Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Persisting italic letters, Errno 10013 and UnicodeDecodeError


  • This topic is locked This topic is locked
16 replies to this topic

#1 jakalbrow

jakalbrow

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 08 April 2010 - 10:47 PM

Hello!
These problems have been around for a while now, and I wasn't really bothered until they prevented me to run some programs.
I can't remember exactly when they started, but the persistent italic letters were, or so I think, the first. Also the Times New Roman font vanished from Word.
I tried downloading a user-posted one. Seemed to work until I tried to open a previously saved file with it in. The font changes to something resembling Arial, but conserving the Times New Roman name.
Most of the letters in my browser (Chrome) are in italic too.
Previously, while trying to open a prompt-based program, it shut down instantly. So I opened the prompt and tried opening the same file. A UnicodeDecodeError triggered, but I don't remember the specifics of the error.
I tried changing the locale to japanese, and the same file reported an Errno 10013.
Eventually I bumped into BleepingComputer and tried following the preparation guide. When utilizing DeFogger to shut down Daemon Tools a reboot was asked, but windows didn't finish shutting down, forcing me to hard reset the computer. Before running DDS I made sure the emulated drive wasn't active.
I went as far as step 8, when gmer froze the screen.
I was still able to select the options on the gmer initial screen, so I maximized the browser to see the next steps. When I noticed it was frozen, I tried refreshing, resulting in a BSOD soon after video glitches (multicolored and short lines) at the top and bottom of the screen, followed by an automatic reinitialization of the system.
I tried using gmer again while following the instructions, but the same freezing ocurred. This time I tried to initialize the scan. The program stopped responding after finding three or four ocurrences, being shut down in sequence. I tried to refresh the browser page again, resulting in the same effect mentioned before.
It's also worth mentioning that sometimes my windows (vista) does not initialize, remaining at the progress bar. A hard reset usually allows it to be loaded "properly", if it's even possible to use this expression...
Also, shutting down windows sometimes doesn't complete, especially when installs or uninstalls require reboot.
Phew... That's about all I can think about for now. If I remember something else, I'll post it after receiving feedback.
The DDS log follows:


DDS (Ver_10-03-17.01) - NTFSx86
Run by DANIEL LUCCAS at 22:47:33,49 on 08/04/2010
Internet Explorer: 7.0.6001.18000
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\DANIEL LUCCAS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DANIEL LUCCAS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DANIEL LUCCAS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DANIEL LUCCAS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DANIEL LUCCAS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Explorer.exe
C:\Windows\system32\DllHost.exe
C:\Users\DANIEL LUCCAS\Documents\Downloads\dds.scr
C:\Windows\system32\conime.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.usc.br/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Auxiliar de Conexao do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: BS.Player ControlBar: {2c688203-7eb3-4327-9995-1cb417ba23f9} - c:\program files\bs.player controlbar\BSToolbar.dll
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {8C2E6E01-D1F6-4A94-B314-7C5DF4EE1853} - hxxp://cs.hangame.com/hangame_renew/mail/HGReport.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B9DD5FFF-776D-4E53-93D3-A4463E63AD86} - hxxp://cdn.hangame.com/hangame/messenger/hani/webmsg/HanWebMsg.cab
DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxps://members.hangame.com/common/HanSetup1020.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
TCP: {8C02182C-3035-4833-A0A8-7FADFD4B7FD0} = 200.204.0.10 200.204.0.138
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-4-3 11608]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-5-14 180224]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-4-3 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-4-3 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-2-5 56816]
R2 TimerStop;TimerStop;c:\windows\system32\TimerStop.sys [2008-6-10 4096]
S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [2009-4-8 131072]
S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2009-4-8 79104]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 usb2vcom;USB to Serial Bridge Controller;c:\windows\system32\drivers\usb2vcom.sys [2008-7-2 30368]
S4 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-26 25832]

=============== Created Last 30 ================

2010-04-09 01:36:28 176 ----a-w- c:\users\daniel luccas\defogger_reenable
2010-04-08 22:17:45 0 d-----w- c:\users\daniel luccas\.idlerc
2010-04-04 18:35:46 4194304 ----a-w- c:\users\daniel luccas\S806_27_03_2010.abs
2010-04-04 18:35:35 1213318 ----a-w- c:\users\daniel luccas\S806_27_03_2010.zip
2010-04-04 01:17:04 0 d-----w- c:\programdata\Avira
2010-04-04 01:17:04 0 d-----w- c:\program files\Avira
2010-04-03 19:24:41 0 d-----w- c:\program files\Microsoft SQL Server
2010-04-03 19:21:22 0 d-----w- c:\program files\common files\Merge Modules
2010-04-03 18:34:12 0 d-----w- C:\Python26
2010-04-03 16:58:47 0 d-----w- c:\program files\Assassin's Creed II
2010-04-02 13:25:44 0 d-----w- c:\program files\Exhort Network
2010-03-28 13:25:12 0 d-----w- c:\users\daniel~1\appdata\roaming\AnvSoft
2010-03-28 13:25:10 0 d-----w- c:\program files\AnvSoft
2010-03-20 00:52:08 2145280 ----a-w- c:\windows\system32\python26.dll
2010-03-13 23:23:47 0 d-----w- c:\users\daniel~1\appdata\roaming\Ubisoft
2010-03-11 21:40:56 0 d-----w- c:\programdata\Sun

==================== Find3M ====================

2010-04-09 00:16:27 703848 ----a-w- c:\windows\system32\prfh0416.dat
2010-04-09 00:16:27 147210 ----a-w- c:\windows\system32\prfc0416.dat
2010-04-03 18:08:21 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-24 13:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-01-22 01:33:06 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-12-19 22:51:35 51200 ----a-w- c:\windows\inf\infpub.dat
2009-12-19 22:51:34 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-12-19 22:51:32 86016 ----a-w- c:\windows\inf\infstor.dat
2008-12-01 15:37:52 174 --sha-w- c:\program files\desktop.ini
2008-12-01 15:29:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-06 01:22:38 37412 ----a-w- c:\windows\inf\perflib\0416\perfd.dat
2006-11-06 01:22:38 37412 ----a-w- c:\windows\inf\perflib\0416\perfc.dat
2006-11-06 01:22:38 318818 ----a-w- c:\windows\inf\perflib\0416\perfi.dat
2006-11-06 01:22:38 318818 ----a-w- c:\windows\inf\perflib\0416\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 22:49:01,81 ===============

BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,773 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:00 PM

Posted 12 April 2010 - 09:58 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 jakalbrow

jakalbrow
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 12 April 2010 - 02:55 PM

Hello again, and thanks for replying!
I completely understand the delay.
As for the issues I listed, all of them are persisting.
But there is something I overlooked in the first post.
I don't really know if this is due to any threat in my system, but I figured it would be best to point it too.
Whenever I turn on or off my modem and establish or lose my connection, there is a very intense slow down, which I don't remember occurring about a year ago.
The OTL and Extras logs, respectively:

OTL logfile created on: 12/04/2010 16:23:47 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\DANIEL LUCCAS\Desktop
Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 71,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 12,37 Gb Free Space | 5,31% Space Free | Partition Type: NTFS
Drive D: | 4,10 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DANIELLUCCAS-PC
Current User Name: DANIEL LUCCAS
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/12 16:21:13 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\DANIEL LUCCAS\Desktop\OTL.exe
PRC - [2010/03/28 00:13:16 | 000,530,416 | ---- | M] (Google Inc.) -- C:\Users\DANIEL LUCCAS\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/16 17:27:34 | 000,290,816 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/03/16 17:27:06 | 000,180,224 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/10/29 03:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/06/10 04:27:04 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2008/01/19 04:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe


========== Modules (SafeList) ==========

MOD - [2010/04/12 16:21:13 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\DANIEL LUCCAS\Desktop\OTL.exe
MOD - [2008/01/19 04:26:34 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/06 13:58:00 | 003,482,384 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009/11/09 10:20:24 | 000,371,712 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/11/09 10:20:24 | 000,371,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/07/26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [Disabled | Stopped] -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/03/16 17:27:06 | 000,180,224 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2008/01/19 04:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 04:33:43 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)


========== Driver Services (SafeList) ==========

DRV - [2010/02/06 09:57:52 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/12/10 19:27:17 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/12/10 19:27:16 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/12/10 19:02:40 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/09/30 11:31:46 | 000,103,440 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/05/11 09:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/03/16 18:33:54 | 004,361,216 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/10/17 05:50:00 | 000,131,072 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Mkd2kfNT.sys -- (Mkd2kfNt)
DRV - [2008/10/17 05:50:00 | 000,079,104 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Mkd2Nadr.sys -- (Mkd2Nadr)
DRV - [2007/11/14 15:53:10 | 000,014,864 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2007/10/11 22:40:14 | 000,010,632 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdide.sys -- (amdide)
DRV - [2006/12/22 23:44:42 | 000,004,096 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\TimerStop.sys -- (TimerStop)
DRV - [2006/11/02 06:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 06:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 06:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 06:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 06:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 06:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 06:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 06:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 06:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 06:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 06:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 06:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 06:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 06:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 06:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 06:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 06:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 06:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 06:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 06:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 06:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 06:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 06:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 06:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 06:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 06:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 06:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 06:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 06:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 06:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 06:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 06:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 06:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 06:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 06:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 05:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 05:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 05:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 05:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 05:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 05:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 04:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 04:30:56 | 000,194,048 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2006/11/02 04:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/07/24 15:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2006/07/16 22:53:20 | 000,030,368 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb2vcom.sys -- (usb2vcom)
DRV - [2006/07/01 23:12:36 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\Windows\System32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/08/30 16:59:00 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2005/08/30 16:58:56 | 000,008,304 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2005/08/30 16:57:18 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2004/08/13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/06/25 10:44:54 | 000,331,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd.sys -- (snpstd)
DRV - [2003/04/19 00:32:04 | 000,004,736 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tandpl.sys -- (tandpl)
DRV - [2003/03/02 17:44:26 | 000,007,552 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\enodpl.sys -- (enodpl)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3808641019-3835033643-4178199915-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.usc.br/
IE - HKU\S-1-5-21-3808641019-3835033643-4178199915-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3808641019-3835033643-4178199915-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/12/23 09:00:30 | 000,000,000 | ---D | M]

