1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Malware impossible to delete.

Discussion in 'Virus & Other Malware Removal' started by Avectius, Oct 5, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. Avectius

    Avectius Thread Starter

    Joined:
    Nov 8, 2008
    Messages:
    222
    I have scanned my machine several times with avast already, and every single time, i get a list of remaining viruses. And everytime i attempt to use the option: "Repair" Avast refuses to do so for some reason.

    I Then proceed to "Delete". However, during the day, avast STILL keeps giving me the common " Threat has been detected "

    For some reason, the listing of the system32/svc host or some sort.. keeps showing up.


    I'm running out of options.

    Here is the log from HiJackThis:


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:01:03, on 05-10-2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.17099)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programas\WTouch\WTouchService.exe
    C:\Programas\WTouch\WTouchUser.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Programas\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programas\Razer\DeathAdder\razerhid.exe
    C:\Programas\DivX\DivX Update\DivXUpdate.exe
    C:\Programas\AVAST Software\Avast\avastUI.exe
    C:\Programas\Ficheiros comuns\Java\Java Update\jusched.exe
    C:\Programas\LogMeIn Hamachi\hamachi-2-ui.exe
    C:\Programas\TortoiseSVN\bin\TSVNCache.exe
    C:\Programas\Razer\DeathAdder\razertra.exe
    C:\Programas\Steam\steam.exe
    C:\Programas\Razer\DeathAdder\razerofa.exe
    C:\Programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Programas\Pando Networks\Media Booster\PMB.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programas\Skype\Phone\Skype.exe
    C:\Programas\LogMeIn Hamachi\hamachi-2.exe
    C:\Programas\Java\jre7\bin\jqs.exe
    C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\WISPTIS.EXE
    C:\Programas\Ficheiros comuns\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Pen_Tablet.exe
    C:\Programas\Skype\Plugin Manager\skypePM.exe
    C:\Programas\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66019
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66019
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
    F2 - REG:system.ini: Shell=Explorer.exe C:\Documents and Settings\John The God\Application Data\Microsoft\Windows Update.exe
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programas\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programas\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Programas\HyperCam Toolbar\tbcore3.dll
    O3 - Toolbar: HyperCam Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Programas\HyperCam Toolbar\tbcore3.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programas\AVAST Software\Avast\aswWebRepIE.dll
    O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programas\Ficheiros comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [DeathAdder] C:\Programas\Razer\DeathAdder\razerhid.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [DivXUpdate] "C:\Programas\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programas\Logitech\Logitech WebCam Software\LWS.exe" /hide
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programas\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [avast] "C:\Programas\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Programas\Ficheiros comuns\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Programas\Ficheiros comuns\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SwitchBoard] C:\Programas\Ficheiros comuns\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Ficheiros comuns\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Programas\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    O4 - HKLM\..\Run: [Google Updater] "C:\Programas\Google\Google Updater\GoogleUpdater.exe" -check_deprecation
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Programas\Ficheiros comuns\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [Steam] "C:\Programas\Steam\steam.exe" -silent
    O4 - HKCU\..\Run: [swg] "C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [igndlm.exe] C:\Programas\Download Manager\DLM.exe /windowsstart /startifwork
    O4 - HKCU\..\Run: [Aim] "C:\Programas\AIM\aim.exe" /d locale=en-US
    O4 - HKCU\..\Run: [Pando Media Booster] C:\Programas\Pando Networks\Media Booster\PMB.exe
    O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Programas\DAEMON Tools Pro\DTAgent.exe" -autorun
    O4 - HKCU\..\Run: [ManyCam] "C:\Programas\ManyCam\Bin\ManyCam.exe" /silent
    O4 - HKCU\..\Run: [Java Update] C:\Documents and Settings\John The God\Definições locais\Temp\\Tmp2324.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [EADM] "C:\Programas\Electronic Arts\EADM\EADMUI.exe"
    O4 - HKCU\..\Run: [Comrade.exe] C:\Programas\GameSpy\Comrade\Comrade.exe
    O4 - HKCU\..\Run: [Skype] "C:\Programas\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - Startup: Xfire.lnk = C:\Programas\Xfire\Xfire.exe
    O4 - Global Startup: SMCWUSB-G 802.11g Wireless USB Utility.lnk = C:\Programas\SMC\SMCWUSB-G 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe
    O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Programas\MP3 Player Utilities 4.00\AMVConverter\grab.html
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Programas\MP3 Player Utilities 4.00\MediaManager\grab.html
    O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O15 - Trusted IP range: http://192.168.1.1
    O15 - ESC Trusted IP range: http://192.168.1.1
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
    O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} (Battlefield Play4Free Updater) - https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.53.2.cab
    O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.21.0.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Programas\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programas\Ficheiros comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Serviço Google Update (gupdate1c9bb5b76927ea0) (gupdate1c9bb5b76927ea0) - Google Inc. - C:\Programas\Google\Update\GoogleUpdate.exe
    O23 - Service: Serviço Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programas\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Programas\LogMeIn Hamachi\hamachi-2.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Programas\Java\jre7\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programas\Ficheiros comuns\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Programas\Ficheiros comuns\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
    O23 - Service: WTouch Service (WTouchService) - Wacom Technology, Corp. - C:\Programas\WTouch\WTouchService.exe

    --
    End of file - 12422 bytes
     
  2. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    63,629
    You're using an old version(2.0.2) of HiJackThis.

    Uninstall it and then do the following:

    Go here and click the green "Download latest version" link to download and save HiJackThis 2.0.4.

    After it's been downloaded and saved, close all open windows first, then double-click the saved file to install it.

    Allow it to install in its default location - C:\Program Files.

    After it's been installed, start it and then click "Do a system scan and save a log file".

    When the scan is finished in less than 30 seconds, a log file will appear.

    Save that log file.

    Return here to your thread, then copy-and-paste the entire log file here.

    ------------------------------------------------------

    You need to get rid of the buildup of temp files in that computer.

    Do the following:

    Click Start - Run, then type in

    %temp%

    and then click OK.

    Click Start - Run, then type in

    c:\windows\temp

    and then click OK.

    Once those 2 temp folders appear and you can view their contents, select and delete EVERYTHING that's inside them.

    If a few files resist being deleted, that's normal behavior. Leave them alone and delete EVERYTHING else.

    After you're done, empty the Recycle Bin and then restart the computer.

    ------------------------------------------------------
     
  3. Avectius

    Avectius Thread Starter

    Joined:
    Nov 8, 2008
    Messages:
    222
    Here is the log file taken with the latest version:




