[Space1969]

O cannot acess Chrome. I had problems before with Chrome opening IE instead, but the problem returned. But now, it does not open IE. it seems to be blocking and just returns that the file cannot be found asking me whether I want to delete the shortcut or not. I cannot access the folder with the Chrome Application. I have used o program to force deletion of the folder but it does not solve it on installing Chrome again. Any clues?

Regards,
Jorge

Edited by Space1969, 10 May 2013 - 05:51 PM.

[Advertisements]

Hello Space1969

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

• Please do not run any tools unless instructed to do so.
  
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
• Please do not attach logs or use code boxes, just copy and paste the text.
  
  • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
• Please read every post completely before doing anything.
  
  • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
• Please provide feedback about your experience as we go.
  
  • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.





I need to get some reports to get a base to start from so I need you to run these programs first.



-Download DDS-

• Please download DDS from one of the links below and save it to your desktop:
  
  
  Download DDS and save it to your desktop
  
  Link1
  Link2
  Link3
  
  
  • Double-Click on dds.scr and a command window will appear. This is normal.
  • Shortly after two logs will appear:
    
  • DDS.txt
  • Attach.txt
• A window will open instructing you save & post the logs
• Save the logs to a convenient place such as your desktop
• Copy the contents of both logs & post in your next reply

Gringo

[gringo_pr]

Hello Space1969

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

• Please do not run any tools unless instructed to do so.
  
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
• Please do not attach logs or use code boxes, just copy and paste the text.
  
  • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
• Please read every post completely before doing anything.
  
  • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
• Please provide feedback about your experience as we go.
  
  • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.





I need to get some reports to get a base to start from so I need you to run these programs first.



-Download DDS-

• Please download DDS from one of the links below and save it to your desktop:
  
  
  Download DDS and save it to your desktop
  
  Link1
  Link2
  Link3
  
  
  • Double-Click on dds.scr and a command window will appear. This is normal.
  • Shortly after two logs will appear:
    
  • DDS.txt
  • Attach.txt
• A window will open instructing you save & post the logs
• Save the logs to a convenient place such as your desktop
• Copy the contents of both logs & post in your next reply

Gringo

[Space1969]

Hi Gringo,

Pls see the attachments.



DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.21.2
Run by Jorgen at 22:58:20 on 2013-05-10
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Arquivos de programas\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\ANYCOM\Blue USB-200-250\bin\btwdins.exe
C:\WINDOWS\system32\WinFLService.exe
C:\WINDOWS\system32\hasplms.exe
C:\Arquivos de programas\Java\jre7\bin\jqs.exe
C:\Arquivos de programas\LogMeIn\x86\LMIGuardianSvc.exe
C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe
C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Arquivos de programas\Marvell\61xx\Apache2\bin\Apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe
C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Arquivos de programas\Yontoo\Y2Desktop.Updater.exe
C:\Arquivos de programas\Marvell\61xx\Apache2\bin\Apache.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\AtomTime Pro\AtomTime.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\system32\aetcrss1.exe
C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe
C:\Arquivos de programas\DivX\DivX Update\DivXUpdate.exe
C:\Arquivos de programas\iTunes\iTunesHelper.exe
C:\Arquivos de programas\BillP Studios\WinPatrol\winpatrol.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\Arquivos de programas\SugarSync\SugarSyncManager.exe
C:\WINDOWS\system32\WinFLTray.exe
C:\Arquivos de programas\NewSoftware's\Folder Lock\FLComServCtrl.exe
C:\Arquivos de programas\NewSoftware's\Folder Lock\FLComServ.exe
C:\Arquivos de programas\iPod\bin\iPodService.exe
C:\Arquivos de programas\Garmin\ANT Agent\ANT Agent.exe
C:\Arquivos de programas\ANYCOM\Blue USB-200-250\BTTray.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Arquivos de programas\Microsoft\BingBar\7.1.391.0\SeaPort.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Skype\Toolbars\Shared\SkypeNames2.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.br
uDefault_Search_URL = hxxp://www.google.com/ie
uProxyServer = 80.84.34.175:9000
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Facilitador de Leitor de Link Adobe PDF: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: ssh2 Class: {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - c:\arquivos de programas\scpad\scpsssh2.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\arquivos de programas\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\arquivos de programas\java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\arquivos de programas\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: delta Helper Object: {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - c:\arquivos de programas\delta\delta\1.8.16.16\bh\delta.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\arquivos de programas\microsoft\bingbar\7.1.391.0\BingExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\arquivos de programas\java\jre7\bin\jp2ssv.dll
BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - c:\arquivos de programas\google\chrome\application\26.0.1410.64\npchrome_frame.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [SugarSync] "c:\arquivos de programas\sugarsync\SugarSyncManager.exe" -startInTray -usedelay=true
uRun: [Skype] "c:\arquivos de programas\skype\phone\Skype.exe" /nosplash /minimized
uRun: [WinFLTray] c:\windows\system32\WinFLTray.exe
uRun: [FLBackup] c:\arquivos de programas\newsoftware's\folder lock\FLComServCtrl.exe
uRun: [FreeRAM XP] "c:\arquivos de programas\yourware solutions\freeram xp pro\FreeRAM XP Pro.exe" -win
uRun: [gStart] c:\garmin\gStart.exe
uRun: [ANT Agent] c:\arquivos de programas\garmin\ant agent\ANT Agent.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_6_602_180_ActiveX.exe -update activex
mRun: [IntelAudioStudio] "c:\arquivos de programas\intel audio studio\IntelAudioStudio.exe" TRAY
mRun: [LanguageShortcut] "c:\arquivos de programas\cyberlink\powerdvd\language\Language.exe"
mRun: [AtomTime] "c:\arquivos de programas\atomtime pro\AtomTime.EXE"
mRun: [AppleSyncNotifier] c:\arquivos de programas\arquivos comuns\apple\mobile device support\AppleSyncNotifier.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [VirtualCloneDrive] "c:\arquivos de programas\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [CertificateRegistration] aetcrss1.exe
mRun: [APSDaemon] "c:\arquivos de programas\arquivos comuns\apple\apple application support\APSDaemon.exe"
mRun: [LogMeIn GUI] "c:\arquivos de programas\logmein\x86\LogMeInSystray.exe"
mRun: [DivXMediaServer] c:\arquivos de programas\divx\divx media server\DivXMediaServer.exe
mRun: [DivXUpdate] "c:\arquivos de programas\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [AdobeAAMUpdater-1.0] "c:\arquivos de programas\arquivos comuns\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [iTunesHelper] "c:\arquivos de programas\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\arquivos de programas\arquivos comuns\adobe\arm\1.0\AdobeARM.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [AVG_UI] "c:\arquivos de programas\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [WinPatrol] c:\arquivos de programas\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [SunJavaUpdateSched] "c:\arquivos de programas\arquivos comuns\java\java update\jusched.exe"
mRun: [UnlockerAssistant] "c:\arquivos de programas\unlocker\UnlockerAssistant.exe"
mRunOnce: [B Register c:\arquivos de programas\divx\divx plus directshow filters\divxdech264.ax] "c:\windows\system32\rundll32.exe" "c:\arquivos de programas\divx\divx plus directshow filters\DivXDecH264.ax",DllRegisterServer
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\jorgen\menuin~1\progra~1\inicia~1\ddbd5.lnk - c:\arquivos de programas\internet explorer\ddbd5.exe
StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\bttray.lnk - c:\arquivos de programas\anycom\blue usb-200-250\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\cinefo~1.lnk - c:\arquivos de programas\cineform\tools\GoProCineFormStatusViewer.exe
StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\hpdigi~1.lnk - c:\arquivos de programas\hp\digital imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\arquiv~1\micros~2\office11\EXCEL.EXE/3000
IE: Enviar para &Bluetooth - c:\arquivos de programas\anycom\blue usb-200-250\btsendto_ie_ctx.htm
IE: Save YouTube Video - <no file>
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\arquivos de programas\java\jre7\bin\jp2iexp.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\arquivos de programas\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\arquivos de programas\anycom\blue usb-200-250\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} - hxxps://cpne.bradesco.com.br/certifexp.cab
DPF: {B3D3825B-2120-4B0E-8C45-80ECC1D3E70D} - hxxps://cpne.bradesco.com.br/CA.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{98F5B81D-4833-4DD1-90BE-DE2A2FED7296} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{E96BDFEA-5510-42EE-AEC8-381D3D169734} : DHCPNameServer = 192.168.1.1
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\arquivos de programas\google\chrome\application\26.0.1410.64\npchrome_frame.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\arquivos de programas\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: LMIinit - LMIinit.dll
AppInit_DLLs= c:\docume~1\alluse~1\dadosd~1\browse~1\261249~1.132\{c16c1~1\browse~1.dll
SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - c:\arquivos de programas\scpad\scpLIB.dll
STS: compIB Class - {A3717295-941D-416F-9384-ED1736729F1C} - c:\arquivos de programas\scpad\scpLIB.dll
mASetup: aetsprov - c:\windows\system32\regsvr32.exe /s c:\windows\system32\aetsprov.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\arquivos de programas\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
.
=============== File Associations ===============
.
FileExt: .txt: Applications\chrome.exe - HKCR\Unknown\Shell=c:\windows\system32\rundll32.exe c:\windows\system32\shell32.dll,OpenAs_RunDLL %1 [UserChoice] [default=openas]
.
=============== Created Last 30 ================
.
2013-05-09 02:24:26 -------- d-----w- c:\documents and settings\jorgen\configurações locais\dados de aplicativos\Babylon
2013-05-09 02:24:02 -------- d-----w- c:\arquivos de programas\Unlocker
2013-05-09 01:40:30 -------- d-----w- c:\arquivos de programas\GUME.tmp
2013-05-09 01:13:10 -------- d-----w- c:\documents and settings\jorgen\dados de aplicativos\Mipony Download Manager Packages
2013-05-09 01:12:48 -------- d-----w- c:\documents and settings\all users\dados de aplicativos\BrowserProtect
2013-05-09 01:12:34 -------- d-----w- c:\arquivos de programas\Delta
2013-05-09 01:12:01 -------- d-----w- c:\documents and settings\jorgen\dados de aplicativos\Yontoo
2013-05-09 01:12:01 -------- d-----w- c:\arquivos de programas\Yontoo
2013-05-09 01:12:00 -------- d-----w- c:\documents and settings\jorgen\dados de aplicativos\BabSolution
2013-05-09 01:11:54 -------- d-----w- c:\documents and settings\jorgen\dados de aplicativos\Delta
2013-05-09 01:11:02 -------- d-----w- c:\documents and settings\all users\dados de aplicativos\Tarma Installer
2013-05-09 01:11:01 -------- d-----w- c:\documents and settings\jorgen\dados de aplicativos\DealPly
2013-05-09 01:10:52 -------- d-----w- c:\arquivos de programas\DealPly
2013-05-09 01:10:44 -------- d-----w- c:\arquivos de programas\MiPony
2013-05-09 01:10:41 -------- d-----w- c:\documents and settings\all users\dados de aplicativos\Babylon
2013-05-09 01:10:38 -------- d-----w- c:\documents and settings\jorgen\dados de aplicativos\Babylon
2013-05-09 01:10:24 -------- d-----w- c:\documents and settings\jorgen\dados de aplicativos\DSite
2013-05-09 00:18:17 -------- d-----w- C:\ComboFix
2013-05-08 23:38:45 98816 ----a-w- c:\windows\sed.exe
2013-05-08 23:38:45 256000 ----a-w- c:\windows\PEV.exe
2013-05-08 23:38:45 208896 ----a-w- c:\windows\MBR.exe
2013-05-05 16:01:08 -------- d-----w- c:\arquivos de programas\arquivos comuns\Corel
2013-05-05 15:59:32 -------- d-----w- c:\arquivos de programas\arquivos comuns\Protexis
2013-05-05 15:44:27 -------- d-----w- c:\arquivos de programas\Corel
2013-05-05 15:38:04 -------- d-----w- c:\documents and settings\all users\dados de aplicativos\CorelDRAW Graphics Suite X6
2013-05-02 10:36:21 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-20 22:48:27 -------- d-----w- c:\documents and settings\jorgen\dados de aplicativos\WinPatrol
2013-04-20 22:48:11 -------- d-----w- c:\arquivos de programas\BillP Studios
2013-04-18 04:29:15 -------- d-----w- c:\documents and settings\all users\dados de aplicativos\Sonos,_Inc
2013-04-18 03:20:37 -------- d-----w- c:\arquivos de programas\CCleaner
2013-04-18 02:44:40 -------- d-----w- c:\arquivos de programas\VS Revo Group
2013-04-17 03:48:59 -------- d-sha-r- C:\cmdcons
2013-04-17 02:18:28 384 ----a-w- c:\windows\DeleteOnReboot.bat
2013-04-16 21:34:06 -------- d-----w- c:\windows\LastGood.Tmp
2013-04-16 20:00:55 -------- dc-h--w- c:\windows\ie8
2013-04-16 20:00:34 -------- d--h--w- c:\windows\msdownld.tmp
2013-04-16 17:14:52 -------- d-----w- c:\documents and settings\jorgen\dados de aplicativos\AVG2013
2013-04-16 17:14:02 -------- d-----w- c:\documents and settings\jorgen\configurações locais\dados de aplicativos\AVG SafeGuard toolbar
2013-04-16 17:13:50 -------- d-----w- c:\documents and settings\all users\dados de aplicativos\AVG SafeGuard toolbar
2013-04-16 17:13:48 -------- d-----w- c:\documents and settings\jorgen\dados de aplicativos\AVG SafeGuard toolbar
2013-04-16 17:13:45 -------- d-----w- c:\arquivos de programas\AVG SafeGuard toolbar
2013-04-16 17:10:16 -------- d-----w- c:\documents and settings\jorgen\configurações locais\dados de aplicativos\MFAData
2013-04-16 17:10:16 -------- d-----w- c:\documents and settings\jorgen\configurações locais\dados de aplicativos\Avg2013
2013-04-16 17:10:16 -------- d-----w- c:\documents and settings\all users\dados de aplicativos\MFAData
2013-04-16 17:06:08 4126720 ----a-w- c:\arquivos de programas\GUT92.tmp
2013-04-16 17:06:08 -------- d-----w- c:\arquivos de programas\GUM91.tmp
2013-04-16 16:58:28 -------- d-----w- c:\documents and settings\jorgen\configurações locais\dados de aplicativos\Mozilla
2013-04-16 13:13:02 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-04-16 13:13:02 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
2013-04-16 13:07:20 375296 -c----w- c:\windows\system32\dllcache\dpnet.dll
2013-04-16 12:25:00 33624 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-04-16 12:14:31 -------- d-----w- c:\arquivos de programas\FileASSASSIN
2013-04-16 11:37:27 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-16 11:37:27 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware
2013-04-16 11:13:37 58368 -c----w- c:\windows\system32\dllcache\synceng.dll
2013-04-15 22:02:49 -------- d-----w- c:\documents and settings\jorgen\dados de aplicativos\TuneUp Software
2013-04-15 22:01:11 -------- d--h--w- C:\$AVG
2013-04-15 22:01:10 -------- d-----w- c:\documents and settings\all users\dados de aplicativos\AVG2013
2013-04-15 21:39:44 -------- d-----w- c:\documents and settings\jorgen\configurações locais\dados de aplicativos\Deployment
.
==================== Find3M ====================
.
2013-05-02 10:35:55 866720 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-05-02 10:35:55 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-05-02 10:35:55 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-29 05:53:48 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-03-21 06:08:24 182072 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2013-03-13 01:49:36 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-13 01:49:36 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-08 08:36:13 293888 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 15:56:44 2153984 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 15:56:44 2032640 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-02 01:58:22 1867392 ----a-w- c:\windows\system32\win32k.sys
2013-03-01 13:32:20 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-12 00:32:23 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
.
============= FINISH: 23:00:12,63 ===============





.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
.
==== Disk Partitions =========================
.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
5600
5600_Help
5600Trb
Adobe Acrobat 5.0
Adobe AIR
Adobe Community Help
Adobe Digital Editions
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Premiere Elements 11
Adobe Reader XI (11.0.02) - Português
Adobe Shockwave Player 11.6
AiO_Scan
AiOSoftware
Amazon Kindle For PC v1.1
America's Army 3
ANYCOM Blue USB-200/250 Software
Apple Mobile Device Support
Apple Software Update
Arquivo do WinRAR
Assistente de Instalação Certisign
AtomTime Pro 3.1d
Atualização de Segurança para Microsoft Windows (KB2564958)
Atualização de Segurança para o Windows Media Player (KB2378111)
Atualização de Segurança para o Windows Media Player (KB911564)
Atualização de Segurança para o Windows Media Player (KB952069)
Atualização de Segurança para o Windows Media Player (KB954155)
Atualização de Segurança para o Windows Media Player (KB968816)
Atualização de Segurança para o Windows Media Player (KB973540)
Atualização de Segurança para o Windows Media Player (KB975558)
Atualização de Segurança para o Windows Media Player (KB978695)
Atualização de Segurança para o Windows Media Player (KB979402)
Atualização de Segurança para o Windows Media Player 6.4 (KB925398)
Atualização de Segurança para o Windows Media Player 9 (KB936782)
Atualização de Segurança para Windows Internet Explorer 7 (KB938127)
Atualização de Segurança para Windows Internet Explorer 7 (KB942615)
Atualização de Segurança para Windows Internet Explorer 7 (KB944533)
Atualização de Segurança para Windows Internet Explorer 7 (KB950759)
Atualização de Segurança para Windows Internet Explorer 7 (KB953838)
Atualização de Segurança para Windows Internet Explorer 7 (KB956390)
Atualização de Segurança para Windows Internet Explorer 7 (KB958215)
Atualização de Segurança para Windows Internet Explorer 7 (KB960714)
Atualização de Segurança para Windows Internet Explorer 7 (KB961260)
Atualização de Segurança para Windows Internet Explorer 7 (KB963027)
Atualização de Segurança para Windows Internet Explorer 7 (KB969897)
Atualização de Segurança para Windows Internet Explorer 7 (KB972260)
Atualização de Segurança para Windows XP (KB2079403)
Atualização de Segurança para Windows XP (KB2115168)
Atualização de Segurança para Windows XP (KB2121546)
Atualização de Segurança para Windows XP (KB2160329)
Atualização de Segurança para Windows XP (KB2229593)
Atualização de Segurança para Windows XP (KB2259922)
Atualização de Segurança para Windows XP (KB2279986)
Atualização de Segurança para Windows XP (KB2286198)
Atualização de Segurança para Windows XP (KB2296011)
Atualização de Segurança para Windows XP (KB2296199)
Atualização de Segurança para Windows XP (KB2347290)
Atualização de Segurança para Windows XP (KB2360937)
Atualização de Segurança para Windows XP (KB2387149)
Atualização de Segurança para Windows XP (KB2393802)
Atualização de Segurança para Windows XP (KB2412687)
Atualização de Segurança para Windows XP (KB2419632)
Atualização de Segurança para Windows XP (KB2423089)
Atualização de Segurança para Windows XP (KB2436673)
Atualização de Segurança para Windows XP (KB2440591)
Atualização de Segurança para Windows XP (KB2443105)
Atualização de Segurança para Windows XP (KB2476490)
Atualização de Segurança para Windows XP (KB2476687)
Atualização de Segurança para Windows XP (KB2478960)
Atualização de Segurança para Windows XP (KB2478971)
Atualização de Segurança para Windows XP (KB2479628)
Atualização de Segurança para Windows XP (KB2479943)
Atualização de Segurança para Windows XP (KB2481109)
Atualização de Segurança para Windows XP (KB2483185)
Atualização de Segurança para Windows XP (KB2485376)
Atualização de Segurança para Windows XP (KB2485663)
Atualização de Segurança para Windows XP (KB2503658)
Atualização de Segurança para Windows XP (KB2503665)
Atualização de Segurança para Windows XP (KB2506212)
Atualização de Segurança para Windows XP (KB2506223)
Atualização de Segurança para Windows XP (KB2507618)
Atualização de Segurança para Windows XP (KB2507938)
Atualização de Segurança para Windows XP (KB2508272)
Atualização de Segurança para Windows XP (KB2508429)
Atualização de Segurança para Windows XP (KB2509553)
Atualização de Segurança para Windows XP (KB2511455)
Atualização de Segurança para Windows XP (KB2524375)
Atualização de Segurança para Windows XP (KB2535512)
Atualização de Segurança para Windows XP (KB2536276-v2)
Atualização de Segurança para Windows XP (KB2536276)
Atualização de Segurança para Windows XP (KB2544893-v2)
Atualização de Segurança para Windows XP (KB2544893)
Atualização de Segurança para Windows XP (KB2555917)
Atualização de Segurança para Windows XP (KB2562937)
Atualização de Segurança para Windows XP (KB2566454)
Atualização de Segurança para Windows XP (KB2567053)
Atualização de Segurança para Windows XP (KB2567680)
Atualização de Segurança para Windows XP (KB2570222)
Atualização de Segurança para Windows XP (KB2570947)
Atualização de Segurança para Windows XP (KB2584146)
Atualização de Segurança para Windows XP (KB2585542)
Atualização de Segurança para Windows XP (KB2592799)
Atualização de Segurança para Windows XP (KB2598479)
Atualização de Segurança para Windows XP (KB2603381)
Atualização de Segurança para Windows XP (KB2618451)
Atualização de Segurança para Windows XP (KB2619339)
Atualização de Segurança para Windows XP (KB2620712)
Atualização de Segurança para Windows XP (KB2621440)
Atualização de Segurança para Windows XP (KB2624667)
Atualização de Segurança para Windows XP (KB2631813)
Atualização de Segurança para Windows XP (KB2633171)
Atualização de Segurança para Windows XP (KB2639417)
Atualização de Segurança para Windows XP (KB2641653)
Atualização de Segurança para Windows XP (KB2646524)
Atualização de Segurança para Windows XP (KB2647518)
Atualização de Segurança para Windows XP (KB2653956)
Atualização de Segurança para Windows XP (KB2655992)
Atualização de Segurança para Windows XP (KB2659262)
Atualização de Segurança para Windows XP (KB2660465)
Atualização de Segurança para Windows XP (KB2661637)
Atualização de Segurança para Windows XP (KB2676562)
Atualização de Segurança para Windows XP (KB2685939)
Atualização de Segurança para Windows XP (KB2686509)
Atualização de Segurança para Windows XP (KB2691442)
Atualização de Segurança para Windows XP (KB2695962)
Atualização de Segurança para Windows XP (KB2698365)
Atualização de Segurança para Windows XP (KB2705219)
Atualização de Segurança para Windows XP (KB2707511)
Atualização de Segurança para Windows XP (KB2709162)
Atualização de Segurança para Windows XP (KB2712808)
Atualização de Segurança para Windows XP (KB2718523)
Atualização de Segurança para Windows XP (KB2719985)
Atualização de Segurança para Windows XP (KB2723135)
Atualização de Segurança para Windows XP (KB2724197)
Atualização de Segurança para Windows XP (KB2727528)
Atualização de Segurança para Windows XP (KB2731847)
Atualização de Segurança para Windows XP (KB2753842-v2)
Atualização de Segurança para Windows XP (KB2757638)
Atualização de Segurança para Windows XP (KB2758857)
Atualização de Segurança para Windows XP (KB2770660)
Atualização de Segurança para Windows XP (KB2780091)
Atualização de Segurança para Windows XP (KB2802968)
Atualização de Segurança para Windows XP (KB2807986)
Atualização de Segurança para Windows XP (KB2808735)
Atualização de Segurança para Windows XP (KB2813170)
Atualização de Segurança para Windows XP (KB2820917)
Atualização de Segurança para Windows XP (KB923561)
Atualização de Segurança para Windows XP (KB923689)
Atualização de Segurança para Windows XP (KB938464-v2)
Atualização de Segurança para Windows XP (KB938464)
Atualização de Segurança para Windows XP (KB941569)
Atualização de Segurança para Windows XP (KB946648)
Atualização de Segurança para Windows XP (KB950760)
Atualização de Segurança para Windows XP (KB950762)
Atualização de Segurança para Windows XP (KB950974)
Atualização de Segurança para Windows XP (KB951066)
Atualização de Segurança para Windows XP (KB951376-v2)
Atualização de Segurança para Windows XP (KB951376)
Atualização de Segurança para Windows XP (KB951698)
Atualização de Segurança para Windows XP (KB951748)
Atualização de Segurança para Windows XP (KB952004)
Atualização de Segurança para Windows XP (KB952954)
Atualização de Segurança para Windows XP (KB953839)
Atualização de Segurança para Windows XP (KB954211)
Atualização de Segurança para Windows XP (KB954459)
Atualização de Segurança para Windows XP (KB954600)
Atualização de Segurança para Windows XP (KB955069)
Atualização de Segurança para Windows XP (KB956391)
Atualização de Segurança para Windows XP (KB956572)
Atualização de Segurança para Windows XP (KB956744)
Atualização de Segurança para Windows XP (KB956802)
Atualização de Segurança para Windows XP (KB956803)
Atualização de Segurança para Windows XP (KB956841)
Atualização de Segurança para Windows XP (KB956844)
Atualização de Segurança para Windows XP (KB957095)
Atualização de Segurança para Windows XP (KB957097)
Atualização de Segurança para Windows XP (KB958644)
Atualização de Segurança para Windows XP (KB958687)
Atualização de Segurança para Windows XP (KB958690)
Atualização de Segurança para Windows XP (KB958869)
Atualização de Segurança para Windows XP (KB959426)
Atualização de Segurança para Windows XP (KB960225)
Atualização de Segurança para Windows XP (KB960715)
Atualização de Segurança para Windows XP (KB960803)
Atualização de Segurança para Windows XP (KB960859)
Atualização de Segurança para Windows XP (KB961371)
