[code] OTS logfile created on: 03/02/2010 12:04:06 - Run 1 OTS by OldTimer - Version 3.1.20.1 Folder = C:\Users\Dr. Cesar\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 66,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 84,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 78,13 Gb Total Space | 63,81 Gb Free Space | 81,67% Space Free | Partition Type: NTFS Drive D: | 219,96 Gb Total Space | 208,45 Gb Free Space | 94,77% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: CONSULTÓRIO Current User Name: Dr. Cesar Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 90 Days [Processes - Safe List] ots.exe -> C:\Users\Dr. Cesar\Desktop\OTS.exe -> [2010/02/03 11:54:26 | 000,632,320 | ---- | M] (OldTimer Tools) avastui.exe -> C:\Arquivos de programas\Alwil Software\Avast5\AvastUI.exe -> [2010/01/28 20:09:31 | 002,757,512 | ---- | M] (ALWIL Software) avastsvc.exe -> C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe -> [2010/01/28 20:09:28 | 000,040,384 | ---- | M] (ALWIL Software) mcsacore.exe -> c:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe -> [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) taskhost.exe -> C:\Windows\System32\taskhost.exe -> [2009/07/13 23:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) explorer.exe -> C:\Windows\explorer.exe -> [2009/07/13 23:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) teatimer.exe -> C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe -> [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) [Modules - Safe List] ots.exe -> C:\Users\Dr. Cesar\Desktop\OTS.exe -> [2010/02/03 11:54:26 | 000,632,320 | ---- | M] (OldTimer Tools) sahook.dll -> c:\Arquivos de programas\McAfee\SiteAdvisor\sahook.dll -> [2009/12/08 13:12:24 | 000,014,544 | ---- | M] (McAfee, Inc.) sspicli.dll -> C:\Windows\System32\sspicli.dll -> [2009/07/13 23:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) sechost.dll -> C:\Windows\System32\sechost.dll -> [2009/07/13 23:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) samcli.dll -> C:\Windows\System32\samcli.dll -> [2009/07/13 23:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) profapi.dll -> C:\Windows\System32\profapi.dll -> [2009/07/13 23:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) netutils.dll -> C:\Windows\System32\netutils.dll -> [2009/07/13 23:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) kernelbase.dll -> C:\Windows\System32\KernelBase.dll -> [2009/07/13 23:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) dwmapi.dll -> C:\Windows\System32\dwmapi.dll -> [2009/07/13 23:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) devobj.dll -> C:\Windows\System32\devobj.dll -> [2009/07/13 23:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) cryptbase.dll -> C:\Windows\System32\cryptbase.dll -> [2009/07/13 23:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) cfgmgr32.dll -> C:\Windows\System32\cfgmgr32.dll -> [2009/07/13 23:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll -> [2009/07/13 23:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) [Win32 Services - Safe List] (Panda Software Controller) Panda Software Controller [Disabled | Stopped] -> -> File not found (OPCDX) OPCDX [Disabled | Stopped] -> -> File not found (0210481265118569mcinstcleanup) McAfee Application Installer Cleanup (0210481265118569) [Auto | Stopped] -> -> File not found (avast! Web Scanner) avast! Web Scanner [On_Demand | Running] -> C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -> [2010/01/28 20:09:28 | 000,040,384 | ---- | M] (ALWIL Software) (avast! Mail Scanner) avast! Mail Scanner [On_Demand | Running] -> C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -> [2010/01/28 20:09:28 | 000,040,384 | ---- | M] (ALWIL Software) (avast! Antivirus) avast! Antivirus [Auto | Running] -> C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -> [2010/01/28 20:09:28 | 000,040,384 | ---- | M] (ALWIL Software) (McAfee SiteAdvisor Service) McAfee SiteAdvisor Service [Auto | Running] -> c:\Arquivos de Programas\McAfee\SiteAdvisor\McSACore.exe -> [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) (WwanSvc) Configuração Automática de WWAN [Disabled | Stopped] -> C:\Windows\System32\wwansvc.dll -> [2009/07/13 23:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) (WbioSrvc) Serviço de Biometria do Windows [On_Demand | Stopped] -> C:\Windows\System32\wbiosrvc.dll -> [2009/07/13 23:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) (Power) Energia [Disabled | Stopped] -> C:\Windows\System32\umpo.dll -> [2009/07/13 23:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) (Themes) Temas [Auto | Running] -> C:\Windows\System32\themeservice.dll -> [2009/07/13 23:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) (sppuinotify) Serviço de Notificação da SPP [On_Demand | Stopped] -> C:\Windows\System32\sppuinotify.dll -> [2009/07/13 23:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) (RpcEptMapper) Mapeador de Ponto de Extremidade RPC [Unknown | Running] -> C:\Windows\System32\RpcEpMap.dll -> [2009/07/13 23:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) (SensrSvc) Brilho Adaptável [On_Demand | Stopped] -> C:\Windows\System32\sensrsvc.dll -> [2009/07/13 23:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) (PeerDistSvc) BranchCache [On_Demand | Stopped] -> C:\Windows\System32\PeerDistSvc.dll -> [2009/07/13 23:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) (PNRPsvc) Protocolo PNRP [Disabled | Stopped] -> C:\Windows\System32\pnrpsvc.dll -> [2009/07/13 23:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) (p2pimsvc) Gerenciador de Identidades de Rede de Mesmo Nível [On_Demand | Stopped] -> C:\Windows\System32\pnrpsvc.dll -> [2009/07/13 23:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) (HomeGroupProvider) Provedor do Grupo Doméstico [Disabled | Stopped] -> C:\Windows\System32\provsvc.dll -> [2009/07/13 23:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) (PNRPAutoReg) Serviço de Publicação de Nome de Computador do PNRP [On_Demand | Stopped] -> C:\Windows\System32\pnrpauto.dll -> [2009/07/13 23:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) (WinDefend) Windows Defender [Auto | Stopped] -> C:\Arquivos de programas\Windows Defender\MpSvc.dll -> [2009/07/13 23:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) (HomeGroupListener) Escuta do Grupo Doméstico [Disabled | Stopped] -> C:\Windows\System32\ListSvc.dll -> [2009/07/13 23:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) (FontCache) Serviço de Cache de Fontes do Windows [On_Demand | Stopped] -> C:\Windows\System32\FntCache.dll -> [2009/07/13 23:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) (Dhcp) Cliente DHCP [Auto | Running] -> C:\Windows\System32\dhcpcore.dll -> [2009/07/13 23:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) (defragsvc) Desfragmentador de Disco [On_Demand | Stopped] -> C:\Windows\System32\defragsvc.dll -> [2009/07/13 23:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) (BDESVC) Serviço de Criptografia de Unidade de Disco BitLocker [Unknown | Stopped] -> C:\Windows\System32\bdesvc.dll -> [2009/07/13 23:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) (AxInstSV) Instalador do ActiveX (AxInstSV) [On_Demand | Stopped] -> C:\Windows\System32\AxInstSv.dll -> [2009/07/13 23:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) (AppIDSvc) Identidade do Aplicativo [On_Demand | Stopped] -> C:\Windows\System32\appidsvc.dll -> [2009/07/13 23:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) (sppsvc) Proteção de Software [Auto | Stopped] -> C:\Windows\System32\sppsvc.exe -> [2009/07/13 23:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) (odserv) Microsoft Office Diagnostics Service [On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2006/10/26 20:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) (ose) Office Source Engine [On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [Driver Services - Safe List] (aswTdi) avast! Network Shield Support [Kernel | System | Running] -> C:\Windows\System32\drivers\aswTdi.sys -> [2010/01/28 19:57:55 | 000,046,672 | ---- | M] (ALWIL Software) (aswSP) aswSP [Kernel | System | Running] -> C:\Windows\System32\drivers\aswSP.sys -> [2010/01/28 19:57:34 | 000,163,280 | ---- | M] (ALWIL Software) (aswRdr) aswRdr [Kernel | System | Running] -> C:\Windows\System32\drivers\aswRdr.sys -> [2010/01/28 19:54:42 | 000,023,376 | ---- | M] (ALWIL Software) (aswMonFlt) aswMonFlt [File_System | Auto | Running] -> C:\Windows\System32\drivers\aswMonFlt.sys -> [2010/01/28 19:54:27 | 000,051,792 | ---- | M] (ALWIL Software) (aswFsBlk) aswFsBlk [File_System | Auto | Running] -> C:\Windows\System32\drivers\aswFsBlk.sys -> [2010/01/28 19:54:05 | 000,019,024 | ---- | M] (ALWIL Software) (cmdide) cmdide [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\cmdide.sys -> [2009/07/13 23:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) (adpahci) adpahci [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\adpahci.sys -> [2009/07/13 23:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) (adp94xx) adp94xx [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\adp94xx.sys -> [2009/07/13 23:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) (amdsbs) amdsbs [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\amdsbs.sys -> [2009/07/13 23:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) (adpu320) adpu320 [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\adpu320.sys -> [2009/07/13 23:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) (arcsas) arcsas [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\arcsas.sys -> [2009/07/13 23:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) (amdsata) amdsata [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\amdsata.sys -> [2009/07/13 23:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) (arc) arc [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\arc.sys -> [2009/07/13 23:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) (amdxata) amdxata [Kernel | Boot | Running] -> C:\Windows\system32\DRIVERS\amdxata.sys -> [2009/07/13 23:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) (aliide) aliide [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\aliide.sys -> [2009/07/13 23:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) (nvstor) nvstor [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\nvstor.sys -> [2009/07/13 23:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) (nvraid) nvraid [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\nvraid.sys -> [2009/07/13 23:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) (nfrd960) nfrd960 [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\nfrd960.sys -> [2009/07/13 23:20:44 | 000,044,624 | ---- | M] (IBM Corporation) (LSI_SAS) LSI_SAS [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\lsi_sas.sys -> [2009/07/13 23:20:37 | 000,089,168 | ---- | M] (LSI Corporation) (iaStorV) iaStorV [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\iaStorV.sys -> [2009/07/13 23:20:36 | 000,332,352 | ---- | M] (Intel Corporation) (MegaSR) MegaSR [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\MegaSR.sys -> [2009/07/13 23:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) (KSecPkg) KSecPkg [Kernel | Boot | Running] -> C:\Windows\System32\Drivers\ksecpkg.sys -> [2009/07/13 23:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation) (LSI_SCSI) LSI_SCSI [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\lsi_scsi.sys -> [2009/07/13 23:20:36 | 000,096,848 | ---- | M] (LSI Corporation) (LSI_FC) LSI_FC [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\lsi_fc.sys -> [2009/07/13 23:20:36 | 000,095,824 | ---- | M] (LSI Corporation) (LSI_SAS2) LSI_SAS2 [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\lsi_sas2.sys -> [2009/07/13 23:20:36 | 000,054,864 | ---- | M] (LSI Corporation) (iirsp) iirsp [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\iirsp.sys -> [2009/07/13 23:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) (megasas) megasas [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\megasas.sys -> [2009/07/13 23:20:36 | 000,030,800 | ---- | M] (LSI Corporation) (hwpolicy) Hardware Policy Driver [Kernel | Boot | Running] -> C:\Windows\System32\drivers\hwpolicy.sys -> [2009/07/13 23:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) (elxstor) elxstor [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\elxstor.sys -> [2009/07/13 23:20:28 | 000,453,712 | ---- | M] (Emulex) (aic78xx) aic78xx [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\djsvs.sys -> [2009/07/13 23:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) (HpSAMD) HpSAMD [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\HpSAMD.sys -> [2009/07/13 23:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) (FsDepends) File System Dependency Minifilter [File_System | On_Demand | Stopped] -> C:\Windows\System32\drivers\fsdepends.sys -> [2009/07/13 23:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) (vsmraid) vsmraid [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\vsmraid.sys -> [2009/07/13 23:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) (vmbus) Barramento da Máquina Virtual [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\vmbus.sys -> [2009/07/13 23:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) (vhdmp) vhdmp [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\vhdmp.sys -> [2009/07/13 23:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) (storflt) Driver de Filtro de Aceleração do Barramento da Máquina Virtual do Disco [Kernel | Boot | Running] -> C:\Windows\system32\DRIVERS\vmstorfl.sys -> [2009/07/13 23:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) (vdrvroot) Driver de enumerador da unidade virtual Microsoft [Kernel | Boot | Running] -> C:\Windows\system32\DRIVERS\vdrvroot.sys -> [2009/07/13 23:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) (storvsc) storvsc [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\storvsc.sys -> [2009/07/13 23:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) (WIMMount) WIMMount [File_System | On_Demand | Stopped] -> C:\Windows\System32\drivers\wimmount.sys -> [2009/07/13 23:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) (viaide) viaide [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\viaide.sys -> [2009/07/13 23:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) (ql2300) ql2300 [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\ql2300.sys -> [2009/07/13 23:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) (rdyboost) ReadyBoost [Kernel | Boot | Running] -> C:\Windows\System32\drivers\rdyboost.sys -> [2009/07/13 23:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) (ql40xx) ql40xx [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\ql40xx.sys -> [2009/07/13 23:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) (SiSRaid4) SiSRaid4 [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\sisraid4.sys -> [2009/07/13 23:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) (pcw) Performance Counters for Windows Driver [Kernel | Boot | Running] -> C:\Windows\System32\drivers\pcw.sys -> [2009/07/13 23:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) (SiSRaid2) SiSRaid2 [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\SiSRaid2.sys -> [2009/07/13 23:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) (stexstor) stexstor [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\stexstor.sys -> [2009/07/13 23:19:04 | 000,021,072 | ---- | M] (Promise Technology) (CNG) CNG [Kernel | Boot | Running] -> C:\Windows\System32\Drivers\cng.sys -> [2009/07/13 23:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) (Brserid) Brother MFC Serial Port Interface Driver (WDM) [Kernel | On_Demand | Stopped] -> C:\Windows\System32\Drivers\Brserid.sys -> [2009/07/13 22:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) (rdpbus) Remote Desktop Device Redirector Bus Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\rdpbus.sys -> [2009/07/13 22:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) (RDPREFMP) Reflector Display Driver used to gain access to graphics data [Kernel | System | Running] -> C:\Windows\System32\drivers\RDPREFMP.sys -> [2009/07/13 22:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) (RasAgileVpn) WAN Miniport (IKEv2) [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\agilevpn.sys -> [2009/07/13 21:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) (WfpLwf) WFP Lightweight Filter [Kernel | System | Running] -> C:\Windows\System32\drivers\wfplwf.sys -> [2009/07/13 21:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) (NdisCap) NDIS Capture LightWeight Filter [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\ndiscap.sys -> [2009/07/13 21:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) (vwifibus) Driver de Barramento WiFi Virtual [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\vwifibus.sys -> [2009/07/13 21:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) (1394ohci) 1394 OHCI Compliant Host Controller [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\1394ohci.sys -> [2009/07/13 21:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) (UmPass) Microsoft UMPass Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\umpass.sys -> [2009/07/13 21:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) (mshidkmdf) Pass-through HID to KMDF Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\mshidkmdf.sys -> [2009/07/13 21:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) (MTConfig) Microsoft Input Configuration Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\MTConfig.sys -> [2009/07/13 21:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) (CompositeBus) Driver Enumerador de Barramento de Composição [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\CompositeBus.sys -> [2009/07/13 21:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) (AppID) Driver IDApl [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\appid.sys -> [2009/07/13 21:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) (scfilter) Driver de Filtro de Classe PnP de Cartão inteligente [Kernel | Unknown | Stopped] -> C:\Windows\System32\drivers\scfilter.sys -> [2009/07/13 21:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) (s3cap) s3cap [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\vms3cap.sys -> [2009/07/13 21:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) (VMBusHID) VMBusHID [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\VMBusHID.sys -> [2009/07/13 21:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) (discache) System Attribute Cache [Kernel | System | Running] -> C:\Windows\System32\drivers\discache.sys -> [2009/07/13 21:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) (HidBatt) HID UPS Battery Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\HidBatt.sys -> [2009/07/13 21:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) (AcpiPmi) ACPI Power Meter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\acpipmi.sys -> [2009/07/13 21:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) (AmdPPM) AMD Processor Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\amdppm.sys -> [2009/07/13 21:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) (hcw85cir) Hauppauge Consumer Infrared Receiver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\hcw85cir.sys -> [2009/07/13 20:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) (BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | On_Demand | Stopped] -> C:\Windows\System32\Drivers\BrUsbMdm.sys -> [2009/07/13 20:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) (BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\Drivers\BrUsbSer.sys -> [2009/07/13 20:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) (BrSerWdm) Brother WDM Serial driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\Drivers\BrSerWdm.sys -> [2009/07/13 20:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) (BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\BrFiltLo.sys -> [2009/07/13 20:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) (BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\BrFiltUp.sys -> [2009/07/13 20:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) (RTL8167) Realtek 8167 NT Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\Rt86win7.sys -> [2009/07/13 20:02:52 | 000,139,776 | ---- | M] (Realtek Corporation ) (b57nd60x) Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\b57nd60x.sys -> [2009/07/13 20:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) (ebdrv) Broadcom NetXtreme II 10 GigE VBD [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\evbdx.sys -> [2009/07/13 20:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) (b06bdrv) Broadcom NetXtreme II VBD [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\bxvbdx.sys -> [2009/07/13 20:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) (secdrv) Security Driver [Kernel | Auto | Running] -> C:\Windows\System32\drivers\secdrv.sys -> [2009/07/13 18:50:20 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) (pavboot) Panda boot driver [File_System | Boot | Running] -> C:\Windows\system32\Drivers\pavboot.sys -> [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) (igfx) igfx [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\igdkmd32.sys -> [2009/06/10 19:19:30 | 004,756,480 | ---- | M] (Intel Corporation) [Registry - Safe List] < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.google.com.br/ -> HKEY_CURRENT_USER\: Main\\"Start Page Redirect Cache" -> http://br.msn.com/?ocid=iehp -> HKEY_CURRENT_USER\: Main\\"Start Page Redirect Cache AcceptLangs" -> pt-br -> HKEY_CURRENT_USER\: Main\\"Start Page Redirect Cache_TIMESTAMP" -> DC 79 16 90 21 8E CA 01 [binary data] -> HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla HKLM\software\mozilla\Firefox\Extensions -> -> HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45} -> C:\Arquivos de Programas\McAfee\SiteAdvisor [C:\PROGRAM FILES\MCAFEE\SITEADVISOR] -> [2010/02/03 11:54:40 | 000,000,000 | ---D | M] < FireFox Extensions [User Folders] > -> < HOSTS File > (761 bytes and 20 lines) -> C:\Windows\System32\drivers\etc\hosts -> Reset Hosts 127.0.0.1 localhost ::1 localhost < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> C:\Arquivos de Programas\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2008/06/11 23:33:16 | 000,075,128 | ---- | M] (Adobe Systems Incorporated) {B164E929-A1B6-4A06-B104-2CD0E90A88FF} [HKLM] -> c:\Arquivos de Programas\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor BHO] -> [2009/11/23 10:26:38 | 000,204,048 | ---- | M] (McAfee, Inc.) < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" [HKLM] -> c:\Arquivos de Programas\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor Toolbar] -> [2009/11/23 10:26:38 | 000,204,048 | ---- | M] (McAfee, Inc.) < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "avast5" -> C:\Arquivos de Programas\Alwil Software\Avast5\AvastUI.exe [C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui] -> [2010/01/28 20:09:31 | 002,757,512 | ---- | M] (ALWIL Software) < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "SpybotSD TeaTimer" -> C:\Arquivos de Programas\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"ConsentPromptBehaviorUser" -> [3] -> File not found \\"ConsentPromptBehaviorAdmin" -> [5] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats < CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> < CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> DhcpNameServer -> 201.17.128.14 201.17.128.15 -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {7F704741-76B8-40BC-B900-FF24F0B017E1}\\DhcpNameServer -> 201.17.128.14 201.17.128.15 (NIC Fast Ethernet PCI-E Realtek Família RTL8101E (NDIS 6.20)) -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> explorer.exe -> C:\Windows\explorer.exe -> [2009/07/13 23:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> SystemPropertiesPerformance.exe -> C:\Windows\System32\SystemPropertiesPerformance.exe -> [2009/07/13 23:14:42 | 000,081,920 | ---- | M] (Microsoft Corporation) /pagefile -> -> File not found *MultiFile Done* -> -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> avldr -> C:\Windows\System32\avldr.dll -> [2008/03/18 16:58:10 | 000,058,672 | ---- | M] (Panda Security, S.L.) < SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found < LSA Security Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> *LSA Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> pku2u -> C:\Windows\System32\pku2u.dll -> [2009/07/13 23:16:12 | 000,186,880 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> Driver de CD-ROM -> "ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found < Drives with AutoRun files > -> -> C:\autoexec.bat [REM Dummy file for NTVDM | ] -> C:\autoexec.bat [ NTFS ] -> [2009/06/10 19:42:20 | 000,000,024 | ---- | M] () < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command -> comfile [open] -> "%1" %* -> exefile [open] -> "%1" %* -> [Registry - Additional Scans - Safe List] < ActiveX StubPath [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ -> {2C7339CF-2B09-4501-B3F3-F3508C9228ED} [StubPath] -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [(default): Themes Setup; IsInstalled: 1] -> {3af36230-a269-11d1-b5bf-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): Offline Browsing Pack; IsInstalled: 1] -> File not found {44BBA855-CC51-11CF-AAFA-00AA00B6015F} [HKLM] -> Reg Error: Key error. [(default): DirectDrawEx; IsInstalled: 1] -> File not found {45ea75a0-a269-11d1-b5bf-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): Internet Explorer Help; IsInstalled: 1] -> File not found {49C187D7-91E1-459E-9759-2925384BD397} [HKLM] -> Reg Error: Key error. [(default): .NET Framework] -> File not found {4f645220-306d-11d2-995d-00c04f98bbc9} [HKLM] -> Reg Error: Key error. [(default): Microsoft Windows Script 5.6; IsInstalled: 1] -> File not found {5fd399c0-a70a-11d1-9948-00c04f98bbc9} [HKLM] -> Reg Error: Key error. [(default): Internet Explorer Setup Tools; IsInstalled: 1] -> File not found {6BF52A52-394A-11d3-B153-00C04F79FAA6} [StubPath] -> %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI [(default): Microsoft Windows Media Player; IsInstalled: 1] -> {6fab99d0-bab8-11d1-994a-00c04f98bbc9} [HKLM] -> Reg Error: Key error. [(default): MSN Site Access; IsInstalled: 1] -> File not found {7790769C-0471-11d2-AF11-00C04FA35D02} [HKLM] -> Reg Error: Key error. [(default): Address Book 7; IsInstalled: 1] -> File not found {7C028AF8-F614-47B3-82DA-BA94E41B1089} [HKLM] -> Reg Error: Key error. [(default): .NET Framework] -> File not found {89820200-ECBD-11cf-8B85-00AA005B4340} [StubPath] -> regsvr32.exe /s /n /i:U shell32.dll [(default): Windows Desktop Update; IsInstalled: 1] -> {89820200-ECBD-11cf-8B85-00AA005B4383} [StubPath] -> C:\Windows\System32\ie4uinit.exe -BaseSettings [(default): Web Platform Customizations; IsInstalled: 1] -> {89B4C1CD-B018-4511-B0A1-5476DBF70820} [StubPath] -> C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install [ComponentID: DOTNETFRAMEWORKS; IsInstalled: 1] -> {9381D8F2-0288-11D0-9501-00AA00B911A5} [HKLM] -> Reg Error: Key error. [(default): Dynamic HTML Data Binding; IsInstalled: 1] -> File not found {C9E9A340-D1F1-11D0-821E-444553540600} [HKLM] -> Reg Error: Key error. [(default): Internet Explorer Core Fonts; IsInstalled: 1] -> File not found {D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> C:\Windows\System32\Macromed\Flash\Flash10d.ocx [(default): Adobe Flash Player; IsInstalled: 01 00 00 00 [binary data]] -> [2009/10/28 01:31:12 | 003,982,240 | R--- | M] (Adobe Systems, Inc.) {de5aed00-a4bf-11d1-9948-00c04f98bbc9} [HKLM] -> Reg Error: Key error. [(default): HTML Help; IsInstalled: 1] -> File not found {E92B03AB-B707-11d2-9CBD-0000F87A369E} [HKLM] -> Reg Error: Key error. [(default): Active Directory Service Interface; IsInstalled: 1] -> File not found AutorunsDisabled [HKLM] -> Reg Error: Key error. [(no name)] -> File not found < ActiveX StubPath [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\ -> {2C7339CF-2B09-4501-B3F3-F3508C9228ED} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found {44BBA840-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found {89820200-ECBD-11cf-8B85-00AA005B4340} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found {89820200-ECBD-11cf-8B85-00AA005B4383} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found {89B4C1CD-B018-4511-B0A1-5476DBF70820} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found >{26923b43-4d38-484f-9b9e-de460746276c} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found >{60B49E34-C7CC-11D0-8953-00A0C90347FF} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found < App Paths [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ -> AcroRd32.exe -> C:\Arquivos de Programas\Adobe\Reader 9.0\Reader\AcroRd32.exe [C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe] -> [2008/06/12 03:47:22 | 000,349,544 | ---- | M] (Adobe Systems Incorporated) AvastUI.exe -> C:\Arquivos de Programas\Alwil Software\Avast5\AvastUI.exe [C:\Program Files\Alwil Software\Avast5\AvastUI.exe] -> [2010/01/28 20:09:31 | 002,757,512 | ---- | M] (ALWIL Software) ccleaner.exe -> C:\Arquivos de Programas\CCleaner\CCleaner.exe [C:\Program Files\CCleaner\ccleaner.exe] -> [2009/07/27 12:36:48 | 001,644,784 | ---- | M] (Piriform Ltd) cmmgr32.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found Cygnus.exe -> C:\Arquivos de Programas\Cygnus\Cygnus.exe [C:\Program Files\Cygnus\Cygnus.exe] -> [2005/10/17 00:08:07 | 000,798,720 | ---- | M] (SoftCircuits) dvdmaker.exe -> C:\Arquivos de Programas\DVD Maker\DVDMaker.exe [%ProgramFiles%\DVD Maker\dvdmaker.exe] -> [2009/07/13 23:14:19 | 001,971,200 | ---- | M] (Microsoft Corporation) excel.exe -> C:\Arquivos de Programas\Microsoft Office\Office12\EXCEL.EXE [C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE] -> [2006/10/27 16:07:36 | 017,891,112 | ---- | M] (Microsoft Corporation) HijackThis.exe -> C:\Arquivos de Programas\Trend Micro\HijackThis\HijackThis.exe [C:\Program Files\Trend Micro\HijackThis\hijackthis.exe] -> [2010/01/11 19:48:01 | 000,396,288 | ---- | M] (Trend Micro Inc.) IEXPLORE.EXE -> C:\Arquivos de Programas\Internet Explorer\iexplore.exe [C:\Program Files\Internet Explorer\IEXPLORE.EXE] -> [2009/07/13 23:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) Iface.exe -> C:\Program Files\Panda Security\Panda Antivirus Pro 2010\Iface.exe [C:\Program Files\Panda Security\Panda Antivirus Pro 2010\Iface.exe] -> File not found install.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found jfL3532.exe -> d:\Jogos\JellyFish\Program\JFL3532.exe [d:\jogos\jellyfish\Program\jfL3532.exe] -> [1998/09/25 12:09:44 | 000,760,832 | ---- | M] (JellyFish AS) mbam.exe -> C:\Arquivos de Programas\Malwarebytes' Anti-Malware\mbam.exe [C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe] -> [2010/01/07 16:07:10 | 001,394,000 | ---- | M] (Malwarebytes Corporation) migwiz.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found mplayer2.exe -> C:\Arquivos de Programas\Windows Media Player\wmplayer.exe [%ProgramFiles%\Windows Media Player\wmplayer.exe] -> [2009/07/13 23:14:47 | 000,164,864 | ---- | M] (Microsoft Corporation) MSACCESS.EXE -> C:\Arquivos de Programas\Microsoft Office\Office12\MSACCESS.EXE [C:\PROGRA~1\MICROS~2\Office12\MSACCESS.EXE] -> [2006/10/27 16:01:34 | 010,371,880 | ---- | M] (Microsoft Corporation) MsoHtmEd.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found msoxmled.exe -> C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE12\MSOXMLED.EXE [C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLED.EXE] -> [2006/10/26 22:41:50 | 000,059,152 | ---- | M] (Microsoft Corporation) MSPUB.EXE -> C:\Arquivos de Programas\Microsoft Office\Office12\MSPUB.EXE [C:\PROGRA~1\MICROS~2\Office12\MSPUB.EXE] -> [2006/10/27 16:04:10 | 009,581,360 | ---- | M] (Microsoft Corporation) ois.exe -> C:\Arquivos de Programas\Microsoft Office\Office12\OIS.EXE [C:\PROGRA~1\MICROS~2\Office12\OIS.EXE] -> [2006/10/26 21:00:08 | 000,274,744 | ---- | M] (Microsoft Corporation) OUTLOOK.EXE -> C:\Arquivos de Programas\Microsoft Office\Office12\OUTLOOK.EXE [C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE] -> [2006/10/27 16:16:48 | 012,813,096 | ---- | M] (Microsoft Corporation) pbrush.exe -> C:\Windows\System32\mspaint.exe [%SystemRoot%\System32\mspaint.exe] -> [2009/07/13 23:14:26 | 006,376,960 | ---- | M] (Microsoft Corporation) powerpnt.exe -> C:\Arquivos de Programas\Microsoft Office\Office12\POWERPNT.EXE [C:\PROGRA~1\MICROS~2\Office12\POWERPNT.EXE] -> [2006/10/27 16:04:06 | 000,465,200 | ---- | M] (Microsoft Corporation) PowerShell.exe -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe [%SystemRoot%\system32\WindowsPowerShell\v1.0\PowerShell.exe] -> [2009/07/13 23:14:24 | 000,452,608 | ---- | M] (Microsoft Corporation) setup.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found SnippingTool.exe -> C:\Windows\System32\SnippingTool.exe [%SystemRoot%\system32\SnippingTool.exe] -> [2009/07/13 23:14:39 | 000,396,288 | ---- | M] (Microsoft Corporation) table30.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found wab.exe -> C:\Arquivos de Programas\Windows Mail\wab.exe [%ProgramFiles%\Windows Mail\wab.exe] -> [2009/07/13 23:14:44 | 000,516,096 | ---- | M] (Microsoft Corporation) wabmig.exe -> C:\Arquivos de Programas\Windows Mail\wabmig.exe [%ProgramFiles%\Windows Mail\wabmig.exe] -> [2009/07/13 23:14:44 | 000,065,536 | ---- | M] (Microsoft Corporation) WhatColor.exe -> C:\Arquivos de Programas\WhatColor\WhatColor.exe [C:\Program Files\WhatColor\WhatColor.exe] -> [2009/08/26 12:30:42 | 000,086,016 | ---- | M] (PEC03713@nifty.ne.jp) Winword.exe -> C:\Arquivos de Programas\Microsoft Office\Office12\WINWORD.EXE [C:\PROGRA~1\MICROS~2\Office12\WINWORD.EXE] -> [2006/10/27 16:23:04 | 000,347,432 | ---- | M] (Microsoft Corporation) wmplayer.exe -> C:\Arquivos de Programas\Windows Media Player\wmplayer.exe [%ProgramFiles%\Windows Media Player\wmplayer.exe] -> [2009/07/13 23:14:47 | 000,164,864 | ---- | M] (Microsoft Corporation) WORDPAD.EXE -> C:\Program Files\Windows NT\Accessories\WORDPAD.EXE ["%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"] -> [2009/07/13 23:14:49 | 004,243,968 | ---- | M] (Microsoft Corporation) WRITE.EXE -> C:\Program Files\Windows NT\Accessories\WORDPAD.EXE ["%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"] -> [2009/07/13 23:14:49 | 004,243,968 | ---- | M] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{00020d75-0000-0000-c000-000000000046}" [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\MLSHEXT.DLL [Microsoft Office Outlook Desktop Icon Handler] -> [2006/10/26 21:55:12 | 000,021,312 | ---- | M] (Microsoft Corporation) "{0006F045-0000-0000-C000-000000000046}" [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OLKFSTUB.DLL [Microsoft Office Outlook Custom Icon Handler] -> [2006/10/26 21:55:44 | 000,254,776 | ---- | M] (Microsoft Corporation) "{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48}" [HKLM] -> Reg Error: Key error. [Contacts folder] -> File not found "{1b24a030-9b20-49bc-97ac-1be4426f9e59}" [HKLM] -> Reg Error: Key error. [ActiveDirectory Folder] -> File not found "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}" [HKLM] -> C:\Arquivos de Programas\Common Files\System\Ole DB\oledb32.dll [Microsoft Data Link] -> [2009/07/13 23:16:12 | 000,864,256 | ---- | M] (Microsoft Corporation) "{2C2577C2-63A7-40e3-9B7F-586602617ECB}" [HKLM] -> Reg Error: Key error. [Explorer Query Band] -> File not found "{34449847-FD14-4fc8-A75A-7432F5181EFB}" [HKLM] -> Reg Error: Key error. [ActiveDirectory Folder] -> File not found "{42042206-2D85-11D3-8CFF-005004838597}" [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\MSOHEVI.DLL [Microsoft Office HTML Icon Handler] -> [2006/10/26 21:12:30 | 000,061,240 | ---- | M] (Microsoft Corporation) "{472083B0-C522-11CF-8763-00608CC02F24}" [HKLM] -> C:\Arquivos de Programas\Alwil Software\Avast5\ashShell.dll [avast] -> [2010/01/28 19:55:06 | 000,073,728 | ---- | M] (ALWIL Software) "{68f32140-2ca3-11d0-acc1-444553540000}" [HKLM] -> C:\Arquivos de Programas\ACD Systems\PicaView\PicaView.dll [PicaView] -> [2001/02/15 18:40:12 | 000,495,616 | ---- | M] (ACD Systems, Ltd.) "{80009818-f38f-4af1-87b5-eadab9433e58}" [HKLM] -> C:\Windows\System32\mf.dll [MF ADTS Property Handler] -> [2009/07/13 23:15:38 | 003,177,984 | ---- | M] (Microsoft Corporation) "{911051fa-c21c-4246-b470-070cd8df6dc4}" [HKLM] -> Reg Error: Key error. [.cab or .zip files] -> File not found "{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" [HKLM] -> C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE12\msoshext.dll [Microsoft Office Metadata Handler] -> [2006/10/26 21:13:06 | 000,932,688 | ---- | M] (Microsoft Corporation) "{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" [HKLM] -> C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE12\msoshext.dll [Microsoft Office Thumbnail Handler] -> [2006/10/26 21:13:06 | 000,932,688 | ---- | M] (Microsoft Corporation) "{C8494E42-ACDD-4739-B0FB-217361E4894F}" [HKLM] -> Reg Error: Key error. [Sam Account Folder] -> File not found "{da67b8ad-e81b-4c70-9b91b417b5e33527}" [HKLM] -> Reg Error: Key error. [Windows Search Shell Service] -> File not found "{E29F9716-5C08-4FCD-955A-119FDB5A522D}" [HKLM] -> Reg Error: Key error. [Sam Account Folder] -> File not found < Desktop WallPaper > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\General -> WallPaper -> C:\Windows\web\Wallpaper\img24.jpg -> BackupWallPaper -> C:\Windows\web\Wallpaper\img24.jpg -> < Drivers32 [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 -> "msacm.l3acm" -> C:\Arquivos de Programas\ACE Mega CoDecS Pack\SystemS\l3codecp.acm [C:\PROGRA~1\ACEMEG~1\SystemS\l3codecp.acm] -> [2003/03/25 06:49:02 | 000,301,568 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) "vidc.cvid" -> C:\Windows\System32\iccvid.dll [iccvid.dll] -> [2009/07/13 23:15:26 | 000,082,944 | ---- | M] (Radius Inc.) < Ext (PreApproved) - [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\ -> {02BCC737-B171-4746-94C9-0D8A0B2C0089} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\IEAWSDC.DLL [Microsoft Office Template and Media Control] -> [2006/10/26 21:12:52 | 000,173,328 | ---- | M] () {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {07B06095-5687-4D13-9E32-12B4259C9813} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\STSUPLD.DLL [STSUpld UploadCtl Class] -> [2006/10/26 20:59:30 | 000,227,128 | ---- | M] (Microsoft Corporation) {166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {233C1507-6A77-46A4-9443-F871F945D258} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {3E4D4F1C-2AEE-11D1-9D3D-00C04FC30DF6} [HKLM] -> C:\Windows\System32\oleprn.dll [oleprn Class] -> [2009/07/13 23:16:12 | 000,107,008 | ---- | M] (Microsoft Corporation) {3FD37ABB-F90A-4DE5-AA38-179629E64C2F} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSSUPP.DLL [SharePoint Spreadsheet Launcher] -> [2006/10/26 20:59:30 | 000,140,608 | ---- | M] (Microsoft Corporation) {4063BE15-3B08-470D-A0D5-B37161CFFD69} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {435899C9-44AB-11D1-AF00-080036234103} [HKLM] -> C:\Windows\System32\oleprn.dll [DSPrintQueue Class] -> [2009/07/13 23:16:12 | 000,107,008 | ---- | M] (Microsoft Corporation) {4F664F91-FF01-11D0-8AED-00C04FD7B597} [HKLM] -> C:\Windows\System32\oleprn.dll [OleSNMP Class] -> [2009/07/13 23:16:12 | 000,107,008 | ---- | M] (Microsoft Corporation) {62B4D041-4667-40B6-BB50-4BC0A5043A73} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSSUPP.DLL [SharePoint Export Database Launcher] -> [2006/10/26 20:59:30 | 000,140,608 | ---- | M] (Microsoft Corporation) {65303443-AD66-11D1-9D65-00C04FC30DF6} [HKLM] -> C:\Windows\System32\oleprn.dll [OleCvt Class] -> [2009/07/13 23:16:12 | 000,107,008 | ---- | M] (Microsoft Corporation) {65BCBEE4-7728-41A0-97BE-14E1CAE36AAE} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\STSLIST.DLL [Microsoft Office List 12.0] -> [2006/10/27 15:57:08 | 002,330,968 | ---- | M] (Microsoft Corporation) {760C4B83-E211-11D2-BF3E-00805FBE84A6} [HKLM] -> C:\Windows\System32\msnetobj.dll [Windows Media Services DRM Storage object] -> [2009/07/13 23:15:46 | 000,265,216 | ---- | M] (Microsoft Corporation) {884e2049-217d-11da-b2a4-000e7bbb2b09} [HKLM] -> C:\Windows\System32\CertEnrollCtrl.exe [X509 Enrollment WebClassFactory] -> [2009/07/13 23:14:13 | 000,067,072 | ---- | M] (Microsoft Corporation) {884e2051-217d-11da-b2a4-000e7bbb2b09} [HKLM] -> C:\Windows\System32\CertEnroll.dll [X509 Machine Enrollment Factory] -> [2009/07/13 23:15:01 | 001,320,960 | ---- | M] (Microsoft Corporation) {88d969c0-f192-11d4-a65f-0040963251e5} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {88d969c1-f192-11d4-a65f-0040963251e5} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {88d969c2-f192-11d4-a65f-0040963251e5} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {88d969c3-f192-11d4-a65f-0040963251e5} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {88d969c4-f192-11d4-a65f-0040963251e5} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {88d969c5-f192-11d4-a65f-0040963251e5} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {8E4062D9-FE1B-4b9e-AA16-5E8EEF68F48E} [HKLM] -> C:\Windows\System32\RegCtrl.dll [Registration Control] -> [2009/07/13 23:16:13 | 000,041,472 | ---- | M] (Microsoft Corporation) {9203C2CB-1DC1-482D-967E-597AFF270F0D} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSSUPP.DLL [SharePoint OpenDocuments Class] -> [2006/10/26 20:59:30 | 000,140,608 | ---- | M] (Microsoft Corporation) {92337A8C-E11D-11D0-BE48-00C04FC30DF6} [HKLM] -> C:\Windows\System32\oleprn.dll [prturl Class] -> [2009/07/13 23:16:12 | 000,107,008 | ---- | M] (Microsoft Corporation) {9F9C4924-C3F3-4459-A396-9E9E0D8B83D1} [HKLM] -> Reg Error: Key error. [SharePoint OpenDocuments Class] -> File not found {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} [HKLM] -> C:\Windows\System32\msnetobj.dll [RMGetLicense Class] -> [2009/07/13 23:15:46 | 000,265,216 | ---- | M] (Microsoft Corporation) {BDEADE3E-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSCLT.DLL [OWSClientEventSubscription Class] -> [2006/10/26 20:59:32 | 000,798,520 | ---- | M] (Microsoft Corporation) {BDEADE3F-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSCLT.DLL [OWSClientMiscApis Class] -> [2006/10/26 20:59:32 | 000,798,520 | ---- | M] (Microsoft Corporation) {BDEADE40-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSCLT.DLL [OWSClientCommentThread Class] -> [2006/10/26 20:59:32 | 000,798,520 | ---- | M] (Microsoft Corporation) {BDEADE42-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSCLT.DLL [OWSClientComment Class] -> [2006/10/26 20:59:32 | 000,798,520 | ---- | M] (Microsoft Corporation) {BDEADE43-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSCLT.DLL [OWSBrowserUI Class] -> [2006/10/26 20:59:32 | 000,798,520 | ---- | M] (Microsoft Corporation) {BDEADE98-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSCLT.DLL [OWS Post Data] -> [2006/10/26 20:59:32 | 000,798,520 | ---- | M] (Microsoft Corporation) {BDEADE9E-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSCLT.DLL [SharePoint Spreadsheet Launcher] -> [2006/10/26 20:59:32 | 000,798,520 | ---- | M] (Microsoft Corporation) {BDEADEB3-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSCLT.DLL [Web Discussions] -> [2006/10/26 20:59:32 | 000,798,520 | ---- | M] (Microsoft Corporation) {BDEADEB4-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSCLT.DLL [Web Discussions] -> [2006/10/26 20:59:32 | 000,798,520 | ---- | M] (Microsoft Corporation) {BDEADEB5-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSCLT.DLL [Web Discussions] -> [2006/10/26 20:59:32 | 000,798,520 | ---- | M] (Microsoft Corporation) {BDEADEB7-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSCLT.DLL [OWSDiscussionServers Class] -> [2006/10/26 20:59:32 | 000,798,520 | ---- | M] (Microsoft Corporation) {BDEADEB8-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSCLT.DLL [OWSClientCollaboration Class] -> [2006/10/26 20:59:32 | 000,798,520 | ---- | M] (Microsoft Corporation) {BDEADEDA-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSCLT.DLL [OSE.Discussion] -> [2006/10/26 20:59:32 | 000,798,520 | ---- | M] (Microsoft Corporation) {BDEADEDB-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSCLT.DLL [OSE.Discussions] -> [2006/10/26 20:59:32 | 000,798,520 | ---- | M] (Microsoft Corporation) {BDEADEDC-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSCLT.DLL [OSE.DiscussionServer] -> [2006/10/26 20:59:32 | 000,798,520 | ---- | M] (Microsoft Corporation) {BDEADEDD-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSCLT.DLL [OSE.DiscussionServers] -> [2006/10/26 20:59:32 | 000,798,520 | ---- | M] (Microsoft Corporation) {BDEADEDE-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSCLT.DLL [OSE Global Class] -> [2006/10/26 20:59:32 | 000,798,520 | ---- | M] (Microsoft Corporation) {BDEADEE0-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSCLT.DLL [OWSDiscussionBar Class] -> [2006/10/26 20:59:32 | 000,798,520 | ---- | M] (Microsoft Corporation) {BDEADEF2-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> Reg Error: Key error. [SharePoint OpenDocuments Class] -> File not found {BDEADEF4-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> Reg Error: Key error. [SharePoint Stssync Handler] -> File not found {BDEADEF5-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSSUPP.DLL [SharePoint Stssync Handler] -> [2006/10/26 20:59:30 | 000,140,608 | ---- | M] (Microsoft Corporation) {C3701884-B39B-11D1-9D68-00C04FC30DF6} [HKLM] -> C:\Windows\System32\oleprn.dll [OleInstall Class] -> [2009/07/13 23:16:12 | 000,107,008 | ---- | M] (Microsoft Corporation) {C9712B19-838B-45A5-ABF2-9A315DDDED50} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\AUTHZAX.DLL [Microsoft Office 12 Authorization Control] -> [2006/10/26 21:12:26 | 000,053,576 | ---- | M] (Microsoft Corporation) {CA8A9780-280D-11CF-A24D-444553540000} [HKLM] -> C:\Arquivos de Programas\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll [Adobe PDF Reader] -> [2008/06/11 23:33:52 | 000,660,840 | ---- | M] (Adobe Systems, Inc.) {CDEC13B2-0B3C-400E-B909-E27EE89C6799} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\STSUPLD.DLL [STSUpld CopyCtl Class] -> [2006/10/26 20:59:30 | 000,227,128 | ---- | M] (Microsoft Corporation) {CFCDAA03-8BE4-11cf-B84B-0020AFBBCCFA} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {D27CDB6E-AE6D-11cf-96B8-444553540000} [HKLM] -> C:\Windows\System32\Macromed\Flash\Flash10d.ocx [Shockwave Flash Object] -> [2009/10/28 01:31:12 | 003,982,240 | R--- | M] (Adobe Systems, Inc.) {E543A17A-F212-49C0-B63D-BF09B460250E} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\oisctrl.dll [OISClientLauncher Class] -> [2006/10/26 21:00:04 | 000,023,392 | ---- | M] (Microsoft Corporation) {E7339A62-0E31-4A5E-BA3D-F2FEDFBF8BE5} [HKLM] -> C:\Arquivos de Programas\Common Files\microsoft shared\Portal\PortalConnectCore.dll [PersonalSite Class] -> [2006/10/26 22:30:44 | 000,482,088 | ---- | M] () < Ext (Settings) - [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\ -> {02BCC737-B171-4746-94C9-0D8A0B2C0089} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\IEAWSDC.DLL [Microsoft Office Template and Media Control] -> [2006/10/26 21:12:52 | 000,173,328 | ---- | M] () {07B06095-5687-4D13-9E32-12B4259C9813} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\STSUPLD.DLL [STSUpld UploadCtl Class] -> [2006/10/26 20:59:30 | 000,227,128 | ---- | M] (Microsoft Corporation) {0E5F0222-96B9-11D3-8997-00104BD12D94} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} [HKLM] -> c:\Arquivos de Programas\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor Toolbar] -> [2009/11/23 10:26:38 | 000,204,048 | ---- | M] (McAfee, Inc.) {18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> C:\Arquivos de Programas\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2008/06/11 23:33:16 | 000,075,128 | ---- | M] (Adobe Systems Incorporated) {3E4D4F1C-2AEE-11D1-9D3D-00C04FC30DF6} [HKLM] -> C:\Windows\System32\oleprn.dll [oleprn Class] -> [2009/07/13 23:16:12 | 000,107,008 | ---- | M] (Microsoft Corporation) {3FD37ABB-F90A-4DE5-AA38-179629E64C2F} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSSUPP.DLL [SharePoint Spreadsheet Launcher] -> [2006/10/26 20:59:30 | 000,140,608 | ---- | M] (Microsoft Corporation) {435899C9-44AB-11D1-AF00-080036234103} [HKLM] -> C:\Windows\System32\oleprn.dll [DSPrintQueue Class] -> [2009/07/13 23:16:12 | 000,107,008 | ---- | M] (Microsoft Corporation) {4F664F91-FF01-11D0-8AED-00C04FD7B597} [HKLM] -> C:\Windows\System32\oleprn.dll [OleSNMP Class] -> [2009/07/13 23:16:12 | 000,107,008 | ---- | M] (Microsoft Corporation) {53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {62B4D041-4667-40B6-BB50-4BC0A5043A73} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSSUPP.DLL [SharePoint Export Database Launcher] -> [2006/10/26 20:59:30 | 000,140,608 | ---- | M] (Microsoft Corporation) {65303443-AD66-11D1-9D65-00C04FC30DF6} [HKLM] -> C:\Windows\System32\oleprn.dll [OleCvt Class] -> [2009/07/13 23:16:12 | 000,107,008 | ---- | M] (Microsoft Corporation) {65BCBEE4-7728-41A0-97BE-14E1CAE36AAE} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\STSLIST.DLL [Microsoft Office List 12.0] -> [2006/10/27 15:57:08 | 002,330,968 | ---- | M] (Microsoft Corporation) {760C4B83-E211-11D2-BF3E-00805FBE84A6} [HKLM] -> C:\Windows\System32\msnetobj.dll [Windows Media Services DRM Storage object] -> [2009/07/13 23:15:46 | 000,265,216 | ---- | M] (Microsoft Corporation) {884E2049-217D-11DA-B2A4-000E7BBB2B09} [HKLM] -> C:\Windows\System32\CertEnrollCtrl.exe [X509 Enrollment WebClassFactory] -> [2009/07/13 23:14:13 | 000,067,072 | ---- | M] (Microsoft Corporation) {884E2051-217D-11DA-B2A4-000E7BBB2B09} [HKLM] -> C:\Windows\System32\CertEnroll.dll [X509 Machine Enrollment Factory] -> [2009/07/13 23:15:01 | 001,320,960 | ---- | M] (Microsoft Corporation) {9203C2CB-1DC1-482D-967E-597AFF270F0D} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSSUPP.DLL [SharePoint OpenDocuments Class] -> [2006/10/26 20:59:30 | 000,140,608 | ---- | M] (Microsoft Corporation) {92337A8C-E11D-11D0-BE48-00C04FC30DF6} [HKLM] -> C:\Windows\System32\oleprn.dll [prturl Class] -> [2009/07/13 23:16:12 | 000,107,008 | ---- | M] (Microsoft Corporation) {9F9C4924-C3F3-4459-A396-9E9E0D8B83D1} [HKLM] -> Reg Error: Key error. [SharePoint OpenDocuments Class] -> File not found {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} [HKLM] -> C:\Windows\System32\msnetobj.dll [RMGetLicense Class] -> [2009/07/13 23:15:46 | 000,265,216 | ---- | M] (Microsoft Corporation) {B164E929-A1B6-4A06-B104-2CD0E90A88FF} [HKLM] -> c:\Arquivos de Programas\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor BHO] -> [2009/11/23 10:26:38 | 000,204,048 | ---- | M] (McAfee, Inc.) {BDEADE3E-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSCLT.DLL [OWSClientEventSubscription Class] -> [2006/10/26 20:59:32 | 000,798,520 | ---- | M] (Microsoft Corporation) {BDEADE3F-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSCLT.DLL [OWSClientMiscApis Class] -> [2006/10/26 20:59:32 | 000,798,520 | ---- | M] (Microsoft Corporation) {BDEADE40-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSCLT.DLL [OWSClientCommentThread Class] -> [2006/10/26 20:59:32 | 000,798,520 | ---- | M] (Microsoft Corporation) {BDEADE42-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSCLT.DLL [OWSClientComment Class] -> [2006/10/26 20:59:32 | 000,798,520 | ---- | M] (Microsoft Corporation) {BDEADE43-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSCLT.DLL [OWSBrowserUI Class] -> [2006/10/26 20:59:32 | 000,798,520 | ---- | M] (Microsoft Corporation) {BDEADE98-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSCLT.DLL [OWS Post Data] -> [2006/10/26 20:59:32 | 000,798,520 | ---- | M] (Microsoft Corporation) {BDEADE9E-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSCLT.DLL [SharePoint Spreadsheet Launcher] -> [2006/10/26 20:59:32 | 000,798,520 | ---- | M] (Microsoft Corporation) {BDEADEB3-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSCLT.DLL [Web Discussions] -> [2006/10/26 20:59:32 | 000,798,520 | ---- | M] (Microsoft Corporation) {BDEADEB4-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSCLT.DLL [Web Discussions] -> [2006/10/26 20:59:32 | 000,798,520 | ---- | M] (Microsoft Corporation) {BDEADEB5-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSCLT.DLL [Web Discussions] -> [2006/10/26 20:59:32 | 000,798,520 | ---- | M] (Microsoft Corporation) {BDEADEB7-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSCLT.DLL [OWSDiscussionServers Class] -> [2006/10/26 20:59:32 | 000,798,520 | ---- | M] (Microsoft Corporation) {BDEADEB8-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSCLT.DLL [OWSClientCollaboration Class] -> [2006/10/26 20:59:32 | 000,798,520 | ---- | M] (Microsoft Corporation) {BDEADEDA-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSCLT.DLL [OSE.Discussion] -> [2006/10/26 20:59:32 | 000,798,520 | ---- | M] (Microsoft Corporation) {BDEADEDB-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSCLT.DLL [OSE.Discussions] -> [2006/10/26 20:59:32 | 000,798,520 | ---- | M] (Microsoft Corporation) {BDEADEDC-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSCLT.DLL [OSE.DiscussionServer] -> [2006/10/26 20:59:32 | 000,798,520 | ---- | M] (Microsoft Corporation) {BDEADEDD-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSCLT.DLL [OSE.DiscussionServers] -> [2006/10/26 20:59:32 | 000,798,520 | ---- | M] (Microsoft Corporation) {BDEADEDE-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSCLT.DLL [OSE Global Class] -> [2006/10/26 20:59:32 | 000,798,520 | ---- | M] (Microsoft Corporation) {BDEADEE0-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSCLT.DLL [OWSDiscussionBar Class] -> [2006/10/26 20:59:32 | 000,798,520 | ---- | M] (Microsoft Corporation) {BDEADEF2-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> Reg Error: Key error. [SharePoint OpenDocuments Class] -> File not found {BDEADEF4-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> Reg Error: Key error. [SharePoint Stssync Handler] -> File not found {BDEADEF5-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSSUPP.DLL [SharePoint Stssync Handler] -> [2006/10/26 20:59:30 | 000,140,608 | ---- | M] (Microsoft Corporation) {C3701884-B39B-11D1-9D68-00C04FC30DF6} [HKLM] -> C:\Windows\System32\oleprn.dll [OleInstall Class] -> [2009/07/13 23:16:12 | 000,107,008 | ---- | M] (Microsoft Corporation) {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} [HKLM] -> C:\Windows\opuc.dll [Office Update Installation Engine] -> [2009/08/10 17:30:12 | 000,524,288 | ---- | M] (Microsoft Corporation) {C9712B19-838B-45A5-ABF2-9A315DDDED50} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\AUTHZAX.DLL [Microsoft Office 12 Authorization Control] -> [2006/10/26 21:12:26 | 000,053,576 | ---- | M] (Microsoft Corporation) {CDEC13B2-0B3C-400E-B909-E27EE89C6799} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\STSUPLD.DLL [STSUpld CopyCtl Class] -> [2006/10/26 20:59:30 | 000,227,128 | ---- | M] (Microsoft Corporation) {D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> C:\Windows\System32\Macromed\Flash\Flash10d.ocx [Shockwave Flash Object] -> [2009/10/28 01:31:12 | 003,982,240 | R--- | M] (Adobe Systems, Inc.) {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {E543A17A-F212-49C0-B63D-BF09B460250E} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\oisctrl.dll [OISClientLauncher Class] -> [2006/10/26 21:00:04 | 000,023,392 | ---- | M] (Microsoft Corporation) {E7339A62-0E31-4A5E-BA3D-F2FEDFBF8BE5} [HKLM] -> C:\Arquivos de Programas\Common Files\microsoft shared\Portal\PortalConnectCore.dll [PersonalSite Class] -> [2006/10/26 22:30:44 | 000,482,088 | ---- | M] () {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found < Ext (Stats) - [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\ -> {02BCC737-B171-4746-94C9-0D8A0B2C0089} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\IEAWSDC.DLL [Microsoft Office Template and Media Control] -> [2006/10/26 21:12:52 | 000,173,328 | ---- | M] () {0468C085-CA5B-11D0-AF08-00609797F0E0} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OUTLCTL.DLL [Outlook Today's Data-binding control] -> [2006/10/27 16:16:40 | 000,138,512 | ---- | M] () {07B06095-5687-4D13-9E32-12B4259C9813} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\STSUPLD.DLL [STSUpld UploadCtl Class] -> [2006/10/26 20:59:30 | 000,227,128 | ---- | M] (Microsoft Corporation) {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {0E5F0222-96B9-11D3-8997-00104BD12D94} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {12A66224-5E8A-4679-8941-0B9B960BF5EA} [HKLM] -> C:\Windows\System32\wuwebv.dll [VistaWUWebControl Class] -> [2009/07/13 23:16:21 | 000,164,352 | ---- | M] (Microsoft Corporation) {18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> C:\Arquivos de Programas\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2008/06/11 23:33:16 | 000,075,128 | ---- | M] (Adobe Systems Incorporated) {3E4D4F1C-2AEE-11D1-9D3D-00C04FC30DF6} [HKLM] -> C:\Windows\System32\oleprn.dll [oleprn Class] -> [2009/07/13 23:16:12 | 000,107,008 | ---- | M] (Microsoft Corporation) {3FD37ABB-F90A-4DE5-AA38-179629E64C2F} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSSUPP.DLL [SharePoint Spreadsheet Launcher] -> [2006/10/26 20:59:30 | 000,140,608 | ---- | M] (Microsoft Corporation) {435899C9-44AB-11D1-AF00-080036234103} [HKLM] -> C:\Windows\System32\oleprn.dll [DSPrintQueue Class] -> [2009/07/13 23:16:12 | 000,107,008 | ---- | M] (Microsoft Corporation) {4F664F91-FF01-11D0-8AED-00C04FD7B597} [HKLM] -> C:\Windows\System32\oleprn.dll [OleSNMP Class] -> [2009/07/13 23:16:12 | 000,107,008 | ---- | M] (Microsoft Corporation) {53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {62B4D041-4667-40B6-BB50-4BC0A5043A73} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSSUPP.DLL [SharePoint Export Database Launcher] -> [2006/10/26 20:59:30 | 000,140,608 | ---- | M] (Microsoft Corporation) {65303443-AD66-11D1-9D65-00C04FC30DF6} [HKLM] -> C:\Windows\System32\oleprn.dll [OleCvt Class] -> [2009/07/13 23:16:12 | 000,107,008 | ---- | M] (Microsoft Corporation) {65BCBEE4-7728-41A0-97BE-14E1CAE36AAE} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\STSLIST.DLL [Microsoft Office List 12.0] -> [2006/10/27 15:57:08 | 002,330,968 | ---- | M] (Microsoft Corporation) {694FAF81-2A8F-4E88-B111-347B4A48F677} [HKLM] -> C:\Windows\Downloaded Program Files\PCPitstop3D.dll [Perf Class] -> File not found {760C4B83-E211-11D2-BF3E-00805FBE84A6} [HKLM] -> C:\Windows\System32\msnetobj.dll [Windows Media Services DRM Storage object] -> [2009/07/13 23:15:46 | 000,265,216 | ---- | M] (Microsoft Corporation) {884E2049-217D-11DA-B2A4-000E7BBB2B09} [HKLM] -> C:\Windows\System32\CertEnrollCtrl.exe [X509 Enrollment WebClassFactory] -> [2009/07/13 23:14:13 | 000,067,072 | ---- | M] (Microsoft Corporation) {884E2051-217D-11DA-B2A4-000E7BBB2B09} [HKLM] -> C:\Windows\System32\CertEnroll.dll [X509 Machine Enrollment Factory] -> [2009/07/13 23:15:01 | 001,320,960 | ---- | M] (Microsoft Corporation) {9203C2CB-1DC1-482D-967E-597AFF270F0D} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSSUPP.DLL [SharePoint OpenDocuments Class] -> [2006/10/26 20:59:30 | 000,140,608 | ---- | M] (Microsoft Corporation) {92337A8C-E11D-11D0-BE48-00C04FC30DF6} [HKLM] -> C:\Windows\System32\oleprn.dll [prturl Class] -> [2009/07/13 23:16:12 | 000,107,008 | ---- | M] (Microsoft Corporation) {9F9C4924-C3F3-4459-A396-9E9E0D8B83D1} [HKLM] -> Reg Error: Key error. [SharePoint OpenDocuments Class] -> File not found {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} [HKLM] -> C:\Windows\System32\msnetobj.dll [RMGetLicense Class] -> [2009/07/13 23:15:46 | 000,265,216 | ---- | M] (Microsoft Corporation) {BDEADE3E-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSCLT.DLL [OWSClientEventSubscription Class] -> [2006/10/26 20:59:32 | 000,798,520 | ---- | M] (Microsoft Corporation) {BDEADE3F-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSCLT.DLL [OWSClientMiscApis Class] -> [2006/10/26 20:59:32 | 000,798,520 | ---- | M] (Microsoft Corporation) {BDEADE40-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSCLT.DLL [OWSClientCommentThread Class] -> [2006/10/26 20:59:32 | 000,798,520 | ---- | M] (Microsoft Corporation) {BDEADE42-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSCLT.DLL [OWSClientComment Class] -> [2006/10/26 20:59:32 | 000,798,520 | ---- | M] (Microsoft Corporation) {BDEADE43-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSCLT.DLL [OWSBrowserUI Class] -> [2006/10/26 20:59:32 | 000,798,520 | ---- | M] (Microsoft Corporation) {BDEADE98-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSCLT.DLL [OWS Post Data] -> [2006/10/26 20:59:32 | 000,798,520 | ---- | M] (Microsoft Corporation) {BDEADE9E-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSCLT.DLL [SharePoint Spreadsheet Launcher] -> [2006/10/26 20:59:32 | 000,798,520 | ---- | M] (Microsoft Corporation) {BDEADEB3-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSCLT.DLL [Web Discussions] -> [2006/10/26 20:59:32 | 000,798,520 | ---- | M] (Microsoft Corporation) {BDEADEB4-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSCLT.DLL [Web Discussions] -> [2006/10/26 20:59:32 | 000,798,520 | ---- | M] (Microsoft Corporation) {BDEADEB5-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSCLT.DLL [Web Discussions] -> [2006/10/26 20:59:32 | 000,798,520 | ---- | M] (Microsoft Corporation) {BDEADEB7-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSCLT.DLL [OWSDiscussionServers Class] -> [2006/10/26 20:59:32 | 000,798,520 | ---- | M] (Microsoft Corporation) {BDEADEB8-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSCLT.DLL [OWSClientCollaboration Class] -> [2006/10/26 20:59:32 | 000,798,520 | ---- | M] (Microsoft Corporation) {BDEADEDA-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSCLT.DLL [OSE.Discussion] -> [2006/10/26 20:59:32 | 000,798,520 | ---- | M] (Microsoft Corporation) {BDEADEDB-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSCLT.DLL [OSE.Discussions] -> [2006/10/26 20:59:32 | 000,798,520 | ---- | M] (Microsoft Corporation) {BDEADEDC-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSCLT.DLL [OSE.DiscussionServer] -> [2006/10/26 20:59:32 | 000,798,520 | ---- | M] (Microsoft Corporation) {BDEADEDD-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSCLT.DLL [OSE.DiscussionServers] -> [2006/10/26 20:59:32 | 000,798,520 | ---- | M] (Microsoft Corporation) {BDEADEDE-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSCLT.DLL [OSE Global Class] -> [2006/10/26 20:59:32 | 000,798,520 | ---- | M] (Microsoft Corporation) {BDEADEE0-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSCLT.DLL [OWSDiscussionBar Class] -> [2006/10/26 20:59:32 | 000,798,520 | ---- | M] (Microsoft Corporation) {BDEADEF2-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> Reg Error: Key error. [SharePoint OpenDocuments Class] -> File not found {BDEADEF4-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> Reg Error: Key error. [SharePoint Stssync Handler] -> File not found {BDEADEF5-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\OWSSUPP.DLL [SharePoint Stssync Handler] -> [2006/10/26 20:59:30 | 000,140,608 | ---- | M] (Microsoft Corporation) {C3701884-B39B-11D1-9D68-00C04FC30DF6} [HKLM] -> C:\Windows\System32\oleprn.dll [OleInstall Class] -> [2009/07/13 23:16:12 | 000,107,008 | ---- | M] (Microsoft Corporation) {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} [HKLM] -> C:\Windows\opuc.dll [Office Update Installation Engine] -> [2009/08/10 17:30:12 | 000,524,288 | ---- | M] (Microsoft Corporation) {C9712B19-838B-45A5-ABF2-9A315DDDED50} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\AUTHZAX.DLL [Microsoft Office 12 Authorization Control] -> [2006/10/26 21:12:26 | 000,053,576 | ---- | M] (Microsoft Corporation) {CDEC13B2-0B3C-400E-B909-E27EE89C6799} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\STSUPLD.DLL [STSUpld CopyCtl Class] -> [2006/10/26 20:59:30 | 000,227,128 | ---- | M] (Microsoft Corporation) {D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> C:\Windows\System32\Macromed\Flash\Flash10d.ocx [Shockwave Flash Object] -> [2009/10/28 01:31:12 | 003,982,240 | R--- | M] (Adobe Systems, Inc.) {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {E543A17A-F212-49C0-B63D-BF09B460250E} [HKLM] -> C:\Arquivos de Programas\Microsoft Office\Office12\oisctrl.dll [OISClientLauncher Class] -> [2006/10/26 21:00:04 | 000,023,392 | ---- | M] (Microsoft Corporation) {E7339A62-0E31-4A5E-BA3D-F2FEDFBF8BE5} [HKLM] -> C:\Arquivos de Programas\Common Files\microsoft shared\Portal\PortalConnectCore.dll [PersonalSite Class] -> [2006/10/26 22:30:44 | 000,482,088 | ---- | M] () {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ -> .bat [@ = batfile] -> "%1" %* -> .cmd [@ = cmdfile] -> "%1" %* -> .com [@ = comfile] -> "%1" %* -> .cpl [@ = cplfile] -> C:\Windows\System32\control.exe -> [2009/07/13 23:14:15 | 000,113,152 | ---- | M] (Microsoft Corporation) .exe [@ = exefile] -> "%1" %* -> .hlp [@ = hlpfile] -> C:\Windows\winhlp32.exe -> [2009/07/13 23:14:45 | 000,009,728 | ---- | M] (Microsoft Corporation) .html [@ = htmlfile] -> C:\Program Files\Internet Explorer\IEXPLORE.EXE -> [2009/07/13 23:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) .pif [@ = piffile] -> "%1" %* -> .scr [@ = scrfile] -> "%1" /S -> < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> -> *netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs -> FastUserSwitchingCompatibility -> -> File not found Ias -> C:\Windows\System32\ias -> [2009/07/14 00:37:08 | 000,000,000 | ---D | M] Irmon -> C:\Windows\System32\irmon.dll -> [2009/07/13 23:15:34 | 000,019,968 | ---- | M] (Microsoft Corporation) Nla -> -> File not found Ntmssvc -> -> File not found NWCWorkstation -> -> File not found Nwsapagent -> -> File not found SRService -> -> File not found Wmi -> C:\Windows\System32\wmi.dll -> [2009/07/13 23:11:09 | 000,005,120 | ---- | M] (Microsoft Corporation) WmdmPmSp -> -> File not found LogonHours -> -> File not found PCAudit -> -> File not found helpsvc -> -> File not found uploadmgr -> -> File not found Themes -> C:\Windows\System32\themeservice.dll -> [2009/07/13 23:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) BDESVC -> C:\Windows\System32\bdesvc.dll -> [2009/07/13 23:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> < Protocol Filters [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ -> text/xml:{807563E5-5146-11D5-A672-00B0D022E945} [HKLM] -> C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL[Microsoft Office InfoPath XML Mime Filter] -> [2006/10/26 22:41:48 | 000,044,344 | ---- | M] (Microsoft Corporation) < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> dssrequest:{5513F07E-936B-4E52-9B00-067394E91CC5} [HKLM] -> c:\Arquivos de Programas\McAfee\SiteAdvisor\McIEPlg.dll[McAfee SACore Protocol Handler] -> [2009/11/23 10:26:38 | 000,204,048 | ---- | M] (McAfee, Inc.) ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} [HKLM] -> C:\Arquivos de Programas\Common Files\microsoft shared\Help\hxds.dll[HxProtocol Class] -> [2006/10/26 14:45:02 | 000,873,216 | ---- | M] (Microsoft Corporation) sacore:{5513F07E-936B-4E52-9B00-067394E91CC5} [HKLM] -> c:\Arquivos de Programas\McAfee\SiteAdvisor\McIEPlg.dll[McAfee SACore Protocol Handler] -> [2009/11/23 10:26:38 | 000,204,048 | ---- | M] (McAfee, Inc.) < SafeBoot-Minimal Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ -> {36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers {4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive {4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive {4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller {4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc {4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard {4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse {4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters {4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter {4D36E97D-E325-11CE-BFC1-08002BE10318} -> System {4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive {533C5B84-EC70-11D2-9505-00C04F79DEAF} -> Volume shadow copy {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} -> IEEE 1394 Bus host controllers {71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices {D48179BE-EC20-11D1-B6B8-00C04FA372A7} -> SBP2 IEEE 1394 Devices {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} -> SecurityDevices Base -> Driver Group Boot Bus Extender -> Driver Group Boot file system -> Driver Group File system -> Driver Group Filter -> Driver Group HelpSvc -> Service NTDS -> -> File not found PCI Configuration -> Driver Group PEVSystemStart -> Service PNP Filter -> Driver Group Power -> C:\Windows\System32\umpo.dll -> [2009/07/13 23:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) Primary disk -> Driver Group procexp90.Sys -> Driver RpcEptMapper -> C:\Windows\System32\RpcEpMap.dll -> [2009/07/13 23:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) sacsvr -> Service SCSI Class -> Driver Group System Bus Extender -> Driver Group vmms -> Service WinDefend -> C:\Arquivos de programas\Windows Defender\MpSvc.dll -> [2009/07/13 23:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) < SafeBoot-Network Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ -> {36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers {4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive {4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive {4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller {4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc {4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard {4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse {4D36E972-E325-11CE-BFC1-08002BE10318} -> Net {4D36E973-E325-11CE-BFC1-08002BE10318} -> NetClient {4D36E974-E325-11CE-BFC1-08002BE10318} -> NetService {4D36E975-E325-11CE-BFC1-08002BE10318} -> NetTrans {4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters {4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter {4D36E97D-E325-11CE-BFC1-08002BE10318} -> System {4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive {50DD5230-BA8A-11D1-BF5D-0000F805F530} -> Smart card readers {533C5B84-EC70-11D2-9505-00C04F79DEAF} -> Volume shadow copy {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} -> IEEE 1394 Bus host controllers {71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices {D48179BE-EC20-11D1-B6B8-00C04FA372A7} -> SBP2 IEEE 1394 Devices {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} -> SecurityDevices Base -> Driver Group Boot Bus Extender -> Driver Group Boot file system -> Driver Group Dhcp -> C:\Windows\System32\dhcpcore.dll -> [2009/07/13 23:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) File system -> Driver Group Filter -> Driver Group HelpSvc -> Service Messenger -> Service NDIS Wrapper -> Driver Group ndiscap -> C:\Windows\System32\drivers\ndiscap.sys -> [2009/07/13 21:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) NetBIOSGroup -> Driver Group NetDDEGroup -> Driver Group Network -> Driver Group NetworkProvider -> Driver Group NTDS -> -> File not found PCI Configuration -> Driver Group PEVSystemStart -> Service PNP Filter -> Driver Group PNP_TDI -> Driver Group Power -> C:\Windows\System32\umpo.dll -> [2009/07/13 23:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) Primary disk -> Driver Group procexp90.Sys -> Driver rdsessmgr -> Service RpcEptMapper -> C:\Windows\System32\RpcEpMap.dll -> [2009/07/13 23:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) sacsvr -> Service SCSI Class -> Driver Group Streams Drivers -> Driver Group System Bus Extender -> Driver Group TDI -> Driver Group vmms -> Service WinDefend -> C:\Arquivos de programas\Windows Defender\MpSvc.dll -> [2009/07/13 23:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) WudfUsbccidDriver -> Driver < Session Manager Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager -> *BootExecute* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\\BootExecute -> autocheck autochk * -> -> File not found lSet\Control\Sessi -> -> File not found *MultiFile Done* -> -> "ExcludeFromKnownDlls" -> [binary data] -> *ObjectDirectories* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\\ObjectDirectories -> \Windows -> \Windows -> [2010/02/02 12:01:46 | 000,000,000 | ---D | M] \RPC Control -> -> File not found *MultiFile Done* -> -> *PendingFileRenameOperations* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\\PendingFileRenameOperations -> \??\C:\Program Files\McAfee\SiteAdvisor\Download\s1co [\??\C:\Program Files\McAfee\SiteAdvisor\Download\s1co] -> C:\Arquivos de Programas\McAfee\SiteAdvisor\Download\s1co [C:\Arquivos de Programas\McAfee\SiteAdvisor\Download\s1co] -> [2010/02/03 11:54:40 | 000,003,387 | ---- | M] () *MultiFile Done* -> -> < Session Manager Environment Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment -> "ComSpec" -> C:\Windows\System32\cmd.exe -> [2009/07/13 23:14:15 | 000,301,568 | ---- | M] (Microsoft Corporation) "TEMP" -> C:\Windows\Temp -> [2010/02/03 11:54:28 | 000,000,000 | ---D | M] "TMP" -> C:\Windows\Temp -> [2010/02/03 11:54:28 | 000,000,000 | ---D | M] "windir" -> C:\Windows -> [2010/02/02 12:01:46 | 000,000,000 | ---D | M] *Path* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\Path -> %SYSTEMROOT%\SYSTEM32 -> C:\Windows\System32 -> [2010/02/03 11:43:42 | 000,000,000 | ---D | M] %SYSTEMROOT% -> C:\Windows -> [2010/02/02 12:01:46 | 000,000,000 | ---D | M] %SYSTEMROOT%\SYSTEM32\WBEM -> C:\Windows\System32\wbem -> [2010/01/20 21:21:22 | 000,000,000 | ---D | M] %SYSTEMROOT%\SYSTEM32\WINDOWSPOWERSHELL\V1.0\ -> C:\Windows\System32\WINDOWSPOWERSHELL\V1.0\ -> [2009/07/14 06:31:01 | 000,000,000 | ---D | M] *MultiFile Done* -> -> *PATHEXT* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\PATHEXT -> .COM -> -> File not found .EXE -> -> File not found .BAT -> -> File not found .CMD -> -> File not found .VBS -> -> File not found .VBE -> -> File not found .JS -> -> File not found .JSE -> -> File not found .WSF -> -> File not found .WSH -> -> File not found .MSC -> -> File not found *MultiFile Done* -> -> < Session Manager FileRenameOperations Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\FileRenameOperations -> < Session Manager KnownDlls Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDlls -> "advapi32" -> C:\Windows\System32\advapi32.dll -> [2009/07/13 23:14:53 | 000,640,000 | ---- | M] (Microsoft Corporation) "clbcatq" -> C:\Windows\System32\clbcatq.dll -> [2009/07/13 23:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) "COMDLG32" -> C:\Windows\System32\comdlg32.dll -> [2009/07/13 23:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) "DifxApi" -> C:\Windows\System32\difxapi.dll -> [2009/07/13 23:15:11 | 000,315,904 | ---- | M] (Microsoft Corporation) "DllDirectory" -> C:\Windows\System32 -> [2010/02/03 11:43:42 | 000,000,000 | ---D | M] "gdi32" -> C:\Windows\System32\gdi32.dll -> [2009/07/13 23:15:22 | 000,304,640 | ---- | M] (Microsoft Corporation) "IERTUTIL" -> C:\Windows\System32\iertutil.dll -> [2009/07/13 23:15:28 | 002,058,240 | ---- | M] (Microsoft Corporation) "IMAGEHLP" -> C:\Windows\System32\imagehlp.dll -> [2009/07/13 23:15:31 | 000,154,624 | ---- | M] (Microsoft Corporation) "IMM32" -> C:\Windows\System32\imm32.dll -> [2009/07/13 23:15:32 | 000,118,272 | ---- | M] (Microsoft Corporation) "kernel32" -> C:\Windows\System32\kernel32.dll -> [2009/07/13 23:15:35 | 000,857,088 | ---- | M] (Microsoft Corporation) "LPK" -> C:\Windows\System32\lpk.dll -> [2009/07/13 23:15:36 | 000,026,624 | ---- | M] (Microsoft Corporation) "MSCTF" -> C:\Windows\System32\msctf.dll -> [2009/07/13 23:15:43 | 000,828,928 | ---- | M] (Microsoft Corporation) "MSVCRT" -> C:\Windows\System32\msvcrt.dll -> [2009/07/13 23:15:50 | 000,690,688 | ---- | M] (Microsoft Corporation) "NORMALIZ" -> C:\Windows\System32\normaliz.dll -> [2009/07/13 23:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) "NSI" -> C:\Windows\System32\nsi.dll -> [2009/07/13 23:16:11 | 000,008,704 | ---- | M] (Microsoft Corporation) "ole32" -> C:\Windows\System32\ole32.dll -> [2009/07/13 23:16:12 | 001,412,608 | ---- | M] (Microsoft Corporation) "OLEAUT32" -> C:\Windows\System32\oleaut32.dll -> [2009/07/13 23:16:12 | 000,571,904 | ---- | M] (Microsoft Corporation) "PSAPI" -> C:\Windows\System32\psapi.dll -> [2009/07/13 23:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) "rpcrt4" -> C:\Windows\System32\rpcrt4.dll -> [2009/07/13 23:16:13 | 000,652,288 | ---- | M] (Microsoft Corporation) "sechost" -> C:\Windows\System32\sechost.dll -> [2009/07/13 23:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) "Setupapi" -> C:\Windows\System32\setupapi.dll -> [2009/07/13 23:16:14 | 001,668,608 | ---- | M] (Microsoft Corporation) "SHELL32" -> C:\Windows\System32\shell32.dll -> [2009/07/13 23:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation) "SHLWAPI" -> C:\Windows\System32\shlwapi.dll -> [2009/07/13 23:16:14 | 000,350,208 | ---- | M] (Microsoft Corporation) "URLMON" -> C:\Windows\System32\urlmon.dll -> [2009/07/13 23:16:17 | 001,224,704 | ---- | M] (Microsoft Corporation) "user32" -> C:\Windows\System32\user32.dll -> [2009/07/13 23:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) "USP10" -> C:\Windows\System32\usp10.dll -> [2009/07/13 23:16:17 | 000,627,200 | ---- | M] (Microsoft Corporation) "WININET" -> C:\Windows\System32\wininet.dll -> [2009/07/13 23:16:19 | 000,977,920 | ---- | M] (Microsoft Corporation) "WLDAP32" -> C:\Windows\System32\Wldap32.dll -> [2009/07/13 23:16:19 | 000,268,800 | ---- | M] (Microsoft Corporation) "WS2_32" -> C:\Windows\System32\ws2_32.dll -> [2009/07/13 23:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) < Default Protocols [HKEY_LOCAL_MACHINE\] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> ldap -> 4 = Restricted sites (Not a Default Protocol) -> news -> 4 = Restricted sites (Not a Default Protocol) -> nntp -> 4 = Restricted sites (Not a Default Protocol) -> oecmd -> 4 = Restricted sites (Not a Default Protocol) -> snews -> 4 = Restricted sites (Not a Default Protocol) -> < EventViewer Logs - Last 10 Errors > -> Event Information -> Description Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! [Files/Folders - Created Within 90 Days] OTS.exe -> C:\Users\Dr. Cesar\Desktop\OTS.exe -> [2010/02/03 11:57:24 | 000,632,320 | ---- | C] (OldTimer Tools) rsit -> C:\rsit -> [2010/02/02 21:02:00 | 000,000,000 | ---D | C] Help I Got Hacked_ Now What Do I Do_arquivos -> C:\Users\Dr. Cesar\Documents\Help I Got Hacked_ Now What Do I Do_arquivos -> [2010/02/02 20:28:18 | 000,000,000 | ---D | C] When should I re-format How should I reinstall Security - dslreports_com_arquivos -> C:\Users\Dr. Cesar\Documents\When should I re-format How should I reinstall Security - dslreports_com_arquivos -> [2010/02/02 20:27:57 | 000,000,000 | ---D | C] miekiemoes' Blog Malware Removal - Where to draw the line_arquivos -> C:\Users\Dr. Cesar\Documents\miekiemoes' Blog Malware Removal - Where to draw the line_arquivos -> [2010/02/02 20:27:24 | 000,000,000 | ---D | C] aswSP.sys -> C:\Windows\System32\drivers\aswSP.sys -> [2010/02/02 12:05:22 | 000,163,280 | ---- | C] (ALWIL Software) aswFsBlk.sys -> C:\Windows\System32\drivers\aswFsBlk.sys -> [2010/02/02 12:05:22 | 000,019,024 | ---- | C] (ALWIL Software) aswTdi.sys -> C:\Windows\System32\drivers\aswTdi.sys -> [2010/02/02 12:05:21 | 000,046,672 | ---- | C] (ALWIL Software) aswRdr.sys -> C:\Windows\System32\drivers\aswRdr.sys -> [2010/02/02 12:05:21 | 000,023,376 | ---- | C] (ALWIL Software) aswMonFlt.sys -> C:\Windows\System32\drivers\aswMonFlt.sys -> [2010/02/02 12:05:20 | 000,051,792 | ---- | C] (ALWIL Software) aswBoot.exe -> C:\Windows\System32\aswBoot.exe -> [2010/02/02 12:04:56 | 000,152,672 | ---- | C] (ALWIL Software) avastSS.scr -> C:\Windows\System32\avastSS.scr -> [2010/02/02 12:04:56 | 000,038,848 | ---- | C] (ALWIL Software) Alwil Software -> C:\ProgramData\Alwil Software -> [2010/02/02 12:04:54 | 000,000,000 | ---D | C] Alwil Software -> C:\Arquivos de Programas\Alwil Software -> [2010/02/02 12:04:54 | 000,000,000 | ---D | C] McAfee -> C:\Arquivos de Programas\Common Files\McAfee -> [2010/02/02 11:49:29 | 000,000,000 | ---D | C] McAfee -> C:\Arquivos de Programas\McAfee -> [2010/02/02 11:49:23 | 000,000,000 | ---D | C] McAfee -> C:\ProgramData\McAfee -> [2010/02/02 11:49:22 | 000,000,000 | ---D | C] mbamswissarmy.sys -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2010/02/02 09:01:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2010/02/02 09:01:15 | 000,019,160 | ---- | C] (Malwarebytes Corporation) Malwarebytes' Anti-Malware -> C:\Arquivos de Programas\Malwarebytes' Anti-Malware -> [2010/02/02 09:01:15 | 000,000,000 | ---D | C] _OTL -> C:\_OTL -> [2010/02/01 20:44:52 | 000,000,000 | ---D | C] Output -> C:\Users\Dr. Cesar\Desktop\Output -> [2010/01/27 17:06:38 | 000,000,000 | ---D | C] Minidump -> C:\Windows\Minidump -> [2010/01/27 15:52:35 | 000,000,000 | ---D | C] PCPitstop -> C:\ProgramData\PCPitstop -> [2010/01/27 13:44:06 | 000,000,000 | ---D | C] PCPitstop -> C:\Arquivos de Programas\PCPitstop -> [2010/01/27 13:44:05 | 000,000,000 | ---D | C] Sophos -> C:\Arquivos de Programas\Sophos -> [2010/01/27 12:53:35 | 000,000,000 | ---D | C] TEMP -> C:\ProgramData\TEMP -> [2010/01/26 15:12:46 | 000,000,000 | ---D | C] appmgmt -> C:\Windows\System32\appmgmt -> [2010/01/26 15:09:25 | 000,000,000 | ---D | C] SUPERAntiSpyware.com -> C:\ProgramData\SUPERAntiSpyware.com -> [2010/01/26 13:48:41 | 000,000,000 | ---D | C] SUPERAntiSpyware.com -> C:\Users\Dr. Cesar\AppData\Roaming\SUPERAntiSpyware.com -> [2010/01/26 13:48:20 | 000,000,000 | ---D | C] Uniblue -> C:\Users\Dr. Cesar\AppData\Roaming\Uniblue -> [2010/01/24 14:55:28 | 000,000,000 | ---D | C] Panda Security -> C:\Users\Dr. Cesar\AppData\Local\Panda Security -> [2010/01/22 12:19:30 | 000,000,000 | ---D | C] MSVCP71.DLL -> C:\Windows\System32\MSVCP71.DLL -> [2010/01/22 12:18:41 | 000,499,712 | ---- | C] (Microsoft Corporation) MSVCR71.DLL -> C:\Windows\System32\MSVCR71.DLL -> [2010/01/22 12:18:41 | 000,348,160 | ---- | C] (Microsoft Corporation) pavcpl.cpl -> C:\Windows\System32\pavcpl.cpl -> [2010/01/22 12:18:38 | 000,054,832 | ---- | C] (Panda Software) HHActiveX.dll -> C:\Windows\System32\HHActiveX.dll -> [2010/01/22 12:18:33 | 000,446,464 | ---- | C] (eHelp Corporation.) PavSHook.dll -> C:\Windows\System32\PavSHook.dll -> [2010/01/22 12:18:32 | 000,518,400 | ---- | C] (Panda Security, S.L.) TpUtil.dll -> C:\Windows\System32\TpUtil.dll -> [2010/01/22 12:18:32 | 000,193,792 | ---- | C] (Panda Security, S.L.) SYSTOOLS.DLL -> C:\Windows\System32\SYSTOOLS.DLL -> [2010/01/22 12:18:32 | 000,107,568 | ---- | C] (Panda Software) PavLspHook.dll -> C:\Windows\System32\PavLspHook.dll -> [2010/01/22 12:18:32 | 000,087,296 | ---- | C] (Panda Security, S.L.) pavipc.dll -> C:\Windows\System32\pavipc.dll -> [2010/01/22 12:18:32 | 000,055,552 | ---- | C] (Panda Security, S.L.) avldr.dll -> C:\Windows\System32\avldr.dll -> [2010/01/22 12:18:31 | 000,058,672 | ---- | C] (Panda Security, S.L.) Panda Security -> C:\Users\Dr. Cesar\AppData\Roaming\Panda Security -> [2010/01/22 12:18:30 | 000,000,000 | ---D | C] Panda Security -> C:\ProgramData\Panda Security -> [2010/01/22 12:18:30 | 000,000,000 | ---D | C] pavboot.sys -> C:\Windows\System32\drivers\pavboot.sys -> [2010/01/22 12:10:26 | 000,028,552 | ---- | C] (Panda Security, S.L.) ERDNT -> C:\Windows\ERDNT -> [2010/01/21 20:07:19 | 000,000,000 | ---D | C] ExButton.dll -> C:\Windows\System32\ExButton.dll -> [2010/01/21 16:35:39 | 000,614,400 | ---- | C] (Exontrol Inc.) ExMenu.dll -> C:\Windows\System32\ExMenu.dll -> [2010/01/21 16:35:39 | 000,602,112 | ---- | C] (Exontrol Inc.) ExTab.dll -> C:\Windows\System32\ExTab.dll -> [2010/01/21 16:35:39 | 000,516,096 | ---- | C] (Exontrol Inc.) ExPMenu.dll -> C:\Windows\System32\ExPMenu.dll -> [2010/01/21 16:35:39 | 000,307,200 | ---- | C] (Exontrol Inc.) eSellerateEngine.dll -> C:\Windows\System32\eSellerateEngine.dll -> [2010/01/21 16:35:37 | 000,356,352 | ---- | C] (eSellerate Inc.) eWebControl.dll -> C:\Windows\System32\eWebControl.dll -> [2010/01/21 16:35:37 | 000,118,784 | ---- | C] (eSellerate Inc.) vbar332.dll -> C:\Windows\System32\vbar332.dll -> [2010/01/21 16:35:36 | 000,368,912 | ---- | C] (Microsoft Corporation) temp.005 -> C:\Windows\System32\temp.005 -> [2010/01/21 16:35:35 | 000,326,656 | ---- | C] (Microsoft Corporation) temp.004 -> C:\Windows\System32\temp.004 -> [2010/01/21 16:35:34 | 001,388,544 | ---- | C] (Microsoft Corporation) temp.001 -> C:\Windows\System32\temp.001 -> [2010/01/21 16:35:34 | 000,164,112 | ---- | C] (Microsoft Corporation) temp.002 -> C:\Windows\System32\temp.002 -> [2010/01/21 16:35:34 | 000,147,728 | ---- | C] (Microsoft Corporation) temp.003 -> C:\Windows\System32\temp.003 -> [2010/01/21 16:35:34 | 000,017,920 | ---- | C] (Microsoft Corporation) temp.000 -> C:\Windows\System32\temp.000 -> [2010/01/21 16:35:33 | 000,598,288 | ---- | C] (Microsoft Corporation) ExGrid.dll -> C:\Windows\System32\ExGrid.dll -> [2010/01/20 17:00:03 | 001,753,088 | ---- | C] (Exontrol Inc.) AnswersThatWork -> C:\Arquivos de Programas\AnswersThatWork -> [2010/01/20 16:59:58 | 000,000,000 | ---D | C] mbam-setup.exe -> C:\Users\Dr. Cesar\Documents\mbam-setup.exe -> [2010/01/19 13:05:56 | 005,115,832 | ---- | C] (Malwarebytes Corporation ) Config.Msi -> C:\Config.Msi -> [2010/01/18 18:40:54 | 000,000,000 | -HSD | C] Kaspersky Lab -> C:\ProgramData\Kaspersky Lab -> [2010/01/17 19:06:35 | 000,000,000 | ---D | C] Malwarebytes -> C:\Users\Dr. Cesar\AppData\Roaming\Malwarebytes -> [2010/01/16 13:53:36 | 000,000,000 | ---D | C] Malwarebytes -> C:\ProgramData\Malwarebytes -> [2010/01/16 13:53:27 | 000,000,000 | ---D | C] Trend Micro -> C:\Arquivos de Programas\Trend Micro -> [2010/01/11 19:48:01 | 000,000,000 | ---D | C] 3dfibs -> C:\Users\Dr. Cesar\Documents\3dfibs -> [2010/01/11 14:32:37 | 000,000,000 | ---D | C] tabctl32.ocx -> C:\Windows\System32\tabctl32.ocx -> [2010/01/11 14:18:45 | 000,224,016 | ---- | C] (Microsoft Corporation) comdlg32.ocx -> C:\Windows\System32\comdlg32.ocx -> [2010/01/11 14:18:45 | 000,152,848 | ---- | C] (Microsoft Corporation) .gnubg -> C:\Users\Dr. Cesar\.gnubg -> [2010/01/05 16:35:24 | 000,000,000 | ---D | C] Macromed -> C:\Windows\System32\Macromed -> [2010/01/05 15:27:02 | 000,000,000 | ---D | C] Diagnostics -> C:\Users\Dr. Cesar\AppData\Local\Diagnostics -> [2010/01/05 14:07:42 | 000,000,000 | ---D | C] [Files/Folders - Modified Within 90 Days] ntuser.dat -> C:\Users\Dr. Cesar\ntuser.dat -> [2010/02/03 12:06:08 | 001,835,008 | -HS- | M] () OTS.exe -> C:\Users\Dr. Cesar\Desktop\OTS.exe -> [2010/02/03 11:54:26 | 000,632,320 | ---- | M] (OldTimer Tools) 7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2010/02/03 11:44:47 | 000,013,232 | -H-- | M] () 7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2010/02/03 11:44:47 | 000,013,232 | -H-- | M] () PerfStringBackup.INI -> C:\Windows\System32\PerfStringBackup.INI -> [2010/02/03 11:43:42 | 001,409,822 | ---- | M] () prfh0416.dat -> C:\Windows\System32\prfh0416.dat -> [2010/02/03 11:43:42 | 000,620,354 | ---- | M] () perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2010/02/03 11:43:42 | 000,574,600 | ---- | M] () prfc0416.dat -> C:\Windows\System32\prfc0416.dat -> [2010/02/03 11:43:42 | 000,117,788 | ---- | M] () perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2010/02/03 11:43:42 | 000,096,434 | ---- | M] () SA.DAT -> C:\Windows\tasks\SA.DAT -> [2010/02/03 11:39:29 | 000,000,006 | -H-- | M] () bootstat.dat -> C:\Windows\bootstat.dat -> [2010/02/03 11:39:19 | 000,067,584 | --S- | M] () hiberfil.sys -> C:\hiberfil.sys -> [2010/02/03 11:39:08 | 1602,936,832 | -HS- | M] () IconCache.db -> C:\Users\Dr. Cesar\AppData\Local\IconCache.db -> [2010/02/02 21:36:13 | 001,706,921 | -H-- | M] () Help I Got Hacked_ Now What Do I Do.htm -> C:\Users\Dr. Cesar\Documents\Help I Got Hacked_ Now What Do I Do.htm -> [2010/02/02 20:28:21 | 000,034,322 | ---- | M] () When should I re-format How should I reinstall Security - dslreports_com.htm -> C:\Users\Dr. Cesar\Documents\When should I re-format How should I reinstall Security - dslreports_com.htm -> [2010/02/02 20:27:57 | 000,050,576 | ---- | M] () miekiemoes' Blog Malware Removal - Where to draw the line.htm -> C:\Users\Dr. Cesar\Documents\miekiemoes' Blog Malware Removal - Where to draw the line.htm -> [2010/02/02 20:27:28 | 000,102,605 | ---- | M] () avast! Free Antivirus.lnk -> C:\Users\Public\Desktop\avast! Free Antivirus.lnk -> [2010/02/02 12:05:22 | 000,002,005 | ---- | M] () config.nt -> C:\Windows\System32\config.nt -> [2010/02/02 12:05:20 | 000,002,577 | ---- | M] () Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/02/02 09:01:20 | 000,000,979 | ---- | M] () ESCALA VASCULAR fev 10.doc -> C:\Users\Dr. Cesar\Desktop\ESCALA VASCULAR fev 10.doc -> [2010/01/29 15:25:35 | 000,023,552 | ---- | M] () avastSS.scr -> C:\Windows\System32\avastSS.scr -> [2010/01/28 20:09:46 | 000,038,848 | ---- | M] (ALWIL Software) aswBoot.exe -> C:\Windows\System32\aswBoot.exe -> [2010/01/28 20:09:26 | 000,152,672 | ---- | M] (ALWIL Software) aswTdi.sys -> C:\Windows\System32\drivers\aswTdi.sys -> [2010/01/28 19:57:55 | 000,046,672 | ---- | M] (ALWIL Software) aswSP.sys -> C:\Windows\System32\drivers\aswSP.sys -> [2010/01/28 19:57:34 | 000,163,280 | ---- | M] (ALWIL Software) aswRdr.sys -> C:\Windows\System32\drivers\aswRdr.sys -> [2010/01/28 19:54:42 | 000,023,376 | ---- | M] (ALWIL Software) aswMonFlt.sys -> C:\Windows\System32\drivers\aswMonFlt.sys -> [2010/01/28 19:54:27 | 000,051,792 | ---- | M] (ALWIL Software) aswFsBlk.sys -> C:\Windows\System32\drivers\aswFsBlk.sys -> [2010/01/28 19:54:05 | 000,019,024 | ---- | M] (ALWIL Software) .recently-used.xbel -> C:\Users\Dr. Cesar\.recently-used.xbel -> [2010/01/28 15:18:35 | 000,000,218 | ---- | M] () gnubg.pdf -> C:\Users\Dr. Cesar\Documents\gnubg.pdf -> [2010/01/28 15:14:01 | 002,416,883 | ---- | M] () PAV_FOG.OPC -> C:\Windows\System32\PAV_FOG.OPC -> [2010/01/26 19:12:17 | 000,008,627 | ---- | M] () Jelly.ini -> C:\Windows\Jelly.ini -> [2010/01/26 14:34:08 | 000,000,274 | ---- | M] () ntuser.dat{352b7e41-0612-11df-9da1-002185ff1f6b}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Dr. Cesar\ntuser.dat{352b7e41-0612-11df-9da1-002185ff1f6b}.TMContainer00000000000000000002.regtrans-ms -> [2010/01/20 21:33:29 | 000,524,288 | -HS- | M] () ntuser.dat{352b7e41-0612-11df-9da1-002185ff1f6b}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Dr. Cesar\ntuser.dat{352b7e41-0612-11df-9da1-002185ff1f6b}.TMContainer00000000000000000001.regtrans-ms -> [2010/01/20 21:33:29 | 000,524,288 | -HS- | M] () ntuser.dat{352b7e41-0612-11df-9da1-002185ff1f6b}.TM.blf -> C:\Users\Dr. Cesar\ntuser.dat{352b7e41-0612-11df-9da1-002185ff1f6b}.TM.blf -> [2010/01/20 21:33:29 | 000,065,536 | -HS- | M] () Windows Explorer.lnk -> C:\Users\Dr. Cesar\Desktop\Windows Explorer.lnk -> [2010/01/20 13:34:38 | 000,000,607 | ---- | M] () mbam-setup.exe -> C:\Users\Dr. Cesar\Documents\mbam-setup.exe -> [2010/01/19 13:06:05 | 005,115,832 | ---- | M] (Malwarebytes Corporation ) ESCALA VASCULAR jan 2010.doc -> C:\Users\Dr. Cesar\Desktop\ESCALA VASCULAR jan 2010.doc -> [2010/01/18 19:14:04 | 000,024,576 | ---- | M] () GDIPFONTCACHEV1.DAT -> C:\Users\Dr. Cesar\AppData\Local\GDIPFONTCACHEV1.DAT -> [2010/01/18 16:17:34 | 000,107,968 | ---- | M] () FNTCACHE.DAT -> C:\Windows\System32\FNTCACHE.DAT -> [2010/01/13 20:03:22 | 000,408,600 | ---- | M] () protocolos_urgencia_emergencia[1].pdf -> C:\Users\Dr. Cesar\Documents\protocolos_urgencia_emergencia[1].pdf -> [2010/01/13 11:07:43 | 001,486,054 | ---- | M] () 3dfibs.lnk -> C:\Users\Dr. Cesar\Desktop\3dfibs.lnk -> [2010/01/11 14:18:48 | 000,000,665 | ---- | M] () mbamswissarmy.sys -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2010/01/07 16:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2010/01/07 16:07:04 | 000,019,160 | ---- | M] (Malwarebytes Corporation) GNU Backgammon.lnk -> C:\Users\Public\Desktop\GNU Backgammon.lnk -> [2010/01/06 15:52:18 | 000,000,700 | ---- | M] () Fibs League Gammon.docx -> C:\Users\Dr. Cesar\Desktop\Fibs League Gammon.docx -> [2010/01/06 12:20:58 | 000,023,478 | ---- | M] () win.ini -> C:\Windows\win.ini -> [2010/01/05 15:16:05 | 000,000,327 | ---- | M] () NTUSER.DAT{758e00b1-f564-11de-bc96-002185ff1f6b}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Dr. Cesar\NTUSER.DAT{758e00b1-f564-11de-bc96-002185ff1f6b}.TMContainer00000000000000000002.regtrans-ms -> [2009/12/30 14:58:28 | 000,524,288 | -HS- | M] () NTUSER.DAT{758e00b1-f564-11de-bc96-002185ff1f6b}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Dr. Cesar\NTUSER.DAT{758e00b1-f564-11de-bc96-002185ff1f6b}.TMContainer00000000000000000001.regtrans-ms -> [2009/12/30 14:58:28 | 000,524,288 | -HS- | M] () NTUSER.DAT{758e00b1-f564-11de-bc96-002185ff1f6b}.TM.blf -> C:\Users\Dr. Cesar\NTUSER.DAT{758e00b1-f564-11de-bc96-002185ff1f6b}.TM.blf -> [2009/12/30 14:58:28 | 000,065,536 | -HS- | M] () DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Dr. Cesar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/12/03 18:55:53 | 000,003,584 | ---- | M] () Declaração de Contribuição Previdenciária.doc -> C:\Users\Dr. Cesar\Documents\Declaração de Contribuição Previdenciária.doc -> [2009/12/02 10:47:40 | 000,027,648 | ---- | M] () Uconeer.lnk -> C:\Users\Dr. Cesar\Desktop\Uconeer.lnk -> [2009/11/18 14:00:40 | 000,000,640 | ---- | M] () [Files - No Company Name] Help I Got Hacked_ Now What Do I Do.htm -> C:\Users\Dr. Cesar\Documents\Help I Got Hacked_ Now What Do I Do.htm -> [2010/02/02 20:28:21 | 000,034,322 | ---- | C] () When should I re-format How should I reinstall Security - dslreports_com.htm -> C:\Users\Dr. Cesar\Documents\When should I re-format How should I reinstall Security - dslreports_com.htm -> [2010/02/02 20:27:57 | 000,050,576 | ---- | C] () miekiemoes' Blog Malware Removal - Where to draw the line.htm -> C:\Users\Dr. Cesar\Documents\miekiemoes' Blog Malware Removal - Where to draw the line.htm -> [2010/02/02 20:27:23 | 000,102,605 | ---- | C] () IconCache.db -> C:\Users\Dr. Cesar\AppData\Local\IconCache.db -> [2010/02/02 14:17:52 | 001,706,921 | -H-- | C] () avast! Free Antivirus.lnk -> C:\Users\Public\Desktop\avast! Free Antivirus.lnk -> [2010/02/02 12:05:22 | 000,002,005 | ---- | C] () Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/02/02 09:01:20 | 000,000,979 | ---- | C] () ESCALA VASCULAR fev 10.doc -> C:\Users\Dr. Cesar\Desktop\ESCALA VASCULAR fev 10.doc -> [2010/01/29 15:25:32 | 000,023,552 | ---- | C] () .recently-used.xbel -> C:\Users\Dr. Cesar\.recently-used.xbel -> [2010/01/28 15:18:35 | 000,000,218 | ---- | C] () gnubg.pdf -> C:\Users\Dr. Cesar\Documents\gnubg.pdf -> [2010/01/28 15:13:52 | 002,416,883 | ---- | C] () ntuser.dat{352b7e41-0612-11df-9da1-002185ff1f6b}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Dr. Cesar\ntuser.dat{352b7e41-0612-11df-9da1-002185ff1f6b}.TMContainer00000000000000000002.regtrans-ms -> [2010/01/20 20:22:21 | 000,524,288 | -HS- | C] () ntuser.dat{352b7e41-0612-11df-9da1-002185ff1f6b}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Dr. Cesar\ntuser.dat{352b7e41-0612-11df-9da1-002185ff1f6b}.TMContainer00000000000000000001.regtrans-ms -> [2010/01/20 20:22:21 | 000,524,288 | -HS- | C] () ntuser.dat{352b7e41-0612-11df-9da1-002185ff1f6b}.TM.blf -> C:\Users\Dr. Cesar\ntuser.dat{352b7e41-0612-11df-9da1-002185ff1f6b}.TM.blf -> [2010/01/20 20:22:21 | 000,065,536 | -HS- | C] () ESCALA VASCULAR jan 2010.doc -> C:\Users\Dr. Cesar\Desktop\ESCALA VASCULAR jan 2010.doc -> [2010/01/18 19:14:02 | 000,024,576 | ---- | C] () Jelly.ini -> C:\Windows\Jelly.ini -> [2010/01/16 14:43:22 | 000,000,274 | ---- | C] () protocolos_urgencia_emergencia[1].pdf -> C:\Users\Dr. Cesar\Documents\protocolos_urgencia_emergencia[1].pdf -> [2010/01/13 11:07:43 | 001,486,054 | ---- | C] () Fibs League Gammon.docx -> C:\Users\Dr. Cesar\Desktop\Fibs League Gammon.docx -> [2010/01/06 12:20:57 | 000,023,478 | ---- | C] () PAV_FOG.OPC -> C:\Windows\System32\PAV_FOG.OPC -> [2010/01/05 15:49:48 | 000,008,627 | ---- | C] () NTUSER.DAT{758e00b1-f564-11de-bc96-002185ff1f6b}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Dr. Cesar\NTUSER.DAT{758e00b1-f564-11de-bc96-002185ff1f6b}.TMContainer00000000000000000002.regtrans-ms -> [2009/12/30 14:58:28 | 000,524,288 | -HS- | C] () NTUSER.DAT{758e00b1-f564-11de-bc96-002185ff1f6b}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Dr. Cesar\NTUSER.DAT{758e00b1-f564-11de-bc96-002185ff1f6b}.TMContainer00000000000000000001.regtrans-ms -> [2009/12/30 14:58:28 | 000,524,288 | -HS- | C] () NTUSER.DAT{758e00b1-f564-11de-bc96-002185ff1f6b}.TM.blf -> C:\Users\Dr. Cesar\NTUSER.DAT{758e00b1-f564-11de-bc96-002185ff1f6b}.TM.blf -> [2009/12/30 14:58:28 | 000,065,536 | -HS- | C] () DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Dr. Cesar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/12/03 18:55:53 | 000,003,584 | ---- | C] () Uconeer.lnk -> C:\Users\Dr. Cesar\Desktop\Uconeer.lnk -> [2009/11/18 14:00:40 | 000,000,640 | ---- | C] () cpuinf32.dll -> C:\Windows\System32\cpuinf32.dll -> [2009/09/04 17:33:19 | 000,019,968 | ---- | C] () unrar.dll -> C:\Windows\System32\unrar.dll -> [2009/09/04 17:33:18 | 000,152,064 | ---- | C] () xvidcore.dll -> C:\Windows\System32\xvidcore.dll -> [2009/09/04 17:33:17 | 000,761,856 | ---- | C] () ldf252.dll -> C:\Windows\System32\ldf252.dll -> [2009/08/25 15:29:33 | 000,335,872 | ---- | C] () VBRUN100.DLL -> C:\Windows\System32\VBRUN100.DLL -> [2009/08/14 12:07:25 | 000,271,264 | ---- | C] () BthpanContextHandler.dll -> C:\Windows\System32\BthpanContextHandler.dll -> [2009/07/13 21:51:43 | 000,073,728 | ---- | C] () BWContextHandler.dll -> C:\Windows\System32\BWContextHandler.dll -> [2009/07/13 21:42:10 | 000,064,000 | ---- | C] () [File - Lop Check] Goodsol -> C:\Users\Dr. Cesar\AppData\Roaming\Goodsol -> [2009/08/23 21:32:30 | 000,000,000 | ---D | M] gtk-2.0 -> C:\Users\Dr. Cesar\AppData\Roaming\gtk-2.0 -> [2010/01/28 14:46:24 | 000,000,000 | ---D | M] JAM Software -> C:\Users\Dr. Cesar\AppData\Roaming\JAM Software -> [2009/08/23 21:32:32 | 000,000,000 | ---D | M] Panda Security -> C:\Users\Dr. Cesar\AppData\Roaming\Panda Security -> [2010/01/22 12:18:30 | 000,000,000 | ---D | M] Uniblue -> C:\Users\Dr. Cesar\AppData\Roaming\Uniblue -> [2010/01/24 14:55:28 | 000,000,000 | ---D | M] SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT -> [2010/01/29 08:58:41 | 000,032,608 | ---- | M] () [File - Purity Scan] [Custom Scans] < %SYSTEMDRIVE%\*.* > autoexec.bat -> C:\autoexec.bat -> [2009/06/10 19:42:20 | 000,000,024 | ---- | M] () bootmgr -> C:\bootmgr -> [2009/07/13 23:38:58 | 000,383,562 | RHS- | M] () BOOTSECT.BAK -> C:\BOOTSECT.BAK -> [2009/08/23 21:21:50 | 000,008,192 | RHS- | M] () config.sys -> C:\config.sys -> [2009/06/10 19:42:20 | 000,000,010 | ---- | M] () grldr -> C:\grldr -> [2009/08/02 10:59:51 | 000,171,136 | RHS- | M] () grldr.bak -> C:\grldr.bak -> [2009/08/02 10:59:51 | 000,171,136 | ---- | M] () hiberfil.sys -> C:\hiberfil.sys -> [2010/02/03 11:39:08 | 1602,936,832 | -HS- | M] () IO.SYS -> C:\IO.SYS -> [2009/08/12 22:07:53 | 000,000,000 | RHS- | M] () MSDOS.SYS -> C:\MSDOS.SYS -> [2009/08/12 22:07:53 | 000,000,000 | RHS- | M] () pagefile.sys -> C:\pagefile.sys -> [2010/02/03 11:39:15 | 2137,251,840 | -HS- | M] () Status_Log.txt -> C:\Status_Log.txt -> [2009/09/01 22:45:24 | 000,001,702 | ---- | M] () TDSSKiller.2.2.2_02.02.2010_16.58.10_log.txt -> C:\TDSSKiller.2.2.2_02.02.2010_16.58.10_log.txt -> [2010/02/02 16:58:12 | 000,013,484 | ---- | M] () TDSSKiller.txt -> C:\TDSSKiller.txt -> [2010/02/02 16:59:14 | 000,013,484 | ---- | M] () < MD5 Scans Start> < %systemdrive%\AGP440.SYS /md5 /s > AGP440.sys : MD5=507812C3054C21CEF746B6EE3D04DD6E -> C:\Windows\System32\drivers\AGP440.sys -> [2009/07/13 23:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) AGP440.sys : MD5=507812C3054C21CEF746B6EE3D04DD6E -> C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys -> [2009/07/13 23:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) AGP440.sys : MD5=507812C3054C21CEF746B6EE3D04DD6E -> C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys -> [2009/07/13 23:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) < %systemdrive%\ATAPI.SYS /md5 /s > atapi.sys : MD5=338C86357871C167A96AB976519BF59E -> C:\Windows\System32\drivers\atapi.sys -> [2009/07/13 23:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) atapi.sys : MD5=338C86357871C167A96AB976519BF59E -> C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys -> [2009/07/13 23:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) atapi.sys : MD5=338C86357871C167A96AB976519BF59E -> C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys -> [2009/07/13 23:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) < %systemdrive%\CNGAUDIT.DLL /md5 /s > cngaudit.dll : MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -> C:\Windows\System32\cngaudit.dll -> [2009/07/13 23:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) cngaudit.dll : MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -> C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll -> [2009/07/13 23:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) < %systemdrive%\IASTORV.SYS /md5 /s > iaStorV.sys : MD5=934AF4D7C5F457B9F0743F4299B77B67 -> C:\Windows\System32\drivers\iaStorV.sys -> [2009/07/13 23:20:36 | 000,332,352 | ---- | M] (Intel Corporation) iaStorV.sys : MD5=934AF4D7C5F457B9F0743F4299B77B67 -> C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys -> [2009/07/13 23:20:36 | 000,332,352 | ---- | M] (Intel Corporation) iaStorV.sys : MD5=934AF4D7C5F457B9F0743F4299B77B67 -> C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys -> [2009/07/13 23:20:36 | 000,332,352 | ---- | M] (Intel Corporation) < %systemdrive%\NETLOGON.DLL /md5 /s > netlogon.dll : MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -> C:\Windows\System32\netlogon.dll -> [2009/07/13 23:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) netlogon.dll : MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -> C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll -> [2009/07/13 23:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) < %systemdrive%\NVSTOR.SYS /md5 /s > nvstor.sys : MD5=C99F251A5DE63C6F129CF71933ACED0F -> C:\Windows\System32\drivers\nvstor.sys -> [2009/07/13 23:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) nvstor.sys : MD5=C99F251A5DE63C6F129CF71933ACED0F -> C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys -> [2009/07/13 23:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) nvstor.sys : MD5=C99F251A5DE63C6F129CF71933ACED0F -> C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys -> [2009/07/13 23:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) < %systemdrive%\SCECLI.DLL /md5 /s > scecli.dll : MD5=26073302DAEA83CC5B944C546D6B47D2 -> C:\Windows\System32\scecli.dll -> [2009/07/13 23:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) scecli.dll : MD5=26073302DAEA83CC5B944C546D6B47D2 -> C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll -> [2009/07/13 23:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) < MD5 Scans End> < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\*. /mp /s > < %PROGRAMFILES%\*. > ACD Systems -> C:\Arquivos de Programas\ACD Systems -> [2009/08/25 15:29:32 | 000,000,000 | ---D | M] ACE Mega CoDecS Pack -> C:\Arquivos de Programas\ACE Mega CoDecS Pack -> [2009/09/04 17:33:48 | 000,000,000 | ---D | M] Adobe -> C:\Arquivos de Programas\Adobe -> [2009/08/23 21:28:07 | 000,000,000 | ---D | M] Alwil Software -> C:\Arquivos de Programas\Alwil Software -> [2010/02/02 12:04:54 | 000,000,000 | ---D | M] AnswersThatWork -> C:\Arquivos de Programas\AnswersThatWork -> [2010/01/20 16:59:58 | 000,000,000 | ---D | M] Arquivos Comuns -> C:\Arquivos de Programas\Arquivos Comuns -> [2009/08/23 21:43:17 | 000,000,000 | -HSD | M] CCleaner -> C:\Arquivos de Programas\CCleaner -> [2009/09/16 14:34:53 | 000,000,000 | ---D | M] Common Files -> C:\Arquivos de Programas\Common Files -> [2010/02/02 12:01:45 | 000,000,000 | ---D | M] Cygnus -> C:\Arquivos de Programas\Cygnus -> [2009/09/16 14:31:18 | 000,000,000 | ---D | M] DVD Maker -> C:\Arquivos de Programas\DVD Maker -> [2009/07/14 06:53:54 | 000,000,000 | ---D | M] Icon Sucker -> C:\Arquivos de Programas\Icon Sucker -> [2009/08/23 21:28:16 | 000,000,000 | ---D | M] InstallShield Installation Information -> C:\Arquivos de Programas\InstallShield Installation Information -> [2010/01/22 12:18:30 | 000,000,000 | -H-D | M] Internet Explorer -> C:\Arquivos de Programas\Internet Explorer -> [2009/07/14 06:31:03 | 000,000,000 | ---D | M] JAM Software -> C:\Arquivos de Programas\JAM Software -> [2009/08/23 21:28:17 | 000,000,000 | ---D | M] Malwarebytes' Anti-Malware -> C:\Arquivos de Programas\Malwarebytes' Anti-Malware -> [2010/02/02 09:01:23 | 000,000,000 | ---D | M] McAfee -> C:\Arquivos de Programas\McAfee -> [2010/02/02 11:49:23 | 000,000,000 | ---D | M] Microsoft Games -> C:\Arquivos de Programas\Microsoft Games -> [2009/08/30 21:47:11 | 000,000,000 | ---D | M] Microsoft Office -> C:\Arquivos de Programas\Microsoft Office -> [2009/08/23 21:28:53 | 000,000,000 | ---D | M] Microsoft.NET -> C:\Arquivos de Programas\Microsoft.NET -> [2009/08/23 21:28:56 | 000,000,000 | ---D | M] PCPitstop -> C:\Arquivos de Programas\PCPitstop -> [2010/01/27 18:58:31 | 000,000,000 | ---D | M] Safer Networking -> C:\Arquivos de Programas\Safer Networking -> [2009/09/16 14:32:41 | 000,000,000 | ---D | M] Sophos -> C:\Arquivos de Programas\Sophos -> [2010/01/27 12:53:35 | 000,000,000 | ---D | M] Spybot - Search & Destroy -> C:\Arquivos de Programas\Spybot - Search & Destroy -> [2010/01/22 11:13:24 | 000,000,000 | ---D | M] Trend Micro -> C:\Arquivos de Programas\Trend Micro -> [2010/01/11 19:48:01 | 000,000,000 | ---D | M] Uninstall Information -> C:\Arquivos de Programas\Uninstall Information -> [2009/07/14 02:53:23 | 000,000,000 | -H-D | M] WhatColor -> C:\Arquivos de Programas\WhatColor -> [2009/08/26 12:30:51 | 000,000,000 | ---D | M] Windows Calendar -> C:\Arquivos de Programas\Windows Calendar -> [2009/08/23 21:28:56 | 000,000,000 | ---D | M] Windows Defender -> C:\Arquivos de Programas\Windows Defender -> [2009/07/14 06:31:03 | 000,000,000 | ---D | M] Windows Mail -> C:\Arquivos de Programas\Windows Mail -> [2009/07/14 06:31:03 | 000,000,000 | ---D | M] Windows Media Player -> C:\Arquivos de Programas\Windows Media Player -> [2009/07/14 06:31:03 | 000,000,000 | ---D | M] Windows NT -> C:\Arquivos de Programas\Windows NT -> [2009/08/23 21:43:17 | 000,000,000 | ---D | M] Windows Photo Gallery -> C:\Arquivos de Programas\Windows Photo Gallery -> [2009/08/23 21:28:56 | 000,000,000 | ---D | M] Windows Photo Viewer -> C:\Arquivos de Programas\Windows Photo Viewer -> [2009/07/14 06:31:03 | 000,000,000 | ---D | M] Windows Portable Devices -> C:\Arquivos de Programas\Windows Portable Devices -> [2009/07/14 02:52:32 | 000,000,000 | ---D | M] Windows Sidebar -> C:\Arquivos de Programas\Windows Sidebar -> [2009/07/14 06:31:03 | 000,000,000 | ---D | M] < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\BootVerificationProgram /s > Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\BootVerificationProgram\ not found. -> -> < HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AeDebug /s > HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AeDebug \\"UserDebuggerHotKey" -> [0] -> File not found HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AeDebug\AutoExclusionList \AutoExclusionList\\"DWM.exe" -> [1] -> File not found < End of report > [/code]