Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

another person with Crypt.AQLW problems


  • This topic is locked This topic is locked
15 replies to this topic

#1 relmatos

relmatos

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 07 March 2012 - 05:32 PM

On the 29th of last month, AVG popped up saying that it caught Crypt.AQLW when I opened a page related to DC Universe from a Google Search (1st result on Google, it appeared to be a brasilian forum and when I opened it, I was redirected to another site automatically).
AVG supposedly fixed it, prompted me to restart the computer. After that, I kept geting more trojan warnings.
I tried running several programs to try and fix the mess but none seemed to work.
After a while I noticed that my hosts file was gone. Today the computer restarted on it's own and after that I had lost all internet\network access. A system restore from February 15th gave me back access internet and network access(I chose a system restore date a bit earlier than the 1st warning I got to try and avoid more problems).

Note: when running GMER at the end the program warned about a change in rootkits while scanning the computer. Please tell me if I have to run it again and repost the log.

DDS.TXT Log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Alexandrino at 20:51:22 on 2012-03-07
Microsoft Windows XP Home Edition 5.1.2600.3.1252.351.2070.18.1014.305 [GMT 0:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Programas\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programas\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Programas\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Programas\Ficheiros comuns\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programas\Ficheiros comuns\Java\Java Update\jusched.exe
C:\Programas\AVG\AVG2012\avgtray.exe
C:\Programas\iTunes\iTunesHelper.exe
C:\Programas\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\Windows Media Player\WMPNSCFG.exe
svchost.exe
C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programas\AVG\AVG2012\avgwdsvc.exe
C:\Programas\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Programas\Java\jre6\bin\jqs.exe
C:\Programas\AVG\AVG2012\avgnsx.exe
C:\Programas\AVG\AVG2012\avgemcx.exe
C:\Programas\RALINK\Common\RalinkRegistryWriter.exe
c:\Programas\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Programas\AVG\AVG2012\AVGIDSAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Programas\Internet Explorer\iexplore.exe
C:\Programas\Internet Explorer\iexplore.exe
C:\Programas\iPod\bin\iPodService.exe
C:\Programas\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://myepisodes.com/views.php
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programas\ficheiros comuns\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\programas\avg\avg2012\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programas\ficheiros comuns\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programas\java\jre6\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - c:\programas\microsoft visual studio 10.0\common7\ide\privateassemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: Web Test Recorder 10.0: {5802d092-1784-4908-8cdb-99b6842d353d} - mscoree.dll
uRun: [MSMSGS] "c:\programas\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\programas\windows media player\WMPNSCFG.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HDAudDeck] c:\programas\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [Adobe Reader Speed Launcher] "c:\programas\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\programas\ficheiros comuns\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\programas\ficheiros comuns\java\java update\jusched.exe"
mRun: [AVG_TRAY] "c:\programas\avg\avg2012\avgtray.exe"
mRun: [QuickTime Task] "c:\programas\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\programas\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programas\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{AC2C60C0-55D1-4D57-A2B8-FC81359654B4} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B738C549-B26B-4E30-B1E7-223EB3FA4E66} : DhcpNameServer = 192.168.2.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\programas\avg\avg2012\avgpp.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\programas\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\programas\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 RalinkRegistryWriter;Ralink Registry Writer;c:\programas\ralink\common\RalinkRegistryWriter.exe [2010-9-22 69632]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 16720]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-9-22 1374464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 VSPerfDrv100;Performance Tools Driver 10.0;c:\programas\microsoft visual studio 10.0\team tools\performance tools\VSPerfDrv100.sys [2009-12-8 48128]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\programas\microsoft sql server\100\shared\sqladhlp.exe [2009-7-23 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\programas\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
.
=============== Created Last 30 ================
.
2012-03-07 19:10:59 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-03-07 19:10:59 -------- d-----w- c:\windows\system32\wbem\Repository
2012-03-04 14:05:11 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-03 22:54:51 -------- d-----w- c:\documents and settings\alexandrino\application data\LOVE
2012-02-29 18:00:24 -------- d-----w- c:\programas\Spybot - Search & Destroy
2012-02-29 18:00:24 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-02-28 00:43:56 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-24 15:03:16 -------- d-----w- c:\programas\pazera-software
2012-02-16 11:30:13 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-16 11:30:13 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-11 17:28:08 5632 ----a-w- c:\windows\system32\ptpusb.dll
2012-02-11 17:28:05 159232 ----a-w- c:\windows\system32\ptpusd.dll
2012-02-11 17:28:00 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2012-02-11 17:28:00 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
.
==================== Find3M ====================
.
2012-03-04 14:04:56 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-12 17:20:19 1860096 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:43:23 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:43:23 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:43:23 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22:58 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 20:52:21,81 ===============

Attached Files


Edited by relmatos, 07 March 2012 - 05:33 PM.


BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:17 AM

Posted 08 March 2012 - 03:08 AM

Hello relmatos and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

    • Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.

    • Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.

____________________________________________________

It appears you're infected with an infection known as ZeroAccess.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:


NEXT:



Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


NEXT:



Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


NEXT:


Running OTL

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Copy and Paste the following code into the Posted Image textbox.
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    "%WinDir%\$NtUninstallKB*$." /30
    C:\Program Files\Common Files\ComObjects\*.* /s
    %systemroot%\*. /mp /s
    %systemroot%\*. /rp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %SYSTEMDRIVE%\*.exe
    /md5start
    volsnap.sys
    atapi.sys
    explorer.exe
    winlogon.exe
    wininit.exe
    tdx.sys
    afd.sys
    /md5stop
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. TDSSKiller log.
3. Farbar Service Scanner log.
4. OTL.txt & Extras.txt logs.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.


Please let me know how the above scans go.

Kindest Regards,
ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 relmatos

relmatos
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 08 March 2012 - 11:47 AM

1 - I was wondering if I lose Internet\Network Access again or, as I've read somewhere else that it might happen keyboard access, I can do a system restore to get access again or if I should do anything else. I'm also wondering if I could\should remove all the internet temporary files\cookies or not.

2- TDSSKiller Log
It took me 3 attempts to get the program to work. The first time it got stuck at 80% and everything stopped responding. I was forced to restart the computer at the button. The 2nd time the application was stuck on c:\windows\system32\drivers\Parport.sys for about 40 minutes before it stopped responding and I had to restart the computer again. Each of those times produced a log but I'll only upload the third log which was very fast.

16:14:14.0171 3560 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
16:14:16.0171 3560 ============================================================
16:14:16.0171 3560 Current date / time: 2012/03/08 16:14:16.0171
16:14:16.0171 3560 SystemInfo:
16:14:16.0171 3560
16:14:16.0171 3560 OS Version: 5.1.2600 ServicePack: 3.0
16:14:16.0171 3560 Product type: Workstation
16:14:16.0171 3560 ComputerName: ALEXANDR-PC
16:14:16.0171 3560 UserName: Alexandrino
16:14:16.0171 3560 Windows directory: C:\WINDOWS
16:14:16.0171 3560 System windows directory: C:\WINDOWS
16:14:16.0171 3560 Processor architecture: Intel x86
16:14:16.0171 3560 Number of processors: 2
16:14:16.0171 3560 Page size: 0x1000
16:14:16.0171 3560 Boot type: Normal boot
16:14:16.0171 3560 ============================================================
16:14:29.0734 3560 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:14:30.0171 3560 \Device\Harddisk0\DR0:
16:14:30.0640 3560 MBR used
16:14:30.0640 3560 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
16:14:32.0015 3560 Initialize success
16:14:32.0015 3560 ============================================================
16:14:45.0828 2228 ============================================================
16:14:45.0828 2228 Scan started
16:14:45.0828 2228 Mode: Manual; SigCheck; TDLFS;
16:14:45.0828 2228 ============================================================
16:14:50.0203 2228 44169337 - ok
16:14:50.0437 2228 Abiosdsk - ok
16:14:50.0468 2228 abp480n5 - ok
16:14:50.0578 2228 ACPI (e353cb4d44454643bd81e0ffd3e3832c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:15:00.0640 2228 ACPI - ok
16:15:04.0296 2228 ACPIEC (4cbbd5516d8f7eb18314c9a593da7744) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:15:04.0609 2228 ACPIEC - ok
16:15:05.0312 2228 adpu160m - ok
16:15:05.0921 2228 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:15:06.0250 2228 aec - ok
16:15:07.0031 2228 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
16:15:07.0078 2228 AegisP ( UnsignedFile.Multi.Generic ) - warning
16:15:07.0078 2228 AegisP - detected UnsignedFile.Multi.Generic (1)
16:15:07.0515 2228 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
16:15:07.0703 2228 AFD - ok
16:15:08.0281 2228 Aha154x - ok
16:15:08.0359 2228 aic78u2 - ok
16:15:08.0359 2228 aic78xx - ok
16:15:08.0390 2228 AliIde - ok
16:15:08.0406 2228 amsint - ok
16:15:08.0437 2228 asc - ok
16:15:08.0453 2228 asc3350p - ok
16:15:08.0468 2228 asc3550 - ok
16:15:08.0515 2228 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:15:08.0656 2228 AsyncMac - ok
16:15:08.0703 2228 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:15:08.0859 2228 atapi - ok
16:15:08.0875 2228 Atdisk - ok
16:15:08.0906 2228 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:15:09.0093 2228 Atmarpc - ok
16:15:09.0140 2228 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:15:09.0281 2228 audstub - ok
16:15:09.0531 2228 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
16:15:09.0953 2228 AVGIDSDriver - ok
16:15:10.0234 2228 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
16:15:10.0515 2228 AVGIDSEH - ok
16:15:10.0890 2228 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
16:15:11.0234 2228 AVGIDSFilter - ok
16:15:11.0765 2228 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
16:15:12.0031 2228 AVGIDSShim - ok
16:15:13.0390 2228 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
16:15:19.0156 2228 Avgldx86 - ok
16:15:21.0296 2228 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
16:15:24.0546 2228 Avgmfx86 - ok
16:15:25.0687 2228 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
16:15:29.0046 2228 Avgrkx86 - ok
16:15:31.0156 2228 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
16:15:34.0812 2228 Avgtdix - ok
16:15:36.0484 2228 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:15:39.0859 2228 Beep - ok
16:15:47.0765 2228 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:15:53.0921 2228 cbidf2k - ok
16:16:04.0859 2228 cd20xrnt - ok
16:16:08.0390 2228 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:16:10.0031 2228 Cdaudio - ok
16:16:10.0156 2228 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:16:10.0312 2228 Cdfs - ok
16:16:10.0343 2228 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:16:10.0500 2228 Cdrom - ok
16:16:10.0515 2228 Changer - ok
16:16:10.0593 2228 CmdIde - ok
16:16:10.0609 2228 Cpqarray - ok
16:16:10.0625 2228 dac2w2k - ok
16:16:10.0640 2228 dac960nt - ok
16:16:10.0687 2228 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:16:10.0843 2228 Disk - ok
16:16:10.0890 2228 dmboot (875cb9847c86e2bff5092edd72b52d94) C:\WINDOWS\system32\drivers\dmboot.sys
16:16:11.0078 2228 dmboot - ok
16:16:11.0093 2228 dmio (640ee82b51017fb496b525026452cc31) C:\WINDOWS\system32\drivers\dmio.sys
16:16:11.0265 2228 dmio - ok
16:16:11.0281 2228 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:16:11.0437 2228 dmload - ok
16:16:11.0484 2228 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:16:11.0640 2228 DMusic - ok
16:16:11.0671 2228 dpti2o - ok
16:16:11.0671 2228 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:16:11.0812 2228 drmkaud - ok
16:16:11.0875 2228 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:16:12.0015 2228 Fastfat - ok
16:16:12.0046 2228 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
16:16:12.0250 2228 Fdc - ok
16:16:12.0281 2228 Fips (a4542ec275d6b2264d23ce1cd0d223be) C:\WINDOWS\system32\drivers\Fips.sys
16:16:12.0406 2228 Fips - ok
16:16:12.0421 2228 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
16:16:12.0546 2228 Flpydisk - ok
16:16:12.0609 2228 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
16:16:12.0812 2228 FltMgr - ok
16:16:13.0062 2228 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:16:13.0218 2228 Fs_Rec - ok
16:16:13.0296 2228 Ftdisk (aae88d91b75eefd3429ca49b07451812) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:16:13.0453 2228 Ftdisk - ok
16:16:13.0609 2228 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
16:16:13.0703 2228 GEARAspiWDM - ok
16:16:13.0921 2228 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:16:14.0078 2228 Gpc - ok
16:16:14.0328 2228 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
16:16:14.0343 2228 hamachi - ok
16:16:14.0406 2228 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:16:14.0578 2228 HDAudBus - ok
16:16:14.0656 2228 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:16:14.0843 2228 hidusb - ok
16:16:14.0937 2228 hpn - ok
16:16:15.0156 2228 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:16:16.0265 2228 HTTP - ok
16:16:16.0500 2228 i2omgmt - ok
16:16:16.0703 2228 i2omp - ok
16:16:16.0890 2228 i8042prt (7edadcb7d0161a33ae3e00e163759c36) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:16:17.0078 2228 i8042prt - ok
16:16:17.0734 2228 ialm (9acb03875cfe068d5cc0e98fb2cf7017) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
16:16:20.0015 2228 ialm - ok
16:16:20.0250 2228 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:16:20.0437 2228 Imapi - ok
16:16:20.0546 2228 ini910u - ok
16:16:20.0609 2228 IntelIde - ok
16:16:20.0687 2228 intelppm (c5e9ce8183f978ad5a210fa36290f6b1) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:16:20.0859 2228 intelppm - ok
16:16:21.0031 2228 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
16:16:21.0203 2228 Ip6Fw - ok
16:16:21.0281 2228 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:16:21.0453 2228 IpFilterDriver - ok
16:16:21.0578 2228 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:16:21.0750 2228 IpInIp - ok
16:16:21.0890 2228 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:16:22.0093 2228 IpNat - ok
16:16:22.0218 2228 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:16:22.0406 2228 IPSec - ok
16:16:22.0593 2228 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:16:22.0671 2228 IRENUM - ok
16:16:22.0812 2228 isapnp (fabff8a637ecc7fd67e4799403c0100e) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:16:22.0937 2228 isapnp - ok
16:16:23.0078 2228 Kbdclass (bd70df1c21082c9115d9fbcb11d871eb) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:16:23.0265 2228 Kbdclass - ok
16:16:23.0359 2228 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:16:23.0562 2228 kmixer - ok
16:16:23.0671 2228 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:16:23.0781 2228 KSecDD - ok
16:16:23.0812 2228 lbrtfdc - ok
16:16:23.0890 2228 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:16:24.0062 2228 mnmdd - ok
16:16:24.0109 2228 Modem (54c089cf7115bc80a3fecd11294b73f5) C:\WINDOWS\system32\drivers\Modem.sys
16:16:24.0281 2228 Modem - ok
16:16:24.0531 2228 monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\monfilt.sys
16:16:25.0281 2228 monfilt - ok
16:16:25.0500 2228 Mouclass (4722326253a4b2f51259535d11933193) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:16:25.0625 2228 Mouclass - ok
16:16:25.0734 2228 mouhid (ffb65f7837e634e2f5a4c4141479f019) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:16:25.0890 2228 mouhid - ok
16:16:26.0171 2228 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:16:26.0328 2228 MountMgr - ok
16:16:26.0640 2228 mraid35x - ok
16:16:26.0828 2228 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:16:27.0125 2228 MRxDAV - ok
16:16:27.0296 2228 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:16:27.0453 2228 MRxSmb - ok
16:16:27.0796 2228 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:16:27.0953 2228 Msfs - ok
16:16:28.0125 2228 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:16:28.0312 2228 MSKSSRV - ok
16:16:28.0437 2228 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:16:28.0578 2228 MSPCLOCK - ok
16:16:29.0171 2228 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:16:29.0312 2228 MSPQM - ok
16:16:30.0546 2228 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:16:30.0796 2228 mssmbios - ok
16:16:31.0265 2228 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
16:16:31.0328 2228 MTsensor - ok
16:16:31.0671 2228 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:16:31.0859 2228 Mup - ok
16:16:32.0218 2228 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:16:32.0390 2228 NDIS - ok
16:16:32.0453 2228 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:16:32.0531 2228 NdisTapi - ok
16:16:32.0687 2228 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:16:32.0890 2228 Ndisuio - ok
16:16:32.0937 2228 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:16:33.0109 2228 NdisWan - ok
16:16:33.0156 2228 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:16:33.0203 2228 NDProxy - ok
16:16:33.0250 2228 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:16:33.0421 2228 NetBIOS - ok
16:16:33.0468 2228 NetBT (e67b340a4b6e5f9a1002cc58c0767f18) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:16:33.0484 2228 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\netbt.sys. Real md5: e67b340a4b6e5f9a1002cc58c0767f18, Fake md5: 74b2b2f5bea5e9a3dc021d685551bd3d
16:16:33.0484 2228 NetBT ( Virus.Win32.ZAccess.k ) - infected
16:16:33.0484 2228 NetBT - detected Virus.Win32.ZAccess.k (0)
16:16:33.0531 2228 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:16:33.0703 2228 Npfs - ok
16:16:33.0750 2228 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:16:33.0921 2228 Ntfs - ok
16:16:33.0984 2228 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:16:34.0156 2228 Null - ok
16:16:34.0187 2228 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:16:34.0359 2228 NwlnkFlt - ok
16:16:34.0390 2228 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:16:34.0546 2228 NwlnkFwd - ok
16:16:35.0000 2228 Parport (5ba9e672fc3fcb436a92b0646dd37625) C:\WINDOWS\system32\drivers\Parport.sys
16:16:35.0156 2228 Parport - ok
16:16:35.0515 2228 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:16:35.0640 2228 PartMgr - ok
16:16:36.0000 2228 ParVdm (5be4416a102731c5271badd028608452) C:\WINDOWS\system32\drivers\ParVdm.sys
16:16:36.0125 2228 ParVdm - ok
16:16:36.0515 2228 PCI (b772ba8c5f3dfcbfc062fc52313086a6) C:\WINDOWS\system32\DRIVERS\pci.sys
16:16:36.0656 2228 PCI - ok
16:16:41.0171 2228 PCIDump - ok
16:16:42.0375 2228 PCIIde (935346d9049480ba68e31a41ec92627b) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:16:42.0531 2228 PCIIde - ok
16:16:43.0703 2228 Pcmcia (ba058da99ae2f815d3df74009b6d50a8) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:16:43.0875 2228 Pcmcia - ok
16:16:44.0640 2228 PDCOMP - ok
16:16:45.0343 2228 PDFRAME - ok
16:16:45.0937 2228 PDRELI - ok
16:16:47.0296 2228 PDRFRAME - ok
16:16:51.0515 2228 perc2 - ok
16:16:51.0796 2228 perc2hib - ok
16:16:52.0171 2228 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:16:52.0328 2228 PptpMiniport - ok
16:16:52.0578 2228 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:16:52.0718 2228 PSched - ok
16:16:53.0078 2228 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:16:53.0218 2228 Ptilink - ok
16:16:53.0437 2228 ql1080 - ok
16:16:53.0578 2228 Ql10wnt - ok
16:16:53.0703 2228 ql12160 - ok
16:16:53.0828 2228 ql1240 - ok
16:16:54.0062 2228 ql1280 - ok
16:16:54.0296 2228 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:16:54.0421 2228 RasAcd - ok
16:16:54.0734 2228 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:16:54.0890 2228 Rasl2tp - ok
16:16:55.0234 2228 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:16:55.0375 2228 RasPppoe - ok
16:16:55.0671 2228 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:16:55.0828 2228 Raspti - ok
16:16:56.0234 2228 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:16:56.0453 2228 Rdbss - ok
16:16:56.0734 2228 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:16:56.0875 2228 RDPCDD - ok
16:16:57.0187 2228 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
16:16:57.0265 2228 RDPWD - ok
16:16:57.0625 2228 redbook (b169d51385049145a8ddb1a87ab5f7bf) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:16:57.0750 2228 redbook - ok
16:16:58.0031 2228 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\WINDOWS\system32\DRIVERS\RsFx0103.sys
16:16:58.0078 2228 RsFx0103 - ok
16:16:58.0406 2228 RT2500 (5c2552357bf48f223f637374b098b45b) C:\WINDOWS\system32\DRIVERS\RT2500.sys
16:16:58.0484 2228 RT2500 ( UnsignedFile.Multi.Generic ) - warning
16:16:58.0484 2228 RT2500 - detected UnsignedFile.Multi.Generic (1)
16:16:58.0859 2228 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
16:16:59.0453 2228 RTL8023xp - ok
16:16:59.0781 2228 RTLE8023xp (e47c52f0380f0950e2bc9f1bcdc0de9b) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
16:16:59.0937 2228 RTLE8023xp - ok
16:17:00.0281 2228 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:17:00.0343 2228 Secdrv - ok
16:17:00.0906 2228 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:17:01.0046 2228 serenum - ok
16:17:01.0328 2228 Serial (d801b66244d750792ec2b74c0e8bc183) C:\WINDOWS\system32\DRIVERS\serial.sys
16:17:01.0484 2228 Serial - ok
16:17:01.0843 2228 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:17:01.0984 2228 Sfloppy - ok
16:17:02.0234 2228 Simbad - ok
16:17:02.0406 2228 Sparrow - ok
16:17:02.0609 2228 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:17:02.0750 2228 splitter - ok
16:17:03.0515 2228 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\System32\Drivers\sptd.sys
16:17:03.0921 2228 sptd - ok
16:17:04.0203 2228 sr (6593326ac89da535228e046a859dbe06) C:\WINDOWS\system32\DRIVERS\sr.sys
16:17:04.0281 2228 sr - ok
16:17:04.0765 2228 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:17:04.0984 2228 Srv - ok
16:17:05.0468 2228 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:17:05.0593 2228 swenum - ok
16:17:05.0984 2228 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:17:06.0125 2228 swmidi - ok
16:17:06.0343 2228 symc810 - ok
16:17:06.0500 2228 symc8xx - ok
16:17:06.0718 2228 sym_hi - ok
16:17:07.0000 2228 sym_u3 - ok
16:17:07.0281 2228 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:17:07.0421 2228 sysaudio - ok
16:17:07.0890 2228 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:17:08.0234 2228 Tcpip - ok
16:17:08.0593 2228 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:17:08.0734 2228 TDPIPE - ok
16:17:09.0078 2228 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:17:09.0218 2228 TDTCP - ok
16:17:09.0546 2228 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:17:09.0703 2228 TermDD - ok
16:17:09.0921 2228 TosIde - ok
16:17:10.0234 2228 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:17:10.0390 2228 Udfs - ok
16:17:10.0640 2228 ultra - ok
16:17:11.0171 2228 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:17:11.0468 2228 Update - ok
16:17:11.0906 2228 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
16:17:11.0984 2228 USBAAPL - ok
16:17:12.0312 2228 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:17:12.0468 2228 usbccgp - ok
16:17:12.0765 2228 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:17:12.0906 2228 usbehci - ok
16:17:13.0203 2228 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:17:13.0343 2228 usbhub - ok
16:17:13.0812 2228 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:17:14.0000 2228 usbscan - ok
16:17:14.0296 2228 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:17:14.0421 2228 USBSTOR - ok
16:17:14.0843 2228 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:17:15.0000 2228 usbuhci - ok
16:17:15.0281 2228 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:17:15.0406 2228 VgaSave - ok
16:17:16.0031 2228 VIAHdAudAddService (29cc58050804de6c3a900045ea2dd564) C:\WINDOWS\system32\drivers\viahduaa.sys
16:17:16.0703 2228 VIAHdAudAddService - ok
16:17:16.0968 2228 ViaIde - ok
16:17:17.0250 2228 VolSnap (a2e5b9b25d77af18be1ece69f15f436c) C:\WINDOWS\system32\drivers\VolSnap.sys
16:17:17.0390 2228 VolSnap - ok
16:17:17.0625 2228 VSPerfDrv100 (5a2ddc5411a092bedb1a07755e087784) C:\Programas\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys
16:17:17.0687 2228 VSPerfDrv100 ( UnsignedFile.Multi.Generic ) - warning
16:17:17.0687 2228 VSPerfDrv100 - detected UnsignedFile.Multi.Generic (1)
16:17:17.0984 2228 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:17:18.0140 2228 Wanarp - ok
16:17:18.0343 2228 WDICA - ok
16:17:18.0640 2228 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:17:18.0812 2228 wdmaud - ok
16:17:19.0171 2228 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:17:19.0328 2228 WudfPf - ok
16:17:19.0609 2228 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:17:19.0640 2228 WudfRd - ok
16:17:19.0687 2228 MBR (0x1B8) (da78e083d0717e99af44eda1bb65f878) \Device\Harddisk0\DR0
16:17:27.0421 2228 \Device\Harddisk0\DR0 - ok
16:17:27.0437 2228 Boot (0x1200) (6e54138b657e29aecf3feac8721c1ad4) \Device\Harddisk0\DR0\Partition0
16:17:27.0468 2228 \Device\Harddisk0\DR0\Partition0 - ok
16:17:27.0468 2228 ============================================================
16:17:27.0468 2228 Scan finished
16:17:27.0468 2228 ============================================================
16:17:27.0578 2204 Detected object count: 4
16:17:27.0578 2204 Actual detected object count: 4
16:17:47.0906 2204 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
16:17:47.0906 2204 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:17:48.0234 2204 C:\WINDOWS\system32\DRIVERS\netbt.sys - copied to quarantine
16:17:48.0703 2204 Backup copy found, using it..
16:17:48.0859 2204 C:\WINDOWS\system32\DRIVERS\netbt.sys - will be cured on reboot
16:18:13.0640 2204 NetBT ( Virus.Win32.ZAccess.k ) - User select action: Cure
16:18:13.0640 2204 RT2500 ( UnsignedFile.Multi.Generic ) - skipped by user
16:18:13.0640 2204 RT2500 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:18:13.0640 2204 VSPerfDrv100 ( UnsignedFile.Multi.Generic ) - skipped by user
16:18:13.0640 2204 VSPerfDrv100 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:18:35.0453 3420 Deinitialize success

3- Farbar Service Scanner Log
This was incredibly fast. It completed as soon as I clicked the button. Don't know if it's supposed to.

Farbar Service Scanner Version: 01-03-2012
Ran by Alexandrino (administrator) on 08-03-2012 at 16:22:56
Running from "C:\Documents and Settings\Alexandrino\Ambiente de trabalho"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2008-04-14 20:39] - [2008-04-14 20:39] - 0126976 ____A (Microsoft Corporation) 1F8A89693F9F0ABCD66A57F0788DB09F

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll
[2008-04-14 20:39] - [2009-04-20 17:18] - 0045568 ____A (Microsoft Corporation) A8DB6B5DB1D0155CE869426C87131A3A

C:\WINDOWS\system32\ipnathlp.dll
[2008-04-14 20:39] - [2008-04-14 20:39] - 0331776 ____A (Microsoft Corporation) 3778B0689541AB8D49FBFE43B9C24A44

C:\WINDOWS\system32\netman.dll
[2008-04-14 20:39] - [2008-04-14 20:39] - 0198144 ____A (Microsoft Corporation) 0DCBE421B636B919B6A328D2E7F711ED

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2010-09-22 21:41] - [2008-04-14 20:39] - 0145408 ____A (Microsoft Corporation) 0F0B6935ACD5248374313E0A5B21F2ED

C:\WINDOWS\system32\srsvc.dll
[2010-09-22 21:42] - [2008-04-14 20:39] - 0171520 ____A (Microsoft Corporation) 6126A4FFC49D210FB3F3A16E67A62ECB

C:\WINDOWS\system32\Drivers\sr.sys
[2010-09-22 21:42] - [2008-04-14 20:18] - 0073472 ____A (Microsoft Corporation) 6593326AC89DA535228E046A859DBE06

C:\WINDOWS\system32\wscsvc.dll
[2008-04-14 20:39] - [2008-04-14 20:39] - 0080896 ____A (Microsoft Corporation) 14E2F2872C0E32A517AFF218DE28C16D

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2010-09-22 21:41] - [2008-04-14 20:39] - 0145408 ____A (Microsoft Corporation) 0F0B6935ACD5248374313E0A5B21F2ED

C:\WINDOWS\system32\wuauserv.dll
[2010-09-22 21:42] - [2008-04-14 20:39] - 0006656 ____A (Microsoft Corporation) 8C54A36DB7A4EC23927F454030364B35

C:\WINDOWS\system32\qmgr.dll
[2010-09-22 21:42] - [2008-04-14 20:39] - 0409088 ____A (Microsoft Corporation) D938061D85B58D795F2634D612637598

C:\WINDOWS\system32\es.dll
[2008-04-14 20:39] - [2008-07-07 20:28] - 0253952 ____A (Microsoft Corporation) 9509791F69AACDD288D356AB7FFA76A5

C:\WINDOWS\system32\cryptsvc.dll
[2008-04-14 20:39] - [2008-04-14 20:39] - 0062464 ____A (Microsoft Corporation) D2DF1EAAB0D7DB8419C1034EB14CBFFF

C:\WINDOWS\system32\svchost.exe
[2008-04-14 20:40] - [2008-04-14 20:40] - 0014336 ____A (Microsoft Corporation) 4C0F692661947B432D184EBFA2FE1912

C:\WINDOWS\system32\rpcss.dll
[2008-04-14 20:39] - [2009-02-09 10:53] - 0401408 ____A (Microsoft Corporation) A1D2164660EF8D5D4A3CFA0F1B9C81A6

C:\WINDOWS\system32\services.exe
[2008-04-14 20:40] - [2009-02-09 11:23] - 0111104 ____A (Microsoft Corporation) 3ED25950BC4603E15CD39A9649EB178E


Extra List:
=======
AegisP(8) Avgtdix(9) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x09000000050000000100000002000000030000000400000009000000060000000700000008000000
IpSec Tag value is correct.

**** End of log ****


4- OTL.txt & Extras.txt logs

OTL.txt

OTL logfile created on: 08-03-2012 16:24:32 - Run 1
OTL by OldTimer - Version 3.2.36.1 Folder = C:\Documents and Settings\Alexandrino\Ambiente de trabalho
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000816 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy

1014,11 Mb Total Physical Memory | 436,29 Mb Available Physical Memory | 43,02% Memory free
2,39 Gb Paging File | 1,86 Gb Available in Paging File | 77,73% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programas
Drive C: | 149,04 Gb Total Space | 47,72 Gb Free Space | 32,02% Space Free | Partition Type: NTFS

Computer Name: ALEXANDR-PC | User Name: Alexandrino | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-03-08 16:22:26 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alexandrino\Ambiente de trabalho\OTL.exe
PRC - [2012-01-24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programas\AVG\AVG2012\avgtray.exe
PRC - [2012-01-18 14:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programas\Ficheiros comuns\Java\Java Update\jusched.exe
PRC - [2012-01-03 07:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Programas\Ficheiros comuns\Adobe\ARM\1.0\AdobeARM.exe
PRC - [2011-11-28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programas\AVG\AVG2012\avgnsx.exe
PRC - [2011-10-12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programas\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011-10-10 06:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programas\AVG\AVG2012\avgemcx.exe
PRC - [2011-09-08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programas\AVG\AVG2012\avgrsx.exe
PRC - [2011-08-15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programas\AVG\AVG2012\avgcsrvx.exe
PRC - [2011-08-02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programas\AVG\AVG2012\avgwdsvc.exe
PRC - [2011-05-25 13:06:20 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009-08-18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009-08-18 10:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2008-04-23 10:59:44 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Programas\RALINK\Common\RalinkRegistryWriter.exe
PRC - [2008-04-14 20:39:48 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2010-08-09 23:01:06 | 000,067,872 | ---- | M] () -- C:\Programas\Ficheiros comuns\Apple\Apple Application Support\zlib1.dll
MOD - [2009-02-27 17:49:12 | 000,311,296 | ---- | M] () -- C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\pdfshell.PTB


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (usbsermpt)
SRV - File not found [Auto | Stopped] -- -- (tiwlnsvc)
SRV - File not found [Auto | Stopped] -- -- (tfsndres)
SRV - File not found [Auto | Stopped] -- -- (sscdbus)
SRV - File not found [Auto | Stopped] -- -- (SilverLink)
SRV - File not found [Auto | Stopped] -- -- (server)
SRV - File not found [Auto | Stopped] -- -- (se45mgmt)
SRV - File not found [Auto | Stopped] -- -- (s217nd5)
SRV - File not found [Auto | Stopped] -- -- (pdlncbas)
SRV - File not found [Auto | Stopped] -- -- (pdlnatdl)
SRV - File not found [Auto | Stopped] -- -- (oracleoradb10g_home1isql*plus)
SRV - File not found [Auto | Stopped] -- -- (nvrd64)
SRV - File not found [Auto | Stopped] -- -- (NtMtlFax)
SRV - File not found [Auto | Stopped] -- -- (MREMP50)
SRV - File not found [Auto | Stopped] -- -- (mindretrieve)
SRV - File not found [Auto | Stopped] -- -- (MegaSR)
SRV - File not found [Auto | Stopped] -- -- (mctaskmanager)
SRV - File not found [Auto | Stopped] -- -- (mafwboot)
SRV - File not found [Auto | Stopped] -- -- (intelroam)
SRV - File not found [Auto | Stopped] -- -- (InCDsrvR)
SRV - File not found [Auto | Stopped] -- -- (incdsrv)
SRV - File not found [Auto | Stopped] -- -- (imaservice)
SRV - File not found [Auto | Stopped] -- -- (ICAM3NT5)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (helpsvc)
SRV - File not found [Auto | Stopped] -- -- (GENERICDRV)
SRV - File not found [Auto | Stopped] -- -- (cmbatt)
SRV - File not found [Auto | Stopped] -- -- (CDRPDACC)
SRV - File not found [Auto | Stopped] -- -- (btdriver)
SRV - File not found [Auto | Stopped] -- -- (ARCSOFTVIRTUALCAPTURE)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011-10-12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programas\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011-08-02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programas\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011-07-20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programas\Ficheiros comuns\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011-05-25 13:06:20 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011-03-16 09:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Programas\Ficheiros comuns\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009-08-18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008-04-23 10:59:44 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Programas\RALINK\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter)
SRV - [2006-10-26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programas\Ficheiros comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (44169337)
DRV - [2011-10-07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011-10-04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011-09-13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011-08-08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011-07-11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011-07-11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011-07-11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011-07-11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010-12-08 20:41:58 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010-09-22 16:22:44 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009-12-08 21:24:26 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Programas\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys -- (VSPerfDrv100)
DRV - [2009-06-05 07:16:32 | 000,142,336 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009-06-02 08:52:36 | 001,374,464 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009-03-30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2009-03-18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009-02-09 09:52:00 | 000,238,208 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RT2500.sys -- (RT2500)
DRV - [2008-02-14 06:12:00 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2004-08-13 02:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2025429265-823518204-1177238915-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://myepisodes.com/views.php
IE - HKU\S-1-5-21-2025429265-823518204-1177238915-1004\..\SearchScopes,DefaultScope = {E878ADF3-D511-41A4-A39D-2B293C014E1B}
IE - HKU\S-1-5-21-2025429265-823518204-1177238915-1004\..\SearchScopes\{E878ADF3-D511-41A4-A39D-2B293C014E1B}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-2025429265-823518204-1177238915-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2025429265-823518204-1177238915-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programas\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programas\Microsoft Silverlight\4.0.60831.0\npctrl.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Programas\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Programas\AVG\AVG2012\Firefox4\ [2012-02-01 11:45:42 | 000,000,000 | ---D | M]


Hosts file not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programas\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Programas\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Programas\Ficheiros comuns\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Programas\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programas\Ficheiros comuns\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2025429265-823518204-1177238915-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programas\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programas\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programas\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programas\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Programas\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Programas\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Programas\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Programas\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Programas\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Programas\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Programas\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Programas\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Programas\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Programas\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Programas\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Programas\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC2C60C0-55D1-4D57-A2B8-FC81359654B4}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B738C549-B26B-4E30-B1E7-223EB3FA4E66}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programas\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programas\Ficheiros comuns\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programas\Ficheiros comuns\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (A minha home page actual) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Alexandrino\Definições locais\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Alexandrino\Definições locais\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-09-22 21:44:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin: 37832462.sys - Driver
SafeBootMin: 44169337.sys - File not found
SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Atribuição de dados HTML dinâmicos para Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Autoridade avançada
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes DirectAnimation Java
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Actualização de segurança para Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Programador de tarefas
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: oracleoradb10g_home1isql*plus - File not found
NetSvcs: mafwboot - File not found
NetSvcs: usbsermpt - File not found
NetSvcs: tiwlnsvc - File not found
NetSvcs: ICAM3NT5 - File not found
NetSvcs: btdriver - File not found
NetSvcs: mctaskmanager - File not found
NetSvcs: sscdbus - File not found
NetSvcs: SilverLink - File not found
NetSvcs: CDRPDACC - File not found
NetSvcs: se45mgmt - File not found
NetSvcs: nvrd64 - File not found
NetSvcs: GENERICDRV - File not found
NetSvcs: imaservice - File not found
NetSvcs: s217nd5 - File not found
NetSvcs: tfsndres - File not found
NetSvcs: cmbatt - File not found
NetSvcs: MegaSR - File not found
NetSvcs: intelroam - File not found
NetSvcs: incdsrv - File not found
NetSvcs: server - File not found
NetSvcs: MREMP50 - File not found
NetSvcs: pdlncbas - File not found
NetSvcs: ARCSOFTVIRTUALCAPTURE - File not found
NetSvcs: InCDsrvR - File not found
NetSvcs: pdlnatdl - File not found
NetSvcs: NtMtlFax - File not found
NetSvcs: mindretrieve - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012-03-08 16:22:25 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Alexandrino\Ambiente de trabalho\OTL.exe
[2012-03-08 16:17:47 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012-03-08 15:19:48 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012-03-08 15:18:34 | 000,000,000 | ---D | C] -- C:\60a25b777ccc5913bc
[2012-03-08 15:06:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alexandrino\Ambiente de trabalho\Clean1
[2012-03-08 15:06:33 | 000,000,000 | ---D | C] -- C:\3ed46b5f2f998850b28343a81d173d
[2012-03-08 15:06:24 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Alexandrino\Ambiente de trabalho\tdsskiller.exe
[2012-03-07 20:51:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Alexandrino\Menu Iniciar\Programas\Ferramentas administrativas
[2012-03-04 14:05:59 | 000,000,000 | ---D | C] -- C:\Programas\Ficheiros comuns\Java
[2012-03-04 14:05:11 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012-03-04 14:05:11 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012-03-04 14:05:11 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012-03-04 14:05:10 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012-03-03 22:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alexandrino\Application Data\LOVE
[2012-02-29 18:00:24 | 000,000,000 | ---D | C] -- C:\Programas\Spybot - Search & Destroy
[2012-02-29 18:00:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012-02-24 15:03:16 | 000,000,000 | ---D | C] -- C:\Programas\pazera-software
[2012-02-11 17:30:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alexandrino\Ambiente de trabalho\iPhone Fotos 11-2-2012
[2012-02-11 17:28:08 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2012-02-11 17:28:05 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2012-02-11 17:28:00 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2012-02-11 17:27:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-03-08 16:22:26 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alexandrino\Ambiente de trabalho\OTL.exe
[2012-03-08 16:22:19 | 000,337,137 | ---- | M] () -- C:\Documents and Settings\Alexandrino\Ambiente de trabalho\FSS.exe
[2012-03-08 16:19:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-03-08 16:13:50 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012-03-08 15:21:42 | 090,853,526 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm.prepare
[2012-03-08 15:06:32 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Alexandrino\Ambiente de trabalho\tdsskiller.exe
[2012-03-08 00:02:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At50.job
[2012-03-08 00:02:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2012-03-08 00:02:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At49.job
[2012-03-08 00:02:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012-03-07 23:32:40 | 000,000,446 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B1932D2F-DDFE-4877-A2ED-8CDD61CFBFF3}.job
[2012-03-07 23:02:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At96.job
[2012-03-07 23:02:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2012-03-07 23:02:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At95.job
[2012-03-07 23:02:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2012-03-07 22:02:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At94.job
[2012-03-07 22:02:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2012-03-07 22:02:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At93.job
[2012-03-07 22:02:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2012-03-07 21:02:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At92.job
[2012-03-07 21:02:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2012-03-07 21:02:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At91.job
[2012-03-07 21:02:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2012-03-07 20:47:27 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-03-07 20:45:50 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\Alexandrino\defogger_reenable
[2012-03-07 20:26:01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012-03-07 20:13:20 | 000,006,884 | ---- | M] () -- C:\Documents and Settings\Alexandrino\Ambiente de trabalho\backup.zip
[2012-03-07 20:11:36 | 000,002,868 | ---- | M] () -- C:\Documents and Settings\Alexandrino\Ambiente de trabalho\backup.opml
[2012-03-07 20:11:34 | 000,022,331 | ---- | M] () -- C:\Documents and Settings\Alexandrino\Ambiente de trabalho\backup.htm
[2012-03-07 20:02:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At90.job
[2012-03-07 20:02:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2012-03-07 20:02:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At89.job
[2012-03-07 20:02:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2012-03-07 17:02:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At84.job
[2012-03-07 17:02:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2012-03-07 17:02:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At83.job
[2012-03-07 17:02:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2012-03-07 16:12:26 | 000,069,632 | ---- | M] () -- C:\Documents and Settings\Alexandrino\Definições locais\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-03-07 16:02:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At82.job
[2012-03-07 16:02:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2012-03-07 16:02:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At81.job
[2012-03-07 16:02:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2012-03-07 15:02:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At80.job
[2012-03-07 15:02:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2012-03-07 15:02:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At79.job
[2012-03-07 15:02:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2012-03-07 14:02:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At78.job
[2012-03-07 14:02:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2012-03-07 14:02:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At77.job
[2012-03-07 14:02:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2012-03-07 13:02:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At76.job
[2012-03-07 13:02:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2012-03-07 13:02:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At75.job
[2012-03-07 13:02:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2012-03-07 12:02:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At74.job
[2012-03-07 12:02:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2012-03-07 12:02:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At73.job
[2012-03-07 12:02:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2012-03-07 11:02:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At72.job
[2012-03-07 11:02:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2012-03-07 11:02:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At71.job
[2012-03-07 11:02:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2012-03-07 10:55:44 | 091,023,286 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012-03-06 19:02:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At88.job
[2012-03-06 19:02:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2012-03-06 19:02:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At87.job
[2012-03-06 19:02:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2012-03-06 18:02:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At86.job
[2012-03-06 18:02:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2012-03-06 18:02:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At85.job
[2012-03-06 18:02:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2012-03-06 01:02:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At52.job
[2012-03-06 01:02:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2012-03-06 01:02:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At51.job
[2012-03-06 01:02:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2012-03-04 14:04:57 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012-03-04 14:04:57 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012-03-04 14:04:57 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012-03-04 14:04:57 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012-03-04 14:04:56 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012-03-03 17:34:43 | 001,050,757 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Cópia (2) de hosts
[2012-02-29 11:57:58 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At70.job
[2012-02-29 11:57:58 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At68.job
[2012-02-29 11:57:58 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At66.job
[2012-02-29 11:57:58 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At64.job
[2012-02-29 11:57:58 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At62.job
[2012-02-29 11:57:58 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At60.job
[2012-02-29 11:57:58 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At58.job
[2012-02-29 11:57:58 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At56.job
[2012-02-29 11:57:58 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At54.job
[2012-02-29 11:57:58 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At69.job
[2012-02-29 11:57:58 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At67.job
[2012-02-29 11:57:58 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At65.job
[2012-02-29 11:57:58 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At63.job
[2012-02-29 11:57:58 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At61.job
[2012-02-29 11:57:58 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At59.job
[2012-02-29 11:57:58 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At57.job
[2012-02-29 11:57:58 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At55.job
[2012-02-29 11:57:58 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At53.job
[2012-02-28 20:36:31 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2012-02-28 20:36:31 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2012-02-28 20:36:31 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2012-02-28 20:36:31 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2012-02-28 20:36:31 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2012-02-28 20:36:31 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2012-02-28 20:36:31 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2012-02-28 20:36:31 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2012-02-28 20:36:31 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2012-02-28 20:36:31 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2012-02-28 20:36:31 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2012-02-28 20:36:31 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2012-02-28 20:36:31 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2012-02-28 20:36:31 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2012-02-28 20:36:31 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2012-02-28 20:36:31 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2012-02-28 20:36:31 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2012-02-28 20:36:31 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2012-02-28 20:36:31 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\iPiMFO72H.dat
[2012-02-28 11:42:17 | 000,000,022 | ---- | M] () -- C:\WINDOWS\tpcsd
[2012-02-17 11:18:05 | 000,146,016 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-02-17 01:01:13 | 000,613,254 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat
[2012-02-17 01:01:13 | 000,559,172 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012-02-17 01:01:13 | 000,122,578 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat
[2012-02-17 01:01:13 | 000,108,806 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012-02-17 00:53:17 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-03-08 16:22:19 | 000,337,137 | ---- | C] () -- C:\Documents and Settings\Alexandrino\Ambiente de trabalho\FSS.exe
[2012-03-07 20:45:41 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\Alexandrino\defogger_reenable
[2012-03-07 20:13:20 | 000,006,884 | ---- | C] () -- C:\Documents and Settings\Alexandrino\Ambiente de trabalho\backup.zip
[2012-03-07 20:11:36 | 000,002,868 | ---- | C] () -- C:\Documents and Settings\Alexandrino\Ambiente de trabalho\backup.opml
[2012-03-07 20:11:34 | 000,022,331 | ---- | C] () -- C:\Documents and Settings\Alexandrino\Ambiente de trabalho\backup.htm
[2012-02-29 11:57:58 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At96.job
[2012-02-29 11:57:58 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At94.job
[2012-02-29 11:57:58 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At92.job
[2012-02-29 11:57:58 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At90.job
[2012-02-29 11:57:58 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At95.job
[2012-02-29 11:57:58 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At93.job
[2012-02-29 11:57:58 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At91.job
[2012-02-29 11:57:58 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At89.job
[2012-02-29 11:57:57 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At88.job
[2012-02-29 11:57:57 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At86.job
[2012-02-29 11:57:57 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At84.job
[2012-02-29 11:57:57 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At82.job
[2012-02-29 11:57:57 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At80.job
[2012-02-29 11:57:57 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At78.job
[2012-02-29 11:57:57 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At76.job
[2012-02-29 11:57:57 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At74.job
[2012-02-29 11:57:57 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At72.job
[2012-02-29 11:57:57 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At70.job
[2012-02-29 11:57:57 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At68.job
[2012-02-29 11:57:57 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At66.job
[2012-02-29 11:57:57 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At64.job
[2012-02-29 11:57:57 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At62.job
[2012-02-29 11:57:57 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At60.job
[2012-02-29 11:57:57 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At58.job
[2012-02-29 11:57:57 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At56.job
[2012-02-29 11:57:57 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At54.job
[2012-02-29 11:57:57 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At52.job
[2012-02-29 11:57:57 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At50.job
[2012-02-29 11:57:57 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At87.job
[2012-02-29 11:57:57 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At85.job
[2012-02-29 11:57:57 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At83.job
[2012-02-29 11:57:57 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At81.job
[2012-02-29 11:57:57 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At79.job
[2012-02-29 11:57:57 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At77.job
[2012-02-29 11:57:57 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At75.job
[2012-02-29 11:57:57 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At73.job
[2012-02-29 11:57:57 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At71.job
[2012-02-29 11:57:57 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At69.job
[2012-02-29 11:57:57 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At67.job
[2012-02-29 11:57:57 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At65.job
[2012-02-29 11:57:57 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At63.job
[2012-02-29 11:57:57 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At61.job
[2012-02-29 11:57:57 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At59.job
[2012-02-29 11:57:57 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At57.job
[2012-02-29 11:57:57 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At55.job
[2012-02-29 11:57:57 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At53.job
[2012-02-29 11:57:57 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At51.job
[2012-02-29 11:57:56 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At49.job
[2012-02-28 20:36:31 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2012-02-28 20:36:31 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2012-02-28 20:36:31 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2012-02-28 20:36:31 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2012-02-28 20:36:31 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2012-02-28 20:36:31 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2012-02-28 20:36:31 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2012-02-28 20:36:31 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2012-02-28 20:36:31 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2012-02-28 20:36:31 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2012-02-28 20:36:31 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2012-02-28 20:36:31 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2012-02-28 20:36:31 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2012-02-28 20:36:31 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2012-02-28 20:36:31 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2012-02-28 20:36:31 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2012-02-28 20:36:31 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2012-02-28 20:36:31 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2012-02-28 20:36:31 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2012-02-28 20:36:31 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2012-02-28 20:36:31 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2012-02-28 20:36:31 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2012-02-28 20:36:31 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2012-02-28 20:36:31 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2012-02-28 20:36:31 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2012-02-28 20:36:31 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2012-02-28 20:36:31 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2012-02-28 20:36:31 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2012-02-28 20:36:31 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2012-02-28 20:36:31 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2012-02-28 20:36:31 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2012-02-28 20:36:31 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2012-02-28 20:36:31 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2012-02-28 20:36:31 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2012-02-28 20:36:31 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2012-02-28 20:36:31 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2012-02-28 20:36:31 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2012-02-28 20:36:31 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2012-02-28 20:36:31 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2012-02-28 20:36:31 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2012-02-28 20:36:31 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2012-02-28 20:36:31 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2012-02-28 20:36:31 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2012-02-28 20:36:31 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2012-02-28 20:36:31 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2012-02-28 20:36:31 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2012-02-28 20:36:31 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2012-02-28 20:36:31 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2012-02-28 20:36:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\iPiMFO72H.dat
[2012-02-28 11:42:17 | 000,000,022 | ---- | C] () -- C:\WINDOWS\tpcsd
[2012-02-28 00:43:56 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012-02-16 11:30:13 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012-02-16 11:30:13 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2011-11-07 21:21:42 | 000,202,752 | ---- | C] () -- C:\Documents and Settings\NetworkService\Definições locais\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-02-17 01:13:24 | 000,002,272 | ---- | C] () -- C:\Documents and Settings\LocalService\Definições locais\Application Data\FontCache3.0.0.0.dat
[2011-02-17 01:01:07 | 000,020,992 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010-12-09 00:09:49 | 001,303,088 | ---- | C] () -- C:\Documents and Settings\LocalService\Definições locais\Application Data\WPFFontCache_v0400-S-1-5-21-2025429265-823518204-1177238915-1004-0.dat
[2010-12-09 00:09:45 | 000,160,166 | ---- | C] () -- C:\Documents and Settings\LocalService\Definições locais\Application Data\WPFFontCache_v0400-System.dat
[2010-09-27 15:04:06 | 000,069,632 | ---- | C] () -- C:\Documents and Settings\Alexandrino\Definições locais\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-09-22 22:35:01 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010-09-22 22:33:55 | 000,146,016 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-09-22 21:51:21 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010-09-22 21:51:16 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2010-09-22 21:51:13 | 000,017,584 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010-09-22 21:51:13 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010-09-22 21:46:00 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010-09-22 21:42:19 | 000,021,924 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010-09-22 17:16:25 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010-09-22 17:09:50 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2010-09-22 15:00:28 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll

========== Custom Scans ==========


< "%WinDir%\$NtUninstallKB*$." /30 >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2010-09-22 22:32:52 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2010-09-22 22:32:52 | 001,069,056 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2010-09-22 22:32:52 | 000,442,368 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2012-03-08 16:19:22 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\netbt.sys

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AFD.SYS >
[2011-08-17 13:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\dllcache\afd.sys
[2011-08-17 13:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\drivers\afd.sys
[2011-02-16 13:22:48 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=355556D9E580915118CD7EF736653A89 -- C:\WINDOWS\$NtUninstallKB2592799$\afd.sys
[2008-10-16 15:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008-08-14 10:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2008-10-16 14:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\$NtUninstallKB2503665$\afd.sys
[2008-08-14 10:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
[2011-02-16 13:25:05 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=8D499B1276012EB907E7A9E0F4D8FDA4 -- C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys
[2008-06-20 11:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2011-08-17 13:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys

< MD5 for: ATAPI.SYS >
[2008-04-14 20:51:36 | 020,104,164 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008-04-13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008-04-13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\system32\DRIVERS\atapi.sys
[2008-04-13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys

< MD5 for: EXPLORER.EXE >
[2011-01-16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Alexandrino\Definições locais\Temp\RarSFX0\procs\explorer.exe
[2008-04-14 20:39:48 | 001,035,776 | ---- | M] (Microsoft Corporation) MD5=73BF5036A2ABA403DB078C65B1A29A99 -- C:\WINDOWS\explorer.exe
[2008-04-14 20:39:48 | 001,035,776 | ---- | M] (Microsoft Corporation) MD5=73BF5036A2ABA403DB078C65B1A29A99 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2005-08-16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Alexandrino\Definições locais\Temp\RarSFX0\h\explorer.exe

< MD5 for: VOLSNAP.SYS >
[2008-04-14 20:06:28 | 000,052,992 | ---- | M] (Microsoft Corporation) MD5=A2E5B9B25D77AF18BE1ECE69F15F436C -- C:\WINDOWS\system32\dllcache\volsnap.sys
[2008-04-14 20:06:28 | 000,052,992 | ---- | M] (Microsoft Corporation) MD5=A2E5B9B25D77AF18BE1ECE69F15F436C -- C:\WINDOWS\system32\drivers\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2008-04-14 20:40:10 | 000,510,976 | ---- | M] (Microsoft Corporation) MD5=2EFCB948E7DA1B6D6FE351032FF76391 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008-04-14 20:40:10 | 000,510,976 | ---- | M] (Microsoft Corporation) MD5=2EFCB948E7DA1B6D6FE351032FF76391 -- C:\WINDOWS\system32\winlogon.exe
[2009-05-26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Alexandrino\Definições locais\Temp\RarSFX0\winlogon.exe

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011-12-16 12:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011-12-16 12:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011-12-16 12:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Programas\Internet Explorer\iexplore.exe" -extoff [2009-03-08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Programas\Internet Explorer\iexplore.exe [2009-03-08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011-12-16 12:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011-12-16 12:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011-12-16 12:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Programas\Internet Explorer\iexplore.exe" -extoff [2009-03-08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Programas\Internet Explorer\iexplore.exe [2009-03-08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB13922$] -> Error: Cannot create file handle -> Unknown point type
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction
[C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 -> Junction
[C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35] -> C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 -> Junction
[C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\WcfSvcHost\v4.0_10.0.0.0__31bf3856ad364e35] -> C:\WINDOWS\WinSxS\MSIL_WcfSvcHost_31bf3856ad364e35_10.0.0.0_x-ww_8f8c98f0 -> Junction

< End of report >


Extras.txt

OTL Extras logfile created on: 08-03-2012 16:24:32 - Run 1
OTL by OldTimer - Version 3.2.36.1 Folder = C:\Documents and Settings\Alexandrino\Ambiente de trabalho
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000816 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy

1014,11 Mb Total Physical Memory | 436,29 Mb Available Physical Memory | 43,02% Memory free
2,39 Gb Paging File | 1,86 Gb Available in Paging File | 77,73% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programas
Drive C: | 149,04 Gb Total Space | 47,72 Gb Free Space | 32,02% Space Free | Partition Type: NTFS

Computer Name: ALEXANDR-PC | User Name: Alexandrino | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Serviço de Partilha de Rede do Windows Media Player
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Serviço de Partilha de Rede do Windows Media Player
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Serviço de Partilha de Rede do Windows Media Player
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Serviço de Partilha de Rede do Windows Media Player
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Serviço de Partilha de Rede do Windows Media Player
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Serviço de Partilha de Rede do Windows Media Player
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Disabled:Gestão Remota do Windows
"80:TCP" = 80:TCP:*:Disabled:Gestão Remota do Windows - Modo de Compatibilidade (Entrada de HTTP)
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Serviço de Partilha de Rede do Windows Media Player
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Serviço de Partilha de Rede do Windows Media Player
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Serviço de Partilha de Rede do Windows Media Player
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Serviço de Partilha de Rede do Windows Media Player
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Serviço de Partilha de Rede do Windows Media Player
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Serviço de Partilha de Rede do Windows Media Player
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programas\Vuze\Azureus.exe" = C:\Programas\Vuze\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)
"C:\Programas\Microsoft Games\Project S\Spartan.exe" = C:\Programas\Microsoft Games\Project S\Spartan.exe:*:Enabled:Spartan
"C:\Programas\AVG\AVG10\avgmfapx.exe" = C:\Programas\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Programas\Steam\Steam.exe" = C:\Programas\Steam\Steam.exe:*:Enabled:Steam
"C:\Programas\Steam\steamapps\common\terraria\Terraria.exe" = C:\Programas\Steam\steamapps\common\terraria\Terraria.exe:*:Enabled:Terraria
"C:\Programas\Steam\steamapps\common\terraria\TerrariaServer.exe" = C:\Programas\Steam\steamapps\common\terraria\TerrariaServer.exe:*:Enabled:Terraria
"C:\Programas\BitNami Tracks Stack\mysql\bin\mysqld.exe" = C:\Programas\BitNami Tracks Stack\mysql\bin\mysqld.exe:*:Enabled:mysqld
"C:\Programas\BitNami Tracks Stack\apache2\bin\httpd.exe" = C:\Programas\BitNami Tracks Stack\apache2\bin\httpd.exe:*:Enabled:Apache HTTP Server
"C:\Documents and Settings\Alexandrino\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Alexandrino\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox
"C:\Programas\AVG\AVG2012\avgmfapx.exe" = C:\Programas\AVG\AVG2012\avgmfapx.exe:*:Enabled:Instalador AVG -- (AVG Technologies CZ, s.r.o.)
"C:\Programas\AVG\AVG2012\avgnsx.exe" = C:\Programas\AVG\AVG2012\avgnsx.exe:*:Enabled:Protecção Online -- (AVG Technologies CZ, s.r.o.)
"C:\Programas\AVG\AVG2012\avgdiagex.exe" = C:\Programas\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Programas\AVG\AVG2012\avgemcx.exe" = C:\Programas\AVG\AVG2012\avgemcx.exe:*:Enabled:Verificador de E-mail Pessoal -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{035400A4-29BD-3723-BEED-E2718A68CDE0}" = Microsoft Visual Studio 2010 Office Developer Tools (x86)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{083E0D59-B6B4-4570-AA0A-37F5B4526CF5}" = AVG 2012
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{170DE2A7-4768-370C-9671-D8D17826EFBF}" = Microsoft Visual Studio 2010 Performance Collection Tools - ENU
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2D9FEBEE-F1B7-344F-BFDF-760E18332D96}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{350C9816-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3BB19A2B-B9C5-3872-8FDF-3047CC9F9841}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
"{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{587139F5-9B76-4D5A-94C6-76E6B219BF7F}" = Windows Live Sync
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6ED37A91-7710-3183-BE50-AB043FF6689E}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRJPRO_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{9E73617F-2F38-4864-BD61-BB2DDFE43323}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PRJPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}_PRJPRO_{27A9D316-D332-433B-8EB1-1D93EE49F26D}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PRJPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96EBD346-F6B4-4EBE-B6EC-CB559CCEBBC9}" = Galeria de Fotografias do Windows Live
"{97CE8B73-AA5A-4987-A1BE-50DD1A187478}" = Microsoft Sync Framework SDK v1.0 SP1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F67D8FC-2A5F-440E-855C-E26A7FE88D28}" = Windows Live Essentials
"{9FD7C77D-5657-49C1-8FB5-5C7BFCAFC6DB}" = Windows Live Call
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-7AD7-1046-7B44-A93000000001}" = Adobe Reader 9.3 - Português
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}" = Magic Online
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{BB9F1FB8-D595-433A-A94E-7FE821B10640}" = OpenOffice.org 3.2
"{BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}" = Microsoft Visual Studio 2010 Ultimate - ENU
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C6DD625F-4B61-4561-8286-87CA0275CEA1}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86)
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files
"{DC3D6AFB-78B4-489F-81D7-30B66E0C2417}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)
"{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F990B526-8F7C-46E0-B1F1-6C893A8B478F}" = Microsoft Sync Framework Services v1.0 SP1 (x86)
"{FAB1F336-1B7C-4057-A7BC-2922CD82A781}" = Ralink Wireless LAN
"{FD702B54-2FD4-459B-97F3-977BDF2C3C5C}" = Windows Live Messenger
"7-Zip" = 7-Zip 9.20
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG" = AVG 2012
"HDMI" = Intel® Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Gestor de Dispositivo de Plataforma
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.9.0 (Standard)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio 2010 Ultimate - ENU" = Microsoft Visual Studio 2010 Ultimate - ENU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MTG GamePack for Magic Workstation_is1" = MTG GamePack for Magic Workstation
"OpenAL" = OpenAL
"PRJPRO" = Microsoft Office Project Professional 2007
"Steam App 105600" = Terraria
"TaoFramework" = TaoFramework 2.1.0
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2025429265-823518204-1177238915-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 08-03-2012 11:19:53 | Computer Name = ALEXANDR-PC | Source = LoadPerf | ID = 3011
Description = O descarregamento das cadeias do contador de desempenho do serviço
ServiceModelOperation 4.0.0.0 (ServiceModelOperation 4.0.0.0) falhou. O código de
erro é a primeira DWORD na 'Data section'.

Error - 08-03-2012 11:19:53 | Computer Name = ALEXANDR-PC | Source = LoadPerf | ID = 3001
Description = O valor da cadeia de nome de contador de desempenho no registo está
formatado incorrectamente. A cadeia errada é 11846, o valor de índice errado é a
primeira DWORD na 'Data section' enquanto que os últimos valores de índice válidos
são a segunda e a terceira DWORD na 'Data section'.

Error - 08-03-2012 11:19:53 | Computer Name = ALEXANDR-PC | Source = LoadPerf | ID = 3001
Description = O valor da cadeia de nome de contador de desempenho no registo está
formatado incorrectamente. A cadeia errada é 11846, o valor de índice errado é a
primeira DWORD na 'Data section' enquanto que os últimos valores de índice válidos
são a segunda e a terceira DWORD na 'Data section'.

Error - 08-03-2012 11:19:53 | Computer Name = ALEXANDR-PC | Source = LoadPerf | ID = 3011
Description = O descarregamento das cadeias do contador de desempenho do serviço
ServiceModelService 4.0.0.0 (ServiceModelService 4.0.0.0) falhou. O código de erro
é a primeira DWORD na 'Data section'.

Error - 08-03-2012 11:19:53 | Computer Name = ALEXANDR-PC | Source = LoadPerf | ID = 3001
Description = O valor da cadeia de nome de contador de desempenho no registo está
formatado incorrectamente. A cadeia errada é 11846, o valor de índice errado é a
primeira DWORD na 'Data section' enquanto que os últimos valores de índice válidos
são a segunda e a terceira DWORD na 'Data section'.

Error - 08-03-2012 11:19:53 | Computer Name = ALEXANDR-PC | Source = LoadPerf | ID = 3001
Description = O valor da cadeia de nome de contador de desempenho no registo está
formatado incorrectamente. A cadeia errada é 11846, o valor de índice errado é a
primeira DWORD na 'Data section' enquanto que os últimos valores de índice válidos
são a segunda e a terceira DWORD na 'Data section'.

Error - 08-03-2012 11:19:53 | Computer Name = ALEXANDR-PC | Source = LoadPerf | ID = 3011
Description = O descarregamento das cadeias do contador de desempenho do serviço
SMSvcHost 4.0.0.0 (SMSvcHost 4.0.0.0) falhou. O código de erro é a primeira DWORD
na 'Data section'.

Error - 08-03-2012 11:19:53 | Computer Name = ALEXANDR-PC | Source = LoadPerf | ID = 3001
Description = O valor da cadeia de nome de contador de desempenho no registo está
formatado incorrectamente. A cadeia errada é 11846, o valor de índice errado é a
primeira DWORD na 'Data section' enquanto que os últimos valores de índice válidos
são a segunda e a terceira DWORD na 'Data section'.

Error - 08-03-2012 11:19:53 | Computer Name = ALEXANDR-PC | Source = LoadPerf | ID = 3001
Description = O valor da cadeia de nome de contador de desempenho no registo está
formatado incorrectamente. A cadeia errada é 11846, o valor de índice errado é a
primeira DWORD na 'Data section' enquanto que os últimos valores de índice válidos
são a segunda e a terceira DWORD na 'Data section'.

Error - 08-03-2012 11:19:53 | Computer Name = ALEXANDR-PC | Source = LoadPerf | ID = 3011
Description = O descarregamento das cadeias do contador de desempenho do serviço
MSDTC Bridge 4.0.0.0 (MSDTC Bridge 4.0.0.0) falhou. O código de erro é a primeira
DWORD na 'Data section'.

[ System Events ]
Error - 07-03-2012 15:09:14 | Computer Name = ALEXANDR-PC | Source = Service Control Manager | ID = 7023
Description = O serviço Qcdonner terminou com o seguinte erro: %%126

Error - 07-03-2012 15:09:14 | Computer Name = ALEXANDR-PC | Source = Service Control Manager | ID = 7023
Description = O serviço Lckfldservice terminou com o seguinte erro: %%126

Error - 07-03-2012 15:09:14 | Computer Name = ALEXANDR-PC | Source = Service Control Manager | ID = 7023
Description = O serviço W800mgmt terminou com o seguinte erro: %%126

Error - 07-03-2012 15:09:14 | Computer Name = ALEXANDR-PC | Source = Service Control Manager | ID = 7023
Description = O serviço Ctaud2k terminou com o seguinte erro: %%126

Error - 07-03-2012 15:09:14 | Computer Name = ALEXANDR-PC | Source = Service Control Manager | ID = 7023
Description = O serviço CVirtA terminou com o seguinte erro: %%126

Error - 07-03-2012 15:09:14 | Computer Name = ALEXANDR-PC | Source = Service Control Manager | ID = 7023
Description = O serviço StMp3Rec terminou com o seguinte erro: %%126

Error - 07-03-2012 15:09:14 | Computer Name = ALEXANDR-PC | Source = Service Control Manager | ID = 7023
Description = O serviço DCamUSBMke terminou com o seguinte erro: %%126

Error - 07-03-2012 15:09:14 | Computer Name = ALEXANDR-PC | Source = Service Control Manager | ID = 7023
Description = O serviço Sglogplayer terminou com o seguinte erro: %%126

Error - 07-03-2012 15:09:14 | Computer Name = ALEXANDR-PC | Source = Service Control Manager | ID = 7023
Description = O serviço PGPsdkDriver terminou com o seguinte erro: %%126

Error - 07-03-2012 15:09:14 | Computer Name = ALEXANDR-PC | Source = Service Control Manager | ID = 7023
Description = O serviço Db2governor terminou com o seguinte erro: %%126


< End of report >

5- I havent used the computer while trying to fix it since I have a spare one to use temporarily but if necessary I can use it to see how it's working.


Thanks for the help. I'll eagerly await for the next step.

#4 relmatos

relmatos
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 08 March 2012 - 01:58 PM

I've had the computer on all this time since the previous post and AVG didn't warn me once about any problems once. It feels faster now than it was previously although I don't know if it's because of the system restore.
I updated the Anti-Virus and when shutting the computer down I was informed that I had an update for windows. Should I install the update or wait until everything is done?

#5 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:17 AM

Posted 09 March 2012 - 01:05 AM

Good Evening relmatos!

I was wondering if I lose Internet\Network Access again or, as I've read somewhere else that it might happen keyboard access, I can do a system restore to get access again or if I should do anything else. I'm also wondering if I could\should remove all the internet temporary files\cookies or not.

It's depends. Depending on what occurs, and what tool was run really helps determine what the best way of regaining internet access is. If you lose access to the internet, please let me know and we'll take things from there.

I'm going to have my tools remove the temporary files when you run them, so you don't need to worry about emptying them. :)

I updated the Anti-Virus and when shutting the computer down I was informed that I had an update for windows. Should I install the update or wait until everything is done?

Please hold up on allowing the update to install. You're still infected.

It took me 3 attempts to get the program to work. The first time it got stuck at 80% and everything stopped responding. I was forced to restart the computer at the button. The 2nd time the application was stuck on c:\windows\system32\drivers\Parport.sys for about 40 minutes before it stopped responding and I had to restart the computer again. Each of those times produced a log but I'll only upload the third log which was very fast.

Okay, thanks for that information.

It looks like TDSSKiller was able to detect and remove a file that was patched by ZeroAccess.

Do you recognize these 3 files?

[2012-03-07 20:13:20 | 000,006,884 | ---- | M] () -- C:\Documents and Settings\Alexandrino\Ambiente de trabalho\backup.zip
[2012-03-07 20:11:36 | 000,002,868 | ---- | M] () -- C:\Documents and Settings\Alexandrino\Ambiente de trabalho\backup.opml
[2012-03-07 20:11:34 | 000,022,331 | ---- | M] () -- C:\Documents and Settings\Alexandrino\Ambiente de trabalho\backup.htm

Did you enable these ports?

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Disabled:Gestão Remota do Windows
"80:TCP" = 80:TCP:*:Disabled:Gestão Remota do Windows - Modo de Compatibilidade (Entrada de HTTP)

OTL Fix

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (44169337)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    [2012-03-08 16:13:50 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
    [2012-02-28 20:36:31 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\iPiMFO72H.dat
    [2012-02-28 20:36:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\iPiMFO72H.dat
    [2012-02-28 00:43:56 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
    
    :Reg
    
    :Files
    C:\WINDOWS\tasks\At*.job
    dir /s /a "C:\60a25b777ccc5913bc" /c
    dir /s /a "C:\3ed46b5f2f998850b28343a81d173d" /c
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running ComboFix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon.
They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
    Posted Image
    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. Answer to question regarding those 3 files and open ports.
3. OTL Fix log.
4. ComboFix.txt log.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#6 relmatos

relmatos
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 09 March 2012 - 06:37 AM

Hi. those backup files were created by me when I began trying to clean the computer and began considering formating it. The htm is a backup of my favourite links and the opml one is an export of my RSS feeds. the zip has the 2 files. I then copied them to dropbox for safekeeping.
Should I remove them?
I did not enable any ports as far as I remember.

I'll proceed with the other steps as soon as possible when I return home later today.

Edited by relmatos, 09 March 2012 - 06:37 AM.


#7 relmatos

relmatos
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 09 March 2012 - 11:28 AM

1- There have been a few problems this time.
When OTL restarted the computer, I had no way of skipping the windows updates so it started updating. Hope it didnt harm anything.

After a while of running combofix, I got a popup window saying that it had caught a rootkit working and had to restart the computer. after doing so, the combofix window came back, continued working. After a while it disappeared and all I could see was the wallpaper and nothing else(no startup bar). I could here the computer processing information. After a while the sound of computer processing information stopped but nothing changed. After about 2 hours I gave up and was forced to restart the computer.
I have a file with no name on my Desktop now, the only options I have on it are Cut, Create Shortcut and Delete. On C:\ I have an icon called ComboFix that looks like MyComputer and clicking on it sends me into MyComputer. Weirdest thing I ever saw.
There is no ComboFix.txt to post.


2- The answers to the questions are in the previous post I made earlier today.

3- OTL FIX LOG:

All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
Service 44169337 stopped successfully!
Service 44169337 deleted successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\WINDOWS\system32\dds_trash_log.cmd moved successfully.
C:\Documents and Settings\All Users\Application Data\iPiMFO72H.dat moved successfully.
File C:\Documents and Settings\All Users\Application Data\iPiMFO72H.dat not found.
File C:\WINDOWS\System32\dds_trash_log.cmd not found.
========== REGISTRY ==========
========== FILES ==========
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At25.job moved successfully.
C:\WINDOWS\tasks\At26.job moved successfully.
C:\WINDOWS\tasks\At27.job moved successfully.
C:\WINDOWS\tasks\At28.job moved successfully.
C:\WINDOWS\tasks\At29.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At30.job moved successfully.
C:\WINDOWS\tasks\At31.job moved successfully.
C:\WINDOWS\tasks\At32.job moved successfully.
C:\WINDOWS\tasks\At33.job moved successfully.
C:\WINDOWS\tasks\At34.job moved successfully.
C:\WINDOWS\tasks\At35.job moved successfully.
C:\WINDOWS\tasks\At36.job moved successfully.
C:\WINDOWS\tasks\At37.job moved successfully.
C:\WINDOWS\tasks\At38.job moved successfully.
C:\WINDOWS\tasks\At39.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At40.job moved successfully.
C:\WINDOWS\tasks\At41.job moved successfully.
C:\WINDOWS\tasks\At42.job moved successfully.
C:\WINDOWS\tasks\At43.job moved successfully.
C:\WINDOWS\tasks\At44.job moved successfully.
C:\WINDOWS\tasks\At45.job moved successfully.
C:\WINDOWS\tasks\At46.job moved successfully.
C:\WINDOWS\tasks\At47.job moved successfully.
C:\WINDOWS\tasks\At48.job moved successfully.
C:\WINDOWS\tasks\At49.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At50.job moved successfully.
C:\WINDOWS\tasks\At51.job moved successfully.
C:\WINDOWS\tasks\At52.job moved successfully.
C:\WINDOWS\tasks\At53.job moved successfully.
C:\WINDOWS\tasks\At54.job moved successfully.
C:\WINDOWS\tasks\At55.job moved successfully.
C:\WINDOWS\tasks\At56.job moved successfully.
C:\WINDOWS\tasks\At57.job moved successfully.
C:\WINDOWS\tasks\At58.job moved successfully.
C:\WINDOWS\tasks\At59.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At60.job moved successfully.
C:\WINDOWS\tasks\At61.job moved successfully.
C:\WINDOWS\tasks\At62.job moved successfully.
C:\WINDOWS\tasks\At63.job moved successfully.
C:\WINDOWS\tasks\At64.job moved successfully.
C:\WINDOWS\tasks\At65.job moved successfully.
C:\WINDOWS\tasks\At66.job moved successfully.
C:\WINDOWS\tasks\At67.job moved successfully.
C:\WINDOWS\tasks\At68.job moved successfully.
C:\WINDOWS\tasks\At69.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At70.job moved successfully.
C:\WINDOWS\tasks\At71.job moved successfully.
C:\WINDOWS\tasks\At72.job moved successfully.
C:\WINDOWS\tasks\At73.job moved successfully.
C:\WINDOWS\tasks\At74.job moved successfully.
C:\WINDOWS\tasks\At75.job moved successfully.
C:\WINDOWS\tasks\At76.job moved successfully.
C:\WINDOWS\tasks\At77.job moved successfully.
C:\WINDOWS\tasks\At78.job moved successfully.
C:\WINDOWS\tasks\At79.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At80.job moved successfully.
C:\WINDOWS\tasks\At81.job moved successfully.
C:\WINDOWS\tasks\At82.job moved successfully.
C:\WINDOWS\tasks\At83.job moved successfully.
C:\WINDOWS\tasks\At84.job moved successfully.
C:\WINDOWS\tasks\At85.job moved successfully.
C:\WINDOWS\tasks\At86.job moved successfully.
C:\WINDOWS\tasks\At87.job moved successfully.
C:\WINDOWS\tasks\At88.job moved successfully.
C:\WINDOWS\tasks\At89.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.
C:\WINDOWS\tasks\At90.job moved successfully.
C:\WINDOWS\tasks\At91.job moved successfully.
C:\WINDOWS\tasks\At92.job moved successfully.
C:\WINDOWS\tasks\At93.job moved successfully.
C:\WINDOWS\tasks\At94.job moved successfully.
C:\WINDOWS\tasks\At95.job moved successfully.
C:\WINDOWS\tasks\At96.job moved successfully.
< dir /s /a "C:\60a25b777ccc5913bc" /c >
O volume na unidade C nÆo tem nome
O n£mero de s‚rie do volume ‚ C082-6450
Direct¢rio de C:\60a25b777ccc5913bc
08-03-2012 15:18 <DIR> .
08-03-2012 15:18 <DIR> ..
08-03-2012 15:18 788 $shtdwn$.req
08-03-2012 15:18 <DIR> 1025
08-03-2012 15:18 <DIR> 1028
08-03-2012 15:18 <DIR> 1029
08-03-2012 15:18 <DIR> 1030
08-03-2012 15:18 <DIR> 1031
08-03-2012 15:18 <DIR> 1032
08-03-2012 15:18 <DIR> 1033
08-03-2012 15:18 <DIR> 1035
08-03-2012 15:18 <DIR> 1036
08-03-2012 15:18 <DIR> 1037
08-03-2012 15:18 <DIR> 1038
08-03-2012 15:18 <DIR> 1040
08-03-2012 15:18 <DIR> 1041
08-03-2012 15:18 <DIR> 1042
08-03-2012 15:18 <DIR> 1043
08-03-2012 15:18 <DIR> 1044
08-03-2012 15:18 <DIR> 1045
08-03-2012 15:18 <DIR> 1046
08-03-2012 15:18 <DIR> 1049
08-03-2012 15:18 <DIR> 1053
08-03-2012 15:18 <DIR> 1055
08-03-2012 15:18 <DIR> 2052
08-03-2012 15:18 <DIR> 2070
08-03-2012 15:18 <DIR> 3076
08-03-2012 15:18 <DIR> 3082
26-10-2011 14:24 16.118 DHtmlHeader.html
08-03-2012 15:18 <DIR> Graphics
26-10-2011 15:41 3.628 header.bmp
26-10-2011 15:38 2.830.848 NDP40-KB2633870.msp
26-10-2011 15:41 24.926 ParameterInfo.xml
26-10-2011 14:41 78.912 Setup.exe
26-10-2011 14:41 810.064 SetupEngine.dll
26-10-2011 14:41 296.520 SetupUi.dll
26-10-2011 14:24 30.120 SetupUi.xsd
26-10-2011 14:24 96.848 SetupUtility.exe
26-10-2011 15:41 196.662 SplashScreen.bmp
26-10-2011 14:24 144.416 sqmapi.dll
26-10-2011 15:41 13.606 Strings.xml
26-10-2011 15:41 36.180 UiInfo.xml
26-10-2011 15:41 104.072 watermark.bmp
15 ficheiro(s) 4.683.708 bytes
Direct¢rio de C:\60a25b777ccc5913bc\1025
08-03-2012 15:18 <DIR> .
08-03-2012 15:18 <DIR> ..
26-10-2011 15:41 123.035 eula.rtf
26-10-2011 15:41 34.118 LocalizedData.xml
26-10-2011 14:41 17.496 SetupResources.dll
3 ficheiro(s) 174.649 bytes
Direct¢rio de C:\60a25b777ccc5913bc\1028
08-03-2012 15:18 <DIR> .
08-03-2012 15:18 <DIR> ..
26-10-2011 15:41 128.333 eula.rtf
26-10-2011 15:41 28.422 LocalizedData.xml
26-10-2011 14:41 14.424 SetupResources.dll
3 ficheiro(s) 171.179 bytes
Direct¢rio de C:\60a25b777ccc5913bc\1029
08-03-2012 15:18 <DIR> .
08-03-2012 15:18 <DIR> ..
26-10-2011 15:41 101.146 eula.rtf
26-10-2011 15:41 36.716 LocalizedData.xml
26-10-2011 14:41 18.520 SetupResources.dll
3 ficheiro(s) 156.382 bytes
Direct¢rio de C:\60a25b777ccc5913bc\1030
08-03-2012 15:18 <DIR> .
08-03-2012 15:18 <DIR> ..
26-10-2011 15:41 109.464 eula.rtf
26-10-2011 15:41 36.020 LocalizedData.xml
26-10-2011 14:41 18.520 SetupResources.dll
3 ficheiro(s) 164.004 bytes
Direct¢rio de C:\60a25b777ccc5913bc\1031
08-03-2012 15:18 <DIR> .
08-03-2012 15:18 <DIR> ..
26-10-2011 15:41 91.719 eula.rtf
26-10-2011 15:41 37.858 LocalizedData.xml
26-10-2011 14:41 19.032 SetupResources.dll
3 ficheiro(s) 148.609 bytes
Direct¢rio de C:\60a25b777ccc5913bc\1032
08-03-2012 15:18 <DIR> .
08-03-2012 15:18 <DIR> ..
26-10-2011 15:41 102.048 eula.rtf
26-10-2011 15:41 38.668 LocalizedData.xml
26-10-2011 14:41 19.544 SetupResources.dll
3 ficheiro(s) 160.260 bytes
Direct¢rio de C:\60a25b777ccc5913bc\1033
08-03-2012 15:18 <DIR> .
08-03-2012 15:18 <DIR> ..
26-10-2011 15:41 138.595 eula.rtf
26-10-2011 15:41 35.802 LocalizedData.xml
26-10-2011 14:41 17.496 SetupResources.dll
3 ficheiro(s) 191.893 bytes
Direct¢rio de C:\60a25b777ccc5913bc\1035
08-03-2012 15:18 <DIR> .
08-03-2012 15:18 <DIR> ..
26-10-2011 15:41 111.176 eula.rtf
26-10-2011 15:41 36.066 LocalizedData.xml
26-10-2011 14:41 18.520 SetupResources.dll
3 ficheiro(s) 165.762 bytes
Direct¢rio de C:\60a25b777ccc5913bc\1036
08-03-2012 15:18 <DIR> .
08-03-2012 15:18 <DIR> ..
26-10-2011 15:41 133.172 eula.rtf
26-10-2011 15:41 37.676 LocalizedData.xml
26-10-2011 14:41 19.032 SetupResources.dll
3 ficheiro(s) 189.880 bytes
Direct¢rio de C:\60a25b777ccc5913bc\1037
08-03-2012 15:18 <DIR> .
08-03-2012 15:18 <DIR> ..
26-10-2011 15:41 125.351 eula.rtf
26-10-2011 15:41 33.028 LocalizedData.xml
26-10-2011 14:41 16.984 SetupResources.dll
3 ficheiro(s) 175.363 bytes
Direct¢rio de C:\60a25b777ccc5913bc\1038
08-03-2012 15:18 <DIR> .
08-03-2012 15:18 <DIR> ..
26-10-2011 15:41 110.879 eula.rtf
26-10-2011 15:41 37.692 LocalizedData.xml
26-10-2011 14:42 19.032 SetupResources.dll
3 ficheiro(s) 167.603 bytes
Direct¢rio de C:\60a25b777ccc5913bc\1040
08-03-2012 15:18 <DIR> .
08-03-2012 15:18 <DIR> ..
26-10-2011 15:41 124.974 eula.rtf
26-10-2011 15:41 37.048 LocalizedData.xml
26-10-2011 14:42 18.520 SetupResources.dll
3 ficheiro(s) 180.542 bytes
Direct¢rio de C:\60a25b777ccc5913bc\1041
08-03-2012 15:18 <DIR> .
08-03-2012 15:18 <DIR> ..
26-10-2011 15:41 111.958 eula.rtf
26-10-2011 15:41 31.424 LocalizedData.xml
26-10-2011 14:42 15.960 SetupResources.dll
3 ficheiro(s) 159.342 bytes
Direct¢rio de C:\60a25b777ccc5913bc\1042
08-03-2012 15:18 <DIR> .
08-03-2012 15:18 <DIR> ..
26-10-2011 15:41 149.503 eula.rtf
26-10-2011 15:41 30.504 LocalizedData.xml
26-10-2011 14:42 15.448 SetupResources.dll
3 ficheiro(s) 195.455 bytes
Direct¢rio de C:\60a25b777ccc5913bc\1043
08-03-2012 15:18 <DIR> .
08-03-2012 15:18 <DIR> ..
26-10-2011 15:41 35.285 eula.rtf
26-10-2011 15:41 36.850 LocalizedData.xml
26-10-2011 14:42 19.544 SetupResources.dll
3 ficheiro(s) 91.679 bytes
Direct¢rio de C:\60a25b777ccc5913bc\1044
08-03-2012 15:18 <DIR> .
08-03-2012 15:18 <DIR> ..
26-10-2011 15:41 36.083 eula.rtf
26-10-2011 15:41 36.546 LocalizedData.xml
26-10-2011 14:42 18.008 SetupResources.dll
3 ficheiro(s) 90.637 bytes
Direct¢rio de C:\60a25b777ccc5913bc\1045
08-03-2012 15:18 <DIR> .
08-03-2012 15:18 <DIR> ..
26-10-2011 15:41 126.541 eula.rtf
26-10-2011 15:41 37.132 LocalizedData.xml
26-10-2011 14:42 18.520 SetupResources.dll
3 ficheiro(s) 182.193 bytes
Direct¢rio de C:\60a25b777ccc5913bc\1046
08-03-2012 15:18 <DIR> .
08-03-2012 15:18 <DIR> ..
26-10-2011 15:41 109.574 eula.rtf
26-10-2011 15:41 36.530 LocalizedData.xml
26-10-2011 14:42 18.520 SetupResources.dll
3 ficheiro(s) 164.624 bytes
Direct¢rio de C:\60a25b777ccc5913bc\1049
08-03-2012 15:18 <DIR> .
08-03-2012 15:18 <DIR> ..
26-10-2011 15:41 49.319 eula.rtf
26-10-2011 15:41 37.394 LocalizedData.xml
26-10-2011 14:42 19.032 SetupResources.dll
3 ficheiro(s) 105.745 bytes
Direct¢rio de C:\60a25b777ccc5913bc\1053
08-03-2012 15:18 <DIR> .
08-03-2012 15:18 <DIR> ..
26-10-2011 15:41 125.073 eula.rtf
26-10-2011 15:41 36.014 LocalizedData.xml
26-10-2011 14:42 18.008 SetupResources.dll
3 ficheiro(s) 179.095 bytes
Direct¢rio de C:\60a25b777ccc5913bc\1055
08-03-2012 15:18 <DIR> .
08-03-2012 15:18 <DIR> ..
26-10-2011 15:41 112.947 eula.rtf
26-10-2011 15:41 36.274 LocalizedData.xml
26-10-2011 14:42 18.008 SetupResources.dll
3 ficheiro(s) 167.229 bytes
Direct¢rio de C:\60a25b777ccc5913bc\2052
08-03-2012 15:18 <DIR> .
08-03-2012 15:18 <DIR> ..
26-10-2011 15:41 110.754 eula.rtf
26-10-2011 15:41 28.414 LocalizedData.xml
26-10-2011 14:42 14.424 SetupResources.dll
3 ficheiro(s) 153.592 bytes
Direct¢rio de C:\60a25b777ccc5913bc\2070
08-03-2012 15:18 <DIR> .
08-03-2012 15:18 <DIR> ..
26-10-2011 15:41 125.196 eula.rtf
26-10-2011 15:41 37.332 LocalizedData.xml
26-10-2011 14:42 19.032 SetupResources.dll
3 ficheiro(s) 181.560 bytes
Direct¢rio de C:\60a25b777ccc5913bc\3076
08-03-2012 15:18 <DIR> .
08-03-2012 15:18 <DIR> ..
26-10-2011 15:41 2.060 eula.rtf
26-10-2011 15:41 28.422 LocalizedData.xml
26-10-2011 14:41 14.424 SetupResources.dll
3 ficheiro(s) 44.906 bytes
Direct¢rio de C:\60a25b777ccc5913bc\3082
08-03-2012 15:18 <DIR> .
08-03-2012 15:18 <DIR> ..
26-10-2011 15:41 108.174 eula.rtf
26-10-2011 15:41 37.096 LocalizedData.xml
26-10-2011 14:42 19.032 SetupResources.dll
3 ficheiro(s) 164.302 bytes
Direct¢rio de C:\60a25b777ccc5913bc\Graphics
08-03-2012 15:18 <DIR> .
08-03-2012 15:18 <DIR> ..
26-10-2011 14:20 1.150 Print.ico
26-10-2011 14:20 894 Rotate1.ico
26-10-2011 14:20 894 Rotate2.ico
26-10-2011 14:20 894 Rotate3.ico
26-10-2011 14:20 894 Rotate4.ico
26-10-2011 14:20 894 Rotate5.ico
26-10-2011 14:20 894 Rotate6.ico
26-10-2011 14:20 894 Rotate7.ico
26-10-2011 14:20 894 Rotate8.ico
26-10-2011 14:20 1.150 Save.ico
26-10-2011 14:20 36.710 Setup.ico
26-10-2011 14:20 10.134 stop.ico
26-10-2011 14:20 1.150 SysReqMet.ico
26-10-2011 14:20 1.150 SysReqNotMet.ico
26-10-2011 14:20 10.134 warn.ico
15 ficheiro(s) 68.730 bytes
Total de ficheiros listados:
105 ficheiro(s) 8.678.923 bytes
80 Dir(s) 50.656.268.288 bytes livres
C:\Documents and Settings\Alexandrino\Ambiente de trabalho\cmd.bat deleted successfully.
C:\Documents and Settings\Alexandrino\Ambiente de trabalho\cmd.txt deleted successfully.
< dir /s /a "C:\3ed46b5f2f998850b28343a81d173d" /c >
O volume na unidade C nÆo tem nome
O n£mero de s‚rie do volume ‚ C082-6450
Direct¢rio de C:\3ed46b5f2f998850b28343a81d173d
08-03-2012 15:06 <DIR> .
08-03-2012 15:06 <DIR> ..
08-03-2012 15:06 788 $shtdwn$.req
08-03-2012 15:06 <DIR> 1025
08-03-2012 15:06 <DIR> 1028
08-03-2012 15:06 <DIR> 1029
08-03-2012 15:06 <DIR> 1030
08-03-2012 15:06 <DIR> 1031
08-03-2012 15:06 <DIR> 1032
08-03-2012 15:06 <DIR> 1033
08-03-2012 15:06 <DIR> 1035
08-03-2012 15:06 <DIR> 1036
08-03-2012 15:06 <DIR> 1037
08-03-2012 15:06 <DIR> 1038
08-03-2012 15:06 <DIR> 1040
08-03-2012 15:06 <DIR> 1041
08-03-2012 15:06 <DIR> 1042
08-03-2012 15:06 <DIR> 1043
08-03-2012 15:06 <DIR> 1044
08-03-2012 15:06 <DIR> 1045
08-03-2012 15:06 <DIR> 1046
08-03-2012 15:06 <DIR> 1049
08-03-2012 15:06 <DIR> 1053
08-03-2012 15:06 <DIR> 1055
08-03-2012 15:06 <DIR> 2052
08-03-2012 15:06 <DIR> 2070
08-03-2012 15:06 <DIR> 3076
08-03-2012 15:06 <DIR> 3082
26-10-2011 14:24 16.118 DHtmlHeader.html
08-03-2012 15:06 <DIR> Graphics
26-10-2011 15:41 3.628 header.bmp
26-10-2011 15:38 2.830.848 NDP40-KB2633870.msp
26-10-2011 15:41 24.926 ParameterInfo.xml
26-10-2011 14:41 78.912 Setup.exe
26-10-2011 14:41 810.064 SetupEngine.dll
26-10-2011 14:41 296.520 SetupUi.dll
26-10-2011 14:24 30.120 SetupUi.xsd
26-10-2011 14:24 96.848 SetupUtility.exe
26-10-2011 15:41 196.662 SplashScreen.bmp
26-10-2011 14:24 144.416 sqmapi.dll
26-10-2011 15:41 13.606 Strings.xml
26-10-2011 15:41 36.180 UiInfo.xml
26-10-2011 15:41 104.072 watermark.bmp
15 ficheiro(s) 4.683.708 bytes
Direct¢rio de C:\3ed46b5f2f998850b28343a81d173d\1025
08-03-2012 15:06 <DIR> .
08-03-2012 15:06 <DIR> ..
26-10-2011 15:41 123.035 eula.rtf
26-10-2011 15:41 34.118 LocalizedData.xml
26-10-2011 14:41 17.496 SetupResources.dll
3 ficheiro(s) 174.649 bytes
Direct¢rio de C:\3ed46b5f2f998850b28343a81d173d\1028
08-03-2012 15:06 <DIR> .
08-03-2012 15:06 <DIR> ..
26-10-2011 15:41 128.333 eula.rtf
26-10-2011 15:41 28.422 LocalizedData.xml
26-10-2011 14:41 14.424 SetupResources.dll
3 ficheiro(s) 171.179 bytes
Direct¢rio de C:\3ed46b5f2f998850b28343a81d173d\1029
08-03-2012 15:06 <DIR> .
08-03-2012 15:06 <DIR> ..
26-10-2011 15:41 101.146 eula.rtf
26-10-2011 15:41 36.716 LocalizedData.xml
26-10-2011 14:41 18.520 SetupResources.dll
3 ficheiro(s) 156.382 bytes
Direct¢rio de C:\3ed46b5f2f998850b28343a81d173d\1030
08-03-2012 15:06 <DIR> .
08-03-2012 15:06 <DIR> ..
26-10-2011 15:41 109.464 eula.rtf
26-10-2011 15:41 36.020 LocalizedData.xml
26-10-2011 14:41 18.520 SetupResources.dll
3 ficheiro(s) 164.004 bytes
Direct¢rio de C:\3ed46b5f2f998850b28343a81d173d\1031
08-03-2012 15:06 <DIR> .
08-03-2012 15:06 <DIR> ..
26-10-2011 15:41 91.719 eula.rtf
26-10-2011 15:41 37.858 LocalizedData.xml
26-10-2011 14:41 19.032 SetupResources.dll
3 ficheiro(s) 148.609 bytes
Direct¢rio de C:\3ed46b5f2f998850b28343a81d173d\1032
08-03-2012 15:06 <DIR> .
08-03-2012 15:06 <DIR> ..
26-10-2011 15:41 102.048 eula.rtf
26-10-2011 15:41 38.668 LocalizedData.xml
26-10-2011 14:41 19.544 SetupResources.dll
3 ficheiro(s) 160.260 bytes
Direct¢rio de C:\3ed46b5f2f998850b28343a81d173d\1033
08-03-2012 15:06 <DIR> .
08-03-2012 15:06 <DIR> ..
26-10-2011 15:41 138.595 eula.rtf
26-10-2011 15:41 35.802 LocalizedData.xml
26-10-2011 14:41 17.496 SetupResources.dll
3 ficheiro(s) 191.893 bytes
Direct¢rio de C:\3ed46b5f2f998850b28343a81d173d\1035
08-03-2012 15:06 <DIR> .
08-03-2012 15:06 <DIR> ..
26-10-2011 15:41 111.176 eula.rtf
26-10-2011 15:41 36.066 LocalizedData.xml
26-10-2011 14:41 18.520 SetupResources.dll
3 ficheiro(s) 165.762 bytes
Direct¢rio de C:\3ed46b5f2f998850b28343a81d173d\1036
08-03-2012 15:06 <DIR> .
08-03-2012 15:06 <DIR> ..
26-10-2011 15:41 133.172 eula.rtf
26-10-2011 15:41 37.676 LocalizedData.xml
26-10-2011 14:41 19.032 SetupResources.dll
3 ficheiro(s) 189.880 bytes
Direct¢rio de C:\3ed46b5f2f998850b28343a81d173d\1037
08-03-2012 15:06 <DIR> .
08-03-2012 15:06 <DIR> ..
26-10-2011 15:41 125.351 eula.rtf
26-10-2011 15:41 33.028 LocalizedData.xml
26-10-2011 14:41 16.984 SetupResources.dll
3 ficheiro(s) 175.363 bytes
Direct¢rio de C:\3ed46b5f2f998850b28343a81d173d\1038
08-03-2012 15:06 <DIR> .
08-03-2012 15:06 <DIR> ..
26-10-2011 15:41 110.879 eula.rtf
26-10-2011 15:41 37.692 LocalizedData.xml
26-10-2011 14:42 19.032 SetupResources.dll
3 ficheiro(s) 167.603 bytes
Direct¢rio de C:\3ed46b5f2f998850b28343a81d173d\1040
08-03-2012 15:06 <DIR> .
08-03-2012 15:06 <DIR> ..
26-10-2011 15:41 124.974 eula.rtf
26-10-2011 15:41 37.048 LocalizedData.xml
26-10-2011 14:42 18.520 SetupResources.dll
3 ficheiro(s) 180.542 bytes
Direct¢rio de C:\3ed46b5f2f998850b28343a81d173d\1041
08-03-2012 15:06 <DIR> .
08-03-2012 15:06 <DIR> ..
26-10-2011 15:41 111.958 eula.rtf
26-10-2011 15:41 31.424 LocalizedData.xml
26-10-2011 14:42 15.960 SetupResources.dll
3 ficheiro(s) 159.342 bytes
Direct¢rio de C:\3ed46b5f2f998850b28343a81d173d\1042
08-03-2012 15:06 <DIR> .
08-03-2012 15:06 <DIR> ..
26-10-2011 15:41 149.503 eula.rtf
26-10-2011 15:41 30.504 LocalizedData.xml
26-10-2011 14:42 15.448 SetupResources.dll
3 ficheiro(s) 195.455 bytes
Direct¢rio de C:\3ed46b5f2f998850b28343a81d173d\1043
08-03-2012 15:06 <DIR> .
08-03-2012 15:06 <DIR> ..
26-10-2011 15:41 35.285 eula.rtf
26-10-2011 15:41 36.850 LocalizedData.xml
26-10-2011 14:42 19.544 SetupResources.dll
3 ficheiro(s) 91.679 bytes
Direct¢rio de C:\3ed46b5f2f998850b28343a81d173d\1044
08-03-2012 15:06 <DIR> .
08-03-2012 15:06 <DIR> ..
26-10-2011 15:41 36.083 eula.rtf
26-10-2011 15:41 36.546 LocalizedData.xml
26-10-2011 14:42 18.008 SetupResources.dll
3 ficheiro(s) 90.637 bytes
Direct¢rio de C:\3ed46b5f2f998850b28343a81d173d\1045
08-03-2012 15:06 <DIR> .
08-03-2012 15:06 <DIR> ..
26-10-2011 15:41 126.541 eula.rtf
26-10-2011 15:41 37.132 LocalizedData.xml
26-10-2011 14:42 18.520 SetupResources.dll
3 ficheiro(s) 182.193 bytes
Direct¢rio de C:\3ed46b5f2f998850b28343a81d173d\1046
08-03-2012 15:06 <DIR> .
08-03-2012 15:06 <DIR> ..
26-10-2011 15:41 109.574 eula.rtf
26-10-2011 15:41 36.530 LocalizedData.xml
26-10-2011 14:42 18.520 SetupResources.dll
3 ficheiro(s) 164.624 bytes
Direct¢rio de C:\3ed46b5f2f998850b28343a81d173d\1049
08-03-2012 15:06 <DIR> .
08-03-2012 15:06 <DIR> ..
26-10-2011 15:41 49.319 eula.rtf
26-10-2011 15:41 37.394 LocalizedData.xml
26-10-2011 14:42 19.032 SetupResources.dll
3 ficheiro(s) 105.745 bytes
Direct¢rio de C:\3ed46b5f2f998850b28343a81d173d\1053
08-03-2012 15:06 <DIR> .
08-03-2012 15:06 <DIR> ..
26-10-2011 15:41 125.073 eula.rtf
26-10-2011 15:41 36.014 LocalizedData.xml
26-10-2011 14:42 18.008 SetupResources.dll
3 ficheiro(s) 179.095 bytes
Direct¢rio de C:\3ed46b5f2f998850b28343a81d173d\1055
08-03-2012 15:06 <DIR> .
08-03-2012 15:06 <DIR> ..
26-10-2011 15:41 112.947 eula.rtf
26-10-2011 15:41 36.274 LocalizedData.xml
26-10-2011 14:42 18.008 SetupResources.dll
3 ficheiro(s) 167.229 bytes
Direct¢rio de C:\3ed46b5f2f998850b28343a81d173d\2052
08-03-2012 15:06 <DIR> .
08-03-2012 15:06 <DIR> ..
26-10-2011 15:41 110.754 eula.rtf
26-10-2011 15:41 28.414 LocalizedData.xml
26-10-2011 14:42 14.424 SetupResources.dll
3 ficheiro(s) 153.592 bytes
Direct¢rio de C:\3ed46b5f2f998850b28343a81d173d\2070
08-03-2012 15:06 <DIR> .
08-03-2012 15:06 <DIR> ..
26-10-2011 15:41 125.196 eula.rtf
26-10-2011 15:41 37.332 LocalizedData.xml
26-10-2011 14:42 19.032 SetupResources.dll
3 ficheiro(s) 181.560 bytes
Direct¢rio de C:\3ed46b5f2f998850b28343a81d173d\3076
08-03-2012 15:06 <DIR> .
08-03-2012 15:06 <DIR> ..
26-10-2011 15:41 2.060 eula.rtf
26-10-2011 15:41 28.422 LocalizedData.xml
26-10-2011 14:41 14.424 SetupResources.dll
3 ficheiro(s) 44.906 bytes
Direct¢rio de C:\3ed46b5f2f998850b28343a81d173d\3082
08-03-2012 15:06 <DIR> .
08-03-2012 15:06 <DIR> ..
26-10-2011 15:41 108.174 eula.rtf
26-10-2011 15:41 37.096 LocalizedData.xml
26-10-2011 14:42 19.032 SetupResources.dll
3 ficheiro(s) 164.302 bytes
Direct¢rio de C:\3ed46b5f2f998850b28343a81d173d\Graphics
08-03-2012 15:06 <DIR> .
08-03-2012 15:06 <DIR> ..
26-10-2011 14:20 1.150 Print.ico
26-10-2011 14:20 894 Rotate1.ico
26-10-2011 14:20 894 Rotate2.ico
26-10-2011 14:20 894 Rotate3.ico
26-10-2011 14:20 894 Rotate4.ico
26-10-2011 14:20 894 Rotate5.ico
26-10-2011 14:20 894 Rotate6.ico
26-10-2011 14:20 894 Rotate7.ico
26-10-2011 14:20 894 Rotate8.ico
26-10-2011 14:20 1.150 Save.ico
26-10-2011 14:20 36.710 Setup.ico
26-10-2011 14:20 10.134 stop.ico
26-10-2011 14:20 1.150 SysReqMet.ico
26-10-2011 14:20 1.150 SysReqNotMet.ico
26-10-2011 14:20 10.134 warn.ico
15 ficheiro(s) 68.730 bytes
Total de ficheiros listados:
105 ficheiro(s) 8.678.923 bytes
80 Dir(s) 50.656.935.936 bytes livres
C:\Documents and Settings\Alexandrino\Ambiente de trabalho\cmd.bat deleted successfully.
C:\Documents and Settings\Alexandrino\Ambiente de trabalho\cmd.txt deleted successfully.
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
C:\Documents and Settings\Alexandrino\Ambiente de trabalho\cmd.bat deleted successfully.
C:\Documents and Settings\Alexandrino\Ambiente de trabalho\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Configuração IP do Windows
Cache de resolução DNS limpa com êxito.
C:\Documents and Settings\Alexandrino\Ambiente de trabalho\cmd.bat deleted successfully.
C:\Documents and Settings\Alexandrino\Ambiente de trabalho\cmd.txt deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: Administrador
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 216281 bytes

User: Alexandrino
->Temp folder emptied: 48757870 bytes
->Temporary Internet Files folder emptied: 569781955 bytes
->Java cache emptied: 3970213 bytes
->Flash cache emptied: 172513 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66083 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 295392 bytes
->Temporary Internet Files folder emptied: 2476948 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2352312 bytes
%systemroot%\System32 .tmp files removed: 3052 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2535606 bytes
RecycleBin emptied: 2014925446 bytes

Total Files Cleaned = 2.523,00 mb


[EMPTYFLASH]

User: Administrador

User: Alexandrino
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: Administrador

User: Alexandrino
->Java cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.36.1 log created on 03092012_150223

Files\Folders moved on Reboot...
C:\Documents and Settings\Alexandrino\Definições locais\Temporary Internet Files\Content.IE5\PQFQPJFB\topic445432[2].html moved successfully.
C:\Documents and Settings\Alexandrino\Definições locais\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...


4- ComboFix log.
As I said before, a log wasnt created. I cant find it on C:\ and I can't run Search.

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:17 AM

Posted 10 March 2012 - 12:51 AM

Hi relmatos!

Thanks for the information regarding those files, I asked because they looked a bit suspicious, so I wanted to be sure they weren't malicious and that they were files you recognized.

I did not enable any ports as far as I remember.

Would you mind translating what these below mean in Engish?

Gestão Remota do Windows
Gestão Remota do Windows - Modo de Compatibilidade (Entrada de HTTP)

I believe I have a fairly good idea of what it says, but want cofirmation first.

When OTL restarted the computer, I had no way of skipping the windows updates so it started updating. Hope it didnt harm anything.

Okay, don't worry, it's not that big of a deal.

After about 2 hours I gave up and was forced to restart the computer.
I have a file with no name on my Desktop now, the only options I have on it are Cut, Create Shortcut and Delete. On C:\ I have an icon called ComboFix that looks like MyComputer and clicking on it sends me into MyComputer. Weirdest thing I ever saw.

Some infections are pretty stubborn, so ComboFix has a difficult time running.

Could you please attempt to run ComboFix again, and see if you have better luck running it?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 relmatos

relmatos
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 10 March 2012 - 07:43 AM

Gestão Remota do Windows means Windows Remote Management
The second one is Compatibility Mode(HTTP-In)

This time Combofix ran properly.

LOG:

ComboFix 12-03-09.05 - Alexandrino 10-03-2012 12:22:41.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.351.2070.18.1014.510 [GMT 0:00]
Executando de: c:\documents and settings\Alexandrino\Ambiente de trabalho\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB13922$\676873549
.
---- Execuções precedente -------
.
c:\documents and settings\Alexandrino\Application Data\Love
c:\documents and settings\Alexandrino\Application Data\Love\mari0\options.txt
c:\documents and settings\All Users\Application Data\page
c:\documents and settings\All Users\Application Data\page\page.ico
c:\documents and settings\All Users\Application Data\page\page.URL
c:\windows\$NtUninstallKB13922$
c:\windows\$NtUninstallKB13922$\1603627511\@
c:\windows\$NtUninstallKB13922$\1603627511\cfg.ini
c:\windows\$NtUninstallKB13922$\1603627511\Desktop.ini
c:\windows\$NtUninstallKB13922$\1603627511\L\eqnqqyau
c:\windows\$NtUninstallKB13922$\1603627511\oemid
c:\windows\$NtUninstallKB13922$\1603627511\twl.dll
c:\windows\$NtUninstallKB13922$\1603627511\U\00000001.@
c:\windows\$NtUninstallKB13922$\1603627511\U\00000002.@
c:\windows\$NtUninstallKB13922$\1603627511\U\00000004.@
c:\windows\$NtUninstallKB13922$\1603627511\U\80000000.@
c:\windows\$NtUninstallKB13922$\1603627511\U\80000004.@
c:\windows\$NtUninstallKB13922$\1603627511\U\80000032.@
c:\windows\$NtUninstallKB13922$\1603627511\version
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2012-02-10 to 2012-03-10 ))))))))))))))))))))))))))))
.
.
2012-03-10 12:32 . 2012-03-10 12:32 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2012-03-10 12:32 . 2012-03-10 12:32 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2012-03-10 12:32 . 2012-03-10 12:32 8646 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2012-03-10 12:32 . 2012-03-10 12:32 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2012-03-10 12:32 . 2012-03-10 12:32 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2012-03-09 16:11 . 2008-04-14 21:39 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2012-03-09 16:11 . 2008-04-14 21:39 21504 ----a-w- c:\windows\system32\hidserv.dll
2012-03-09 15:27 . 2012-03-09 15:27 6926 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-03-09 15:02 . 2012-03-09 15:02 -------- d-----w- C:\_OTL
2012-03-08 16:17 . 2012-03-08 16:17 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-08 15:18 . 2012-03-08 15:18 -------- d-----w- C:\60a25b777ccc5913bc
2012-03-08 15:06 . 2012-03-08 15:06 -------- d-----w- C:\3ed46b5f2f998850b28343a81d173d
2012-03-07 19:10 . 2012-03-07 19:10 -------- d-----w- c:\windows\system32\wbem\Repository
2012-03-07 19:03 . 2012-03-07 19:05 -------- d-----w- c:\documents and settings\Administrador
2012-03-04 14:05 . 2012-03-04 14:05 -------- d-----w- c:\programas\Ficheiros comuns\Java
2012-03-04 14:05 . 2012-03-04 14:04 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-01 01:40 . 2012-03-01 01:40 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2012-02-29 18:00 . 2012-03-03 17:36 -------- d-----w- c:\programas\Spybot - Search & Destroy
2012-02-29 18:00 . 2012-03-03 17:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-02-24 15:03 . 2012-02-24 15:03 -------- d-----w- c:\programas\pazera-software
2012-02-16 11:30 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-16 11:30 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-11 17:28 . 2001-11-20 16:40 5632 ----a-w- c:\windows\system32\ptpusb.dll
2012-02-11 17:28 . 2008-04-14 21:39 159232 ----a-w- c:\windows\system32\ptpusd.dll
2012-02-11 17:28 . 2008-04-14 00:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2012-02-11 17:28 . 2008-04-14 00:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2012-02-11 17:27 . 2012-02-11 17:27 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-08 16:19 . 2008-04-13 23:51 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-03-04 14:04 . 2010-09-22 17:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-12 17:20 . 2008-04-14 20:07 1860096 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:43 . 2008-04-14 20:40 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-17 19:43 . 2008-04-14 20:39 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:43 . 2008-04-14 20:39 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-16 12:22 . 2008-04-14 20:09 385024 ----a-w- c:\windows\system32\html.iec
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-07-13 . 4E0C8E3649CFAC3036D1998CE16B6F2E . 1572352 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\programas\Windows Media Player\WMPNSCFG.exe" [2009-02-04 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-12 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-12 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-12 141336]
"HDAudDeck"="c:\programas\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-06-05 33628160]
"Adobe Reader Speed Launcher"="c:\programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\programas\Ficheiros comuns\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\programas\Ficheiros comuns\Java\Java Update\jusched.exe" [2012-01-18 254696]
"AVG_TRAY"="c:\programas\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"QuickTime Task"="c:\programas\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\programas\iTunes\iTunesHelper.exe" [2011-06-07 421160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programas\\Vuze\\Azureus.exe"=
"c:\\Programas\\Bonjour\\mDNSResponder.exe"=
"c:\\Programas\\iTunes\\iTunes.exe"=
"c:\\Programas\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Programas\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Programas\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Programas\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Gestão Remota do Windows
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13-09-2010 15:27 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07-09-2010 3:48 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07-09-2010 3:48 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [09-11-2010 22:20 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\programas\AVG\AVG2012\AVGIDSAgent.exe [12-10-2011 6:25 4433248]
R2 avgwd;AVG WatchDog;c:\programas\AVG\AVG2012\avgwdsvc.exe [02-08-2011 6:09 192776]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19-08-2010 20:42 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19-08-2010 20:42 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19-08-2010 20:42 16720]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [22-09-2010 21:57 1374464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-03-2010 12:16 130384]
S3 VSPerfDrv100;Performance Tools Driver 10.0;c:\programas\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [08-12-2009 21:24 48128]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [14-04-2008 20:40 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-03-2010 12:16 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\programas\Microsoft SQL Server\100\Shared\sqladhlp.exe [23-07-2009 3:08 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [30-03-2009 3:09 239336]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [08-12-2010 20:41 691696]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\programas\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [30-03-2009 3:23 366936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
oracleoradb10g_home1isql*plus
mafwboot
usbsermpt
tiwlnsvc
ICAM3NT5
btdriver
mctaskmanager
sscdbus
SilverLink
CDRPDACC
se45mgmt
nvrd64
GENERICDRV
imaservice
s217nd5
tfsndres
cmbatt
MegaSR
intelroam
incdsrv
server
MREMP50
pdlncbas
ARCSOFTVIRTUALCAPTURE
InCDsrvR
pdlnatdl
NtMtlFax
mindretrieve
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2012-03-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programas\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]
.
2012-03-09 c:\windows\Tasks\User_Feed_Synchronization-{B1932D2F-DDFE-4877-A2ED-8CDD61CFBFF3}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://myepisodes.com/views.php
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORFÃOS REMOVIDOS - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
SafeBoot-37832462.sys
SafeBoot-44169337.sys
AddRemove-Steam App 105600 - c:\programas\Steam\steam.exe
AddRemove-{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF} - c:\programas\InstallShield Installation Information\{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}\setup.exe
AddRemove-Dropbox - c:\documents and settings\Alexandrino\Application Data\Dropbox\bin\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-10 12:32
Windows 5.1.2600 Service Pack 3 NTFS
.
Procurando processos ocultos ...
.
Procurando entradas auto inicializáveis ocultas ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\programas\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????
.
Procurando ficheiros/arquivos ocultos ...
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
.
- - - - - - - > 'explorer.exe'(2456)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\programas\AVG\AVG2012\avgcsrvx.exe
c:\programas\Ficheiros comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programas\Bonjour\mDNSResponder.exe
c:\programas\Java\jre6\bin\jqs.exe
c:\programas\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\programas\AVG\AVG2012\avgnsx.exe
c:\programas\AVG\AVG2012\avgemcx.exe
c:\windows\system32\igfxsrvc.exe
c:\programas\RALINK\Common\RalinkRegistryWriter.exe
c:\programas\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\programas\Ficheiros comuns\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\programas\Windows Media Player\WMPNetwk.exe
c:\programas\Ficheiros comuns\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\programas\iPod\bin\iPodService.exe
.
**************************************************************************
.
Tempo para conclusão: 2012-03-10 12:39:19 - Máquina reiniciou
ComboFix-quarantined-files.txt 2012-03-10 12:39
.
Pré-execução: 53.363.499.008 bytes livres
Pós execução: 53.516.800.000 bytes livres
.
- - End Of File - - 3753364FD09AD820A3E2ED6EC49293F8



I should also point out that the computer is running a lot smoother lately

#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:17 AM

Posted 12 March 2012 - 05:11 AM

Hi!

Apologizes for the delay, I've had some connection issues lately.

Thanks for the translation for those two items.

Scanning with MalwareBytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 relmatos

relmatos
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 12 March 2012 - 05:50 PM

Hi again,

I'll post the logs that the applications created:

MBAM:


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.12.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Alexandrino :: ALEXANDR-PC [administrator]

12-03-2012 14:12:40
mbam-log-2012-03-12 (14-12-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 204169
Time elapsed: 5 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


-----------------------

ESTE:

C:\TDSSKiller_Quarantine\08.03.2012_16.14.16\rtkt0000\svc0000\tsk0000.dta a variant of Win32/Rootkit.Kryptik.JV trojan

------------------------

SecurityCheck:

Results of screen317's Security Check version 0.99.31
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

AVG 2012
ESET Online Scanner v3
```````````````````````````````
Anti-malware/Other Utilities Check:

MVPS Hosts File
Java™ 6 Update 20
Java version out of date!
Adobe Flash Player 10.1.53.64 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````


--------------------------------

I disabled AVG before running Eset but AVG only allows me to disable it for 15 minutes max. Since the scanning took over 2 hours, it was re-enabled during the scan.

Once again, thanks for being so helpful.

I'll eagerly await for the next reply.

#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:17 AM

Posted 13 March 2012 - 12:25 AM

Hi relmatos!

I disabled AVG before running Eset but AVG only allows me to disable it for 15 minutes max. Since the scanning took over 2 hours, it was re-enabled during the scan.

Okay, that's not a problem.

Once again, thanks for being so helpful.

:thumbsup: I'm glad to be of assistance. :)

These threat(s) below are currently in Quarantine/System Restore and shall be removed when we clean up our tools later on.

C:\TDSSKiller_Quarantine\08.03.2012_16.14.16\rtkt0000\svc0000\tsk0000.dta a variant of Win32/Rootkit.Kryptik.JV trojan


____________________________________________________

From the looks of your SecurityCheck log, I can see that we have some outdated programs that need to be updated.

Lets address those programs that need updating now!

Your SecurityCheck log indicates that your version of Flash Player is outdated. This is a vulnerability that needs to be addressed. Please remove the outdated version of Flash Player and then install the latest version.

Java Outdated

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform:
    • 32-bit Select: Windows x86 Offline.
    • 64-bit Select: Windows x64.
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u3-windows-i586-s.exe (or jre-7u3-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


NEXT



Update Adobe Reader
Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy
  • Go to Start > Control Panel > Add/Remove Programs
  • Remove ALL instances of Adobe Reader
  • Re-boot your computer as required.
  • Once ALL versions of Adobe Reader have been uninstalled, visit: <<here>> and download the latest version of Adobe Reader
Alternative Option: after uninstalling Adobe Reader, you could try installing Foxit Reader from >here< Foxit Reader has fewer add-ons therefore loads more quickly.



NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    
    :Reg
    
    :Files
    C:\TDSSKiller_Quarantine
    ipconfig /flushdns /c
    :Commands
    [purity]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.


    netsvcs
    drivers32
    hklm\software\clients\startmenuinternet|command /rs
    %systemroot%\*. /rp /s
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push the Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



What outstanding issues (if any) are you still experiencing with your computer?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 relmatos

relmatos
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 13 March 2012 - 07:03 AM

Both applications have been updated.

OTL Fix:

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
========== REGISTRY ==========
========== FILES ==========
C:\TDSSKiller_Quarantine\08.03.2012_16.14.16\rtkt0000\svc0000 folder moved successfully.
C:\TDSSKiller_Quarantine\08.03.2012_16.14.16\rtkt0000 folder moved successfully.
C:\TDSSKiller_Quarantine\08.03.2012_16.14.16 folder moved successfully.
C:\TDSSKiller_Quarantine folder moved successfully.
< ipconfig /flushdns /c >
Configuração IP do Windows
Cache de resolução DNS limpa com êxito.
C:\Documents and Settings\Alexandrino\Ambiente de trabalho\cmd.bat deleted successfully.
C:\Documents and Settings\Alexandrino\Ambiente de trabalho\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: Administrador
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Alexandrino
->Temp folder emptied: 4661621 bytes
->Temporary Internet Files folder emptied: 315996088 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 776 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 6926 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 470 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 306,00 mb


[EMPTYFLASH]

User: Administrador

User: Alexandrino
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.36.1 log created on 03132012_114609

Files\Folders moved on Reboot...
C:\Documents and Settings\Alexandrino\Definições locais\Temporary Internet Files\Content.IE5\VJKDGAFF\topic445432[1].html moved successfully.
C:\Documents and Settings\Alexandrino\Definições locais\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...


--------------------


OTL Scan:

OTL logfile created on: 13-03-2012 11:52:30 - Run 2
OTL by OldTimer - Version 3.2.36.1 Folder = C:\Documents and Settings\Alexandrino\Ambiente de trabalho
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000816 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy

1014,11 Mb Total Physical Memory | 401,80 Mb Available Physical Memory | 39,62% Memory free
2,39 Gb Paging File | 1,84 Gb Available in Paging File | 77,16% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programas
Drive C: | 149,04 Gb Total Space | 49,34 Gb Free Space | 33,10% Space Free | Partition Type: NTFS

Computer Name: ALEXANDR-PC | User Name: Alexandrino | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-03-08 16:22:26 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alexandrino\Ambiente de trabalho\OTL.exe
PRC - [2012-01-24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programas\AVG\AVG2012\avgtray.exe
PRC - [2012-01-18 14:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programas\Ficheiros comuns\Java\Java Update\jusched.exe
PRC - [2011-11-28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programas\AVG\AVG2012\avgnsx.exe
PRC - [2011-10-12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programas\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011-10-10 06:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programas\AVG\AVG2012\avgemcx.exe
PRC - [2011-09-08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programas\AVG\AVG2012\avgrsx.exe
PRC - [2011-08-15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programas\AVG\AVG2012\avgcsrvx.exe
PRC - [2011-08-02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programas\AVG\AVG2012\avgwdsvc.exe
PRC - [2011-05-25 13:06:20 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009-08-18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009-08-18 10:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2008-04-23 10:59:44 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Programas\RALINK\Common\RalinkRegistryWriter.exe
PRC - [2008-04-14 20:39:48 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011-06-06 12:55:34 | 000,301,056 | ---- | M] () -- C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\PDFShell.PTB
MOD - [2010-08-09 23:01:06 | 000,067,872 | ---- | M] () -- C:\Programas\Ficheiros comuns\Apple\Apple Application Support\zlib1.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (usbsermpt)
SRV - File not found [Auto | Stopped] -- -- (tiwlnsvc)
SRV - File not found [Auto | Stopped] -- -- (tfsndres)
SRV - File not found [Auto | Stopped] -- -- (sscdbus)
SRV - File not found [Auto | Stopped] -- -- (SilverLink)
SRV - File not found [Auto | Stopped] -- -- (server)
SRV - File not found [Auto | Stopped] -- -- (se45mgmt)
SRV - File not found [Auto | Stopped] -- -- (s217nd5)
SRV - File not found [Auto | Stopped] -- -- (pdlncbas)
SRV - File not found [Auto | Stopped] -- -- (pdlnatdl)
SRV - File not found [Auto | Stopped] -- -- (oracleoradb10g_home1isql*plus)
SRV - File not found [Auto | Stopped] -- -- (nvrd64)
SRV - File not found [Auto | Stopped] -- -- (NtMtlFax)
SRV - File not found [Auto | Stopped] -- -- (MREMP50)
SRV - File not found [Auto | Stopped] -- -- (mindretrieve)
SRV - File not found [Auto | Stopped] -- -- (MegaSR)
SRV - File not found [Auto | Stopped] -- -- (mctaskmanager)
SRV - File not found [Auto | Stopped] -- -- (mafwboot)
SRV - File not found [Auto | Stopped] -- -- (intelroam)
SRV - File not found [Auto | Stopped] -- -- (InCDsrvR)
SRV - File not found [Auto | Stopped] -- -- (incdsrv)
SRV - File not found [Auto | Stopped] -- -- (imaservice)
SRV - File not found [Auto | Stopped] -- -- (ICAM3NT5)
SRV - File not found [Auto | Stopped] -- -- (helpsvc)
SRV - File not found [Auto | Stopped] -- -- (GENERICDRV)
SRV - File not found [Auto | Stopped] -- -- (cmbatt)
SRV - File not found [Auto | Stopped] -- -- (CDRPDACC)
SRV - File not found [Auto | Stopped] -- -- (btdriver)
SRV - File not found [Auto | Stopped] -- -- (ARCSOFTVIRTUALCAPTURE)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011-10-12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programas\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011-08-02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programas\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011-07-20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programas\Ficheiros comuns\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011-05-25 13:06:20 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011-03-16 09:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Programas\Ficheiros comuns\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009-08-18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008-04-23 10:59:44 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Programas\RALINK\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter)
SRV - [2006-10-26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programas\Ficheiros comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme)
DRV - [2011-10-07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011-10-04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011-09-13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011-08-08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011-07-11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011-07-11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011-07-11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011-07-11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010-12-08 20:41:58 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010-09-22 16:22:44 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009-12-08 21:24:26 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Programas\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys -- (VSPerfDrv100)
DRV - [2009-06-05 07:16:32 | 000,142,336 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009-06-02 08:52:36 | 001,374,464 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009-03-30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2009-03-18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009-02-09 09:52:00 | 000,238,208 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RT2500.sys -- (RT2500)
DRV - [2008-02-14 06:12:00 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2004-08-13 02:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://myepisodes.com/views.php
IE - HKCU\..\SearchScopes,DefaultScope = {E878ADF3-D511-41A4-A39D-2B293C014E1B}
IE - HKCU\..\SearchScopes\{E878ADF3-D511-41A4-A39D-2B293C014E1B}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programas\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programas\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programas\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Programas\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programas\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Programas\AVG\AVG2012\Firefox4\ [2012-02-01 11:45:42 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012-03-03 17:34:43 | 001,050,757 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 31457 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programas\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Programas\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Programas\Ficheiros comuns\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Programas\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programas\Ficheiros comuns\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programas\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC2C60C0-55D1-4D57-A2B8-FC81359654B4}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B738C549-B26B-4E30-B1E7-223EB3FA4E66}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programas\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programas\Ficheiros comuns\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programas\Ficheiros comuns\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (A minha home page actual) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Alexandrino\Definições locais\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Alexandrino\Definições locais\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-09-22 21:44:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: oracleoradb10g_home1isql*plus - File not found
NetSvcs: mafwboot - File not found
NetSvcs: usbsermpt - File not found
NetSvcs: tiwlnsvc - File not found
NetSvcs: ICAM3NT5 - File not found
NetSvcs: btdriver - File not found
NetSvcs: mctaskmanager - File not found
NetSvcs: sscdbus - File not found
NetSvcs: SilverLink - File not found
NetSvcs: CDRPDACC - File not found
NetSvcs: se45mgmt - File not found
NetSvcs: nvrd64 - File not found
NetSvcs: GENERICDRV - File not found
NetSvcs: imaservice - File not found
NetSvcs: s217nd5 - File not found
NetSvcs: tfsndres - File not found
NetSvcs: cmbatt - File not found
NetSvcs: MegaSR - File not found
NetSvcs: intelroam - File not found
NetSvcs: incdsrv - File not found
NetSvcs: server - File not found
NetSvcs: MREMP50 - File not found
NetSvcs: pdlncbas - File not found
NetSvcs: ARCSOFTVIRTUALCAPTURE - File not found
NetSvcs: InCDsrvR - File not found
NetSvcs: pdlnatdl - File not found
NetSvcs: NtMtlFax - File not found
NetSvcs: mindretrieve - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2012-03-13 11:45:33 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Alexandrino\Ambiente de trabalho\OTL.exe
[2012-03-13 11:44:22 | 000,000,000 | ---D | C] -- C:\Programas\Adobe
[2012-03-12 22:51:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alexandrino\Ambiente de trabalho\Clean4
[2012-03-12 14:20:26 | 000,000,000 | ---D | C] -- C:\Programas\ESET
[2012-03-12 14:08:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alexandrino\Application Data\Malwarebytes
[2012-03-12 14:07:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Malwarebytes' Anti-Malware
[2012-03-12 14:07:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012-03-12 14:07:17 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012-03-12 14:07:17 | 000,000,000 | ---D | C] -- C:\Programas\Malwarebytes' Anti-Malware
[2012-03-12 14:00:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alexandrino\Ambiente de trabalho\Clean 3
[2012-03-10 16:12:07 | 000,000,000 | ---D | C] -- C:\Programas\STEAM
[2012-03-10 13:59:59 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012-03-10 12:21:31 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012-03-09 15:37:03 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012-03-09 15:34:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012-03-09 15:34:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012-03-09 15:34:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012-03-09 15:34:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012-03-09 15:34:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-03-09 15:02:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-03-08 16:48:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alexandrino\Ambiente de trabalho\Clean 2
[2012-03-08 15:18:34 | 000,000,000 | ---D | C] -- C:\60a25b777ccc5913bc
[2012-03-08 15:06:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alexandrino\Ambiente de trabalho\Clean 1
[2012-03-08 15:06:33 | 000,000,000 | ---D | C] -- C:\3ed46b5f2f998850b28343a81d173d
[2012-03-07 20:51:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Alexandrino\Menu Iniciar\Programas\Ferramentas administrativas
[2012-03-04 14:05:59 | 000,000,000 | ---D | C] -- C:\Programas\Ficheiros comuns\Java
[2012-02-29 18:00:24 | 000,000,000 | ---D | C] -- C:\Programas\Spybot - Search & Destroy
[2012-02-29 18:00:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012-02-24 15:03:16 | 000,000,000 | ---D | C] -- C:\Programas\pazera-software

========== Files - Modified Within 30 Days ==========

[2012-03-13 11:48:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-03-13 11:44:32 | 000,001,714 | ---- | M] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Adobe Reader X.lnk
[2012-03-13 11:37:31 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-03-13 11:30:56 | 091,663,547 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012-03-12 22:52:00 | 000,073,216 | ---- | M] () -- C:\Documents and Settings\Alexandrino\Definições locais\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-03-12 20:25:50 | 000,000,446 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B1932D2F-DDFE-4877-A2ED-8CDD61CFBFF3}.job
[2012-03-12 14:07:19 | 000,000,756 | ---- | M] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Malwarebytes Anti-Malware.lnk
[2012-03-09 15:37:11 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012-03-09 15:27:11 | 000,629,760 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat
[2012-03-09 15:27:11 | 000,574,196 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012-03-09 15:27:11 | 000,130,224 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat
[2012-03-09 15:27:11 | 000,114,960 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012-03-08 16:22:26 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alexandrino\Ambiente de trabalho\OTL.exe
[2012-03-07 20:45:50 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\Alexandrino\defogger_reenable
[2012-03-07 20:26:01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012-03-07 20:13:20 | 000,006,884 | ---- | M] () -- C:\Documents and Settings\Alexandrino\Ambiente de trabalho\backup.zip
[2012-03-07 20:11:36 | 000,002,868 | ---- | M] () -- C:\Documents and Settings\Alexandrino\Ambiente de trabalho\backup.opml
[2012-03-07 20:11:34 | 000,022,331 | ---- | M] () -- C:\Documents and Settings\Alexandrino\Ambiente de trabalho\backup.htm
[2012-03-03 17:34:43 | 001,050,757 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012-03-03 17:34:43 | 001,050,757 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Cópia (2) de hosts
[2012-02-28 11:42:17 | 000,000,022 | ---- | M] () -- C:\WINDOWS\tpcsd
[2012-02-17 11:18:05 | 000,146,016 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-02-17 00:53:17 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2012-03-13 11:44:32 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Adobe Reader X.lnk
[2012-03-13 11:44:32 | 000,001,714 | ---- | C] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Adobe Reader X.lnk
[2012-03-12 14:07:19 | 000,000,756 | ---- | C] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Malwarebytes Anti-Malware.lnk
[2012-03-09 15:37:11 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012-03-09 15:37:06 | 000,261,856 | RHS- | C] () -- C:\cmldr
[2012-03-09 15:34:57 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012-03-09 15:34:57 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012-03-09 15:34:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012-03-09 15:34:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012-03-09 15:34:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012-03-07 20:45:41 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\Alexandrino\defogger_reenable
[2012-03-07 20:13:20 | 000,006,884 | ---- | C] () -- C:\Documents and Settings\Alexandrino\Ambiente de trabalho\backup.zip
[2012-03-07 20:11:36 | 000,002,868 | ---- | C] () -- C:\Documents and Settings\Alexandrino\Ambiente de trabalho\backup.opml
[2012-03-07 20:11:34 | 000,022,331 | ---- | C] () -- C:\Documents and Settings\Alexandrino\Ambiente de trabalho\backup.htm
[2012-02-28 11:42:17 | 000,000,022 | ---- | C] () -- C:\WINDOWS\tpcsd
[2012-02-16 11:30:13 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012-02-16 11:30:13 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2011-11-07 21:21:42 | 000,203,776 | ---- | C] () -- C:\Documents and Settings\NetworkService\Definições locais\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-02-17 01:13:24 | 000,002,272 | ---- | C] () -- C:\Documents and Settings\LocalService\Definições locais\Application Data\FontCache3.0.0.0.dat
[2011-02-17 01:01:07 | 000,020,992 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010-12-09 00:09:49 | 001,303,088 | ---- | C] () -- C:\Documents and Settings\LocalService\Definições locais\Application Data\WPFFontCache_v0400-S-1-5-21-2025429265-823518204-1177238915-1004-0.dat
[2010-12-09 00:09:45 | 000,160,166 | ---- | C] () -- C:\Documents and Settings\LocalService\Definições locais\Application Data\WPFFontCache_v0400-System.dat
[2010-09-27 15:04:06 | 000,073,216 | ---- | C] () -- C:\Documents and Settings\Alexandrino\Definições locais\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-09-22 22:35:01 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010-09-22 22:33:55 | 000,146,016 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-09-22 21:51:21 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010-09-22 21:51:16 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2010-09-22 21:51:13 | 000,017,584 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010-09-22 21:51:13 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010-09-22 21:46:00 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010-09-22 21:42:19 | 000,021,924 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010-09-22 17:16:25 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010-09-22 17:09:50 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2010-09-22 15:00:28 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll

========== LOP Check ==========

[2012-01-26 11:43:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexandrino\Application Data\AVG2012
[2012-03-12 19:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexandrino\Application Data\Azureus
[2010-12-08 20:46:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexandrino\Application Data\DAEMON Tools Lite
[2012-03-07 18:58:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexandrino\Application Data\Dropbox
[2010-11-01 15:34:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexandrino\Application Data\FileZilla
[2010-09-23 11:16:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexandrino\Application Data\OpenOffice.org
[2011-10-10 10:26:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexandrino\Application Data\Subversion
[2011-10-10 09:54:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexandrino\Application Data\syntevo
[2011-05-26 23:46:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexandrino\Application Data\TerrariaWorldViewer
[2011-11-07 00:54:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexandrino\Application Data\Wizards of the Coast
[2010-09-22 17:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2012-03-08 15:02:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2010-11-27 10:17:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010-11-27 10:22:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010-12-08 20:41:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2012-03-13 11:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010-12-08 21:41:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2011-10-10 09:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\syntevo
[2010-09-22 21:42:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012-03-12 20:25:50 | 000,000,446 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{B1932D2F-DDFE-4877-A2ED-8CDD61CFBFF3}.job

========== Purity Check ==========



========== Custom Scans ==========


< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011-12-16 12:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011-12-16 12:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011-12-16 12:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Programas\Internet Explorer\iexplore.exe" -extoff [2009-03-08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Programas\Internet Explorer\iexplore.exe" [2009-03-08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< %systemroot%\*. /rp /s >

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-03-09 15:27:29

< >

< >

< >

< >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction
[C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 -> Junction
[C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35] -> C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 -> Junction
[C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\WcfSvcHost\v4.0_10.0.0.0__31bf3856ad364e35] -> C:\WINDOWS\WinSxS\MSIL_WcfSvcHost_31bf3856ad364e35_10.0.0.0_x-ww_8f8c98f0 -> Junction

< End of report >

---------------------


Lately the computer has been working fine.
AVG hasnt detected anything and I havent noticed anything wrong with the computer.

#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:17 AM

Posted 14 March 2012 - 08:01 AM

Hi relmatos!

Great! That's glad to hear! I'm glad things are running better.

Enable CD Emulation Driver

If you don't have Defogger on your Desktop anymore, please download a new copy DeFogger to your desktop.

To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.


NEXT:



Your logs appear to be clean, so if you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.



Time for some housekeeping
The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK: ComboFix /Uninstall



NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Commands
    [ClearAllRestorePoints]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



OTL Clean-Up

We Need to Clean Up our Mess
Our work on your machine has left considerable leftovers on your box. Let's clean those up real quick:
  • Reopen Posted Image on your desktop.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


NEXT:



All Clean Speech

===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===



Below I have included a number of recommendations for how to protect your computer against malware infections.


Updated Anti-Virus Program
It's essential that you have an updated anti-virus program running on your computer. You don't want to run more than one as it can cause program conflicts, as well as false positives

You can view an excellent list of Free Security Software programs that has been compiled by GeekstoGo.


Avoid P2P Programs

Remember that no matter how clean the program you're using for peer-to-peer filesharing may be, it offers no guarantees regarding the cleanliness of files you may choose to download. All files available via p2p filesharing carry a high risk, particularly those that offer you illegitimate methods of using legitimate software programs without paying for them. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

If you have any of these programs installed then I highly suggest you uninstall them.

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.


Internet Browsers

Many of the users that I assist here on the forums, ask me which programs they can use to prevent themselves from getting infected again in the future. The best answer I can give you is too practice safe browsing.

Please consider using an alternative browser such as Google Chrome or Opera. They are both much more secure than Internet Explorer, immune to almost all known browser hijackers, and also have great built-in pop-up blockers.

I also suggest you make your Internet Explore more secure.


Make Internet Explorer more secure

  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.



Extra Goodies

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    then consider a password keeper, to keep all your passwords safe.
  • Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • You should run an updated scan with MalwareBytes' Anti-Malware weekly. Instructions are included below:

    • Open Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Check for Updates

  • Be weary of e-mails from unknown senders. Keep the following in mind as well: If it's to good to be true, then it more than likely is.

  • FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for Chrome and Opera.
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    Think Prevention.
    PC Safety and Security--What Do I Need?.
**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Cheers,
SweetTech.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 relmatos

relmatos
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 14 March 2012 - 08:45 AM

Thank you very much for all the help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users