[2009/08/07 14:37:36 | 000,000,000 | ---D | M] -- C:\Users\DANIEL LUCCAS\AppData\Roaming\mozilla\Extensions
[2009/08/07 14:37:36 | 000,000,000 | ---D | M] -- C:\Users\DANIEL LUCCAS\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2010/04/03 14:32:15 | 000,000,985 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 static3.cdn.ubi.com
O1 - Hosts: 127.0.0.1 ubisoft-orbit.s3.amazonaws.com
O1 - Hosts: 127.0.0.1 onlineconfigservice.ubi.com
O1 - Hosts: 127.0.0.1 orbitservice.ubi.com
O1 - Hosts: 127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (BS.Player ControlBar) - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll ()
O3 - HKU\S-1-5-21-3808641019-3835033643-4178199915-1000\..\Toolbar\WebBrowser: (BS.Player ControlBar) - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKU\S-1-5-21-3808641019-3835033643-4178199915-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGam...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {8C2E6E01-D1F6-4A94-B314-7C5DF4EE1853} http://cs.hangame.com/hangame_renew/mail/HGReport.cab (SpecAnalyzer Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B9DD5FFF-776D-4E53-93D3-A4463E63AD86} http://cdn.hangame.com/hangame/messenger/h...g/HanWebMsg.cab (한게임접속프로그램)
O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} https://members.hangame.com/common/HanSetup1020.cab (HanSetupCtrl1010 Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\DANIEL LUCCAS\AppData\Roaming\Microsoft\Windows Photo Gallery\Papel de Parede da Galeria de Fotos do Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\DANIEL LUCCAS\AppData\Roaming\Microsoft\Windows Photo Gallery\Papel de Parede da Galeria de Fotos do Windows.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 18:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3ea0b12e-dc3c-11de-b7cb-a00631124b99}\Shell\AutoRun\command - "" = F:\folder.tmp\tmp.exe -- File not found
O33 - MountPoints2\{3ea0b12e-dc3c-11de-b7cb-a00631124b99}\Shell\explore\command - "" = F:\folder.tmp\tmp.exe -- File not found
O33 - MountPoints2\{3ea0b12e-dc3c-11de-b7cb-a00631124b99}\Shell\open\command - "" = F:\folder.tmp\tmp.exe -- File not found
O33 - MountPoints2\{3fe5a69c-8de4-11de-8a5a-cc1b273eb49c}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
O33 - MountPoints2\{3fe5a69c-8de4-11de-8a5a-cc1b273eb49c}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
O33 - MountPoints2\{d71ddc2e-a3a2-11dd-88b5-001e8c621a03}\Shell\AutoRun\command - "" = ReCYCleR\update.exe
O33 - MountPoints2\{d71ddc2e-a3a2-11dd-88b5-001e8c621a03}\Shell\OpEn\CoMmAnD - "" = ReCYCleR\update.exe
O33 - MountPoints2\{d71ddc37-a3a2-11dd-88b5-001e8c621a03}\Shell\AutoRun\command - "" = wx8o0bt1.com
O33 - MountPoints2\{d71ddc37-a3a2-11dd-88b5-001e8c621a03}\Shell\open\Command - "" = wx8o0bt1.com
O33 - MountPoints2\{dc2ce289-72b9-11dd-9c54-001e8c621a03}\Shell\AutoRun\command - "" = wscript.exe .\.vbs
O33 - MountPoints2\{dc2ce289-72b9-11dd-9c54-001e8c621a03}\Shell\open\command - "" = wscript.exe .\.vbs
O33 - MountPoints2\{e40bd8ba-e5d7-11de-94b9-fe665d595798}\Shell - "" = AutoRun
O33 - MountPoints2\{e40bd8ba-e5d7-11de-94b9-fe665d595798}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{eafaf07e-3fdd-11df-a9b9-aeedcc0f6031}\Shell\AutoRun\command - "" = ;aowdhaudhwaiodhaidhuaowudhdudaeaoednaodn
O33 - MountPoints2\{eafaf07e-3fdd-11df-a9b9-aeedcc0f6031}\Shell\explore\Command - "" = F:\$tmp$\Drive.exe -- File not found
O33 - MountPoints2\{eafaf07e-3fdd-11df-a9b9-aeedcc0f6031}\Shell\open\Command - "" = F:\$tmp$\Drive.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/12/01 12:30:09 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpReg: ares - hkey= - key= - C:\Program Files\Ares\Ares.exe File not found
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\DANIEL LUCCAS\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found
MsConfig - StartUpReg: Pando Media Booster - hkey= - key= - C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: snpstd - hkey= - key= - C:\Windows\vsnpstd.exe ()
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {23A20C3C-2ADD-4A80-AFB4-C146F8847D79} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {49C187D7-91E1-459E-9759-2925384BD397} - .NET Framework
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\Windows\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.XFR1 - C:\Windows\System32\xfcodec.dll ()
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)

========== Files/Folders - Created Within 30 Days ==========

[2010/04/12 16:21:13 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Users\DANIEL LUCCAS\Desktop\OTL.exe
[2010/04/11 02:53:06 | 000,000,000 | ---D | C] -- C:\Users\DANIEL LUCCAS\FlyffTest
[2010/04/08 19:17:45 | 000,000,000 | ---D | C] -- C:\Users\DANIEL LUCCAS\.idlerc
[2010/04/03 22:17:15 | 000,096,104 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/04/03 22:17:14 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010/04/03 22:17:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/04/03 22:17:04 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/04/03 16:24:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2010/04/03 16:23:55 | 000,000,000 | ---D | C] -- C:\Users\DANIEL LUCCAS\Documents\Visual Studio 2008
[2010/04/03 16:21:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Merge Modules
[2010/04/03 16:21:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2010/04/03 16:20:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2010/04/03 15:34:12 | 000,000,000 | ---D | C] -- C:\Python26
[2010/04/03 13:58:47 | 000,000,000 | ---D | C] -- C:\Program Files\Assassin's Creed II
[2010/04/02 10:25:44 | 000,000,000 | ---D | C] -- C:\Program Files\Exhort Network
[2010/03/28 10:25:26 | 000,000,000 | ---D | C] -- C:\Users\DANIEL LUCCAS\Documents\Any Video Converter
[2010/03/28 10:25:12 | 000,000,000 | ---D | C] -- C:\Users\DANIEL LUCCAS\AppData\Roaming\AnvSoft
[2010/03/28 10:25:10 | 000,000,000 | ---D | C] -- C:\Program Files\AnvSoft
[2010/03/19 21:52:08 | 002,145,280 | ---- | C] (Python Software Foundation) -- C:\Windows\System32\python26.dll
[2010/03/13 20:23:47 | 000,000,000 | ---D | C] -- C:\Users\DANIEL LUCCAS\AppData\Roaming\Ubisoft
[2010/03/13 20:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft
[2009/07/21 14:47:46 | 000,315,392 | ---- | C] ( ) -- C:\Windows\System32\sbcrreag.dll
[2009/06/14 09:05:24 | 001,654,869 | ---- | C] (Dynu Systems Inc.) -- C:\ProgramData\DynuEncrypt.dll
[2009/02/15 16:43:15 | 014,587,982 | ---- | C] ( ) -- C:\Users\DANIEL LUCCAS\klcodec462f.exe
[2004/05/25 16:21:08 | 000,036,864 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd.dll
[2004/02/16 12:59:50 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\csnpstd.dll
[7 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[6 C:\Windows\Fonts\*.tmp files -> C:\Windows\Fonts\*.tmp -> ]
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/12 16:21:58 | 006,815,744 | -HS- | M] () -- C:\Users\DANIEL LUCCAS\NTUSER.DAT
[2010/04/12 16:21:13 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\DANIEL LUCCAS\Desktop\OTL.exe
[2010/04/12 15:35:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3808641019-3835033643-4178199915-1000UA.job
[2010/04/12 15:28:53 | 000,004,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/12 15:28:53 | 000,004,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/12 11:35:57 | 001,638,110 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/12 11:35:57 | 000,703,848 | ---- | M] () -- C:\Windows\System32\prfh0416.dat
[2010/04/12 11:35:57 | 000,656,348 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/12 11:35:57 | 000,147,210 | ---- | M] () -- C:\Windows\System32\prfc0416.dat
[2010/04/12 11:35:57 | 000,125,152 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/12 11:28:58 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/12 11:28:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/12 10:41:26 | 000,524,288 | -HS- | M] () -- C:\Users\DANIEL LUCCAS\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms
[2010/04/12 10:41:26 | 000,065,536 | -HS- | M] () -- C:\Users\DANIEL LUCCAS\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf
[2010/04/12 08:35:01 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3808641019-3835033643-4178199915-1000Core.job
[2010/04/11 19:15:29 | 000,226,304 | ---- | M] () -- C:\Users\DANIEL LUCCAS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/11 03:48:53 | 002,110,167 | -H-- | M] () -- C:\Users\DANIEL LUCCAS\AppData\Local\IconCache.db
[2010/04/11 03:03:17 | 000,000,626 | ---- | M] () -- C:\Users\DANIEL LUCCAS\Desktop\V15.lnk
[2010/04/09 18:57:55 | 000,101,064 | ---- | M] () -- C:\Users\DANIEL LUCCAS\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/04/09 18:56:53 | 000,371,232 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/08 23:14:35 | 000,000,446 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/04/08 23:07:12 | 270,188,490 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/04/08 22:36:36 | 000,000,176 | ---- | M] () -- C:\Users\DANIEL LUCCAS\defogger_reenable
[2010/04/05 23:02:37 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/04/04 19:51:26 | 000,662,016 | ---- | M] () -- C:\Users\DANIEL LUCCAS\Desktop\Equilibriojardimjapones.pps
[2010/04/04 15:35:36 | 001,213,318 | ---- | M] () -- C:\Users\DANIEL LUCCAS\S806_27_03_2010.zip
[2010/04/03 22:17:52 | 000,001,820 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/04/03 16:29:42 | 000,001,637 | ---- | M] () -- C:\Users\DANIEL LUCCAS\Desktop\CCleaner.lnk
[2010/04/03 15:08:22 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/04/03 15:08:22 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/04/03 15:08:22 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/04/03 15:08:21 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2010/03/30 22:35:34 | 000,002,089 | ---- | M] () -- C:\Users\DANIEL LUCCAS\Desktop\Google Chrome.lnk
[2010/03/28 12:13:09 | 000,283,136 | ---- | M] () -- C:\Users\DANIEL LUCCAS\Desktop\Dinmica mutcho loka.MSWMM
[2010/03/28 10:25:17 | 000,000,922 | ---- | M] () -- C:\Users\DANIEL LUCCAS\Desktop\Any Video Converter.lnk
[2010/03/28 00:43:58 | 004,194,304 | ---- | M] () -- C:\Users\DANIEL LUCCAS\S806_27_03_2010.abs
[2010/03/26 16:54:36 | 000,091,648 | ---- | M] () -- C:\Users\DANIEL LUCCAS\Documents\Manual E71 Generico PT.doc
[2010/03/25 19:34:38 | 004,180,168 | ---- | M] () -- C:\Users\DANIEL LUCCAS\Documents\manual-vaic-mp9-t800.pdf
[2010/03/19 21:52:08 | 002,145,280 | ---- | M] (Python Software Foundation) -- C:\Windows\System32\python26.dll
[7 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/11 03:03:17 | 000,000,626 | ---- | C] () -- C:\Users\DANIEL LUCCAS\Desktop\V15.lnk
[2010/04/08 23:14:35 | 000,000,446 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/04/08 22:54:55 | 270,188,490 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/04/08 22:36:28 | 000,000,176 | ---- | C] () -- C:\Users\DANIEL LUCCAS\defogger_reenable
[2010/04/04 19:51:26 | 000,662,016 | ---- | C] () -- C:\Users\DANIEL LUCCAS\Desktop\Equilibriojardimjapones.pps
[2010/04/04 15:35:46 | 004,194,304 | ---- | C] () -- C:\Users\DANIEL LUCCAS\S806_27_03_2010.abs
[2010/04/04 15:35:35 | 001,213,318 | ---- | C] () -- C:\Users\DANIEL LUCCAS\S806_27_03_2010.zip
[2010/04/03 22:17:52 | 000,001,820 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/03/28 11:05:24 | 000,283,136 | ---- | C] () -- C:\Users\DANIEL LUCCAS\Desktop\Dinmica mutcho loka.MSWMM
[2010/03/28 10:25:17 | 000,000,922 | ---- | C] () -- C:\Users\DANIEL LUCCAS\Desktop\Any Video Converter.lnk
[2010/03/26 16:54:36 | 000,091,648 | ---- | C] () -- C:\Users\DANIEL LUCCAS\Documents\Manual E71 Generico PT.doc
[2010/03/25 19:34:38 | 004,180,168 | ---- | C] () -- C:\Users\DANIEL LUCCAS\Documents\manual-vaic-mp9-t800.pdf
[2010/02/15 10:36:42 | 000,007,552 | ---- | C] () -- C:\Windows\System32\drivers\enodpl.sys
[2010/02/15 10:36:42 | 000,004,736 | ---- | C] () -- C:\Windows\System32\drivers\tandpl.sys
[2010/01/22 17:19:34 | 000,000,101 | ---- | C] () -- C:\Users\DANIEL LUCCAS\AppData\Local\fusioncache.dat
[2010/01/21 22:33:06 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2009/11/06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/10/30 13:28:57 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2009/08/24 15:30:31 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009/08/24 15:30:30 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/05/08 17:08:28 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/05/08 17:08:27 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009/05/08 17:08:27 | 000,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/05/08 17:08:27 | 000,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/05/08 17:08:26 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009/05/08 17:08:25 | 000,084,480 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/04/28 20:48:04 | 000,059,904 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2008/12/06 18:04:37 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2008/12/06 17:59:34 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2008/12/01 12:02:25 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/08/25 13:23:42 | 000,035,458 | ---- | C] () -- C:\Users\DANIEL LUCCAS\teste.txt
[2008/08/08 15:40:08 | 000,022,328 | ---- | C] () -- C:\Users\DANIEL LUCCAS\AppData\Roaming\PnkBstrK.sys
[2008/07/04 17:01:09 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/07/04 16:53:00 | 000,056,320 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
[2008/07/02 07:51:18 | 000,036,864 | ---- | C] () -- C:\Windows\System32\CSDLGE1LIB.dll
[2008/07/02 07:48:09 | 000,030,368 | ---- | C] () -- C:\Windows\System32\drivers\usb2vcom.sys
[2008/06/17 14:21:15 | 000,000,060 | ---- | C] () -- C:\Windows\game.ini
[2008/06/10 21:55:55 | 000,226,304 | ---- | C] () -- C:\Users\DANIEL LUCCAS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/10 16:52:07 | 000,004,096 | ---- | C] () -- C:\Windows\System32\TimerStop.sys
[2008/06/10 15:38:19 | 000,005,824 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2008/06/10 15:03:43 | 000,001,356 | ---- | C] () -- C:\Users\DANIEL LUCCAS\AppData\Local\d3d9caps.dat
[2008/06/10 15:03:42 | 006,815,744 | -HS- | C] () -- C:\Users\DANIEL LUCCAS\NTUSER.DAT
[2008/06/10 15:03:42 | 000,524,288 | -HS- | C] () -- C:\Users\DANIEL LUCCAS\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms
[2008/06/10 15:03:42 | 000,524,288 | -HS- | C] () -- C:\Users\DANIEL LUCCAS\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms
[2008/06/10 15:03:42 | 000,262,144 | -H-- | C] () -- C:\Users\DANIEL LUCCAS\ntuser.dat.LOG1
[2008/06/10 15:03:42 | 000,065,536 | -HS- | C] () -- C:\Users\DANIEL LUCCAS\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf
[2008/06/10 15:03:42 | 000,000,020 | -HS- | C] () -- C:\Users\DANIEL LUCCAS\ntuser.ini
[2008/06/10 15:03:42 | 000,000,000 | -H-- | C] () -- C:\Users\DANIEL LUCCAS\ntuser.dat.LOG2
[2007/12/21 00:02:18 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 09:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/08/09 19:13:31 | 000,831,488 | ---- | C] () -- C:\Windows\System32\libeay32.dll
[2005/08/09 19:13:31 | 000,159,744 | ---- | C] () -- C:\Windows\System32\ssleay32.dll
[2004/08/13 09:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2004/06/25 10:44:54 | 000,331,008 | ---- | C] () -- C:\Windows\System32\drivers\snpstd.sys
[2004/05/06 10:22:02 | 000,053,248 | ---- | C] () -- C:\Windows\System32\dsnpstd.dll
[2003/01/17 16:34:40 | 000,015,541 | ---- | C] () -- C:\Windows\snpstd.ini

