Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Problem with ad popup http://ib.adnxs.com and http://ad.yiel

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Problem with ad popup http://ib.adnxs.com and http://ad.yiel

Unread postby aherodoto » July 6th, 2012, 11:05 pm

I have tried every software. I don't know what to do!

My LOG from OTL:

OTL logfile created on: 06/07/2012 23:38:54 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\CASA\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 51,20% Memory free
8,00 Gb Paging File | 5,63 Gb Available in Paging File | 70,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 40,35 Gb Free Space | 17,33% Space Free | Partition Type: NTFS
Drive E: | 698,63 Gb Total Space | 26,62 Gb Free Space | 3,81% Space Free | Partition Type: NTFS

Computer Name: CASA-PC | User Name: CASA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/06 23:37:23 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\CASA\Downloads\OTL.exe
PRC - [2012/06/06 18:51:08 | 000,213,696 | ---- | M] ( ) -- C:\PROGRA~2\GbPlugin\GbpSv.exe
PRC - [2012/05/31 08:21:01 | 000,296,672 | ---- | M] (Microsoft Corporation) -- C:\Users\CASA\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
PRC - [2012/05/29 18:20:33 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/05/26 16:56:20 | 002,362,752 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\Suc12_Uninstal.exe
PRC - [2012/05/26 12:04:52 | 000,913,792 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
PRC - [2012/05/04 18:12:42 | 000,351,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/02/29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/01/03 10:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/10 10:26:47 | 000,368,560 | ---- | M] (Banco Bradesco S.A.) -- C:\Program Files (x86)\Scpad\scpVista.exe
PRC - [2010/07/19 19:00:35 | 000,079,360 | ---- | M] (Autodesk) -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2009/07/07 13:13:38 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe
PRC - [2008/03/10 00:08:42 | 000,065,536 | ---- | M] () -- C:\Arquivos de Programas\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe


========== Modules (No Company Name) ==========

MOD - [2011/04/21 16:54:40 | 000,347,024 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\madExcept_.bpl
MOD - [2011/04/21 16:54:40 | 000,179,088 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\madBasic_.bpl
MOD - [2011/04/21 16:54:40 | 000,046,480 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\madDisAsm_.bpl
MOD - [2009/07/10 09:07:18 | 000,166,912 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009/02/06 18:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL


========== Win32 Services (SafeList) ==========

SRV - [2012/07/01 18:13:42 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/06/23 21:12:39 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/22 00:09:56 | 001,148,664 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe -- (ST2012_Svc)
SRV - [2012/06/06 18:51:08 | 000,213,696 | ---- | M] ( ) [Auto | Running] -- C:\PROGRA~2\GbPlugin\GbpSv.exe -- (GbpSv)
SRV - [2012/05/26 12:04:52 | 000,913,792 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2012/04/22 13:51:04 | 000,720,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Arquivos de Programas\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Arquivos de Programas\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/02/29 21:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/02/29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/01/03 10:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/10 10:26:47 | 000,368,560 | ---- | M] (Banco Bradesco S.A.) [Auto | Running] -- C:\Program Files (x86)\Scpad\scpVista.exe -- (scpVista)
SRV - [2011/08/11 20:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Arquivos de Programas\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV - [2011/03/28 20:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Arquivos de Programas\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010/07/19 19:45:03 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/07/19 19:00:35 | 000,079,360 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2010/07/18 05:02:05 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/07/17 16:14:24 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010/01/09 21:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)
SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/03/10 00:08:42 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Arquivos de Programas\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe -- (mi-raysat_3dsMax2009_64)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2012/07/06 11:41:55 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\stflt.sys -- (sp_rsdrv2)
DRV:64bit: - [2012/04/22 13:51:38 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 03:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/09 17:28:20 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2012/01/09 17:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2012/01/09 17:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2012/01/09 17:28:18 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011/03/11 03:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 03:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 10:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 08:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/07/17 20:44:30 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/01/26 23:09:02 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2009/10/16 06:44:56 | 001,309,696 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\P17.sys -- (P17)
DRV:64bit: - [2009/07/16 11:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 00:49:16 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/30 09:37:16 | 000,033,800 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot)
DRV:64bit: - [2009/06/24 23:14:46 | 000,058,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\l160x64.sys -- (AtcL001)
DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2012/06/06 18:51:38 | 000,046,016 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\gbpkm.sys -- (GbpKm)
DRV - [2011/07/22 13:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Arquivos de Programas\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011/07/12 18:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Arquivos de Programas\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2010/11/09 15:50:30 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | Auto | Running] -- C:\Users\CASA\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-541023107-3262234059-3948009056-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/
IE - HKU\S-1-5-21-541023107-3262234059-3948009056-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-541023107-3262234059-3948009056-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
IE - HKU\S-1-5-21-541023107-3262234059-3948009056-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A6 D5 CC 7D E2 25 CB 01 [binary data]
IE - HKU\S-1-5-21-541023107-3262234059-3948009056-1001\..\SearchScopes,DefaultScope = {B2F6783C-6457-44A8-8A15-D2A38AEF8E55}
IE - HKU\S-1-5-21-541023107-3262234059-3948009056-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-541023107-3262234059-3948009056-1001\..\SearchScopes\{15174C38-F36A-4399-B180-97993F3F8107}: "URL" = http://br.search.yahoo.com/search?fr=ch ... =302398&p={searchTerms}
IE - HKU\S-1-5-21-541023107-3262234059-3948009056-1001\..\SearchScopes\{3BDD85AF-A403-4D82-AA38-3CFFFE6187EA}: "URL" = http://pt.wikipedia.org/w/index.php?tit ... ar&search={searchTerms}
IE - HKU\S-1-5-21-541023107-3262234059-3948009056-1001\..\SearchScopes\{B2F6783C-6457-44A8-8A15-D2A38AEF8E55}: "URL" = http://www.google.com/search?hl=pt&q={searchTerms}&rlz=
IE - HKU\S-1-5-21-541023107-3262234059-3948009056-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-541023107-3262234059-3948009056-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-541023107-3262234059-3948009056-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 216.52.233.197:443

