Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake Anti-Virus Malware or Something... Personal Shield Pro!


  • This topic is locked This topic is locked
5 replies to this topic

#1 DuDaX

DuDaX

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 30 August 2011 - 03:39 PM

Hi, I'm having a really annoying problem... I don't know how, but this fake anti-virus or whatever just popped up from nowhere, I tried to remove it manually, and now I don't know what to do, because loads of trojans are on my pc, and I can't remove them... One trojan that keeps appearing ~(AVG detection)~ is conhost.exe (Agent_r.AOB) Something like that. I used Malwarebytes Anti-Malware, Iobit Malware Fighter, AVG Internet Security 2011, Spybot Search & Destroy, I've used advanced system care (to fix registry), I deleted some registry values, etc etc... But on "c:\Windows\temp\" it keeps appearing some files that might be related to this thing... By the way, I found a serial code on the net to make that thing ~(Personal Shield Pro)~ stop popping out telling my pc was full of trojans, adwares, spywares, virus etc etc. (It stopped, but something is working in the background).
Can some one Help me please?
I've already downloaded OTL and started scanning with the custom scan: "%systemroot%\system32\*.dll/locked files".
Thank you for your help,

DuDaX

I have the scan completed, I'm going to send now the logs

OTL logfile created on: 30-08-2011 21:16:59 - Run 1
OTL by OldTimer - Version 3.2.26.7 Folder = C:\Documents and Settings\JoDaX\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = )
Locale: 00000816 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy

2,00 Gb Total Physical Memory | 0,78 Gb Available Physical Memory | 38,86% Memory free
3,85 Gb Paging File | 2,61 Gb Available in Paging File | 67,68% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 102,18 Gb Free Space | 68,56% Space Free | Partition Type: NTFS
Drive D: | 149,05 Gb Total Space | 119,62 Gb Free Space | 80,26% Space Free | Partition Type: NTFS

Computer Name: JOANA-DUDAX | User Name: JoDaX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-08-30 21:16:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JoDaX\Desktop\OTL.exe
PRC - [2011-07-31 19:49:52 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011-07-06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011-04-18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011-04-18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011-04-14 21:30:46 | 003,588,960 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgui.exe
PRC - [2011-04-14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011-03-28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011-03-16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011-03-16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011-03-09 19:24:44 | 002,708,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgfws.exe
PRC - [2011-02-28 17:35:18 | 000,191,008 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\system32\npkcmsvc.exe
PRC - [2011-02-10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011-02-08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011-02-08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011-02-08 05:33:06 | 001,088,864 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgscanx.exe
PRC - [2011-02-08 05:32:42 | 000,750,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgam.exe
PRC - [2009-03-05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008-04-14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-09-04 19:25:44 | 000,131,072 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2006-11-03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006-08-11 08:14:20 | 000,253,952 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\00THotkey.exe
PRC - [2006-07-27 23:02:54 | 000,090,112 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA HD DVD PLAYER\TNaviSrv.exe
PRC - [2006-05-25 18:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
PRC - [2006-02-14 01:25:42 | 000,077,824 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
PRC - [2005-12-15 09:04:30 | 000,208,974 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA RAID\Service\kraidsvc.exe
PRC - [2005-01-18 00:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2001-11-12 13:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe


========== Modules (No Company Name) ==========

MOD - [2011-08-28 22:47:42 | 000,047,616 | -H-- | M] () -- C:\WINDOWS\drivedit.dll
MOD - [2011-08-09 16:43:20 | 000,130,904 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\ASCv4ExtMenu.dll
MOD - [2011-08-05 18:04:37 | 003,542,616 | ---- | M] () -- c:\Program Files\Common Files\Akamai\netsession_win_2da1ebd.dll
MOD - [2011-06-19 19:04:47 | 000,043,520 | ---- | M] () -- C:\WINDOWS\system32\CmdLineExt03.dll
MOD - [2011-05-28 22:04:58 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2011-02-10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2011-02-04 18:48:32 | 000,456,192 | ---- | M] () -- C:\WINDOWS\system32\encdec.dll
MOD - [2011-02-04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010-02-05 19:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008-04-14 01:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008-04-14 01:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006-10-09 17:12:30 | 000,224,256 | ---- | M] () -- C:\WINDOWS\system32\psisrndr.ax
MOD - [2006-10-09 17:12:14 | 000,235,008 | ---- | M] () -- C:\WINDOWS\system32\psisdecd.dll
MOD - [2005-08-05 14:01:54 | 000,167,936 | ---- | M] () -- C:\WINDOWS\system32\wstpager.ax
MOD - [2005-08-05 14:01:54 | 000,159,744 | ---- | M] () -- C:\WINDOWS\system32\VBICodec.ax
MOD - [2005-08-05 14:01:54 | 000,062,976 | ---- | M] () -- C:\WINDOWS\system32\mpeg2data.ax
MOD - [2005-08-05 13:06:50 | 000,165,376 | ---- | M] () -- C:\WINDOWS\system32\mpg2splt.ax
MOD - [2005-08-05 13:05:32 | 000,064,512 | ---- | M] () -- C:\WINDOWS\system32\msnp.ax
MOD - [2004-07-20 17:04:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll


========== Win32 Services (SafeList) ==========

SRV - [2011-08-09 16:38:38 | 000,328,536 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011-08-05 18:04:37 | 003,542,616 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_2da1ebd.dll -- (Akamai)
SRV - [2011-07-06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011-06-01 14:10:00 | 000,821,080 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2011-04-18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011-03-09 19:24:44 | 002,708,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgfws.exe -- (avgfws)
SRV - [2011-02-28 17:35:18 | 000,191,008 | ---- | M] (INCA Internet Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\npkcmsvc.exe -- (npkcmsvc)
SRV - [2011-02-08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010-09-14 22:30:00 | 004,373,784 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2007-09-04 19:25:44 | 000,131,072 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2006-11-03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006-07-27 23:02:54 | 000,090,112 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA HD DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2006-05-25 18:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
SRV - [2006-02-14 01:25:42 | 000,077,824 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe -- (STacSV)
SRV - [2005-12-15 09:04:30 | 000,208,974 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe -- (kraidsvc)
SRV - [2005-01-18 00:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2001-11-12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)


========== Driver Services (SafeList) ==========

DRV - [2011-07-06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | Disabled | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011-07-06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011-05-27 18:16:24 | 000,010,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Game\SoftnyxGame\GunboundIS\apf001.sys -- (apf001)
DRV - [2011-04-27 19:18:34 | 000,239,472 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys -- (FileMonitor)
DRV - [2011-04-14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011-04-05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011-03-23 01:00:08 | 000,016,080 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys -- (UrlFilter)
DRV - [2011-03-23 01:00:06 | 000,030,368 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys -- (RegFilter)
DRV - [2011-03-16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011-03-01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011-02-23 17:04:32 | 000,013,496 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2011-02-22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011-02-10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011-02-10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011-01-07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010-07-12 04:33:54 | 000,030,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2010-07-12 04:33:54 | 000,030,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2009-04-15 14:53:20 | 000,043,424 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npkcusb.sys -- (npkcusb)
DRV - [2008-04-13 19:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008-04-13 19:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008-04-13 19:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2007-09-04 19:26:32 | 000,029,696 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev)
DRV - [2006-09-15 06:19:50 | 000,066,944 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\thdudf.sys -- (thdudf)
DRV - [2006-07-31 20:12:14 | 000,189,184 | ---- | M] (Toshiba Corporation) [Kernel | Auto | Running] -- C:\Program Files\Common Files\TOSHIBA Shared\tos_sps.sys -- (TOS_SPS)
DRV - [2006-07-11 22:44:28 | 000,173,568 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ttv400x.sys -- (ttv400x)
DRV - [2006-07-03 00:16:30 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006-06-28 11:50:00 | 000,098,816 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf)
DRV - [2006-06-13 12:29:28 | 000,047,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006-06-13 11:22:58 | 000,111,232 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2006-06-09 21:40:00 | 000,040,192 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2006-05-29 13:11:20 | 000,060,672 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2006-03-16 10:45:12 | 000,037,632 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2006-03-15 10:52:40 | 000,052,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2006-03-02 18:49:50 | 000,015,360 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006-02-14 17:41:20 | 000,208,256 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\KR10N.sys -- (KR10N)
DRV - [2006-02-14 01:26:02 | 001,106,888 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005-12-26 14:33:26 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\TVALZ.SYS -- (TVALZ)
DRV - [2005-12-13 17:08:44 | 001,124,097 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005-11-28 10:45:16 | 000,007,040 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\x10hid.sys -- (X10Hid)
DRV - [2005-09-09 14:47:10 | 000,009,344 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2005-08-01 16:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005-07-11 18:58:56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005-01-06 13:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2003-09-19 01:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003-01-29 22:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1349089997-916676619-4025752663-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-1349089997-916676619-4025752663-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1349089997-916676619-4025752663-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
IE - HKU\S-1-5-21-1349089997-916676619-4025752663-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011-08-29 23:44:28 | 000,000,000 | ---D | M]

[2011-08-21 14:52:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010-11-29 12:43:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010-11-29 12:43:01 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010-07-28 18:14:08 | 000,022,016 | ---- | M] (NHN USA Inc.) -- C:\Program Files\mozilla firefox\plugins\npijjiFFPlugin1.dll
[2011-06-16 21:53:57 | 000,000,953 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-br.xml

O1 HOSTS File: ([2011-08-29 23:47:28 | 000,436,136 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15031 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKU\S-1-5-21-1349089997-916676619-4025752663-1005\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-1349089997-916676619-4025752663-1005\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [emsisoftantimalwaresetup] File not found
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPSODDCtl] C:\WINDOWS\System32\TPSODDCtl.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1349089997-916676619-4025752663-1005..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-1349089997-916676619-4025752663-1005..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKU\S-1-5-21-1349089997-916676619-4025752663-1005..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1349089997-916676619-4025752663-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} http://update.nprotect.net/keycrypt/cabal/npkcx_inca.cab (NPKCX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\JoDaX\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\JoDaX\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-08-28 14:32:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006-08-28 14:32:51 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (avgrmbr.nt /mbr C:\WINDOWS\System32\avgrmbr.bin) - C:\WINDOWS\System32\avgrmbr.nt (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: convdlin - (C:\WINDOWS\drivedit.dll) - C:\WINDOWS\drivedit.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011-08-30 21:16:00 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\JoDaX\Desktop\OTL.exe
[2011-08-30 21:07:35 | 003,769,184 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrmbr.nt
[2011-08-30 00:50:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JoDaX\My Documents\KONAMI
[2011-08-29 23:48:31 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011-08-29 23:46:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JoDaX\Application Data\AVG10
[2011-08-29 23:44:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
[2011-08-29 23:42:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011-08-29 23:42:38 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011-08-29 23:42:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011-08-29 23:42:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011-08-29 23:42:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011-08-29 23:40:58 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011-08-29 23:36:13 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011-08-29 23:36:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011-08-29 23:20:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JoDaX\Desktop\EmsisoftEmergencyKit
[2011-08-29 21:22:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2011-08-29 15:55:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JoDaX\Local Settings\Application Data\PackageAware
[2011-08-29 15:44:39 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2011-08-29 15:44:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JoDaX\My Documents\Anti-Malware
[2011-08-29 15:42:14 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011-08-29 15:38:21 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2011-08-29 15:29:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\KONAMI
[2011-08-29 15:25:15 | 000,000,000 | ---D | C] -- C:\Program Files\KONAMI
[2011-08-29 15:11:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JoDaX\Desktop\PES2012DEMO
[2011-08-29 14:21:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JoDaX\Local Settings\Application Data\PCHealth
[2011-08-29 14:11:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JoDaX\Application Data\Malwarebytes
[2011-08-29 14:11:23 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011-08-29 14:11:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011-08-29 14:11:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011-08-29 14:11:17 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011-08-29 14:11:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011-08-29 00:30:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011-08-28 23:35:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011-08-28 22:59:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nD04903FkFhG04903
[2011-08-23 12:42:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JoDaX\Local Settings\Application Data\Google
[2011-08-23 12:41:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JoDaX\Local Settings\Application Data\Deployment
[2011-08-23 00:41:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011-08-18 13:48:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JoDaX\Application Data\PriceGong
[2011-08-11 23:22:00 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2011-08-11 23:16:53 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2011-08-05 20:37:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2011-08-05 20:37:04 | 000,000,000 | ---D | C] -- C:\Program Files\Yuna Software
[2011-07-18 12:57:03 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Program Files\d3dx9_30.dll
[2011-07-18 12:57:03 | 000,484,696 | ---- | C] (ESTsoft) -- C:\Program Files\update.exe
[2011-07-18 12:57:03 | 000,369,664 | ---- | C] (Firelight Technologies) -- C:\Program Files\fmodexL.dll
[2011-07-18 12:57:03 | 000,325,632 | ---- | C] (Firelight Technologies) -- C:\Program Files\fmodex.dll
[2011-07-18 12:57:03 | 000,306,184 | ---- | C] (INCA Internet Co.,Ltd.) -- C:\Program Files\GameGuard.des
[2011-07-18 12:57:03 | 000,197,168 | ---- | C] (ESTsoft) -- C:\Program Files\cabal.exe
[2011-07-18 12:57:03 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Program Files\atl71.dll
[2011-07-18 12:57:03 | 000,094,208 | ---- | C] (ESTsoft Corp.) -- C:\Program Files\KarasX2.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011-08-30 21:17:44 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1349089997-916676619-4025752663-1005.job
[2011-08-30 21:17:42 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1349089997-916676619-4025752663-1005.job
[2011-08-30 21:16:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JoDaX\Desktop\OTL.exe
[2011-08-30 21:07:36 | 000,000,512 | ---- | M] () -- C:\WINDOWS\System32\avgrmbr.bin
[2011-08-30 20:58:04 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011-08-30 20:53:18 | 000,194,264 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011-08-30 20:52:33 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job
[2011-08-30 20:52:29 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2011-08-30 20:51:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-08-30 20:51:34 | 2146,484,224 | -HS- | M] () -- C:\hiberfil.sys
[2011-08-29 23:47:29 | 130,498,006 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011-08-29 23:47:29 | 000,660,786 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm
[2011-08-29 23:47:28 | 000,436,136 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011-08-29 23:46:36 | 000,436,136 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110829-234728.backup
[2011-08-29 23:44:35 | 000,000,708 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011-08-29 23:42:52 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\JoDaX\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011-08-29 23:42:52 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\JoDaX\Desktop\Spybot - Search & Destroy.lnk
[2011-08-29 23:28:36 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011-08-29 15:37:58 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-08-29 14:11:23 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-08-29 13:42:20 | 000,002,032 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ Medieval.lnk
[2011-08-29 13:42:20 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011-08-29 13:42:20 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\JoDaX\Desktop\GunboundIS.lnk
[2011-08-29 13:42:20 | 000,000,554 | ---- | M] () -- C:\Documents and Settings\JoDaX\Desktop\CABAL Online (Europe).lnk
[2011-08-29 13:42:19 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\JoDaX\Desktop\Windows Live Messenger .lnk
[2011-08-29 13:42:19 | 000,001,741 | ---- | M] () -- C:\Documents and Settings\JoDaX\Desktop\NVIDIA Monitor.lnk
[2011-08-29 13:42:19 | 000,001,617 | ---- | M] () -- C:\Documents and Settings\JoDaX\Desktop\nTune.lnk
[2011-08-29 13:42:19 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011-08-29 13:42:19 | 000,001,398 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Media Center.lnk
[2011-08-29 13:42:19 | 000,000,974 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Football Manager 2011.lnk
[2011-08-29 13:42:19 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011-08-29 13:42:19 | 000,000,896 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Quick Care.lnk
[2011-08-29 13:42:19 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 4.lnk
[2011-08-29 13:42:19 | 000,000,870 | ---- | M] () -- C:\Documents and Settings\JoDaX\Desktop\Rumble Fighter.lnk
[2011-08-29 13:42:19 | 000,000,823 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Smart Defrag 2.lnk
[2011-08-29 13:42:19 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Switch to Gaming Mode.lnk
[2011-08-29 13:42:19 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\JoDaX\Desktop\OGPlanet Launcher.lnk
[2011-08-29 13:42:19 | 000,000,809 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Game Booster.lnk
[2011-08-29 13:42:19 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\JoDaX\Desktop\Windows Media Player.lnk
[2011-08-29 13:42:19 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2011-08-29 13:40:29 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IObit Malware Fighter.lnk
[2011-08-28 23:22:47 | 1334,519,140 | ---- | M] () -- C:\Documents and Settings\JoDaX\Desktop\PES2012DEMO.zip
[2011-08-28 22:47:42 | 000,047,616 | -H-- | M] () -- C:\WINDOWS\drivedit.dll
[2011-08-24 11:56:13 | 000,123,098 | ---- | M] () -- C:\Documents and Settings\JoDaX\Desktop\kidsuhfvg.JPG
[2011-08-24 11:46:44 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011-08-19 14:42:22 | 000,503,116 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-08-19 14:42:22 | 000,088,640 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011-08-19 13:05:43 | 000,000,892 | ---- | M] () -- C:\Documents and Settings\JoDaX\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 4.lnk
[2011-08-16 02:28:46 | 000,055,284 | ---- | M] () -- C:\Documents and Settings\JoDaX\Desktop\29312_118890294816273_100000859107825_102288_84271_n.jpg
[2011-08-16 00:31:10 | 000,000,253 | ---- | M] () -- C:\Program Files\mainex.dat
[2011-08-16 00:31:08 | 000,000,171 | ---- | M] () -- C:\Program Files\main.dat
[2011-08-15 21:11:04 | 000,014,243 | ---- | M] () -- C:\Program Files\MainTmp.RPT
[2011-08-15 21:11:04 | 000,003,609 | ---- | M] () -- C:\Program Files\cabalmain.RPT
[2011-08-05 17:13:54 | 000,022,546 | ---- | M] () -- C:\Documents and Settings\JoDaX\Desktop\Sadness_and_Sorrow Flute sheet.pdf
[2011-08-04 10:49:36 | 003,769,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrmbr.nt
[2011-08-01 00:57:37 | 000,049,630 | ---- | M] () -- C:\Documents and Settings\JoDaX\Desktop\reflexologia.jpg
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011-08-30 21:07:36 | 000,000,512 | ---- | C] () -- C:\WINDOWS\System32\avgrmbr.bin
[2011-08-29 23:47:29 | 130,498,006 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011-08-29 23:47:29 | 000,660,786 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm
[2011-08-29 23:44:35 | 000,000,708 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011-08-29 23:42:52 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\JoDaX\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011-08-29 23:42:52 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\JoDaX\Desktop\Spybot - Search & Destroy.lnk
[2011-08-29 23:30:11 | 2146,484,224 | -HS- | C] () -- C:\hiberfil.sys
[2011-08-29 23:28:36 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011-08-29 15:41:29 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011-08-29 15:38:21 | 000,000,955 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Defender.lnk
[2011-08-29 14:11:23 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-08-28 23:19:25 | 1334,519,140 | ---- | C] () -- C:\Documents and Settings\JoDaX\Desktop\PES2012DEMO.zip
[2011-08-28 22:47:42 | 000,047,616 | -H-- | C] () -- C:\WINDOWS\drivedit.dll
[2011-08-24 11:56:13 | 000,123,098 | ---- | C] () -- C:\Documents and Settings\JoDaX\Desktop\kidsuhfvg.JPG
[2011-08-23 00:41:45 | 000,002,271 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011-08-21 15:10:57 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1349089997-916676619-4025752663-1005.job
[2011-08-20 17:30:51 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\JoDaX\Desktop\GunboundIS.lnk
[2011-08-16 02:28:46 | 000,055,284 | ---- | C] () -- C:\Documents and Settings\JoDaX\Desktop\29312_118890294816273_100000859107825_102288_84271_n.jpg
[2011-08-15 21:11:04 | 000,014,243 | ---- | C] () -- C:\Program Files\MainTmp.RPT
[2011-08-05 17:13:54 | 000,022,546 | ---- | C] () -- C:\Documents and Settings\JoDaX\Desktop\Sadness_and_Sorrow Flute sheet.pdf
[2011-08-01 00:57:36 | 000,049,630 | ---- | C] () -- C:\Documents and Settings\JoDaX\Desktop\reflexologia.jpg
[2011-07-18 12:57:04 | 000,004,355 | ---- | C] () -- C:\Program Files\xdata.enc
[2011-07-18 12:57:03 | 001,994,328 | ---- | C] () -- C:\Program Files\cabalmain.exe
[2011-07-18 12:57:03 | 001,614,873 | ---- | C] () -- C:\Program Files\unins000.dat
[2011-07-18 12:57:03 | 001,377,109 | ---- | C] () -- C:\Program Files\unins000.exe
[2011-07-18 12:57:03 | 001,377,107 | ---- | C] () -- C:\Program Files\unins001.exe
[2011-07-18 12:57:03 | 000,413,219 | ---- | C] () -- C:\Program Files\unins001.dat
[2011-07-18 12:57:03 | 000,230,816 | ---- | C] () -- C:\Program Files\Uninstall.exe
[2011-07-18 12:57:03 | 000,003,609 | ---- | C] () -- C:\Program Files\cabalmain.RPT
[2011-07-18 12:57:03 | 000,000,380 | ---- | C] () -- C:\Program Files\CabalOnlineUK.ini
[2011-07-18 12:57:03 | 000,000,253 | ---- | C] () -- C:\Program Files\mainex.dat
[2011-07-18 12:57:03 | 000,000,171 | ---- | C] () -- C:\Program Files\main.dat
[2011-07-17 20:58:18 | 000,000,099 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2011-07-07 02:11:23 | 000,189,248 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2011-07-07 02:11:22 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2011-07-01 00:21:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ToDisc.INI
[2011-06-19 19:04:38 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2011-06-14 15:30:11 | 000,029,520 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2011-06-14 15:30:07 | 000,013,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2011-06-11 15:34:26 | 000,012,920 | ---- | C] () -- C:\WINDOWS\System32\apl001.sys
[2011-06-11 15:34:26 | 000,010,872 | ---- | C] () -- C:\WINDOWS\System32\apf001.sys
[2011-03-01 20:32:27 | 000,000,096 | -H-- | C] () -- C:\WINDOWS\System32\HsInfo.dat
[2011-02-12 21:57:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WinInit.ini
[2010-12-24 15:20:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2010-11-25 20:20:57 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010-11-06 12:13:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010-11-03 16:18:24 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\JoDaX\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-11-03 16:18:24 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\JoDaX\Local Settings\Application Data\fusioncache.dat
[2009-01-30 09:12:00 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008-12-17 18:43:46 | 000,589,824 | ---- | C] () -- C:\WINDOWS\System32\INICRYPTOSDK.dll
[2007-03-12 12:01:30 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2006-09-15 07:24:05 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006-09-15 07:04:46 | 000,000,562 | ---- | C] () -- C:\WINDOWS\TBTdetect.ini
[2006-09-15 06:52:27 | 000,000,410 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006-09-15 06:23:30 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006-09-15 06:23:30 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006-09-15 06:23:30 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006-09-15 06:23:30 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006-09-15 06:23:30 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006-09-15 06:23:30 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006-09-15 06:20:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006-09-15 06:12:57 | 000,127,184 | ---- | C] () -- C:\WINDOWS\Unwise.exe
[2006-09-15 06:02:52 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006-09-15 06:02:52 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006-09-15 06:02:52 | 000,010,166 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006-09-15 06:02:52 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006-09-15 05:56:33 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\000StTHK.exe
[2006-09-14 23:49:44 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006-09-14 23:49:44 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006-09-14 23:49:44 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006-09-14 23:49:44 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006-09-14 23:49:43 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006-09-14 23:49:43 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006-09-14 23:49:42 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006-08-28 15:23:55 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006-08-28 15:23:06 | 000,300,440 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006-08-28 14:35:23 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006-08-28 14:29:24 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006-08-28 13:18:18 | 000,159,744 | ---- | C] () -- C:\WINDOWS\MakeMrk.exe
[2006-08-28 13:18:18 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ToshBIOS.dll
[2006-08-28 13:18:18 | 000,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006-08-28 13:18:08 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2006-08-28 13:18:08 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2006-08-28 13:18:08 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2006-08-28 13:18:08 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2006-08-28 13:18:08 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2006-08-28 13:17:34 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006-08-28 13:17:32 | 000,503,116 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006-08-28 13:17:32 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006-08-28 13:17:32 | 000,088,640 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006-08-28 13:17:32 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006-08-28 13:17:29 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006-08-28 13:17:29 | 000,004,598 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006-08-28 13:17:27 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006-08-28 13:17:24 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006-08-28 13:17:24 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006-08-28 13:17:21 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006-08-28 13:17:13 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005-09-02 14:44:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005-08-05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005-07-22 21:30:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004-07-20 17:04:00 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004-01-15 14:43:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

========== Alternate Data Streams ==========

@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:76650B61

< End of report >

This: [2011-08-28 22:59:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nD04903FkFhG04903
on the ~files created in 30 days is the "thing".

These are the extras

OTL Extras logfile created on: 30-08-2011 21:16:59 - Run 1
OTL by OldTimer - Version 3.2.26.7 Folder = C:\Documents and Settings\JoDaX\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = )
Locale: 00000816 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy

2,00 Gb Total Physical Memory | 0,78 Gb Available Physical Memory | 38,86% Memory free
3,85 Gb Paging File | 2,61 Gb Available in Paging File | 67,68% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 102,18 Gb Free Space | 68,56% Space Free | Partition Type: NTFS
Drive D: | 149,05 Gb Total Space | 119,62 Gb Free Space | 80,26% Space Free | Partition Type: NTFS

Computer Name: JOANA-DUDAX | User Name: JoDaX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1349089997-916676619-4025752663-1005\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiSpywareOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"8396:TCP" = 8396:TCP:*:Enabled:League of Legends Launcher
"8396:UDP" = 8396:UDP:*:Enabled:League of Legends Launcher
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
"1087:TCP" = 1087:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\Age of Empires II The Conquerors Expansion Trial\age2_x1t.exe" = E:\Age of Empires II The Conquerors Expansion Trial\age2_x1t.exe:*:Enabled:Age of Empires II Expansion
"E:\Age of Empires II Trial\EMPIRES2.EXE" = E:\Age of Empires II Trial\EMPIRES2.EXE:*:Enabled:Age of Empires II
"C:\Program Files\Sports Interactive\Football Manager 2011 Russian\fm.exe" = C:\Program Files\Sports Interactive\Football Manager 2011 Russian\fm.exe:*:Enabled:Football Manager 2011 -- (Sports Interactive)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Ubisoft\Assassin's Creed Brotherhood\ACBMP.exe" = C:\Program Files\Ubisoft\Assassin's Creed Brotherhood\ACBMP.exe:*:Enabled:Assassin's Creed Brotherhood Multiplayer
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Protecção Online -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:Instalador AVG -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgam.exe" = C:\Program Files\AVG\AVG10\avgam.exe:*:Enabled:Gestor de alertas AVG -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Verificador de E-mail Pessoal -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C7D5ABD-8233-491E-8986-E5D056D4D395}" = TOSHIBA MPEG-2 Video Decoder
"{0D70FCFE-2102-4951-A56E-22DD07DFA5B6}" = Microsoft .NET Framework 1.1 Portuguese Language Pack
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0FFEA8EE-7BC7-4C9D-8CC6-5B8C891BA3F2}" = Windows Live Essentials
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = Assist TOSHIBA
"{1347D5A6-4FE0-476A-B85F-D0FC91F55EB0}" = TOSHIBA UDF2.5 Reader File System Driver
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live
"{20EAC554-95F9-4926-8D9A-C4FF3EC44C72}" = AVG 2011
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24300A63-DD78-4AA5-A914-4D582C41D33A}" = Utilitário TOSHIBA de Activar/Desactivar TouchPad V2.5.1.0
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = PC Diagnostic Tool da TOSHIBA
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E6FA9D9-D4CA-492B-AE98-83A2D853A355}" = Utilitário TOSHIBA RAID
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{400830CA-F056-4BBE-80A3-9DF9CA4FB889}" = TOSHIBA Direct Disc Writer
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = Formatar Placa de Memória SD TOSHIBA
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live
"{529DDE6B-4F31-438B-B218-F36266ABD8C0}" = TOSHIBA Disc Creator
"{56190F69-01D3-46CA-9861-43377C5E9B87}" = TOSHIBA Utilities
"{590035D9-BFA0-406A-A7F0-479C72C0DDB2}" = Windows Live Call
"{5D96E2B1-D9AC-46E0-9073-425C5F63E338}" = Touch and Launch
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = Utilitário de Zooming da TOSHIBA
"{6844E55F-37A1-42BC-B316-326B48C49ADC}" = Pro Evolution Soccer 2012 DEMO
"{695B13B2-7919-4EC5-8601-092F0D2DE069}" = AVG 2011
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA HD DVD PLAYER
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74AD1846-2010-4FB1-8E24-B6F2B87150C2}" = Windows Live Mail
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7862BAD8-A379-4128-8AA1-EFD5A9603C53}" = Wireless Hotkey
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = The Sims Medieval
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87A9C015-C2BA-44EE-9C20-6E1A764B8E23}" = Windows Live Galeria de Fotos
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0010-0416-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12
"{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007
"{90120000-0015-0416-0000-0000000FF1CE}_PROR_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007
"{90120000-0016-0416-0000-0000000FF1CE}_PROR_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007
"{90120000-0018-0416-0000-0000000FF1CE}_PROR_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007
"{90120000-0019-0416-0000-0000000FF1CE}_PROR_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007
"{90120000-001A-0416-0000-0000000FF1CE}_PROR_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007
"{90120000-001B-0416-0000-0000000FF1CE}_PROR_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_PROR_{75EBE365-7FC5-4720-A7D3-804BF550D1BC}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007
"{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007
"{90120000-006E-0416-0000-0000000FF1CE}_PROR_{9A141B2B-7C5E-47D2-8E9E-9AC6018F3C42}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{90CC4231-94AC-45CD-991A-0253BFAC0650}" = mDrWiFi
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9555B4ED-09A3-4722-8E8C-57A49401D059}" = Windows Live Writer
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ACBDDE2-DD2D-4103-8ECE-D1A9F7F03D1A}" = TOSHIBA Power Saver
"{9ADC3E4F-34DA-48CD-8727-BB26D90257BD}" = Windows Live Messenger
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = Silenciador Acúst. Unid. CD/DVD
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = Controlos TOSHIBA
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-7AD7-1046-7B44-A70800000002}" = Adobe Reader 7.0.8 - Português
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0FC3B56-E345-40CD-A5CB-7EB791CE3E74}" = TOSHIBA Password Utility
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EDABD8AC-E512-42EF-8400-5396E3D6CBA1}" = Utilitário de cópia de ficheiro QosmioPlayer da TOSHIBA
"{F000DE4C-B6CB-4181-BAFF-EC5DA2A9C156}" = RuntimeLibsVC90
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F71D0C1A-B739-4DD9-8304-8271E67E00CD}" = MSN Search Toolbar Multilingual User Interface Pack
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FCD71FFD-0825-42DD-8BEC-CE8F97823B36}" = Localization Pack for Microsoft Windows XP Media Center Edition
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 4_is1" = Advanced SystemCare 4
"Akamai" = Akamai NetSession Interface
"AVG" = AVG 2011
"CABAL Online: Episode IV_is1" = Cabal Online Europe - Episode IV
"Football Manager 2011 Russian" = Football Manager 2011 Russian
"Game Booster_is1" = Game Booster
"GunboundIS_is1" = GunboundIS
"ie8" = Windows Internet Explorer 8
"InstallShield_{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = PC Diagnostic Tool da TOSHIBA
"InstallShield_{56190F69-01D3-46CA-9861-43377C5E9B87}" = Utilitários Toshiba
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"InstallShield_{9ACBDDE2-DD2D-4103-8ECE-D1A9F7F03D1A}" = TOSHIBA Power Saver
"InstallShield_{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = Controlos TOSHIBA
"InstallShield_{C0FC3B56-E345-40CD-A5CB-7EB791CE3E74}" = Utilitário de Palavras-passe TOSHIBA
"IObit Malware Fighter_is1" = IObit Malware Fighter
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware versão 1.51.1.1800
"Messenger Plus!" = Messenger Plus! 5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"npkcxp" = nProtect KeyCrypt
"NVIDIA Drivers" = NVIDIA Drivers
"OGPlanet Game Launcher US" = OGPlanet Game Launcher
"Plugin Letras.mus.br" = Plugin Letras.mus.br 1.10
"ProInst" = Software do Intel® PROSet/Wireless
"PROR" = Versão de Avaliação do Microsoft Office Professional 2007
"PROSet" = Intel® PRO Network Connections Drivers
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 12.0" = RealPlayer
"RumbleFighter" = Rumble Fighter
"Smart Defrag 2_is1" = Smart Defrag 2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TDspBtn" = Alternar Entre Ecrãs TOSHIBA
"TFNF5" = Teclas Rápidas para Escolher Ecrãs TOSHIBA
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"X10Hardware" = X10 Hardware™

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 29-08-2011 16:21:18 | Computer Name = JOANA-DUDAX | Source = Application Error | ID = 1000
Description = Aplicação em falha iexplore.exe, versão 8.0.6001.18702, módulo em
falha unknown, versão 0.0.0.0, endereço em falha 0x020278cd.

Error - 29-08-2011 16:24:02 | Computer Name = JOANA-DUDAX | Source = Application Error | ID = 1000
Description = Aplicação em falha iexplore.exe, versão 8.0.6001.18702, módulo em
falha unknown, versão 0.0.0.0, endereço em falha 0x01ab78cd.

Error - 29-08-2011 18:10:36 | Computer Name = JOANA-DUDAX | Source = Application Error | ID = 1000
Description = Aplicação em falha iexplore.exe, versão 8.0.6001.18702, módulo em
falha , versão 0.0.0.0, endereço em falha 0x00000000.

Error - 29-08-2011 18:24:43 | Computer Name = JOANA-DUDAX | Source = EventSystem | ID = 4609
Description = O sistema de registo de eventos do COM+ detectou um código devolvido
inválido durante o respectivo processamento interno. O HRESULT é 8007043C na linha
44 de d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Contacte o suporte
técnico da Microsoft para comunicar este err

Error - 29-08-2011 18:34:36 | Computer Name = JOANA-DUDAX | Source = Application Error | ID = 1000
Description = Aplicação em falha iexplore.exe, versão 8.0.6001.18702, módulo em
falha , versão 0.0.0.0, endereço em falha 0x00000000.

Error - 29-08-2011 18:34:47 | Computer Name = JOANA-DUDAX | Source = Application Error | ID = 1000
Description = Aplicação em falha iexplore.exe, versão 8.0.6001.18702, módulo em
falha , versão 0.0.0.0, endereço em falha 0x00000000.

Error - 29-08-2011 19:34:38 | Computer Name = JOANA-DUDAX | Source = Application Error | ID = 1000
Description = Aplicação em falha iexplore.exe, versão 8.0.6001.18702, módulo em
falha unknown, versão 0.0.0.0, endereço em falha 0x100078cd.

Error - 29-08-2011 19:37:18 | Computer Name = JOANA-DUDAX | Source = Application Error | ID = 1000
Description = Aplicação em falha iexplore.exe, versão 8.0.6001.18702, módulo em
falha , versão 0.0.0.0, endereço em falha 0x00000000.

Error - 30-08-2011 16:02:12 | Computer Name = JOANA-DUDAX | Source = Application Error | ID = 1000
Description = Aplicação em falha iexplore.exe, versão 8.0.6001.18702, módulo em
falha unknown, versão 0.0.0.0, endereço em falha 0x10001000.

Error - 30-08-2011 16:03:24 | Computer Name = JOANA-DUDAX | Source = Application Error | ID = 1000
Description = Aplicação em falha iexplore.exe, versão 8.0.6001.18702, módulo em
falha , versão 0.0.0.0, endereço em falha 0x00000000.

[ System Events ]
Error - 29-08-2011 9:05:52 | Computer Name = JOANA-DUDAX | Source = Service Control Manager | ID = 7034
Description = O serviço Intel® PROSet/Wireless Registry Service terminou inesperadamente.
Isto aconteceu 1 vez(es).

Error - 29-08-2011 9:05:54 | Computer Name = JOANA-DUDAX | Source = Service Control Manager | ID = 7034
Description = O serviço PnkBstrA terminou inesperadamente. Isto aconteceu 1 vez(es).

Error - 29-08-2011 9:05:55 | Computer Name = JOANA-DUDAX | Source = Service Control Manager | ID = 7034
Description = O serviço NVIDIA Display Driver Service terminou inesperadamente.
Isto aconteceu 1 vez(es).

Error - 29-08-2011 9:05:56 | Computer Name = JOANA-DUDAX | Source = Service Control Manager | ID = 7034
Description = O serviço nTune Service terminou inesperadamente. Isto aconteceu 1
vez(es).

Error - 29-08-2011 9:05:57 | Computer Name = JOANA-DUDAX | Source = Service Control Manager | ID = 7034
Description = O serviço npkcmsvc terminou inesperadamente. Isto aconteceu 1 vez(es).

Error - 29-08-2011 9:05:57 | Computer Name = JOANA-DUDAX | Source = Service Control Manager | ID = 7034
Description = O serviço Serviço de Bonjour terminou inesperadamente. Isto aconteceu
1 vez(es).

Error - 29-08-2011 9:05:58 | Computer Name = JOANA-DUDAX | Source = Service Control Manager | ID = 7031
Description = O serviço Media Center Extender Service terminou inesperadamente.
Já o fez 1 vez(es). Será efectuada a seguinte acção correctiva em 5000 milissegundos:
Reiniciar o serviço.

Error - 29-08-2011 9:05:59 | Computer Name = JOANA-DUDAX | Source = Service Control Manager | ID = 7031
Description = O serviço TOSHIBA RAID Service terminou inesperadamente. Já o fez
1 vez(es). Será efectuada a seguinte acção correctiva em 60000 milissegundos: Reiniciar
o serviço.

Error - 29-08-2011 9:05:59 | Computer Name = JOANA-DUDAX | Source = Service Control Manager | ID = 7034
Description = O serviço Java Quick Starter terminou inesperadamente. Isto aconteceu
1 vez(es).

Error - 29-08-2011 9:06:00 | Computer Name = JOANA-DUDAX | Source = Service Control Manager | ID = 7034
Description = O serviço IMF Service terminou inesperadamente. Isto aconteceu 1 vez(es).


< End of report >

I'm waiting for the results of D.D.S. ! I don't know why, but it has disappeared the first time It was running without leaving the txt file... I'm doing it again

D.D.S. Says: 'SWREG.DAT' is not recognized has a command

Maybe I didn't shutdown script blocking tools? Which are?

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-30 23:26:16
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Scsi\KR10N1 TOSHIBA_ rev.____
Running: gmer.exe; Driver: C:\DOCUME~1\JoDaX\LOCALS~1\Temp\ugryykog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xAAB2C738]
SSDT \SystemRoot\system32\drivers\szkgfs.sys (STOPzilla Kernel Guard File System, x86-32 /iS3, Inc.) ZwTerminateProcess [0xA2851496]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xAAB2C878]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xAAB2C914]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6992360, 0x33AACD, 0xE8000020]
.text C:\Program Files\Common Files\Toshiba Shared\tos_sps.sys section is writeable [0xA32C3480, 0x29661, 0xE8000020]
.dsrt C:\Program Files\Common Files\Toshiba Shared\tos_sps.sys unknown last section [0xA32F0300, 0x2FC, 0x40000040]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[356] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E2000A
.text C:\WINDOWS\Explorer.EXE[356] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00F9000A
.text C:\WINDOWS\Explorer.EXE[356] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00E1000C
.text C:\WINDOWS\System32\svchost.exe[576] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006F000A
.text C:\WINDOWS\System32\svchost.exe[576] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00F6000A
.text C:\WINDOWS\System32\svchost.exe[576] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 006E000C
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[2332] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Internet Explorer\iexplore.exe[2980] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A2000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2980] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00A3000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2980] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A1000C
.text C:\Program Files\Internet Explorer\iexplore.exe[2980] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2980] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2980] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2980] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB3C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2980] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2546A6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2980] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5337 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2980] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5269 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2980] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2980] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E513A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2980] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E519C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2980] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E539A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2980] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51FE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2980] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB98 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2980] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E569F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4612] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A2000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4612] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00A3000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4612] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A1000C
.text C:\Program Files\Internet Explorer\iexplore.exe[4612] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4612] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4612] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4612] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB3C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4612] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2546A6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4612] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5337 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4612] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5269 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4612] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4612] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E513A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4612] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E519C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4612] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E539A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4612] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51FE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4612] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB98 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4612] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E569F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5416] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00EA000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5416] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00EB000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5416] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00E9000C
.text C:\Program Files\Internet Explorer\iexplore.exe[5416] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5416] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB3C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5416] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5337 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5416] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5269 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5416] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5416] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E513A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5416] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E519C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5416] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E539A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5416] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51FE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Udfs.SYS (UDF File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device \Driver\KR10N -> DriverStartIo \Device\Scsi\KR10N1Port1Path0Target6Lun0 8A63A31B
Device \Driver\KR10N -> DriverStartIo \Device\Scsi\KR10N1Port1Path0Target1Lun0 8A63A31B
Device \Driver\KR10N -> DriverStartIo \Device\Scsi\KR10N1 8A63A31B
Device \Driver\KR10N -> DriverStartIo \Device\Scsi\KR10N1Port1Path0Target0Lun0 8A63A31B

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\JoDaX\Local Settings\Temporary Internet Files\Content.IE5\WTHZIIVM\forum22[1].html 144135 bytes
File C:\WINDOWS\Temp\avg-462af660-6589-4357-b735-7e51c7691917.tmp 0 bytes

---- EOF - GMER 1.0.15 ----

Merged posts. ~ OB

Edited by Orange Blossom, 01 September 2011 - 11:50 PM.


BC AdBot (Login to Remove)

 


#2 DuDaX

DuDaX
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 30 August 2011 - 05:07 PM

Oh my god... Need help please!
I'm sorry to be impatient!

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,853 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:05:47 PM

Posted 01 September 2011 - 11:55 PM

I know how frustrating it is when your computer isn't working properly. Let me assure you that your topic isn't lost, forgotten, or ignored. We work with hundreds of logs every day, so we have devised a means of seeing only those topics that don't have responses yet. At the moment, we have nearly 150 unanswered topics, about 60 of them older than yours. The oldest is dated Aug. 28, 2011 at 3:07:04 a.m. Eastern Daylight Savings time in the U.S.A. Your log topic is dated Aug. 30, 2011 at 4:39 p.m. using the same time zone.

Our volunteer MRT team members have various levels of expertise and training, so while we try to take the oldest DDS/HJT logs, it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us would want someone to assist you who is not familiar with your issue and attempt to fix it.

Please be patient. It may take a few more days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#4 DuDaX

DuDaX
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 03 September 2011 - 10:21 AM

Okay, thanks a lot, I'll be patient :thumbsup:

#5 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:47 PM

Posted 04 September 2011 - 03:40 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/416778 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#6 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:47 PM

Posted 09 September 2011 - 03:45 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users