Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Rundll winqwk32.rom - The specified module could not be found

Started by mgrisoli , Nov 14 2010 07:55 AM

  • Please log in to reply

#1
mgrisoli
Posted 14 November 2010 - 07:55 AM

mgrisoli

    New Member

  • Member
  • Pip
  • 1 posts
Hello forum!

I'm getting a RunDLL error on the startup, it says there is a problem on initiating winqwk32.rom: the specifid module could not be found.
In Portuguese it is: RunDLL, Houve um problema na inicialização do winqwk32.rom: Não foi possível encontrar o módulo especificado.
I'm running Windows 7 64 bits and I'm not sure if my translation of the message to English is accurate.

The .rom part of the filename is what scares me the most, and the "32" maybe the trojan is stupid and can't realize this is a 64bits system and that won't work.
Perhaps I'm not even infected and my Windows is just missing a part. I can't find any useful reference to this file on the net and I hope you guys can help.

Any tips?

Thanks
Marcelo


Here is my OTL report (Extras.txt attached) :
OTL logfile created on: 14/11/2010 11:40:03 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Marcelo\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

8,00 Gb Total Physical Memory | 5,00 Gb Available Physical Memory | 65,00% Memory free
14,00 Gb Paging File | 11,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): c:\pagefile.sys 6000 6000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74,52 Gb Total Space | 37,80 Gb Free Space | 50,72% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 98,84 Gb Free Space | 21,22% Space Free | Partition Type: NTFS
Drive E: | 97,65 Gb Total Space | 67,51 Gb Free Space | 69,14% Space Free | Partition Type: NTFS
Drive F: | 11,72 Gb Total Space | 9,39 Gb Free Space | 80,09% Space Free | Partition Type: NTFS
Drive G: | 356,38 Gb Total Space | 77,33 Gb Free Space | 21,70% Space Free | Partition Type: NTFS
Drive I: | 872,72 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive J: | 74,55 Gb Total Space | 37,36 Gb Free Space | 50,12% Space Free | Partition Type: NTFS

Computer Name: MARCELO-PC | User Name: Marcelo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/14 11:39:22 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Marcelo\Desktop\OTL.exe
PRC - [2010/11/07 11:53:49 | 000,233,936 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
PRC - [2010/09/26 14:46:32 | 000,328,056 | ---- | M] (BitTorrent, Inc.) -- E:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2010/09/21 03:42:38 | 000,064,048 | ---- | M] (VMware, Inc.) -- E:\Program Files (x86)\VMWarePlayer\hqtray.exe
PRC - [2010/09/21 03:42:06 | 000,113,200 | ---- | M] (VMware, Inc.) -- E:\Program Files (x86)\VMWarePlayer\vmware-authd.exe
PRC - [2010/09/21 02:42:44 | 000,539,184 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2010/04/16 14:19:28 | 000,103,800 | ---- | M] (Dynamic Network Services, Inc.) -- C:\Program Files (x86)\DynDNS Updater\DynUpSvc.exe
PRC - [2010/04/15 17:32:14 | 000,091,504 | ---- | M] (Dynamic Network Services, Inc.) -- C:\Program Files (x86)\DynDNS Updater\DynTray.exe
PRC - [2010/04/01 07:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- E:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010/03/30 09:29:14 | 001,676,128 | ---- | M] (Microsoft Corporation) -- E:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE
PRC - [2010/03/29 21:26:00 | 000,227,712 | ---- | M] (Microsoft Corporation) -- E:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2010/03/23 11:57:48 | 015,889,248 | ---- | M] (Microsoft Corporation) -- E:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
PRC - [2010/02/25 22:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
PRC - [2009/09/04 14:16:16 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe


========== Modules (SafeList) ==========

MOD - [2010/11/14 11:39:22 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Marcelo\Desktop\OTL.exe
MOD - [2010/08/21 03:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Windows\SysNative\vmnat.exe -- (VMware NAT Service)
SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Windows\SysNative\vmnetdhcp.exe -- (VMnetDHCP)
SRV:64bit: - [2010/05/20 16:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2009/07/13 23:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 23:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/21 03:42:06 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- E:\Program Files (x86)\VMWarePlayer\vmware-authd.exe -- (VMAuthdService)
SRV - [2010/09/21 03:41:38 | 000,334,384 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010/09/21 03:41:34 | 000,404,016 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2010/09/21 02:42:44 | 000,539,184 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010/08/20 18:08:46 | 000,036,352 | ---- | M] () [Disabled | Stopped] -- e:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2010/08/19 14:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- E:\Program Files (x86)\VMWarePlayer\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010/04/16 14:19:28 | 000,103,800 | ---- | M] (Dynamic Network Services, Inc.) [Auto | Running] -- C:\Program Files (x86)\DynDNS Updater\DynUpSvc.exe -- (DynDNS Updater)
SRV - [2010/04/01 11:39:54 | 000,069,632 | ---- | M] (Oracle Corporation) [Disabled | Stopped] -- e:\app\Marcelo\product\11.2.0\client_1\bin\omtsreco.exe -- (OracleMTSRecoveryService)
SRV - [2010/03/25 11:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- E:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/03/22 10:17:24 | 000,276,584 | ---- | M] (NVIDIA) [Auto | Running] -- E:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2010/02/25 22:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe -- (N360)
SRV - [2009/11/06 14:24:54 | 000,282,728 | ---- | M] (NVIDIA) [Auto | Running] -- E:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2009/08/10 17:01:06 | 000,206,880 | ---- | M] () [Auto | Running] -- E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2009/08/10 17:01:04 | 000,626,208 | ---- | M] () [Auto | Running] -- E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2009/07/24 20:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/06/10 19:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/10/15 18:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) [Disabled | Stopped] -- C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2006/02/02 01:51:06 | 000,045,056 | ---- | M] () [Disabled | Stopped] -- E:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe -- (OracleXEClrAgent)
SRV - [2006/02/02 01:49:14 | 000,204,800 | ---- | M] () [Disabled | Stopped] -- E:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE -- (OracleXETNSListener)
SRV - [2006/02/02 01:44:06 | 000,102,400 | ---- | M] () [Disabled | Stopped] -- e:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe -- (OracleJobSchedulerXE)
SRV - [2006/02/02 01:43:44 | 059,064,320 | ---- | M] (Oracle Corporation) [Disabled | Stopped] -- e:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE -- (OracleServiceXE)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\N360x64\0308000.029\SYMNDISV.SYS -- (SYMNDISV)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\N360x64\0308000.029\SYMFW.SYS -- (SYMFW)
DRV:64bit: - [2010/10/08 22:50:03 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/10/08 22:50:02 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010/09/21 03:43:06 | 000,068,656 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2010/09/21 03:43:00 | 000,080,944 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2010/09/21 03:41:08 | 000,031,792 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2010/09/21 03:40:56 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2010/09/21 02:42:38 | 000,038,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2010/09/21 00:18:14 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2010/09/21 00:18:14 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2010/09/21 00:18:14 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2010/08/20 18:08:46 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2010/08/07 02:55:33 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/07/21 18:02:00 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/07/21 18:02:00 | 000,023,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2010/07/07 19:18:58 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2010/06/06 15:58:20 | 000,294,248 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\VMM.sys -- (vmm)
DRV:64bit: - [2010/06/06 14:09:40 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/05/20 16:26:28 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2010/05/06 02:01:59 | 000,451,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symtdiv.sys -- (SYMTDIv)
DRV:64bit: - [2010/05/06 02:01:44 | 000,053,808 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2010/04/29 03:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/04/22 01:02:20 | 000,221,232 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symefa64.sys -- (SymEFA)
DRV:64bit: - [2010/04/22 00:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/04/22 00:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/02/25 22:22:52 | 000,615,040 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\cchpx64.sys -- (ccHP)
DRV:64bit: - [2010/02/03 23:40:47 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symds64.sys -- (SymDS)
DRV:64bit: - [2009/11/11 16:47:18 | 000,348,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/09/22 23:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009/09/22 23:46:17 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009/09/22 23:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009/09/22 23:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009/09/15 15:59:30 | 000,042,088 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvoclk64.sys -- (nvoclk64)
DRV:64bit: - [2009/07/13 23:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 23:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 23:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 23:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 23:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 23:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 22:09:10 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\loop.sys -- (msloop)
DRV:64bit: - [2009/06/10 18:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 18:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 18:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 18:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 18:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 18:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/02 15:12:18 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV:64bit: - [2009/03/02 15:12:14 | 000,053,816 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\DGIVECP.SYS -- (DgiVecp)
DRV:64bit: - [2008/11/07 15:23:30 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2008/04/17 14:12:54 | 000,019,304 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/02/05 02:50:42 | 000,079,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV:64bit: - [2007/08/30 06:03:04 | 000,096,048 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV - [2010/11/03 22:07:05 | 000,953,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20101104.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2010/10/19 18:36:20 | 000,476,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20101112.001\IDSviA64.sys -- (IDSVia64)
DRV - [2010/09/28 22:02:22 | 001,804,336 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20101113.003\EX64.SYS -- (NAVEX15)
DRV - [2010/09/28 22:02:22 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20101113.003\ENG64.SYS -- (NAVENG)
DRV - [2010/08/19 14:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- E:\Program Files (x86)\VMWarePlayer\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2010/06/05 04:21:44 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/06/05 04:21:44 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/09/01 18:51:32 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/06/06 13:16:08] [Kernel | Auto | Running] -- e:\Program Files (x86)\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B})
DRV - [2007/09/25 12:59:52 | 000,018,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- E:\Program Files\MediaCoder iPod Edition x64\SysInfoX64.sys -- (CrystalSysInfo)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 47 F3 31 E5 04 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn\ [2010/08/07 13:00:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn\ [2010/08/07 02:57:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: e:\Program Files (x86)\Mozilla Firefox\components [2010/07/04 21:10:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: e:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/08 22:41:56 | 000,000,000 | ---D | M]

