.

I used XP for years - apart from it's poor firewall I had no complaints. Windows 7 is definitely much better but still has its share of problems. You would need to check your hardware to make sure it can run Windows 7.

See here > > http://www.microsoft.com/download/en/details.aspx?id=20


----------



## Shelob (Aug 10, 2002)

Sorry it's taking longer than I thought, no blank cds either so I'll need to ferret some out; hopefully over the weekend. Will be back asap, thanks again!


----------



## Glaswegian (Dec 5, 2004)

No worries - I'll be looking out for your next post.


----------



## Shelob (Aug 10, 2002)

Hi again,

Thanks so much for your help so far!
However I think I'm just going to take my pc to the tech shop and have it wiped and reformatted; I use this machine for work and banking, so I'd be worried about things lurking even after a clean. - However - I wanted to ask your advice on how I might best avoid this again! I realise now I'd been relying too much on AVG 2012 to catch everything on its own, and my firewall protection was probably craptacular. :/

I've sorted my questions into a little list, if I could beg a last bit of your time and patience. 

* Anti Virus - As I've paid for AVG 2012 I'd obviously rather use it, but are there actually free AVs that work better? The ones I heard the best about were: Avast, Microsoft Security Essentials and Eset Nod32

* Firewall - recs for anything better than Windows Firewall? Probably lots.

* Extra defense - any other security programs I should have that won't conflict with the AV and firewall?

* -- At the moment I have a trial version of Mbam Pro that's scanning and preventing things in real time, and seems to be stopping lots of bad things, but I don't know if it's just cos my comp's buggered at the moment. Is it worth forking out for the Pro version for future use on my (cleaned) machine?

* If I'm going to reformat anyway this might be a good time to upgrade OS for something (that _ideally_) has less probs with malware. Windows 7 was mentioned before, is it less susceptible than XP?

* And finally - is it true that many probs like this can be avoided by using a _non_-administrator account for the internet??

Thanks so much in advance for any suggestions, and again for your help in trying to fix the horribles thus far, it was appreciated.


----------



## Glaswegian (Dec 5, 2004)

Hi again

I've written an article that will answer all your questions. It includes links to suggested software and other security information and it can be found here.

Have a read and if you have any further questions just post back here and I'll do my best to answer you.


----------