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.uol.com.br/"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - user.js..browser.startup.homepage: "http://www.uol.com.br/"
FF - user.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - user.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - user.js..network.proxy.no_proxies_on: "*.local"
FF - user.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\Windows\ [2012/07/06 23:34:55 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/29 18:21:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/16 09:39:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/29 18:21:20 | 000,000,000 | ---D | M]

[2011/02/10 09:30:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CASA\AppData\Roaming\mozilla\Extensions
[2010/09/10 20:40:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CASA\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2012/07/06 18:32:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CASA\AppData\Roaming\mozilla\Firefox\Profiles\f29phm0a.default\extensions
[2012/03/29 23:42:19 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\CASA\AppData\Roaming\mozilla\Firefox\Profiles\f29phm0a.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/04/25 08:58:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011/03/15 08:54:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/08 20:48:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/04/25 08:58:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/06/16 09:39:08 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/25 08:58:15 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/05/29 18:20:41 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2012/02/23 16:17:17 | 000,001,027 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\buscape.xml
[2012/02/23 16:17:17 | 000,001,212 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mercadolivre.xml
[2012/02/23 16:17:17 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/02/23 16:17:17 | 000,001,168 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-br.xml
[2012/02/23 16:17:17 | 000,000,952 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-br.xml

O1 HOSTS File: ([2012/07/04 22:03:55 | 000,001,401 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 68.168.222.227 www.google-analytics.com.
O1 - Hosts: 68.168.222.227 ad-emea.doubleclick.net.
O1 - Hosts: 68.168.222.227 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de Programas\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Arquivos de Programas\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (ssh2 Class) - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files (x86)\Scpad\scpsssh2.dll (Banco Bradesco S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll (Banco do Brasil)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll (Banco Itaú Unibanco)
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-541023107-3262234059-3948009056-1001\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\S-1-5-21-541023107-3262234059-3948009056-1001\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-541023107-3262234059-3948009056-1001..\Run: [] File not found
O4 - HKU\S-1-5-21-541023107-3262234059-3948009056-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKU\S-1-5-21-541023107-3262234059-3948009056-1001..\Run: [SkyDrive] C:\Users\CASA\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\CASA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-541023107-3262234059-3948009056-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-541023107-3262234059-3948009056-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: = 1
O8:64bit: - Extra context menu item: &Enviar para o OneNote - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8:64bit: - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8:64bit: - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O8:64bit: - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: &Enviar para o OneNote - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/v ... .2.6.0.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan ... stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.co ... 4.13.0.cab (SysInfo Class)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwar ... /CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24480B42-7F9E-4939-AD49-CE0D0B08EDCB}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72E261D0-E1B7-4CB8-9D96-E01CDA7219B1}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de Programas\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\SysWOW64\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Program Files (x86)\GbPlugin\gbieh.dll) - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
O20 - Winlogon\Notify\ GbPluginUni: DllName - (C:\Program Files (x86)\GbPlugin\gbiehUni.dll) - C:\Program Files (x86)\GbPlugin\gbiehUni.dll (Banco Itaú Unibanco)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files (x86)\Scpad\scpLIB.dll (Banco Bradesco S.A.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll (Banco Itaú Unibanco)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll (Banco do Brasil)
O32 - HKLM CDRom: AutoRun - 0
O33 - MountPoints2\{1f80a68e-64ae-11e1-b6a0-001e8c8321db}\Shell - "" = AutoRun
O33 - MountPoints2\{1f80a68e-64ae-11e1-b6a0-001e8c8321db}\Shell\AutoRun\command - "" = G:\NokiaPCIA_Autorun.exe