    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 23:34:36, on 05-10-2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.17099)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programas\WTouch\WTouchService.exe
    C:\Programas\WTouch\WTouchUser.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Programas\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.exe
    C:\Programas\Razer\DeathAdder\razerhid.exe
    C:\Programas\DivX\DivX Update\DivXUpdate.exe
    C:\Programas\AVAST Software\Avast\avastUI.exe
    C:\Programas\Ficheiros comuns\Java\Java Update\jusched.exe
    C:\Programas\LogMeIn Hamachi\hamachi-2-ui.exe
    C:\Programas\Steam\steam.exe
    C:\Programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Programas\Pando Networks\Media Booster\PMB.exe
    C:\Programas\Razer\DeathAdder\razertra.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programas\Razer\DeathAdder\razerofa.exe
    C:\Programas\Skype\Phone\Skype.exe
    C:\Programas\TortoiseSVN\bin\TSVNCache.exe
    C:\Programas\LogMeIn Hamachi\hamachi-2.exe
    C:\Programas\Google\Update\1.3.21.71\GoogleCrashHandler.exe
    C:\WINDOWS\system32\WISPTIS.EXE
    C:\Programas\Java\jre7\bin\jqs.exe
    C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
    C:\Programas\Ficheiros comuns\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Pen_Tablet.exe
    C:\Programas\Skype\Plugin Manager\skypePM.exe
    C:\Programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programas\Google\Chrome\Application\chrome.exe
    C:\Programas\Google\Chrome\Application\chrome.exe
    C:\Programas\Google\Chrome\Application\chrome.exe
    C:\Programas\Google\Chrome\Application\chrome.exe
    C:\Programas\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Programas\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Programas\Trend Micro\HijackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66019
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66019
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
    F2 - REG:system.ini: Shell=Explorer.exe C:\Documents and Settings\John The God\Application Data\Microsoft\Windows Update.exe
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programas\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programas\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Programas\HyperCam Toolbar\tbcore3.dll
    O3 - Toolbar: HyperCam Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Programas\HyperCam Toolbar\tbcore3.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programas\AVAST Software\Avast\aswWebRepIE.dll
    O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programas\Ficheiros comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [DeathAdder] C:\Programas\Razer\DeathAdder\razerhid.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [DivXUpdate] "C:\Programas\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programas\Logitech\Logitech WebCam Software\LWS.exe" /hide
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programas\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [avast] "C:\Programas\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Programas\Ficheiros comuns\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Programas\Ficheiros comuns\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SwitchBoard] C:\Programas\Ficheiros comuns\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Ficheiros comuns\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Programas\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    O4 - HKLM\..\Run: [Google Updater] "C:\Programas\Google\Google Updater\GoogleUpdater.exe" -check_deprecation
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Programas\Ficheiros comuns\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [Steam] "C:\Programas\Steam\steam.exe" -silent
    O4 - HKCU\..\Run: [swg] "C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [igndlm.exe] C:\Programas\Download Manager\DLM.exe /windowsstart /startifwork
    O4 - HKCU\..\Run: [Aim] "C:\Programas\AIM\aim.exe" /d locale=en-US
    O4 - HKCU\..\Run: [Pando Media Booster] C:\Programas\Pando Networks\Media Booster\PMB.exe
    O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Programas\DAEMON Tools Pro\DTAgent.exe" -autorun
    O4 - HKCU\..\Run: [ManyCam] "C:\Programas\ManyCam\Bin\ManyCam.exe" /silent
    O4 - HKCU\..\Run: [Java Update] C:\Documents and Settings\John The God\Definições locais\Temp\\Tmp2324.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [EADM] "C:\Programas\Electronic Arts\EADM\EADMUI.exe"
    O4 - HKCU\..\Run: [Comrade.exe] C:\Programas\GameSpy\Comrade\Comrade.exe
    O4 - HKCU\..\Run: [Skype] "C:\Programas\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - Startup: Xfire.lnk = C:\Programas\Xfire\Xfire.exe
    O4 - Global Startup: SMCWUSB-G 802.11g Wireless USB Utility.lnk = C:\Programas\SMC\SMCWUSB-G 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe
    O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Programas\MP3 Player Utilities 4.00\AMVConverter\grab.html
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Programas\MP3 Player Utilities 4.00\MediaManager\grab.html
    O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O15 - Trusted IP range: http://192.168.1.1
    O15 - ESC Trusted IP range: http://192.168.1.1
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
    O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} (Battlefield Play4Free Updater) - https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.53.2.cab
    O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.21.0.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Daemon da cache de categorias dos componentes - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Programas\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programas\Ficheiros comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Serviço Google Update (gupdate1c9bb5b76927ea0) (gupdate1c9bb5b76927ea0) - Google Inc. - C:\Programas\Google\Update\GoogleUpdate.exe
    O23 - Service: Serviço Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programas\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Programas\LogMeIn Hamachi\hamachi-2.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Programas\Java\jre7\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programas\Ficheiros comuns\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Programas\Ficheiros comuns\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
    O23 - Service: WTouch Service (WTouchService) - Wacom Technology, Corp. - C:\Programas\WTouch\WTouchService.exe

    --
    End of file - 13166 bytes






    I Will now proceed to remove the Temporary files then.
     
  4. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    63,629
    Start HiJackThis, but don't run a scan.

    Click on the "Open The Misc Tools Section" button.

    Click on the "Open Uninstall Manager" button.

    Click on the "Save List" button.

    Save the "uninstall_list.txt" file somewhere.

    It'll then open in Notepad.

    Return here to your thread, then copy-and-paste the entire file here.

    --------------------------------------------------------
     
  5. Avectius

    Avectius Thread Starter

    Joined:
    Nov 8, 2008
    Messages:
    222
    Here it is, oh and btw the "Actualização de segurança do Windows" thing means: Windows Security Update. Rough translation lol.


    Actualização de Segurança para o Windows Media Player (KB2378111)
    Actualização de Segurança para o Windows Media Player (KB952069)
    Actualização de Segurança para o Windows Media Player (KB954155)
    Actualização de Segurança para o Windows Media Player (KB968816)
    Actualização de Segurança para o Windows Media Player (KB973540)
    Actualização de Segurança para o Windows Media Player (KB973540)
    Actualização de Segurança para o Windows Media Player (KB975558)
    Actualização de Segurança para o Windows Media Player (KB978695)
    Actualização de Segurança para o Windows Media Player (KB979402)
    Actualização de segurança para Windows Internet Explorer 7 (KB2183461)
    Actualização de segurança para Windows Internet Explorer 7 (KB2360131)
    Actualização de segurança para Windows Internet Explorer 7 (KB2416400)
    Actualização de segurança para Windows Internet Explorer 7 (KB2482017)
    Actualização de segurança para Windows Internet Explorer 7 (KB2530548)
    Actualização de segurança para Windows Internet Explorer 7 (KB2544521)
    Actualização de segurança para Windows Internet Explorer 7 (KB2559049)
    Actualização de segurança para Windows Internet Explorer 7 (KB938127)
    Actualização de segurança para Windows Internet Explorer 7 (KB938127-v2)
    Actualização de segurança para Windows Internet Explorer 7 (KB956390)
    Actualização de segurança para Windows Internet Explorer 7 (KB958215)
    Actualização de segurança para Windows Internet Explorer 7 (KB960714)
    Actualização de segurança para Windows Internet Explorer 7 (KB961260)
    Actualização de segurança para Windows Internet Explorer 7 (KB963027)
    Actualização de segurança para Windows Internet Explorer 7 (KB969897)
    Actualização de segurança para Windows Internet Explorer 7 (KB972260)
    Actualização de segurança para Windows Internet Explorer 7 (KB974455)
    Actualização de segurança para Windows Internet Explorer 7 (KB976325)
    Actualização de segurança para Windows Internet Explorer 7 (KB978207)
    Actualização de segurança para Windows Internet Explorer 7 (KB982381)
    Actualização de segurança para Windows XP (KB2079403)
    Actualização de segurança para Windows XP (KB2115168)
    Actualização de segurança para Windows XP (KB2121546)
    Actualização de segurança para Windows XP (KB2160329)
    Actualização de segurança para Windows XP (KB2229593)
    Actualização de segurança para Windows XP (KB2259922)
    Actualização de segurança para Windows XP (KB2279986)
    Actualização de segurança para Windows XP (KB2286198)
    Actualização de segurança para Windows XP (KB2296011)
    Actualização de segurança para Windows XP (KB2296199)
    Actualização de segurança para Windows XP (KB2347290)
    Actualização de segurança para Windows XP (KB2360937)
    Actualização de segurança para Windows XP (KB2387149)
    Actualização de segurança para Windows XP (KB2393802)
    Actualização de segurança para Windows XP (KB2412687)
    Actualização de segurança para Windows XP (KB2419632)
    Actualização de segurança para Windows XP (KB2423089)
    Actualização de segurança para Windows XP (KB2436673)
    Actualização de segurança para Windows XP (KB2440591)
    Actualização de segurança para Windows XP (KB2443105)
    Actualização de segurança para Windows XP (KB2476490)
    Actualização de segurança para Windows XP (KB2476687)
    Actualização de segurança para Windows XP (KB2478960)
    Actualização de segurança para Windows XP (KB2478971)
    Actualização de segurança para Windows XP (KB2479628)
    Actualização de segurança para Windows XP (KB2479943)
    Actualização de segurança para Windows XP (KB2481109)
    Actualização de segurança para Windows XP (KB2483185)
    Actualização de segurança para Windows XP (KB2485376)
    Actualização de segurança para Windows XP (KB2485663)
    Actualização de segurança para Windows XP (KB2503665)
    Actualização de segurança para Windows XP (KB2506212)
    Actualização de segurança para Windows XP (KB2507618)
    Actualização de segurança para Windows XP (KB2507938)
    Actualização de segurança para Windows XP (KB2508272)
    Actualização de segurança para Windows XP (KB2508429)
    Actualização de segurança para Windows XP (KB2509553)
    Actualização de segurança para Windows XP (KB2510581)
    Actualização de segurança para Windows XP (KB2524375)
    Actualização de segurança para Windows XP (KB2535512)
    Actualização de segurança para Windows XP (KB2536276)
    Actualização de segurança para Windows XP (KB2536276-v2)
    Actualização de segurança para Windows XP (KB2544893)
    Actualização de segurança para Windows XP (KB2555917)
    Actualização de segurança para Windows XP (KB2562937)
    Actualização de segurança para Windows XP (KB2566454)
    Actualização de segurança para Windows XP (KB2567680)
    Actualização de segurança para Windows XP (KB2570222)
    Actualização de segurança para Windows XP (KB2570947)
    Actualização de segurança para Windows XP (KB923561)
    Actualização de segurança para Windows XP (KB938464)
    Actualização de Segurança para Windows XP (KB941569)
    Actualização de segurança para Windows XP (KB946648)
    Actualização de segurança para Windows XP (KB950762)
    Actualização de segurança para Windows XP (KB950974)
    Actualização de segurança para Windows XP (KB951066)
    Actualização de segurança para Windows XP (KB951376-v2)
    Actualização de segurança para Windows XP (KB951698)
    Actualização de segurança para Windows XP (KB951748)
    Actualização de segurança para Windows XP (KB952004)
    Actualização de segurança para Windows XP (KB952954)
    Actualização de segurança para Windows XP (KB953838)
    Actualização de segurança para Windows XP (KB953839)
    Actualização de segurança para Windows XP (KB954211)
    Actualização de segurança para Windows XP (KB954600)
    Actualização de segurança para Windows XP (KB955069)
    Actualização de segurança para Windows XP (KB956390)
    Actualização de segurança para Windows XP (KB956391)
    Actualização de segurança para Windows XP (KB956572)
    Actualização de segurança para Windows XP (KB956744)
    Actualização de segurança para Windows XP (KB956802)
    Actualização de segurança para Windows XP (KB956803)
    Actualização de segurança para Windows XP (KB956841)
    Actualização de segurança para Windows XP (KB956844)
    Actualização de segurança para Windows XP (KB957095)
    Actualização de segurança para Windows XP (KB957097)
    Actualização de segurança para Windows XP (KB958644)
    Actualização de segurança para Windows XP (KB958687)
    Actualização de segurança para Windows XP (KB958690)
    Actualização de segurança para Windows XP (KB958869)
    Actualização de segurança para Windows XP (KB959426)
    Actualização de segurança para Windows XP (KB960225)
    Actualização de segurança para Windows XP (KB960715)
    Actualização de segurança para Windows XP (KB960803)
    Actualização de segurança para Windows XP (KB960859)
    Actualização de segurança para Windows XP (KB961371)
    Actualização de segurança para Windows XP (KB961373)
    Actualização de segurança para Windows XP (KB961501)
    Actualização de segurança para Windows XP (KB968537)
    Actualização de segurança para Windows XP (KB969059)
    Actualização de segurança para Windows XP (KB969898)
    Actualização de segurança para Windows XP (KB969947)
    Actualização de segurança para Windows XP (KB970238)
    Actualização de segurança para Windows XP (KB970430)
    Actualização de segurança para Windows XP (KB971468)
    Actualização de segurança para Windows XP (KB971486)
    Actualização de segurança para Windows XP (KB971557)
    Actualização de segurança para Windows XP (KB971633)
    Actualização de segurança para Windows XP (KB971657)
    Actualização de segurança para Windows XP (KB971961)
    Actualização de segurança para Windows XP (KB972270)
    Actualização de segurança para Windows XP (KB973346)
    Actualização de segurança para Windows XP (KB973354)
    Actualização de segurança para Windows XP (KB973507)
    Actualização de segurança para Windows XP (KB973525)
    Actualização de segurança para Windows XP (KB973869)
    Actualização de segurança para Windows XP (KB973904)
    Actualização de segurança para Windows XP (KB974112)
    Actualização de segurança para Windows XP (KB974318)
    Actualização de segurança para Windows XP (KB974392)
    Actualização de segurança para Windows XP (KB974571)
    Actualização de segurança para Windows XP (KB975025)
    Actualização de segurança para Windows XP (KB975467)
    Actualização de segurança para Windows XP (KB975560)
    Actualização de segurança para Windows XP (KB975561)
    Actualização de segurança para Windows XP (KB975562)
    Actualização de segurança para Windows XP (KB975713)
    Actualização de segurança para Windows XP (KB977165)
    Actualização de segurança para Windows XP (KB977816)
    Actualização de segurança para Windows XP (KB977914)
    Actualização de segurança para Windows XP (KB978037)
    Actualização de segurança para Windows XP (KB978251)
    Actualização de segurança para Windows XP (KB978262)
    Actualização de segurança para Windows XP (KB978338)
    Actualização de segurança para Windows XP (KB978542)
    Actualização de segurança para Windows XP (KB978601)
    Actualização de segurança para Windows XP (KB978706)
    Actualização de segurança para Windows XP (KB979309)
    Actualização de segurança para Windows XP (KB979482)
    Actualização de segurança para Windows XP (KB979559)
    Actualização de segurança para Windows XP (KB979683)
    Actualização de segurança para Windows XP (KB979687)
    Actualização de segurança para Windows XP (KB980195)
    Actualização de segurança para Windows XP (KB980218)
    Actualização de segurança para Windows XP (KB980232)
    Actualização de segurança para Windows XP (KB980436)
    Actualização de segurança para Windows XP (KB981322)
    Actualização de segurança para Windows XP (KB981349)
    Actualização de segurança para Windows XP (KB981852)
    Actualização de segurança para Windows XP (KB981957)
    Actualização de segurança para Windows XP (KB981997)
    Actualização de segurança para Windows XP (KB982132)
    Actualização de segurança para Windows XP (KB982214)
    Actualização de segurança para Windows XP (KB982665)
    Actualização de segurança para Windows XP (KB982802)
    Actualização para Windows Internet Explorer 7 (KB976749)
    Actualização para Windows Internet Explorer 7 (KB980182)
    Actualização para Windows XP (KB2141007)
    Actualização para Windows XP (KB2345886)
    Actualização para Windows XP (KB2467659)
    Actualização para Windows XP (KB2541763)
    Actualização para Windows XP (KB2607712)
    Actualização para Windows XP (KB2616676)
    Actualização para Windows XP (KB951072-v2)
    Actualização para Windows XP (KB951978)
    Actualização para Windows XP (KB955759)
    Actualização para Windows XP (KB955839)
    Actualização para Windows XP (KB961503)
    Actualização para Windows XP (KB967715)
    Actualização para Windows XP (KB968389)
    Actualização para Windows XP (KB971029)
    Actualização para Windows XP (KB971737)
    Actualização para Windows XP (KB973687)
    Actualização para Windows XP (KB973815)
    Adobe AIR
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe Community Help
    Adobe Community Help
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Drive CS4
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Illustrator CS4
    Adobe Illustrator CS4
    Adobe Linguistics CS4
    Adobe Media Player
    Adobe Media Player
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS5
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Shockwave Player 11.5
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    Age of Chivalry
    AIM 7
    AMD APP SDK Runtime
    Any to Icon
    Apple Application Support
    Apple Software Update
    ArtRage 2
    Ask Toolbar
    Assistente de Início de Sessão do Windows Live
    ATI AVIVO Codecs
    ATI HYDRAVISION
    ATI Parental Control & Encoder
    Auslogics Disk Defrag
    Autodesk Backburner 2008.1
    Autodesk FBX Plugin 2009.4 - 3ds Max 2010
    AV Voice Changer Software DIAMOND 6.0
    avast! Free Antivirus
    Bamboo
    BitTorrent
    Burn4Free CD & DVD 4.9.0.0
    Call of Duty Modern Warfare 2
    Catalyst Control Center - Branding
    CCleaner
    Cheat Engine 6.0
    Click to Call with Skype
    Connect
    Counter-Strike: Source
    Counter-Strike: Source
    Counter-Strike: Source Beta
    CPUID HWMonitor 1.17
    Data Doctor Password Recovery - Evaluation
    Day of Defeat: Source
    dBpowerAMP Music Converter
    DivX Setup
    Download Manager 2.3.10
    Download Updater (AOL LLC)
    Dream Of Mirror Online
    Driver Robot
    DVD Flick 1.3.0.7
    DVD Suite
    EA Download Manager
    ESET Online Scanner v3
    Ferramenta de Carregamento do Windows Live
    Foxit Reader
    Fraps (remove only)
    Game Cam XPress 2.5.0
    GameSpy Comrade
    Garry's Mod
    GoldWave v5.57
    Google Chrome
    Google Earth
    Google Update Helper
    Google Updater
    GTK+ 2.10.13 runtime environment
    GtkRadiant 1.5.0
    Guild Wars
    Half-Life
    Half-Life 2
    Half-Life 2: Deathmatch
    High Definition Audio Driver Package - KB888111
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB960043)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix para Windows XP (KB2158563)
    Hotfix para Windows XP (KB2443685)
    Hotfix para Windows XP (KB2570791)
    Hotfix para Windows XP (KB942288-v3)
    Hotfix para Windows XP (KB952287)
    Hotfix para Windows XP (KB961118)
    Hotfix para Windows XP (KB970653-v3)
    Hotfix para Windows XP (KB976098-v2)
    Hotfix para Windows XP (KB979306)
    Hotfix para Windows XP (KB981793)
    HyperCam 2
    HyperCam Toolbar
    IconChanger
    ImageConverter Plus 8.0
    Japanese Language Support
    Java(TM) 7
    Java(TM) SE Development Kit 7
    Junk Mail filter update
    kuler
    LightScribe System Software 1.14.25.1
    LightScribeTemplateLabeler
    Logitech Desktop Messenger
    Logitech Vid HD
    Logitech Webcam Software
    Logitech Webcam Software Driver Package
    LogMeIn Hamachi
    LogMeIn Hamachi
    Malwarebytes' Anti-Malware
    ManyCam 2.6.30 (remove only)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - PTG
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - PTG
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 Language Pack - ptg
    Microsoft .NET Framework 3.5 Language Pack - PTG
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft .NET Framework 4 Extended
    Microsoft Choice Guard
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Professional Edition 2003
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Mirror's Edge™
    Mozilla Firefox (3.6.3)
    MSVCRT
    MSVCRT Redists
    MSXML 4.0
    MSXML 4.0
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB973686)
    Mumble 1.2.3
    Need For Speed™ World
    neroxml
    NoVirusThanks Uploader 2.4.3.1
    NVIDIA PhysX v8.10.17
    Pando Media Booster
    Password Decryptor 1.0
    PDF Settings CS4
    Photoshop Camera Raw
    Portal
    Portal 2
    PowerISO
    PunkBuster Services
    Q3Map2 Toolz
    Quake III Team Arena
    Quake III Arena
    Quake Live Internet Explorer Plugin
    QuickTime
    Razer DeathAdder(TM) Mouse
    Realtek High Definition Audio Driver
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Segoe UI
    Simple Port Forwarding
    Skype™ 5.1
    SMCWUSB-G 802.11g Wireless USB 2.0 Adapter
    Source SDK Base
    Steam
    Suite Shared Configuration CS4
    System Requirements Lab
    System Requirements Lab
    System Requirements Lab
    System Requirements Lab CYRI
    TeamViewer 5
    The Lord of the Rings FREE Trial
    TortoiseSVN 1.6.15.21042 (32 bit)
    TotalImageConverter
    Tweak UI
    Ultra AVI Converter 5.6.0801
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Urban Terror 4.1
    VC 9.0 Runtime
    VC80CRTRedist - 8.0.50727.4053
    Vegas Pro 10.0
    Ventrilo Client
    Vicon boujou 5.0
    Visual C++ 8.0 CRT (x86) WinSXS MSM
    VLC media player 1.0.1
    VSO Image Resizer 2.2.2.1
    VSO Image Resizer 4.0.1.5
    WebTablet Netscape Plugin
    Windows Driver Package - Cypress (CyUsb) USB
    Windows Driver Package - Razer (HidUsb) HIDClass (02/02/2007 1.0.5.0)
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
    Windows Imaging Component
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows PowerShell(TM) 1.0
    Windows XP Service Pack 3
    WinRAR archiver
    Wolfenstein - Enemy Territory
    Xbox 360 Controller for Windows
    Xfire (remove only)
    XML Paper Specification Shared Components Language Pack 1.0
    YouTube Downloader 3.3
    Zombie Panic Source
     
  6. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    63,629
    Malwarebytes Anti-Malware(unknown version) needs to be updated to version 1.51.2.1300

    http://www.malwarebytes.org/products/malwarebytes_free

    -------------------------------------------------------

    SUPERAntiSpyware 5.0.0.1128 needs to be downloaded and installed.

    http://www.superantispyware.com/download.html

    -------------------------------------------------------

    After the above has been done and the computer restarted, do the following in the order that they're listed.

    Note: Don't use the computer while each scan is in progress.

    -------------------------------------------------------

    Start Malwarebytes Anti-Malware.

    Click "Updates(tab) - Check for Updates".

    When the definition files have updated, click "OK".

    Click "Scanner(tab) - Perform quick scan - Scan".

    If infections or problems are found during the scan, the number of them will be highlighted in red.

    When the scan is finished, click "Show Results".

    Make sure that EVERYTHING is selected, then click "Remove Selected".

    If you're prompted to restart to finish the removal process, click "Yes".

    Start Malwarebytes Anti-Malware again.

    Click "Logs"(tab).

    Highlight the scan log entry, then click "Open".

    When the scan log appears in Notepad, copy-and-paste it here.

    -------------------------------------------------------

    Start SUPERAntiSpyware.

    Click "Check for Updates".

    When the definition files have updated, click "Close".

    Select the "Quick Scan" option, then click "Scan your Computer".

    If infections or problems are found during the scan, a list will appear and the number of them will be highlighted in red.

    When the scan is finished and the scan summary window appears, click "Continue".

    Make sure that EVERYTHING in the list is selected, then click "Remove Threats".

    Click "OK - Finish".

    If you're prompted to restart to finish the removal process, do so.

    Start SUPERAntiSpyware again.

    Click "View Scan Logs".

    Highlight the scan log entry, then click "View Selected Log".

    When the scan log appears in Notepad, copy-and-paste it here.

    -------------------------------------------------------

    Start HiJackThis, then click "Do a system scan and save a log file".

    Save the new log that appears, then submit it here.

    -------------------------------------------------------
     
  7. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    63,629
    Did you have any trouble with deleting the contents of those 2 temp folders?

    --------------------------------------------------------
     
  8. Avectius

    Avectius Thread Starter

    Joined:
    Nov 8, 2008
    Messages:
    222
    As a matter of fact, yes. In One of the temp folders however, About every 2 or 3 seconds. Files kept appearing out of nowhere. No matter how many i deleted. On the other temp folder, everything was pretty much deleted. Apart from some always giving me the "This.... cannot be deleted, because it is being used by another program" etc etc.

    But overall. i got rid of pretty much all of it.


    I Shall now proceed to do the steps in your previous post.
     
  9. Avectius

    Avectius Thread Starter

    Joined:
    Nov 8, 2008
    Messages:
    222
    Here is the MBAM Scan Log:


    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 7882

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13

    06-10-2011 2:28:59
    mbam-log-2011-10-06 (02-28-59).txt

    Scan type: Quick scan
    Objects scanned: 183400
    Time elapsed: 9 minute(s), 13 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 1
    Registry Data Items Infected: 1
    Folders Infected: 1
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Java Update (Trojan.Agent.Gen) -> Value: Java Update -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen.A) -> Bad: (Explorer.exe C:\Documents and Settings\John The God\Application Data\Microsoft\Windows Update.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

    Folders Infected:
    c:\programas\mozilla firefox\extensions\{f270f1af-34d6-41cb-a9f5-8200ef7db41f} (Adware.Zwunzi) -> Quarantined and deleted successfully.

    Files Infected:
    (No malicious items detected)





    Here is The SUPERAnti-Spyware Scan Log:






    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 10/06/2011 at 02:46 AM

    Application Version : 5.0.1128

    Core Rules Database Version : 7763
    Trace Rules Database Version: 5575

    Scan type : Quick Scan
    Total Scan Time : 00:04:48

    Operating System Information
    Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
    Administrator

    Memory items scanned : 702
    Memory threats detected : 0
    Registry items scanned : 32303
    Registry threats detected : 20
    File items scanned : 6880
    File threats detected : 271

    Adware.HBHelper
    HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
    HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32
    HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32#ThreadingModel
    HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\ProgID
    HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\TypeLib
    HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\VersionIndependentProgID

    Browser Hijacker.Deskbar
    HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
    HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid
    HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32
    HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib
    HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib#Version

    Trojan.Agent/Gen-SSHNAS
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS#NextInstance
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS\0000
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS\0000#Service
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS\0000#Legacy
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS\0000#ConfigFlags
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS\0000#Class
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS\0000#ClassGUID
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS\0000#DeviceDesc

    Adware.Tracking Cookie
    C:\Documents and Settings\John The God\Cookies\YB588512.txt [ /atwola.com ]
    C:\Documents and Settings\John The God\Cookies\RO5KFVU8.txt [ /dc.tremormedia.com ]
    C:\Documents and Settings\John The God\Cookies\ZO21S2X8.txt [ /doubleclick.net ]
    C:\Documents and Settings\John The God\Cookies\4TECNPSJ.txt [ /advertising.com ]
    C:\Documents and Settings\John The God\Cookies\3NDAB3ED.txt [ /anrtx.tacoda.net ]
    C:\Documents and Settings\John The God\Cookies\28Q9DH1F.txt [ /cdn.at.atwola.com ]
    C:\Documents and Settings\John The God\Cookies\19PYN6QG.txt [ /ar.atwola.com ]
    C:\Documents and Settings\John The God\Cookies\I0BTYLN4.txt [ /media.quakelive.com ]
    C:\Documents and Settings\John The God\Cookies\3762MFY0.txt [ /at.atwola.com ]
    C:\Documents and Settings\John The God\Cookies\N302D93H.txt [ /tacoda.at.atwola.com ]
    C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\Cookies\[email protected][2].txt [ Cookie:john the [email protected]/accounts ]
    .doubleclick.net [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .fourseasonshotels.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .overture.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ru4.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .content.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .at.atwola.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .fastclick.net [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .traffichaus.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ads.zeusclicks.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .legolas-media.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adxpose.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .r1-ads.ace.advertising.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .liveperson.net [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    server.iad.liveperson.net [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.3dstats.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediafire.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .xiti.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediafire.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediafire.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pointroll.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .anrtx.tacoda.net [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediafire.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediafire.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediafire.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .server.cpmstar.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    statse.webtrendslive.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    wstat.wibiya.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediaplex.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .smartadserver.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .apmebf.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adlegend.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adlegend.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    accounts.youtube.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    accounts.google.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    accounts.google.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    accounts.google.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ads.digitalmedianet.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    forums.digitalmedianet.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    forums.digitalmedianet.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    forums.digitalmedianet.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .digitalmedianet.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .kontera.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .gametracker.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ads.crakmedia.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.crakmedia.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.crakmedia.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.crakmedia.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    adserver.mmoguru.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .www.burstnet.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pointroll.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .questionmarket.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .questionmarket.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .yieldmanager.net [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adtech.de [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www4.smartadserver.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adultadworld.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adultadworld.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .hentaitoplist.org [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .hornymatches.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .hornymatches.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .hornymatches.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .hornymatches.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .hornymatches.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .hornymatches.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .hornymatches.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .hornymatches.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .hornymatches.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .getclicky.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .static.getclicky.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .hornymatches.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    cn.clickable.net [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .hornymatches.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .hornymatches.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    in.getclicky.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ero-advertising.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .userporn.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .userporn.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .userporn.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.pornhub.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    2.s04.flagcounter.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    s04.flagcounter.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ads2.zeusclicks.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.star-advertising.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.star-advertising.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.star-advertising.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.star-advertising.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.star-advertising.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adnetxchange.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    adserver2.exgfnetwork.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.adultrevads.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pornhub.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pornhub.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pornhub.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .exoclick.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .exoclick.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .smartadserver.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .smartadserver.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .smartadserver.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .eaeacom.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .smartadserver.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .smartadserver.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    mediaservices-d.openxenterprise.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .at.atwola.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .at.atwola.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ar.atwola.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ru4.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .zanox.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .server.cpmstar.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .viacom.adbureau.net [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .viacom.adbureau.net [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .viacom.adbureau.net [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .overture.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tribalfusion.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .yadro.ru [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .dmtracker.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .legolas-media.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adbrite.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediaplex.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .hentaicounter.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .fortunecity.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .fortunecity.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .fortunecity.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .fortunecity.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .server.cpmstar.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .server.cpmstar.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .server.cpmstar.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .server.cpmstar.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .server.cpmstar.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .game-advertising-online.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .fastclick.net [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .h.atdmt.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .h.atdmt.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .h.atdmt.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .h.atdmt.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adtech.de [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adtech.de [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    imagevenue.advertserve.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    imagevenue.advertserve.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adbrite.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adbrite.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adultadworld.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adbrite.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adbrite.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adultadworld.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adultadworld.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adultadworld.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adultadworld.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adultadworld.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ero-advertising.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .myroitracking.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .clicksor.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .clicksor.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .clicksor.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .clicksor.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .clicksor.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adxpansion.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .lfstmedia.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .trafficmp.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .trafficmp.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .trafficmp.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .lucidmedia.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .doubleclick.net [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .content.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .chitika.net [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mm.chitika.net [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .statcounter.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .legolas-media.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .legolas-media.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adbrite.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adbrite.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adbrite.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adbrite.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .bs.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    track.prd1.netshelter.net [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    zbox.zanox.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.zanox.com [ C:\DOCUMENTS AND SETTINGS\JOHN THE GOD\DEFINIçõES LOCAIS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]




    And here is the HiJackThis Scan Log:






    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 3:28:23, on 06-10-2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.17099)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programas\WTouch\WTouchService.exe
    C:\Programas\WTouch\WTouchUser.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Programas\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programas\TortoiseSVN\bin\TSVNCache.exe
    C:\Programas\SUPERAntiSpyware\SASCORE.EXE
    C:\Programas\Razer\DeathAdder\razerhid.exe
    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    C:\Programas\DivX\DivX Update\DivXUpdate.exe
    C:\Programas\Logitech\Logitech WebCam Software\LWS.exe
    C:\Programas\AVAST Software\Avast\avastUI.exe
    C:\Programas\Ficheiros comuns\Java\Java Update\jusched.exe
    C:\Programas\LogMeIn Hamachi\hamachi-2-ui.exe
    C:\Programas\LogMeIn Hamachi\hamachi-2.exe
    C:\Programas\Razer\DeathAdder\razertra.exe
    C:\Programas\Razer\DeathAdder\razerofa.exe
    C:\Programas\Steam\steam.exe
    C:\Programas\Windows Live\Messenger\msnmsgr.exe
    C:\Programas\Google\Update\1.3.21.71\GoogleCrashHandler.exe
    C:\Programas\Pando Networks\Media Booster\PMB.exe
    C:\Programas\Java\jre7\bin\jqs.exe
    C:\Programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Programas\Ficheiros comuns\Logishrd\LQCVFX\COCIManager.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programas\Skype\Phone\Skype.exe
    C:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Programas\Xfire\Xfire.exe
    C:\Programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\WINDOWS\system32\WISPTIS.EXE
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Pen_Tablet.exe
    C:\Programas\Skype\Plugin Manager\skypePM.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Programas\Google\Chrome\Application\chrome.exe
    C:\Programas\Google\Chrome\Application\chrome.exe
    C:\Programas\Google\Chrome\Application\chrome.exe
    C:\Programas\Google\Chrome\Application\chrome.exe
    C:\Programas\Google\Chrome\Application\chrome.exe
    C:\Programas\Trend Micro\HijackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66019
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66019
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programas\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programas\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Programas\HyperCam Toolbar\tbcore3.dll
    O3 - Toolbar: HyperCam Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Programas\HyperCam Toolbar\tbcore3.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programas\AVAST Software\Avast\aswWebRepIE.dll
    O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programas\Ficheiros comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [DeathAdder] C:\Programas\Razer\DeathAdder\razerhid.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [DivXUpdate] "C:\Programas\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programas\Logitech\Logitech WebCam Software\LWS.exe" /hide
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programas\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [avast] "C:\Programas\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Programas\Ficheiros comuns\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Programas\Ficheiros comuns\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SwitchBoard] C:\Programas\Ficheiros comuns\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Ficheiros comuns\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Programas\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    O4 - HKLM\..\Run: [Google Updater] "C:\Programas\Google\Google Updater\GoogleUpdater.exe" -check_deprecation
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Programas\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Programas\Ficheiros comuns\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [Steam] "C:\Programas\Steam\steam.exe" -silent
    O4 - HKCU\..\Run: [swg] "C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [igndlm.exe] C:\Programas\Download Manager\DLM.exe /windowsstart /startifwork
    O4 - HKCU\..\Run: [Aim] "C:\Programas\AIM\aim.exe" /d locale=en-US
    O4 - HKCU\..\Run: [Pando Media Booster] C:\Programas\Pando Networks\Media Booster\PMB.exe
    O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Programas\DAEMON Tools Pro\DTAgent.exe" -autorun
    O4 - HKCU\..\Run: [ManyCam] "C:\Programas\ManyCam\Bin\ManyCam.exe" /silent
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [EADM] "C:\Programas\Electronic Arts\EADM\EADMUI.exe"
    O4 - HKCU\..\Run: [Comrade.exe] C:\Programas\GameSpy\Comrade\Comrade.exe
    O4 - HKCU\..\Run: [Skype] "C:\Programas\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: Xfire.lnk = C:\Programas\Xfire\Xfire.exe
    O4 - Global Startup: SMCWUSB-G 802.11g Wireless USB Utility.lnk = C:\Programas\SMC\SMCWUSB-G 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe
    O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Programas\MP3 Player Utilities 4.00\AMVConverter\grab.html
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Programas\MP3 Player Utilities 4.00\MediaManager\grab.html
    O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O15 - Trusted IP range: http://192.168.1.1
    O15 - ESC Trusted IP range: http://192.168.1.1
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
    O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} (Battlefield Play4Free Updater) - https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.53.2.cab
    O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.21.0.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Programas\SUPERAntiSpyware\SASWINLO.DLL
    O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Daemon da cache de categorias dos componentes - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Programas\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Programas\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programas\Ficheiros comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Serviço Google Update (gupdate1c9bb5b76927ea0) (gupdate1c9bb5b76927ea0) - Google Inc. - C:\Programas\Google\Update\GoogleUpdate.exe
    O23 - Service: Serviço Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programas\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Programas\LogMeIn Hamachi\hamachi-2.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Programas\Java\jre7\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programas\Ficheiros comuns\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programas\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Programas\Ficheiros comuns\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
    O23 - Service: WTouch Service (WTouchService) - Wacom Technology, Corp. - C:\Programas\WTouch\WTouchService.exe

    --
    End of file - 13561 bytes
     
  10. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    63,629
    Did you make sure that EVERYTHING was selected and removed that was found in the SUPERAntiSpyware scan?

    Its scan log doesn't show what action you took like the Malwarebytes Anti-Malware scan log does, so I need to ask.

    --------------------------------------------------------------

    Let's get that bloated startup load trimmed down.

    Some of them don't need to auto-load and run in the background at all, and some of them can be manually started when needed.

    Follow the below instructions carefully and completely.

    After you're done and have restarted the computer, submit a new HiJackThis log.

    --------------------------------------------------------------

    Click Start - Run, then type in MSCONFIG and then click OK - "Startup" tab.

    Remove the checkmark in these startup entries:

    QuickTime Task - or - qttask

    DivXUpdate

    All entries that have "Adobe" or "Acrobat" or "Reader" in the name

    IMJPMIG8.1 - or - IMJPMIG

    IMEKRMIG6.1 - or - IMEKRMIG

    MSPY2002 - or - ImScInst

    PHIME2002ASync - or - TINTSETP

    PHIME2002A - or - TINTSETP

    SwitchBoard

    SunJavaUpdateSched - or - jusched - or - Java(TM) - -

    Google Updater - or - GoogleUpdater

    Steam - or - steam

    swg - or - GoogleToolbarNotifier

    igndlm.exe - or - DLM

    DAEMON Tools Pro Agent - or - DTAgent

    EADM - or - EADMUI

    Comrade.exe - or - Comrade

    Xfire

    After you're done, click Apply - OK/Close - Exit Without Restart.

    Click Start - Run, then type in SERVICES.MSC and then click OK.

    Double-click on these servicie entries, one at a time, to open their properties window:

    FLEXnet Licensing Service

    Google Update

    Google Update

    Google Software Updater

    Java Quick Starter

    nProtect GameGuard Service

    PnkBstrA

    Adobe SwitchBoard


    If the "Startup Type" is set on Automatic, change it to Manual, then click Apply - OK.

    After you're done, close the services window and then restart the computer.

    When the small System Configuration Utility window appears, ignore its message about being in diagnostic/selective startup mode.

    Do NOT change it to normal startup mode!!!

    Put a checkmark in the lower left of that window, then click OK to close it.

    --------------------------------------------------------------
     
  11. Avectius

    Avectius Thread Starter

    Joined:
    Nov 8, 2008
    Messages:
    222
    Here is the log from HiJack This:



    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 17:04:12, on 06-10-2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.17099)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programas\WTouch\WTouchService.exe
    C:\Programas\WTouch\WTouchUser.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Programas\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programas\SUPERAntiSpyware\SASCORE.EXE
    C:\Programas\LogMeIn Hamachi\hamachi-2.exe
    C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
    C:\Programas\Google\Update\1.3.21.71\GoogleCrashHandler.exe
    C:\Programas\Ficheiros comuns\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Programas\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Pen_Tablet.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\Pen_Tablet.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programas\TortoiseSVN\bin\TSVNCache.exe
    C:\Programas\Razer\DeathAdder\razerhid.exe
    C:\Programas\AVAST Software\Avast\avastUI.exe
    C:\Programas\Razer\DeathAdder\razertra.exe
    C:\Programas\Razer\DeathAdder\razerofa.exe
    C:\Programas\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Programas\Pando Networks\Media Booster\PMB.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programas\Skype\Phone\Skype.exe
    C:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Programas\Skype\Plugin Manager\skypePM.exe
    C:\Programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Programas\Trend Micro\HijackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66019
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66019
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programas\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programas\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Programas\HyperCam Toolbar\tbcore3.dll
    O3 - Toolbar: HyperCam Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Programas\HyperCam Toolbar\tbcore3.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programas\AVAST Software\Avast\aswWebRepIE.dll
    O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programas\Ficheiros comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [DeathAdder] C:\Programas\Razer\DeathAdder\razerhid.exe
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programas\Logitech\Logitech WebCam Software\LWS.exe" /hide
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programas\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [avast] "C:\Programas\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Programas\Ficheiros comuns\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Programas\Ficheiros comuns\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [StartCCC] "C:\Programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Programas\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Programas\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Programas\Ficheiros comuns\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Aim] "C:\Programas\AIM\aim.exe" /d locale=en-US
    O4 - HKCU\..\Run: [Pando Media Booster] C:\Programas\Pando Networks\Media Booster\PMB.exe
    O4 - HKCU\..\Run: [ManyCam] "C:\Programas\ManyCam\Bin\ManyCam.exe" /silent
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Programas\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: SMCWUSB-G 802.11g Wireless USB Utility.lnk = C:\Programas\SMC\SMCWUSB-G 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe
    O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Programas\MP3 Player Utilities 4.00\AMVConverter\grab.html
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Programas\MP3 Player Utilities 4.00\MediaManager\grab.html
    O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O15 - Trusted IP range: http://192.168.1.1
    O15 - ESC Trusted IP range: http://192.168.1.1
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
    O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} (Battlefield Play4Free Updater) - https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.53.2.cab
    O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.21.0.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Programas\SUPERAntiSpyware\SASWINLO.DLL
    O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Daemon da cache de categorias dos componentes - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Programas\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Programas\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programas\Ficheiros comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Serviço Google Update (gupdate1c9bb5b76927ea0) (gupdate1c9bb5b76927ea0) - Google Inc. - C:\Programas\Google\Update\GoogleUpdate.exe
    O23 - Service: Serviço Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programas\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Programas\LogMeIn Hamachi\hamachi-2.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Programas\Java\jre7\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programas\Ficheiros comuns\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programas\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Programas\Ficheiros comuns\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
    O23 - Service: WTouch Service (WTouchService) - Wacom Technology, Corp. - C:\Programas\WTouch\WTouchService.exe

    --
    End of file - 11558 bytes
     
  12. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,834
    Delete any existing version of ComboFix you have sitting on your desktop
    Please read and follow all these instructions very carefully
    Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

    Download ComboFix from Here or Hereto your Desktop.
    As you download it rename it to username123.exe


    **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
    --------------------------------------------------------------------
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
    • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re enable the protection again after combofix has finished
    --------------------------------------------------------------------
    2. Close any open browsers and any other programs you might have running
    Double click on renamed combofix.exe & follow the prompts.​
    If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
    Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" for further review


    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

    Please tell us if it has cured the problems or if there are any outstanding issues
     
  13. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    63,629
    Avectius:

    Follow dvk01's instructions from here on. I can jump back in later.

    --------------------------------------------------------
     
  14. Avectius

    Avectius Thread Starter

    Joined:
    Nov 8, 2008
    Messages:
    222
    Here is the log from combo fix:



    ComboFix 11-10-06.03 - John The God 06-10-2011 23:48:31.5.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.351.2070.18.2047.1202 [GMT 1:00]
    Executando de: c:\documents and settings\John The God\Ambiente de trabalho\username123.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: COMODO Firewall Pro *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
    .
    .
    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\John The God\Modelos\Pain_Logger_PrivateEdition_Ftp_Log 1 On JOHNTHEGOD 's ComputerAt13-02-2011---22-01-04.txt
    c:\documents and settings\John The God\Modelos\Pain_Logger_PrivateEdition_Ftp_Log 1 On JOHNTHEGOD 's ComputerAt15-02-2011---12-45-34.txt
    C:\install.exe
    c:\windows\bwUnin-8.1.1.50-8876480SL.exe
    c:\windows\system32\Dump
    c:\windows\system32\Dump\MiniDump.dmp
    c:\windows\TEMP\logishrd\LVPrcInj01.dll
    .
    .
    (((((((((((((((( Arquivos/Ficheiros criados de 2011-09-06 to 2011-10-06 ))))))))))))))))))))))))))))
    .
    .
    2011-10-06 00:40 . 2011-10-06 00:40 -------- d-----w- c:\documents and settings\John The God\Application Data\SUPERAntiSpyware.com
    2011-10-06 00:40 . 2011-10-06 00:40 -------- d-----w- c:\programas\SUPERAntiSpyware
    2011-10-06 00:40 . 2011-10-06 00:40 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2011-10-06 00:33 . 2011-10-06 00:33 -------- d-----w- c:\programas\Malwarebytes' Anti-Malware
    2011-10-06 00:33 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-10-05 22:34 . 2011-10-05 22:34 388096 ----a-r- c:\documents and settings\John The God\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-09-13 21:58 . 2011-09-13 21:58 -------- d-----w- c:\documents and settings\All Users\Application Data\YouTube Downloader
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-09-09 09:12 . 2004-08-04 12:00 603136 ----a-w- c:\windows\system32\crypt32.dll
    2011-07-15 13:29 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-02-09 16:52 . 2011-02-09 16:52 40445 ----a-w- c:\programas\uninstall.exe
    2010-09-11 21:30 . 2010-09-11 21:02 1673739382 ----a-w- c:\programas\Dragonica_Setup.exe
    2010-06-15 01:54 . 2010-06-15 01:54 153008 ----a-w- c:\programas\fraps64.dll
    2010-06-15 01:54 . 2010-06-15 01:54 206768 ----a-w- c:\programas\fraps32.dll
    2010-06-15 01:54 . 2010-06-15 01:54 74672 ----a-w- c:\programas\fraps64.dat
    2010-06-15 01:54 . 2010-06-15 01:54 2320304 ----a-w- c:\programas\fraps.exe
    2010-06-15 01:46 . 2010-06-15 01:46 163840 ----a-w- c:\programas\frapslcd.dll
    .
    .
    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* entradas vazias e legítimas por padrão não são apresentadas.
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-02-23 15:04 122512 ----a-w- c:\programas\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
    @="{C5994560-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 08:55 87304 ----a-w- c:\programas\Ficheiros comuns\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
    @="{C5994561-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 08:55 87304 ----a-w- c:\programas\Ficheiros comuns\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
    @="{C5994562-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 08:55 87304 ----a-w- c:\programas\Ficheiros comuns\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
    @="{C5994563-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 08:55 87304 ----a-w- c:\programas\Ficheiros comuns\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
    @="{C5994564-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 08:55 87304 ----a-w- c:\programas\Ficheiros comuns\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
    @="{C5994565-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 08:55 87304 ----a-w- c:\programas\Ficheiros comuns\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
    @="{C5994566-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 08:55 87304 ----a-w- c:\programas\Ficheiros comuns\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
    @="{C5994567-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 08:55 87304 ----a-w- c:\programas\Ficheiros comuns\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
    @="{C5994568-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 08:55 87304 ----a-w- c:\programas\Ficheiros comuns\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\programas\Ficheiros comuns\LightScribe\LightScribeControlPanel.exe" [2008-08-22 2363392]
    "msnmsgr"="c:\programas\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
    "Aim"="c:\programas\AIM\aim.exe" [2010-09-16 4425048]
    "Pando Media Booster"="c:\programas\Pando Networks\Media Booster\PMB.exe" [2010-09-11 2969496]
    "ManyCam"="c:\programas\ManyCam\Bin\ManyCam.exe" [2010-12-21 1739848]
    "Skype"="c:\programas\Skype\Phone\Skype.exe" [2011-01-26 15026056]
    "SUPERAntiSpyware"="c:\programas\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-09-14 4611456]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AdobeCS4ServiceManager"="c:\programas\Ficheiros comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
    "DeathAdder"="c:\programas\Razer\DeathAdder\razerhid.exe" [2007-09-07 159744]
    "LogitechQuickCamRibbon"="c:\programas\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
    "PWRISOVM.EXE"="c:\programas\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
    "avast"="c:\programas\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
    "AdobeAAMUpdater-1.0"="c:\programas\Ficheiros comuns\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-04-18 500208]
    "AdobeCS5ServiceManager"="c:\programas\Ficheiros comuns\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
    "StartCCC"="c:\programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-19 98304]
    "LogMeIn Hamachi Ui"="c:\programas\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-04 1955208]
    "Malwarebytes' Anti-Malware"="c:\programas\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
    .
    c:\documents and settings\All Users\Menu Iniciar\Programas\Arranque\
    SMCWUSB-G 802.11g Wireless USB Utility.lnk - c:\programas\SMC\SMCWUSB-G 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe [2006-1-18 442368]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programas\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- c:\programas\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^John The God^Menu Iniciar^Programas^Arranque^Xfire.lnk]
    path=c:\documents and settings\John The God\Menu Iniciar\Programas\Arranque\Xfire.lnk
    backup=c:\windows\pss\Xfire.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
    2011-03-17 14:54 1204640 ----a-w- c:\programas\GameSpy\Comrade\Comrade.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2010-04-12 22:46 1135912 ----a-w- c:\programas\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EADM]
    2011-04-03 06:10 11857920 ----a-w- c:\programas\Electronic Arts\EADM\EADMUI.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Updater]
    2011-09-30 00:16 161336 ----a-w- c:\programas\Google\Google Updater\GoogleUpdater.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
    2009-10-27 17:18 1103216 ----a-w- c:\programas\Download Manager\DLM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
    2011-03-30 01:15 44032 ----a-w- c:\windows\ime\imkr6_1\imekrmig.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
    2004-08-04 12:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
    2004-08-04 12:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
    2004-08-04 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
    2004-08-04 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    2011-09-22 02:35 1242448 ----a-w- c:\programas\Steam\steam.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2011-05-04 12:59 252136 ----a-w- c:\programas\Ficheiros comuns\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2009-04-12 10:42 39408 ----a-w- c:\programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
    2010-02-19 12:37 517096 ----a-w- c:\programas\Ficheiros comuns\Adobe\SwitchBoard\SwitchBoard.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Programas\\UrbanTerror\\ioUrbanTerror.exe"=
    "c:\\Programas\\Messenger\\msmsgs.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "c:\\Programas\\Xfire\\Xfire.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
    "c:\\Programas\\Steam\\SteamApps\\xlr8r_3\\source sdk base\\hl2.exe"=
    "c:\\Programas\\Ficheiros comuns\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
    "c:\\Programas\\Steam\\Steam.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\NexonEU\\NGM\\NGM.exe"=
    "c:\\Programas\\BitTorrent\\bittorrent.exe"=
    "c:\\Programas\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Programas\\TeamViewer\\Version5\\TeamViewer.exe"=
    "c:\\WINDOWS\\system32\\java.exe"=
    "c:\\Programas\\AIM\\aim.exe"=
    "c:\\Programas\\Pando Networks\\Media Booster\\PMB.exe"=
    "c:\\Programas\\UrbanTerror\\ioUrTded.exe"=
    "c:\\Programas\\Autodesk\\Backburner\\monitor.exe"=
    "c:\\Programas\\Autodesk\\Backburner\\manager.exe"=
    "c:\\Programas\\Autodesk\\Backburner\\server.exe"=
    "c:\\Programas\\Activision\\Modern Warfare 2\\iw4mp.dat"=
    "c:\\Programas\\Activision\\Modern Warfare 2\\iw4sp.exe"=
    "c:\\Programas\\Google\\Google Earth\\client\\googleearth.exe"=
    "c:\\Programas\\Quake III Arena\\quake3.exe"=
    "c:\\Documents and Settings\\John The God\\Os meus documentos\\Downloads\\Borderlands 1.3.0\\borderlands\\Binaries\\Borderlands.exe"=
    "c:\\Documents and Settings\\John The God\\Games\\Unreal Tournament 3\\Binaries\\UT3.exe"=
    "c:\\Documents and Settings\\John The God\\Games\\Unreal Tournament 3\\Binaries\\UnrealFrontend.exe"=
    "c:\\Documents and Settings\\John The God\\Games\\Unreal Tournament 3\\Binaries\\UnrealConsole.exe"=
    "c:\\Programas\\Electronic Arts\\Mirror's Edge™\\Binaries\\MirrorsEdge.exe"=
    "c:\\Programas\\Logitech\\Vid HD\\Vid.exe"=
    "c:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Programas\\Steam\\steamapps\\xlr8r_3\\zombie panic! source\\hl2.exe"=
    "c:\\Programas\\Ventrilo\\Ventrilo.exe"=
    "c:\\Programas\\Skype\\Phone\\Skype.exe"=
    "c:\\Programas\\Steam\\steamapps\\xlr8r_3\\counter-strike source\\hl2.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
    "5353:TCP"= 5353:TCP:Adobe CSI CS4
    "58308:TCP"= 58308:TCP:pando Media Booster
    "58308:UDP"= 58308:UDP:pando Media Booster
    "1150:TCP"= 1150:TCP:Akamai NetSession Interface
    "5000:UDP"= 5000:UDP:Akamai NetSession Interface
    .
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12-10-2010 16:33 697328]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [16-03-2011 13:51 371544]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [16-03-2011 13:51 301528]
    R1 SASDIFSV;SASDIFSV;c:\programas\SUPERAntiSpyware\sasdifsv.sys [22-07-2011 17:27 12880]
    R1 SASKUTIL;SASKUTIL;c:\programas\SUPERAntiSpyware\SASKUTIL.SYS [12-07-2011 22:55 67664]
    R2 !SASCORE;SAS Core Service;c:\programas\SUPERAntiSpyware\SASCore.exe [12-08-2011 0:38 116608]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16-03-2011 13:51 19544]
    R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [02-03-2011 15:31 21992]
    R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\programas\LogMeIn Hamachi\hamachi-2.exe [04-08-2011 14:34 1361288]
    R2 MBAMService;MBAMService;c:\programas\Malwarebytes' Anti-Malware\mbamservice.exe [06-10-2011 1:33 366152]
    R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [21-03-2010 20:32 4408616]
    R2 WTouchService;WTouch Service;c:\programas\WTouch\WTouchService.exe [21-03-2010 20:34 112936]
    R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [05-12-2009 20:53 22784]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [06-10-2011 1:33 22216]
    R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [14-05-2010 22:58 17792]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-03-2010 14:16 130384]
    S2 gupdate1c9bb5b76927ea0;Serviço Google Update (gupdate1c9bb5b76927ea0);c:\programas\Google\Update\GoogleUpdate.exe [12-04-2009 11:43 133104]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [06-03-2011 21:26 1691480]
    S3 gupdatem;Serviço Google Update (gupdatem);c:\programas\Google\Update\GoogleUpdate.exe [12-04-2009 11:43 133104]
    S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [22-11-2008 13:53 34384]
    S3 SMCWGU(SMC);SMCWUSB-G 802.11g Wireless USB 2.0 Adapter(SMC);c:\windows\system32\drivers\SMCWGU.sys [09-09-2008 18:48 408064]
    S3 SwitchBoard;Adobe SwitchBoard;c:\programas\Ficheiros comuns\Adobe\SwitchBoard\SwitchBoard.exe [19-02-2010 13:37 517096]
    S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [27-06-2010 19:27 15656]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-03-2010 14:16 753504]
    S3 XDva273;XDva273;\??\c:\windows\system32\XDva273.sys --> c:\windows\system32\XDva273.sys [?]
    S3 XDva280;XDva280;\??\c:\windows\system32\XDva280.sys --> c:\windows\system32\XDva280.sys [?]
    S3 XDva281;XDva281;\??\c:\windows\system32\XDva281.sys --> c:\windows\system32\XDva281.sys [?]
    S3 XDva344;XDva344;\??\c:\windows\system32\XDva344.sys --> c:\windows\system32\XDva344.sys [?]
    S3 XDva365;XDva365;\??\c:\windows\system32\XDva365.sys --> c:\windows\system32\XDva365.sys [?]
    S3 XDva375;XDva375;\??\c:\windows\system32\XDva375.sys --> c:\windows\system32\XDva375.sys [?]
    S3 XDva385;XDva385;\??\c:\windows\system32\XDva385.sys --> c:\windows\system32\XDva385.sys [?]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2008-08-22 13:11 451872 ----a-w- c:\programas\Ficheiros comuns\LightScribe\LSRunOnce.exe
    .
    Conteúdo da pasta 'Tarefas Agendadas'
    .
    2011-10-06 c:\windows\Tasks\AdobeAAMUpdater-1.0-JOHNTHEGOD-John The God.job
    - c:\programas\Ficheiros comuns\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-04-18 04:52]
    .
    2011-10-03 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
    .
    2011-10-02 c:\windows\Tasks\Driver Robot.job
    - c:\programas\Driver Robot\Driver Robot.lnk [2010-08-14 22:31]
    .
    2011-10-06 c:\windows\Tasks\Google Software Updater.job
    - c:\programas\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-12 00:16]
    .
    2011-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\programas\Google\Update\GoogleUpdate.exe [2009-04-12 10:42]
    .
    2011-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\programas\Google\Update\GoogleUpdate.exe [2009-04-12 10:42]
    .
    2011-10-07 c:\windows\Tasks\User_Feed_Synchronization-{F643B1D3-7673-4BA8-9315-4D762C2E60F8}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 18:36]
    .
    2010-10-13 c:\windows\Tasks\WGASetup.job
    - c:\windows\system32\KB905474\wgasetup.exe [2009-05-03 21:18]
    .
    .
    ------- Scan Suplementar -------
    .
    uStart Page = hxxp://www.google.pt/
    uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    uInternet Settings,ProxyServer = http=
    IE: Add to AMV Convert Tool... - c:\programas\MP3 Player Utilities 4.00\AMVConverter\grab.html
    IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: MediaManager tool grab multimedia file - c:\programas\MP3 Player Utilities 4.00\MediaManager\grab.html
    Trusted Zone: internet
    TCP: DhcpNameServer = 212.113.164.6 212.113.164.5
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\programas\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    FF - ProfilePath - c:\documents and settings\John The God\Application Data\Mozilla\Firefox\Profiles\q6j0rgrq.default\
    FF - prefs.js: browser.search.defaulturl -
    FF - prefs.js: browser.search.selectedEngine -
    FF - prefs.js: browser.startup.homepage - hxxp://www.crawler.com/?tbid=66019
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
    .
    - - - - ORFÃOS REMOVIDOS - - - -
    .
    WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
    HKCU-Run-AdobeBridge - (no file)
    MSConfigStartUp-DAEMON Tools Pro Agent - c:\programas\DAEMON Tools Pro\DTAgent.exe
    MSConfigStartUp-pRSWuweqyJ - c:\documents and settings\John The God\Definições locais\Temp\\Minecraftslide.exe
    MSConfigStartUp-QuickTime Task - c:\programas\QuickTime\qttask.exe
    MSConfigStartUp-ZvJXEVIMlZXRjgDZxEzLOdyzKTOrHauNIwdlmkpaUbFSRhlofF - c:\documents and settings\John The God\Modelos\CallOfDutyBlackOpss.exe
    AddRemove-AV Voice Changer Software DIAMOND 6.0 - c:\progra~1\AVVCS6~1.0D~\UNWISE.EXE
    AddRemove-Burn4Free CD & DVD_is1 - c:\programas\Burn4Free\unins000.exe
    AddRemove-Dream Of Mirror Online - c:\aeriagames\DOMO\Uninst.exe
    AddRemove-Half-Life - c:\programas\Dark Ares\Half-Life\Uninstall.exe
    AddRemove-PunkBusterSvc - c:\programas\EA Games\Battlefield Play4Free\pbsvc_p4f.exe
    AddRemove-Wacom WebTabletPlugin for Netscape - c:\programas\TabletPlugins\npUninstall.exe
    AddRemove-Wolfenstein - Enemy Territory - c:\progra~1\WOLFEN~1\Uninstall\Unwise.exe
    AddRemove-{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1 - c:\programas\VSO\Image Resizer\unins000.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-10-07 00:52
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    Procurando processos ocultos ...
    .
    Procurando entradas auto inicializáveis ocultas ...
    .
    Procurando ficheiros/arquivos ocultos ...
    .
    Varredura completada com sucesso
    arquivos/ficheiros ocultos: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1708537768-1326574676-725345543-1003\Software\SecuROM\License information*]
    "datasecu"=hex:59,06,77,a3,64,42,02,01,7f,63,a3,71,6a,fd,70,33,10,72,12,22,e7,
    43,cb,ff,13,a5,b9,66,f1,bc,54,a5,d4,d4,8d,f2,54,70,1d,0d,7d,9f,7d,51,e5,26,\
    "rkeysecu"=hex:d6,62,4f,87,d6,36,9d,84,69,1c,4b,97,1c,80,eb,97
    .
    --------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
    .
    - - - - - - - > 'winlogon.exe'(904)
    c:\programas\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\atiadlxx.dll
    .
    - - - - - - - > 'explorer.exe'(1100)
    c:\windows\TEMP\logishrd\LVPrcInj01.dll
    c:\windows\system32\msi.dll
    c:\programas\Ficheiros comuns\TortoiseOverlays\TortoiseOverlays.dll
    c:\programas\TortoiseSVN\bin\TortoiseStub.dll
    c:\programas\TortoiseSVN\bin\TortoiseSVN.dll
    c:\programas\TortoiseSVN\bin\intl3_tsvn.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\programas\Ficheiros comuns\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
    .
    ------------------------ Outros Processos em Execução ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\programas\WTouch\WTouchUser.exe
    c:\windows\system32\Ati2evxx.exe
    c:\programas\AVAST Software\Avast\AvastSvc.exe
    c:\programas\Google\Update\1.3.21.71\GoogleCrashHandler.exe
    c:\programas\Ficheiros comuns\LightScribe\LSSrvc.exe
    c:\programas\Ficheiros comuns\LogiShrd\LVMVFM\LVPrcSrv.exe
    c:\programas\TortoiseSVN\bin\TSVNCache.exe
    c:\programas\Razer\DeathAdder\razertra.exe
    c:\programas\Razer\DeathAdder\razerofa.exe
    c:\programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    c:\programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    c:\programas\Skype\Plugin Manager\skypePM.exe
    .
    **************************************************************************
    .
    Tempo para conclusão: 2011-10-07 01:10:18 - Máquina reiniciou
    ComboFix-quarantined-files.txt 2011-10-07 00:10
    ComboFix2.txt 2010-05-10 17:33
    ComboFix3.txt 2008-12-28 14:27
    ComboFix4.txt 2008-12-27 23:26
    ComboFix5.txt 2011-10-06 22:43
    .
    Pré-execução: 39.956.455.424 bytes livres
    Pós execução: 78.548.180.992 bytes livres
    .
    - - End Of File - - C9681CF17E4EE960EBF10113F8845471
     
  15. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,834
    are you still gettinmg avast detecting anything & if so what

    At a quick glance it is very possible that you have soem pirated games etc on there & Avast etc is detecting trojans in them

    before we go any further

    Please run the MGA Diagnostic Tool and post back the report it creates:
    • Download MGADiag to your desktop.
    • Double-click on MGADiag.exe to launch the program
    • Click "Continue"
    • Ensure that the "Windows" tab is selected (it should be by default).
    • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
    • Paste the MGA Diagnostic Report back here in your next reply.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1020828