Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer running slow and weird startup webpage


  • This topic is locked This topic is locked
3 replies to this topic

#1 Will-47

Will-47

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:30 PM

Posted 07 September 2011 - 10:45 AM

Hello there!!

I have got this problem and I think its related to some malware, after facemods I think.
Thank you all for any help

OTL logfile created on: 7/9/2011 11:46:32 - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\William\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

1015,48 Mb Total Physical Memory | 365,71 Mb Available Physical Memory | 36,01% Memory free
2,39 Gb Paging File | 1,77 Gb Available in Paging File | 74,29% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 149,04 Gb Total Space | 114,36 Gb Free Space | 76,73% Space Free | Partition Type: NTFS

Computer Name: WILLIAM-PC | User Name: William | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/07 11:46:16 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\William\Desktop\OTL.com
PRC - [2011/08/04 14:34:50 | 001,955,208 | ---- | M] (LogMeIn Inc.) -- C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011/08/04 14:34:46 | 001,361,288 | ---- | M] (LogMeIn Inc.) -- C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011/05/26 11:29:03 | 000,800,768 | ---- | M] (Yuna Software) -- C:\Arquivos de programas\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2011/05/23 10:26:22 | 000,329,432 | ---- | M] (facemoods.com) -- C:\Arquivos de programas\facemoods.com\facemoods\1.4.17.10\facemoodssrv.exe
PRC - [2011/05/17 13:29:46 | 000,395,144 | ---- | M] (Ask) -- C:\Arquivos de programas\Ask.com\Updater\Updater.exe
PRC - [2011/03/14 20:04:00 | 002,071,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG9\avgtray.exe
PRC - [2010/11/24 09:52:21 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe
PRC - [2010/10/13 16:21:08 | 000,111,928 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Arquivos de programas\SweetIM\Messenger\SweetIM.exe
PRC - [2010/09/23 14:39:36 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG9\avgnsx.exe
PRC - [2010/08/28 11:48:35 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG9\avgrsx.exe
PRC - [2010/08/28 11:48:24 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe
PRC - [2010/08/28 11:47:41 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG9\avgemc.exe
PRC - [2010/08/28 11:47:40 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Nero\Update\NASvc.exe
PRC - [2008/04/14 09:00:00 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/03/02 11:11:18 | 000,004,096 | ---- | M] () -- C:\Arquivos de programas\Yuna Software\Messenger Plus!\Detoured.dll
MOD - [2010/06/03 13:46:00 | 000,067,872 | ---- | M] () -- C:\Arquivos de programas\Arquivos comuns\Apple\Apple Application Support\zlib1.dll
MOD - [2008/04/14 09:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/08/04 14:34:46 | 001,361,288 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010/08/28 11:48:24 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/08/28 11:47:41 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Arquivos de programas\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Arquivos de programas\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2003/07/28 20:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2011/08/29 17:36:41 | 000,484,064 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - [2011/05/05 17:45:39 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/08/28 11:48:35 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/08/28 11:47:41 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/11/03 08:39:04 | 005,940,736 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/07/28 05:55:00 | 000,143,360 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/03/18 15:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/08/05 09:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2006/01/04 04:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.localstrike.com.ar/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.localstrike.com.ar/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.localstrike.com.ar/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=pcmega&s={searchTerms}&f=4


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-842925246-1450960922-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.localstrike.com.ar/
IE - HKU\S-1-5-21-842925246-1450960922-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://domredi.com/1/
IE - HKU\S-1-5-21-842925246-1450960922-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-842925246-1450960922-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "Messenger Plus BR Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2905346&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?babsrc=HP_ss&affID=100364&mntrId=98f64995000000000000001d7dfacaa9"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.12.2.100005
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.8
FF - prefs.js..extensions.enabledItems: {1d80d668-2160-46a2-b3a7-e166795b0b28}:3.5.1.1
FF - prefs.js..extensions.enabledItems: {c69650dc-9644-4580-aa86-0ea329ee6c60}:2.7.1.3
FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.3.0
FF - prefs.js..extensions.enabledItems: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:1.0.7
FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=adbartrp&affID=100364&mntrId=98f64995000000000000001d7dfacaa9&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Arquivos de programas\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Arquivos de programas\Microsoft Silverlight\4.0.50917.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\William\Configurações locais\Dados de aplicativos\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\William\Configurações locais\Dados de aplicativos\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2010/12/13 10:51:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins [2010/12/13 10:51:52 | 000,000,000 | ---D | M]

[2010/08/27 10:18:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\William\Dados de aplicativos\Mozilla\Extensions
[2011/07/28 17:18:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\William\Dados de aplicativos\Mozilla\Firefox\Profiles\88b0eww1.default\extensions
[2011/07/10 12:37:08 | 000,000,000 | ---D | M] (Messenger Plus BR Community Toolbar) -- C:\Documents and Settings\William\Dados de aplicativos\Mozilla\Firefox\Profiles\88b0eww1.default\extensions\{1d80d668-2160-46a2-b3a7-e166795b0b28}
[2010/09/05 00:40:36 | 000,000,000 | ---D | M] (MessengerPlusLive Brazil TB Toolbar) -- C:\Documents and Settings\William\Dados de aplicativos\Mozilla\Firefox\Profiles\88b0eww1.default\extensions\{c69650dc-9644-4580-aa86-0ea329ee6c60}
[2011/07/19 18:35:01 | 000,000,000 | ---D | M] (DealPly) -- C:\Documents and Settings\William\Dados de aplicativos\Mozilla\Firefox\Profiles\88b0eww1.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2011/07/01 13:58:36 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\William\Dados de aplicativos\Mozilla\Firefox\Profiles\88b0eww1.default\extensions\ffxtlbr@babylon.com
[2011/07/19 18:34:49 | 000,000,000 | ---D | M] (Facemoods) -- C:\Documents and Settings\William\Dados de aplicativos\Mozilla\Firefox\Profiles\88b0eww1.default\extensions\ffxtlbr@Facemoods.com
[2011/06/25 00:07:33 | 000,000,000 | ---D | M] ("Nero Toolbar") -- C:\Documents and Settings\William\Dados de aplicativos\Mozilla\Firefox\Profiles\88b0eww1.default\extensions\toolbar@ask.com
[2010/11/14 11:19:55 | 000,001,681 | ---- | M] () -- C:\Documents and Settings\William\Dados de aplicativos\Mozilla\Firefox\Profiles\88b0eww1.default\searchplugins\ask.uk.xml
[2011/06/30 16:22:52 | 000,000,937 | ---- | M] () -- C:\Documents and Settings\William\Dados de aplicativos\Mozilla\Firefox\Profiles\88b0eww1.default\searchplugins\conduit.xml
[2010/08/27 10:11:23 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de programas\Mozilla Firefox\extensions
[2011/08/29 23:53:04 | 000,002,288 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\babylon.xml
[2010/12/13 10:51:45 | 000,001,027 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\buscape.xml
[2011/07/19 18:41:33 | 000,002,049 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\fcmdSrchpcmega.xml
[2009/10/04 20:48:30 | 000,023,158 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\localstrike.xml
[2010/12/13 10:51:45 | 000,001,212 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\mercadolivre.xml
[2010/12/13 10:51:45 | 000,001,168 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\wikipedia-br.xml
[2010/12/13 10:51:45 | 000,000,648 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\yahoo-br.xml

O1 HOSTS File: ([2008/04/14 09:00:00 | 000,000,776 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Arquivos de programas\BabylonToolbar\BabylonToolbar\1.4.31.2\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Arquivos de programas\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Arquivos de programas\facemoods.com\facemoods\1.4.17.10\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Arquivos de programas\DealPly\DealPlyIE.dll (DealPly)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Arquivos de programas\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Arquivos de programas\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Arquivos de programas\facemoods.com\facemoods\1.4.17.10\facemoodsTlbr.dll (facemoods.com)
O3 - HKU\S-1-5-21-842925246-1450960922-1177238915-1003\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Arquivos de programas\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Arquivos de programas\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [facemoods] C:\Arquivos de programas\facemoods.com\facemoods\1.4.17.10\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [PlusService] C:\Arquivos de programas\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [SweetIM] C:\Arquivos de programas\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-842925246-1450960922-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Arquivos de programas\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA747DFB-04D8-492F-A4E2-A0FC2D217051}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (Minha página inicial atual) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Alegria.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Alegria.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/26 18:49:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{a76494cc-fbe4-11df-bfdc-001d7dfacaa9}\Shell - "" = AutoRun
O33 - MountPoints2\{a76494cc-fbe4-11df-bfdc-001d7dfacaa9}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL mHRiH.exe
O33 - MountPoints2\{f131d492-b1d8-11df-bf6b-001d7dfacaa9}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{f131d492-b1d8-11df-bf6b-001d7dfacaa9}\Shell\linuxlive3\command - "" = H:\wubi.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/07 11:46:05 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\William\Desktop\OTL.com
[2011/09/04 20:22:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William\Desktop\PCDVD - Commandos Strike Force [CloneDVD] [English] [WwW.GamesTorrents.CoM]5D51
[2011/09/04 20:13:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William\Desktop\PCDVD - Commandos Strike Force [CloneDVD] [English] [WwW.GamesTorrents.CoM]
[2011/09/03 21:03:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William\Meus documentos\gegl-0.0
[2011/08/29 23:53:48 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\BabylonToolbar
[2011/08/29 23:53:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\BabylonUpdater
[2011/08/29 17:36:41 | 000,484,064 | ---- | C] (AhnLab, Inc.) -- C:\WINDOWS\System32\drivers\EagleXNt.sys
[2011/08/29 12:32:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Level Up!
[2011/08/29 12:26:25 | 000,000,000 | ---D | C] -- C:\Level Up! Games
[2011/08/27 21:33:23 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Activision
[2011/08/27 21:15:18 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\SweetIM
[2011/08/27 21:15:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\SweetIM
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/07 11:46:16 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\William\Desktop\OTL.com
[2011/09/07 11:44:13 | 085,521,206 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/09/07 11:39:06 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/07 11:39:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/06 00:01:00 | 000,000,254 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/09/05 23:56:00 | 000,001,176 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1450960922-1177238915-1003UA.job
[2011/09/03 21:11:19 | 000,002,460 | ---- | M] () -- C:\Documents and Settings\William\.recently-used.xbel
[2011/09/03 19:01:38 | 000,002,390 | ---- | M] () -- C:\Documents and Settings\William\Desktop\Google Chrome.lnk
[2011/09/03 18:56:02 | 000,001,124 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1450960922-1177238915-1003Core.job
[2011/08/29 23:52:57 | 000,002,673 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Babylon.lnk
[2011/08/29 17:36:41 | 000,484,064 | ---- | M] (AhnLab, Inc.) -- C:\WINDOWS\System32\drivers\EagleXNt.sys
[2011/08/24 17:42:23 | 000,002,169 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/08/10 16:49:18 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/03 21:11:19 | 000,002,460 | ---- | C] () -- C:\Documents and Settings\William\.recently-used.xbel
[2010/12/29 20:47:52 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\William\Configurações locais\Dados de aplicativos\fusioncache.dat
[2010/12/11 17:05:04 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2010/10/07 22:00:56 | 000,086,528 | ---- | C] () -- C:\WINDOWS\bnetunin.exe
[2010/09/17 19:41:26 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2010/09/01 18:08:02 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\William\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/31 13:59:54 | 000,455,600 | ---- | C] () -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\FontCache3.0.0.0.dat
[2010/08/27 17:35:07 | 000,000,242 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2010/08/27 10:21:50 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/08/27 10:11:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/27 10:02:51 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/08/27 10:02:50 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/08/27 10:02:49 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/08/27 10:02:49 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/08/27 10:02:48 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2010/08/27 10:02:46 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/08/27 09:43:22 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2010/08/27 09:42:08 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/08/26 18:51:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/08/26 18:46:18 | 000,021,844 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/08/26 15:40:13 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/26 15:39:08 | 000,117,360 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/04/14 09:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 09:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 09:00:00 | 000,441,704 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 09:00:00 | 000,427,546 | ---- | C] () -- C:\WINDOWS\System32\perfh016.dat
[2008/04/14 09:00:00 | 000,301,776 | ---- | C] () -- C:\WINDOWS\System32\perfi016.dat
[2008/04/14 09:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 09:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 09:00:00 | 000,084,154 | ---- | C] () -- C:\WINDOWS\System32\perfc016.dat
[2008/04/14 09:00:00 | 000,071,714 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 09:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 09:00:00 | 000,035,178 | ---- | C] () -- C:\WINDOWS\System32\perfd016.dat
[2008/04/14 09:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 09:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 09:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 09:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 09:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:D1B5B4F1

< End of report >

OTL Extras logfile created on: 7/9/2011 11:46:32 - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\William\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

1015,48 Mb Total Physical Memory | 365,71 Mb Available Physical Memory | 36,01% Memory free
2,39 Gb Paging File | 1,77 Gb Available in Paging File | 74,29% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 149,04 Gb Total Space | 114,36 Gb Free Space | 76,73% Space Free | Partition Type: NTFS

Computer Name: WILLIAM-PC | User Name: William | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-842925246-1450960922-1177238915-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Level Up! Games\Combat Arms\CombatArms.exe" = C:\Level Up! Games\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Level Up! Games\Combat Arms\Engine.exe" = C:\Level Up! Games\Combat Arms\Engine.exe:*Enabled:Engine.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Arquivos de programas\AVG\AVG9\avgemc.exe" = C:\Arquivos de programas\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Arquivos de programas\AVG\AVG9\avgupd.exe" = C:\Arquivos de programas\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Arquivos de programas\AVG\AVG9\avgnsx.exe" = C:\Arquivos de programas\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Arquivos de programas\Megacubo\megacubo.exe" = C:\Arquivos de programas\Megacubo\megacubo.exe:*:Enabled:MegaCubo
"C:\Arquivos de programas\8BallClub\GameDirector.exe" = C:\Arquivos de programas\8BallClub\GameDirector.exe:*:Enabled:8BallClub Game
"C:\Documents and Settings\William\Configurações locais\Temp\7ZipSfx.000\CF_Downloader.exe" = C:\Documents and Settings\William\Configurações locais\Temp\7ZipSfx.000\CF_Downloader.exe:*:Enabled:PT2Downloader
"C:\Arquivos de programas\Nexon\Counter-Strike Online\Bin\cstrike-online.exe" = C:\Arquivos de programas\Nexon\Counter-Strike Online\Bin\cstrike-online.exe:*:Enabled:Counter-Strike Online
"C:\Arquivos de programas\Ares\Ares.exe" = C:\Arquivos de programas\Ares\Ares.exe:*:Enabled:Ares p2p for windows -- (Ares Development Group)
"C:\Arquivos de programas\MegaJogos\jre\jre\bin\javaw.exe" = C:\Arquivos de programas\MegaJogos\jre\jre\bin\javaw.exe:*:Disabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Level Up! Games\Combat Arms\CombatArms.exe" = C:\Level Up! Games\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Level Up! Games\Combat Arms\Engine.exe" = C:\Level Up! Games\Combat Arms\Engine.exe:*Enabled:Engine.exe


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0FFEA8EE-7BC7-4C9D-8CC6-5B8C891BA3F2}" = Windows Live Essentials
"{1438B41C-658C-35B7-9253-780F2E0A0B8E}" = Microsoft .NET Framework 3.5 Language Pack SP1 - ptb
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1D301950-EA2F-4882-9AA0-49467756842A}" = SweetIM for Messenger 3.3
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3F31F3B5-C1FF-3708-8611-869DE39C0CB6}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PTB
"{47E16407-05D3-4D2A-B2B9-C30700B7C2AD}" = LogMeIn Hamachi
"{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{590035D9-BFA0-406A-A7F0-479C72C0DDB2}" = Windows Live Call
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110416-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edição 2003
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADC3E4F-34DA-48CD-8727-BB26D90257BD}" = Windows Live Messenger
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 2.7.322
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{B1FA73D8-AB79-3A2E-81AC-DBBAC155B2FE}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PTB
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{BF9BA346-27AA-4EE0-8333-FEA5400D2AA0}" = 18 WoS Across America
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Software Kodak EasyShare
"{DB0A8A2A-4EA7-4FE3-802E-8A6DEE32696C}_is1" = Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ares" = Ares 2.1.7
"Ask.com Search Assistant" = Ask.com Search Assistant 1.0.2
"AVG9Uninstall" = AVG Free 9.0
"BabylonToolbar" = Babylon toolbar on IE
"Battle.net" = Battle.net
"BestPractice" = BestPractice (remove only)
"Cheat Engine 5.6_is1" = Cheat Engine 5.6
"conduitEngine" = Conduit Engine
"DealPly" = DealPly
"facemoods" = Facemoods Toolbar
"Foxit Reader" = Foxit Reader
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{BF9BA346-27AA-4EE0-8333-FEA5400D2AA0}" = 18 WoS Across America
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.7.0
"Lexmark 640 Series" = Lexmark 640 Series
"LogMeIn Hamachi" = LogMeIn Hamachi
"MegaJogos" = MegaJogos (remove only)
"Messenger Plus!" = Messenger Plus! 5
"Microsoft .NET Framework 3.5 Language Pack SP1 - ptb" = Pacote de Idiomas do Microsoft .NET Framework 3.5 SP1 - PTB
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.16)" = Mozilla Firefox (3.5.16)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PokerStars" = PokerStars
"sXe Injected" = sXe Injected
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XMedia Recode" = XMedia Recode 2.3.3.3
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-842925246-1450960922-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 17/4/2011 15:54:31 | Computer Name = WILLIAM-PC | Source = Bonjour Service | ID = 100
Description = 392: ERROR: read_msg errno 10054 (Foi forçado o cancelamento de uma
conexão existente pelo host remoto.)

Error - 17/4/2011 15:54:31 | Computer Name = WILLIAM-PC | Source = Bonjour Service | ID = 100
Description = 412: ERROR: read_msg errno 10054 (Foi forçado o cancelamento de uma
conexão existente pelo host remoto.)

Error - 26/4/2011 17:43:29 | Computer Name = WILLIAM-PC | Source = Application Error | ID = 1000
Description = Aplicativo com falha gta_sa.exe, versão 0.0.0.0, módulo com falha
gta_sa.exe, versão 0.0.0.0, endereço com falha 0x00134134.

Error - 26/4/2011 19:53:09 | Computer Name = WILLIAM-PC | Source = Application Error | ID = 1000
Description = Aplicativo com falha gta_sa.exe, versão 0.0.0.0, módulo com falha
gta_sa.exe, versão 0.0.0.0, endereço com falha 0x00134134.

Error - 26/4/2011 22:21:23 | Computer Name = WILLIAM-PC | Source = Bonjour Service | ID = 100
Description = 256: ERROR: read_msg errno 10054 (Foi forçado o cancelamento de uma
conexão existente pelo host remoto.)

Error - 26/4/2011 22:21:23 | Computer Name = WILLIAM-PC | Source = Bonjour Service | ID = 100
Description = 232: ERROR: read_msg errno 10054 (Foi forçado o cancelamento de uma
conexão existente pelo host remoto.)

Error - 26/4/2011 22:21:23 | Computer Name = WILLIAM-PC | Source = Bonjour Service | ID = 100
Description = 396: ERROR: read_msg errno 10054 (Foi forçado o cancelamento de uma
conexão existente pelo host remoto.)

Error - 26/4/2011 22:21:23 | Computer Name = WILLIAM-PC | Source = Bonjour Service | ID = 100
Description = 392: ERROR: read_msg errno 10054 (Foi forçado o cancelamento de uma
conexão existente pelo host remoto.)

Error - 26/4/2011 22:21:23 | Computer Name = WILLIAM-PC | Source = Bonjour Service | ID = 100
Description = 408: ERROR: read_msg errno 10054 (Foi forçado o cancelamento de uma
conexão existente pelo host remoto.)

Error - 5/5/2011 20:02:40 | Computer Name = WILLIAM-PC | Source = Application Hang | ID = 1002
Description = Aplicativo com falha msnmsgr.exe, versão 14.0.8117.416, módulo com
falha hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

[ System Events ]
Error - 23/8/2011 10:13:36 | Computer Name = WILLIAM-PC | Source = W32Time | ID = 39452701
Description = O provedor de tempo NtpClient foi configurado para obter tempo de
uma ou mais fontes de tempo; no entanto, nenhuma delas está acessível no momento.

Não será feita nenhuma tentativa de contatar uma fonte durante 14 minutos. O NtpClient
não tem uma fonte de tempo preciso.

Error - 23/8/2011 10:13:49 | Computer Name = WILLIAM-PC | Source = Server | ID = 2505
Description = O servidor não pôde ligar-se com o transporte \Device\NetBT_Tcpip_{CA747DFB-04D8-492F-A4E2-A0FC2D217051}
porque outro computador na rede tem o mesmo nome. Não foi possível iniciar o servidor.

Error - 23/8/2011 10:23:11 | Computer Name = WILLIAM-PC | Source = System Error | ID = 1003
Description = Código de erro 1000000a, parâmetro1 00000000, parâmetro2 00000002,
parâmetro3 00000001, parâmetro4 8051ee76.

Error - 24/8/2011 11:16:22 | Computer Name = WILLIAM-PC | Source = Dhcp | ID = 1001
Description = Não foi atribuído um endereço na rede (pelo servidor DHCP) para a
placa de rede com endereço de rede 7A790563FAC1. Erro: %%121. O computador continuará
tentando obter um endereço do servidor (DHCP) de endereços de rede.

Error - 25/8/2011 16:28:16 | Computer Name = WILLIAM-PC | Source = System Error | ID = 1003
Description = Código de erro 1000000a, parâmetro1 00000000, parâmetro2 00000002,
parâmetro3 00000001, parâmetro4 8051ee76.

Error - 1/9/2011 21:25:40 | Computer Name = WILLIAM-PC | Source = DCOM | ID = 10010
Description = O servidor {DC0C2640-1415-4644-875C-6F4D769839BA} não se registrou
com o DCOM dentro do tempo limite requerido.

Error - 4/9/2011 19:17:07 | Computer Name = WILLIAM-PC | Source = DCOM | ID = 10010
Description = O servidor {DC0C2640-1415-4644-875C-6F4D769839BA} não se registrou
com o DCOM dentro do tempo limite requerido.

Error - 5/9/2011 20:26:49 | Computer Name = WILLIAM-PC | Source = Dhcp | ID = 1001
Description = Não foi atribuído um endereço na rede (pelo servidor DHCP) para a
placa de rede com endereço de rede 7A790563FAC1. Erro: %%121. O computador continuará
tentando obter um endereço do servidor (DHCP) de endereços de rede.

Error - 5/9/2011 20:33:52 | Computer Name = WILLIAM-PC | Source = Dhcp | ID = 1001
Description = Não foi atribuído um endereço na rede (pelo servidor DHCP) para a
placa de rede com endereço de rede 7A790563FAC1. Erro: %%121. O computador continuará
tentando obter um endereço do servidor (DHCP) de endereços de rede.

Error - 7/9/2011 10:41:30 | Computer Name = WILLIAM-PC | Source = Dhcp | ID = 1002
Description = A concessão 10.1.1.6 do endereço IP para a placa de rede com endereço
de rede 001D7DFACAA9 foi negada pelo servidor DHCP 192.168.1.254 (O servidor DHCP
enviou uma mensagem DHCPNACK).


< End of report >


aswMBR

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-07 11:53:18
-----------------------------
11:53:18.281 OS Version: Windows 5.1.2600 Service Pack 3
11:53:18.281 Number of processors: 1 586 0x1601
11:53:18.281 ComputerName: WILLIAM-PC UserName: William
11:53:18.859 Initialize success
11:54:51.812 AVAST engine defs: 11090700
11:57:36.453 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
11:57:36.453 Disk 0 Vendor: MAXTOR_STM3160215AS 4.AAB Size: 152626MB BusType: 3
11:57:38.500 Disk 0 MBR read successfully
11:57:38.500 Disk 0 MBR scan
11:57:38.531 Disk 0 Windows XP default MBR code
11:57:38.546 Disk 0 scanning sectors +312560640
11:57:38.625 Disk 0 scanning C:\WINDOWS\system32\drivers
11:57:46.250 Service scanning
11:57:48.078 Modules scanning
11:57:58.203 Disk 0 trace - called modules:
11:57:58.203 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
11:57:58.218 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86587ab8]
11:57:58.218 3 CLASSPNP.SYS[f75c7fd7] -> nt!IofCallDriver -> \Device\0000005c[0x86520f18]
11:57:58.718 5 ACPI.sys[f745e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86593940]
11:57:59.046 AVAST engine scan C:\WINDOWS
11:58:03.421 AVAST engine scan C:\WINDOWS\system32
11:59:51.609 AVAST engine scan C:\WINDOWS\system32\drivers
12:00:06.562 AVAST engine scan C:\Documents and Settings\William
12:19:30.375 AVAST engine scan C:\Documents and Settings\All Users
12:21:10.328 Scan finished successfully
12:21:36.093 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\All Users\Documentos\MBR.dat"
12:21:36.093 The log file has been saved successfully to "C:\Documents and Settings\All Users\Documentos\aswMBR.txt"

I really appreciate any help!

Thanks again!

Will-47

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:30 PM

Posted 12 September 2011 - 10:50 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/417879 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Will-47

Will-47
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:30 PM

Posted 13 September 2011 - 07:42 AM

Its too late!!

I did a fresh Windows recovery.
I mean I did reformat the pc

Thank you any way!!

#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:30 PM

Posted 13 September 2011 - 07:43 AM

You have stated that you no longer need help with this issue, therefore I am closing this topic. If that is not the case and you need or wish to continue with this topic, please send any Moderator a Personal Message (PM) that you would like this topic re-opened.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users