O33 - MountPoints2\{c51933c6-9207-11df-9f7a-001e8c8321db}\Shell - "" = AutoRun
O33 - MountPoints2\{c51933c6-9207-11df-9f7a-001e8c8321db}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{c51933c6-9207-11df-9f7a-001e8c8321db}\Shell\configure\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{c51933c6-9207-11df-9f7a-001e8c8321db}\Shell\install\command - "" = F:\SETUP.EXE
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/06 22:57:13 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/07/06 22:57:13 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/07/06 22:03:10 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{522F9D6B-5659-4F30-B90C-34F93825360B}
[2012/07/06 22:02:31 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{973AF55A-B554-4E7C-8408-F828D289F10F}
[2012/07/06 22:01:51 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{C37F0645-2A24-4E61-9EE8-7BB0453B90C8}
[2012/07/06 22:01:12 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{CF3C4E4D-2629-4159-97E1-B642735992FC}
[2012/07/06 18:24:10 | 000,000,000 | ---D | C] -- C:\Users\CASA\Desktop\GooredFix Backups
[2012/07/06 11:41:55 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2012/07/06 11:41:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012
[2012/07/06 11:41:54 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Roaming\Spyware Terminator
[2012/07/06 11:41:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2012/07/06 11:40:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator
[2012/07/06 10:00:17 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{64D7C27A-DD1A-4BAF-A5AE-8C3547EC224D}
[2012/07/05 21:58:55 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{716CA6D4-8367-41EF-B6C8-5B90DCE37354}
[2012/07/05 21:58:16 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{B63FE352-8F64-499B-9FB1-AA66096418F5}
[2012/07/05 21:56:56 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{895F4ACD-D999-411B-95DF-F2A7D34B3F79}
[2012/07/05 09:56:14 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{60F33BA0-3397-4173-925C-8E53A92462BD}
[2012/07/05 09:55:34 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{EFE25A4E-1222-4900-B7F8-CE3EAB718099}
[2012/07/05 09:54:55 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{A601883A-313E-4A7D-B482-B78D31F0914F}
[2012/07/05 09:54:15 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{12A7522F-4771-4A89-9510-654E7022D1DD}
[2012/07/04 10:39:46 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{EF934227-1B92-4E5E-A8FC-CE351AC0C7FB}
[2012/07/04 10:39:07 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{A0AD7BE4-DBA7-4D2C-9943-6FA946D88E19}
[2012/07/04 10:38:29 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{45A29848-CF1C-4DE5-8781-92F92BF45D99}
[2012/07/04 10:37:50 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{0DFF5778-BDD2-4A96-BB20-36D0F71817DC}
[2012/07/03 22:36:56 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{016F2D14-3489-4ABF-AD5B-75CE7166F166}
[2012/07/03 22:36:17 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{D9748333-787A-461E-B465-3F81E48F210E}
[2012/07/03 22:35:35 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{2467B699-2C2B-4DCC-B4EC-5B9B8CA382E3}
[2012/07/03 10:34:14 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{7BF9BE40-E3A3-40CC-B21F-14818D3322AE}
[2012/07/03 10:33:35 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{49B2A058-747D-4190-B280-2FD522B85D53}
[2012/07/03 10:32:56 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{718D9DE2-A90D-4695-827E-E5E244AC7D2A}
[2012/07/03 10:32:17 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{A2CD5B9C-39A9-4ECE-8064-28562C48167A}
[2012/07/02 22:31:23 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{ED995CF5-BA82-49F5-8897-A3D6F29A6F5A}
[2012/07/02 22:30:44 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{8A8B28B0-F18A-4C96-8EFD-EF9BB480C0FA}
[2012/07/02 22:30:05 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{818B160C-EF27-470C-946E-98498FE8D5CB}
[2012/07/02 22:29:26 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{9C2D8616-379E-49BE-BC95-CA2FC2AB4965}
[2012/07/02 10:29:10 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{B46A65E4-0D79-40CE-8E88-34FF5B889850}
[2012/07/02 10:28:31 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{E6C4A033-FC45-4100-8487-19B155629480}
[2012/07/02 10:27:52 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{F2848E97-4EDB-4DBD-998F-5810AF5EDC39}
[2012/07/02 10:27:12 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{C4F6F920-B88A-4AF1-9C8C-F03FF517B289}
[2012/07/01 21:42:36 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{CBBB0BB5-34F3-4123-AC6F-9941F8A9DB87}
[2012/07/01 21:41:57 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{478FB991-3C1B-4888-8C92-FFCF26BF52B0}
[2012/07/01 21:40:39 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{6EF2AE86-04C2-455F-A221-B7C533749629}
[2012/07/01 09:39:57 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{08F11A76-1D44-4101-ABBA-A5DD16492797}
[2012/07/01 09:39:16 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{89BBEB8D-CEBD-458C-8317-B167B26F27C9}
[2012/07/01 09:38:37 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{6BFB088C-D53E-4280-A5FF-21D19339155B}
[2012/07/01 09:37:55 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{11014E7D-AF69-4352-9702-F92F2656E4C7}
[2012/06/30 21:20:21 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{76C28566-3BF6-4FD1-99B2-5DB25F5AA26D}
[2012/06/30 21:19:42 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{7376A979-5BD9-4AED-987A-65B0F67E6F7E}
[2012/06/30 21:18:24 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{82082B4A-9DB3-4E5E-A831-ED63ED9ECD93}
[2012/06/30 09:17:43 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{7FCF0043-C8C3-453D-9A33-69908547CE00}
[2012/06/30 09:17:04 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{77F4256D-434E-4496-B94C-C4F1E66A089B}
[2012/06/30 09:16:24 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{A3FECB8F-7486-46E7-AF58-6B9C813A3455}
[2012/06/29 21:15:03 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{4CF80DD5-AC21-4D37-BF49-5AAC286BA8E7}
[2012/06/29 21:14:24 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{0CCDE01A-428E-47C4-A918-69E620BD0D0A}
[2012/06/29 21:13:06 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{FF99332E-33E3-430C-97C0-6ED745BB20A2}
[2012/06/29 09:12:25 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{7BFCC28B-203A-4667-AE83-260075E94B0A}
[2012/06/29 09:11:46 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{292C17A5-6470-4B1F-B7F6-BC858E917F84}
[2012/06/29 09:11:06 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{F3B24E1F-AE47-4E94-9154-8100D55D6DAD}
[2012/06/29 09:10:24 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{96EDDE41-A37C-42FA-94A7-3B26CC7B1B2E}
[2012/06/28 12:30:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/06/28 12:30:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/06/28 12:29:32 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{2228360D-1FE6-43DD-99ED-1CF6EB73ED2A}
[2012/06/28 12:28:51 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{0BD47E81-E251-4DE5-91E5-5FD401CDF6B6}
[2012/06/28 12:27:58 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{6A7F51A0-101A-44DC-8D2A-DEB09A3DDAD1}
[2012/06/28 12:24:52 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software
[2012/06/28 12:04:31 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{AC1B9529-F1E7-41D7-BCC1-4D1DA25EBE25}
[2012/06/28 11:56:41 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{6B701F97-A38C-4D49-A4B6-8D332A761B26}
[2012/06/27 19:58:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/27 19:58:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/27 09:56:06 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{752F953A-755E-4787-B3A9-CC6455E4C8C7}
[2012/06/27 09:54:31 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{C7E031F6-6C04-4B1C-8A7D-6A2FABE06C3F}
[2012/06/27 09:53:44 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{5C8AE063-A1B1-4418-8EF9-A59CB8C59369}
[2012/06/27 09:52:53 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{E984BAFA-4D32-41F9-8D57-25C4110892D6}
[2012/06/26 19:09:07 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{AAE4D432-A6B4-4EA0-8921-9569CE697071}
[2012/06/26 19:08:19 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{804B3B03-A4C6-40BD-9F1F-DECFA77FAE6C}
[2012/06/26 19:07:34 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{4AF1216E-E5CD-4748-BF07-6F184A0A66B6}
[2012/06/26 19:06:43 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{6BD9B4BD-C11C-4F94-827D-26ED868731D9}
[2012/06/25 14:30:43 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{7DF81AD9-0C8A-411E-B7E8-EEE1E652D4C5}
[2012/06/25 14:29:52 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{FF49B017-EDE0-4DBF-A54B-CE83E9B2BB75}
[2012/06/25 14:29:08 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{D2791F60-09DE-4B45-8FA9-B6B931D81BCF}
[2012/06/25 14:28:23 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{FA1FBBF3-F694-46BF-B331-6ED590DB6E8B}
[2012/06/24 23:04:21 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{A2CE5217-968C-4EB6-B7D6-4E10B0B0A9E0}
[2012/06/24 23:03:41 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{A1342580-601C-4074-834A-A7E9D6EEDBFC}
[2012/06/24 23:03:02 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{540761CE-5304-4A35-8CF8-C8781CE8FEEE}
[2012/06/24 23:02:22 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{9296FC20-374E-48C4-B529-1D146CB9E53F}
[2012/06/24 17:53:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2012/06/24 17:52:25 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Roaming\Ad-Aware Antivirus
[2012/06/24 11:01:27 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{798FA4E9-6B27-4AB3-B5E4-21F108C423B0}
[2012/06/24 11:01:10 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\Macromedia
[2012/06/24 11:00:47 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{0B292586-52AC-4347-975F-1D20D6B43EE5}
[2012/06/24 11:00:08 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{03A167CF-A81B-4702-A9C2-83B63AB48B0C}
[2012/06/24 10:59:23 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{89DC9000-1991-4349-A906-8A9AADAA01CC}
[2012/06/23 14:32:24 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/23 14:32:24 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/23 14:32:24 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/23 14:32:09 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/23 14:32:09 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/23 14:32:09 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/23 14:31:50 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/23 14:31:49 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/23 11:51:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/06/23 11:51:45 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/06/23 10:00:16 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{A7D08E22-F495-4E39-8254-04A20C5496A1}
