Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

double blue underline - malware? help [Closed] [Solved]


  • This topic is locked This topic is locked

#1
danix22

danix22

    Member

  • Member
  • PipPip
  • 22 posts

when I open some pages, some words appear written in blue and with a double underline the same color that, when clicked, takes us one, it seems, search engine.

please help

 

thanks

Danix


  • 0

Advertisements


#2
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts
Hi danix22,

Welcome to Geeks to Go. My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:
  • As I am in the final phase of training right now, my responses to you may be delayed slightly as they have to be checked by my adviser (good news for you, as there will be two sets of eyes fixing your problem). I promise to be as prompt as possible in helping you, so please bear with me and we will get through this.
  • Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
  • All of the assistants and staff at Geeks to Go are here on a volunteer basis; please respect our time given to the cause of helping others.If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date. That being said, please notice the following Geeks to Go rule:
  • Posts that are not replied to in four (4) days will result in the topic being closed. We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
  • Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
  • If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.All of the tools I will have you use are safe to use (as instructed) and malware free.
  • While we strive to disrupt your system as little as possible, things happen.If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
  • Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
  • Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
Let's get started....

Please download Farbar Recovery Scan Tool 32bit and save it to your Desktop.

Please download Farbar Recovery Scan Tool 64bit and save it to your Desktop.

Only one of these files will run on your system (either the 32 bit or 64 bit version); try the 64 bit first and if it runs then delete the 32bit file. If the 64bit version does not run, then delete it and run the 32bit version.
  • Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 1

#3
danix22

danix22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts

hi dbreeze

 

thanks for your quik answer. i would like to let you know that im not english and i could, sometimes don´t understand what you ask :)

So far so good! i have dowloaded what u asked and here are both logs :

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by Daniel (administrator) on V3G33 on 16-09-2014 17:03:06
Running from C:\Documents and Settings\Daniel\Ambiente de trabalho
Platform: Microsoft Windows XP Professional Service Pack 2 (X86) OS Language: Português (Portugal)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira GmbH) C:\Programas\Avira\AntiVir Desktop\sched.exe
(Avira GmbH) C:\Programas\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Avira GmbH) C:\Programas\Avira\AntiVir Desktop\avshadow.exe
(Hewlett-Packard Company) C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
(Logitech Inc.) C:\Programas\Ficheiros comuns\LogiShrd\LVMVFM\LVPrcSrv.exe
(Microsoft Corporation) C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
(Protexis Inc.) C:\Programas\Ficheiros comuns\Protexis\License Service\PsiService_2.exe
(Microsoft Corp.) C:\Programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(TuneUp Software) C:\Programas\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
(TuneUp Software) C:\Programas\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(Avira GmbH) C:\Programas\Avira\AntiVir Desktop\avgnt.exe
(Spotify Ltd) C:\Documents and Settings\Daniel\Application Data\Spotify\Data\SpotifyWebHelper.exe
(Sony) C:\Programas\Sony\Sony PC Companion\PCCompanion.exe
(Hewlett-Packard) C:\Programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
(Dropbox, Inc.) C:\Documents and Settings\Daniel\Application Data\Dropbox\bin\Dropbox.exe
() C:\Programas\Sony\Sony PC Companion\PCCompanionInfo.exe
(Elex do Brasil Participações Ltda) C:\Programas\iSafe\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Programas\iSafe\iSafeSvc2.exe
(Elex do Brasil Participações Ltda) C:\Programas\iSafe\iSafeTray.exe
() C:\Programas\iSafe\ipcdl.exe
(Mozilla Corporation) C:\Programas\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Programas\Mozilla Firefox\plugin-container.exe
(Adobe Systems Inc.) C:\Programas\Adobe\Acrobat 7.0\Distillr\acrotray.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SkyTel] => C:\WINDOWS\SkyTel.EXE [2879488 2006-05-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16116224 2007-01-30] (Realtek Semiconductor Corp.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [avgnt] => C:\Programas\Avira\AntiVir Desktop\avgnt.exe [281768 2010-11-03] (Avira GmbH)
HKLM\...\Run: [Adobe ARM] => C:\Programas\Ficheiros comuns\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse]  <==== ATTENTION!
HKU\S-1-5-21-1060284298-764733703-725345543-1008\...\Run: [Sony PC Companion] => C:\Programas\Sony\Sony PC Companion\PCCompanion.exe [467680 2014-07-30] (Sony)
HKU\S-1-5-21-1060284298-764733703-725345543-1008\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1060284298-764733703-725345543-1008\...\MountPoints2: {3410e954-5816-11dd-9cab-001d601032bd} - F:\Menu.exe
HKU\S-1-5-21-1060284298-764733703-725345543-1008\...\MountPoints2: {5ea9ab0e-7236-11dd-9cd6-001d601032bd} - F:\.\RECYCLER\S-1-5-21-861567501-1801674531-839528404-232
HKU\S-1-5-21-1060284298-764733703-725345543-1008\...\MountPoints2: {c866feaf-0c13-11e4-a703-001d601032bd} - F:\Startme.exe
HKU\S-1-5-21-1060284298-764733703-725345543-1008\...\MountPoints2: {f007bd32-7a06-11de-9f7e-001d601032bd} - F:\setup.exe AUTORUN=1
IFEO: [Debugger] "C:\Programas\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\acad.exe: [Debugger] "C:\Programas\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\aclauncher.exe: [Debugger] "C:\Programas\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\acsignapply.exe: [Debugger] "C:\Programas\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\admigrator.exe: [Debugger] "C:\Programas\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\adrefman.exe: [Debugger] "C:\Programas\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\dwgcheckstandards.exe: [Debugger] "C:\Programas\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\expressburn.exe: [Debugger] "C:\Programas\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\expressviewer.exe: [Debugger] "C:\Programas\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\googleearth.exe: [Debugger] "C:\Programas\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\hpohmr08.exe: [Debugger] "C:\Programas\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\javaw.exe: [Debugger] "C:\Programas\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\javaws.exe: [Debugger] "C:\Programas\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\pc3exe.exe: [Debugger] "C:\Programas\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\photoproduct.exe: [Debugger] "C:\Programas\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\plu26.exe: [Debugger] "C:\Programas\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\presentationhost.exe: [Debugger] "C:\Programas\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\softwareupdate.exe: [Debugger] "C:\Programas\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\styexe.exe: [Debugger] "C:\Programas\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\videopad.exe: [Debugger] "C:\Programas\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO\wavepad.exe: [Debugger] "C:\Programas\TuneUp Utilities 2012\TUAutoReactivator32.exe"
Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque\Adobe Acrobat Speed Launcher.lnk
ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\WINDOWS\Installer\{AC76BA86-1034-4700-7760-000000000002}\SC_Acrobat.exe ()
Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque\hp psc 1000 series.lnk
ShortcutTarget: hp psc 1000 series.lnk -> C:\Programas\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque\hpoddt01.exe.lnk
ShortcutTarget: hpoddt01.exe.lnk -> C:\Programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
Startup: C:\Documents and Settings\Daniel\Menu Iniciar\Programas\Arranque\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Daniel\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: AutoCAD Digital Signatures Icon Overlay Handler -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll (Autodesk, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKLM - Default Value = {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D}
URLSearchHook: HKLM - (No Name) - {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} -  No File
SearchScopes: HKLM - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...q={searchTerms}
SearchScopes: HKLM - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...q={searchTerms}
SearchScopes: HKLM - {AD174941-7758-4410-8113-8C8C3D166F1A} URL = http://u-search.net/...q={searchTerms}
SearchScopes: HKCU - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...q={searchTerms}
SearchScopes: HKCU - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...q={searchTerms}
SearchScopes: HKCU - {AD174941-7758-4410-8113-8C8C3D166F1A} URL =
BHO: Facilitador de Leitor de Link Adobe PDF -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Programas\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Programas\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} ->  No File
BHO: AcroIEToolbarHelper Class -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Programas\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Programas\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programas\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM - No Name - {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programas\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {3B1E1AB9-98C2-4B7E-AE01-59C84302BBDB} http://update.rayv.c...rayvactivex.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Programas\Ficheiros comuns\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programas\Ficheiros comuns\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll No File
Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programas\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
ShellExecuteHooks: Rotina de controlo exec de URL - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll [8501760 2008-07-03] (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programas\Windows Desktop Search\MSNLNamespaceMgr.dll [294400 2007-02-05] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\mfw8iwaf.default
FF NewTab: about:blank
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: about:blank
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Programas\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Programas\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Programas\Picasa2\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 -> C:\Programas\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin -> C:\Programas\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Programas\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Programas\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/VirtualEarth3D,version=2.5 -> C:\Programas\Virtual Earth 3D\ ()
FF Plugin: @microsoft.com/VirtualEarth3D,version=3.0 -> C:\Programas\Virtual Earth 3D\ ()
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Programas\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Programas\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Programas\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @veetle.com/vbp;version=0.9.16 -> C:\Programas\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.18 -> C:\Programas\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Programas\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin: Adobe Reader -> C:\Programas\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\Daniel\Definições locais\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Programas\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programas\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programas\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programas\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programas\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programas\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programas\mozilla firefox\plugins\npuuseep.dll ( )
FF SearchPlugin: C:\Programas\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Programas\mozilla firefox\browser\searchplugins\priberam.xml
FF SearchPlugin: C:\Programas\mozilla firefox\browser\searchplugins\sapo.xml
FF SearchPlugin: C:\Programas\mozilla firefox\browser\searchplugins\wikipedia-ptpt.xml
FF Extension: Website Counselor - C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\mfw8iwaf.default\Extensions\{cc6cc772-f121-49e0-b1f0-c26583cb0c5e} [2014-09-10]
FF Extension: Adblock Plus - C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\mfw8iwaf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-10]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-22]

Chrome:
=======
CHR CustomProfile: C:\Documents and Settings\Daniel\Definições locais\Application Data\Google\Chrome\User Data\Default
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Marta\Definições locais\Application Data\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2007-10-25] (Adobe Systems) [File not signed]
R2 AntiVirSchedulerService; C:\Programas\Avira\AntiVir Desktop\sched.exe [136360 2011-05-15] (Avira GmbH)
R2 AntiVirService; C:\Programas\Avira\AntiVir Desktop\avguard.exe [269480 2011-07-01] (Avira GmbH)
R2 Apple Mobile Device; C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55624 2013-09-07] (Apple Inc.)
S4 Autodesk Licensing Service; C:\Programas\Ficheiros comuns\Autodesk Shared\Service\AdskScSrv.exe [85096 2007-10-25] (Autodesk)
S3 fsssvc; C:\Programas\Windows Live\Family Safety\fsssvc.exe [704864 2009-08-05] (Microsoft Corporation)
S2 gupdate; C:\Programas\Google\Update\GoogleUpdate.exe [135664 2010-02-01] (Google Inc.)
S3 gupdatem; C:\Programas\Google\Update\GoogleUpdate.exe [135664 2010-02-01] (Google Inc.)
S3 gusvc; C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe [194032 2012-10-04] (Google)
S3 iPod Service; C:\Programas\iPod\bin\iPodService.exe [553288 2013-11-02] (Apple Inc.)
R2 iSafeService; C:\Programas\iSafe\iSafeSvc.exe [118048 2014-08-08] (Elex do Brasil Participações Ltda)
S4 JavaQuickStarterService; C:\Programas\Java\jre7\bin\jqs.exe [161768 2012-10-22] (Oracle Corporation)
R2 LightScribeService; C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe [61440 2006-10-19] (Hewlett-Packard Company) [File not signed]
R2 LVPrcSrv; C:\Programas\Ficheiros comuns\Logishrd\LVMVFM\LVPrcSrv.exe [162648 2010-05-07] (Logitech Inc.)
S3 McComponentHostService; C:\Programas\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
R2 MDM; C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE [322120 2003-06-19] (Microsoft Corporation)
S3 MozillaMaintenance; C:\Programas\Mozilla Maintenance Service\maintenanceservice.exe [114288 2014-09-15] (Mozilla Foundation)
S4 NMIndexingService; C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexingService.exe [262144 2006-12-23] (Nero AG) [File not signed]
S3 ose; C:\Programas\Ficheiros comuns\Microsoft Shared\Source Engine\OSE.EXE [89136 2003-07-28] (Microsoft Corporation)
R2 PSI_SVC_2; c:\Programas\Ficheiros comuns\Protexis\License Service\PsiService_2.exe [189728 2009-07-24] (Protexis Inc.)
R2 SeaPort; C:\Programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [226656 2009-01-14] (Microsoft Corp.)
S3 ServiceLayer; C:\Programas\PC Connectivity Solution\ServiceLayer.exe [724376 2012-06-11] (Nokia)
S3 Sony PC Companion; C:\Programas\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
R2 TuneUp.UtilitiesSvc; C:\Programas\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [1529656 2013-12-11] (TuneUp Software)
S3 WMPNetworkSvc; C:\Programas\Windows Media Player\WMPNetwk.exe [915968 2007-01-05] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\WINDOWS\System32\DRIVERS\61883.sys [48128 2004-08-04] (Microsoft Corporation)
S3 AN983; C:\WINDOWS\System32\DRIVERS\AN983.sys [36224 2004-08-03] (ADMtek Incorporated.)
R1 avgio; C:\Programas\Avira\AntiVir Desktop\avgio.sys [11608 2009-05-11] (Avira GmbH)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [66616 2011-07-01] (Avira GmbH)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [138192 2011-07-01] (Avira GmbH)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2004-08-04] (Microsoft Corporation)
S1 Changer; C:\WINDOWS\system32\Drivers\Changer.sys [8192 2004-08-04] (Microsoft Corporation)
R2 fssfltr; C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys [54752 2009-08-05] (Microsoft Corporation)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51024 2003-03-09] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16080 2003-03-09] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21456 2003-03-09] (HP)
R1 iSafeKrnl; C:\Programas\iSafe\iSafeKrnl.sys [214592 2014-08-08] (Elex do Brasil Participações Ltda)
S3 iSafeKrnlBoot; C:\WINDOWS\System32\DRIVERS\iSafeKrnlBoot.sys [40768 2014-08-08] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Programas\iSafe\iSafeKrnlKit.sys [68288 2014-08-08] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Programas\iSafe\iSafeKrnlR3.sys [37696 2014-08-08] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Programas\iSafe\iSafeNetFilter.sys [55464 2014-08-06] (Elex do Brasil Participações Ltda)
S1 lbrtfdc; C:\WINDOWS\system32\Drivers\lbrtfdc.sys [34688 2004-08-03] (Toshiba Corp.)
R3 LVPr2Mon; C:\WINDOWS\System32\DRIVERS\LVPr2Mon.sys [25824 2010-05-07] ()
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2004-08-04] (Microsoft Corporation)
S3 Netaapl; C:\WINDOWS\System32\DRIVERS\netaapl.sys [18432 2011-08-02] (Apple Inc.) [File not signed]
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2009-05-11] (Avira GmbH)
R1 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
R3 TuneUpUtilitiesDrv; C:\Programas\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10064 2013-10-15] (TuneUp Software)
R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [248832 2006-07-26] (Marvell)
S3 ZSMC301b; C:\WINDOWS\System32\Drivers\usbVM31b.sys [93351 2004-11-10] (VM)
S4 IntelIde; No ImagePath
S1 mferkdk; \??\C:\Programas\McAfee\VirusScan Enterprise\mferkdk.sys [X]
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-16 17:03 - 2014-09-16 17:03 - 00023900 _____ () C:\Documents and Settings\Daniel\Ambiente de trabalho\FRST.txt
2014-09-16 17:00 - 2014-09-16 17:03 - 00000000 ____D () C:\FRST
2014-09-16 16:57 - 2014-09-16 16:57 - 01097728 _____ (Farbar) C:\Documents and Settings\Daniel\Ambiente de trabalho\FRST.exe
2014-09-16 10:30 - 2014-09-16 10:30 - 00001427 _____ () C:\Documents and Settings\All Users\Menu Iniciar\YAC.lnk
2014-09-16 10:30 - 2014-09-16 10:30 - 00001427 _____ () C:\Documents and Settings\All Users\Ambiente de trabalho\YAC.lnk
2014-09-16 10:30 - 2014-09-16 10:30 - 00000000 ____D () C:\Documents and Settings\Daniel\Application Data\eCyber
2014-09-16 10:30 - 2014-09-16 10:30 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Iniciar\Programas\YAC
2014-09-16 10:30 - 2014-08-08 07:24 - 00040768 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeKrnlBoot.sys
2014-09-16 10:29 - 2014-09-16 11:31 - 00000000 ____D () C:\Programas\iSafe
2014-09-16 10:29 - 2014-09-16 10:34 - 00000000 ____D () C:\Documents and Settings\Daniel\Application Data\iSafe
2014-09-16 09:47 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-09-16 09:46 - 2014-09-16 10:15 - 00000000 ____D () C:\AdwCleaner
2014-09-15 17:59 - 2014-09-15 18:00 - 00000000 ____D () C:\Programas\Mozilla Firefox
2014-09-10 12:30 - 2014-09-10 12:30 - 00001703 _____ () C:\Documents and Settings\All Users\Ambiente de trabalho\Sony PC Companion 2.1.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-16 17:03 - 2014-09-16 17:03 - 00023900 _____ () C:\Documents and Settings\Daniel\Ambiente de trabalho\FRST.txt
2014-09-16 17:03 - 2014-09-16 17:00 - 00000000 ____D () C:\FRST
2014-09-16 17:03 - 2007-10-26 18:59 - 00000000 ____D () C:\Documents and Settings\Daniel\Definições locais\Temp
2014-09-16 17:03 - 2007-10-26 18:59 - 00000000 ____D () C:\Documents and Settings\Daniel\Ambiente de trabalho
2014-09-16 16:57 - 2014-09-16 16:57 - 01097728 _____ (Farbar) C:\Documents and Settings\Daniel\Ambiente de trabalho\FRST.exe
2014-09-16 16:33 - 2012-07-14 08:18 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-09-16 16:28 - 2010-02-01 21:07 - 00000988 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-16 14:32 - 2007-10-25 17:33 - 01280296 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-16 11:31 - 2014-09-16 10:29 - 00000000 ____D () C:\Programas\iSafe
2014-09-16 11:27 - 2010-03-18 00:28 - 00000984 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cac6298a8c8d4a.job
2014-09-16 10:34 - 2014-09-16 10:29 - 00000000 ____D () C:\Documents and Settings\Daniel\Application Data\iSafe
2014-09-16 10:33 - 2014-04-03 10:07 - 00000000 ____D () C:\Programas\SiteFinder
2014-09-16 10:30 - 2014-09-16 10:30 - 00001427 _____ () C:\Documents and Settings\All Users\Menu Iniciar\YAC.lnk
2014-09-16 10:30 - 2014-09-16 10:30 - 00001427 _____ () C:\Documents and Settings\All Users\Ambiente de trabalho\YAC.lnk
2014-09-16 10:30 - 2014-09-16 10:30 - 00000000 ____D () C:\Documents and Settings\Daniel\Application Data\eCyber
2014-09-16 10:30 - 2014-09-16 10:30 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Iniciar\Programas\YAC
2014-09-16 10:30 - 2007-10-25 18:23 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Iniciar\Programas
2014-09-16 10:30 - 2007-10-25 18:23 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Iniciar
2014-09-16 10:30 - 2007-10-25 18:23 - 00000000 ____D () C:\Documents and Settings\All Users\Ambiente de trabalho
2014-09-16 10:29 - 2007-10-25 18:23 - 00000000 ___RD () C:\Programas
2014-09-16 10:19 - 2014-03-28 12:26 - 00000000 ____D () C:\Documents and Settings\Daniel\Application Data\Dropbox
2014-09-16 10:17 - 2011-01-10 23:49 - 00000000 ____D () C:\WINDOWS\system32\logishrd
2014-09-16 10:17 - 2007-10-25 18:26 - 00000157 _____ () C:\WINDOWS\wiadebug.log
2014-09-16 10:17 - 2007-10-25 18:26 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-09-16 10:17 - 2007-10-25 17:40 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-16 10:17 - 2004-08-04 13:00 - 00002278 _____ () C:\WINDOWS\system32\wpa.dbl
2014-09-16 10:16 - 2012-04-22 20:15 - 00131072 _____ () C:\WINDOWS\system32\config\TuneUp.evt
2014-09-16 10:16 - 2007-10-26 18:59 - 00000294 ___SH () C:\Documents and Settings\Daniel\ntuser.ini
2014-09-16 10:16 - 2007-10-26 18:59 - 00000000 ____D () C:\Documents and Settings\Daniel
2014-09-16 10:16 - 2007-10-25 17:40 - 00032516 _____ () C:\WINDOWS\SchedLgU.Txt
2014-09-16 10:15 - 2014-09-16 09:46 - 00000000 ____D () C:\AdwCleaner
2014-09-16 09:52 - 2012-04-28 11:16 - 00000000 ____D () C:\Programas\Mozilla Maintenance Service
2014-09-16 09:50 - 2010-10-24 00:02 - 00000000 ____D () C:\Documents and Settings\Daniel\Ambiente de trabalho\Atalhos do ambiente de trabalho não utilizados
2014-09-16 09:50 - 2007-10-26 18:59 - 00000727 _____ () C:\Documents and Settings\Daniel\Menu Iniciar\Programas\Internet Explorer.lnk
2014-09-16 09:50 - 2007-10-26 18:59 - 00000000 ___RD () C:\Documents and Settings\Daniel\Menu Iniciar\Programas
2014-09-15 18:00 - 2014-09-15 17:59 - 00000000 ____D () C:\Programas\Mozilla Firefox
2014-09-10 22:49 - 2014-04-09 19:47 - 00864848 _____ () C:\Documents and Settings\LocalService\Definições locais\Application Data\FontCache3.0.0.0.dat
2014-09-10 22:47 - 2007-10-26 19:00 - 00000294 ___SH () C:\Documents and Settings\Marta\ntuser.ini
2014-09-10 22:47 - 2007-10-26 19:00 - 00000000 ____D () C:\Documents and Settings\Marta\Definições locais\Temp
2014-09-10 21:11 - 2014-07-15 17:12 - 00456398 _____ () C:\WINDOWS\DPINST.LOG
2014-09-10 21:10 - 2014-02-06 20:46 - 00077917 _____ () C:\WINDOWS\setupapi.log
2014-09-10 12:35 - 2007-10-26 18:59 - 00000000 ___RD () C:\Documents and Settings\Daniel\Menu Iniciar\Programas\Arranque
2014-09-10 12:34 - 2014-03-28 12:27 - 00000000 ____D () C:\Documents and Settings\Daniel\Menu Iniciar\Programas\Dropbox
2014-09-10 12:34 - 2012-05-15 22:25 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-09-10 12:34 - 2011-11-10 23:37 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-09-10 12:30 - 2014-09-10 12:30 - 00001703 _____ () C:\Documents and Settings\All Users\Ambiente de trabalho\Sony PC Companion 2.1.lnk
2014-09-10 12:26 - 2007-10-25 17:40 - 00000000 __SHD () C:\Documents and Settings\LocalService

Files to move or delete:
====================
C:\Documents and Settings\Marta\hpothb07.dat


Some content of TEMP:
====================
C:\Documents and Settings\Daniel\Definições locais\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9etixt.dll
C:\Documents and Settings\Daniel\Definições locais\Temp\Quarantine.exe
C:\Documents and Settings\Duarte\Definições locais\Temp\AskSLib.dll
C:\Documents and Settings\Duarte\Definições locais\Temp\DivXSetup.exe
C:\Documents and Settings\Duarte\Definições locais\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Documents and Settings\Duarte\Definições locais\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Documents and Settings\Duarte\Definições locais\Temp\msvcp60.dll
C:\Documents and Settings\Duarte\Definições locais\Temp\twapi-2.0a2.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe
[2004-08-04 13:00] - [2007-10-25 19:31] - 0505344 ____A (Microsoft Corporation) 410f13a4657b9c1f096b474e4031c293     

C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2014
Ran by Daniel at 2014-09-16 17:04:04
Running from C:\Documents and Settings\Daniel\Ambiente de trabalho
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AntiVir Desktop (Disabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Actualização de Segurança para o Windows Media Player (KB911564) (Version:  - Microsoft Corporation) Hidden
Actualização de segurança para Windows Internet Explorer 7 (KB938127) (Version: 1 - Microsoft Corporation) Hidden
Actualização de segurança para Windows Internet Explorer 7 (KB939653) (Version: 1 - Microsoft Corporation) Hidden
Actualização de segurança para Windows Internet Explorer 7 (KB942615) (Version: 1 - Microsoft Corporation) Hidden
Actualização de segurança para Windows Internet Explorer 7 (KB944533) (Version: 1 - Microsoft Corporation) Hidden
Actualização de segurança para Windows Internet Explorer 7 (KB950759) (Version: 1 - Microsoft Corporation) Hidden
Actualização de segurança para Windows Internet Explorer 7 (KB953838) (Version: 1 - Microsoft Corporation) Hidden
Actualização de segurança para Windows Internet Explorer 7 (KB956390) (Version: 1 - Microsoft Corporation) Hidden
Actualização de segurança para Windows Internet Explorer 7 (KB958215) (Version: 1 - Microsoft Corporation) Hidden
Actualização de segurança para Windows Internet Explorer 7 (KB960714) (Version: 1 - Microsoft Corporation) Hidden
Actualização de segurança para Windows Internet Explorer 7 (KB961260) (Version: 1 - Microsoft Corporation) Hidden
Actualização de segurança para Windows Internet Explorer 7 (KB963027) (Version: 1 - Microsoft Corporation) Hidden
Actualização de segurança para Windows Internet Explorer 7 (KB982381) (Version: 1 - Microsoft Corporation) Hidden
Actualização de segurança para Windows Internet Explorer 8 (KB971961) (HKLM\...\KB971961-IE8) (Version: 1 - Microsoft Corporation)
Actualização de segurança para Windows Internet Explorer 8 (KB981332) (HKLM\...\KB981332-IE8) (Version: 1 - Microsoft Corporation)
Actualização de segurança para Windows Internet Explorer 8 (KB982381) (HKLM\...\KB982381-IE8) (Version: 1 - Microsoft Corporation)
Actualização de segurança para Windows XP (KB900725) (Version: 1 - Microsoft Corporation) Hidden
Actualização de segurança para Windows XP (KB981349) (Version: 1 - Microsoft Corporation) Hidden
Actualização para Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Adobe Acrobat 7.0 Professional - Español, Italiano, Português (HKLM\...\Adobe Acrobat 7.0 Professional - Español, Italiano, Português) (Version: 7.0.0 - Adobe Systems)
Adobe Acrobat 7.0 Professional - Español, Italiano, Português (Version: 7.0.0 - Adobe Systems) Hidden
Adobe Bridge 1.0 (Version: 001.000.000 - Adobe Systems) Hidden
Adobe Common File Installer (Version: 1.00.0000 - Adobe System Incorporated) Hidden
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Help Center 1.0 (Version: 001.000.000 - Adobe Systems) Hidden
Adobe Photoshop CS2 (HKLM\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop CS2 (Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Reader XI (11.0.08) - Português (HKLM\...\{AC76BA86-7AD7-1046-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.1.601 - Adobe Systems, Inc.)
Adobe Stock Photos 1.0 (Version: 001.000.000 - Adobe Systems) Hidden
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arquivo do WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
Assistente de Início de Sessão do Windows Live (HKLM\...\{28DA1AA2-07F2-4451-A28B-A6A01A9CE8E9}) (Version: 5.000.818.5 - Microsoft Corporation)
ASUSUpdate (HKLM\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version:  - )
AutoCAD 2008 - English (HKLM\...\AutoCAD 2008 - English) (Version: 17.1.51.0 - Autodesk)
AutoCAD 2008 - English (Version: 17.1.51.0 - Autodesk) Hidden
Autodesk DWF Viewer 7 (HKLM\...\{9A346205-EA92-4406-B1AB-50379DA3F057}) (Version: 7.2.0 - Autodesk, Inc.)
Avira AntiVir Personal - Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 10.2.0.2100 - Avira GmbH)
AVS Update Manager 1.0 (HKLM\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
CameraHelperMsi (Version: 13.10.1217.0 - Logitech) Hidden
Championship Manager 2008 (HKLM\...\{2F4E2C8A-B886-418E-BE49-0B867CBDA959}) (Version: 8.0.0 - Eidos)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel Graphics - Windows Shell Extension (HKLM\...\_{51DD370C-6690-424E-9674-5F14468B323F}) (Version: 15.0.0.487 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 15.0.487 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Capture (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Common (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Connect (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Custom Data (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Draw (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - EN (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Filters (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - FontNav (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - IPM (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - PHOTO-PAINT (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Photozoom Plugin (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Redist (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Setup Files (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VBA (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VideoBrowser (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VSTA (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - WT (Version: 15.0 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW® Graphics Suite X5 (HKLM\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.0.0.486 - Corel Corporation)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.28 - Dropbox, Inc.)
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Express Burn Disc Burning Software (HKLM\...\ExpressBurn) (Version:  - NCH Software)
FastStone Image Viewer 3.9 (HKLM\...\FastStone Image Viewer) (Version: 3.9 - FastStone Soft)
Ferramenta de Carregamento do Windows Live (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Firestorm-Release (remove only) (HKLM\...\Firestorm-Release) (Version: 4.6.1.40478 - The Phoenix Firestorm Project, Inc.)
Free Video Cutter 1.1 (HKLM\...\{94895EA7-873E-4FCB-9C7B-DD3F7019D618}_is1) (Version:  - FreeVideoCutter.com)
Free YouTube to MP3 Converter version 3.12.9.725 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.9.725 - DVDVideoSoft Ltd.)
Galeria de Fotografias do Windows Live (Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Hofmann 8.5 (HKLM\...\{95532B1E-98BA-43D9-ACDD-37D724EB51BC}) (Version: 8.5 - Hofmann)
Hotfix para Windows Internet Explorer 7 (KB947864) (Version: 1 - Microsoft Corporation) Hidden
HP Deskjet 3050A J611 series Ajuda (HKLM\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
HP Foto e Imagem 2.0 - All-in-One (Version: 1.10.0000 - Hewlett-Packard Company) Hidden
HP Foto e Imagem 2.0 - All-in-One Drivers (Version: 1.10.0000 - Hewlett-Packard Company) Hidden
HP Foto e Imagem 2.0 - hp psc 1200 series (HKLM\...\HP PSC 1200 Series) (Version:  - )
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.5192 - HP Photo Creations)
hp psc 1200 series (HKLM\...\hp psc 1200 series_Driver) (Version:  - )
hp psc 1200 series (Version: 1.10.0000 - ##HP_COMPANY_NAME##) Hidden
HP Update (HKLM\...\{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}) (Version: 5.003.000.004 - Hewlett-Packard)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
IrfanView (remove only) (HKLM\...\IrfanView) (Version:  - )
iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 9 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217009FF}) (Version: 7.0.90 - Oracle)
Java Auto Updater (Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
LightScribe  1.4.124.1 (Version: 1.4.124.1 - http://www.lightscribe.com) Hidden
Logitech Vid HD (HKLM\...\Logitech Vid) (Version: 7.2 (7240) - Logitech Inc..)
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
LWS Facebook (Version: 13.10.1216.0 - Logitech) Hidden
LWS Gallery (Version: 13.10.1216.0 - Logitech) Hidden
LWS Help_main (Version: 13.10.1224.0 - Logitech) Hidden
LWS Launcher (Version: 13.10.1224.0 - Logitech) Hidden
LWS Motion Detection (Version: 13.10.1218.0 - Logitech) Hidden
LWS Pictures And Video (Version: 13.10.1218.0 - Logitech) Hidden
LWS Twitter (Version: 13.00.1216.0 - Logitech) Hidden
LWS Video Mask Maker (Version: 13.10.1216.0 - Logitech) Hidden
LWS VideoEffects (Version: 13.00.1774.0 - Logitech) Hidden
LWS Webcam Software (Version: 13.00.1774.0 - Logitech) Hidden
LWS WLM Plugin (Version: 1.00.1774.0 - Logitech) Hidden
LWS YouTube Plugin (Version: 13.10.1216.0 - Logitech) Hidden
Macromedia Extension Manager (HKLM\...\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}) (Version: 1.7.240 - Macromedia, Inc.)
Macromedia Flash 8 (HKLM\...\{2BD5C305-1B27-4D41-B690-7A61172D2FEB}) (Version: 8.00.0000 - Macromedia)
Macromedia Flash 8 Video Encoder (HKLM\...\{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}) (Version: 1.00.0000 - Macromedia)
Marvell Miniport Driver (HKLM\...\{C950420B-4182-49EA-850A-A6A2ABF06C6B}) (Version: 8.56.7.3 - Marvell)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)
MEO Music (HKLM\...\{676F2915-3E56-4AC3-A785-24A491E76815}) (Version: 3.0.06 - PT Comunicações S.A.)
MetaTrader 4 (HKLM\...\MetaTrader 4) (Version: 4.00 - MetaQuotes Software Corp.)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Portuguese Language Pack (HKLM\...\{0D70FCFE-2102-4951-A56E-22DD07DFA5B6}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PTG (HKLM\...\{88528F28-E04A-3A93-B3C0-14651148FE82}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Portuguese Language Pack (HKLM\...\Microsoft .NET Framework 3.0 Portuguese Language Pack) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.0 Portuguese Language Pack (Version: 3.0.04506.30 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PTG (HKLM\...\{0800E395-4DD7-3A93-BB96-08596C0D725F}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - PTG (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - ptg) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - ptg (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile PTG Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile PTG Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile PTG Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Internationalized Domain Names Mitigation APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 (Version:  - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 (Version:  - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version:  - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.3 (HKLM\...\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}) (Version: 2.0.2313.0 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110816-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.7969.0 - Microsoft Corporation)
Microsoft Search Enhancement Pack (Version: 1.2.123.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Mozilla Firefox 32.0.1 (x86 pt-PT) (HKLM\...\Mozilla Firefox 32.0.1 (x86 pt-PT)) (Version: 32.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB954459) (HKLM\...\{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}) (Version: 6.20.1099.0 - Microsoft Corporation)
Nero 7 Essentials (HKLM\...\{1C00A3F1-6DA0-49F8-94E4-01AB6FC02070}) (Version: 7.02.4509 - Nero AG)
neroxml (Version: 1.0.0 - Nero AG) Hidden
Nokia Connectivity Cable Driver (HKLM\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia)
Nokia PC Suite (HKLM\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia)
Nokia PC Suite (Version: 7.1.180.94 - Nokia) Hidden
Nokia Software Updater (HKLM\...\{2B06E7FD-C5A1-403E-B387-A8D4AA858F48}) (Version: 01.04.036.32635 - Nokia Corporation)
Nokia_Multimedia_Common_Components_2_5 (HKLM\...\{3762698E-E9DF-4DD8-99F1-8192D0F8EE06}) (Version: 2.5.197 - Nokia)
OpenOffice.org 3.2 (HKLM\...\{BB9F1FB8-D595-433A-A94E-7FE821B10640}) (Version: 3.2.9502 - OpenOffice.org)
Pacote de controladores do Windows - MobileTop (sshpmdm) Modem  (02/23/2007 2.5.0.0) (HKLM\...\6194C28A8F62DD817EA1B918E6E46E806A21B452) (Version: 02/23/2007 2.5.0.0 - MobileTop)
Pacote de controladores do Windows - MobileTop (sshpusb) USB  (02/23/2007 2.5.0.0) (HKLM\...\65B6FE5418CE28F4D72543FB2D964C3CEC83F161) (Version: 02/23/2007 2.5.0.0 - MobileTop)
Pacote de controladores do Windows - Nokia Modem  (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
Pacote de controladores do Windows - Nokia Modem  (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
Pacote de controladores do Windows - Nokia Modem  (05/22/2008 3.8) (HKLM\...\C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD) (Version: 05/22/2008 3.8 - Nokia)
Pacote de controladores do Windows - Nokia Modem  (05/22/2008 7.00.0.1) (HKLM\...\9CD348AE9C64C4B939B624E8E24F3903EFDFC82B) (Version: 05/22/2008 7.00.0.1 - Nokia)
Pacote de controladores do Windows - Nokia Modem  (08/03/2007 6.84.0.2) (HKLM\...\819D45A9F73817F5B6D7C71A33ADAB88C5DA1765) (Version: 08/03/2007 6.84.0.2 - Nokia)
Pacote de controladores do Windows - Nokia Modem  (10/12/2007 3.6) (HKLM\...\6A630DCEC5EEC912115F2FF59D8C2C769798D930) (Version: 10/12/2007 3.6 - Nokia)
Pacote de controladores do Windows - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)
PC Connectivity Solution (HKLM\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia)
PC Inspector smart recovery (HKLM\...\{C9A87D86-FDFD-418B-BF96-EF09320973B3}) (Version: 4.50 - )
PC Probe II (HKLM\...\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}) (Version: 1.04.14 - )
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.8 - Google, Inc.)
PokerStars (HKLM\...\PokerStars) (Version:  - PokerStars)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )
Puran File Recovery 1.0 (HKLM\...\Puran File Recovery_is1) (Version:  - Puran Software)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5366 - Realtek Semiconductor Corp.)
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version:  - )
Samsung Mobile phone USB driver Software (HKLM\...\Samsung Mobile phone USB driver) (Version:  - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version:  - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version:  - )
Samsung PC Studio 3 (HKLM\...\{C4A4722E-79F9-417C-BD72-8D359A090C97}) (Version: 3.2.2.80901 - Samsung Electronics Co., Ltd.)
Samsung PC Studio 3 (Version: 3.0.0.80901 - Samsung Electronics Co., Ltd.) Hidden
Samsung PC Studio 3 USB Driver Installer (HKLM\...\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}) (Version: 3.2.0.70701 - Samsung Electronics Co., Ltd.)
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Segurança Familiar do Windows Live (Version: 14.0.8093.805 - Microsoft Corporation) Hidden
SiteFinder (HKLM\...\SiteFinder) (Version: 1.0.0.0 - SiteFinder) <==== ATTENTION
Skype™ 5.5 (HKLM\...\{AA59DDE4-B672-4621-A016-4C248204957A}) (Version: 5.5.124 - Skype Technologies S.A.)
Software básico do dispositivo HP Deskjet 3050A J611 series (HKLM\...\{B039C8BA-350A-43EF-983B-0F6580CC5114}) (Version: 25.0.571.0 - Hewlett-Packard Co.)
Sony PC Companion 2.10.221 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.221 - Sony)
Sony Vegas Movie Studio Platinum 8.0 (HKLM\...\{987B8E44-5E06-48A5-9745-46EB2B8A3CB0}) (Version: 8.0.122 - Sony)
SopCast 3.0.1 (HKLM\...\SopCast) (Version: 3.0.1 - SopCast.com)
Spotify (HKCU\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB)
Suporte para Aplicações Apple (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
TuneUp Utilities 2012 (HKLM\...\TuneUp Utilities 2012) (Version: 12.0.3600.190 - TuneUp Software)
TuneUp Utilities 2012 (Version: 12.0.3600.190 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (pt-PT) (Version: 12.0.3600.190 - TuneUp Software) Hidden
TVAnts 1.0 (HKLM\...\TVAnts 1.0) (Version:  - )
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update Manager (Version: 4.60 - Corel Corporation) Hidden
VBA (2627.01) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
Veetle TV 0.9.18 (HKLM\...\Veetle TV) (Version: 0.9.18 - Veetle, Inc)
Vegas Pro 9.0 (HKLM\...\{DC785DB7-D389-48C3-B146-96FE99BF4E2B}) (Version: 9.0.563 - Sony)
VideoPad Video Editor (HKLM\...\VideoPad) (Version:  - NCH Software)
Virtools 3D Life Player (HKLM\...\Virtools3DLifePlayer) (Version: 4.0.0.x - Virtools)
Virtual Earth 3D (Beta) (HKLM\...\{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}) (Version: 3.0.808.29001 - Microsoft Corporation)
Visual Basic for Applications ® Core - English (Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications ® Core (Version: 6.4.99.69 - Microsoft Corporation) Hidden
VLC media player 1.1.5 (HKLM\...\VLC media player) (Version: 1.1.5 - VideoLAN)
WavePad Sound Editor (HKLM\...\WavePad) (Version:  - NCH Software)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.8.0031.9 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 7 (Version: 20061107.210142 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{34795BBE-39E4-41B6-997A-B88FD7306562}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Toolbar (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Format SDK Hotfix - KB891122 (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows Presentation Foundation (Version: 3.0.6920.0 - Microsoft Corporation) Hidden
Windows Presentation Foundation Language Pack (PTG) (Version: 3.0.6920.0 - Microsoft Corporation) Hidden
XML Paper Specification Shared Components Language Pack 1.0 (Version:  - Microsoft Corporation) Hidden
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden
Yet Another Cleaner! (HKLM\...\iSafe) (Version:  - ELEX DO BRASIL PARTICIPAÇÕES LTDA) <==== ATTENTION
Youtube Music Downloader V3.1 (HKLM\...\Youtube Music Downloader_is1) (Version:  - Youtube Music Downloader)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Daniel\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{026371C0-1B7C-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\WINDOWS\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{030B4A80-1B7C-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\WINDOWS\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{030B4A81-1B7C-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\WINDOWS\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{030B4A82-1B7C-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\WINDOWS\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{037FB476-15E0-4ED1-B11A-E420B750B1A8}\localserver32 -> C:\Programas\Ficheiros comuns\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{0713E8A8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{0713E8D8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{079AA557-4A18-424A-8EEE-E39F0A8D41B9}\InprocServer32 -> C:\WINDOWS\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{1E216240-1B7D-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\WINDOWS\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{1F6F8D20-1B7D-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\WINDOWS\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{2837E0FE-686B-4CB0-BE53-0EA097EAF71B}\InprocServer32 -> C:\WINDOWS\Downloaded Program Files\isusweb.dll (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{28B7AA99-C0F9-4C47-995E-8A8D729603A1}\localserver32 -> C:\Programas\AutoCAD 2008\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{2933BF90-7B36-11d2-B20E-00C04F983E60}\InprocServer32 -> C:\WINDOWS\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{2933BF91-7B36-11D2-B20E-00C04F983E60}\InprocServer32 -> C:\WINDOWS\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{2933BF94-7B36-11D2-B20E-00C04F983E60}\InprocServer32 -> C:\WINDOWS\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{3124C396-FB13-4836-A6AD-1317F1713688}\InprocServer32 -> C:\WINDOWS\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{373984C9-B845-449B-91E7-45AC83036ADE}\InprocServer32 -> C:\WINDOWS\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{373FF7F4-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{379E501F-B231-11D1-ADC1-00805FC752D8}\InprocServer32 -> C:\WINDOWS\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{38911D8E-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\WINDOWS\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{38911D90-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\WINDOWS\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{38911D92-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\WINDOWS\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{3D813DFE-6C91-4A4E-8F41-04346A841D9C}\InprocServer32 -> C:\WINDOWS\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{3E784A01-F3AE-4DC0-9354-9526B9370EBA}\InprocServer32 -> C:\WINDOWS\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Documents and Settings\Daniel\Definições locais\Application Data\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{48123BC4-99D9-11D1-A6B3-00C04FD91555}\InprocServer32 -> C:\WINDOWS\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32 -> c:\YoutubeMusicDownloader\msinet.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{4DD441AD-526D-4A77-9F1B-9841ED802FB0}\InprocServer32 -> C:\WINDOWS\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{550DDA30-0541-11D2-9CA9-0060B0EC3D39}\InprocServer32 -> C:\WINDOWS\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{58DA8D93-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{58DA8D96-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{5ACBB955-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{5ACBB956-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{5ACBB957-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{5ACBB958-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{5AFAFE48-7107-4FE5-B21A-86A4254541DD}\localserver32 -> C:\Programas\Ficheiros comuns\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{5B7524C8-2446-40E9-9474-94A779DBA224}\InprocServer32 -> C:\WINDOWS\Downloaded Program Files\isusweb.dll (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{6027C2D4-FB28-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{612A8628-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{621D3650-F1D3-414C-97F9-03A02B211261}\localserver32 -> C:\Programas\Ficheiros comuns\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{623E415A-22EF-4DAA-A2FF-E68E77A673C9}\localserver32 -> C:\Programas\Ficheiros comuns\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{62823C20-41A3-11CE-9E8B-0020AF039CA3}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{6AB55F46-2523-4701-A912-B226F46252BA}\localserver32 -> C:\Programas\AutoCAD 2008\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{6B7E6393-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{6B7E63A3-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{7AABBB95-79BE-4C0F-8024-EB6AF271231C}\localserver32 -> C:\Programas\AutoCAD 2008\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{7E3FCEA1-31B4-11D2-AE1F-0080C7337EA1}\InprocServer32 -> C:\WINDOWS\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{885BB46A-3F1E-44C3-A01B-A7D9260CC98B}\InprocServer32 -> C:\WINDOWS\Downloaded Program Files\dwusplay.dll (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{915C2CEB-216B-4B7C-89E4-9ED3512D58D9}\localserver32 -> C:\Programas\Ficheiros comuns\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{92C5E738-7372-4CD6-BE57-15833624EBF3}\localserver32 -> C:\Programas\Ficheiros comuns\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Programas\Windows Desktop Search\deskbar.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{989D1DC0-B162-11D1-B6EC-D27DDCF9A923}\InprocServer32 -> C:\WINDOWS\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{9CAAD2EA-177B-4D07-871F-47255B5D30F3}\localserver32 -> C:\Programas\Ficheiros comuns\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{9ED94444-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{AFB40FFD-B609-40A3-9828-F88BBE11E4E3}\InprocServer32 -> C:\WINDOWS\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{AFBA6B42-5692-48EA-8141-DC517DCF0EF1}\InprocServer32 -> C:\WINDOWS\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{B391A1DB-28C8-4506-A43C-5BD6051F16BA}\localserver32 -> C:\Programas\Ficheiros comuns\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{B66834C6-2E60-11CE-8748-524153480004}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{CFC399AF-D876-11D0-9C10-00C04FC99C8E}\InprocServer32 -> C:\WINDOWS\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{D2423620-51A0-11D2-9CAF-0060B0EC3D39}\InprocServer32 -> C:\WINDOWS\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Programas\AutoCAD 2008\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{E42CE23D-69F9-480A-A15F-BFF5E4D170C3}\localserver32 -> C:\Programas\Ficheiros comuns\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{E50C953D-311A-481B-8F8D-C55E65AF7417}\localserver32 -> C:\Programas\Ficheiros comuns\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Daniel\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{E9880553-B8A7-4960-A668-95C68BED571E}\InprocServer32 -> C:\WINDOWS\Downloaded Program Files\isusweb.dll (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{E9A93328-79D4-4AED-A778-146E7191F8BC}\localserver32 -> C:\Programas\Ficheiros comuns\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{ED8C108E-4349-11D2-91A4-00C04F7969E8}\InprocServer32 -> C:\WINDOWS\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{F1522EC1-F84F-4CE2-A38C-F9384B0DFD41}\localserver32 -> C:\Programas\Ficheiros comuns\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{F5078F19-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\WINDOWS\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{F5078F27-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\WINDOWS\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{F5078F31-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\WINDOWS\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\WINDOWS\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{F5078F33-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\WINDOWS\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{F5078F34-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\WINDOWS\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{F5078F35-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\WINDOWS\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{F5078F36-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\WINDOWS\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{F5078F37-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\WINDOWS\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{F5078F39-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\WINDOWS\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{F5078F3F-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\WINDOWS\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{F5078F40-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\WINDOWS\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{F5078F41-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\WINDOWS\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\InprocServer32 -> C:\WINDOWS\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{F6D90F12-9C73-11D3-B32E-00C04F990BB4}\InprocServer32 -> C:\WINDOWS\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{F6D90F14-9C73-11D3-B32E-00C04F990BB4}\InprocServer32 -> C:\WINDOWS\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{F6D90F16-9C73-11D3-B32E-00C04F990BB4}\InprocServer32 -> C:\WINDOWS\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32 -> C:\WINDOWS\system32\COMDLG32.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Daniel\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Daniel\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Daniel\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Daniel\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Daniel\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Daniel\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Daniel\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Daniel\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{FC220AD8-A72A-4EE8-926E-0B7AD152A020}\InprocServer32 -> C:\WINDOWS\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1060284298-764733703-725345543-1008_Classes\CLSID\{FFF2D28F-E4EE-44D9-8104-8E71556757F6}\localserver32 -> C:\Programas\Ficheiros comuns\InstallShield\UpdateService\agent.exe (Macrovision Corporation)

==================== Restore Points  =========================

20-06-2014 11:19:09 Ponto de verificação do sistema
21-06-2014 15:20:36 Ponto de verificação do sistema
22-06-2014 16:26:29 Ponto de verificação do sistema
23-06-2014 16:54:10 Ponto de verificação do sistema
24-06-2014 17:08:18 Ponto de verificação do sistema
25-06-2014 18:14:58 Ponto de verificação do sistema
26-06-2014 18:56:56 Ponto de verificação do sistema
27-06-2014 19:07:20 Ponto de verificação do sistema
30-06-2014 09:24:37 Ponto de verificação do sistema
01-07-2014 15:52:59 Ponto de verificação do sistema
03-07-2014 11:57:34 Ponto de verificação do sistema
07-07-2014 13:15:05 Ponto de verificação do sistema
08-07-2014 14:00:05 Ponto de verificação do sistema
10-07-2014 09:46:17 Ponto de verificação do sistema
14-07-2014 10:55:11 Ponto de verificação do sistema
15-07-2014 11:12:20 Ponto de verificação do sistema
15-07-2014 16:12:06 Sony PC Companion
15-07-2014 16:13:39 Sony PC Companion
16-07-2014 16:20:29 Ponto de verificação do sistema
17-07-2014 17:26:34 Ponto de verificação do sistema
18-07-2014 17:57:25 Ponto de verificação do sistema
19-07-2014 19:00:02 Ponto de verificação do sistema
20-07-2014 20:39:33 Ponto de verificação do sistema
21-07-2014 20:53:46 Ponto de verificação do sistema
23-07-2014 08:54:17 Ponto de verificação do sistema
24-07-2014 18:52:14 Ponto de verificação do sistema
28-07-2014 12:11:14 Ponto de verificação do sistema
29-07-2014 16:58:33 Ponto de verificação do sistema
31-07-2014 11:44:50 Ponto de verificação do sistema
01-08-2014 17:06:15 Ponto de verificação do sistema
11-08-2014 16:45:52 Ponto de verificação do sistema
12-08-2014 18:28:49 Ponto de verificação do sistema
14-08-2014 10:51:54 Ponto de verificação do sistema
10-09-2014 11:25:24 Sony PC Companion
10-09-2014 20:10:16 Sony PC Companion
11-09-2014 20:46:19 Ponto de verificação do sistema
15-09-2014 16:49:39 Ponto de verificação do sistema

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 13:00 - 2004-08-04 13:00 - 00000808 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Programas\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\expressburnDowngrade.job => C:\Programas\NCH Swift Sound\ExpressBurn\expressburn.exe
Task: C:\WINDOWS\Tasks\expressburnShakeIcon.job => C:\Programas\NCH Swift Sound\ExpressBurn\expressburn.exe
Task: C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1193859643.job => C:\Programas\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cac6298a8c8d4a.job => C:\Programas\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Programas\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-764733703-725345543-1006Core.job => C:\Documents and Settings\Marta\Definições locais\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-764733703-725345543-1006UA.job => C:\Documents and Settings\Marta\Definições locais\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HP Photo Creations Messager.job => C:\Documents and Settings\All Users\Application Data\HP Photo Creations\MessageCheck.exe
Task: C:\WINDOWS\Tasks\videopadDowngrade.job => C:\Programas\NCH Software\VideoPad\videopad.exe
Task: C:\WINDOWS\Tasks\videopadShakeIcon.job => C:\Programas\NCH Software\VideoPad\videopad.exe
Task: C:\WINDOWS\Tasks\wavepadDowngrade.job => C:\Programas\NCH Swift Sound\WavePad\wavepad.exe
Task: C:\WINDOWS\Tasks\wavepadShakeIcon.job => C:\Programas\NCH Swift Sound\WavePad\wavepad.exe

==================== Loaded Modules (whitelisted) =============

2005-02-13 22:49 - 2005-02-13 22:49 - 01212416 _____ () C:\Programas\Adobe\Acrobat 7.0\Distillr\AdistRes.PTB
2010-10-24 00:15 - 2010-01-28 13:57 - 00355688 _____ () C:\Programas\Avira\AntiVir Desktop\sqlite3.dll
2011-09-27 08:23 - 2011-09-27 08:23 - 00087912 _____ () C:\Programas\Ficheiros comuns\Apple\Apple Application Support\zlib1.dll
2011-09-27 08:22 - 2011-09-27 08:22 - 01242472 _____ () C:\Programas\Ficheiros comuns\Apple\Apple Application Support\libxml2.dll
2012-07-16 21:21 - 2011-06-08 22:57 - 01929576 ____R () C:\WINDOWS\system32\HPScanTRDrv_DJ3050A_J611.dll
2008-11-20 00:37 - 2008-09-16 21:18 - 00132608 _____ () C:\Programas\WinRAR\rarext.dll
2014-07-15 17:10 - 2012-04-30 11:57 - 00039936 _____ () C:\Programas\Sony\Sony PC Companion\TMonitorAPI.dll
2014-07-15 17:10 - 2013-09-13 11:02 - 00208896 _____ () C:\Programas\Sony\Sony PC Companion\MExplorer.dll
2011-07-07 14:54 - 2011-07-07 14:54 - 00233984 _____ () C:\Programas\Sony\Sony PC Companion\Report.dll
2014-07-15 17:10 - 2013-05-20 12:58 - 00620718 _____ () C:\Programas\Sony\Sony PC Companion\sqlite3.dll
2014-09-16 10:18 - 2014-09-16 10:18 - 00043008 _____ () c:\Documents and Settings\Daniel\Definições locais\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9etixt.dll
2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Documents and Settings\Daniel\Application Data\Dropbox\bin\libcef.dll
2014-07-15 17:10 - 2014-06-23 09:07 - 00113376 _____ () C:\Programas\Sony\Sony PC Companion\PCCompanionInfo.exe
2014-09-16 10:30 - 2014-08-08 07:17 - 00065696 _____ () C:\Programas\iSafe\zlib1.dll
2014-09-16 10:30 - 2014-08-08 07:17 - 00092320 _____ () C:\Programas\iSafe\curlpp.dll
2014-09-16 10:30 - 2014-08-08 07:17 - 00427168 _____ () C:\Programas\iSafe\ipcproxy.dll
2014-09-16 10:29 - 2014-07-09 13:48 - 00176976 _____ () C:\Programas\iSafe\tws\unrar.dll
2014-09-16 10:29 - 2014-07-09 13:48 - 00068432 _____ () C:\Programas\iSafe\tws\zlib1.dll
2014-09-16 10:29 - 2014-07-09 13:48 - 00087744 _____ () C:\Programas\iSafe\tws\unacev2.dll
2014-09-16 10:30 - 2014-08-08 07:17 - 00185640 _____ () C:\Programas\iSafe\libpng.dll
2014-09-16 10:30 - 2014-08-08 07:17 - 02228896 _____ () C:\Programas\iSafe\ipcdl.exe
2014-09-15 17:59 - 2014-09-15 17:59 - 03716720 _____ () C:\Programas\Mozilla Firefox\mozjs.dll
2014-09-10 12:34 - 2014-09-10 12:34 - 16825520 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:63238B95

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: 1394 Net Adapter #2
Description: 1394 Net Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: NIC1394
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name:
Description:
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: C2-05
Description: C2-05
Class Guid: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Manufacturer: Nokia
Service: WUDFRd
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/16/2014 00:42:31 PM) (Source: Protexis Licensing Service) (EventID: 49) (User: )
Description: Failed to Release Mutex
 Error ID = Returned Error 1

Error: (09/16/2014 00:42:31 PM) (Source: Protexis Licensing Service) (EventID: 49) (User: )
Description: Failed to Release Mutex
 Error ID = Returned Error 288

Error: (09/16/2014 00:42:31 PM) (Source: Protexis Licensing Service) (EventID: 49) (User: )
Description: Failed to Release Mutex
 Error ID = Returned Error 1

Error: (09/16/2014 00:42:31 PM) (Source: Protexis Licensing Service) (EventID: 49) (User: )
Description: Failed to Release Mutex
 Error ID = Returned Error 288

Error: (09/16/2014 00:42:30 PM) (Source: Protexis Licensing Service) (EventID: 49) (User: )
Description: Failed to Release Mutex
 Error ID = Returned Error 1

Error: (09/16/2014 00:42:30 PM) (Source: Protexis Licensing Service) (EventID: 49) (User: )
Description: Failed to Release Mutex
 Error ID = Returned Error 288

Error: (09/16/2014 00:42:30 PM) (Source: Protexis Licensing Service) (EventID: 49) (User: )
Description: Failed to Release Mutex
 Error ID = Returned Error 1

Error: (09/16/2014 00:42:30 PM) (Source: Protexis Licensing Service) (EventID: 49) (User: )
Description: Failed to Release Mutex
 Error ID = Returned Error 288

Error: (09/16/2014 00:42:30 PM) (Source: Protexis Licensing Service) (EventID: 49) (User: )
Description: Failed to Release Mutex
 Error ID = Returned Error 1

Error: (09/16/2014 00:42:30 PM) (Source: Protexis Licensing Service) (EventID: 49) (User: )
Description: Failed to Release Mutex
 Error ID = Returned Error 288


System errors:
=============
Error: (09/16/2014 02:57:36 PM) (Source: DCOM) (EventID: 10005) (User: V3G33)
Description: O DCOM obteve o erro "%%1058" ao tentar iniciar o serviço WSearch com os argumentos ""
de forma a executar o servidor:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (09/16/2014 00:42:50 PM) (Source: DCOM) (EventID: 10005) (User: V3G33)
Description: O DCOM obteve o erro "%%1058" ao tentar iniciar o serviço WSearch com os argumentos ""
de forma a executar o servidor:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (09/16/2014 00:03:52 PM) (Source: DCOM) (EventID: 10005) (User: V3G33)
Description: O DCOM obteve o erro "%%1058" ao tentar iniciar o serviço WSearch com os argumentos ""
de forma a executar o servidor:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (09/15/2014 04:51:06 PM) (Source: Windows Update Agent) (EventID: 16) (User: )
Description: Não É Possível Estabelecer Ligação: O Windows não consegue estabelecer ligação ao serviço Actualizações Automáticas e, por isso, não é possível transferir e instalar actualizações de acordo com o horário definido. O Windows vai continuar a tentar estabelecer ligação.

Error: (09/12/2014 00:24:55 PM) (Source: Windows Update Agent) (EventID: 16) (User: )
Description: Não É Possível Estabelecer Ligação: O Windows não consegue estabelecer ligação ao serviço Actualizações Automáticas e, por isso, não é possível transferir e instalar actualizações de acordo com o horário definido. O Windows vai continuar a tentar estabelecer ligação.

Error: (09/10/2014 10:47:38 PM) (Source: DCOM) (EventID: 10005) (User: V3G33)
Description: O DCOM obteve o erro "%%1058" ao tentar iniciar o serviço NMIndexingService com os argumentos ""
de forma a executar o servidor:
{C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Error: (09/10/2014 10:47:18 PM) (Source: DCOM) (EventID: 10005) (User: V3G33)
Description: O DCOM obteve o erro "%%1058" ao tentar iniciar o serviço NMIndexingService com os argumentos ""
de forma a executar o servidor:
{C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Error: (09/10/2014 10:46:58 PM) (Source: DCOM) (EventID: 10005) (User: V3G33)
Description: O DCOM obteve o erro "%%1058" ao tentar iniciar o serviço NMIndexingService com os argumentos ""
de forma a executar o servidor:
{C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Error: (09/10/2014 10:46:38 PM) (Source: DCOM) (EventID: 10005) (User: V3G33)
Description: O DCOM obteve o erro "%%1058" ao tentar iniciar o serviço NMIndexingService com os argumentos ""
de forma a executar o servidor:
{C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Error: (09/10/2014 10:46:18 PM) (Source: DCOM) (EventID: 10005) (User: V3G33)
Description: O DCOM obteve o erro "%%1058" ao tentar iniciar o serviço NMIndexingService com os argumentos ""
de forma a executar o servidor:
{C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}


Microsoft Office Sessions:
=========================
Error: (09/16/2014 00:42:31 PM) (Source: Protexis Licensing Service) (EventID: 49) (User: )
Description: Failed to Release Mutex
 Error ID = Returned Error 1

Error: (09/16/2014 00:42:31 PM) (Source: Protexis Licensing Service) (EventID: 49) (User: )
Description: Failed to Release Mutex
 Error ID = Returned Error 288

Error: (09/16/2014 00:42:31 PM) (Source: Protexis Licensing Service) (EventID: 49) (User: )
Description: Failed to Release Mutex
 Error ID = Returned Error 1

Error: (09/16/2014 00:42:31 PM) (Source: Protexis Licensing Service) (EventID: 49) (User: )
Description: Failed to Release Mutex
 Error ID = Returned Error 288

Error: (09/16/2014 00:42:30 PM) (Source: Protexis Licensing Service) (EventID: 49) (User: )
Description: Failed to Release Mutex
 Error ID = Returned Error 1

Error: (09/16/2014 00:42:30 PM) (Source: Protexis Licensing Service) (EventID: 49) (User: )
Description: Failed to Release Mutex
 Error ID = Returned Error 288

Error: (09/16/2014 00:42:30 PM) (Source: Protexis Licensing Service) (EventID: 49) (User: )
Description: Failed to Release Mutex
 Error ID = Returned Error 1

Error: (09/16/2014 00:42:30 PM) (Source: Protexis Licensing Service) (EventID: 49) (User: )
Description: Failed to Release Mutex
 Error ID = Returned Error 288

Error: (09/16/2014 00:42:30 PM) (Source: Protexis Licensing Service) (EventID: 49) (User: )
Description: Failed to Release Mutex
 Error ID = Returned Error 1

Error: (09/16/2014 00:42:30 PM) (Source: Protexis Licensing Service) (EventID: 49) (User: )
Description: Failed to Release Mutex
 Error ID = Returned Error 288


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU E6550 @ 2.33GHz
Percentage of memory in use: 66%
Total physical RAM: 1014.04 MB
Available physical RAM: 340.06 MB
Total Pagefile: 2441.13 MB
Available Pagefile: 1278.93 MB
Total Virtual: 2047.88 MB
Available Virtual: 1927.34 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.65 GB) (Free:50.81 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:135.22 GB) (Free:36.78 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: F11FF11F)
Partition 1: (Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=135.2 GB) - (Type=OF Extended)

==================== End Of Log ============================

 

thanks for your help - i will do my best to help you too :)


  • 0

#4
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

Hi danix22,

 

I have reviewed your logs and am just waiting for my Adviser to approve the fixes.  I will post them asap; sorry for the delay.


  • 0

#5
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

Hi danix22,

Don't worry about the language thing; sometimes my English is not so good either!! :prop: :laughing:

We will take this a few steps at a time, so come here if you are not sure what to do, ok?

First, Manually Uninstall some programs, please >>>

Please uninstall the following programs by going to START > Control Panel > Add / Remove Programs and uninstall the following (if listed):

SiteFinder
Yet Another Cleaner!



Highlight the program you want to uninstall (by finding it in the list and left clicking on it once), then click Uninstall at the bar above the list window.

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.

Second, run a FRST Fixlist script >>>

Download attached fixlist.txt file and save it to the Desktop. Attached file to download >>>> Attached File  Fixlist.txt   3.73KB   145 downloads

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


Things to post here >>>>

  • How did the uninstalls go? Any problems?
  • The FRST Fixlog.txt log text.

  • 0

#6
danix22

danix22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts

Hi dbreeze

thanks again

 

the uninstalls went Ok, without any problems..

here is the Fixlog.txt log text:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-09-2014
Ran by Daniel at 2014-09-17 23:10:21 Run:1
Running from C:\Documents and Settings\Daniel\Ambiente de trabalho
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
CloseProcesses:
(Elex do Brasil Participações Ltda) C:\Programas\iSafe\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Programas\iSafe\iSafeSvc2.exe
(Elex do Brasil Participações Ltda) C:\Programas\iSafe\iSafeTray.exe
() C:\Programas\iSafe\ipcdl.exe
C:\Programas\iSafe
HKLM\...\Run: [] => [X]
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse]  <==== ATTENTION!
HKU\S-1-5-21-1060284298-764733703-725345543-1008\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1060284298-764733703-725345543-1008\...\MountPoints2: {3410e954-5816-11dd-9cab-001d601032bd} - F:\Menu.exe
HKU\S-1-5-21-1060284298-764733703-725345543-1008\...\MountPoints2: {5ea9ab0e-7236-11dd-9cd6-001d601032bd} - F:\.\RECYCLER\S-1-5-21-861567501-1801674531-839528404-232
HKU\S-1-5-21-1060284298-764733703-725345543-1008\...\MountPoints2: {c866feaf-0c13-11e4-a703-001d601032bd} - F:\Startme.exe
HKU\S-1-5-21-1060284298-764733703-725345543-1008\...\MountPoints2: {f007bd32-7a06-11de-9f7e-001d601032bd} - F:\setup.exe AUTORUN=1
URLSearchHook: HKLM - Default Value = {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D}
URLSearchHook: HKLM - (No Name) - {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} -  No File
SearchScopes: HKLM - {AD174941-7758-4410-8113-8C8C3D166F1A} URL = http://u-search.net/...q={searchTerms}
SearchScopes: HKCU - {AD174941-7758-4410-8113-8C8C3D166F1A} URL =
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} ->  No File
Toolbar: HKLM - No Name - {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Extension: Website Counselor - C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\mfw8iwaf.default\Extensions\{cc6cc772-f121-49e0-b1f0-c26583cb0c5e} [2014-09-10]
C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\mfw8iwaf.default\Extensions\{cc6cc772-f121-49e0-b1f0-c26583cb0c5e}
R2 iSafeService; C:\Programas\iSafe\iSafeSvc.exe [118048 2014-08-08] (Elex do Brasil Participações Ltda)
C:\Programas\iSafe\iSafeSvc.exe
R1 iSafeKrnl; C:\Programas\iSafe\iSafeKrnl.sys [214592 2014-08-08] (Elex do Brasil Participações Ltda)
S3 iSafeKrnlBoot; C:\WINDOWS\System32\DRIVERS\iSafeKrnlBoot.sys [40768 2014-08-08] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Programas\iSafe\iSafeKrnlKit.sys [68288 2014-08-08] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Programas\iSafe\iSafeKrnlR3.sys [37696 2014-08-08] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Programas\iSafe\iSafeNetFilter.sys [55464 2014-08-06] (Elex do Brasil Participações Ltda)
C:\Programas\iSafe
S1 mferkdk; \??\C:\Programas\McAfee\VirusScan Enterprise\mferkdk.sys [X]
U1 WS2IFSL; No ImagePath
2014-09-16 10:30 - 2014-08-08 07:24 - 00040768 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeKrnlBoot.sys
2014-09-16 10:29 - 2014-09-16 10:34 - 00000000 ____D () C:\Documents and Settings\Daniel\Application Data\iSafe
2014-09-16 10:30 - 2014-08-08 07:17 - 00065696 _____ () C:\Programas\iSafe\zlib1.dll
2014-09-16 10:30 - 2014-08-08 07:17 - 00092320 _____ () C:\Programas\iSafe\curlpp.dll
2014-09-16 10:30 - 2014-08-08 07:17 - 00427168 _____ () C:\Programas\iSafe\ipcproxy.dll
2014-09-16 10:29 - 2014-07-09 13:48 - 00176976 _____ () C:\Programas\iSafe\tws\unrar.dll
2014-09-16 10:29 - 2014-07-09 13:48 - 00068432 _____ () C:\Programas\iSafe\tws\zlib1.dll
2014-09-16 10:29 - 2014-07-09 13:48 - 00087744 _____ () C:\Programas\iSafe\tws\unacev2.dll
2014-09-16 10:30 - 2014-08-08 07:17 - 00185640 _____ () C:\Programas\iSafe\libpng.dll
2014-09-16 10:30 - 2014-08-08 07:17 - 02228896 _____ () C:\Programas\iSafe\ipcdl.exe
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:63238B95
EmptyTemp:
end


*****************

Processes closed successfully.
C:\Programas\iSafe\iSafeSvc.exe => No running process found
C:\Programas\iSafe\iSafeSvc2.exe => No running process found
C:\Programas\iSafe\iSafeTray.exe => No running process found
C:\Programas\iSafe\ipcdl.exe => No running process found
C:\Programas\iSafe => Moved successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32\\Default => Value was restored successfully.
HKU\S-1-5-21-1060284298-764733703-725345543-1008\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLowDiskSpaceChecks => value deleted successfully.
"HKU\S-1-5-21-1060284298-764733703-725345543-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3410e954-5816-11dd-9cab-001d601032bd}" => Key deleted successfully.
"HKCR\CLSID\{3410e954-5816-11dd-9cab-001d601032bd}" => Key not found.
"HKU\S-1-5-21-1060284298-764733703-725345543-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ea9ab0e-7236-11dd-9cd6-001d601032bd}" => Key deleted successfully.
"HKCR\CLSID\{5ea9ab0e-7236-11dd-9cd6-001d601032bd}" => Key not found.
"HKU\S-1-5-21-1060284298-764733703-725345543-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c866feaf-0c13-11e4-a703-001d601032bd}" => Key deleted successfully.
"HKCR\CLSID\{c866feaf-0c13-11e4-a703-001d601032bd}" => Key not found.
"HKU\S-1-5-21-1060284298-764733703-725345543-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f007bd32-7a06-11de-9f7e-001d601032bd}" => Key deleted successfully.
"HKCR\CLSID\{f007bd32-7a06-11de-9f7e-001d601032bd}" => Key not found.
HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => value deleted successfully.
HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\{CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AD174941-7758-4410-8113-8C8C3D166F1A}" => Key deleted successfully.
"HKCR\CLSID\{AD174941-7758-4410-8113-8C8C3D166F1A}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AD174941-7758-4410-8113-8C8C3D166F1A}" => Key deleted successfully.
"HKCR\CLSID\{AD174941-7758-4410-8113-8C8C3D166F1A}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => Key not found.
"HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} => value deleted successfully.
"HKCR\CLSID\{CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found.
C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\mfw8iwaf.default\Extensions\{cc6cc772-f121-49e0-b1f0-c26583cb0c5e} => Moved successfully.
"C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\mfw8iwaf.default\Extensions\{cc6cc772-f121-49e0-b1f0-c26583cb0c5e}" => File/Directory not found.
iSafeService => Service not found.
"C:\Programas\iSafe\iSafeSvc.exe" => File/Directory not found.
iSafeKrnl => Service not found.
iSafeKrnlBoot => Service not found.
iSafeKrnlKit => Service not found.
iSafeKrnlR3 => Service not found.
iSafeNetFilter => Unable to stop service
iSafeNetFilter => Service deleted successfully.
"C:\Programas\iSafe" => File/Directory not found.
mferkdk => Service deleted successfully.
WS2IFSL => Service deleted successfully.
"C:\WINDOWS\system32\Drivers\iSafeKrnlBoot.sys" => File/Directory not found.
C:\Documents and Settings\Daniel\Application Data\iSafe => Moved successfully.
"C:\Programas\iSafe\zlib1.dll" => File/Directory not found.
"C:\Programas\iSafe\curlpp.dll" => File/Directory not found.
"C:\Programas\iSafe\ipcproxy.dll" => File/Directory not found.
"C:\Programas\iSafe\tws\unrar.dll" => File/Directory not found.
"C:\Programas\iSafe\tws\zlib1.dll" => File/Directory not found.
"C:\Programas\iSafe\tws\unacev2.dll" => File/Directory not found.
"C:\Programas\iSafe\libpng.dll" => File/Directory not found.
"C:\Programas\iSafe\ipcdl.exe" => File/Directory not found.
C:\Documents and Settings\All Users\Application Data\TEMP => ":63238B95" ADS removed successfully.
EmptyTemp: => Removed 4 GB temporary data.


The system needed a reboot.

==== End of Fixlog ====

 

I'll wait for further instructions :)

 

greets


  • 0

#7
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

That's good to hear about the uninstalls.  One of the infections removed was classified as a "Fraud / Rogue" type of software, so we need to scan for any traces left of that software.

  • Download  RogueKiller (by tigzy) on to your desktop
  • Quit all programs.
  • Start RogueKiller.exe.
  • Wait until the Prescan has finished ...
  • Click on Scan. Once finished, click on Report

Note: DO NOT click on anything else other than SCAN and REPORT.  I will review the log and see if there is anything left to remove first.

Please post the contents of the RKreport.txt in your next Reply.


  • 0

#8
danix22

danix22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts

Hi dbreeze

here are the RKreport.txt contents:

 

RogueKiller V9.2.10.0 [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User : Daniel [Admin rights]
Mode : Scan -- Date : 09/18/2014  09:17:46

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | SkyTel : SkyTel.EXE  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 194.65.100.117 212.55.154.174 192.168.1.18  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C5111F83-A239-484B-AC3B-FC24E3021680} | DhcpNameServer : 88.214.178.1 88.214.182.2  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{F6D709B0-A1C9-4B61-A5F7-A29E021D5024} | DhcpNameServer : 194.65.100.117 212.55.154.174 192.168.1.18  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{C5111F83-A239-484B-AC3B-FC24E3021680} | DhcpNameServer : 88.214.178.1 88.214.182.2  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{C5111F83-A239-484B-AC3B-FC24E3021680} | DhcpNameServer : 88.214.178.1 88.214.182.2  -> FOUND
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1060284298-764733703-725345543-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 2  -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 1 ¤¤¤
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 17 (Driver: LOADED) ¤¤¤
[SSDT:Addr(Hook.SSDT)] NtClose[25] : Unknown @ 0xf7bcdfdc
[SSDT:Addr(Hook.SSDT)] NtCreateKey[41] : Unknown @ 0xf7bcdf96
[SSDT:Addr(Hook.SSDT)] NtCreateSection[50] : Unknown @ 0xf7bcdfe6
[SSDT:Addr(Hook.SSDT)] NtCreateThread[53] : Unknown @ 0xf7bcdf8c
[SSDT:Addr(Hook.SSDT)] NtDeleteKey[63] : Unknown @ 0xf7bcdf9b
[SSDT:Addr(Hook.SSDT)] NtDeleteValueKey[65] : Unknown @ 0xf7bcdfa5
[SSDT:Addr(Hook.SSDT)] NtDuplicateObject[68] : Unknown @ 0xf7bcdfd7
[SSDT:Addr(Hook.SSDT)] NtLoadKey[98] : Unknown @ 0xf7bcdfaa
[SSDT:Addr(Hook.SSDT)] NtOpenProcess[122] : Unknown @ 0xf7bcdf78
[SSDT:Addr(Hook.SSDT)] NtOpenThread[128] : Unknown @ 0xf7bcdf7d
[SSDT:Addr(Hook.SSDT)] NtReplaceKey[193] : Unknown @ 0xf7bcdfb4
[SSDT:Addr(Hook.SSDT)] NtRestoreKey[204] : Unknown @ 0xf7bcdfaf
[SSDT:Addr(Hook.SSDT)] NtSetContextThread[213] : Unknown @ 0xf7bcdfeb
[SSDT:Addr(Hook.SSDT)] NtSetValueKey[247] : Unknown @ 0xf7bcdfa0
[SSDT:Addr(Hook.SSDT)] NtTerminateProcess[257] : Unknown @ 0xf7bcdf87
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookEx[549] : Unknown @ 0xf7bcdff0
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWinEventHook[552] : Unknown @ 0xf7bcdff5

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDT725025VLA380 +++++
--- User ---
[MBR] 53f16b439b0738f8e0736fb7e65b961d
[BSP] efb3658a2cf637fc05fd7b40f831dae2 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 99998 MB
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 204796620 | Size: 138466 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic 2.0 Reader    -0 USB Device +++++
Error reading User MBR! ([15] O dispositivo não está preparado. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] O pedido não é suportado. )

+++++ PhysicalDrive2: Generic 2.0 Reader    -1 USB Device +++++
Error reading User MBR! ([15] O dispositivo não está preparado. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] O pedido não é suportado. )

+++++ PhysicalDrive3: Generic 2.0 Reader    -2 USB Device +++++
Error reading User MBR! ([15] O dispositivo não está preparado. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] O pedido não é suportado. )
 


  • 0

#9
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

Well, danix22, the iSafe infection looks like it is removed but we will check on the Rootkit section findings.
 
First, some questions >>>>
 
Are the double lines gone from the web broswers?
Did you disable the Avira Personal Free software yourself?
 
Second, scan with Avast aswMBR software >>>>
 
Download aswMBR.exe  to your desktop. If you already have this application, this is a new version I need you to download.
 
Double click the aswMBR.exe to run it
 
aswMBR1.png
 
Click the "Scan" button to start scan
 
If your computer supports Virtualization Technology, select Yes to use it for rootkit detection.
 
msgbox.png
 
On completion of the scan click Save Log, save it to your desktop and post in your next reply
 
aswMBR2.png
 

 
Third, scan with AdwCleaner >>>>
 
 
AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

    AdwScan.jpg?
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove. Please Do Not delete anything at this time.
  • Click the Report button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.

Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.
 
 
 
Items to include in your reply >>>>

  • Information on the questions I asked.
  • aswMBR scan log.
  • AdwCleaner[R#].txt log.
  • Any questions you have / how is your system?

  • 0

#10
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

One more question danix22; do you have a Solid State Harddrive or is it just a regular Hard Disk Drive?  Thanks.


Edited by dbreeze, 19 September 2014 - 08:07 AM.

  • 0

Advertisements


#11
danix22

danix22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts

hi dbreeze
 
1: your questions:
Are the double lines gone from the web broswers? aparently YES !! :):)
Did you disable the Avira Personal Free software yourself? i didnt touch the avira - neither disable or able
 

2.Avast aswMBR software
didn't run until the end
 
here is the log
 
aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-09-22 14:11:44
-----------------------------
14:11:44.000    OS Version: Windows 5.1.2600 Service Pack 2
14:11:44.000    Number of processors: 2 586 0xF0B
14:11:44.000    ComputerName: V3G33  UserName:
14:11:44.312    Initialize success
14:11:44.312    VM: initialized successfully
14:11:44.406    VM: Intel CPU supported
14:12:22.078    AVAST engine defs: 14092200
14:12:24.515    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7
14:12:24.515    Disk 0 Vendor: Hitachi_HDT725025VLA380 V5DOA7EA Size: 238475MB BusType: 3
14:12:24.656    Disk 0 MBR read successfully
14:12:24.656    Disk 0 MBR scan
14:12:24.812    Disk 0 Windows XP default MBR code
14:12:24.828    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        99998 MB offset 63
14:12:24.828    Disk 0 Boot: NTFS     code=1
14:12:24.890    Disk 0 Partition - 00     0F Extended LBA            138466 MB offset 204796620
14:12:24.906    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       138466 MB offset 204796683
14:12:24.921    Disk 0 scanning sectors +488376000
14:12:25.078    Disk 0 scanning C:\WINDOWS\system32\drivers
14:12:41.015    Service scanning
14:13:00.250    Modules scanning
14:13:29.156    Disk 0 trace - called modules:
14:13:29.171    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
14:13:29.171    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f2cab8]
14:13:29.171    3 CLASSPNP.SYS[f761f05b] -> nt!IofCallDriver -> \Device\00000075[0x86f573b8]
14:13:29.171    5 ACPI.sys[f7494620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-7[0x86f3bd98]
14:13:29.859    AVAST engine scan C:\WINDOWS
14:13:37.015    AVAST engine scan C:\WINDOWS\system32
14:18:04.718    AVAST engine scan C:\WINDOWS\system32\drivers
14:18:24.593    AVAST engine scan C:\Documents and Settings\Daniel
14:52:37.156    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Daniel\Ambiente de trabalho\MBR.dat"
14:52:37.218    The log file has been saved successfully to "C:\Documents and Settings\Daniel\Ambiente de trabalho\aswMBR.txt"

 

 

3. AdwCleaner

 

should i try this one?

 

 

4.My system is too slow than normally it should!

 

 

5. your quest: do you have a Solid State Harddrive or is it just a regular Hard Disk Drive? - please be more especific - i dont know what are those 2 kinds of hard disk - language problem i think!!

 

thanks for everything

 

again :9

 

cheers

 

Danix


  • 0

#12
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

Yes, please run the AdwCleaner scan.


  • 0

#13
danix22

danix22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts

here is the AdwCleaner scan log:

 

# AdwCleaner v3.310 - Report created 22/09/2014 at 16:50:11
# Updated 12/09/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 2 (32 bits)
# Username : Daniel - V3G33
# Running from : C:\Documents and Settings\Daniel\Ambiente de trabalho\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : C:\Documents and Settings\Daniel\Application Data\eCyber

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\iSafe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v32.0.2 (x86 pt-PT)

[ File : C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\mfw8iwaf.default\prefs.js ]


[ File : C:\Documents and Settings\Duarte\Application Data\Mozilla\Firefox\Profiles\hrkes8qm.default\prefs.js ]


[ File : C:\Documents and Settings\Marta\Application Data\Mozilla\Firefox\Profiles\7xtkcsyh.default\prefs.js ]


[ File : C:\Documents and Settings\Teresa\Application Data\Mozilla\Firefox\Profiles\yyxn6rr9.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Documents and Settings\Daniel\Definições locais\Application Data\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Documents and Settings\Marta\Definições locais\Application Data\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Documents and Settings\Teresa\Definições locais\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [36477 octets] - [16/09/2014 09:46:03]
AdwCleaner[R1].txt - [1711 octets] - [16/09/2014 10:13:39]
AdwCleaner[R2].txt - [1827 octets] - [22/09/2014 16:50:11]
AdwCleaner[S0].txt - [34874 octets] - [16/09/2014 09:49:39]
AdwCleaner[S1].txt - [1772 octets] - [16/09/2014 10:15:38]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [2008 octets] ##########
 


  • 0

#14
danix22

danix22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts

hi again

 

i tried once again and after a long time i got my aswmbr.txt. complete:

 

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-09-22 19:35:41
-----------------------------
19:35:41.718    OS Version: Windows 5.1.2600 Service Pack 2
19:35:41.718    Number of processors: 2 586 0xF0B
19:35:41.718    ComputerName: V3G33  UserName:
19:35:42.546    Initialize success
19:35:42.546    VM: initialized successfully
19:35:42.734    VM: Intel CPU supported
19:36:22.859    AVAST engine defs: 14092200
19:40:01.750    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7
19:40:01.750    Disk 0 Vendor: Hitachi_HDT725025VLA380 V5DOA7EA Size: 238475MB BusType: 3
19:40:02.203    Disk 0 MBR read successfully
19:40:02.203    Disk 0 MBR scan
19:40:02.328    Disk 0 Windows XP default MBR code
19:40:02.375    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        99998 MB offset 63
19:40:02.406    Disk 0 Boot: NTFS     code=1
19:40:02.484    Disk 0 Partition - 00     0F Extended LBA            138466 MB offset 204796620
19:40:02.546    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       138466 MB offset 204796683
19:40:02.609    Disk 0 scanning sectors +488376000
19:40:03.125    Disk 0 scanning C:\WINDOWS\system32\drivers
19:40:39.515    Service scanning
19:41:00.515    Modules scanning
19:41:37.093    Disk 0 trace - called modules:
19:41:37.109    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
19:41:37.109    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f2cab8]
19:41:37.109    3 CLASSPNP.SYS[f761f05b] -> nt!IofCallDriver -> \Device\00000075[0x86f573b8]
19:41:37.125    5 ACPI.sys[f7494620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-7[0x86f3bd98]
19:41:37.531    AVAST engine scan C:\WINDOWS
19:42:04.234    AVAST engine scan C:\WINDOWS\system32
19:51:50.968    AVAST engine scan C:\WINDOWS\system32\drivers
19:52:45.578    AVAST engine scan C:\Documents and Settings\Daniel
22:50:27.890    AVAST engine scan C:\Documents and Settings\All Users
22:52:29.640    Scan finished successfully
23:10:49.296    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Daniel\Ambiente de trabalho\MBR.dat"
23:10:49.312    The log file has been saved successfully to "C:\Documents and Settings\Daniel\Ambiente de trabalho\aswMBR.txt"
23:11:09.890    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Daniel\Ambiente de trabalho\MBR.dat"
23:11:09.890    The log file has been saved successfully to "C:\Documents and Settings\Daniel\Ambiente de trabalho\aswMBR.txt"

 


  • 0

#15
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

Please run the two scans listed below:

Re-run AdwCleaner

Close all open windows and browsers.

  • Double click the AdwCleaner icon to run AdwCleaner. (Vista and 7 users) Right click the AdwCleaner icon, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Scan button and wait for the scan to complete.
  • When the Scan has finished the Scan button will be grayed out and the Clean button will be activated./*]
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

TDSSKiller
 
Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Then click on Change parameters in TDSSKiller.
  • Another window will appear.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Things to Post back >>>>

  • The AdwCleaner[S#].txt.
  • The TDSSKiller log.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP