:services :OTL IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0816&m=aspire_5739g&r=27360113s116l03h3z106t4874v243 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmoods.com/?f=1&a=ironpub12&cd=2XzuyEtN2Y1L1QzutDtDtByCzy0EtCtC0C0EyCtAtB0FyD0EtN0D0Tzu0CtAzytDtN1L2XzutBtFtBtFtCtFyEyCyCtN1L1Czu1L1C1F1G1E2Y1StCtB&cr=1609127370&ir= IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=ironpub12&cd=2XzuyEtN2Y1L1QzutDtDtByCzy0EtCtC0C0EyCtAtB0FyD0EtN0D0Tzu0CtAzytDtN1L2XzutBtFtBtFtCtFyEyCyCtN1L1Czu1L1C1F1G1E2Y1StCtB&cr=1609127370&ir= IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0816&m=aspire_5739g&r=27360113s116l03h3z106t4874v243 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmoods.com/?f=1&a=ironpub12&cd=2XzuyEtN2Y1L1QzutDtDtByCzy0EtCtC0C0EyCtAtB0FyD0EtN0D0Tzu0CtAzytDtN1L2XzutBtFtBtFtCtFyEyCyCtN1L1Czu1L1C1F1G1E2Y1StCtB&cr=1609127370&ir= IE - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=ironpub12&cd=2XzuyEtN2Y1L1QzutDtDtByCzy0EtCtC0C0EyCtAtB0FyD0EtN0D0Tzu0CtAzytDtN1L2XzutBtFtBtFtCtFyEyCyCtN1L1Czu1L1C1F1G1E2Y1StCtB&cr=1609127370&ir= IE - HKU\.DEFAULT\..\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649}: "URL" = http://www.basicscan.com/?prt=BASICSCAN115&keywords={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649}: "URL" = http://www.basicscan.com/?prt=BASICSCAN115&keywords={searchTerms} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4271489008-2781956344-773273156-1001\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://search.babylon.com/?affID=110825&babsrc=HP_ss&mntrId=cadc2f5e000000000000001e6588387c IE - HKU\S-1-5-21-4271489008-2781956344-773273156-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0816&m=aspire_5739g&r=27360113s116l03h3z106t4874v243 IE - HKU\S-1-5-21-4271489008-2781956344-773273156-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-search.com/?affID=119556&babsrc=HP_ss&mntrId=cadc2f5e0000000000000c6076fa9804 IE - HKU\S-1-5-21-4271489008-2781956344-773273156-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-search.com/?q={searchTerms}&affID=119556&babsrc=SP_ss&mntrId=cadc2f5e0000000000000c6076fa9804 IE - HKU\S-1-5-21-4271489008-2781956344-773273156-1001\..\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649}: "URL" = http://www.basicscan.com/?prt=BscscnPB&keywords={searchTerms} IE - HKU\S-1-5-21-4271489008-2781956344-773273156-1001\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=pcmega1&ir=pcmega1&cd=2XzuyEtN2Y1L1QzutDtDtByCzy0EtCtC0C0EyCtAtB0FyD0EtN0D0Tzu0CtAzytDtN1L2XzutBtFtBtFtCtFyEtDyB&cr=262062202 FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Letícia\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) CHR - homepage: http://www.delta-search.com/?affID=119556&babsrc=HP_ss&mntrId=cadc2f5e0000000000000c6076fa9804 CHR - homepage: http://www.delta-search.com/?affID=119556&babsrc=HP_ss&mntrId=cadc2f5e0000000000000c6076fa9804 CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: BrowserProtect (Enabled) = C:\Users\Let\u00EDcia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll CHR - plugin: Babylon ToolBar (Enabled) = C:\Users\Let\u00EDcia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.9_0\BabylonChromeToolBar.dll O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.7.2\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.7.2\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-4271489008-2781956344-773273156-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-4271489008-2781956344-773273156-1001\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [tuto4pc_pt_6] File not found O4 - HKU\S-1-5-21-4271489008-2781956344-773273156-1001..\Run: [Facebook Update] C:\Users\Letícia\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) [2013-01-25 14:25:23 | 000,000,000 | ---D | C] -- C:\Users\Letícia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:E1F04E8D @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:4D066AD2 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:1D32EC29 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:E3C56885 :Reg :Files C:\Program Files (x86)\SweetIM C:\Program Files (x86)\Windows Service C:\Users\Letícia\AppData\Local\Facebook C:\ProgramData\BrowserProtect C:\Program Files (x86)\Delta C:\Users\Letícia\AppData\Roaming\Delta C:\Users\Letícia\AppData\Roaming\BabSolution C:\Program Files (x86)\BabylonToolbar C:\Users\Letícia\AppData\Roaming\Babylon C:\Program Files (x86)\sweetpacks bundle uninstaller C:\Users\Letícia\AppData\Local\RavenBleuSA C:\Users\Letícia\Funmoods C:\ProgramData\FullRemove.exe C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4271489008-2781956344-773273156-1001UA.job C:\Windows\SysWow64\drivers\rlketnj.sys C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4271489008-2781956344-773273156-1001Core.job C:\Windows\tasks\cfdcall.bin ipconfig /flushdns /c :Commands [purity] [resethosts] [CreateRestorePoint] [emptytemp] [EMPTYFLASH]