[2012/06/23 09:59:37 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{05558177-9991-44A6-8D26-7023DF20ECC6}
[2012/06/23 09:58:56 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{9BC02497-D653-4CB2-987F-9F45241CE5F6}
[2012/06/23 09:58:07 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{3EB266B4-9920-44A2-9991-68A748006C0C}
[2012/06/22 19:38:18 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{9E030D99-6A47-4D84-A2AD-D384288306CB}
[2012/06/22 19:37:33 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{889F45AB-1F2F-4CC3-8602-A5D9E22DAF66}
[2012/06/22 19:36:50 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{90E2E41B-BFE5-4733-89CC-57553B48ECFF}
[2012/06/22 19:36:05 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{A0AA50FE-39CA-490F-AB61-923EE6C3F38F}
[2012/06/21 16:08:02 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{F82328DE-9706-4AC8-BD6C-F68997FBD7BE}
[2012/06/21 16:07:23 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{668DA292-515A-4D16-A5F3-B9C6D3AF5F14}
[2012/06/21 16:06:43 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{B85F7400-1572-4FF2-8233-082DC8CA4A46}
[2012/06/21 16:06:01 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{63C53E55-C850-43AB-973F-5C9991AC1382}
[2012/06/20 18:08:01 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{4BE60453-CB3C-4EA2-AF18-D0A32889C695}
[2012/06/20 18:07:22 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{DFDD35F1-3B2D-4CDE-B18A-A89762C2061F}
[2012/06/20 18:06:43 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{ADC9A9AF-6B81-4583-A387-51507FE3E461}
[2012/06/20 06:20:55 | 000,000,000 | ---D | C] -- C:\Users\CASA\Desktop\FAZER 1 SEMESTRE
[2012/06/20 06:05:23 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{08A8D65C-9810-42BD-A883-A69DE510CA8F}
[2012/06/20 06:04:42 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{2E3305DC-8F0F-4CC0-8A3F-F60788B79FF5}
[2012/06/20 06:04:00 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{3243C38C-F333-4CC2-8106-94B50C86A438}
[2012/06/20 06:03:16 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{6203313A-6DEC-4D1A-8B5A-AFC7120ADD42}
[2012/06/19 15:59:19 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{14DC17CE-F7BC-4E35-8D55-92D45FBFC2AC}
[2012/06/19 15:58:19 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{7AFDD4D9-5B6E-4A52-9011-C894A8396639}
[2012/06/19 15:57:39 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{676EF9D7-EC44-4108-91F5-9B8E2D44C14E}
[2012/06/19 15:56:55 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{BB7E0608-1F5E-4C2B-B519-622060CAB045}
[2012/06/18 17:34:43 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{356F65B5-9B7F-4967-830C-725A44AA5408}
[2012/06/17 10:18:08 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{CA73E475-6150-4E94-B961-CA07A4109C60}
[2012/06/16 21:36:43 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{7A3378D6-8B40-4572-AE59-0C3FF5DDA457}
[2012/06/16 09:36:19 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{1ECC83D9-7BBF-4C6E-B11D-51E0338994E1}
[2012/06/15 17:19:58 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{B52484D1-1424-4F2C-9069-BFC4281CADFD}
[2012/06/14 14:30:25 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{BF9D97B8-9BB5-42B6-A1B3-D21AA4BB94F0}
[2012/06/14 14:29:44 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{E152DD34-412F-4246-ACC0-9E89A37874D0}
[2012/06/14 14:29:03 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{D407D49D-6BBD-40C4-AAAF-7A6B9853E5F8}
[2012/06/14 14:28:17 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{536A31A1-AAB6-4C78-A3DC-1BAFC410836F}
[2012/06/13 22:06:57 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{4A753564-31DA-482C-8584-9E4496A310CA}
[2012/06/13 22:06:18 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{F34F42DB-F85B-4AAF-8624-92AB8F198CAA}
[2012/06/13 22:04:59 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{AA62B7B3-F887-4DB7-97DC-A2B6C0A69836}
[2012/06/13 10:04:18 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{712AAF44-65F1-46E6-9C96-3EF027360680}
[2012/06/13 10:03:39 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{3E06A13F-4AD5-4345-ABC8-0F6F02F8654C}
[2012/06/13 10:02:59 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{B9B4F4B5-68B0-4CE8-A60C-B4A8D80C6B7E}
[2012/06/13 10:02:17 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{90FA8A46-75AD-4189-A2BE-B3FFCB8898E6}
[2012/06/12 23:12:18 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/06/12 23:12:18 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/12 23:12:17 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/06/12 23:12:17 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/12 23:12:15 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/06/12 23:12:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/12 23:12:14 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/06/12 23:12:14 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/06/12 23:12:12 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/06/12 23:12:12 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/06/12 23:12:12 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/06/12 23:12:11 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/06/12 23:12:10 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/06/12 20:50:55 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/06/12 20:50:55 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/06/12 20:50:55 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/06/12 20:50:48 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/06/12 20:50:47 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/06/12 20:50:46 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/06/12 20:50:41 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/06/12 20:50:26 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/06/12 20:50:26 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/06/12 17:17:51 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{B63253B4-2200-47D5-9DED-842B283E9880}
[2012/06/12 17:17:09 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{CA4E41BA-6260-43B9-9763-5397F01DA65B}
[2012/06/12 17:16:29 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{CE0D38B0-1D52-4ED4-BBDF-7FC6FF1577CE}
[2012/06/12 17:15:39 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{DF8BC35C-BE15-4877-AF50-F4F67469F99E}
[2012/06/11 16:08:47 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{DBAF6021-5514-463E-AA80-BB1EBD0EFCD8}
[2012/06/11 16:08:06 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{C6D80869-0F12-490A-BE05-06642ADA75B4}
[2012/06/11 16:07:27 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{ED54F195-9865-4EF6-B981-F68D0A4ED390}
[2012/06/11 16:06:46 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{56342568-F831-4E7B-98ED-6A5595EF9A91}
[2012/06/08 23:34:03 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{052C2F95-B0A8-4898-A524-EC6C988DC862}
[2012/06/08 23:33:25 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{4C18B61E-FB1F-434E-82DA-350A1CEC81D4}
[2012/06/08 11:31:25 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{5664FE41-9CFF-4BD6-9D7E-6C958FE4D7E2}
[2012/06/08 11:30:46 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{E3E0AEB8-A6E9-405F-AC52-F83DBCA5A441}
[2012/06/08 11:30:07 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{F50547BB-C7BB-46B9-B14E-3F1EB2994E39}
[2012/06/08 11:29:28 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{7AA1B2AD-FA9E-4CF1-8B59-27CC1845A71A}
[2012/06/08 00:52:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/06/08 00:52:26 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/06/07 22:05:13 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{F30B8B12-88C4-42C5-B1AC-98E75A4F377D}
[2012/06/07 22:04:34 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{D3055CF2-A2C3-4C55-A402-086A168B261B}
[2012/06/07 22:03:55 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{12268F79-C46C-4D6D-A2BA-47B12296225F}
[2012/06/07 22:03:15 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{CD7CFC7D-9EEC-43E3-BC86-2F394A0219C8}
[2012/06/07 10:49:18 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Roaming\Help
[2012/06/07 10:49:18 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\Help
[2012/06/07 10:47:58 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ftsrch.dll
[2012/06/07 10:47:58 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ftsrch.dll
[2012/06/07 10:47:58 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ftlx041e.dll
[2012/06/07 10:47:58 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ftlx041e.dll
[2012/06/07 10:47:58 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ftlx0411.dll
[2012/06/07 10:47:58 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ftlx0411.dll
[2012/06/07 10:46:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2012/06/07 10:02:21 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{D3F5C7B9-A273-4C80-8800-1BB13805EB9B}
[2012/06/07 10:01:41 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{5C5843D5-B261-4745-9311-9634D97048B7}
[2012/06/07 09:16:31 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{4B2424F2-2EEF-4BF8-9240-669E88F6EAA3}
[2012/06/07 08:54:48 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{93B11615-43C1-447E-B273-5040C2D08060}
[2012/06/07 08:51:02 | 000,000,000 | ---D | C] -- C:\Users\CASA\AppData\Local\{B12686E0-C9F5-4F68-9CF5-4F036DD9D524}
[2012/03/14 10:53:41 | 000,250,544 | ---- | C] (KeyWorks Software) -- C:\Program Files (x86)\Common Files\keyhelp.ocx
[2011/09/11 20:01:45 | 001,531,392 | ---- | C] (Toshiba Samsung Storage Technology Corporation) -- C:\Users\CASA\AppData\Roaming\tsdnwin.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/06 23:37:37 | 000,013,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/06 23:37:37 | 000,013,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/06 23:28:57 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/06 23:28:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/06 23:28:08 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/06 11:41:55 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2012/07/06 10:25:04 | 000,003,296 | ---- | M] () -- C:\bootsqm.dat
[2012/07/05 17:50:01 | 001,523,914 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/05 17:50:01 | 000,665,956 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2012/07/05 17:50:01 | 000,618,160 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/05 17:50:01 | 000,129,146 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2012/07/05 17:50:01 | 000,107,440 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/04 22:03:55 | 000,001,401 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120706-114822.backup
[2012/07/04 22:03:55 | 000,001,401 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120706-114506.backup
[2012/07/04 22:03:55 | 000,001,401 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/01 18:12:34 | 000,094,779 | ---- | M] () -- C:\Users\CASA\Desktop\Sem Título.wma
[2012/06/28 12:30:26 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/06/28 12:30:14 | 001,534,752 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/25 21:42:43 | 000,001,190 | ---- | M] () -- C:\Windows\SysWow64\ServiceConfig.xml
[2012/06/24 13:37:31 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/24 13:37:31 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/23 21:12:39 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/06/23 21:12:39 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/06/23 17:16:55 | 000,017,408 | ---- | M] () -- C:\Users\CASA\AppData\Local\WebpageIcons.db
[2012/06/23 11:51:49 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/06/20 18:46:51 | 002,332,805 | ---- | M] () -- C:\Users\CASA\Desktop\123
[2012/06/14 17:10:12 | 000,016,783 | ---- | M] () -- C:\Users\CASA\Desktop\pai COBRANCA 2012.pdf
[2012/06/13 09:55:24 | 002,440,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/06 10:25:04 | 000,003,296 | ---- | C] () -- C:\bootsqm.dat
[2012/07/01 18:12:33 | 000,094,779 | ---- | C] () -- C:\Users\CASA\Desktop\Sem Título.wma
[2012/06/28 12:30:20 | 000,001,953 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/06/25 21:42:43 | 000,001,190 | ---- | C] () -- C:\Windows\SysWow64\ServiceConfig.xml
[2012/06/23 17:16:39 | 000,017,408 | ---- | C] () -- C:\Users\CASA\AppData\Local\WebpageIcons.db
[2012/06/23 11:51:49 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/06/20 19:09:00 | 002,332,805 | ---- | C] () -- C:\Users\CASA\Desktop\123
[2012/06/14 17:10:12 | 000,016,783 | ---- | C] () -- C:\Users\CASA\Desktop\pai COBRANCA 2012.pdf
[2012/06/07 09:58:29 | 000,002,524 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/04/25 09:04:44 | 000,000,176 | ---- | C] () -- C:\Windows\REC-NET.INI
[2012/02/29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/12/25 08:50:38 | 000,000,000 | ---- | C] () -- C:\Users\CASA\AppData\Local\{2A9DDD4A-1BDE-4792-BF66-5332A8355329}
[2011/12/15 17:00:58 | 000,000,336 | ---- | C] () -- C:\Windows\game.ini
[2011/12/06 21:03:42 | 000,000,000 | ---- | C] () -- C:\Users\CASA\AppData\Local\{E0381B83-C149-4A64-B2B6-3E854438B24F}
[2011/10/15 11:37:34 | 000,007,670 | ---- | C] () -- C:\Users\CASA\AppData\Roaming\.freeciv-client-rc-2.3
[2011/09/11 17:52:52 | 000,000,454 | ---- | C] () -- C:\Users\CASA\AppData\Roaming\SamsungLiveUpdateConfig.ini
[2011/06/18 19:45:12 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\PDF2TIFF.DAT
[2011/06/01 08:18:06 | 001,878,831 | ---- | C] () -- C:\Windows\SysWow64\CalculoV32.dll
[2011/04/26 17:48:32 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/04/26 17:48:32 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/04/16 15:43:41 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\MSJCE.dll
[2011/03/31 14:01:04 | 000,000,146 | ---- | C] () -- C:\Users\CASA\AppData\Local\Settings.ini
[2011/03/24 09:37:00 | 000,444,283 | ---- | C] () -- C:\Program Files (x86)\Common Files\WinPcapNmap.exe
[2011/02/27 13:27:39 | 000,141,138 | ---- | C] () -- C:\Windows\hpwins27.dat.temp
[2011/02/27 12:22:50 | 000,000,160 | ---- | C] () -- C:\Windows\MyDrivers.ini
[2011/02/27 11:23:56 | 000,141,138 | ---- | C] () -- C:\Windows\hpwins27.dat
[2011/02/27 11:23:56 | 000,000,385 | ---- | C] () -- C:\Windows\hpwmdl27.dat
[2011/02/26 21:56:29 | 000,000,385 | ---- | C] () -- C:\Windows\hpwmdl27.dat.temp
[2011/02/23 08:37:38 | 000,176,852 | ---- | C] () -- C:\Windows\hpoins14.dat.temp
[2011/02/23 08:15:17 | 000,001,498 | ---- | C] () -- C:\Windows\hpomdl14.dat.temp
[2011/02/20 12:44:38 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011/02/20 12:44:38 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011/02/20 12:44:33 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011/02/20 12:44:33 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011/02/20 12:34:24 | 000,007,597 | ---- | C] () -- C:\Users\CASA\AppData\Local\Resmon.ResmonCfg
[2011/01/25 17:32:38 | 001,534,752 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/14 08:52:54 | 000,000,700 | ---- | C] () -- C:\Users\CASA\.powerupdate.user.properties
[2010/08/08 12:58:25 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/07/19 19:52:31 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2010/07/18 21:38:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/17 21:44:46 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/07/17 20:51:18 | 000,001,248 | ---- | C] () -- C:\Windows\SysWow64\vscfdx.dll
[2010/07/17 20:50:53 | 000,000,068 | ---- | C] () -- C:\Windows\batchrec.ini
[2010/07/17 19:57:19 | 000,047,104 | ---- | C] () -- C:\Users\CASA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/17 16:06:41 | 000,166,912 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/07/17 16:06:41 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 310 bytes -> C:\Windows\SysWow64\drivers:GbpKmAp.lst