[2010/08/18 13:32:04 | 000,000,000 | ---D | M] -- C:\Users\Marcelo\AppData\Roaming\mozilla\Extensions
[2010/07/04 15:47:25 | 000,000,000 | ---D | M] -- C:\Users\Marcelo\AppData\Roaming\mozilla\Extensions\MediaCoder
[2010/07/04 15:46:51 | 000,000,000 | ---D | M] -- C:\Users\Marcelo\AppData\Roaming\mozilla\Extensions\MediaCoder-MCEX
[2010/07/04 15:39:15 | 000,000,000 | ---D | M] -- C:\Users\Marcelo\AppData\Roaming\mozilla\Extensions\MediaCoder-Setup-Wizard
[2010/08/18 13:32:04 | 000,000,000 | ---D | M] -- C:\Users\Marcelo\AppData\Roaming\mozilla\Extensions\Transmedia
[2010/09/06 19:46:56 | 000,000,000 | ---D | M] -- C:\Users\Marcelo\AppData\Roaming\mozilla\Firefox\Profiles\hx4c2ctr.default\extensions

O1 HOSTS File: ([2009/06/10 19:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [BCSSync] E:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LanguageShortcut] e:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [VMware hqtray] E:\Program Files (x86)\VMWarePlayer\hqtray.exe (VMware, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] E:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [uTorrent] E:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = E:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &Enviar para o OneNote - E:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: E&xportar para o Microsoft Excel - E:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: &Enviar para o OneNote - E:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xportar para o Microsoft Excel - E:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000018 - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000019 - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000020 - E:\Program Files (x86)\VMWarePlayer\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000021 - E:\Program Files (x86)\VMWarePlayer\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - E:\Program Files (x86)\VMWarePlayer\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - E:\Program Files (x86)\VMWarePlayer\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: dell.com ([ausctrxw03.aus.amer] https in Sites confiáveis)
O15 - HKCU\..Trusted Domains: dell.com ([outside.us] https in Sites confiáveis)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds...ransferCtrl.cab (DLC Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/14 11:39:17 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Marcelo\Desktop\OTL.exe
[2010/11/14 11:29:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/11/12 11:35:00 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\SysWow64\lameACM.acm
[2010/11/12 11:35:00 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll
[2010/11/12 11:35:00 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\SysWow64\ac3acm.acm
[2010/11/12 11:34:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2010/11/12 11:18:57 | 000,000,000 | ---D | C] -- C:\ProgramData\XoftSpySE
[2010/11/09 01:39:07 | 000,000,000 | ---D | C] -- C:\Users\Marcelo\AppData\Roaming\DivX
[2010/11/09 01:25:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SopCast
[2010/11/09 01:25:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Orban
[2010/11/09 01:24:34 | 013,956,954 | ---- | C] (www.megacubo.net ) -- C:\Users\Marcelo\Desktop\Megacubo_7.6.0.exe
[2010/11/06 10:24:45 | 000,000,000 | ---D | C] -- C:\Users\Marcelo\Documents\Rulers Of Nations
[2010/11/06 02:01:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Thraex Software
[2010/11/05 01:06:01 | 000,000,000 | ---D | C] -- C:\Users\Marcelo\AppData\Roaming\Leadertech
[2010/11/05 00:16:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\directx
[2010/10/30 17:36:02 | 000,475,136 | ---- | C] (Written by Tom/Gaytorrent.ru © 2006 - 2007) -- C:\Users\Marcelo\Desktop\qtm.exe
[2010/10/27 11:18:27 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010/10/27 11:18:27 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010/10/27 11:18:27 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010/10/27 11:18:27 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010/10/27 11:18:27 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010/10/27 11:18:27 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010/10/27 11:18:27 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010/10/27 11:18:02 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2010/10/26 12:15:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenVPN
[2010/10/24 19:34:07 | 000,000,000 | --SD | C] -- C:\Users\Marcelo\Documents\My Shapes
[2010/10/24 14:23:39 | 000,000,000 | ---D | C] -- C:\Users\Marcelo\.freemind
[2010/10/17 00:18:18 | 000,000,000 | ---D | C] -- C:\Users\Marcelo\Oracle
[2010/10/17 00:13:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2010/10/17 00:10:36 | 000,000,000 | ---D | C] -- C:\Users\Marcelo\Desktop\ODTwithODAC112012
[2010/06/06 13:30:43 | 000,061,440 | ---- | C] ( ) -- C:\Windows\SysWow64\csnpstd2.dll
[2010/06/06 13:30:42 | 000,098,304 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnpstd2.dll
[2010/06/06 13:30:42 | 000,036,864 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnpstd2.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/14 11:39:22 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Marcelo\Desktop\OTL.exe
[2010/11/14 11:29:04 | 000,002,985 | ---- | M] () -- C:\Users\Marcelo\Desktop\HiJackThis.lnk
[2010/11/14 11:20:01 | 001,402,880 | ---- | M] () -- C:\Users\Marcelo\Desktop\HiJackThis.msi
[2010/11/14 11:15:54 | 000,475,418 | ---- | M] () -- C:\Users\Marcelo\Desktop\Silent Runners.vbs
[2010/11/14 11:10:34 | 000,000,947 | ---- | M] () -- C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2010/11/14 11:06:17 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/14 10:57:03 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/14 10:45:18 | 000,015,056 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/14 10:45:18 | 000,015,056 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/14 10:42:23 | 001,506,242 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/14 10:42:23 | 000,660,246 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2010/11/14 10:42:23 | 000,612,966 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/14 10:42:23 | 000,127,968 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2010/11/14 10:42:23 | 000,106,614 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/14 10:38:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/14 10:38:08 | 2146,332,671 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/11 11:22:52 | 001,169,908 | ---- | M] () -- C:\Users\Marcelo\Desktop\Agnela_S_G.pdf
[2010/11/11 10:56:32 | 000,121,121 | ---- | M] () -- C:\Users\Marcelo\Desktop\VYGOSTSKY E AS TEORIAS DE APRENDIZAGEM.pdf
[2010/11/10 17:26:23 | 000,004,096 | ---- | M] () -- C:\Windows\d3dx.dat
[2010/11/10 14:38:28 | 000,385,072 | ---- | M] () -- C:\Users\Marcelo\Desktop\Interfaces_Diretrizes.pdf
[2010/11/09 01:24:41 | 013,956,954 | ---- | M] (www.megacubo.net ) -- C:\Users\Marcelo\Desktop\Megacubo_7.6.0.exe
[2010/11/06 10:45:43 | 000,750,317 | ---- | M] () -- C:\Windows\RON 2010 ENGLISH DL Uninstaller.exe
[2010/11/06 02:04:44 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\Rulers Of Nations.lnk
[2010/11/06 00:56:37 | 000,107,464 | ---- | M] () -- C:\Users\Marcelo\Desktop\rULERS OF nATIONS.xps
[2010/11/06 00:09:25 | 000,060,310 | ---- | M] () -- C:\Users\Marcelo\Desktop\vorbis.zip
[2010/11/06 00:07:28 | 000,155,790 | ---- | M] () -- C:\Users\Marcelo\Desktop\msvcr70.zip
[2010/11/06 00:02:40 | 000,023,369 | ---- | M] () -- C:\Users\Marcelo\Desktop\ogg.zip
[2010/11/01 20:39:51 | 000,260,762 | ---- | M] () -- C:\Users\Marcelo\Desktop\Simulação Caixa.xps
[2010/11/01 20:33:27 | 000,188,425 | ---- | M] () -- C:\Users\Marcelo\Desktop\Simulação HSBC.xps
[2010/10/30 23:13:53 | 001,056,747 | ---- | M] () -- C:\Users\Marcelo\Desktop\AZBox_S720B_USB_v211L39C_2k101025.zip
[2010/10/30 17:39:58 | 000,233,464 | ---- | M] () -- C:\Users\Marcelo\Desktop\StarTrek.png
[2010/10/30 17:37:18 | 000,001,273 | ---- | M] () -- C:\Users\Marcelo\Desktop\QuickTorrentMaker.exe - Atalho.lnk
[2010/10/30 17:36:11 | 000,475,136 | ---- | M] (Written by Tom/Gaytorrent.ru © 2006 - 2007) -- C:\Users\Marcelo\Desktop\qtm.exe
[2010/10/26 12:48:16 | 000,003,536 | ---- | M] () -- C:\Users\Marcelo\Desktop\marcelo.crt
[2010/10/26 12:48:03 | 000,000,891 | ---- | M] () -- C:\Users\Marcelo\Desktop\marcelo.key
[2010/10/26 12:48:03 | 000,000,684 | ---- | M] () -- C:\Users\Marcelo\Desktop\marcelo.csr
[2010/10/26 12:19:09 | 000,000,824 | ---- | M] () -- C:\Users\Marcelo\Desktop\OpenVPN GUI.lnk
[2010/10/25 08:45:02 | 000,435,376 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/10/24 19:04:30 | 000,000,028 | ---- | M] () -- C:\Windows\ODBC.INI
[2010/10/24 14:23:32 | 000,000,820 | ---- | M] () -- C:\Users\Marcelo\Desktop\FreeMind.lnk
[2010/10/24 12:14:34 | 000,698,034 | ---- | M] () -- C:\Users\Marcelo\Desktop\vix110_vmrun_command.pdf
[2010/10/24 12:14:01 | 000,353,213 | ---- | M] () -- C:\Users\Marcelo\Desktop\vmware_player310.pdf
[2010/10/23 13:41:03 | 000,016,297 | ---- | M] () -- C:\Users\Marcelo\Desktop\pink.floyd.the.wall.(1982).eng.1cd.(3176450).zip
[2010/10/23 12:45:28 | 000,166,870 | ---- | M] () -- C:\Users\Marcelo\Desktop\flac-1.2.1b.exe
[2010/10/23 12:42:59 | 001,268,209 | ---- | M] () -- C:\Users\Marcelo\Desktop\flac-1.2.1-win.zip
[2010/10/21 22:37:53 | 001,087,160 | ---- | M] () -- C:\Users\Marcelo\Desktop\grupo-do-trabalho-de-desenvolvimento-de-sistemas-files.zip
[2010/10/20 00:11:24 | 003,353,096 | ---- | M] () -- C:\Users\Marcelo\Desktop\Marcelo_barra_-_cora_coralina.mp3