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/16 17:28:00 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll
[2008/01/19 04:38:03 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008/01/19 04:36:10 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
[7 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2008/01/19 04:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 04:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 04:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 06:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 06:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: AHCIX86S.SYS >
[2008/01/16 21:27:56 | 000,174,600 | ---- | M] (AMD Technologies Inc.) MD5=8DC09F3B54DDCAEB52E0DCFA1D55B26A -- C:\ATI\SUPPORT\8-5_vista32_dd_ccc_wdm_enu_63036\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys
[2007/04/16 19:16:34 | 000,119,296 | ---- | M] (ATI Technologies Inc.) MD5=A5AC7B705166BF7CD07BB054BEEA8D03 -- C:\ATI\SUPPORT\8-10_vista32_dd_ccc_wdm_enu_69564\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys
[2007/04/16 19:16:34 | 000,119,296 | ---- | M] (ATI Technologies Inc.) MD5=A5AC7B705166BF7CD07BB054BEEA8D03 -- C:\ATI\SUPPORT\8-5_vista32_dd_ccc_wdm_enu_63036\Packages\Drivers\SBDrv\SB6xx\RAID\LH64A\ahcix86s.sys
[2008/05/27 17:55:54 | 000,173,576 | ---- | M] (AMD Technologies Inc.) MD5=FBE4016F9EF3AB3DB547E40A936B6CD9 -- C:\ATI\SUPPORT\8-10_vista32_dd_ccc_wdm_enu_69564\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 03:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 04:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/19 04:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 04:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 06:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/06/11 06:29:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/06/11 06:29:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/06/11 06:29:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 06:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 06:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/19 04:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 04:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 06:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 06:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 06:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 03:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 04:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/19 04:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 06:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 06:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 04:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 04:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 04:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/19 04:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 06:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 03:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\DANIEL LUCCAS\Desktop\Forr - Eliminatrias.MPG:TOC.WMV
@Alternate Data Stream - 489 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:B606BA34
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:1D78DA28
< End of report >


OTL Extras logfile created on: 12/04/2010 16:23:47 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\DANIEL LUCCAS\Desktop
Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 71,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 12,37 Gb Free Space | 5,31% Space Free | Partition Type: NTFS
Drive D: | 4,10 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DANIELLUCCAS-PC
Current User Name: DANIEL LUCCAS
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3808641019-3835033643-4178199915-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\DANIEL LUCCAS\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\NCsoft\Exteel\System\Exteel.exe" = C:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel -- File not found
"C:\Program Files\Combat Arms\CombatArms.exe" = C:\Program Files\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"C:\Program Files\Combat Arms\Engine.exe" = C:\Program Files\Combat Arms\Engine.exe:*Enabled:Engine.exe -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Combat Arms\CombatArms.exe" = C:\Program Files\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"C:\Program Files\Combat Arms\Engine.exe" = C:\Program Files\Combat Arms\Engine.exe:*Enabled:Engine.exe -- File not found
"C:\Program Files\NCsoft\Exteel\System\Exteel.exe" = C:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel -- File not found


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1837ECA6-CEE0-4B89-A65F-D6C7359E9604}" = lport=137 | protocol=17 | dir=in | app=system |
"{1B231C6F-EAC1-4B8D-97F3-BF684975BAB4}" = lport=445 | protocol=6 | dir=in | app=system |
"{36C27B59-B562-4ABE-89FA-8DB1208CDB46}" = lport=138 | protocol=17 | dir=in | app=system |
"{3BDB3432-A779-4F96-952C-A79188AAEDF8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{704C41A2-A572-4FC1-A50E-85FA5B039598}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{727BCDED-D357-4750-9781-2D12DF6A6160}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{80C89367-9341-477C-A4EE-5553AA81A7FD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8656B1B7-8C50-4FB8-8181-CB997978A38C}" = lport=139 | protocol=6 | dir=in | app=system |
"{89EEADBC-919E-4FB9-9792-58C97173B1CF}" = rport=137 | protocol=17 | dir=out | app=system |
"{96B0E2BC-7B23-4E0A-8BC9-2483CDFF6918}" = lport=22376 | protocol=6 | dir=in | name=bittorrent |
"{9E20697D-7B41-4216-A7B7-517BC7116EC8}" = rport=138 | protocol=17 | dir=out | app=system |
"{B5066AC2-7219-4E56-AE2B-78FE8E503D03}" = lport=56768 | protocol=6 | dir=in | name=pando media booster |
"{B7ACF623-6238-43AE-BA66-7572C5F3C8F1}" = rport=445 | protocol=6 | dir=out | app=system |
"{CE7DBA2B-EA6E-4AEB-A64B-ACC22A28F6AF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E1289808-9254-4F22-8FE6-4DD2D21F5BF8}" = lport=56768 | protocol=17 | dir=in | name=pando media booster |
"{FF160CD8-AB5D-4A8B-9302-105471970672}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{005CA270-D96E-4730-8AE1-DF18CE2748E6}" = protocol=17 | dir=in | app=c:\program files\resident evil 5\re5dx10.exe |
"{02309B1F-7B8B-494A-AD95-AA8047DC1CAB}" = protocol=17 | dir=in | app=c:\program files\burnout™ paradise the ultimate box\burnoutlauncher.exe |
"{08C31307-38B6-4286-BFC0-0A65388E178A}" = protocol=6 | dir=in | app=c:\users\daniel luccas\appdata\local\temp\ijjioptimizer.exe |
"{08C82E12-A35A-44BB-9B93-3C866A8C3A4F}" = protocol=17 | dir=in | app=c:\program files\prototype\prototypef.exe |
"{0AC65815-E4BB-40D2-8F99-2E459B9A6811}" = protocol=6 | dir=in | app=c:\program files\burnout™ paradise the ultimate box\burnoutconfigtool.exe |
"{0DCDC661-8856-4F83-BFF1-49739584AADF}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{0DE5B224-F61C-416D-821D-E82A0B8E4D5E}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{0EAA69B4-08BA-4D23-9986-28A6A3BAA90A}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"{14D1875E-43B9-4131-B816-9BA3BA0F1317}" = protocol=6 | dir=in | app=c:\program files\mass effect 2\masseffect2launcher.exe |
"{16553EBD-CF13-477D-8830-5ECFE6F1866C}" = protocol=58 | dir=in | app=system |
"{16931C98-135B-4255-9D1F-BD596B3CFF40}" = protocol=6 | dir=in | app=c:\program files\flock!\flock.exe |
"{1B37A963-E89A-4C5C-830A-E58E9ADFD92D}" = protocol=17 | dir=in | app=c:\program files\assassin's creed ii\assassinscreediigame.exe |
"{1E61D4E0-6121-48DD-9293-2F8AB2F1898F}" = protocol=6 | dir=in | app=c:\program files\resident evil 5\re5dx10.exe |
"{2182BEC7-F585-4681-8437-CF70D4847F94}" = protocol=17 | dir=in | app=c:\programdata\nexon\ngm\ngm.exe |
"{2507DE6E-2E1D-4CEB-B913-D836B2AE5BB8}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{270831CD-1A80-4F76-A370-F000D0D6B024}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{288E9C3C-4629-457F-9245-D268A1122940}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{2BB1E2A1-E7C9-4579-963D-30976FEEAF81}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{31AC43D1-5FBD-4979-9017-B881DFD1A19B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{324B4120-299B-487A-A5E0-A95BED3780EA}" = protocol=17 | dir=in | app=c:\program files\resident evil 5\re5dx9.exe |
"{35AF481A-A270-4291-8AB1-8963998A679A}" = protocol=17 | dir=in | app=c:\program files\burnout™ paradise the ultimate box\burnoutparadise.exe |
"{3AC5658D-BD3D-4A6B-90FD-333445D1F893}" = protocol=6 | dir=in | app=c:\program files\prototype\prototypef.exe |
"{3AD89BB5-868E-464F-BED7-1BBCC7FDCB43}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{3D5DD116-C40C-4490-9546-2DAAB8D8AB1D}" = protocol=17 | dir=in | app=c:\programdata\nexon\common\nmservice.exe |
"{403B34CA-0721-46D6-B745-0D9C60E778FB}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{405E5396-1AFD-417A-B6FA-25CE5068ACC5}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{461B5770-41F3-41D4-85FA-63315F6BAE72}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{499CD0D8-5330-4C95-ADD6-D8139F1D8635}" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe |
"{4A3A3593-B39C-4739-B849-AD05F292D239}" = protocol=6 | dir=in | app=c:\program files\assassin's creed ii\assassinscreediigame.exe |
"{5A33FD7D-8C8A-4D03-9E01-481B50F6EBEA}" = protocol=17 | dir=in | app=c:\program files\atari\aitd\alone.exe |
"{5B1C2552-03AC-4A5B-B45E-BE01203C949A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5C496558-1F58-4CE7-A4F3-936DFC7645A5}" = protocol=6 | dir=in | app=c:\program files\combat arms\nmservice.exe |
"{629C7833-47A8-460E-B774-6A73E2C407C6}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{6689F0C9-76F9-49FC-A58D-C094F6D16995}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{6717BC3C-DCB0-4121-A582-3FA8C5912B4E}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{681C2A4B-3EAE-49B8-8FF6-2E519E8723DB}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{68F7217B-DF77-4DCA-B168-6AE5CC6446F0}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{69E08EA4-1197-47BD-A174-EB3B50504279}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe |
"{6E39BCA3-229F-4C35-BC87-583EBCE0562E}" = protocol=17 | dir=in | app=c:\program files\mass effect 2\binaries\masseffect2.exe |
"{70272C83-4AEE-454C-B6DE-4406EB9412F3}" = protocol=17 | dir=in | app=c:\program files\dragon age\daoriginslauncher.exe |
"{7036B80C-92B1-47D3-839F-DE1FB864304B}" = protocol=6 | dir=in | app=c:\program files\sierra\fear\fear.exe |
"{74404E5D-E33A-4C9C-A333-552BE27595BC}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{7726F304-E988-42D9-98BC-E3D64BE4EB1E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{77E6DB82-CB05-4E9A-B9C4-71E5295397AB}" = protocol=17 | dir=in | app=c:\program files\assassin's creed ii\assassinscreedii.exe |
"{77F3D80C-8742-499F-BFD9-EA98261211FB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7A73407F-E066-4BA2-936D-FE582D3749AB}" = protocol=6 | dir=in | app=c:\program files\atari\aitd\alone.exe |
"{7AB8286C-1AA4-49A7-854E-9DF7D7FE0FA4}" = protocol=6 | dir=in | app=c:\program files\assassin's creed ii\uplaybrowser.exe |
"{80219C52-358D-4231-ACD8-1D199185F9DA}" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{842D97E8-AFEB-470B-B7D2-9778544743D1}" = protocol=6 | dir=in | app=c:\program files\mass effect 2\binaries\masseffect2.exe |
"{873735F0-7F7F-4BD4-BB76-3E7C3EC58D89}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-203 |
"{87681EB9-9AFF-494E-9130-F619F48E0B6A}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysis.exe |
"{8A14AC03-BCE1-4A7D-800E-EABF9430D710}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe |
"{8A9CCC0A-E7C2-49FC-9B88-7AC97D43D7D4}" = protocol=6 | dir=in | app=c:\program files\resident evil 5\re5dx9.exe |
"{8F9746B6-3126-4BA5-AF6B-85E104735FF3}" = protocol=6 | dir=in | app=c:\program files\grid\grid.exe |
"{92FDD9AF-6481-415A-8D80-894C6DCB5AFC}" = protocol=6 | dir=in | app=c:\programdata\nexon\common\nmservice.exe |
"{9626825D-8790-437C-B850-E66F45E8A355}" = protocol=6 | dir=in | app=c:\program files\dragon age\daoriginslauncher.exe |
"{9FCEA0D8-C377-4786-BC7A-61AC88A3BBB5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A3BFFABB-2E31-4D9D-BA74-C4E9B12ABE45}" = protocol=17 | dir=in | app=c:\program files\combat arms\nmservice.exe |
"{A6776A4A-AD50-4453-B53D-6684C14BD336}" = protocol=17 | dir=in | app=c:\program files\sierra\fear\fear.exe |
"{ACD76102-70DC-42BB-A132-4F9644EF844C}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{AD1E1A66-B89F-4CB9-8FBB-6FC5A06AF289}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{AE719890-4B99-4E5D-AC14-B62CF45FB19C}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{AFACFCD2-055F-4238-BA53-7337256D70AA}" = protocol=17 | dir=in | app=c:\program files\flock!\flock.exe |
"{B57F0C9B-B124-435B-86CC-14BE4392BB22}" = protocol=17 | dir=in | app=c:\program files\grid\grid.exe |
"{B6877097-9CF3-48C1-9C59-66D668E86A49}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{B75A6739-87D6-4461-A0B3-959536E4AF1E}" = protocol=17 | dir=in | app=c:\program files\red faction guerrilla\rfg.exe |
"{B7668D67-BBA9-477A-8C1F-CB827D064455}" = protocol=6 | dir=in | app=c:\program files\burnout™ paradise the ultimate box\burnoutparadise.exe |
"{B854D267-180D-4F26-B17E-84DFD5CE11BF}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{BA95109F-D6F9-4E71-AE9D-DB4CC1230005}" = protocol=6 | dir=in | app=c:\program files\red faction guerrilla\rfg.exe |
"{BC2B1D2E-17D0-4F24-BAFA-54A5CAF92DEA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BD3848E3-8A4B-4909-8D2D-BCAB2FC063F9}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{BE3B282C-F8BE-4904-ABB7-AE586E67CF06}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{C7538FE0-054F-415C-8525-815C77388A30}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{C89FFE43-5ECF-4B44-973E-6041CBC3B33A}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe |
"{C9579744-6E1B-4F60-8822-C0F330828D49}" = protocol=6 | dir=in | app=c:\programdata\nexon\ngm\ngm.exe |
"{CCEFBFDA-BAFA-4AE2-A8AE-764CD20B68F7}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe |
"{D1D89176-0845-4690-A5CC-7CF5DD020E2A}" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{D1FE3A3D-8078-4408-8056-29F8309DB220}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{D26F59C9-D219-4078-980A-5236E91AEF3C}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{D395F2C4-33F1-45C2-8DB1-F876339A2C04}" = protocol=17 | dir=in | app=c:\program files\combat arms\nmservice.exe |
"{D4C11B4E-8119-4920-82FF-C7E87FE920D1}" = protocol=6 | dir=in | app=c:\program files\combat arms\nmservice.exe |
"{D58DA986-99D8-47F0-9654-6BF6C7CBA9E2}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{D6025550-35DA-45CB-9C40-59A85DA6FB1C}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{D76E4629-CFF8-4D03-9F09-1050B9B44BD3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D7821579-9E26-46BC-B62E-287F05264AF4}" = protocol=17 | dir=in | app=c:\program files\burnout™ paradise the ultimate box\burnoutconfigtool.exe |
"{D9D06DC6-DAC9-433E-9A76-0AA22E5ADCE8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{DDEC6203-A734-4097-9892-8FFCF50ED7E5}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{DECC1A30-B0CC-4287-9BC1-EDE0099FA746}" = protocol=6 | dir=in | app=c:\program files\burnout™ paradise the ultimate box\burnoutlauncher.exe |
"{E0FD2F0E-393E-44D8-948D-AF5194025103}" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe |
"{E5435038-E4E1-498B-B05E-BC8A395F4C62}" = protocol=17 | dir=in | app=c:\program files\mass effect 2\masseffect2launcher.exe |
"{E6BA664D-304E-483C-830D-940F8CC30002}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysis.exe |
"{E8567006-253A-4973-8362-48650808907F}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{EA78ABAC-3A3A-4BEA-BBFF-942AD8B01348}" = protocol=6 | dir=in | app=c:\program files\assassin's creed ii\assassinscreedii.exe |
"{EA901103-7C1C-479B-9F38-CF604B43B2AC}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{EDC1D374-A380-472C-AD57-9CF68C76BCDB}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"{F3529EA0-CE79-4E84-A195-A7FD51BBE499}" = protocol=17 | dir=in | app=c:\users\daniel luccas\appdata\local\temp\ijjioptimizer.exe |
"{FDD21735-6C33-462A-ABF8-D12441E4F7BF}" = protocol=17 | dir=in | app=c:\program files\assassin's creed ii\uplaybrowser.exe |
"TCP Query User{033ECF30-9FC0-4384-9212-C03B4B526E5E}C:\program files\avant browser\avant.exe" = protocol=6 | dir=in | app=c:\program files\avant browser\avant.exe |
"TCP Query User{04C5B447-821D-46E6-A1DB-39D3A6613E67}C:\program files\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files\borderlands\binaries\borderlands.exe |
"TCP Query User{060F4CC3-A7F6-474B-A09E-89E004BF8029}C:\users\daniel luccas\documents\limewire\saved\offline server v0.31\mitm.exe" = protocol=6 | dir=in | app=c:\users\daniel luccas\documents\limewire\saved\offline server v0.31\mitm.exe |
"TCP Query User{0726CFBA-1353-4BC6-B752-2015E09CF597}C:\program files\taikodom\taikodom-game.exe" = protocol=6 | dir=in | app=c:\program files\taikodom\taikodom-game.exe |
"TCP Query User{095AB173-D7E3-42D8-B7C8-0F7BCC5D0B95}C:\program files\dawn of war\w40k.exe" = protocol=6 | dir=in | app=c:\program files\dawn of war\w40k.exe |
"TCP Query User{0AD9E7ED-DF65-40E1-A474-606ABB70E0F9}C:\program files\capcom\lostplanetcolonies\lostplanetcoloniesdx10.exe" = protocol=6 | dir=in | app=c:\program files\capcom\lostplanetcolonies\lostplanetcoloniesdx10.exe |
"TCP Query User{0C965C46-0CBA-4DA8-884C-15B4CC4A2D6A}C:\program files\microsoft games\gears of war\binaries\wargame-g4wlive.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\gears of war\binaries\wargame-g4wlive.exe |
"TCP Query User{192ACE29-D930-4395-8864-45D87E699690}C:\users\daniel luccas\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\daniel luccas\program files\dna\btdna.exe |
"TCP Query User{27864C6B-C003-4FE6-94F2-78F74DC1FF2A}C:\program files\ijji reactor\reactor.exe" = protocol=6 | dir=in | app=c:\program files\ijji reactor\reactor.exe |
"TCP Query User{2CDE4B66-8B26-43E3-B68B-C0E9C9B229C9}C:\users\daniel luccas\rohan\fairyclient.exe" = protocol=6 | dir=in | app=c:\users\daniel luccas\rohan\fairyclient.exe |
"TCP Query User{3D675BB5-7C8C-476E-9752-E3DB6D8DADC0}C:\users\daniel luccas\saved games\assassins.creed.2.multi.9.clonedvd.pc.dvd9.crack\offline server v0.31\server.exe" = protocol=6 | dir=in | app=c:\users\daniel luccas\saved games\assassins.creed.2.multi.9.clonedvd.pc.dvd9.crack\offline server v0.31\server.exe |
"TCP Query User{44F1813F-3F2E-4250-A616-0ACB033281B1}C:\program files\valve\my product name\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=c:\program files\valve\my product name\left 4 dead 2\left4dead2.exe |
"TCP Query User{45D16C97-9176-42C7-B484-0D223FAF4E57}C:\program files\activision\call of duty - world at war\codwaw.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
"TCP Query User{4BA2443C-C50A-4F26-B19F-C7AC1F7B645F}C:\users\daniel luccas\saved games\warhammer_dawn_of_war_2-wicked\dow2.exe" = protocol=6 | dir=in | app=c:\users\daniel luccas\saved games\warhammer_dawn_of_war_2-wicked\dow2.exe |
"TCP Query User{542D5CE9-A581-4FDA-9325-9FFCFD74AB7E}C:\users\daniel luccas\desktop\cssource\hl2.exe" = protocol=6 | dir=in | app=c:\users\daniel luccas\desktop\cssource\hl2.exe |
"TCP Query User{5B635F07-BD48-4E78-AD4A-853298CF20C2}C:\l4d2\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=c:\l4d2\left 4 dead 2\left4dead2.exe |
"TCP Query User{5DC10A7C-8927-4DCB-9B42-EEA0BD4C6F98}C:\program files\left4dead\hl2.exe" = protocol=6 | dir=in | app=c:\program files\left4dead\hl2.exe |
"TCP Query User{5EDB94B5-0795-4A96-BDC0-9C380FA822DC}C:\program files\tom clancy's splinter cell double agent\scda-offline\system\splintercell4.exe" = protocol=6 | dir=in | app=c:\program files\tom clancy's splinter cell double agent\scda-offline\system\splintercell4.exe |
"TCP Query User{64E43C41-5E5D-405D-82E4-DBE2F781FE7A}C:\program files\electronic arts\dead space\dead space.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\dead space\dead space.exe |
"TCP Query User{6A7D0D19-36D7-4F3D-94E5-48DEE34E0BD7}C:\users\daniel luccas\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\daniel luccas\program files\dna\btdna.exe |
"TCP Query User{6DE07CEB-50BA-4674-AB5C-5A2643EFF0B4}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{75CE7A78-4BD1-4658-B150-9663604EBC70}C:\users\daniel luccas\appdata\local\temp\plauncher.exe" = protocol=6 | dir=in | app=c:\users\daniel luccas\appdata\local\temp\plauncher.exe |
"TCP Query User{78F55E79-C48B-4751-9738-C82A1DBED185}C:\program files\electronic arts\dead space\dead space.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\dead space\dead space.exe |
"TCP Query User{83A664E1-4F89-468F-9707-4D916ED7EBB5}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe |
"TCP Query User{887F73EE-2AE4-45E8-8E05-83F810795D72}C:\users\daniel luccas\rohan\rohanclient.exe" = protocol=6 | dir=in | app=c:\users\daniel luccas\rohan\rohanclient.exe |
"TCP Query User{8890EC43-25CA-46C6-A37E-7CE55A056A01}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{8A4315B5-0087-43F1-A9EC-9436ED75D81E}C:\program files\avant browser\avant.exe" = protocol=6 | dir=in | app=c:\program files\avant browser\avant.exe |
"TCP Query User{8D85DF8F-0CA8-4D3D-9B8E-D4795FF049A8}C:\program files\left4dead\hl2.exe" = protocol=6 | dir=in | app=c:\program files\left4dead\hl2.exe |
"TCP Query User{8ED030E8-67B3-4D03-9E7F-5643DEBF4A25}C:\program files\id software\quake 4\quake4.exe" = protocol=6 | dir=in | app=c:\program files\id software\quake 4\quake4.exe |
"TCP Query User{8F21F55E-7BDF-4E94-B165-844AC1E19EB0}C:\python26\pythonw.exe" = protocol=6 | dir=in | app=c:\python26\pythonw.exe |
"TCP Query User{8FEFACD6-729C-4DF1-814F-4B6675AF783A}C:\program files\dawn of war\w40k.exe" = protocol=6 | dir=in | app=c:\program files\dawn of war\w40k.exe |
"TCP Query User{8FF4CD60-460D-427C-9C3F-80226FC0309B}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
"TCP Query User{974A0347-8BA5-437A-8813-925582CF1ED4}C:\users\daniel luccas\saved games\wow\wowclient-downloader.exe" = protocol=6 | dir=in | app=c:\users\daniel luccas\saved games\wow\wowclient-downloader.exe |
"TCP Query User{9B81C3E3-69BC-46F0-BF2B-180D4B19AEB8}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{9F1C57B4-7F46-4E41-AC40-2D53C159296E}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{A0872B28-72AD-41D9-B91C-4B9E816850FE}C:\users\daniel luccas\desktop\wow-burningcrusade-enus-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\daniel luccas\desktop\wow-burningcrusade-enus-installer-downloader.exe |
"TCP Query User{A41807C0-D2B0-4946-BF47-A94428EB9D38}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{A8ECE5A4-D342-46B8-81F8-B930E4079EC7}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{AB025460-D255-4C31-90BC-7BB58B88B4E4}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{AC786DB0-BED0-40CC-AC52-B022F47B38B2}C:\users\daniel luccas\saved games\assassins.creed.2.multi.9.clonedvd.pc.dvd9.crack\offline server v0.31\server - cpia.exe" = protocol=6 | dir=in | app=c:\users\daniel luccas\saved games\assassins.creed.2.multi.9.clonedvd.pc.dvd9.crack\offline server v0.31\server - cpia.exe |
"TCP Query User{AE2AC785-313D-4659-B2B2-E9370B12B38E}C:\netgame\operation7\operation7.exe" = protocol=6 | dir=in | app=c:\netgame\operation7\operation7.exe |
"TCP Query User{B8F13BE4-3C0B-4BE6-B331-7B209E211666}C:\users\daniel luccas\saved games\assassins.creed.2.multi.9.clonedvd.pc.dvd9.crack\offline server v0.31\server.exe" = protocol=6 | dir=in | app=c:\users\daniel luccas\saved games\assassins.creed.2.multi.9.clonedvd.pc.dvd9.crack\offline server v0.31\server.exe |
"TCP Query User{BEDCCE91-1874-4536-AE42-D04DBFA517FA}C:\program files\free download manager\fdm.exe" = protocol=6 | dir=in | app=c:\program files\free download manager\fdm.exe |
"TCP Query User{C8C4FCA9-88AD-4DFD-A580-2602F5F98B02}C:\users\daniel luccas\saved games\warhammer_dawn_of_war_2-wicked\dow2.exe" = protocol=6 | dir=in | app=c:\users\daniel luccas\saved games\warhammer_dawn_of_war_2-wicked\dow2.exe |
"TCP Query User{CDA86FFB-33F8-463F-9102-C07AE2A9787D}C:\program files\microsoft games\rise of nations\nations.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\rise of nations\nations.exe |
"TCP Query User{D0565F12-F305-4FB1-B46A-89A894DCB9C7}C:\users\daniel luccas\desktop\atualiza_dslink200_03_05_04\atualizadslink200.exe" = protocol=6 | dir=in | app=c:\users\daniel luccas\desktop\atualiza_dslink200_03_05_04\atualizadslink200.exe |
"TCP Query User{D49AB013-BA7B-4572-BA1E-C14C8AB431ED}C:\program files\free download manager\fdm.exe" = protocol=6 | dir=in | app=c:\program files\free download manager\fdm.exe |
"TCP Query User{D87BE044-3394-4F1F-866D-D560A968A50B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{DECDBA1A-D5CF-41FD-B240-8A953CE0EA71}C:\users\daniel luccas\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\daniel luccas\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{DF52BF8D-335C-417E-B340-40193C215F16}C:\program files\ava\binaries\ava.exe" = protocol=6 | dir=in | app=c:\program files\ava\binaries\ava.exe |
"TCP Query User{EEBCD311-37AB-44EB-8D68-A5DC34A88FD4}C:\users\daniel luccas\documents\limewire\saved\offline server v0.31\server.exe" = protocol=6 | dir=in | app=c:\users\daniel luccas\documents\limewire\saved\offline server v0.31\server.exe |
"TCP Query User{F846F586-42F3-479A-93BA-3A2ECAAFC073}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{08162760-B5FD-4F78-A8ED-64E96AE86674}C:\program files\ava\binaries\ava.exe" = protocol=17 | dir=in | app=c:\program files\ava\binaries\ava.exe |
"UDP Query User{21B011F8-E66F-4EAE-BC31-EF07685D3335}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe |
"UDP Query User{21E60F28-0290-4C15-A7CD-50FEE84D80EA}C:\users\daniel luccas\desktop\atualiza_dslink200_03_05_04\atualizadslink200.exe" = protocol=17 | dir=in | app=c:\users\daniel luccas\desktop\atualiza_dslink200_03_05_04\atualizadslink200.exe |
"UDP Query User{25BD54D5-573D-4473-8FB1-DCD374C2B396}C:\users\daniel luccas\saved games\wow\wowclient-downloader.exe" = protocol=17 | dir=in | app=c:\users\daniel luccas\saved games\wow\wowclient-downloader.exe |
"UDP Query User{2BEDC643-DE2F-4EC3-912E-5303C8046CB3}C:\program files\microsoft games\rise of nations\nations.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\rise of nations\nations.exe |
"UDP Query User{2F96B339-DA23-4DC5-81AB-67A60E0B1B35}C:\program files\avant browser\avant.exe" = protocol=17 | dir=in | app=c:\program files\avant browser\avant.exe |
"UDP Query User{32BBE86B-4D1E-4420-81EC-A3168DC73219}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{33E72A0A-96FB-4234-978E-454316C9D03D}C:\program files\microsoft games\gears of war\binaries\wargame-g4wlive.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\gears of war\binaries\wargame-g4wlive.exe |
"UDP Query User{37687B34-4D86-475C-91DC-B23E874748B1}C:\program files\electronic arts\dead space\dead space.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\dead space\dead space.exe |
"UDP Query User{398A3275-DAA1-45FE-8609-C264B8200CFE}C:\program files\tom clancy's splinter cell double agent\scda-offline\system\splintercell4.exe" = protocol=17 | dir=in | app=c:\program files\tom clancy's splinter cell double agent\scda-offline\system\splintercell4.exe |
"UDP Query User{399F1373-2498-44E5-8DC7-083330FC6E2F}C:\program files\avant browser\avant.exe" = protocol=17 | dir=in | app=c:\program files\avant browser\avant.exe |
"UDP Query User{3A0CEAAD-651A-439C-8BEE-AFDBDBEBC8AA}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{3F100F77-4D5F-45E4-B6A3-908939650A4A}C:\program files\id software\quake 4\quake4.exe" = protocol=17 | dir=in | app=c:\program files\id software\quake 4\quake4.exe |
"UDP Query User{4085979F-D292-428F-B765-BF937DEBD61A}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{4AFE8200-02ED-4497-860B-A9D29ABDC131}C:\users\daniel luccas\rohan\rohanclient.exe" = protocol=17 | dir=in | app=c:\users\daniel luccas\rohan\rohanclient.exe |
"UDP Query User{4EC836C7-81C4-417C-A7B8-B023A1777347}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{536BB453-09DF-43BD-B4D7-F7D352821FA0}C:\users\daniel luccas\appdata\local\temp\plauncher.exe" = protocol=17 | dir=in | app=c:\users\daniel luccas\appdata\local\temp\plauncher.exe |
"UDP Query User{574BE56D-5F70-48B4-9712-F6EF664427D9}C:\users\daniel luccas\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\daniel luccas\program files\dna\btdna.exe |
"UDP Query User{579173F6-3349-487D-B9C5-0D1C2F45DB4D}C:\users\daniel luccas\desktop\cssource\hl2.exe" = protocol=17 | dir=in | app=c:\users\daniel luccas\desktop\cssource\hl2.exe |
"UDP Query User{581A513A-028F-43B5-8404-A94E387C6CEC}C:\program files\activision\call of duty - world at war\codwaw.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
"UDP Query User{587FBC5C-0055-41D5-993F-EE1A4B9A279B}C:\python26\pythonw.exe" = protocol=17 | dir=in | app=c:\python26\pythonw.exe |
"UDP Query User{61C14B12-32B9-44A9-A6C3-6CCA3B0E95FF}C:\program files\left4dead\hl2.exe" = protocol=17 | dir=in | app=c:\program files\left4dead\hl2.exe |
"UDP Query User{6AB79200-6646-42F9-8359-0FCAC93F6BE1}C:\program files\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files\borderlands\binaries\borderlands.exe |
"UDP Query User{78EEEEB3-CC68-43A5-9EEF-2C68D79A4FA3}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{7EA460C0-4BE2-489F-815A-506EE6B30187}C:\users\daniel luccas\saved games\assassins.creed.2.multi.9.clonedvd.pc.dvd9.crack\offline server v0.31\server.exe" = protocol=17 | dir=in | app=c:\users\daniel luccas\saved games\assassins.creed.2.multi.9.clonedvd.pc.dvd9.crack\offline server v0.31\server.exe |
"UDP Query User{8214EDEC-D696-4E5A-9008-B66A910790A0}C:\program files\electronic arts\dead space\dead space.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\dead space\dead space.exe |
"UDP Query User{83F60B17-D030-4D4F-BED1-86A2147A10C7}C:\users\daniel luccas\saved games\assassins.creed.2.multi.9.clonedvd.pc.dvd9.crack\offline server v0.31\server.exe" = protocol=17 | dir=in | app=c:\users\daniel luccas\saved games\assassins.creed.2.multi.9.clonedvd.pc.dvd9.crack\offline server v0.31\server.exe |
"UDP Query User{8842283F-0EE1-4FF8-8344-A81D37F0AE9B}C:\program files\left4dead\hl2.exe" = protocol=17 | dir=in | app=c:\program files\left4dead\hl2.exe |
"UDP Query User{8F2B1FC4-31E0-4B04-B611-CF0E30D9E86E}C:\program files\dawn of war\w40k.exe" = protocol=17 | dir=in | app=c:\program files\dawn of war\w40k.exe |
"UDP Query User{915F9140-7CBD-41CE-AD3C-9D5E7953C96B}C:\users\daniel luccas\desktop\wow-burningcrusade-enus-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\daniel luccas\desktop\wow-burningcrusade-enus-installer-downloader.exe |
"UDP Query User{93F2E8C3-B079-4706-8112-66E407EC390E}C:\users\daniel luccas\rohan\fairyclient.exe" = protocol=17 | dir=in | app=c:\users\daniel luccas\rohan\fairyclient.exe |
"UDP Query User{96F5127E-34F5-4F8B-A4CA-6E85158848E9}C:\program files\valve\my product name\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=c:\program files\valve\my product name\left 4 dead 2\left4dead2.exe |
"UDP Query User{974A0A71-6E68-4329-974C-ECF732554F17}C:\program files\taikodom\taikodom-game.exe" = protocol=17 | dir=in | app=c:\program files\taikodom\taikodom-game.exe |
"UDP Query User{9D0A9B6B-C6CF-4EF3-90C3-C6C7AC04E0BD}C:\program files\capcom\lostplanetcolonies\lostplanetcoloniesdx10.exe" = protocol=17 | dir=in | app=c:\program files\capcom\lostplanetcolonies\lostplanetcoloniesdx10.exe |
"UDP Query User{9E1D2FDB-BCF8-4230-A926-3B722AFC5C6B}C:\users\daniel luccas\documents\limewire\saved\offline server v0.31\mitm.exe" = protocol=17 | dir=in | app=c:\users\daniel luccas\documents\limewire\saved\offline server v0.31\mitm.exe |
"UDP Query User{A8B53F46-EECD-40CE-9FEA-48F85AA27666}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{AC170C3D-A08A-4188-A9DA-4EAD5CD68906}C:\program files\free download manager\fdm.exe" = protocol=17 | dir=in | app=c:\program files\free download manager\fdm.exe |
"UDP Query User{B334688A-2B24-4B7C-B798-0161A7A0626A}C:\users\daniel luccas\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\daniel luccas\program files\dna\btdna.exe |
"UDP Query User{B48560C3-47A4-4C4B-9C66-BB3931CE45AF}C:\users\daniel luccas\documents\limewire\saved\offline server v0.31\server.exe" = protocol=17 | dir=in | app=c:\users\daniel luccas\documents\limewire\saved\offline server v0.31\server.exe |
"UDP Query User{B8233BA1-C0AD-49D7-9CD4-FCA4F7977F65}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{B9A00B92-C560-4298-845B-05C8DD5ACAB6}C:\netgame\operation7\operation7.exe" = protocol=17 | dir=in | app=c:\netgame\operation7\operation7.exe |
"UDP Query User{CA9C5AC6-9473-4E0F-89ED-09D1E13861D1}C:\l4d2\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=c:\l4d2\left 4 dead 2\left4dead2.exe |
"UDP Query User{CE8E72B2-C8F0-47EA-81F6-1F550FD26B24}C:\program files\dawn of war\w40k.exe" = protocol=17 | dir=in | app=c:\program files\dawn of war\w40k.exe |
"UDP Query User{D046DFEC-94A9-4207-BED5-105021EF5E08}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{D2C679E3-67EA-43E6-93F1-BEDDB84E741E}C:\users\daniel luccas\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\daniel luccas\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{DEF16192-0072-4BF7-9069-F26DAD7006A3}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |
"UDP Query User{EBE5EB63-B43E-44A2-94DB-7CF87C9BBB54}C:\program files\free download manager\fdm.exe" = protocol=17 | dir=in | app=c:\program files\free download manager\fdm.exe |
"UDP Query User{EF7AA240-819A-4392-A2A6-F023FA0C6040}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{F0299A0B-DC2D-4814-8C04-167A9FCFC93A}C:\users\daniel luccas\saved games\warhammer_dawn_of_war_2-wicked\dow2.exe" = protocol=17 | dir=in | app=c:\users\daniel luccas\saved games\warhammer_dawn_of_war_2-wicked\dow2.exe |
"UDP Query User{F0638CFF-1960-4CD2-8468-45DCE9C6DB2E}C:\users\daniel luccas\saved games\assassins.creed.2.multi.9.clonedvd.pc.dvd9.crack\offline server v0.31\server - cpia.exe" = protocol=17 | dir=in | app=c:\users\daniel luccas\saved games\assassins.creed.2.multi.9.clonedvd.pc.dvd9.crack\offline server v0.31\server - cpia.exe |
"UDP Query User{F20F3F6B-0C01-4AC1-906C-9CA0F3E7F21F}C:\program files\ijji reactor\reactor.exe" = protocol=17 | dir=in | app=c:\program files\ijji reactor\reactor.exe |
"UDP Query User{F8D643B4-2512-4566-BBF6-0222710E236B}C:\users\daniel luccas\saved games\warhammer_dawn_of_war_2-wicked\dow2.exe" = protocol=17 | dir=in | app=c:\users\daniel luccas\saved games\warhammer_dawn_of_war_2-wicked\dow2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0CCC0F9A-81E6-3529-4394-86384585325C}" = Catalyst Control Center Graphics Light
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{12AF2BD8-797C-426F-8FCA-79716DBA4B10}" = FLOCK!
"{1438B41C-658C-35B7-9253-780F2E0A0B8E}" = Microsoft .NET Framework 3.5 Language Pack SP1 - ptb
"{153A64E0-7140-A1AE-C7ED-745A3218DFBD}" = ccc-utility
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}" = Borderlands
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{259A8A5E-2886-4BED-9EF1-D5485282CCC3}" = Overlord
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java™ 6 Update 19
"{2FBE4C1F-D40A-B18C-FEC0-EE01199DECD1}" = ccc-core-static
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32BC546A-8AA3-4239-AE92-9CF3291C35A6}" = Windows Live Call
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{42AF51C0-4028-46CF-B616-FB1F75286457}" = A.V.A
"{4723f199-fa64-4233-8e6e-9fccc95a18ee}" = Python 2.6.5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexo do Windows Live
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7157C65D-270C-F593-C873-FF9AD949E221}" = Skins
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{733C47BE-4A73-66BE-03EC-460AC98E550C}" = Catalyst Control Center Graphics Previews Vista
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{79C051A5-3141-1CD2-D601-7127D0CD9E22}" = Catalyst Control Center HydraVision Full
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{887868A2-D6DE-3255-AA92-AA0B5A59B874}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{899FEBB5-CDF7-FD73-01B5-1381EAA75EED}" = CCC Help English
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007
"{90120000-0015-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007
"{90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007
"{90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007
"{90120000-0019-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007
"{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007
"{90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{75EBE365-7FC5-4720-A7D3-804BF550D1BC}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007
"{90120000-0044-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007
"{90120000-006E-0416-0000-0000000FF1CE}_ENTERPRISE_{9A141B2B-7C5E-47D2-8E9E-9AC6018F3C42}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007
"{90120000-00A1-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2007
"{90120000-00BA-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR
"{932245FB-2F3B-3E2E-B8AB-BDE96E434F21}" = Microsoft .NET Framework 3.5 Language Pack SP1 - jpn
"{934528B2-09B3-C6E5-288A-4E554E6DF2B9}" = ATI Catalyst Install Manager
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"{A3BC9DDC-4B4C-F307-FEDC-7B77992FBC9F}" = Catalyst Control Center Graphics Full New
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AC76BA86-7AD7-1046-7B44-A90000000001}" = Adobe Reader 9 - Portugus
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B5ED7AB0-3838-4389-8549-7C8E22DD48F4}" = Windows Live Messenger
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CA567AD5-33A4-403D-86D1-EE2D38251951}_is1" = VDownloader 0.82
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD960D1B-2D16-5A6A-FAD7-E5C32BB78CE7}" = Catalyst Control Center Graphics Full Existing
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D191837E-0AE9-F062-9EE3-A97DD6D9A11D}" = Catalyst Control Center Core Implementation
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{E94F42C9-75F5-FFA4-0112-37D2F040017F}" = Catalyst Control Center Graphics Previews Common
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{F06FCDEC-5AB3-4927-A3E7-36AF98A8E05C}" = USB TO UART Driver 2.00.3
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2CD4651-F948-467C-B014-71FD981B7F59}" = Windows Live Essentials
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.57
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AhnLab Online Security" = AhnLab Online Security
"Any Video Converter_is1" = Any Video Converter 3.0.4
"AutoMz Ultimate Tweaker" = AutoMz Ultimate Tweaker
"AvantBrowser" = Avant Browser (remove only)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BCAB34F3D0437A511B21EE29B337548D35996EB3" = Pacote de Driver do Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"BS.Player ControlBar" = BS.Player ControlBar
"BSPlayerf" = BS.Player FREE
"CCleaner" = CCleaner
"CDex" = CDex extraction audio
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CoreAVC Pro" = CoreAVC Pro (remove only)
"DVD Shrink_is1" = DVD Shrink 3.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Game Booster_is1" = Game Booster
"GenoPro" = GenoPro 2.0.1.6
"HijackThis" = HijackThis 2.0.2
"InstallShield_{12AF2BD8-797C-426F-8FCA-79716DBA4B10}" = FLOCK!
"InstallShield_{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.8.0 (Full)
"LimeWire" = LimeWire 5.3.6
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - jpn" = Microsoft .NET Framework 3.5 Language Pack SP1 - 日本語
"Microsoft .NET Framework 3.5 Language Pack SP1 - ptb" = Pacote de Idiomas do Microsoft .NET Framework 3.5 SP1 - PTB
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual C++ 2008 Express Edition with SP1 - ENU" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"Mini Ninjas_is1" = Mini Ninjas
"Nero - Burning Rom!UninstallKey" = Nero 6 Demo
"OpenAL" = OpenAL
"Ragnarok Sakray" = Ragnarok Sakray
"RealPlayer 6.0" = RealPlayer
"Runic Games Torchlight" = Torchlight
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xfire" = Xfire (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3808641019-3835033643-4178199915-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/04/2010 07:11:38 | Computer Name = DANIELLUCCAS-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12/04/2010 07:11:39 | Computer Name = DANIELLUCCAS-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12/04/2010 07:21:48 | Computer Name = DANIELLUCCAS-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 12/04/2010 09:01:26 | Computer Name = DANIELLUCCAS-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12/04/2010 09:01:26 | Computer Name = DANIELLUCCAS-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12/04/2010 09:01:28 | Computer Name = DANIELLUCCAS-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12/04/2010 10:29:22 | Computer Name = DANIELLUCCAS-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12/04/2010 10:29:22 | Computer Name = DANIELLUCCAS-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12/04/2010 10:29:23 | Computer Name = DANIELLUCCAS-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12/04/2010 10:52:59 | Computer Name = DANIELLUCCAS-PC | Source = RasClient | ID = 20227
Description =

[ OSession Events ]
Error - 18/03/2009 08:15:47 | Computer Name = DANIELLUCCAS-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 13
seconds with 0 seconds of active time. This session ended with a crash.

Error - 18/06/2009 11:55:02 | Computer Name = DANIELLUCCAS-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.

Error - 18/06/2009 11:55:50 | Computer Name = DANIELLUCCAS-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 17
seconds with 0 seconds of active time. This session ended with a crash.

Error - 18/06/2009 11:56:30 | Computer Name = DANIELLUCCAS-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 18
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/12/2009 18:24:45 | Computer Name = DANIELLUCCAS-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 11
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 03/12/2009 17:36:40 | Computer Name = DANIELLUCCAS-PC | Source = HTTP | ID = 15016
Description =

Error - 03/12/2009 17:37:15 | Computer Name = DANIELLUCCAS-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 03/12/2009 18:02:02 | Computer Name = DANIELLUCCAS-PC | Source = HTTP | ID = 15016
Description =

Error - 03/12/2009 18:02:16 | Computer Name = DANIELLUCCAS-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 04/12/2009 06:26:59 | Computer Name = DANIELLUCCAS-PC | Source = HTTP | ID = 15016
Description =

Error - 04/12/2009 06:27:32 | Computer Name = DANIELLUCCAS-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 04/12/2009 15:46:03 | Computer Name = DANIELLUCCAS-PC | Source = EventLog | ID = 6008
Description = O desligamento anterior do sistema em 2:30:57 PM em 12/4/2009 no
era esperado.

Error - 04/12/2009 15:46:06 | Computer Name = DANIELLUCCAS-PC | Source = HTTP | ID = 15016
Description =

Error - 04/12/2009 15:46:34 | Computer Name = DANIELLUCCAS-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 05/12/2009 05:36:42 | Computer Name = DANIELLUCCAS-PC | Source = EventLog | ID = 6008
Description = O desligamento anterior do sistema em 11:30:06 PM em 12/4/2009 no
era esperado.


< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,773 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:00 PM

Posted 12 April 2010 - 05:43 PM

Hi,

could you please try to run gmer in safe mode once, let me know if that works or not.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 jakalbrow

jakalbrow
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 13 April 2010 - 06:40 AM

The same issue I described in normal mode happens in safe mode while trying to run gmer.
I tried to run the scan and gmer stopped working. Tried to open it again and the system went BSOD.

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,773 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:00 PM

Posted 14 April 2010 - 05:34 PM

Hi,

please run a scan with ComboFix:
Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

It could be that this is a software issue and not malware. Are you familiar with system restore and do you have a restore point prior to the weirdness happening on your PC?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 jakalbrow

jakalbrow
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 14 April 2010 - 10:35 PM

Hello again.
As a matter of fact I do know about system restore, but unfortunately have no restoration points prior to these problems.
In fact, I only became aware of them much later.
For the sake of curiosity, is it possible that my avira was preventing gmer from working correctly?
The ComboFix log follows:

ComboFix 10-04-14.01 - DANIEL LUCCAS 15/04/2010 0:10.1.2 - x86
Microsoft Windows Vista Ultimate 6.0.6001.1.1252.55.1046.18.3326.2201 [GMT -3:00]
Executando de: c:\users\DANIEL LUCCAS\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((( Outras Excluses )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-51003140-4199384537-3980697693-500
C:\install.exe
c:\program files\Cheat Engine\dbk32.sys

.
(((((((((((((((( Arquivos/Ficheiros criados de 2010-03-15 to 2010-04-15 ))))))))))))))))))))))))))))
.

2010-04-11 05:53 . 2010-04-14 20:03 -------- d-----w- c:\users\DANIEL LUCCAS\FlyffTest
2010-04-08 22:17 . 2010-04-08 22:17 -------- d-----w- c:\users\DANIEL LUCCAS\.idlerc
2010-04-04 18:35 . 2010-04-04 18:35 1213318 ----a-w- c:\users\DANIEL LUCCAS\S806_27_03_2010.zip
2010-04-04 01:17 . 2009-03-30 12:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-04-04 01:17 . 2010-04-04 01:17 -------- d-----w- c:\programdata\Avira
2010-04-04 01:17 . 2010-04-04 01:17 -------- d-----w- c:\program files\Avira
2010-04-03 19:24 . 2010-04-03 19:24 -------- d-----w- c:\program files\Microsoft SQL Server
2010-04-03 19:24 . 2010-04-03 19:24 112640 ----a-w- c:\programdata\Microsoft\VCExpress\9.0\1033\ResourceCache.dll
2010-04-03 19:23 . 2010-04-03 19:23 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2010-04-03 19:21 . 2010-04-03 19:22 -------- d-----w- c:\program files\Common Files\Merge Modules
2010-04-03 19:21 . 2010-04-03 19:23 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-04-03 19:20 . 2010-04-03 19:20 -------- d-----w- c:\program files\Microsoft SDKs
2010-04-03 18:34 . 2010-04-03 18:34 -------- d-----w- C:\Python26
2010-04-03 16:58 . 2010-04-03 18:43 -------- d-----w- c:\program files\Assassin's Creed II
2010-04-02 13:25 . 2010-04-02 13:25 -------- d-----w- c:\program files\Exhort Network
2010-03-28 13:25 . 2010-03-28 13:25 -------- d-----w- c:\users\DANIEL LUCCAS\AppData\Roaming\AnvSoft
2010-03-28 13:25 . 2010-03-28 13:25 -------- d-----w- c:\program files\AnvSoft
2010-03-20 00:52 . 2010-03-20 00:52 2145280 ----a-w- c:\windows\system32\python26.dll

.
((((((((((((((((((((((((((((((((((((( Relatrio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-15 03:17 . 2008-12-25 02:42 -------- d-----w- c:\program files\Cheat Engine
2010-04-15 01:29 . 2006-11-06 01:25 703848 ----a-w- c:\windows\system32\prfh0416.dat
2010-04-15 01:29 . 2006-11-06 01:25 147210 ----a-w- c:\windows\system32\prfc0416.dat
2010-04-14 14:40 . 2008-06-10 18:03 1356 ----a-w- c:\users\DANIEL LUCCAS\AppData\Local\d3d9caps.dat
2010-04-10 01:02 . 2008-08-31 10:11 -------- d-----w- c:\users\DANIEL LUCCAS\AppData\Roaming\LimeWire
2010-04-09 21:57 . 2008-06-10 18:04 101064 ----a-w- c:\users\DANIEL LUCCAS\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-09 00:12 . 2008-10-11 19:33 -------- d-----w- c:\programdata\Skype
2010-04-03 19:30 . 2008-11-30 13:09 -------- d-----w- c:\program files\CCleaner
2010-04-03 19:24 . 2008-06-10 18:14 -------- d-----w- c:\programdata\Microsoft Help
2010-04-03 18:08 . 2008-12-01 11:21 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-03 16:58 . 2008-06-10 19:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-19 21:39 . 2008-06-11 14:26 -------- d-----w- c:\programdata\Messenger Plus!
2010-03-19 21:39 . 2008-06-11 03:17 -------- d-----w- c:\program files\Messenger Plus! Live
2010-03-13 23:23 . 2010-03-13 23:23 -------- d-----w- c:\users\DANIEL LUCCAS\AppData\Roaming\Ubisoft
2010-03-13 23:23 . 2008-06-11 18:11 -------- d-----w- c:\programdata\Ubisoft
2010-03-13 23:16 . 2010-03-13 23:16 -------- d-----w- c:\program files\Ubisoft
2010-03-11 21:40 . 2008-08-31 10:07 -------- d-----w- c:\program files\Common Files\Java
2010-03-11 21:40 . 2008-08-31 10:08 -------- d-----w- c:\program files\Java
2010-03-08 01:07 . 2009-04-24 20:45 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-08 01:06 . 2009-04-24 20:46 -------- d-----w- c:\program files\AGEIA Technologies
2010-03-08 01:06 . 2009-12-26 20:59 -------- d-----w- c:\program files\Common Files\BioWare
2010-03-08 00:56 . 2010-03-08 00:47 -------- d-----w- c:\program files\Mass Effect 2
2010-03-07 16:38 . 2008-10-31 22:06 -------- d-----w- c:\users\DANIEL LUCCAS\AppData\Roaming\Nexon
2010-03-07 16:37 . 2008-06-19 14:21 -------- d-----w- c:\users\DANIEL LUCCAS\AppData\Roaming\Microsoft Games
2010-02-24 13:16 . 2009-10-03 04:56 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-21 15:52 . 2010-02-21 15:48 -------- d-----w- c:\program files\MSECache
2010-02-17 19:32 . 2010-02-17 19:25 -------- d-----w- c:\program files\Overlord
2010-02-14 13:23 . 2010-02-12 05:34 -------- d-----w- c:\program files\AVA
2010-02-06 13:13 . 2010-02-06 13:13 10134 ----a-r- c:\users\DANIEL LUCCAS\AppData\Roaming\Microsoft\Installer\{89661B04-C646-4412-B6D3-5E19F02F1F37}\ARPPRODUCTICON.exe
2010-02-06 12:57 . 2010-02-05 12:56 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-01-22 20:19 . 2010-01-22 20:19 101 ----a-w- c:\users\DANIEL LUCCAS\AppData\Local\fusioncache.dat
2010-01-22 01:33 . 2010-01-22 01:33 41872 ----a-w- c:\windows\system32\xfcodec.dll
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legtimas por defeito no so mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-18 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-09-30 00:15 133104 ----atw- c:\users\DANIEL LUCCAS\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 14:50 155648 ----a-w- c:\windows\System32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2010-01-11 22:17 2935480 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 04:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]
2004-06-10 15:48 286720 ----a-w- c:\windows\vsnpstd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

R3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.SYS [x]
R3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNt.sys [2008-10-17 131072]
R3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2008-10-17 79104]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-01-06 3482384]
R3 usb2vcom;USB to Serial Bridge Controller;c:\windows\system32\Drivers\usb2vcom.sys [2006-07-17 30368]
R4 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-10 691696]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-03-16 180224]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 TimerStop;TimerStop;c:\windows\system32\TimerStop.sys [2006-12-23 4096]

.
Contedo da pasta 'Tarefas Agendadas'

2010-04-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3808641019-3835033643-4178199915-1000Core.job
- c:\users\DANIEL LUCCAS\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-30 00:15]

2010-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3808641019-3835033643-4178199915-1000UA.job
- c:\users\DANIEL LUCCAS\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-30 00:15]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.usc.br/
uInternet Settings,ProxyServer = 74.87.151.153:8000
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {8C02182C-3035-4833-A0A8-7FADFD4B7FD0} = 200.204.0.10 200.204.0.138
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
DPF: {8C2E6E01-D1F6-4A94-B314-7C5DF4EE1853} - hxxp://cs.hangame.com/hangame_renew/mail/HGReport.cab
DPF: {B9DD5FFF-776D-4E53-93D3-A4463E63AD86} - hxxp://cdn.hangame.com/hangame/messenger/hani/webmsg/HanWebMsg.cab
DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxps://members.hangame.com/common/HanSetup1020.cab
.
- - - - ORF홒S REMOVIDOS - - - -

MSConfigStartUp-ares - c:\program files\Ares\Ares.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-15 00:17
Windows 6.0.6001 Service Pack 1 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_USERS\S-1-5-21-3808641019-3835033643-4178199915-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:92,ac,3b,2f,84,8d,18,ac,75,5b,09,29,ce,5b,db,5f,8c,42,74,0c,58,4f,cf,
15,58,23,2e,3a,3c,9e,99,d1,c9,20,b1,3c,bf,36,2b,2d,be,42,76,d4,8e,98,02,0f,\
"??"=hex:50,d4,68,be,3a,41,eb,1d,a9,8b,83,33,08,c8,fe,69

[HKEY_USERS\S-1-5-21-3808641019-3835033643-4178199915-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:69,e9,c8,d6,32,04,74,9b,8a,a0,cc,68,68,e7,b2,68,8e,86,43,56,bf,
48,88,37,71,38,62,7d,c5,d5,25,f1,57,80,3e,a1,50,3e,e8,5c,8c,9d,72,26,46,be,\
"rkeysecu"=hex:9f,ca,16,75,83,0a,d6,fd,d2,a5,ab,cb,c1,0d,12,f7

[HKEY_USERS\S-1-5-21-3808641019-3835033643-4178199915-1000\ **]
@Allowed: (Read) (RestrictedCode)
"MachineID"=hex:01,f1,3a,70,62,1a,03,00
DUMPHIVE0.003 (REGF)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Tempo para concluso: 2010-04-15 00:19:58
ComboFix-quarantined-files.txt 2010-04-15 03:19

Pr-execu豫o: 16.177.299.456 bytes disponveis
Ps execu豫o: 16.127.746.048 bytes disponveis

- - End Of File - - 61E3CB8EB550EE1E0755236C180FA2D3


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,773 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:00 PM

Posted 15 April 2010 - 12:54 PM

Hi,

I assume that ComboFix didn't fix the problem?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 jakalbrow

jakalbrow
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 16 April 2010 - 12:20 AM

Yes, that's correct. The problems I mentioned are still there.
Is there any way to be sure if they are not caused by malware?
I've been meaning to install windows seven over vista, or formatting and installing from scratch, wondering if these issues would be taken care of, but I need to backup several personal files. I'm concerned if malware would be carried along with them.
I'd rather not format everything, but if a solution can't be found, I wouldn't object.
I appreciate your help so far, and I'm still counting on your support.

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,773 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:00 PM

Posted 19 April 2010 - 07:30 AM

Hi,

I don't think Avira is the problem regarding gmer, if it was it should have run in safe mode. Can you please try gmer with only the sections option checked.

Personally I have not seen a sign for active malware on your system yet, but there is no way to be 100% sure that you aren't infected. It is just unlikely.

If you wish to make sure no infection can spread over your flash drives please do the following:
Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 jakalbrow

jakalbrow
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 19 April 2010 - 06:13 PM

Hello again myrti.

Thanks for flash disinfector, it will sure come in handy.
But unfortunately I need to backup a major part of my HD, so flash drives won't suffice.
Regardless, I tried running gmer with only the sections option checked.
The program seemed to work correctly. I was able to save a log after the scan finished.
Then I closed the program and tried opening windows explorer.
It took an unusually long time to open, but seemed to work properly after.
Then I tried opening Chrome, and the same blue screen issue occurred, followed by reinicialization of the system.
Is it possible that internet protocols are being somehow affected by gmer, or by any malware that it is able to locate?
Or is it only Chrome malfunctioning? I remember that when I ran gmer earlier, Chrome was running at the same time.
I wonder if this has anything to do with the BSOD.
Then again, I think I ran gmer once without establishing a connection, although my modem was on.
Let me know if you need me to try running it again under different conditions.
Anyways, here is the gmer's log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-19 19:54:18
Windows 6.0.6001 Service Pack 1
Running: gmer.exe; Driver: C:\Users\DANIEL~1\AppData\Local\Temp\pxkyrfoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetTimerEx + 454 830EEA18 4 Bytes [34, AB, CF, 80]
.text ntkrnlpa.exe!KeSetTimerEx + 624 830EEBE8 4 Bytes [20, AB, CF, 80]
.text ntkrnlpa.exe!KeSetTimerEx + 640 830EEC04 4 Bytes [25, AB, CF, 80]
.text ntkrnlpa.exe!KeSetTimerEx + 854 830EEE18 4 Bytes [2F, AB, CF, 80]
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x90408000, 0x250DAC, 0xE8000020]
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0x9F13F300, 0x3B6D8, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x9F184300, 0x1BEE, 0xE8000020]

---- EOF - GMER 1.0.15 ----

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,773 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:00 PM

Posted 20 April 2010 - 10:25 AM

Hi,

I would like you to run a scan with Malwarebytes, but to be honest, this doesn't look like malware at all and I would suggest that you post about this in the windows forums.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 jakalbrow

jakalbrow
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 23 April 2010 - 09:38 PM

Hello again.

If the problems really aren't malware, how should I report them at the windows forums?
Is there a need to be more specific about the problems I described earlier?
Here is the log mbam created:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Verso da Base de Dados: 4028

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

23/04/2010 23:25:10
mbam-log-2010-04-23 (23-25-10).txt

Tipo de Verifica豫o: Verifica豫o Rpida
Objetos escaneados: 118242
Tempo decorrido: 4 minuto(s), 42 segundo(s)

Processos de Memria Infectados: 0
Mdulos de Memria Infectados: 0
Chaves de Registro Infectadas: 0
Valores de Registro Infectados: 0
Itens de Dados no Registro Infectados: 0
Pastas Infectadas: 0
Arquivos Infectados: 2

Processos de Memria Infectados:
(No foram detectados tens maliciosos)

Mdulos de Memria Infectados:
(No foram detectados tens maliciosos)

Chaves de Registro Infectadas:
(No foram detectados tens maliciosos)

Valores de Registro Infectados:
(No foram detectados tens maliciosos)

Itens de Dados no Registro Infectados:
(No foram detectados tens maliciosos)

Pastas Infectadas:
(No foram detectados tens maliciosos)

Arquivos Infectados:
C:\Windows\Fonts\~GLH0002.TMP (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Windows\Fonts\~GLH0005.TMP (Spyware.OnlineGames) -> Quarantined and deleted successfully.


#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,773 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:00 PM

Posted 24 April 2010 - 03:55 PM

Hi,

this looks ok, it seems to have found some leftovers. Could you please repeat the scan and let me know if the files get detected again.

I think your introductory description was fine. If the people in the windows forums need more information, they'll let you know.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 jakalbrow

jakalbrow
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 27 April 2010 - 06:33 AM

Hello again.

MBAM did not find any other infected files.
Would it be necessary to run a more thorough scan?
If not, shall I already post these issues at the windows forums?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users