< End of report >
aherodoto
Active Member
 
Posts: 3
Joined: July 6th, 2012, 11:00 pm
Advertisement
Register to Remove

Re: Problem with ad popup http://ib.adnxs.com and http://ad.

Unread postby diver79 » July 7th, 2012, 3:28 pm

Hi and welcome to MalwareRemoval.com.
My name is Diver79, and I will be helping you with your malware problems.

Before we start please note the following important guidelines.
  • The instructions given are for THIS computer only! Using these instructions on a different computer, can make it inoperable!
  • Please DO NOT run any other software or scans whilst I am helping you.

Note: If you haven't done so already, please ensure you have read the following article. ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
diver79 wrote:Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
Because of this, I advise you to backup any personal files and folders before you start.
How to backup your data - Vista/Win7

Please read the below post where it states the logs we require in your initial post. I will research the OTL log but I also need to see the DDS logs before we continue.

HOW TO GET HELP AT THIS FORUM (YOU MUST READ THIS)
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: Problem with ad popup http://ib.adnxs.com and http://ad.

Unread postby aherodoto » July 7th, 2012, 5:54 pm

I already backed up!

What is dds?
aherodoto
Active Member
 
Posts: 3
Joined: July 6th, 2012, 11:00 pm

Re: Problem with ad popup http://ib.adnxs.com and http://ad.

Unread postby diver79 » July 8th, 2012, 9:02 am

Please read the following post as requested in my initial reply. It will tell you what DDS is and how to get a set of DDS logs. HOW TO GET HELP AT THIS FORUM (YOU MUST READ THIS)
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: Problem with ad popup http://ib.adnxs.com and http://ad.

Unread postby aherodoto » July 8th, 2012, 9:11 am

Thank you for the help. I tried combofix and it solved the problem!
aherodoto
Active Member
 
Posts: 3
Joined: July 6th, 2012, 11:00 pm

Re: Problem with ad popup http://ib.adnxs.com and http://ad.

Unread postby diver79 » July 8th, 2012, 10:24 am

Hi aherodoto,

Glad you have resolved the problem. Just a note regarding Combifix. It should not be used without the aid of a trained malware fighter. I would discourage you from using it unassisted in future, as it can cause your computer to become unbootable. The problem on your machine was caused by a hosts file infection and did not warrant the use of Combofix.

As your problem has been resolved, I will have this topic closed.

diver.
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: Problem with ad popup http://ib.adnxs.com and http://ad.

Unread postby Cypher » July 8th, 2012, 11:42 am

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 288 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware