Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose


  • This topic is locked This topic is locked
4 replies to this topic

#1 yagamituxo

yagamituxo

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 16 May 2010 - 11:07 AM

i've reden a tutorial on the site, and it said to ask for help here in the forum

so here I am

the following is the resoult of HijackThis scan

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:52:09, on 16/5/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avscan.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\explorer.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\Victor\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: csiddll - {C4560D12-CE25-4A2E-A5D4-B5070FCBE282} - C:\WINDOWS\System32\dkmmla.dll (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

--
End of file - 3859 bytes


anyone can help me by telling what i should delete?

thanks

BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:01 PM

Posted 19 May 2010 - 02:33 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 yagamituxo

yagamituxo
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 22 May 2010 - 06:02 PM

Thank you very much

the only problem i'm having so far is that my navigator (firefox), every time I open it, it opens a japonese website. I had to format my computer because i had the same problem and it achived a poit that i couldn't even acces the windows. So, I'm a little afraid.

I did the steps you asked for, the results are the following:

OTL logfile created on: 22/5/2010 19:41:59 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Victor\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

991,00 Mb Total Physical Memory | 506,00 Mb Available Physical Memory | 51,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 36,34 Gb Total Space | 24,25 Gb Free Space | 66,73% Space Free | Partition Type: NTFS
Drive D: | 112,70 Gb Total Space | 112,62 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 38,28 Gb Total Space | 19,80 Gb Free Space | 51,73% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USUARIO
Current User Name: Victor
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/22 19:39:51 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Victor\Desktop\OTL.exe
PRC - [2010/05/14 18:37:07 | 000,322,352 | ---- | M] (BitTorrent, Inc.) -- C:\Arquivos de programas\uTorrent\uTorrent.exe
PRC - [2010/05/06 17:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/05/06 17:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/04/16 18:36:42 | 000,026,480 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
PRC - [2010/04/01 15:06:14 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe
PRC - [2009/03/10 22:18:18 | 000,969,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2008/11/29 07:59:40 | 001,252,352 | ---- | M] () -- C:\Arquivos de programas\foobar2000\foobar2000.exe
PRC - [2008/04/14 09:00:00 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/01/06 21:40:02 | 000,176,128 | ---- | M] () -- C:\WINDOWS\system32\pctspk.exe


========== Modules (SafeList) ==========

MOD - [2010/05/22 19:39:51 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Victor\Desktop\OTL.exe
MOD - [2008/04/14 09:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/05/06 17:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/05/06 17:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/05/06 17:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)


========== Driver Services (SafeList) ==========

DRV - [2010/05/06 17:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/05/06 17:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/05/06 17:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/05/06 17:33:59 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/05/06 17:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/05/06 17:33:29 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/04/13 08:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2003/02/19 22:18:36 | 000,036,608 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (sisagp)
DRV - [2003/01/14 23:15:36 | 000,132,700 | ---- | M] (PCTEL, INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptserial.sys -- (Ptserial)
DRV - [2003/01/14 23:15:06 | 000,065,343 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vvoice.sys -- (Vvoice)
DRV - [2003/01/14 23:14:44 | 000,697,629 | ---- | M] (PCTEL, INC.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vmodem.sys -- (Vmodem)
DRV - [2003/01/14 23:13:48 | 000,551,883 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vpctcom.sys -- (Vpctcom)
DRV - [2002/12/02 04:33:08 | 000,250,368 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2002/11/26 10:40:16 | 000,008,576 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2002/10/01 14:43:32 | 000,119,798 | ---- | M] (SP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\spca561.sys -- (CA561) ICatch (VI)
DRV - [2002/07/10 12:39:34 | 000,032,256 | R--- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2001/08/17 21:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 19:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1659004503-1383384898-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
IE - HKU\S-1-5-21-1659004503-1383384898-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/
IE - HKU\S-1-5-21-1659004503-1383384898-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.orkut.com"
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.3
FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.0.6
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.3
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: {F3281C6A-29E3-405D-BD66-614E70C0B6B9}:0.3.5

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2002/05/14 15:53:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins [2010/05/21 17:27:16 | 000,000,000 | ---D | M]

[2002/05/14 15:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Victor\Dados de aplicativos\Mozilla\Extensions
[2010/05/22 16:58:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Victor\Dados de aplicativos\Mozilla\Firefox\Profiles\uvf97xp7.default\extensions
[2010/05/16 13:27:50 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Documents and Settings\Victor\Dados de aplicativos\Mozilla\Firefox\Profiles\uvf97xp7.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2010/05/14 16:43:53 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Documents and Settings\Victor\Dados de aplicativos\Mozilla\Firefox\Profiles\uvf97xp7.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2010/05/16 18:04:41 | 000,000,000 | ---D | M] (Foobar Controls) -- C:\Documents and Settings\Victor\Dados de aplicativos\Mozilla\Firefox\Profiles\uvf97xp7.default\extensions\{F3281C6A-29E3-405D-BD66-614E70C0B6B9}
[2010/05/14 16:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Victor\Dados de aplicativos\Mozilla\Firefox\Profiles\uvf97xp7.default\extensions\isreaditlater@ideashower.com
[2010/05/16 13:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Victor\Dados de aplicativos\Mozilla\Firefox\Profiles\uvf97xp7.default\extensions\personas@christopher.beard
[2010/05/14 16:51:25 | 000,006,201 | ---- | M] () -- C:\Documents and Settings\Victor\Dados de aplicativos\Mozilla\Firefox\Profiles\uvf97xp7.default\searchplugins\baixaki.xml
[2010/05/14 16:33:28 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Victor\Dados de aplicativos\Mozilla\Firefox\Profiles\uvf97xp7.default\searchplugins\mozilla-add-ons.xml
[2010/05/22 13:48:56 | 000,001,555 | ---- | M] () -- C:\Documents and Settings\Victor\Dados de aplicativos\Mozilla\Firefox\Profiles\uvf97xp7.default\searchplugins\msgplus-scripts.xml
[2010/05/14 16:47:35 | 000,002,067 | ---- | M] () -- C:\Documents and Settings\Victor\Dados de aplicativos\Mozilla\Firefox\Profiles\uvf97xp7.default\searchplugins\pesquisa-de-vdeos-do-youtube.xml
[2010/05/16 15:54:31 | 000,001,597 | ---- | M] () -- C:\Documents and Settings\Victor\Dados de aplicativos\Mozilla\Firefox\Profiles\uvf97xp7.default\searchplugins\the-pirate-bay.xml
[2010/05/15 17:09:41 | 000,001,330 | ---- | M] () -- C:\Documents and Settings\Victor\Dados de aplicativos\Mozilla\Firefox\Profiles\uvf97xp7.default\searchplugins\wikipedia-en.xml
[2002/05/14 15:53:05 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Mozilla Firefox\extensions
[2010/04/01 14:34:02 | 000,001,027 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\buscape.xml
[2010/04/01 14:34:02 | 000,001,212 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\mercadolivre.xml
[2010/04/01 14:34:02 | 000,001,168 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\wikipedia-br.xml
[2010/04/01 14:34:02 | 000,000,952 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\yahoo-br.xml

O1 HOSTS File: ([2008/04/14 09:00:00 | 000,000,776 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avast5] C:\Arquivos de programas\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [Cmaudio] File not found
O4 - HKLM..\Run: [PCTVOICE] C:\WINDOWS\System32\pctspk.exe ()
O4 - HKLM..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)
O4 - HKU\S-1-5-21-1659004503-1383384898-854245398-1003..\Run: [uTorrent] C:\Arquivos de programas\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnce: [RemoveWGA] C:\DOCUME~1\Victor\CONFIG~1\Temp\Rar$EX02.910\RemoveWGA.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1659004503-1383384898-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1659004503-1383384898-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 189.7.80.15 189.7.80.16
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de programas\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de programas\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {C4560D12-CE25-4A2E-A5D4-B5070FCBE282} - csiddll - C:\WINDOWS\System32\dkmmla.dll File not found
O24 - Desktop Components:0 (Minha página inicial atual) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Victor\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Victor\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/05/14 15:26:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Processamento de gráficos vetoriais (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Ligação de dados de HTML dinâmico para Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Pacote para navegação off-line
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Cancelar inscrição
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Criação avançada
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Ajuda do Internet Explorer
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes DirectAnimation para Java
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Ferramentas da Instalação do Internet Explorer
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Recursos de navegação
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Acesso ao site da MSN
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Ligação de dados de HTML dinâmico
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Fontes principais do Microsoft Internet Explorer
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Agendador de tarefas
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - Ajuda HTML
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FMVC - C:\WINDOWS\System32\fmcodec.DLL (Fox Magic Software)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2002/05/14 15:26:09 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/05/22 19:39:47 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Victor\Desktop\OTL.exe
[2010/05/22 17:26:57 | 000,164,048 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/22 17:26:57 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/22 17:26:57 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/22 17:26:56 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/22 17:26:55 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/22 17:26:55 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/22 17:26:55 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/05/22 17:26:22 | 000,165,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/22 17:26:22 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/05/22 17:26:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Alwil Software
[2010/05/22 17:26:12 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Alwil Software
[2010/05/22 16:50:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Windows Genuine Advantage
[2010/05/22 16:48:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Victor\Meus documentos\Keskustelujen lokitiedostot
[2010/05/21 17:21:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/05/21 16:36:56 | 000,032,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msonpmon.dll
[2010/05/21 16:22:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Victor\Configurações locais\Dados de aplicativos\Microsoft Help
[2010/05/21 16:22:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help
[2010/05/20 16:41:04 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\DsNET Corp
[2010/05/20 16:39:35 | 000,272,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2010/05/20 16:31:28 | 000,455,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010/05/20 16:21:59 | 002,194,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010/05/20 16:21:53 | 002,150,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/05/20 16:21:52 | 002,028,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/05/19 18:30:10 | 000,026,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2010/05/19 18:30:10 | 000,018,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010/05/19 18:30:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/05/19 18:30:08 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/05/19 13:03:51 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
[2010/05/19 13:03:48 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2010/05/19 13:03:45 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys
[2010/05/19 13:03:44 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2010/05/19 13:03:44 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
[2010/05/19 13:03:41 | 000,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
[2010/05/19 13:03:35 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
[2010/05/19 13:03:29 | 000,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
[2010/05/19 13:03:25 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2010/05/19 13:03:16 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2010/05/19 13:03:16 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2010/05/19 13:03:16 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2010/05/19 13:03:16 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vidcap.ax
[2010/05/19 13:03:15 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2010/05/19 13:03:15 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2010/05/19 13:03:14 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2010/05/19 13:03:14 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2010/05/19 13:03:14 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2010/05/19 13:03:14 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2010/05/19 13:02:46 | 000,119,798 | ---- | C] (SP) -- C:\WINDOWS\System32\drivers\spca561.sys
[2010/05/19 13:02:46 | 000,053,248 | ---- | C] (Sunplus) -- C:\WINDOWS\ap561.exe
[2010/05/19 13:02:46 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dshow508.ax
[2010/05/19 13:02:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\Setup2K
[2010/05/19 12:49:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/05/18 13:41:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Victor\Recent
[2010/05/18 12:36:42 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\sXe Injected
[2010/05/18 11:40:05 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Valve
[2010/05/17 16:57:57 | 000,000,000 | -H-D | C] -- C:\Arquivos de programas\InstallShield Installation Information
[2010/05/17 16:14:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Victor\Dados de aplicativos\foobar2000
[2010/05/17 16:14:02 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\foobar2000
[2010/05/16 16:50:08 | 000,026,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbstor.sys
[2010/05/16 14:16:03 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\VS Revo Group
[2010/05/16 13:25:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy
[2010/05/16 13:21:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Victor\Meus documentos\backups
[2010/05/16 12:19:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/05/15 19:31:10 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Victor\Desktop\HiJackThis.exe
[2010/05/15 17:36:37 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Lame for Audacity
[2010/05/15 17:36:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Victor\Dados de aplicativos\Audacity
[2010/05/15 17:35:14 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Audacity 1.3 Beta (Unicode)
[2010/05/14 18:48:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/05/14 18:42:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Victor\Meus documentos\The KMPlayer
[2010/05/14 18:33:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Victor\Dados de aplicativos\WinRAR
[2010/05/14 18:32:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Victor\Configurações locais\Dados de aplicativos\Ares
[2010/05/14 18:32:48 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Ares
[2010/05/14 18:30:12 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\uTorrent
[2010/05/14 18:29:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Victor\Dados de aplicativos\uTorrent
[2010/05/14 18:29:03 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\The KMPlayer
[2010/05/14 18:18:34 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\WinRAR
[2010/05/14 18:05:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Victor\Meus documentos\Os Meus Registos
[2010/05/14 18:04:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!
[2010/05/14 17:25:31 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Messenger Plus! Live
[2010/05/14 16:57:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Victor\Dados de aplicativos\IObit
[2010/05/14 16:57:40 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\IObit
[2010/05/14 16:53:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Victor\Meus documentos\Meus arquivos recebidos
[2010/05/14 16:51:57 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\CCleaner
[2010/05/14 16:50:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Victor\Meus documentos\My Completed Downloads
[2010/05/14 16:50:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Victor\Tracing
[2010/05/14 16:49:17 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Microsoft
[2010/05/14 16:49:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documentos\microsoft
[2010/05/14 16:48:53 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Windows Live SkyDrive
[2010/05/14 16:48:02 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Windows Live
[2010/05/14 16:46:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Victor\Dados de aplicativos\Macromedia
[2010/05/14 16:46:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Victor\Dados de aplicativos\Adobe
[2010/05/14 16:46:07 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/05/14 16:45:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\McAfee
[2010/05/14 16:36:47 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Windows Live
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/22 19:39:51 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Victor\Desktop\OTL.exe
[2010/05/22 19:33:09 | 000,012,145 | ---- | M] () -- C:\Documents and Settings\Victor\Desktop\RemoveWGA.zip
[2010/05/22 19:28:38 | 000,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/22 19:28:16 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/22 19:27:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/22 19:26:54 | 002,097,152 | -H-- | M] () -- C:\Documents and Settings\Victor\NTUSER.DAT
[2010/05/22 19:26:54 | 000,000,210 | -HS- | M] () -- C:\Documents and Settings\Victor\ntuser.ini
[2010/05/22 19:26:46 | 003,700,716 | -H-- | M] () -- C:\Documents and Settings\Victor\Configurações locais\Dados de aplicativos\IconCache.db
[2010/05/22 18:28:43 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2010/05/22 17:26:58 | 000,001,772 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/05/22 17:26:55 | 000,003,018 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/22 12:35:34 | 000,066,440 | ---- | M] () -- C:\Documents and Settings\Victor\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT
[2010/05/22 11:46:14 | 000,259,840 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/21 17:20:45 | 000,000,461 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/21 15:57:58 | 000,752,010 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/21 15:57:58 | 000,344,380 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat
[2010/05/21 15:57:58 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/21 15:57:58 | 000,048,628 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat
[2010/05/21 15:57:58 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/21 13:40:58 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/20 16:41:30 | 000,000,895 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\aTube Catcher.lnk
[2010/05/18 18:27:37 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\Victor\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/18 12:36:42 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Victor\Desktop\sXe Injected.lnk
[2010/05/18 11:46:16 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\Victor\Desktop\Dedicated Server.lnk
[2010/05/18 11:40:05 | 000,001,441 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Counter-Strike 1.6.lnk
[2010/05/15 19:31:13 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Victor\Desktop\HiJackThis.exe
[2010/05/14 18:30:13 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2010/05/06 17:59:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/05/06 17:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/06 17:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/06 17:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/06 17:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/06 17:33:59 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/06 17:33:55 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/06 17:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/06 17:33:29 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/22 19:33:02 | 000,012,145 | ---- | C] () -- C:\Documents and Settings\Victor\Desktop\RemoveWGA.zip
[2010/05/22 17:26:58 | 000,001,772 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/05/20 16:41:30 | 000,000,895 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\aTube Catcher.lnk
[2010/05/19 18:30:16 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/05/19 13:02:46 | 000,118,784 | ---- | C] () -- C:\WINDOWS\ShowBmp.exe
[2010/05/19 13:02:46 | 000,014,385 | ---- | C] () -- C:\WINDOWS\Tw561a.ini
[2010/05/19 13:02:46 | 000,007,431 | ---- | C] () -- C:\WINDOWS\Tw561a.src
[2010/05/19 13:02:46 | 000,000,081 | ---- | C] () -- C:\WINDOWS\Setup8a.ini
[2010/05/18 18:27:37 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Victor\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/18 12:36:42 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\Victor\Desktop\sXe Injected.lnk
[2010/05/18 11:46:16 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\Victor\Desktop\Dedicated Server.lnk
[2010/05/18 11:40:05 | 000,001,441 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Counter-Strike 1.6.lnk
[2010/05/14 18:30:13 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2009/06/07 08:27:20 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\vbzlib1.dll
[2002/05/14 15:42:09 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2002/05/14 15:42:08 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2002/05/14 15:42:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2002/05/14 15:41:55 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2002/05/14 15:40:28 | 000,008,576 | R--- | C] () -- C:\WINDOWS\System32\drivers\srvkp.sys
[2002/05/14 15:40:27 | 000,032,738 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2002/05/14 15:40:27 | 000,015,066 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2002/05/14 15:39:17 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\setuplib.dll
[2002/05/14 15:37:53 | 000,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/04/14 09:00:00 | 020,099,802 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 09:00:00 | 020,099,802 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 09:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 09:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=A8CDC8DECE4735B86BBEF28460996C30 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 09:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=A8CDC8DECE4735B86BBEF28460996C30 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 09:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=49897D67B04E62F8E59EB8B1C7DF7072 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 09:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=49897D67B04E62F8E59EB8B1C7DF7072 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 09:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=879E802EF4EF2405014B170EA41E552B -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 09:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=879E802EF4EF2405014B170EA41E552B -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2002/05/14 12:13:07 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2002/05/14 12:13:07 | 001,093,632 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2002/05/14 12:13:06 | 000,430,080 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/05/06 17:33:29 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aavmker4.sys
[2010/05/06 17:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys
[2010/05/06 17:33:55 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon.sys
[2010/05/06 17:33:59 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon2.sys
[2010/05/06 17:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys
[2010/05/06 17:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswSP.sys
[2010/05/06 17:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys
[2010/02/24 10:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
< End of report >


and the Extras:

OTL Extras logfile created on: 22/5/2010 19:41:59 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Victor\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

991,00 Mb Total Physical Memory | 506,00 Mb Available Physical Memory | 51,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 36,34 Gb Total Space | 24,25 Gb Free Space | 66,73% Space Free | Partition Type: NTFS
Drive D: | 112,70 Gb Total Space | 112,62 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 38,28 Gb Total Space | 19,80 Gb Free Space | 51,73% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USUARIO
Current User Name: Victor
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1659004503-1383384898-854245398-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://www.rom12580.cn File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" = C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" = C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Arquivos de programas\uTorrent\uTorrent.exe" = C:\Arquivos de programas\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Arquivos de programas\Ares\Ares.exe" = C:\Arquivos de programas\Ares\Ares.exe:*:Enabled:Ares p2p for windows -- (Ares Development Group)
"C:\Documents and Settings\Victor\Configurações locais\Temp\RarSFX0\hl.exe" = C:\Documents and Settings\Victor\Configurações locais\Temp\RarSFX0\hl.exe:*:Enabled:Half-Life Launcher -- File not found
"C:\Arquivos de programas\Valve\hl.exe" = C:\Arquivos de programas\Valve\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Arquivos de programas\Mozilla Firefox\firefox.exe" = C:\Arquivos de programas\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Arquivos de programas\Valve\hlds.exe" = C:\Arquivos de programas\Valve\hlds.exe:*:Enabled:HLDS Launcher -- (Valve)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0FFEA8EE-7BC7-4C9D-8CC6-5B8C891BA3F2}" = Windows Live Essentials
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live
"{590035D9-BFA0-406A-A7F0-479C72C0DDB2}" = Windows Live Call
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}" = Counter-Strike 1.6
"{9ADC3E4F-34DA-48CD-8727-BB26D90257BD}" = Windows Live Messenger
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F48C6EA5-3B43-11D6-86A6-0050BA0259A2}" = ICatch (VI) PC Camera
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Ares" = Ares 2.1.5
"aTube Catcher" = aTube Catcher
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"avast5" = avast! Free Antivirus
"CCleaner" = CCleaner
"C-Media Audio" = C-Media 3D Audio
"FMCODEC" = FM Screen Capture Codec (Remove Only)
"foobar2000" = foobar2000 v0.9.6
"Installing HSP56 MicroModem Drivers" = HSP56 MR Drivers
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Messenger Plus! Live" = Messenger Plus! Live
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Revo Uninstaller" = Revo Uninstaller 1.88
"SiS Compatible VGA V2.12" = SiS Compatible VGA V2.12
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"sXe Injected" = sXe Injected
"The KMPlayer" = The KMPlayer (remove only)
"uTorrent" = µTorrent
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = Arquivo do WinRAR

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 14/5/2002 15:08:49 | Computer Name = USUARIO | Source = crypt32 | ID = 131080
Description = Falha na recuperação de atualização automática do número de seqüência
de lista raiz de terceiros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
com erro: Esta operação foi retornada porque o tempo limite expirou.

Error - 14/5/2002 15:12:24 | Computer Name = USUARIO | Source = crypt32 | ID = 131080
Description = Falha na recuperação de atualização automática do número de seqüência
de lista raiz de terceiros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
com erro: Esta operação foi retornada porque o tempo limite expirou.

Error - 14/5/2010 17:47:41 | Computer Name = USUARIO | Source = Application Error | ID = 1000
Description = Aplicativo com falha audacity.exe, versão 0.0.0.0, módulo com falha
audacity.exe, versão 0.0.0.0, endereço com falha 0x000af2ec.

Error - 17/5/2010 12:33:22 | Computer Name = USUARIO | Source = Application Hang | ID = 1002
Description = Aplicativo com falha SpybotSD.exe, versão 1.6.2.46, módulo com falha
hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

[ System Events ]
Error - 19/5/2010 13:26:57 | Computer Name = USUARIO | Source = SideBySide | ID = 16842810
Description = Erro de sintaxe no arquivo de manifesto ou de diretiva: "C:\WINDOWS\system32\urlmon.dll"
na linha 0.

Error - 19/5/2010 13:26:57 | Computer Name = USUARIO | Source = SideBySide | ID = 16842811
Description = Falha de Generate Activation Context para C:\WINDOWS\system32\urlmon.dll.
Mensagem
de erro de referência: A operação foi concluída com êxito. .

Error - 19/5/2010 13:26:58 | Computer Name = USUARIO | Source = SideBySide | ID = 16842810
Description = Erro de sintaxe no arquivo de manifesto ou de diretiva: "C:\WINDOWS\system32\mlang.dll"
na linha 0.

Error - 19/5/2010 13:26:58 | Computer Name = USUARIO | Source = SideBySide | ID = 16842811
Description = Falha de Generate Activation Context para C:\WINDOWS\system32\mlang.dll.
Mensagem
de erro de referência: A operação foi concluída com êxito. .

Error - 19/5/2010 13:29:58 | Computer Name = USUARIO | Source = SideBySide | ID = 16842810
Description = Erro de sintaxe no arquivo de manifesto ou de diretiva: "C:\WINDOWS\system32\TAPI32.dll"
na linha 0.

Error - 19/5/2010 13:29:58 | Computer Name = USUARIO | Source = SideBySide | ID = 16842811
Description = Falha de Generate Activation Context para C:\WINDOWS\system32\TAPI32.dll.
Mensagem
de erro de referência: A operação foi concluída com êxito. .

Error - 22/5/2010 17:36:36 | Computer Name = USUARIO | Source = SideBySide | ID = 16842810
Description = Erro de sintaxe no arquivo de manifesto ou de diretiva: "C:\WINDOWS\system32\urlmon.dll"
na linha 0.

Error - 22/5/2010 17:36:36 | Computer Name = USUARIO | Source = SideBySide | ID = 16842811
Description = Falha de Generate Activation Context para C:\WINDOWS\system32\urlmon.dll.
Mensagem
de erro de referência: A operação foi concluída com êxito. .

Error - 22/5/2010 17:36:36 | Computer Name = USUARIO | Source = SideBySide | ID = 16842810
Description = Erro de sintaxe no arquivo de manifesto ou de diretiva: "C:\WINDOWS\system32\mlang.dll"
na linha 0.

Error - 22/5/2010 17:36:36 | Computer Name = USUARIO | Source = SideBySide | ID = 16842811
Description = Falha de Generate Activation Context para C:\WINDOWS\system32\mlang.dll.
Mensagem
de erro de referência: A operação foi concluída com êxito. .


< End of report >

thank you for helping me!

And sorry for possibles English errors, I'm Brazilian.

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:01 PM

Posted 22 May 2010 - 08:43 PM

Hi,

please try to run gmer next:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

When you say a japanese site opens, do you mean that the japanese site replaced your homepage or does it open in addition to your homepage?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:01 PM

Posted 30 May 2010 - 12:24 PM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users