Atualização de Segurança para Windows XP (KB961373)
Atualização de Segurança para Windows XP (KB961501)
Atualização de Segurança para Windows XP (KB968537)
Atualização de Segurança para Windows XP (KB969059)
Atualização de Segurança para Windows XP (KB969898)
Atualização de Segurança para Windows XP (KB969947)
Atualização de Segurança para Windows XP (KB970238)
Atualização de Segurança para Windows XP (KB970430)
Atualização de Segurança para Windows XP (KB971468)
Atualização de Segurança para Windows XP (KB971486)
Atualização de Segurança para Windows XP (KB971557)
Atualização de Segurança para Windows XP (KB971633)
Atualização de Segurança para Windows XP (KB971657)
Atualização de Segurança para Windows XP (KB972270)
Atualização de Segurança para Windows XP (KB973346)
Atualização de Segurança para Windows XP (KB973354)
Atualização de Segurança para Windows XP (KB973507)
Atualização de Segurança para Windows XP (KB973525)
Atualização de Segurança para Windows XP (KB973869)
Atualização de Segurança para Windows XP (KB973904)
Atualização de Segurança para Windows XP (KB974112)
Atualização de Segurança para Windows XP (KB974318)
Atualização de Segurança para Windows XP (KB974392)
Atualização de Segurança para Windows XP (KB974571)
Atualização de Segurança para Windows XP (KB975025)
Atualização de Segurança para Windows XP (KB975467)
Atualização de Segurança para Windows XP (KB975560)
Atualização de Segurança para Windows XP (KB975561)
Atualização de Segurança para Windows XP (KB975562)
Atualização de Segurança para Windows XP (KB975713)
Atualização de Segurança para Windows XP (KB977165-v2)
Atualização de Segurança para Windows XP (KB977816)
Atualização de Segurança para Windows XP (KB977914)
Atualização de Segurança para Windows XP (KB978037)
Atualização de Segurança para Windows XP (KB978251)
Atualização de Segurança para Windows XP (KB978262)
Atualização de Segurança para Windows XP (KB978338)
Atualização de Segurança para Windows XP (KB978542)
Atualização de Segurança para Windows XP (KB978601)
Atualização de Segurança para Windows XP (KB978706)
Atualização de Segurança para Windows XP (KB979309)
Atualização de Segurança para Windows XP (KB979482)
Atualização de Segurança para Windows XP (KB979559)
Atualização de Segurança para Windows XP (KB979683)
Atualização de Segurança para Windows XP (KB979687)
Atualização de Segurança para Windows XP (KB980195)
Atualização de Segurança para Windows XP (KB980218)
Atualização de Segurança para Windows XP (KB980232)
Atualização de Segurança para Windows XP (KB980436)
Atualização de Segurança para Windows XP (KB981322)
Atualização de Segurança para Windows XP (KB981852)
Atualização de Segurança para Windows XP (KB981957)
Atualização de Segurança para Windows XP (KB981997)
Atualização de Segurança para Windows XP (KB982132)
Atualização de Segurança para Windows XP (KB982214)
Atualização de Segurança para Windows XP (KB982665)
Atualização de Segurança para Windows XP (KB982802)
Atualização para Windows XP (KB2141007)
Atualização para Windows XP (KB2345886)
Atualização para Windows XP (KB2467659)
Atualização para Windows XP (KB2492386)
Atualização para Windows XP (KB2541763)
Atualização para Windows XP (KB2607712)
Atualização para Windows XP (KB2616676)
Atualização para Windows XP (KB2641690)
Atualização para Windows XP (KB2661254-v2)
Atualização para Windows XP (KB2718704)
Atualização para Windows XP (KB2736233)
Atualização para Windows XP (KB2749655)
Atualização para Windows XP (KB951072-v2)
Atualização para Windows XP (KB951978)
Atualização para Windows XP (KB955759)
Atualização para Windows XP (KB955839)
Atualização para Windows XP (KB961503)
Atualização para Windows XP (KB967715)
Atualização para Windows XP (KB968389)
Atualização para Windows XP (KB971029)
Atualização para Windows XP (KB971737)
Atualização para Windows XP (KB973687)
Atualização para Windows XP (KB973815)
Audible Download Manager
AVG 2013
Bing Bar
Bitcoin
BlackBerry Desktop Software 6.0.1
Bonjour
BrowserProtect
BufferChm
Call of Duty® 4 - Modern Warfare™ 1.4 Patch
CCleaner
Combat Arms
Corel Graphics - Windows Shell Extension
CorelDRAW Graphics Suite X6
CorelDRAW Graphics Suite X6 - BR
CorelDRAW Graphics Suite X6 - Capture
CorelDRAW Graphics Suite X6 - Common
CorelDRAW Graphics Suite X6 - Connect
CorelDRAW Graphics Suite X6 - Custom Data
CorelDRAW Graphics Suite X6 - Draw
CorelDRAW Graphics Suite X6 - Filters
CorelDRAW Graphics Suite X6 - FontNav
CorelDRAW Graphics Suite X6 - IPM
CorelDRAW Graphics Suite X6 - PHOTO-PAINT
CorelDRAW Graphics Suite X6 - Photozoom Plugin
CorelDRAW Graphics Suite X6 - Redist
CorelDRAW Graphics Suite X6 - Setup Files
CorelDRAW Graphics Suite X6 - VBA
CorelDRAW Graphics Suite X6 - VideoBrowser
CorelDRAW Graphics Suite X6 - VSTA
CorelDRAW Graphics Suite X6 - Writing Tools
Counter-Strike: Source
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
Creative WebCam NX Driver (2.00.04.0000)
CustomerResearchQFolder
DealPly
DealPly (remove only)
Delta Chrome Toolbar
Delta toolbar
Destinations
DeviceManagementQFolder
DivX Converter
DivX Plus DirectShow Filters
DivX Version Checker
DocProc
DVD Suite
Elements 11 Organizer
Emissor de Nota Fiscal Eletrônica (NF-e) 2.0
eSupportQFolder
Fax
FileASSASSIN
Folder Lock
Frame do Google Chrome
Free Picture Resize Starter 4.5
Garmin ANT Agent
Garmin Communicator Plugin
Garmin Training Center
Garmin USB Drivers
Garmin WebUpdater
GCAP2009
Gerenciador de Certificados Digitais - Certisign
Google Chrome
Google Update Helper
GoPro CineForm Studio 1.3.2
GPL MPEG-1/2 DirectShow Decoder Filter
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB958655-v2)
Hotfix para Windows Internet Explorer 7 (KB947864)
Hotfix para Windows XP (KB2158563)
Hotfix para Windows XP (KB2443685)
Hotfix para Windows XP (KB2570791)
Hotfix para Windows XP (KB2633952)
Hotfix para Windows XP (KB2756822)
Hotfix para Windows XP (KB2779562)
Hotfix para Windows XP (KB942288-v3)
Hotfix para Windows XP (KB952287)
Hotfix para Windows XP (KB961118)
Hotfix para Windows XP (KB970653-v3)
Hotfix para Windows XP (KB976098-v2)
Hotfix para Windows XP (KB979306)
Hotfix para Windows XP (KB981793)
HP Extended Capabilities 5.3
HP Image Zone Express
HP Imaging Device Functions 5.3
HP Product Assistant
HP PSC & OfficeJet 5.3.B
HP Solution Center & Imaging Support Tools 5.3
HP Update
HPProductAssistant
Instalação do DivX
Intel Audio Studio 2.0
Intel® PRO Network Connections 11.2.0.69
IrfanView (remove only)
IRPF2008 Windows - Declaração de Ajuste Anual
IRPF2009 - Declaração de Ajuste Anual e Final de Espólio
IRPF2010 - Declaração de Ajuste Anual e Final de Espólio
IRPF2011 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País
IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País
iTunes
Java 7 Update 21
Java Auto Updater
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
LogMeIn
Malwarebytes Anti-Malware versão 1.75.0.1300
MarketResearch
Marvell 61xx MRU
Matrox VFW Software Codecs, build 28
Media Player Codec Pack 4.2.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PTB
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PTB
Microsoft .NET Framework 3.5 Language Pack SP1 - ptb
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile PTB Language Pack
Microsoft Application Error Reporting
Microsoft CAPICOM 2.1.0.2 SDK
Microsoft Choice Guard
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.3
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual Basic for Applications 7.1 (x86)
Microsoft Visual Basic for Applications 7.1 (x86) English
Microsoft Visual Basic for Applications 7.1 (x86) Portuguese (Brazil)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Tools for Applications 2.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MiPony 2.0.2
Mipony Download Manager Packages
MobileMe Control Panel
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 6.0 Parser
neroxml
NewCopy
Nexon Game Manager
NVIDIA Drivers
NVIDIA PhysX v8.09.04
Nvu 1.0PR
Octoshape add-in for Adobe Flash Player
Pacote de Compatibilidade para o sistema Office 2007
Pacote de Idiomas do Microsoft .NET Framework 3.5 SP1 - PTB
Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)
Pacote de Provedor de Serviços de Criptografia para o Microsoft Base Smart Card
Paint.NET v3.5.10
PC-CCID
PC Searc h- SR22
PowerDVD
PRE11 STI Installer
Prince of Persia T2T
ProductContext
PunkBuster Services
PxMergeModule
Readme
Receitanet
Receitanet 2008
Revo Uninstaller 1.94
SafeSign
Scan
ScannerCopy
SecurDisc Viewer
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (KB2478663)
Security Update for Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (KB2518870)
Segoe UI
Sicalc Auto Atendimento
SigmaTel Audio
Skype Toolbars
Skype™ 5.0
SolutionCenter
Sonos Controller
Status
Steam
StrongVPN Client version 1.1
SugarSync Manager
Suporte para Aplicativos Apple
swMSM
System Requirements Lab
TBS WMP Plug-in
TrayApp
Uninstall 1.0.0.1
Unload
Unlocker 1.9.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Mipony Download Manager
VC80CRTRedist - 8.0.50727.6195
VideoPad Video Editor
VirtualCloneDrive
VLC media player 2.0.6
WavePad Sound Editor
WebFldrs XP
WebReg
Windows Driver Package - Dynastream Innovations (libusb0) LibUsbDevices (07/07/2009 1.12.2)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 )
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Management Framework Core
Windows Media Format Runtime
Windows XP Service Pack 3
Wisdom-soft Set up ScreenHunter 5.1 Free
XML Paper Specification Shared Components Language Pack 1.0
XML Paper Specification Shared Components Pack 1.0
XviD & MP3 Codec Pack (remove only)
Xvid 1.2.2 final uninstall
Yontoo 2.053
.
==== End Of File ===========================

[gringo_pr]

Hello Space1969

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Delete.
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

When they are complete let me have the two reports and let me know how things are running.

Gringo

[Space1969]

Here are the results. The computer is not slow as driving through cold honey or something as it seems - much faster!
It might have been the BrowserProtect and Yontoo that were removed?

I have not tried to reinstall Chrome yet. I still cannot access the Chrome Application folder.

Regards,
Jorgen



# AdwCleaner v2.300 - Relatório criado em 10/05/2013 às 23:38:18
# Atualizado em 28/04/2013 por Xplode
# Sistema Operacional : Microsoft Windows XP Service Pack 3 (32 bits)
# Usuário : Jorgen - CASA
# Modo de Boot : Normal
# Executado de : C:\Documents and Settings\Jorgen\Desktop\adwcleaner.exe
# Opção [Remover]


***** [Serviços] *****

Encerrado & Removido : BrowserProtect
Encerrado & Removido : Yontoo Desktop Updater

***** [Arquivos/Pastas] *****

Arquivo Removido : C:\Documents and Settings\Jorgen\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\bProtector Web Data
Arquivo Removido : C:\Documents and Settings\Jorgen\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\bprotectorpreferences
Arquivo Removido : C:\Documents and Settings\Jorgen\Dados de aplicativos\Mozilla\Firefox\Profiles\lwshail9.default\bprotector_extensions.sqlite
Arquivo Removido : C:\Documents and Settings\Jorgen\Dados de aplicativos\Mozilla\Firefox\Profiles\lwshail9.default\bprotector_prefs.js
Arquivo Removido : C:\Documents and Settings\Jorgen\Dados de aplicativos\Mozilla\Firefox\Profiles\lwshail9.default\searchplugins\Babylon.xml
Arquivo Removido : C:\Documents and Settings\Jorgen\Dados de aplicativos\Mozilla\Firefox\Profiles\lwshail9.default\searchplugins\delta.xml
Arquivo Removido : C:\WINDOWS\Tasks\EPUpdater.job
Pasta Removido : C:\Arquivos de programas\DealPly
Pasta Removido : C:\Arquivos de programas\Delta
Pasta Removido : C:\Arquivos de programas\Yontoo
Pasta Removido : C:\DOCUME~1\Jorgen\CONFIG~1\Temp\boost_interprocess
Pasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\Babylon
Pasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\Tarma Installer
Pasta Removido : C:\Documents and Settings\Jorgen\Configurações locais\Dados de aplicativos\Babylon
Pasta Removido : C:\Documents and Settings\Jorgen\Dados de aplicativos\BabSolution
Pasta Removido : C:\Documents and Settings\Jorgen\Dados de aplicativos\Babylon
Pasta Removido : C:\Documents and Settings\Jorgen\Dados de aplicativos\DealPly
Pasta Removido : C:\Documents and Settings\Jorgen\Dados de aplicativos\Delta
Pasta Removido : C:\Documents and Settings\Jorgen\Dados de aplicativos\Mozilla\Firefox\Profiles\lwshail9.default\extensions\[email protected]
Pasta Removido : C:\Documents and Settings\Jorgen\Dados de aplicativos\Mozilla\Firefox\Profiles\lwshail9.default\extensions\[email protected]
Pasta Removido : C:\Documents and Settings\Jorgen\Dados de aplicativos\Yontoo
Pasta Removido : C:\Documents and Settings\Jorgen\Menu Iniciar\Programas\BrowserProtect
Pasta Removido : C:\Documents and Settings\Jorgen\Menu Iniciar\Programas\DealPly
Removido Durante o reboot : C:\Documents and Settings\All Users\Dados de aplicativos\BrowserProtect

***** [Registro] *****

Chave Removida : HKCU\Software\955d9d0b43ae846
Chave Removida : HKCU\Software\BabylonToolbar
Chave Removida : HKCU\Software\DataMngr
Chave Removida : HKCU\Software\DataMngr_Toolbar
Chave Removida : HKCU\Software\DealPly
Chave Removida : HKCU\Software\Delta
Chave Removida : HKCU\Software\InstallCore
Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\BrowserProtect
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF7BD87A-8024-11E2-F316-F3E56188709B}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Chave Removida : HKLM\SOFTWARE\955d9d0b43ae846
Chave Removida : HKLM\Software\Babylon
Chave Removida : HKLM\Software\BabylonToolbar
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Chave Removida : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Chave Removida : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Chave Removida : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Chave Removida : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Chave Removida : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{EF7BD87A-8024-11E2-F316-F3E56188709B}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Chave Removida : HKLM\SOFTWARE\Classes\delta.deltaappCore
Chave Removida : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Chave Removida : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Chave Removida : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Chave Removida : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Chave Removida : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Chave Removida : HKLM\SOFTWARE\Classes\escort.escortIEPane
Chave Removida : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Chave Removida : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Chave Removida : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Chave Removida : HKLM\SOFTWARE\Classes\Prod.cap
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Chave Removida : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Chave Removida : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Chave Removida : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Chave Removida : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Chave Removida : HKLM\Software\Conduit
Chave Removida : HKLM\Software\DataMngr
Chave Removida : HKLM\Software\DealPly
Chave Removida : HKLM\Software\Delta
Chave Removida : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Chave Removida : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Chave Removida : HKLM\Software\Tarma Installer
Valor Removida : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Valor Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]

***** [Navegadores] *****

-\\ Internet Explorer v8.0.6001.18702

Substituído : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=14335&babsrc=NT_ss&mntrId=bc7906470000000000000019d1a3d32d --> hxxp://www.google.com
Substituído : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - bProtectTabs] = hxxp://www2.delta-search.com/?affID=119352&tt=gc_&babsrc=NT_ss&mntrId=BC790019D1A3D32D --> hxxp://www.google.com

-\\ Mozilla Firefox v [Impossível ler a versão]

Arquivo : C:\Documents and Settings\Jorgen\Dados de aplicativos\Mozilla\Firefox\Profiles\lwshail9.default\prefs.js

C:\Documents and Settings\Jorgen\Dados de aplicativos\Mozilla\Firefox\Profiles\lwshail9.default\user.js ... Removido !

[OK] Arquivo está limpo.

-\\ Google Chrome v26.0.1410.64

Arquivo : C:\Documents and Settings\Jorgen\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Preferences

[OK] Arquivo está limpo.

*************************

AdwCleaner[S1].txt - [10792 octets] - [16/04/2013 23:18:14]
AdwCleaner[S2].txt - [2338 octets] - [08/05/2013 20:12:26]
AdwCleaner[S3].txt - [10445 octets] - [10/05/2013 23:38:18]

########## EOF - C:\AdwCleaner[S3].txt - [10506 octets] ##########



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Microsoft Windows XP x86
Ran by Jorgen on sex 10/05/2013 at 23:54:12,65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on sex 10/05/2013 at 23:57:16,75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Space1969]

2 pages I can not access on IE:
www.gmail.com
www.facebook.com

But cnn.com etc are working.

[gringo_pr]

Hello Space1969

try to delete the folder or rename it

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

• In your next post I need the following
  
• Log from Combofix
• let me know of any problems you may have had
  
• How is the computer doing now?

Gringo

[Space1969]

Now I can access the www.gmail.com and www.facebook.com sites on IE again. Still cannot access the Application folder for Chrome.

See the log from Combofix below.

Regards,
Jorge





ComboFix 13-05-10.03 - Jorgen 11/05/2013 0:14.8.2 - x86
Executando de: c:\documents and settings\Jorgen\Desktop\ComboFix.exe
* Criado um novo ponto de restauração
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2013-04-11 to 2013-05-11 ))))))))))))))))))))))))))))
.
.
2013-05-11 02:54 . 2013-05-11 02:54 -------- d-----w- c:\windows\ERUNT
2013-05-11 02:53 . 2013-05-11 02:53 -------- d-----w- C:\JRT
2013-05-11 00:22 . 2013-05-11 00:22 -------- d-----w- c:\documents and settings\Default User\Dados de aplicativos\TuneUp Software
2013-05-11 00:22 . 2013-05-11 00:22 -------- d-----w- c:\windows\LastGood
2013-05-09 03:32 . 2013-05-09 03:33 -------- d-----w- c:\arquivos de programas\Google
2013-05-09 02:24 . 2013-05-09 02:24 -------- d-----w- c:\arquivos de programas\Unlocker
2013-05-09 01:40 . 2013-05-09 01:44 -------- d-----w- c:\arquivos de programas\GUME.tmp
2013-05-09 01:13 . 2013-05-09 01:13 -------- d-----w- c:\documents and settings\Jorgen\Dados de aplicativos\Mipony Download Manager Packages
2013-05-09 01:12 . 2013-05-09 01:12 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\BrowserProtect
2013-05-09 01:10 . 2013-05-09 01:10 -------- d-----w- c:\arquivos de programas\MiPony
2013-05-09 01:10 . 2013-05-09 01:10 -------- d-----w- c:\documents and settings\Jorgen\Dados de aplicativos\DSite
2013-05-05 16:01 . 2013-05-05 16:01 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Corel
2013-05-05 15:59 . 2013-05-05 15:59 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Protexis
2013-05-05 15:44 . 2013-05-05 15:44 -------- d-----w- c:\arquivos de programas\Corel
2013-05-05 15:38 . 2013-05-05 16:35 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\CorelDRAW Graphics Suite X6
2013-05-02 10:36 . 2013-05-02 10:35 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-20 22:48 . 2013-04-20 22:48 -------- d-----w- c:\documents and settings\Jorgen\Dados de aplicativos\WinPatrol
2013-04-20 22:48 . 2013-04-20 22:48 -------- d-----w- c:\arquivos de programas\BillP Studios
2013-04-18 04:29 . 2013-04-18 04:29 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Sonos,_Inc
2013-04-18 03:20 . 2013-04-18 03:20 -------- d-----w- c:\arquivos de programas\CCleaner
2013-04-18 02:44 . 2013-04-18 02:44 -------- d-----w- c:\arquivos de programas\VS Revo Group
2013-04-16 20:00 . 2013-04-16 20:02 -------- dc-h--w- c:\windows\ie8
2013-04-16 20:00 . 2013-04-16 20:04 -------- d--h--w- c:\windows\msdownld.tmp
2013-04-16 17:14 . 2013-04-16 17:14 -------- d-----w- c:\documents and settings\Jorgen\Dados de aplicativos\AVG2013
2013-04-16 17:14 . 2013-04-16 17:14 -------- d-----w- c:\documents and settings\Jorgen\Configurações locais\Dados de aplicativos\AVG SafeGuard toolbar
2013-04-16 17:13 . 2013-04-16 17:13 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\AVG SafeGuard toolbar
2013-04-16 17:13 . 2013-04-16 17:13 -------- d-----w- c:\documents and settings\Jorgen\Dados de aplicativos\AVG SafeGuard toolbar
2013-04-16 17:13 . 2013-04-16 17:13 -------- d-----w- c:\arquivos de programas\AVG SafeGuard toolbar
2013-04-16 17:10 . 2013-05-11 00:23 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\MFAData
2013-04-16 17:10 . 2013-04-16 17:17 -------- d-----w- c:\documents and settings\Jorgen\Configurações locais\Dados de aplicativos\Avg2013
2013-04-16 17:10 . 2013-04-16 17:10 -------- d-----w- c:\documents and settings\Jorgen\Configurações locais\Dados de aplicativos\MFAData
2013-04-16 17:06 . 2013-04-16 19:37 4126720 ----a-w- c:\arquivos de programas\GUT92.tmp
2013-04-16 17:06 . 2013-04-16 17:06 -------- d-----w- c:\arquivos de programas\GUM91.tmp
2013-04-16 16:58 . 2013-04-16 16:58 -------- d-----w- c:\documents and settings\Jorgen\Configurações locais\Dados de aplicativos\Mozilla
2013-04-16 13:13 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-04-16 13:13 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
2013-04-16 13:07 . 2012-11-02 02:04 375296 -c----w- c:\windows\system32\dllcache\dpnet.dll
2013-04-16 12:25 . 2013-04-16 12:37 33624 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-04-16 12:14 . 2013-04-16 12:14 -------- d-----w- c:\arquivos de programas\FileASSASSIN
2013-04-16 11:37 . 2013-04-16 11:37 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware
2013-04-16 11:37 . 2013-04-04 17:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-16 11:13 . 2012-10-02 18:04 58368 -c----w- c:\windows\system32\dllcache\synceng.dll
2013-04-15 22:02 . 2013-04-15 22:02 -------- d-----w- c:\documents and settings\Jorgen\Dados de aplicativos\TuneUp Software
2013-04-15 22:01 . 2013-04-15 22:01 -------- d-----w- C:\$AVG
2013-04-15 22:01 . 2013-04-16 19:36 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\AVG2013
2013-04-15 21:39 . 2013-04-17 03:00 -------- d-----w- c:\documents and settings\Jorgen\Configurações locais\Dados de aplicativos\Deployment
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-05 16:05 . 2010-10-05 16:13 348256 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\VSTAHost\CorelPHOTOPAINT\9.0\1033\ResourceCache.dll
2013-05-05 16:02 . 2010-10-05 16:12 348256 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\VSTAHost\CorelDRAW\9.0\1033\ResourceCache.dll
2013-05-02 10:35 . 2012-07-06 23:32 866720 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-05-02 10:35 . 2010-05-18 02:05 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-05-02 10:35 . 2008-01-30 04:08 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-29 05:53 . 2013-02-27 02:40 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-03-21 06:08 . 2013-02-14 06:52 182072 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2013-03-13 01:49 . 2012-11-18 02:30 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-13 01:49 . 2012-11-18 02:30 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-08 08:36 . 2004-08-04 03:45 293888 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 15:56 . 2004-08-04 03:40 2153984 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 15:56 . 2004-08-04 00:40 2032640 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-02 01:58 . 2004-08-04 03:38 1867392 ----a-w- c:\windows\system32\win32k.sys
2013-03-01 13:32 . 2013-03-01 13:32 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-02-19 05:30 . 2013-02-19 05:30 664 ----a-w- c:\documents and settings\Jorgen\Configurações locais\Dados de aplicativos\d3d9caps.tmp
2013-02-12 00:32 . 2008-04-13 18:56 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2004-08-04 02:04 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2013-04-04 00:51 383328 ----a-w- c:\arquivos de programas\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2013-04-04 00:51 383328 ----a-w- c:\arquivos de programas\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2013-04-04 00:51 383328 ----a-w- c:\arquivos de programas\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2013-04-04 00:51 383328 ----a-w- c:\arquivos de programas\SugarSync\SugarSyncShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SugarSync"="c:\arquivos de programas\SugarSync\SugarSyncManager.exe" [2013-04-04 11262304]
"Skype"="c:\arquivos de programas\Skype\Phone\Skype.exe" [2010-10-11 16856968]
"WinFLTray"="c:\windows\system32\WinFLTray.exe" [2012-07-20 321736]
"FLBackup"="c:\arquivos de programas\NewSoftware's\Folder Lock\FLComServCtrl.exe" [2012-07-20 276168]
"FreeRAM XP"="c:\arquivos de programas\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2012-09-14 1591808]
"gStart"="c:\garmin\gStart.exe" [2008-08-13 1891416]
"ANT Agent"="c:\arquivos de programas\Garmin\ANT Agent\ANT Agent.exe" [2012-03-23 14749544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelAudioStudio"="c:\arquivos de programas\Intel Audio Studio\IntelAudioStudio.exe" [2006-09-21 9138176]
"LanguageShortcut"="c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"AtomTime"="c:\arquivos de programas\AtomTime Pro\AtomTime.EXE" [2004-12-03 396316]
"AppleSyncNotifier"="c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-08 47904]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"VirtualCloneDrive"="c:\arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"CertificateRegistration"="aetcrss1.exe" [2010-07-20 151552]
"APSDaemon"="c:\arquivos de programas\Arquivos comuns\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"LogMeIn GUI"="c:\arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" [2011-09-16 63048]
"DivXMediaServer"="c:\arquivos de programas\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560]
"DivXUpdate"="c:\arquivos de programas\DivX\DivX Update\DivXUpdate.exe" [2012-11-01 1263512]
"AdobeAAMUpdater-1.0"="c:\arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-03-21 472992]
"iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"AVG_UI"="c:\arquivos de programas\AVG\AVG2013\avgui.exe" [2013-04-29 4408368]
"WinPatrol"="c:\arquivos de programas\BillP Studios\WinPatrol\winpatrol.exe" [2013-04-17 422632]
"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2013-03-12 253816]
"UnlockerAssistant"="c:\arquivos de programas\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Jorgen\Menu Iniciar\Programas\Inicializar\
ddbd5.LNK - c:\arquivos de programas\Internet Explorer\ddbd5.exe [2013-3-29 370688]
.
c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
BTTray.lnk - c:\arquivos de programas\ANYCOM\Blue USB-200-250\BTTray.exe [2005-9-6 581693]
CineForm Status.lnk - c:\arquivos de programas\CineForm\Tools\GoProCineFormStatusViewer.exe [2012-10-28 152064]
HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-11-21 17:16 92072 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ c:\arquiv~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gStart]
2008-08-13 17:34 1891416 ----a-w- c:\garmin\gStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-04-17 00:12 3872080 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScreenPrint32]
2003-05-15 23:36 446464 ----a-w- c:\arquivos de programas\ScreenPrint32 v3\ScreenPrint32.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-08-06 16:04 1353080 ----a-w- c:\arquivos de programas\Steam\steam.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
"c:\\Arquivos de programas\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"=
"c:\\Documents and Settings\\Jorgen\\Dados de aplicativos\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Arquivos de programas\\Steam\\steamapps\\common\\il 2 sturmovik 1946\\il2fb.exe"=
"c:\\Arquivos de programas\\Steam\\steamapps\\common\\silent hunter 3\\sh3.exe"=
"c:\\WINDOWS\\system32\\hasplms.exe"=
"c:\\Arquivos de programas\\Arquivos comuns\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=
"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=
"c:\\Arquivos de programas\\Bitcoin\\bitcoin-qt.exe"=
"c:\\Arquivos de programas\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Arquivos de programas\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Arquivos de programas\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Arquivos de programas\\AVG\\AVG2013\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1034:TCP"= 1034:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\arquivos de programas\IObit\Advanced SystemCare 6\ASCService.exe [x]
R2 BBSvc;BingBar Service;c:\arquivos de programas\Microsoft\BingBar\7.1.391.0\BBSvc.exe [x]
R2 Marvell RAID;Marvell RAID Event Agent;c:\arquivos de programas\Marvell\61xx\svc\mvraidsvc.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 vToolbarUpdater15.0.0;vToolbarUpdater15.0.0;c:\arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 GemCCID;GemCCID;c:\windows\system32\Drivers\GemCCID.sys [x]
R3 Ipodtuv1d;Ipodtuv1d; [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 SWUSBFLT;Microsoft SideWinder VIA Filter Driver;c:\windows\system32\DRIVERS\SWUSBFLT.sys [x]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 WinFLAdrv;WinFLAdrv;c:\windows\system32\WinFLAdrv.sys [x]
S2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;c:\arquivos de programas\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\arquivos de programas\AVG\AVG2013\avgidsagent.exe [x]
S2 avgwd;Watchdog do AVG;c:\arquivos de programas\AVG\AVG2013\avgwdsvc.exe [x]
S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\DRIVERS\EAPPkt.sys [x]
S2 FLService;FLService;c:\windows\system32\WinFLService.exe [x]
S2 hasplms;Sentinel Local License Manager;c:\windows\system32\hasplms.exe -run [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\arquivos de programas\LogMeIn\x86\LMIGuardianSvc.exe [x]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\arquivos de programas\LogMeIn\x86\RaInfo.sys [x]
S2 MRUWebService;MRU Web Service;c:\arquivos de programas\Marvell\61xx\Apache2\bin\Apache.exe [x]
S2 WinVDEDrv;WinVDEDrv;c:\windows\system32\WinVDEdrv.sys [x]
S3 BBUpdate;BBUpdate;c:\arquivos de programas\Microsoft\BingBar\7.1.391.0\SeaPort.exe [x]
S3 libusb0;LibUsb-Win32 - Kernel Driver 07/07/2009, 0.1.12.2;c:\windows\system32\DRIVERS\libusb0.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\aetsprov]
2010-08-01 01:55 81920 ----a-w- c:\windows\system32\aetsprov.dll
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2013-05-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-18 01:49]
.
2013-05-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2011-06-01 20:57]
.
2013-05-11 c:\windows\Tasks\avast! Emergency Update.job
- c:\arquivos de programas\AVAST Software\Avast\AvastEmUpdate.exe [2012-08-25 09:12]
.
2013-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2013-05-09 03:32]
.
2013-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2013-05-09 03:32]
.
2013-04-29 c:\windows\Tasks\videopadShakeIcon.job
- c:\arquivos de programas\NCH Software\VideoPad\videopad.exe [2012-12-23 01:54]
.
2012-07-10 c:\windows\Tasks\WavePadReminder.job
- c:\arquivos de programas\NCH Software\WavePad\wavepad.exe [2012-06-30 00:25]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com.br
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = 80.84.34.175:9000
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Enviar para &Bluetooth - c:\arquivos de programas\ANYCOM\Blue USB-200-250\btsendto_ie_ctx.htm
IE: Save YouTube Video
Trusted Zone: cybertrust.com\shrweb7.idm
TCP: DhcpNameServer = 192.168.0.1
DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} - hxxps://cpne.bradesco.com.br/certifexp.cab
DPF: {B3D3825B-2120-4B0E-8C45-80ECC1D3E70D} - hxxps://cpne.bradesco.com.br/CA.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-11 00:27
Windows 5.1.2600 Service Pack 3 NTFS
.
Procurando processos ocultos ...
.
Procurando entradas auto inicializáveis ocultas ...
.
Procurando ficheiros/arquivos ocultos ...
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:60,05,ee,30,4e,e9,ce,99,d2,b8,7d,f0,5e,5d,c7,fb,bc,fe,2c,60,21,
89,ac,77,e8,ed,b0,1a,00,70,ea,5f,4f,ec,40,2a,d5,dd,5f,37,63,f4,d2,df,4e,a5,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:60,05,ee,30,4e,e9,ce,99,d2,b8,7d,f0,5e,5d,c7,fb,bc,fe,2c,60,21,
89,ac,77,e8,ed,b0,1a,00,70,ea,5f,4f,ec,40,2a,d5,dd,5f,37,63,f4,d2,df,4e,a5,\
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
.
- - - - - - - > 'winlogon.exe'(1080)
c:\windows\system32\LMIinit.dll
.
- - - - - - - > 'explorer.exe'(588)
c:\arquivos de programas\SugarSync\SugarSyncShellExt.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\msls31.dll
c:\arquivos de programas\Arquivos comuns\Microsoft Shared\INK\SKCHUI.DLL
c:\windows\system32\webcheck.dll
c:\arquivos de programas\Scpad\scpLIB.dll
c:\arquivos de programas\Scpad\scpMIB.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Tempo para conclusão: 2013-05-11 00:32:45
ComboFix-quarantined-files.txt 2013-05-11 03:32
ComboFix2.txt 2013-05-09 00:40
ComboFix3.txt 2013-05-09 00:00
.
Pré-execução: 1.770.352.640 bytes disponíveis
Pós execução: 1.887.080.448 bytes disponíveis
.
- - End Of File - - 439C81F19536949978F34C5B71BDF5A2

[gringo_pr]

Have you tried to delete the folder?

[Space1969]

yes, but it does not work. I can do it with Unlocker but I do not know if that will resolve it. Will try now.

[gringo_pr]

Hello


Download this tool and save it to the desktop: http://download.blee...xes/Inherit.exe


then drag the folder that is giving the problem onto it - then try and remove it



gringo

[Space1969]

Yes, now I could delete and reinstall Chrome. It is working again!!!

Thanks so much!!

[gringo_pr]

Hello Space1969

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

• In your next post I need the following
  
  
• report from Combofix
• let me know of any problems you may have had
• How is the computer doing now after running the script?

Gringo

[Space1969]

See the log below!


ComboFix 13-05-11.01 - Jorgen 11/05/2013 1:30.9.2 - x86
Executando de: c:\documents and settings\Jorgen\Desktop\ComboFix.exe
Comandos utilizados :: c:\documents and settings\Jorgen\Desktop\CFScript.txt
* Criado um novo ponto de restauração
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2013-04-11 to 2013-05-11 ))))))))))))))))))))))))))))
.
.
2013-05-11 04:03 . 2013-05-11 04:05 -------- d-----w- c:\arquivos de programas\Google
2013-05-11 03:50 . 2013-05-11 03:50 -------- d-----w- c:\documents and settings\Jorgen\Dados de aplicativos\No Company Name
2013-05-11 02:54 . 2013-05-11 02:54 -------- d-----w- c:\windows\ERUNT
2013-05-11 02:53 . 2013-05-11 02:53 -------- d-----w- C:\JRT
2013-05-11 00:22 . 2013-05-11 00:22 -------- d-----w- c:\documents and settings\Default User\Dados de aplicativos\TuneUp Software
2013-05-11 00:22 . 2013-05-11 00:22 -------- d-----w- c:\windows\LastGood
2013-05-09 02:24 . 2013-05-09 02:24 -------- d-----w- c:\arquivos de programas\Unlocker
2013-05-09 01:40 . 2013-05-09 01:44 -------- d-----w- c:\arquivos de programas\GUME.tmp
2013-05-09 01:13 . 2013-05-09 01:13 -------- d-----w- c:\documents and settings\Jorgen\Dados de aplicativos\Mipony Download Manager Packages
2013-05-09 01:12 . 2013-05-09 01:12 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\BrowserProtect
2013-05-09 01:10 . 2013-05-09 01:10 -------- d-----w- c:\arquivos de programas\MiPony
2013-05-09 01:10 . 2013-05-09 01:10 -------- d-----w- c:\documents and settings\Jorgen\Dados de aplicativos\DSite
2013-05-05 16:01 . 2013-05-05 16:01 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Corel
2013-05-05 15:59 . 2013-05-05 15:59 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Protexis
2013-05-05 15:44 . 2013-05-05 15:44 -------- d-----w- c:\arquivos de programas\Corel
2013-05-05 15:38 . 2013-05-05 16:35 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\CorelDRAW Graphics Suite X6
2013-05-02 10:36 . 2013-05-02 10:35 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-20 22:48 . 2013-04-20 22:48 -------- d-----w- c:\documents and settings\Jorgen\Dados de aplicativos\WinPatrol
2013-04-20 22:48 . 2013-04-20 22:48 -------- d-----w- c:\arquivos de programas\BillP Studios
2013-04-18 04:29 . 2013-04-18 04:29 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Sonos,_Inc
2013-04-18 03:20 . 2013-04-18 03:20 -------- d-----w- c:\arquivos de programas\CCleaner
2013-04-18 02:44 . 2013-04-18 02:44 -------- d-----w- c:\arquivos de programas\VS Revo Group
2013-04-16 20:00 . 2013-04-16 20:02 -------- dc-h--w- c:\windows\ie8
2013-04-16 20:00 . 2013-04-16 20:04 -------- d--h--w- c:\windows\msdownld.tmp
2013-04-16 17:14 . 2013-04-16 17:14 -------- d-----w- c:\documents and settings\Jorgen\Dados de aplicativos\AVG2013
2013-04-16 17:14 . 2013-04-16 17:14 -------- d-----w- c:\windows\system32\config\systemprofile\Dados de aplicativos\AVG2013
2013-04-16 17:14 . 2013-04-16 17:14 -------- d-----w- c:\documents and settings\Jorgen\Configurações locais\Dados de aplicativos\AVG SafeGuard toolbar
2013-04-16 17:13 . 2013-04-16 17:13 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\AVG SafeGuard toolbar
2013-04-16 17:13 . 2013-04-16 17:13 -------- d-----w- c:\documents and settings\Jorgen\Dados de aplicativos\AVG SafeGuard toolbar
2013-04-16 17:13 . 2013-04-16 17:13 -------- d-----w- c:\arquivos de programas\AVG SafeGuard toolbar
2013-04-16 17:10 . 2013-05-11 00:23 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\MFAData
2013-04-16 17:10 . 2013-04-16 17:17 -------- d-----w- c:\documents and settings\Jorgen\Configurações locais\Dados de aplicativos\Avg2013
2013-04-16 17:10 . 2013-04-16 17:10 -------- d-----w- c:\documents and settings\Jorgen\Configurações locais\Dados de aplicativos\MFAData
2013-04-16 17:06 . 2013-04-16 19:37 4126720 ----a-w- c:\arquivos de programas\GUT92.tmp
2013-04-16 17:06 . 2013-04-16 17:06 -------- d-----w- c:\arquivos de programas\GUM91.tmp
2013-04-16 16:58 . 2013-04-16 16:58 -------- d-----w- c:\documents and settings\Jorgen\Configurações locais\Dados de aplicativos\Mozilla
2013-04-16 13:13 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-04-16 13:13 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
2013-04-16 13:07 . 2012-11-02 02:04 375296 -c----w- c:\windows\system32\dllcache\dpnet.dll
2013-04-16 12:25 . 2013-04-16 12:37 33624 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-04-16 12:14 . 2013-04-16 12:14 -------- d-----w- c:\arquivos de programas\FileASSASSIN
2013-04-16 11:37 . 2013-04-16 11:37 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware
2013-04-16 11:37 . 2013-04-04 17:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-16 11:13 . 2012-10-02 18:04 58368 -c----w- c:\windows\system32\dllcache\synceng.dll
2013-04-15 22:02 . 2013-04-15 22:02 -------- d-----w- c:\documents and settings\Jorgen\Dados de aplicativos\TuneUp Software
2013-04-15 22:01 . 2013-04-15 22:01 -------- d-----w- C:\$AVG
2013-04-15 22:01 . 2013-04-16 19:36 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\AVG2013
2013-04-15 21:39 . 2013-04-17 03:00 -------- d-----w- c:\documents and settings\Jorgen\Configurações locais\Dados de aplicativos\Deployment
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-05 16:05 . 2010-10-05 16:13 348256 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\VSTAHost\CorelPHOTOPAINT\9.0\1033\ResourceCache.dll
2013-05-05 16:02 . 2010-10-05 16:12 348256 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\VSTAHost\CorelDRAW\9.0\1033\ResourceCache.dll
2013-05-02 10:35 . 2012-07-06 23:32 866720 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-05-02 10:35 . 2010-05-18 02:05 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-05-02 10:35 . 2008-01-30 04:08 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-29 05:53 . 2013-02-27 02:40 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-03-21 06:08 . 2013-02-14 06:52 182072 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2013-03-13 01:49 . 2012-11-18 02:30 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-13 01:49 . 2012-11-18 02:30 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-08 08:36 . 2004-08-04 03:45 293888 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 15:56 . 2004-08-04 03:40 2153984 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 15:56 . 2004-08-04 00:40 2032640 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-02 01:58 . 2004-08-04 03:38 1867392 ----a-w- c:\windows\system32\win32k.sys
2013-03-01 13:32 . 2013-03-01 13:32 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-02-19 05:30 . 2013-02-19 05:30 664 ----a-w- c:\documents and settings\Jorgen\Configurações locais\Dados de aplicativos\d3d9caps.tmp
2013-02-12 00:32 . 2008-04-13 18:56 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2004-08-04 02:04 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2013-04-04 00:51 383328 ----a-w- c:\arquivos de programas\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2013-04-04 00:51 383328 ----a-w- c:\arquivos de programas\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2013-04-04 00:51 383328 ----a-w- c:\arquivos de programas\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2013-04-04 00:51 383328 ----a-w- c:\arquivos de programas\SugarSync\SugarSyncShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SugarSync"="c:\arquivos de programas\SugarSync\SugarSyncManager.exe" [2013-04-04 11262304]
"Skype"="c:\arquivos de programas\Skype\Phone\Skype.exe" [2010-10-11 16856968]
"WinFLTray"="c:\windows\system32\WinFLTray.exe" [2012-07-20 321736]
"FLBackup"="c:\arquivos de programas\NewSoftware's\Folder Lock\FLComServCtrl.exe" [2012-07-20 276168]
"FreeRAM XP"="c:\arquivos de programas\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2012-09-14 1591808]
"gStart"="c:\garmin\gStart.exe" [2008-08-13 1891416]
"ANT Agent"="c:\arquivos de programas\Garmin\ANT Agent\ANT Agent.exe" [2012-03-23 14749544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelAudioStudio"="c:\arquivos de programas\Intel Audio Studio\IntelAudioStudio.exe" [2006-09-21 9138176]
"LanguageShortcut"="c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"AtomTime"="c:\arquivos de programas\AtomTime Pro\AtomTime.EXE" [2004-12-03 396316]
"AppleSyncNotifier"="c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-08 47904]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"VirtualCloneDrive"="c:\arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"CertificateRegistration"="aetcrss1.exe" [2010-07-20 151552]
"APSDaemon"="c:\arquivos de programas\Arquivos comuns\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"LogMeIn GUI"="c:\arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" [2011-09-16 63048]
"DivXMediaServer"="c:\arquivos de programas\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560]
"DivXUpdate"="c:\arquivos de programas\DivX\DivX Update\DivXUpdate.exe" [2012-11-01 1263512]
"iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"AVG_UI"="c:\arquivos de programas\AVG\AVG2013\avgui.exe" [2013-04-29 4408368]
"WinPatrol"="c:\arquivos de programas\BillP Studios\WinPatrol\winpatrol.exe" [2013-04-17 422632]
"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2013-03-12 253816]
"UnlockerAssistant"="c:\arquivos de programas\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Jorgen\Menu Iniciar\Programas\Inicializar\
ddbd5.LNK - c:\arquivos de programas\Internet Explorer\ddbd5.exe [2013-3-29 370688]
.
c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
BTTray.lnk - c:\arquivos de programas\ANYCOM\Blue USB-200-250\BTTray.exe [2005-9-6 581693]
CineForm Status.lnk - c:\arquivos de programas\CineForm\Tools\GoProCineFormStatusViewer.exe [2012-10-28 152064]
HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-11-21 17:16 92072 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ c:\arquiv~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gStart]
2008-08-13 17:34 1891416 ----a-w- c:\garmin\gStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-04-17 00:12 3872080 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScreenPrint32]
2003-05-15 23:36 446464 ----a-w- c:\arquivos de programas\ScreenPrint32 v3\ScreenPrint32.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-08-06 16:04 1353080 ----a-w- c:\arquivos de programas\Steam\steam.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
"c:\\Arquivos de programas\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"=
"c:\\Documents and Settings\\Jorgen\\Dados de aplicativos\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Arquivos de programas\\Steam\\steamapps\\common\\il 2 sturmovik 1946\\il2fb.exe"=
"c:\\Arquivos de programas\\Steam\\steamapps\\common\\silent hunter 3\\sh3.exe"=
"c:\\WINDOWS\\system32\\hasplms.exe"=
"c:\\Arquivos de programas\\Arquivos comuns\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=
"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=
"c:\\Arquivos de programas\\Bitcoin\\bitcoin-qt.exe"=
"c:\\Arquivos de programas\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Arquivos de programas\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Arquivos de programas\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Arquivos de programas\\AVG\\AVG2013\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1034:TCP"= 1034:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\arquivos de programas\IObit\Advanced SystemCare 6\ASCService.exe [x]
R2 BBSvc;BingBar Service;c:\arquivos de programas\Microsoft\BingBar\7.1.391.0\BBSvc.exe [x]
R2 Marvell RAID;Marvell RAID Event Agent;c:\arquivos de programas\Marvell\61xx\svc\mvraidsvc.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 vToolbarUpdater15.0.0;vToolbarUpdater15.0.0;c:\arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 GemCCID;GemCCID;c:\windows\system32\Drivers\GemCCID.sys [x]
R3 Ipodtuv1d;Ipodtuv1d; [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 SWUSBFLT;Microsoft SideWinder VIA Filter Driver;c:\windows\system32\DRIVERS\SWUSBFLT.sys [x]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 WinFLAdrv;WinFLAdrv;c:\windows\system32\WinFLAdrv.sys [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\arquivos de programas\AVG\AVG2013\avgidsagent.exe [x]
S2 avgwd;Watchdog do AVG;c:\arquivos de programas\AVG\AVG2013\avgwdsvc.exe [x]
S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\DRIVERS\EAPPkt.sys [x]
S2 FLService;FLService;c:\windows\system32\WinFLService.exe [x]
S2 hasplms;Sentinel Local License Manager;c:\windows\system32\hasplms.exe -run [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\arquivos de programas\LogMeIn\x86\LMIGuardianSvc.exe [x]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\arquivos de programas\LogMeIn\x86\RaInfo.sys [x]
S2 MRUWebService;MRU Web Service;c:\arquivos de programas\Marvell\61xx\Apache2\bin\Apache.exe [x]
S2 WinVDEDrv;WinVDEDrv;c:\windows\system32\WinVDEdrv.sys [x]
S3 BBUpdate;BBUpdate;c:\arquivos de programas\Microsoft\BingBar\7.1.391.0\SeaPort.exe [x]
S3 libusb0;LibUsb-Win32 - Kernel Driver 07/07/2009, 0.1.12.2;c:\windows\system32\DRIVERS\libusb0.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\aetsprov]
2010-08-01 01:55 81920 ----a-w- c:\windows\system32\aetsprov.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-05-11 04:05 1642448 ----a-w- c:\arquivos de programas\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2013-05-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-18 01:49]
.
2013-05-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2011-06-01 20:57]
.
2013-05-11 c:\windows\Tasks\avast! Emergency Update.job
- c:\arquivos de programas\AVAST Software\Avast\AvastEmUpdate.exe [2012-08-25 09:12]
.
2013-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2013-05-11 04:03]
.
2013-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2013-05-11 04:03]
.
2013-04-29 c:\windows\Tasks\videopadShakeIcon.job
- c:\arquivos de programas\NCH Software\VideoPad\videopad.exe [2012-12-23 01:54]
.
2012-07-10 c:\windows\Tasks\WavePadReminder.job
- c:\arquivos de programas\NCH Software\WavePad\wavepad.exe [2012-06-30 00:25]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com.br
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = 80.84.34.175:9000
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Enviar para &Bluetooth - c:\arquivos de programas\ANYCOM\Blue USB-200-250\btsendto_ie_ctx.htm
IE: Save YouTube Video
Trusted Zone: cybertrust.com\shrweb7.idm
TCP: DhcpNameServer = 192.168.0.1
DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} - hxxps://cpne.bradesco.com.br/certifexp.cab
DPF: {B3D3825B-2120-4B0E-8C45-80ECC1D3E70D} - hxxps://cpne.bradesco.com.br/CA.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-11 01:44
Windows 5.1.2600 Service Pack 3 NTFS
.
Procurando processos ocultos ...
.
Procurando entradas auto inicializáveis ocultas ...
.
Procurando ficheiros/arquivos ocultos ...
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:60,05,ee,30,4e,e9,ce,99,d2,b8,7d,f0,5e,5d,c7,fb,bc,fe,2c,60,21,
89,ac,77,e8,ed,b0,1a,00,70,ea,5f,4f,ec,40,2a,d5,dd,5f,37,63,f4,d2,df,4e,a5,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:60,05,ee,30,4e,e9,ce,99,d2,b8,7d,f0,5e,5d,c7,fb,bc,fe,2c,60,21,
89,ac,77,e8,ed,b0,1a,00,70,ea,5f,4f,ec,40,2a,d5,dd,5f,37,63,f4,d2,df,4e,a5,\
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
.
- - - - - - - > 'winlogon.exe'(1092)
c:\windows\system32\LMIinit.dll
.
- - - - - - - > 'explorer.exe'(6612)
c:\arquivos de programas\SugarSync\SugarSyncShellExt.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msls31.dll
c:\windows\system32\msi.dll
c:\arquivos de programas\Arquivos comuns\Microsoft Shared\INK\SKCHUI.DLL
c:\windows\system32\webcheck.dll
c:\arquivos de programas\Scpad\scpLIB.dll
c:\arquivos de programas\Scpad\scpMIB.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Tempo para conclusão: 2013-05-11 01:49:10
ComboFix-quarantined-files.txt 2013-05-11 04:48
ComboFix2.txt 2013-05-11 03:32
.
Pré-execução: 2.907.648.000 bytes disponíveis
Pós execução: 2.904.322.048 bytes disponíveis
.
- - End Of File - - 485F582F1844923695217265C8EE25CE

[gringo_pr]

Hello

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove


BrowserProtect
DealPly
DealPly (remove only)
Delta Chrome Toolbar
Delta toolbar
Java 7 Update 21

[/list]

• Please download and install Revo Uninstaller Free
• Double click Revo Uninstaller to run it.
• From the list of programs double click on The Program to remove
• When prompted if you want to uninstall click Yes.
• Be sure the Moderate option is selected then click Next.
• The program will run, If prompted again click Yes
• when the built-in uninstaller is finished click on Next.
• Once the program has searched for leftovers click Next.
• Check/tick the bolded items only on the list then click Delete
• when prompted click on Yes and then on next.
• put a check on any folders that are found and select delete
• when prompted select yes then on next
• Once done click Finish.

.



Update Adobe reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com.../readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]


Clean Out Temp Files

• This small application you may want to keep and use once a week to keep the computer clean.
  
  Download CCleaner from here http://www.ccleaner.com/
  
  
• Run the installer to install the application.
• When it gives you the option to install Yahoo toolbar uncheck the box next to it.
• Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
• Click Run Cleaner.
• Close CCleaner.

: Malwarebytes' Anti-Malware :


I see You have MBAM installed on the computer - that is great!! it is a very good program! I would like you to run a quick scan for me now

• Double-click mbam icon
• go to the update tab at the top
• click on check for updates
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  
• If you accidentally close it, the log file is saved here and will be named like this:
• C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

• Go Here to download HijackThis program
• Save HijackThis to your desktop.
• Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
• Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
• copy and paste hijackthis report into the topic

"information and logs"

• In your next post I need the following
  
  
• Log From MBAM
• report from Hijackthis
• let me know of any problems you may have had
• How is the computer doing now?

Gringo