[2010/10/18 06:00:00 | 000,108,032 | ---- | M] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/10/18 06:00:00 | 000,000,038 | ---- | M] () -- C:\Windows\avisplitter.ini
[2010/10/17 22:13:41 | 000,000,080 | ---- | M] () -- C:\Users\Marcelo\Desktop\Config.ovpn
[2010/10/17 22:08:23 | 000,000,657 | ---- | M] () -- C:\Users\Marcelo\Desktop\static.key
[2010/10/17 21:58:25 | 001,709,880 | ---- | M] () -- C:\Users\Marcelo\Desktop\openvpn-2.1.3-install.exe
[2010/10/17 21:45:08 | 000,002,002 | -H-- | M] () -- C:\Users\Marcelo\Documents\Default.rdp
[2010/10/17 20:19:48 | 000,405,504 | ---- | M] () -- C:\Users\Marcelo\Desktop\alexrd_SBES04.ppt
[2010/10/17 00:18:25 | 001,521,952 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/10/16 13:50:02 | 001,056,555 | ---- | M] () -- C:\Users\Marcelo\Desktop\AZBox_S720B_USB_v211L39_2k100925.zip
[2010/10/16 13:48:38 | 001,058,954 | ---- | M] () -- C:\Users\Marcelo\Desktop\AZBox_S720B_USB_v211L36.zip
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/14 11:29:04 | 000,002,985 | ---- | C] () -- C:\Users\Marcelo\Desktop\HiJackThis.lnk
[2010/11/14 11:19:57 | 001,402,880 | ---- | C] () -- C:\Users\Marcelo\Desktop\HiJackThis.msi
[2010/11/14 11:15:51 | 000,475,418 | ---- | C] () -- C:\Users\Marcelo\Desktop\Silent Runners.vbs
[2010/11/12 11:35:01 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/11/12 11:35:00 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/11/12 11:35:00 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/11/12 11:35:00 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/11/12 11:35:00 | 000,000,414 | ---- | C] () -- C:\Windows\SysWow64\lame_acm.xml
[2010/11/11 11:22:48 | 001,169,908 | ---- | C] () -- C:\Users\Marcelo\Desktop\Agnela_S_G.pdf
[2010/11/11 10:56:30 | 000,121,121 | ---- | C] () -- C:\Users\Marcelo\Desktop\VYGOSTSKY E AS TEORIAS DE APRENDIZAGEM.pdf
[2010/11/10 17:26:23 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/11/10 14:38:28 | 000,385,072 | ---- | C] () -- C:\Users\Marcelo\Desktop\Interfaces_Diretrizes.pdf
[2010/11/06 02:04:44 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\Rulers Of Nations.lnk
[2010/11/06 02:04:43 | 000,750,317 | ---- | C] () -- C:\Windows\RON 2010 ENGLISH DL Uninstaller.exe
[2010/11/06 00:56:36 | 000,107,464 | ---- | C] () -- C:\Users\Marcelo\Desktop\rULERS OF nATIONS.xps
[2010/11/06 00:09:22 | 000,060,310 | ---- | C] () -- C:\Users\Marcelo\Desktop\vorbis.zip
[2010/11/06 00:07:24 | 000,155,790 | ---- | C] () -- C:\Users\Marcelo\Desktop\msvcr70.zip
[2010/11/06 00:02:36 | 000,023,369 | ---- | C] () -- C:\Users\Marcelo\Desktop\ogg.zip
[2010/11/01 20:39:50 | 000,260,762 | ---- | C] () -- C:\Users\Marcelo\Desktop\Simulação Caixa.xps
[2010/11/01 20:33:27 | 000,188,425 | ---- | C] () -- C:\Users\Marcelo\Desktop\Simulação HSBC.xps
[2010/10/30 23:13:53 | 001,056,747 | ---- | C] () -- C:\Users\Marcelo\Desktop\AZBox_S720B_USB_v211L39C_2k101025.zip
[2010/10/30 17:39:58 | 000,233,464 | ---- | C] () -- C:\Users\Marcelo\Desktop\StarTrek.png
[2010/10/30 17:37:18 | 000,001,273 | ---- | C] () -- C:\Users\Marcelo\Desktop\QuickTorrentMaker.exe - Atalho.lnk
[2010/10/26 12:49:12 | 000,003,536 | ---- | C] () -- C:\Users\Marcelo\Desktop\marcelo.crt
[2010/10/26 12:49:12 | 000,000,891 | ---- | C] () -- C:\Users\Marcelo\Desktop\marcelo.key
[2010/10/26 12:49:12 | 000,000,684 | ---- | C] () -- C:\Users\Marcelo\Desktop\marcelo.csr
[2010/10/26 12:19:09 | 000,000,824 | ---- | C] () -- C:\Users\Marcelo\Desktop\OpenVPN GUI.lnk
[2010/10/24 14:23:32 | 000,000,820 | ---- | C] () -- C:\Users\Marcelo\Desktop\FreeMind.lnk
[2010/10/24 12:14:31 | 000,698,034 | ---- | C] () -- C:\Users\Marcelo\Desktop\vix110_vmrun_command.pdf
[2010/10/24 12:14:00 | 000,353,213 | ---- | C] () -- C:\Users\Marcelo\Desktop\vmware_player310.pdf
[2010/10/23 13:41:03 | 000,016,297 | ---- | C] () -- C:\Users\Marcelo\Desktop\pink.floyd.the.wall.(1982).eng.1cd.(3176450).zip
[2010/10/23 12:45:27 | 000,166,870 | ---- | C] () -- C:\Users\Marcelo\Desktop\flac-1.2.1b.exe
[2010/10/23 12:42:57 | 001,268,209 | ---- | C] () -- C:\Users\Marcelo\Desktop\flac-1.2.1-win.zip
[2010/10/21 22:37:45 | 001,087,160 | ---- | C] () -- C:\Users\Marcelo\Desktop\grupo-do-trabalho-de-desenvolvimento-de-sistemas-files.zip
[2010/10/20 00:08:32 | 003,353,096 | ---- | C] () -- C:\Users\Marcelo\Desktop\Marcelo_barra_-_cora_coralina.mp3
[2010/10/17 22:12:52 | 000,000,080 | ---- | C] () -- C:\Users\Marcelo\Desktop\Config.ovpn
[2010/10/17 22:11:13 | 000,000,657 | ---- | C] () -- C:\Users\Marcelo\Desktop\static.key
[2010/10/17 21:58:15 | 001,709,880 | ---- | C] () -- C:\Users\Marcelo\Desktop\openvpn-2.1.3-install.exe
[2010/10/17 20:19:41 | 000,405,504 | ---- | C] () -- C:\Users\Marcelo\Desktop\alexrd_SBES04.ppt
[2010/10/16 13:50:16 | 001,181,280 | ---- | C] () -- C:\Users\Marcelo\Desktop\AZBox_S720B_USB_v211L39_2k100925.img
[2010/10/16 13:50:02 | 001,056,555 | ---- | C] () -- C:\Users\Marcelo\Desktop\AZBox_S720B_USB_v211L39_2k100925.zip
[2010/10/16 13:48:34 | 001,058,954 | ---- | C] () -- C:\Users\Marcelo\Desktop\AZBox_S720B_USB_v211L36.zip
[2010/09/14 00:38:46 | 001,521,952 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/04 19:08:51 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/09/04 19:08:51 | 000,000,088 | RHS- | C] () -- C:\ProgramData\F48E45C6F2.sys
[2010/08/14 01:12:21 | 000,007,605 | ---- | C] () -- C:\Users\Marcelo\AppData\Local\resmon.resmoncfg
[2010/08/14 00:14:19 | 000,000,075 | ---- | C] () -- C:\ProgramData\nvUnsupRes.dat
[2010/06/28 23:28:32 | 000,007,207 | ---- | C] () -- C:\Windows\Disktool.INI
[2010/06/28 23:28:32 | 000,006,565 | ---- | C] () -- C:\Windows\fwupgrade.ini
[2010/06/28 23:28:32 | 000,005,826 | ---- | C] () -- C:\Windows\GenAmvTool.INI
[2010/06/28 23:28:32 | 000,003,677 | ---- | C] () -- C:\Windows\SoundCon.INI
[2010/06/24 12:22:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/06/06 15:09:56 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/06/06 13:30:42 | 000,392,448 | ---- | C] () -- C:\Windows\SysWow64\drivers\snpstd2.sys
[2010/06/06 13:30:42 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\dsnpstd2.dll
[2010/06/06 13:30:42 | 000,015,541 | ---- | C] () -- C:\Windows\snpstd2.ini
[2010/06/06 13:13:24 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/07/13 21:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 19:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:7EBCAF87
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:8CE646EE

< End of report >

Attached Files


  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP