:OTL IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=HitachiXHTS547550A9E384_J2150050E9YD7DE9YD7DX&ts=1373138696 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=HitachiXHTS547550A9E384_J2150050E9YD7DE9YD7DX&ts=1373138696 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.portaldosites.com/web/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=HitachiXHTS547550A9E384_J2150050E9YD7DE9YD7DX&ts=3604549 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=HitachiXHTS547550A9E384_J2150050E9YD7DE9YD7DX&ts=1373138696 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=HitachiXHTS547550A9E384_J2150050E9YD7DE9YD7DX&ts=1373138696 IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.portaldosites.com/web/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=HitachiXHTS547550A9E384_J2150050E9YD7DE9YD7DX&ts=3604549 IE - HKU\S-1-5-21-580441236-439076865-2119370448-1001\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://br.hao123.com/?tn=bbl_pay_hp_01_hao123_br&babsrc=HP_ss&mntrId=c46067e00000000000008a1132b45967 IE - HKU\S-1-5-21-580441236-439076865-2119370448-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=HitachiXHTS547550A9E384_J2150050E9YD7DE9YD7DX&ts=1373138696 IE - HKU\S-1-5-21-580441236-439076865-2119370448-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=HitachiXHTS547550A9E384_J2150050E9YD7DE9YD7DX&ts=1373138696 IE - HKU\S-1-5-21-580441236-439076865-2119370448-1001\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-580441236-439076865-2119370448-1001\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86} IE - HKU\S-1-5-21-580441236-439076865-2119370448-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-580441236-439076865-2119370448-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-search.com/?q={searchTerms}&affID=119352&babsrc=SP_ss&mntrId=c46067e00000000000008a1132b45967 IE - HKU\S-1-5-21-580441236-439076865-2119370448-1001\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.portaldosites.com/web/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=HitachiXHTS547550A9E384_J2150050E9YD7DE9YD7DX&ts=3604549 FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\IANE\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found. O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam) O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Lyrics Bot) - {FFB4EE06-DF84-4AC9-8682-237847AB69BD} - C:\Program Files (x86)\LyricsBot\116.dll (APDMT LTD) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [tuto4pc_br_36] C:\Program Files (x86)\tuto4pc_br_36\tuto4pc_br_36.exe () O4 - HKU\S-1-5-21-580441236-439076865-2119370448-1001..\Run: [Desk 365] C:\Program Files (x86)\Desk 365\desk365.exe (337 Technology Limited.) O4 - HKU\S-1-5-21-580441236-439076865-2119370448-1001..\Run: [Facebook Update] C:\Users\IANE\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-580441236-439076865-2119370448-1001..\Run: [WebCake Desktop] C:\Users\IANE\AppData\Roaming\WebCake\WebCakeDesktop.exe (WebCake LLC) O4 - HKLM..\RunOnce: [upt4pc_br_36.exe] C:\Users\IANE\AppData\Local\tuto4pc_br_36\upt4pc_br_36.exe () O33 - MountPoints2\{13ede0c8-8e01-11e2-b120-e81132b45968}\Shell - "" = AutoRun O33 - MountPoints2\{13ede0c8-8e01-11e2-b120-e81132b45968}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{52fa60c9-6fe1-11e2-b7e4-e81132b45968}\Shell - "" = AutoRun O33 - MountPoints2\{52fa60c9-6fe1-11e2-b7e4-e81132b45968}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{52fa60e9-6fe1-11e2-b7e4-e81132b45968}\Shell - "" = AutoRun O33 - MountPoints2\{52fa60e9-6fe1-11e2-b7e4-e81132b45968}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{52fa60ed-6fe1-11e2-b7e4-e81132b45968}\Shell - "" = AutoRun O33 - MountPoints2\{52fa60ed-6fe1-11e2-b7e4-e81132b45968}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{e40a870d-5f9b-11e2-be9c-e81132b45968}\Shell - "" = AutoRun O33 - MountPoints2\{e40a870d-5f9b-11e2-be9c-e81132b45968}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{e40a8712-5f9b-11e2-be9c-e81132b45968}\Shell - "" = AutoRun O33 - MountPoints2\{e40a8712-5f9b-11e2-be9c-e81132b45968}\Shell\AutoRun\command - "" = F:\AutoRun.exe [2013/07/06 16:25:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desk 365 [2013/07/06 16:25:19 | 000,000,000 | ---D | C] -- C:\Users\IANE\AppData\Roaming\Desk 365 [2013/07/06 16:25:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Desk 365 [2013/07/06 16:23:18 | 000,000,000 | ---D | C] -- C:\Users\IANE\AppData\Roaming\eIntaller [2013/06/29 16:46:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\sweetpacks bundle uninstaller [2013/06/21 04:26:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LyricsOn [2013/06/20 22:45:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Baidu Security [2013/06/20 22:44:11 | 000,000,000 | ---D | C] -- C:\Users\IANE\AppData\Roaming\Baidu [2013/06/20 22:44:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Baidu [2013/06/20 22:43:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Baidu Security [2013/06/20 22:37:04 | 000,000,000 | ---D | C] -- C:\Users\IANE\AppData\Local\eorezo [2013/06/20 22:37:03 | 000,000,000 | ---D | C] -- C:\Users\IANE\AppData\Local\tuto4pc_br_36 [2013/06/20 22:37:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\tuto4pc_br_36 [2013/06/20 22:37:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TUTO4PC [2013/02/27 03:32:46 | 000,000,000 | ---D | M] -- C:\Users\IANE\AppData\Roaming\BabSolution [2012/10/13 22:53:46 | 000,000,000 | ---D | M] -- C:\Users\IANE\AppData\Roaming\GetRightToGo :Files C:\Program Files (x86)\Desk 365 C:\Users\IANE\AppData\Local\tuto4pc_br_36 C:\Program Files (x86)\tuto4pc_br_36 C:\Users\IANE\AppData\Roaming\WebCake C:\Program Files (x86)\WebCake C:\Windows\SysWOW64\jmdp\stij.exe C:\Program Files (x86)\Uniblue C:\Program Files (x86)\Wajam C:\Windows\SysNative\dmwu.exe C:\Users\IANE\AppData\Local\Facebook C:\Program Files (x86)\LyricsBot C:\Program Files (x86)\Delta C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TUTO4PC C:\Users\IANE\AppData\Roaming\DSite :Services IBUpdaterService desksvc :Commands [Purity] [createrestorepoint] [emptytemp]