Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Possible infection causing BsoD and Crash [Solved]

Started by Mordomo , Dec 13 2011 07:06 PM

  • This topic is locked This topic is locked

#1
Mordomo
Posted 13 December 2011 - 07:06 PM

Mordomo

    Member

  • Member
  • PipPip
  • 47 posts
Hello I am from forum "Operating Systems> Windows Vista and Windows 7" http://www.geekstogo...s/page__st__60.

I did scan with Avast, Spybot and Malwarebytes Anti-Malware and found no virus. On my computer I only have avast installed, i only have installed that anti virus to see if i have any virus.


OTL logfile created on: 13-12-2011 23:38:16 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ricardo\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000816 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy

4,00 Gb Total Physical Memory | 2,67 Gb Available Physical Memory | 66,69% Memory free
8,00 Gb Paging File | 6,30 Gb Available in Paging File | 78,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 49,29 Gb Free Space | 50,48% Space Free | Partition Type: NTFS
Drive D: | 1862,89 Gb Total Space | 1226,44 Gb Free Space | 65,84% Space Free | Partition Type: NTFS
Drive E: | 200,43 Gb Total Space | 28,82 Gb Free Space | 14,38% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 147,64 Gb Free Space | 15,85% Space Free | Partition Type: NTFS

Computer Name: RICARDO-PC | User Name: Ricardo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-12-13 23:37:41 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ricardo\Desktop\OTL.exe
PRC - [2011-11-28 18:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programas\AVAST Software\Avast\AvastSvc.exe
PRC - [2011-11-15 16:29:42 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011-11-07 08:26:14 | 000,025,472 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
PRC - [2011-10-15 08:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011-10-15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011-10-14 13:49:38 | 000,745,832 | ---- | M] (Tunngle.net GmbH) -- D:\Program Files (x86)\Tunngle\TnglCtrl.exe
PRC - [2011-06-06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009-08-19 11:56:38 | 000,090,112 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
PRC - [2009-08-04 17:31:56 | 000,219,360 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009-08-04 17:31:54 | 000,346,320 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009-07-17 15:25:02 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) -- C:\ASUS.SYS\config\DVMExportService.exe


========== Modules (No Company Name) ==========

MOD - [2011-11-18 23:17:15 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011-11-15 16:29:42 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011-10-15 00:54:26 | 000,265,536 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011-03-17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2009-06-27 10:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011-11-28 18:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011-09-07 09:54:44 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV - [2011-12-08 01:52:14 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011-10-15 08:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011-10-15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011-10-14 13:49:38 | 000,745,832 | ---- | M] (Tunngle.net GmbH) [Auto | Running] -- D:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2011-08-15 16:18:12 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011-06-06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-08-19 11:56:38 | 000,090,112 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2009-08-04 17:31:56 | 000,219,360 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009-07-17 15:25:02 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2009-06-10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011-11-28 17:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011-11-28 17:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011-11-28 17:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011-11-28 17:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011-11-28 17:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011-11-28 17:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011-09-29 17:30:34 | 000,646,248 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011-09-16 19:00:32 | 000,106,496 | ---- | M] (SteelSeries Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SteelBus64.sys -- (busenum)
DRV:64bit: - [2011-09-16 19:00:28 | 000,034,944 | ---- | M] (SteelSeries Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SAlpham64.sys -- (SAlphamHid)
DRV:64bit: - [2011-09-07 09:54:38 | 002,173,552 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2011-07-07 23:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011-05-13 14:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011-03-11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010-11-21 03:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-21 03:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-21 03:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009-07-18 05:18:48 | 000,109,480 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009-07-16 03:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009-07-14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-03-18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008-02-13 08:20:16 | 000,017,920 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Amusbx64.sys -- (Amusbprt)
DRV:64bit: - [2007-10-15 03:37:22 | 000,012,288 | ---- | M] ((Standard mouse types)) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Amfltx64.sys -- (Amfilter)
DRV - [2010-03-17 23:34:36 | 000,068,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys -- (VSPerfDrv100)
DRV - [2009-07-14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {e0301295-ab3e-4af3-979f-3d453c5f9f48} - C:\Program Files (x86)\uTorrentBar_PT\prxtbuTor.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://pt.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-PT
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 42 BF E9 85 B7 B9 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\..\URLSearchHook: {e0301295-ab3e-4af3-979f-3d453c5f9f48} - C:\Program Files (x86)\uTorrentBar_PT\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.sapo.pt"
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ricardo\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ricardo\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-12-13 03:46:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011-12-13 03:47:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011-10-21 09:47:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ricardo\AppData\Roaming\mozilla\Extensions
[2011-10-23 01:46:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ricardo\AppData\Roaming\mozilla\Firefox\Profiles\mv6srx3w.default\extensions
[2011-12-13 03:47:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011-12-13 03:47:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011-11-15 16:29:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011-09-29 00:58:08 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011-09-29 00:58:08 | 000,001,529 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\priberam.xml
[2011-09-29 00:58:08 | 000,002,071 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\sapo.xml
[2011-09-29 00:58:08 | 000,000,942 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-ptpt.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ricardo\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ricardo\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ricardo\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.3\npesnsonar.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Ricardo\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: avast! WebRep = C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\
CHR - Extension: Dropdown List of Most Visited Links = C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\logbmehmiacemkimbpcbjgaikobdndah\0.5_0\

O1 HOSTS File: ([2009-06-10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programas\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programas\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programas\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programas\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - D:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O2 - BHO: (uTorrentBar_PT Toolbar) - {e0301295-ab3e-4af3-979f-3d453c5f9f48} - C:\Program Files (x86)\uTorrentBar_PT\prxtbuTor.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programas\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programas\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (uTorrentBar_PT Toolbar) - {e0301295-ab3e-4af3-979f-3d453c5f9f48} - C:\Program Files (x86)\uTorrentBar_PT\prxtbuTor.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar_PT Toolbar) - {E0301295-AB3E-4AF3-979F-3D453C5F9F48} - C:\Program Files (x86)\uTorrentBar_PT\prxtbuTor.dll (Conduit Ltd.)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&nviar para o OneNote - C:\Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: E&xportar para o Microsoft Excel - C:\Programas\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&nviar para o OneNote - C:\Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Programas\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : E&nviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: &Notas Ligadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : &Notas Ligadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{484BA91E-2642-4336-A939-85E7DF6B955E}: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89609ADE-7A54-4CAD-9DDC-A3B80D887932}: DhcpNameServer = 7.254.254.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programas\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programas\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programas\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2094-11-23 21:22:17 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{13D1C12F-B996-4D2E-9A33-36235ACB6ACC}
[2094-11-23 21:22:05 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{FB9884F0-330A-4D45-A7D6-4283FC82E437}
[2011-12-13 23:37:36 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Ricardo\Desktop\OTL.exe
[2011-12-13 22:04:31 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\Desktop\Autoruns
[2011-12-13 16:36:05 | 000,000,000 | ---D | C] -- C:\Program Files\ASUS
[2011-12-13 16:27:01 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\DeviceVM
[2011-12-13 15:35:50 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011-12-13 15:24:31 | 000,000,000 | -H-D | C] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2011-12-13 15:24:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2011-12-13 15:24:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2011-12-13 15:15:21 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Roaming\Uniblue
[2011-12-13 15:13:40 | 000,000,000 | ---D | C] -- C:\918c5c1a3f68e8b2b658
[2011-12-13 15:05:24 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2011-12-13 04:52:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2011-12-13 04:50:22 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011-12-13 04:50:22 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011-12-13 04:20:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011-12-13 04:17:01 | 000,000,000 | -HSD | C] -- C:\Program Files\Common Files\Sistema
[2011-12-13 04:17:01 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Os meus vídeos
[2011-12-13 04:17:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Modelos
[2011-12-13 04:17:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Menu Iniciar
[2011-12-13 04:17:01 | 000,000,000 | -HSD | C] -- C:\Program Files\Ficheiros comuns
[2011-12-13 04:17:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoritos
[2011-12-13 04:17:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Documentos
[2011-12-13 04:17:01 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\As minhas imagens
[2011-12-13 04:17:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Ambiente de trabalho
[2011-12-13 04:17:01 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\A minha música
[2011-12-13 03:44:26 | 000,000,000 | --SD | C] -- C:\Users\Ricardo\AppData\Roaming\Microsoft
[2011-12-13 03:44:26 | 000,000,000 | R--D | C] -- C:\Users\Ricardo\Videos
[2011-12-13 03:44:26 | 000,000,000 | R--D | C] -- C:\Users\Ricardo\Saved Games
[2011-12-13 03:44:26 | 000,000,000 | R--D | C] -- C:\Users\Ricardo\Pictures
[2011-12-13 03:44:26 | 000,000,000 | R--D | C] -- C:\Users\Ricardo\Music
[2011-12-13 03:44:26 | 000,000,000 | R--D | C] -- C:\Users\Ricardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011-12-13 03:44:26 | 000,000,000 | R--D | C] -- C:\Users\Ricardo\Links
[2011-12-13 03:44:26 | 000,000,000 | R--D | C] -- C:\Users\Ricardo\Favorites
[2011-12-13 03:44:26 | 000,000,000 | R--D | C] -- C:\Users\Ricardo\Downloads
[2011-12-13 03:44:26 | 000,000,000 | R--D | C] -- C:\Users\Ricardo\Documents
[2011-12-13 03:44:26 | 000,000,000 | R--D | C] -- C:\Users\Ricardo\Desktop
[2011-12-13 03:44:26 | 000,000,000 | R--D | C] -- C:\Users\Ricardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011-12-13 03:44:26 | 000,000,000 | -HSD | C] -- C:\Users\Ricardo\AppData\Local\Temporary Internet Files
[2011-12-13 03:44:26 | 000,000,000 | -HSD | C] -- C:\Users\Ricardo\SendTo
[2011-12-13 03:44:26 | 000,000,000 | -HSD | C] -- C:\Users\Ricardo\Recent
[2011-12-13 03:44:26 | 000,000,000 | -HSD | C] -- C:\Users\Ricardo\PrintHood
[2011-12-13 03:44:26 | 000,000,000 | -HSD | C] -- C:\Users\Ricardo\Documents\Os meus vídeos
[2011-12-13 03:44:26 | 000,000,000 | -HSD | C] -- C:\Users\Ricardo\Os meus documentos
[2011-12-13 03:44:26 | 000,000,000 | -HSD | C] -- C:\Users\Ricardo\NetHood
[2011-12-13 03:44:26 | 000,000,000 | -HSD | C] -- C:\Users\Ricardo\Modelos
[2011-12-13 03:44:26 | 000,000,000 | -HSD | C] -- C:\Users\Ricardo\Menu Iniciar
[2011-12-13 03:44:26 | 000,000,000 | -HSD | C] -- C:\Users\Ricardo\AppData\Local\Histórico
[2011-12-13 03:44:26 | 000,000,000 | -HSD | C] -- C:\Users\Ricardo\Definições locais
[2011-12-13 03:44:26 | 000,000,000 | -HSD | C] -- C:\Users\Ricardo\Cookies
[2011-12-13 03:44:26 | 000,000,000 | -HSD | C] -- C:\Users\Ricardo\Documents\As minhas imagens
[2011-12-13 03:44:26 | 000,000,000 | -HSD | C] -- C:\Users\Ricardo\Application Data
[2011-12-13 03:44:26 | 000,000,000 | -HSD | C] -- C:\Users\Ricardo\AppData\Local\Application Data
[2011-12-13 03:44:26 | 000,000,000 | -HSD | C] -- C:\Users\Ricardo\Documents\A minha música
[2011-12-13 03:44:26 | 000,000,000 | -H-D | C] -- C:\Users\Ricardo\AppData
[2011-12-13 03:44:26 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\Temp
[2011-12-13 03:44:26 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\Microsoft
[2011-12-13 03:44:26 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Roaming\Media Center Programs
[2011-12-13 03:42:45 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2011-12-13 03:42:37 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011-12-13 03:40:47 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2011-12-13 03:38:47 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2011-12-13 03:27:45 | 000,000,000 | -H-D | C] -- C:\$WINDOWS.~Q
[2011-12-13 03:24:08 | 000,000,000 | -H-D | C] -- C:\$INPLACE.~TR
[2011-12-12 15:42:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011-12-12 13:56:22 | 000,017,920 | ---- | C] (A4Tech Co.,Ltd.) -- C:\Windows\SysNative\drivers\Amusbx64.sys
[2011-12-12 13:56:21 | 000,012,288 | ---- | C] ((Standard mouse types)) -- C:\Windows\SysNative\drivers\Amfltx64.sys
[2011-12-10 00:01:05 | 000,248,944 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\Dts2APO.dll
[2011-12-10 00:01:05 | 000,085,504 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQPropPageExt.dll
[2011-12-10 00:01:05 | 000,083,968 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQAPO.dll
[2011-12-08 21:46:01 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\Diagnostics
[2011-12-08 20:35:00 | 000,646,248 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2011-12-08 20:13:17 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\Innovative Solutions
[2011-12-08 20:13:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverMax
[2011-12-08 00:49:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2011-12-07 21:54:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics
[2011-12-07 21:04:55 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Roaming\Auslogics
[2011-12-07 21:03:55 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011-12-07 21:03:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2011-12-07 16:39:37 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{7AB0E2D1-A0A6-47C4-87E6-2707D99F0C7C}
[2011-12-07 16:39:03 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{BB53EDBD-873D-4868-B535-E35A7EAE5F45}
[2011-12-07 01:39:40 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{AD389095-36DB-4479-8756-81D954EC30B5}
[2011-12-07 01:39:18 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{98E2164D-D220-4CD3-908A-03F1778E2734}
[2011-12-06 13:52:54 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\SteelSeriesEngine
[2011-12-06 13:52:07 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Roaming\SteelSeries
[2011-12-06 13:51:50 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SteelSeries
[2011-12-06 13:51:50 | 000,000,000 | ---D | C] -- C:\ProgramData\SteelSeries
[2011-12-06 13:51:04 | 000,000,000 | ---D | C] -- C:\Program Files\SteelSeries
[2011-12-06 13:38:48 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{9FC889BF-4899-4B04-B14A-FA4BECB359EF}
[2011-12-06 13:38:16 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{59C7E1F2-E56A-4ABE-9821-B3466B924492}
[2011-12-05 23:59:31 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{DC1899A5-D297-4033-AEDD-AB6A52731ECC}
[2011-12-05 23:59:10 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{0C2635CC-353A-4BCA-AD34-5B0A0FA985D5}
[2011-12-05 12:10:28 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011-12-05 11:58:34 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{8BAB0D02-E534-4F45-8F91-A98E716D3A50}
[2011-12-05 11:58:13 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{660E8EF8-8163-460B-9324-2C2A7E67D9AF}
[2011-12-05 11:32:44 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{48695539-4208-459D-AB45-D2AD801A66E1}
[2011-12-05 11:32:14 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{5FD73398-828F-4DF9-A5DE-8907DB510298}
[2011-12-04 21:54:43 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{56F661BD-2078-4AED-AA6C-9873440423BA}
[2011-12-04 21:54:30 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{501A80DD-ED6C-438C-AA75-943BCF42D367}
[2011-12-04 17:36:05 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\Desktop\c#
[2011-12-04 14:32:48 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{A55265A0-849C-471F-B6AD-D1F0279343F3}
[2011-12-04 14:32:26 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{0C6C8DC1-22DF-4176-805C-D7D4BC2517E3}
[2011-12-03 20:49:18 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{A8CDBD0A-0228-4F41-A9BB-7BC4862E57E4}
[2011-12-03 20:48:52 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{40B280C8-D8C2-4AB2-A840-798B7E95DC15}
[2011-12-03 20:43:46 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{B6A1CBF6-1A1A-430F-B9A1-2B0462D345F2}
[2011-12-03 01:00:17 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Roaming\ImgBurn
[2011-12-02 17:27:48 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{AC4EC426-9258-4B4F-AA16-CE85ED6E4F50}
[2011-12-02 17:27:27 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{B8A7C65A-C30A-4616-BF13-9BAAD5307D3E}
[2011-12-02 05:27:01 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{0B294C39-ED0E-43D3-B8A2-9E63390A9760}
[2011-12-02 05:26:39 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{EAB183EC-6A2A-4831-88FE-1549E9540C53}
[2011-12-01 19:56:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Visual Studio
[2011-12-01 17:26:12 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{67782799-565A-48E4-8D5C-44C7D630EC8F}
[2011-12-01 17:25:50 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{A70B608D-4CA9-415A-A713-8C4F488A9539}
[2011-12-01 15:16:30 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\Desktop\Coldplay
[2011-12-01 05:25:25 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{C2BD389D-A0D3-4471-8383-9592DD5FC707}
[2011-12-01 05:25:03 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{06FA0DE8-3C3B-4F0F-94AD-A29D8DEB9FFD}
[2011-11-30 17:24:39 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{FB9E9F70-1280-4A60-920F-146B21F7CD6B}
[2011-11-30 17:24:29 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{CC0A343E-56C7-4FC2-9328-CF87A12E75FA}
[2011-11-30 03:45:18 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{218E22FC-4E28-4DF9-9CE4-87ECF02C4277}
[2011-11-30 03:44:56 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{DE0B4939-854C-4615-ABC6-51D8E1925D3B}
[2011-11-29 21:16:12 | 000,000,000 | ---D | C] -- C:\ProgramData\EPU
[2011-11-29 21:16:11 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS OC Profiles
[2011-11-29 21:08:39 | 000,000,000 | -H-D | C] -- C:\temp
[2011-11-29 21:08:39 | 000,000,000 | -H-D | C] -- C:\dvmexp
[2011-11-29 21:08:07 | 000,000,000 | -H-D | C] -- C:\ASUS.000
[2011-11-29 21:07:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Gate
[2011-11-29 21:07:45 | 000,000,000 | -H-D | C] -- C:\ASUS.SYS
[2011-11-29 21:07:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Downloaded Installations
[2011-11-29 21:05:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
[2011-11-29 21:05:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS
[2011-11-29 21:05:03 | 000,000,000 | ---D | C] -- C:\RaidTool
[2011-11-29 21:04:56 | 000,000,000 | ---D | C] -- C:\Windows\RaidTool
[2011-11-29 20:59:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VIA
[2011-11-29 20:53:30 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\LogMeIn Hamachi
[2011-11-29 20:53:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2011-11-29 20:53:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2011-11-29 20:23:50 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Roaming\Download Manager
[2011-11-29 16:56:59 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\PackageAware
[2011-11-29 16:36:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Tool
[2011-11-29 15:44:23 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{96A7A057-FB63-46E6-BDBE-CEF34A1D3F5E}
[2011-11-29 15:43:57 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{06BC0CCE-E512-4273-A716-CE02A11B2A9E}
[2011-11-29 05:07:35 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011-11-29 03:43:24 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{5A926026-CB41-446A-98CE-B947794945BE}
[2011-11-29 03:41:07 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{BB13C458-D151-4092-9953-4F7E7BE42505}
[2011-11-29 01:58:08 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\Aptana Rubles
[2011-11-29 01:57:53 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\My Documents
[2011-11-29 01:54:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Appcelerator
[2011-11-29 01:30:34 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Roaming\.minecraft
[2011-11-28 15:40:41 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{061A8FDD-2A96-4556-B8A6-42165826D3CA}
[2011-11-28 15:40:15 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{5DA4C53B-70DE-4B7E-A08E-61A915E5B319}
[2011-11-28 03:39:49 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{088B79A4-AC44-4174-8871-7B02250850B5}
[2011-11-28 03:39:39 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{A9D04931-CBB3-4341-ACFA-8CE31F271322}
[2011-11-27 15:39:11 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{FBD2F3DE-B239-47D1-B0D0-05BCE2FF7EA9}
[2011-11-27 15:39:00 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{BA5132BF-6397-4FA7-BF81-6DCE0FADE929}
[2011-11-27 03:38:33 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{C3210EFC-136B-4613-8E02-9F5EB87AFCE0}
[2011-11-27 03:38:21 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{2C5DDBB7-1701-4B38-8C84-36F3F08BB333}
[2011-11-26 15:37:55 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{A58853C1-7579-4DF9-865C-E9E09C4A179E}
[2011-11-26 15:37:44 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{D066076C-1FF9-44AA-81B8-8B7A0E9441E8}
[2011-11-26 03:36:47 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{F71EB8D6-2F97-4798-A6D6-931FDC68CEBF}
[2011-11-26 03:36:37 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{7363EE11-58C0-4EF6-A100-7D817B0452FB}
[2011-11-26 00:29:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2011-11-26 00:29:36 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2011-11-26 00:29:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2011-11-26 00:08:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed
[2011-11-25 20:11:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\RsFx
[2011-11-25 20:11:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2011-11-25 20:11:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011-11-25 20:10:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
[2011-11-25 20:08:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2011-11-25 20:08:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2011-11-25 20:07:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Sync Framework
[2011-11-25 20:07:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2011-11-25 20:06:51 | 000,000,000 | ---D | C] -- C:\ProgramData\PreEmptive Solutions
[2011-11-25 20:05:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 3 SDK
[2011-11-25 20:04:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ASP.NET
[2011-11-25 20:04:41 | 000,000,000 | ---D | C] -- C:\Program Files\IIS
[2011-11-25 20:04:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IIS
[2011-11-25 20:03:45 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\Documents\Visual Studio 2008
[2011-11-25 20:03:16 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\Documents\Visual Studio 2010
[2011-11-25 20:00:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Designer
[2011-11-25 20:00:07 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1033
[2011-11-25 19:59:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010
[2011-11-25 19:59:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft F#
[2011-11-25 19:59:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Merge Modules
[2011-11-25 19:59:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTML Help Workshop
[2011-11-25 19:57:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0
[2011-11-25 19:57:20 | 000,000,000 | ---D | C] -- C:\Windows\symbols
[2011-11-25 19:57:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1033
[2011-11-25 19:57:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0
[2011-11-25 19:57:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs
[2011-11-25 19:57:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer
[2011-11-25 19:43:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011-11-25 19:43:06 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011-11-25 16:21:40 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Roaming\Malwarebytes
[2011-11-25 16:21:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011-11-25 16:21:30 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011-11-25 15:35:51 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{BDD6E1FA-9CCD-4190-9A4B-DE5AF258F19D}
[2011-11-25 15:35:36 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{95787331-953A-4F2F-9243-A33FD7136871}
[2011-11-25 02:16:01 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{108974E8-2FAB-413A-B444-112D19D5DE18}
[2011-11-25 02:15:38 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{220F7B2A-E8A5-4740-B275-05E4CA350FBF}
[2011-11-24 14:15:12 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{D4599584-2ABE-4FA8-B6A0-F5BF55B9E06E}
[2011-11-24 14:14:58 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{9509331A-7C85-4CA9-84C3-33C0FB544A08}
[2011-11-23 21:26:25 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{FE9160D6-BBF8-4584-B886-BC0D4514E03D}
[2011-11-23 21:26:13 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{4F35B65F-2AF3-4B0D-AFE0-881ACF420B04}
[2011-11-23 14:46:40 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\SlimWare Utilities Inc
[2011-11-23 14:31:38 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Roaming\3v
[2011-11-23 13:47:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2011-11-23 13:47:22 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Roaming\OpenCandy
[2011-11-23 13:47:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2011-11-23 13:45:00 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{AF5B55D2-D238-4B4D-9DBA-2B57EAB3CBFB}
[2011-11-23 13:44:44 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{F44CA49C-CB8A-4867-93FB-AB25C5DE5D59}
[2011-11-22 20:52:38 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{CAFB648D-6F13-446C-BBE2-F13FF35A5E86}
[2011-11-22 20:52:27 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{3058C058-A71E-4A57-A604-B34A405E1922}
[2011-11-22 08:52:01 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{029B8D17-2C20-4451-AE9E-D48D48BD0B3D}
[2011-11-22 08:51:40 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{D38B2537-7C3C-4B9D-B823-76AF7B7E6538}
[2011-11-21 20:51:12 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{D607D449-157C-4242-876D-8C04F8270045}
[2011-11-21 20:50:57 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{313B3A9D-E37E-42EE-AF91-CFAD1856F62D}
[2011-11-21 03:26:19 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{5919454A-6790-4950-B39E-6886D257C73C}
[2011-11-21 03:26:06 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{A9223BCB-E5AA-46F4-BA07-249AC2A44CBC}
[2011-11-20 15:25:54 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{C6D3AF7E-0C76-4D88-A715-F49E234A753F}
[2011-11-20 15:25:34 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{B172956D-C519-488A-B72E-CC8149ECB3BE}
[2011-11-20 03:25:09 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{F69106B7-197E-4E6E-B421-A6CCC47C273B}
[2011-11-20 03:24:50 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{4072C374-39EE-4840-977A-8A7D81E449C9}
[2011-11-19 15:24:25 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{02C5E703-2EC9-4017-B7E7-9C5C7CF6AD6E}
[2011-11-19 15:24:13 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{AB8EFAD9-E335-4603-A052-17CE6E18378F}
[2011-11-19 00:27:13 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\Skyrim
[2011-11-19 00:23:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razor 1911
[2011-11-18 23:17:23 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{34F1298F-DABC-43DB-BBF3-4715B6FE33E3}
[2011-11-18 23:17:13 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{DACD1947-076E-40FA-A194-DC2184C7503A}
[2011-11-15 16:27:09 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{8DBFD0F4-33A4-468E-8038-F99F52D6F2F6}
[2011-11-15 16:26:56 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\{F1B32FE6-2B97-4CFC-99C9-E90042D2D989}
[2011-10-21 11:49:26 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll

========== Files - Modified Within 30 Days ==========

[2011-12-13 23:45:00 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-590952940-1983602806-593811447-1001UA.job
[2011-12-13 23:44:21 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2011-12-13 23:43:35 | 000,019,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011-12-13 23:43:35 | 000,019,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011-12-13 23:40:14 | 001,830,790 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011-12-13 23:40:14 | 000,783,406 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat
[2011-12-13 23:40:14 | 000,716,762 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011-12-13 23:40:14 | 000,175,478 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat
[2011-12-13 23:40:14 | 000,144,784 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011-12-13 23:37:41 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ricardo\Desktop\OTL.exe
[2011-12-13 23:34:21 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2011-12-13 23:34:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-12-13 23:33:58 | 543,026,600 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011-12-13 23:33:52 | 3219,693,568 | -HS- | M] () -- C:\hiberfil.sys
[2011-12-13 22:04:17 | 000,532,781 | ---- | M] () -- C:\Users\Ricardo\Desktop\Autoruns.zip
[2011-12-13 21:50:16 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat
[2011-12-13 16:36:45 | 000,035,726 | ---- | M] () -- C:\Windows\Ascd_log.ini
[2011-12-13 16:36:21 | 000,000,670 | ---- | M] () -- C:\Windows\setup.iss
[2011-12-13 16:35:26 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2011-12-13 16:35:11 | 000,026,147 | ---- | M] () -- C:\Windows\Ascd_tmp.ini
[2011-12-13 16:26:22 | 000,006,872 | ---- | M] () -- C:\Users\Ricardo\AppData\Local\Temp7.html
[2011-12-13 16:26:01 | 000,001,955 | ---- | M] () -- C:\Users\Ricardo\AppData\Local\Temp1.html
[2011-12-13 15:24:31 | 000,001,790 | ---- | M] () -- C:\Users\Ricardo\Application Data\Microsoft\Internet Explorer\Quick Launch\Uniblue RegistryBooster.lnk
[2011-12-13 05:25:34 | 000,001,429 | ---- | M] () -- C:\Users\Ricardo\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011-12-13 05:23:50 | 000,416,968 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011-12-13 05:00:23 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011-12-13 05:00:23 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011-12-13 04:28:26 | 000,325,953 | RHS- | M] () -- C:\SMYOR
[2011-12-13 04:28:26 | 000,000,000 | RHS- | M] () -- C:\dvbx.ld
[2011-12-13 04:25:07 | 001,799,192 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011-12-13 04:13:55 | 000,218,679 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011-12-13 04:13:55 | 000,218,679 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011-12-13 04:05:49 | 000,023,128 | ---- | M] () -- C:\Windows\SysNative\emptyregdb.dat
[2011-12-13 03:38:34 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011-12-13 02:54:34 | 000,002,544 | ---- | M] () -- C:\Windows\diagwrn.xml
[2011-12-13 02:54:34 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml
[2011-12-13 01:45:01 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-590952940-1983602806-593811447-1001Core.job
[2011-12-06 13:47:27 | 000,000,829 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2011-12-06 13:46:57 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011-12-06 13:46:49 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011-12-06 13:46:45 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011-12-01 15:45:08 | 001,045,703 | ---- | M] () -- C:\Windows\P7P55D-ASUS-2003.zip
[2011-12-01 15:38:17 | 000,000,057 | -H-- | M] () -- C:\splash.idx
[2011-11-30 19:14:49 | 000,138,844 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2011-11-29 14:46:50 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011-11-29 14:32:27 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011-11-29 01:54:16 | 000,001,004 | ---- | M] () -- C:\Users\Ricardo\Application Data\Microsoft\Internet Explorer\Quick Launch\Aptana Studio 3.lnk
[2011-11-28 18:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011-11-28 18:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011-11-28 18:01:14 | 000,256,960 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011-11-28 17:54:06 | 000,591,192 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011-11-28 17:53:58 | 000,304,472 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011-11-28 17:52:22 | 000,042,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011-11-28 17:52:20 | 000,058,712 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011-11-28 17:52:11 | 000,066,904 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011-11-28 17:51:53 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011-11-24 03:31:55 | 000,000,221 | ---- | M] () -- C:\Users\Ricardo\Desktop\The Elder Scrolls V Skyrim.url
[2011-11-18 23:54:43 | 000,002,409 | ---- | M] () -- C:\Users\Ricardo\Desktop\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2011-12-13 22:04:15 | 000,532,781 | ---- | C] () -- C:\Users\Ricardo\Desktop\Autoruns.zip
[2011-12-13 16:26:22 | 000,006,872 | ---- | C] () -- C:\Users\Ricardo\AppData\Local\Temp7.html
[2011-12-13 16:26:01 | 000,001,955 | ---- | C] () -- C:\Users\Ricardo\AppData\Local\Temp1.html
[2011-12-13 15:15:22 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\RegistryBooster.job
[2011-12-13 15:15:20 | 000,001,790 | ---- | C] () -- C:\Users\Ricardo\Application Data\Microsoft\Internet Explorer\Quick Launch\Uniblue RegistryBooster.lnk
[2011-12-13 05:00:23 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011-12-13 05:00:23 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011-12-13 04:28:26 | 000,325,953 | RHS- | C] () -- C:\SMYOR
[2011-12-13 04:28:26 | 000,000,000 | RHS- | C] () -- C:\dvbx.ld
[2011-12-13 04:25:07 | 001,799,192 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011-12-13 04:17:36 | 000,001,401 | ---- | C] () -- C:\Users\Ricardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011-12-13 04:17:32 | 000,001,435 | ---- | C] () -- C:\Users\Ricardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011-12-13 04:15:09 | 3219,693,568 | -HS- | C] () -- C:\hiberfil.sys
[2011-12-13 04:05:49 | 000,023,128 | ---- | C] () -- C:\Windows\SysNative\emptyregdb.dat
[2011-12-13 03:44:26 | 000,000,290 | ---- | C] () -- C:\Users\Ricardo\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011-12-13 03:44:26 | 000,000,272 | ---- | C] () -- C:\Users\Ricardo\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011-12-13 03:43:58 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011-12-08 20:35:00 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2011-12-08 00:49:37 | 000,000,796 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2011-12-08 00:03:58 | 000,002,544 | ---- | C] () -- C:\Windows\diagwrn.xml
[2011-12-08 00:03:58 | 000,001,890 | ---- | C] () -- C:\Windows\diagerr.xml
[2011-12-01 15:45:08 | 002,097,152 | ---- | C] () -- C:\Windows\P7P55D-ASUS-2003.ROM
[2011-12-01 15:44:11 | 001,045,703 | ---- | C] () -- C:\Windows\P7P55D-ASUS-2003.zip
[2011-11-30 19:14:49 | 000,138,844 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011-11-30 17:23:41 | 000,002,486 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011-11-29 21:14:32 | 000,000,177 | -H-- | C] () -- C:\dvmexp.idx
[2011-11-29 21:05:23 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011-11-29 21:05:23 | 000,013,368 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011-11-29 21:05:05 | 000,000,670 | ---- | C] () -- C:\Windows\setup.iss
[2011-11-29 21:04:18 | 000,035,726 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011-11-29 21:03:53 | 000,026,147 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011-11-29 20:59:44 | 000,001,214 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD VDeck.lnk
[2011-11-29 20:49:19 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011-11-29 16:18:48 | 000,007,384 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2011-11-29 04:15:29 | 000,000,863 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2011-11-29 04:15:29 | 000,000,848 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Uninstaller.lnk
[2011-11-29 04:15:29 | 000,000,833 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2011-11-29 01:54:16 | 000,001,004 | ---- | C] () -- C:\Users\Ricardo\Application Data\Microsoft\Internet Explorer\Quick Launch\Aptana Studio 3.lnk
[2011-11-25 23:58:34 | 543,026,600 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011-11-24 03:31:55 | 000,000,221 | ---- | C] () -- C:\Users\Ricardo\Desktop\The Elder Scrolls V Skyrim.url
[2011-11-02 17:13:38 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2011-10-23 01:39:55 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2011-10-21 15:13:19 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011-10-21 15:01:12 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011-10-21 15:01:10 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011-10-21 11:49:27 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011-10-21 11:49:27 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011-10-21 11:49:26 | 003,164,160 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2011-10-21 11:49:26 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011-10-21 11:49:26 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011-10-21 11:49:26 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011-10-15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2009-07-14 05:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009-07-14 02:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009-07-14 02:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009-07-14 00:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009-07-13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009-07-13 21:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009-07-06 02:48:34 | 000,013,368 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2009-06-10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009-04-02 12:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2008-12-01 18:32:32 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll

========== LOP Check ==========

[2011-12-13 03:59:23 | 000,000,000 | ---D | M] -- C:\Users\Ricardo\AppData\Roaming\.minecraft
[2011-12-13 03:59:23 | 000,000,000 | ---D | M] -- C:\Users\Ricardo\AppData\Roaming\3v
[2011-12-13 03:59:24 | 000,000,000 | ---D | M] -- C:\Users\Ricardo\AppData\Roaming\Auslogics
[2011-12-13 03:59:24 | 000,000,000 | ---D | M] -- C:\Users\Ricardo\AppData\Roaming\com.aspiro.musicbox
[2011-12-13 03:59:27 | 000,000,000 | ---D | M] -- C:\Users\Ricardo\AppData\Roaming\DAEMON Tools Lite
[2011-12-13 03:59:28 | 000,000,000 | ---D | M] -- C:\Users\Ricardo\AppData\Roaming\Dropbox
[2011-12-13 03:59:30 | 000,000,000 | ---D | M] -- C:\Users\Ricardo\AppData\Roaming\ImgBurn
[2011-12-13 03:59:30 | 000,000,000 | ---D | M] -- C:\Users\Ricardo\AppData\Roaming\LolClient
[2011-12-13 03:59:35 | 000,000,000 | ---D | M] -- C:\Users\Ricardo\AppData\Roaming\OpenCandy
[2011-12-13 03:59:35 | 000,000,000 | ---D | M] -- C:\Users\Ricardo\AppData\Roaming\Origin
[2011-12-13 03:59:35 | 000,000,000 | ---D | M] -- C:\Users\Ricardo\AppData\Roaming\SteelSeries
[2011-12-13 03:59:35 | 000,000,000 | ---D | M] -- C:\Users\Ricardo\AppData\Roaming\SystemRequirementsLab
[2011-12-13 03:59:36 | 000,000,000 | ---D | M] -- C:\Users\Ricardo\AppData\Roaming\TS3Client
[2011-12-13 03:59:37 | 000,000,000 | ---D | M] -- C:\Users\Ricardo\AppData\Roaming\Tunngle
[2011-12-13 15:15:21 | 000,000,000 | ---D | M] -- C:\Users\Ricardo\AppData\Roaming\Uniblue
[2011-12-13 15:20:11 | 000,000,000 | ---D | M] -- C:\Users\Ricardo\AppData\Roaming\uTorrent
[2011-10-29 18:34:05 | 000,000,000 | ---D | M] -- C:\Users\Ricardo\AppData\Roaming\Windows Live Writer
[2011-12-13 23:34:21 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job
[2009-07-14 05:08:49 | 000,006,970 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
Mordomo
Posted 15 December 2011 - 01:25 PM

Mordomo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
I formatted my pc today.
  • 0

#3
maliprog
Posted 19 December 2011 - 01:28 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello Mordomo and welcome to my office here at G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Do you still need help after you did reinstall?
  • 0

#4
Mordomo
Posted 19 December 2011 - 10:58 AM

Mordomo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
rshaffer61 said : "Put in the memory that works and let the malware tech assist you just to be sure. If everything checks out ok then I would say replacing the memory with a good matching set would be the final step to ensure everything is working correctly."

Now my computer is running well, but the rshaffer61 want to see if I have any virus.

Edited by Mordomo, 19 December 2011 - 11:00 AM.

  • 0

#5
maliprog
Posted 19 December 2011 - 03:31 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. Let's begin then :)

Step 1

Download OTL to your Desktop

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
    . Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 2

Download GMER from Here. Note the file's name and save it to your root folder, such as C:.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Step 3

Please don't forget to include these items in your reply:

  • OTL log
  • OTL Extras log
  • GMER log
It would be helpful if you could post each log in separate post
  • 0

#6
Mordomo
Posted 20 December 2011 - 12:44 PM

Mordomo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Hi I don't know why when GMER stop scanning he crash.
  • 0

#7
Mordomo
Posted 20 December 2011 - 03:53 PM

Mordomo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
OTL log:


OTL logfile created on: 20-12-2011 01:10:46 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ricardo\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000816 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy

2,00 Gb Total Physical Memory | 0,57 Gb Available Physical Memory | 28,68% Memory free
4,48 Gb Paging File | 2,04 Gb Available in Paging File | 45,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 74,96 Gb Free Space | 76,76% Space Free | Partition Type: NTFS
Drive D: | 1862,89 Gb Total Space | 1206,12 Gb Free Space | 64,74% Space Free | Partition Type: NTFS
Drive E: | 200,43 Gb Total Space | 28,82 Gb Free Space | 14,38% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 133,68 Gb Free Space | 14,35% Space Free | Partition Type: NTFS
Drive G: | 4,13 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: RICARDO-PC | User Name: Ricardo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-12-20 00:54:31 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ricardo\Desktop\OTL.scr
PRC - [2011-12-19 04:15:52 | 000,419,624 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2011-12-19 04:14:17 | 001,242,448 | ---- | M] (Valve Corporation) -- D:\Program Files (x86)\Steam\Steam.exe
PRC - [2011-11-28 18:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011-11-28 18:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011-11-21 04:42:54 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011-10-15 08:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011-10-15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011-06-06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010-11-21 03:25:10 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe


========== Modules (No Company Name) ==========

MOD - [2011-12-19 04:15:52 | 014,410,024 | ---- | M] () -- D:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2011-12-19 04:15:52 | 000,914,216 | ---- | M] () -- D:\Program Files (x86)\Steam\bin\avcodec-52.dll
MOD - [2011-12-19 04:15:52 | 000,194,344 | ---- | M] () -- D:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2011-12-19 04:15:52 | 000,155,432 | ---- | M] () -- D:\Program Files (x86)\Steam\bin\avformat-52.dll
MOD - [2011-12-19 04:15:52 | 000,091,432 | ---- | M] () -- D:\Program Files (x86)\Steam\bin\avutil-50.dll
MOD - [2011-12-19 04:11:44 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011-11-23 18:00:00 | 003,568,640 | ---- | M] () -- C:\Program Files (x86)\K-Lite Codec Pack\ffdshow\ffdshow.ax
MOD - [2011-11-22 01:10:34 | 000,958,743 | ---- | M] () -- C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\avformat-lav-53.dll
MOD - [2011-11-22 01:10:34 | 000,337,369 | ---- | M] () -- C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\swscale-lav-2.dll
MOD - [2011-11-22 01:10:34 | 000,197,872 | ---- | M] () -- C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\avutil-lav-51.dll
MOD - [2011-11-22 01:10:32 | 006,245,122 | ---- | M] () -- C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\avcodec-lav-53.dll
MOD - [2011-11-22 01:10:32 | 000,127,340 | ---- | M] () -- C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\avfilter-lav-2.dll
MOD - [2011-11-21 04:42:55 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011-10-15 00:54:26 | 000,265,536 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011-11-28 18:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009-07-14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-14 01:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011-12-19 04:15:52 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011-10-15 08:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011-10-15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011-06-06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-06-10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011-11-28 17:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011-11-28 17:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011-11-28 17:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011-11-28 17:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011-11-28 17:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011-11-28 17:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011-07-07 23:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011-06-10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011-05-13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011-05-12 22:21:34 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-05-12 22:21:34 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010-11-21 03:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010-11-21 03:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-21 03:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010-11-21 03:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010-11-21 03:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010-11-21 03:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010-11-21 03:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-21 03:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009-07-14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2005-03-29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009-07-14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://pt.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-PT
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A5 F6 66 B5 02 BE CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.sapo.pt"
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ricardo\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ricardo\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-12-19 05:07:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011-12-19 04:01:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011-12-19 04:01:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ricardo\AppData\Roaming\Mozilla\Extensions
[2011-12-19 04:31:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011-12-19 04:31:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011-11-21 04:42:55 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011-11-21 01:37:13 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011-11-21 01:37:13 | 000,001,529 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\priberam.xml
[2011-11-21 01:37:13 | 000,002,071 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\sapo.xml
[2011-11-21 01:37:13 | 000,000,942 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-ptpt.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ricardo\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ricardo\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ricardo\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Ricardo\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: YouTube = C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_1\
CHR - Extension: Pesquisa do Google = C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Pesquisa do Google = C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_1\
CHR - Extension: Gmail = C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: Gmail = C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_1\

O1 HOSTS File: ([2009-06-10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKCU..\Run: [Steam] D:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B028760-E10A-417E-8C34-0644E2BB2A3A}: DhcpNameServer = 192.168.1.254 192.168.1.254
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011-12-14 01:07:32 | 000,000,000 | ---D | M] - D:\Autoruns -- [ NTFS ]
O32 - AutoRun File - [2010-11-21 02:17:02 | 000,000,043 | R--- | M] () - G:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011-12-20 00:54:22 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Ricardo\Desktop\OTL.scr
[2011-12-19 14:46:44 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\riotsGamesLogs
[2011-12-19 14:46:30 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Roaming\LolClient
[2011-12-19 14:40:47 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Roaming\TS3Client
[2011-12-19 14:40:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2011-12-19 14:36:48 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Roaming\com.aspiro.musicbox
[2011-12-19 11:44:05 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2011-12-19 11:43:51 | 000,000,000 | -HSD | C] -- C:\Boot
[2011-12-19 05:35:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2011-12-19 05:35:05 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\Adobe
[2011-12-19 05:33:19 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\Chromium
[2011-12-19 05:16:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011-12-19 05:16:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2011-12-19 05:16:32 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\Desktop\Programas
[2011-12-19 05:15:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011-12-19 05:08:12 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011-12-19 05:08:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011-12-19 05:08:11 | 000,304,472 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011-12-19 05:08:09 | 000,058,712 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011-12-19 05:08:09 | 000,042,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011-12-19 05:08:08 | 000,591,192 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011-12-19 05:08:05 | 000,066,904 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011-12-19 05:08:04 | 000,256,960 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011-12-19 05:07:15 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011-12-19 05:07:15 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011-12-19 05:07:10 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011-12-19 05:07:10 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011-12-19 05:06:18 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011-12-19 05:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011-12-19 05:06:15 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011-12-19 05:04:52 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Roaming\WinRAR
[2011-12-19 05:01:05 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Roaming\NVIDIA
[2011-12-19 05:00:55 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\PAYDAY
[2011-12-19 04:59:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2011-12-19 04:56:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2011-12-19 04:54:49 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011-12-19 04:54:49 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011-12-19 04:54:16 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2011-12-19 04:53:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2011-12-19 04:52:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2011-12-19 04:51:39 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011-12-19 04:50:32 | 000,147,968 | ---- | C] ( ) -- C:\Windows\SysNative\lagarith.dll
[2011-12-19 04:50:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack x64
[2011-12-19 04:50:30 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack x64
[2011-12-19 04:49:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2011-12-19 04:49:26 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\SysWow64\lameACM.acm
[2011-12-19 04:49:26 | 000,287,744 | ---- | C] (Kristal StudioDFileDescription) -- C:\Windows\SysWow64\divxa32.acm
[2011-12-19 04:49:26 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2011-12-19 04:49:26 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\SysWow64\ac3acm.acm
[2011-12-19 04:49:26 | 000,039,936 | ---- | C] (Disappearing Inc.) -- C:\Windows\SysWow64\huffyuv.dll
[2011-12-19 04:49:25 | 000,630,784 | ---- | C] (On2.com) -- C:\Windows\SysWow64\vp7vfw.dll
[2011-12-19 04:49:25 | 000,413,760 | ---- | C] (Hacked with Joy !) -- C:\Windows\SysWow64\DivXc32f.dll
[2011-12-19 04:49:25 | 000,413,760 | ---- | C] (Hacked with Joy !) -- C:\Windows\SysWow64\DivXc32.dll
[2011-12-19 04:49:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2011-12-19 04:41:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2011-12-19 04:41:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2011-12-19 04:37:49 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011-12-19 04:37:33 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\Google
[2011-12-19 04:32:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011-12-19 04:32:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011-12-19 04:31:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011-12-19 04:26:13 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Roaming\The Creative Assembly
[2011-12-19 04:22:42 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\Documents\my games
[2011-12-19 04:17:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2011-12-19 04:11:48 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Roaming\Macromedia
[2011-12-19 04:11:48 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Roaming\Adobe
[2011-12-19 04:11:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2011-12-19 04:11:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011-12-19 04:05:46 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011-12-19 04:01:42 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Roaming\Mozilla
[2011-12-19 04:01:42 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\Mozilla
[2011-12-19 04:01:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011-12-19 03:52:41 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2011-12-19 03:52:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2011-12-19 03:52:06 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2011-12-19 03:52:04 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011-12-19 03:51:10 | 000,000,000 | R--D | C] -- C:\Users\Ricardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011-12-19 03:51:10 | 000,000,000 | R--D | C] -- C:\Users\Ricardo\Searches
[2011-12-19 03:51:10 | 000,000,000 | R--D | C] -- C:\Users\Ricardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011-12-19 03:51:10 | 000,000,000 | -H-D | C] -- C:\Users\Ricardo\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011-12-19 03:51:01 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Roaming\Identities
[2011-12-19 03:50:59 | 000,000,000 | R--D | C] -- C:\Users\Ricardo\Contacts
[2011-12-19 03:50:56 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\VirtualStore
[2011-12-19 03:50:46 | 000,000,000 | --SD | C] -- C:\Users\Ricardo\AppData\Roaming\Microsoft
[2011-12-19 03:50:46 | 000,000,000 | R--D | C] -- C:\Users\Ricardo\Videos
[2011-12-19 03:50:46 | 000,000,000 | R--D | C] -- C:\Users\Ricardo\Saved Games
[2011-12-19 03:50:46 | 000,000,000 | R--D | C] -- C:\Users\Ricardo\Pictures
[2011-12-19 03:50:46 | 000,000,000 | R--D | C] -- C:\Users\Ricardo\Music
[2011-12-19 03:50:46 | 000,000,000 | R--D | C] -- C:\Users\Ricardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011-12-19 03:50:46 | 000,000,000 | R--D | C] -- C:\Users\Ricardo\Links
[2011-12-19 03:50:46 | 000,000,000 | R--D | C] -- C:\Users\Ricardo\Favorites
[2011-12-19 03:50:46 | 000,000,000 | R--D | C] -- C:\Users\Ricardo\Downloads
[2011-12-19 03:50:46 | 000,000,000 | R--D | C] -- C:\Users\Ricardo\Documents
[2011-12-19 03:50:46 | 000,000,000 | R--D | C] -- C:\Users\Ricardo\Desktop
[2011-12-19 03:50:46 | 000,000,000 | R--D | C] -- C:\Users\Ricardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011-12-19 03:50:46 | 000,000,000 | -HSD | C] -- C:\Users\Ricardo\AppData\Local\Temporary Internet Files
[2011-12-19 03:50:46 | 000,000,000 | -HSD | C] -- C:\Users\Ricardo\Templates
[2011-12-19 03:50:46 | 000,000,000 | -HSD | C] -- C:\Users\Ricardo\Start Menu
[2011-12-19 03:50:46 | 000,000,000 | -HSD | C] -- C:\Users\Ricardo\SendTo
[2011-12-19 03:50:46 | 000,000,000 | -HSD | C] -- C:\Users\Ricardo\Recent
[2011-12-19 03:50:46 | 000,000,000 | -HSD | C] -- C:\Users\Ricardo\PrintHood
[2011-12-19 03:50:46 | 000,000,000 | -HSD | C] -- C:\Users\Ricardo\NetHood
[2011-12-19 03:50:46 | 000,000,000 | -HSD | C] -- C:\Users\Ricardo\Documents\My Videos
[2011-12-19 03:50:46 | 000,000,000 | -HSD | C] -- C:\Users\Ricardo\Documents\My Pictures
[2011-12-19 03:50:46 | 000,000,000 | -HSD | C] -- C:\Users\Ricardo\Documents\My Music
[2011-12-19 03:50:46 | 000,000,000 | -HSD | C] -- C:\Users\Ricardo\My Documents
[2011-12-19 03:50:46 | 000,000,000 | -HSD | C] -- C:\Users\Ricardo\Local Settings
[2011-12-19 03:50:46 | 000,000,000 | -HSD | C] -- C:\Users\Ricardo\AppData\Local\History
[2011-12-19 03:50:46 | 000,000,000 | -HSD | C] -- C:\Users\Ricardo\Cookies
[2011-12-19 03:50:46 | 000,000,000 | -HSD | C] -- C:\Users\Ricardo\Application Data
[2011-12-19 03:50:46 | 000,000,000 | -HSD | C] -- C:\Users\Ricardo\AppData\Local\Application Data
[2011-12-19 03:50:46 | 000,000,000 | -H-D | C] -- C:\Users\Ricardo\AppData
[2011-12-19 03:50:46 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\Temp
[2011-12-19 03:50:46 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Local\Microsoft
[2011-12-19 03:50:46 | 000,000,000 | ---D | C] -- C:\Users\Ricardo\AppData\Roaming\Media Center Programs
[2011-12-19 03:50:35 | 000,000,000 | -HSD | C] -- C:\Recovery
[2011-12-19 03:47:44 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011-12-19 03:45:33 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2011-12-19 03:44:54 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011-12-20 01:11:20 | 000,302,592 | ---- | M] () -- C:\Users\Ricardo\Desktop\2zxbt6cv.exe
[2011-12-20 00:54:31 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ricardo\Desktop\OTL.scr
[2011-12-20 00:42:09 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-121889406-3208898719-2922685598-1001UA.job
[2011-12-19 17:53:29 | 000,005,632 | ---- | M] () -- C:\Users\Ricardo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-12-19 17:53:27 | 167,808,897 | ---- | M] () -- C:\Users\Ricardo\Desktop\PUNCH_Fate_Zero_-_12_SD.mkv
[2011-12-19 16:52:49 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011-12-19 16:52:49 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011-12-19 15:29:53 | 169,598,665 | ---- | M] () -- C:\Users\Ricardo\Desktop\PUNCH_Bakuman_II_-_12_SD.mkv
[2011-12-19 15:16:56 | 155,284,911 | ---- | M] () -- C:\Users\Ricardo\Desktop\PUNCH_Hunter_X_Hunter_-_12_SD.mkv
[2011-12-19 14:46:13 | 000,000,694 | ---- | M] () -- C:\Users\Ricardo\Desktop\League of Legends.lnk
[2011-12-19 14:36:45 | 000,000,658 | ---- | M] () -- C:\Users\Public\Desktop\musicbox.lnk
[2011-12-19 14:22:35 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011-12-19 14:22:35 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011-12-19 14:22:35 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011-12-19 14:16:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-12-19 14:16:09 | 1609,080,832 | -HS- | M] () -- C:\hiberfil.sys
[2011-12-19 11:43:53 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011-12-19 05:27:13 | 000,000,221 | ---- | M] () -- C:\Users\Ricardo\Desktop\The Elder Scrolls V Skyrim.url
[2011-12-19 05:15:05 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011-12-19 04:44:26 | 000,274,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011-12-19 04:42:00 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-121889406-3208898719-2922685598-1001Core.job
[2011-12-19 04:37:50 | 000,002,324 | ---- | M] () -- C:\Users\Ricardo\Desktop\Google Chrome.lnk
[2011-12-19 04:22:59 | 000,000,221 | ---- | M] () -- C:\Users\Ricardo\Desktop\Total War SHOGUN 2.url
[2011-12-19 04:01:39 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011-12-19 04:00:09 | 000,001,437 | ---- | M] () -- C:\Users\Ricardo\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011-12-19 03:54:03 | 000,000,000 | RHS- | M] () -- C:\nmvy.ld
[2011-12-19 03:54:02 | 000,379,579 | RHS- | M] () -- C:\VRSYF
[2011-12-19 03:48:12 | 000,116,385 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011-12-19 03:48:12 | 000,116,385 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011-12-14 13:29:03 | 149,544,303 | ---- | M] () -- C:\Users\Ricardo\Desktop\PUNCH_Chihayafuru_-_11_SD.mkv
[2011-11-28 18:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011-11-28 18:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011-11-28 18:01:14 | 000,256,960 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011-11-28 17:54:06 | 000,591,192 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011-11-28 17:53:58 | 000,304,472 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011-11-28 17:52:22 | 000,042,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011-11-28 17:52:20 | 000,058,712 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011-11-28 17:52:11 | 000,066,904 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011-11-28 17:51:53 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011-11-23 18:00:00 | 000,086,016 | ---- | M] () -- C:\Windows\SysNative\ff_vfw.dll
[2011-11-23 18:00:00 | 000,074,752 | ---- | M] () -- C:\Windows\SysWow64\ff_vfw.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011-12-20 01:11:15 | 000,302,592 | ---- | C] () -- C:\Users\Ricardo\Desktop\2zxbt6cv.exe
[2011-12-19 17:00:54 | 167,808,897 | ---- | C] () -- C:\Users\Ricardo\Desktop\PUNCH_Fate_Zero_-_12_SD.mkv
[2011-12-19 15:11:25 | 169,598,665 | ---- | C] () -- C:\Users\Ricardo\Desktop\PUNCH_Bakuman_II_-_12_SD.mkv
[2011-12-19 15:04:50 | 155,284,911 | ---- | C] () -- C:\Users\Ricardo\Desktop\PUNCH_Hunter_X_Hunter_-_12_SD.mkv
[2011-12-19 15:02:28 | 149,544,303 | ---- | C] () -- C:\Users\Ricardo\Desktop\PUNCH_Chihayafuru_-_11_SD.mkv
[2011-12-19 14:46:13 | 000,000,694 | ---- | C] () -- C:\Users\Ricardo\Desktop\League of Legends.lnk
[2011-12-19 14:36:45 | 000,000,658 | ---- | C] () -- C:\Users\Public\Desktop\musicbox.lnk
[2011-12-19 14:36:45 | 000,000,658 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\musicbox.lnk
[2011-12-19 11:43:53 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2011-12-19 11:43:52 | 000,383,786 | RHS- | C] () -- C:\bootmgr
[2011-12-19 05:27:13 | 000,000,221 | ---- | C] () -- C:\Users\Ricardo\Desktop\The Elder Scrolls V Skyrim.url
[2011-12-19 05:16:46 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011-12-19 05:08:04 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011-12-19 05:04:19 | 000,005,632 | ---- | C] () -- C:\Users\Ricardo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-12-19 04:50:32 | 000,203,264 | ---- | C] () -- C:\Windows\SysNative\unrar.dll
[2011-12-19 04:50:31 | 000,086,016 | ---- | C] () -- C:\Windows\SysNative\ff_vfw.dll
[2011-12-19 04:49:27 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011-12-19 04:49:26 | 000,000,414 | ---- | C] () -- C:\Windows\SysWow64\lame_acm.xml
[2011-12-19 04:49:25 | 003,164,160 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2011-12-19 04:49:25 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011-12-19 04:49:25 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011-12-19 04:49:25 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011-12-19 04:37:50 | 000,002,324 | ---- | C] () -- C:\Users\Ricardo\Desktop\Google Chrome.lnk
[2011-12-19 04:37:35 | 000,001,086 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-121889406-3208898719-2922685598-1001UA.job
[2011-12-19 04:37:33 | 000,001,034 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-121889406-3208898719-2922685598-1001Core.job
[2011-12-19 04:22:59 | 000,000,221 | ---- | C] () -- C:\Users\Ricardo\Desktop\Total War SHOGUN 2.url
[2011-12-19 04:01:39 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011-12-19 04:01:39 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011-12-19 04:00:09 | 000,001,437 | ---- | C] () -- C:\Users\Ricardo\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011-12-19 03:54:03 | 000,000,000 | RHS- | C] () -- C:\nmvy.ld
[2011-12-19 03:54:02 | 000,379,579 | RHS- | C] () -- C:\VRSYF
[2011-12-19 03:51:14 | 000,001,409 | ---- | C] () -- C:\Users\Ricardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011-12-19 03:51:11 | 000,001,443 | ---- | C] () -- C:\Users\Ricardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011-12-19 03:50:46 | 000,000,290 | ---- | C] () -- C:\Users\Ricardo\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011-12-19 03:50:46 | 000,000,272 | ---- | C] () -- C:\Users\Ricardo\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011-12-19 03:48:02 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011-12-19 03:47:54 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011-12-19 03:44:54 | 1609,080,832 | -HS- | C] () -- C:\hiberfil.sys
[2011-10-15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2009-07-14 05:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009-07-14 02:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009-07-14 02:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009-07-14 00:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009-07-13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009-07-13 21:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009-06-10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011-12-19 14:36:48 | 000,000,000 | ---D | M] -- C:\Users\Ricardo\AppData\Roaming\com.aspiro.musicbox
[2011-12-19 14:46:30 | 000,000,000 | ---D | M] -- C:\Users\Ricardo\AppData\Roaming\LolClient
[2011-12-19 04:26:13 | 000,000,000 | ---D | M] -- C:\Users\Ricardo\AppData\Roaming\The Creative Assembly
[2011-12-19 14:43:43 | 000,000,000 | ---D | M] -- C:\Users\Ricardo\AppData\Roaming\TS3Client
[2009-07-14 05:08:49 | 000,003,366 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2011-05-12 22:20:24 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011-05-12 22:20:24 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011-05-12 22:20:24 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011-05-12 22:20:24 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010-11-21 03:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011-05-12 22:20:24 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011-05-12 22:20:24 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010-11-21 03:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009-07-14 01:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009-07-14 01:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009-07-14 01:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009-07-14 01:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010-11-21 03:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010-11-21 03:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010-11-21 03:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010-11-21 03:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010-11-21 03:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010-11-21 03:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011-11-21 04:42:56 | 000,714,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011-11-21 04:42:56 | 000,714,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011-11-21 04:42:56 | 000,714,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2011-11-21 04:42:54 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2011-11-21 04:42:54 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2011-11-21 04:42:54 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011-05-12 22:15:27 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011-05-12 22:15:27 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011-05-12 22:15:27 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011-05-12 22:15:27 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011-05-12 22:15:27 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2011-11-21 04:42:56 | 000,714,976 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2011-11-21 04:42:56 | 000,714,976 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2011-11-21 04:42:56 | 000,714,976 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2011-11-21 04:42:54 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2011-11-21 04:42:54 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2011-11-21 04:42:54 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011-05-12 22:15:26 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011-05-12 22:15:26 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011-05-12 22:15:26 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011-05-12 22:15:27 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2011-05-12 22:15:27 | 000,748,336 | ---- | M] (Microsoft Corporation)

< End of report >



----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
OTL Extras log:



OTL Extras logfile created on: 20-12-2011 01:10:46 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ricardo\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000816 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy

2,00 Gb Total Physical Memory | 0,57 Gb Available Physical Memory | 28,68% Memory free
4,48 Gb Paging File | 2,04 Gb Available in Paging File | 45,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 74,96 Gb Free Space | 76,76% Space Free | Partition Type: NTFS
Drive D: | 1862,89 Gb Total Space | 1206,12 Gb Free Space | 64,74% Space Free | Partition Type: NTFS
Drive E: | 200,43 Gb Total Space | 28,82 Gb Free Space | 14,38% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 133,68 Gb Free Space | 14,35% Space Free | Partition Type: NTFS
Drive G: | 4,13 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: RICARDO-PC | User Name: Ricardo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"KLiteCodecPack64_is1" = K-Lite Codec Pack 5.5.0 (64-bit)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java™ 6 Update 30
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{852A7210-28E2-9C72-6D95-8F971AED2FB2}" = music box 1.1.8
"{AC76BA86-7AD7-1046-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Português
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"avast" = avast! Free Antivirus
"com.aspiro.musicbox" = music box 1.1.8
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 8.0.0
"Mozilla Firefox 8.0.1 (x86 pt-PT)" = Mozilla Firefox 8.0.1 (x86 pt-PT)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 19-12-2011 12:14:29 | Computer Name = Ricardo-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 19-12-2011 12:14:29 | Computer Name = Ricardo-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 19-12-2011 12:14:29 | Computer Name = Ricardo-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 19-12-2011 12:14:29 | Computer Name = Ricardo-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 19-12-2011 12:14:29 | Computer Name = Ricardo-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 19-12-2011 12:14:30 | Computer Name = Ricardo-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 19-12-2011 12:14:31 | Computer Name = Ricardo-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 19-12-2011 12:14:31 | Computer Name = Ricardo-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 19-12-2011 12:14:32 | Computer Name = Ricardo-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 19-12-2011 12:20:11 | Computer Name = Ricardo-PC | Source = Application Error | ID = 1000
Description = Faulting application name: rads_user_kernel.exe, version: 0.0.0.0,
time stamp: 0x4e65c1ac Faulting module name: rads_user_kernel.exe, version: 0.0.0.0,
time stamp: 0x4e65c1ac Exception code: 0xc0000005 Fault offset: 0x000b8554 Faulting
process id: 0x12b0 Faulting application start time: 0x01ccbe6a1335c109 Faulting application
path: F:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe Faulting
module path: F:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe Report
Id: 52814496-2a5d-11e1-a442-e0cb4e4e1b27

[ System Events ]
Error - 19-12-2011 00:42:01 | Computer Name = Ricardo-PC | Source = Service Control Manager | ID = 7031
Description = The Microsoft .NET Framework NGEN v2.0.50727_X86 service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 60000 milliseconds: Restart the service.

Error - 19-12-2011 00:42:02 | Computer Name = Ricardo-PC | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Update Service Daemon service terminated unexpectedly.
It has done this 1 time(s).

Error - 19-12-2011 00:45:05 | Computer Name = Ricardo-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Modules Installer service terminated with the following
error: %%16405


< End of report >
  • 0

#8
maliprog
Posted 21 December 2011 - 12:53 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Mordomo,

After first OTL log I have one theory...

Step 1

While we are scanning for malware I'm going to ask you some question and try to narrow problem...

I see you are playing League of Legends and one of it components rads_user_kernel.exe caused some system problems. After quick search I found out that you are not alone. After latest update there are about 10 threads on they official forum and all users have the same problem

You also noted that this problem started about month ago. That is the time of the latest patcher released for this game.

Could it be that this game causing you this?

Step 2

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post

Step 3


Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply
Step 4


Please don't forget to include these items in your reply:

  • VRT log
  • aswMBR log
It would be helpful if you could post each log in separate post
  • 0

#9
Mordomo
Posted 21 December 2011 - 08:21 AM

Mordomo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
I dont think, when I had the BSoD occurred when I was surfing the Internet or watching a movie among other things it wasnt when I was playing League of Legends.
  • 0

#10
maliprog
Posted 21 December 2011 - 02:00 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. Post the logs after the scans.
  • 0

Advertisements

#11
Mordomo
Posted 21 December 2011 - 10:55 PM

Mordomo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
VRT log:

Status: Deleted (events: 10)
21-12-2011 17:09:08 Deleted Trojan program Exploit.Linux.Lotoor.p D:\Android\root android\Exploits\GingerBreak High
21-12-2011 17:19:57 Deleted Trojan program Trojan.Win32.Chifrax.a D:\Dropbox\.dropbox.cache\2011-12-18\LIMBO (deleted 4ed82a1d-46993b1-a7adfa2b).exe High
21-12-2011 21:18:36 Deleted Trojan program Trojan.Win32.Chifrax.a F:\Jogos\LIMBO.v1.0r4.multi9.cracked-THETA.rar High
21-12-2011 21:18:36 Deleted Trojan program Trojan.Win32.Chifrax.a F:\Jogos\LIMBO.v1.0r4.multi9.cracked-THETA.rar//LIMBO.v1.0r4.multi9.cracked-THETA/LIMBO.exe High
21-12-2011 21:19:04 Deleted Trojan program Trojan-Downloader.Win32.Adload.hgn F:\Jogos\Counter Strike 1.6 Final [PCFull Game]+[With Bots]+[Maps]+[ENGLISH]\Counter Strike 1.6 Final.exe High
21-12-2011 21:19:04 Deleted Trojan program Trojan-Downloader.Win32.Adload.hgn F:\Jogos\Counter Strike 1.6 Final [PCFull Game]+[With Bots]+[Maps]+[ENGLISH]\Counter Strike 1.6 Final.exe//valve\regset.exe High
21-12-2011 21:19:01 Deleted Trojan program Packed.Win32.Katusha.o F:\Jogos\Payday.the.Heist-MP-Cracked-P11\payday_win32_release.exe High
21-12-2011 21:19:01 Deleted Trojan program Packed.Win32.Katusha.o F:\Jogos\Payday.the.Heist-MP-Cracked-P11\payday_win32_release.exe//data0025.res High
21-12-2011 21:19:01 Deleted Trojan program Packed.Win32.Katusha.o F:\Jogos\Payday.the.Heist-MP-Cracked-P11\payday_win32_release.exe//data0025.res//REG~1.EXE High
21-12-2011 21:21:09 Deleted Trojan program Trojan.Win32.Chifrax.a F:\Jogos\LIMBO.v1.0r4.multi9.cracked-THETA\LIMBO.exe High







aswMBR log:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-21 15:06:10
-----------------------------
15:06:11.001 OS Version: Windows x64 6.1.7601 Service Pack 1
15:06:11.001 Number of processors: 4 586 0x2502
15:06:11.002 ComputerName: RICARDO-PC UserName: Ricardo
15:06:11.827 Initialize success
15:06:12.246 AVAST engine defs: 11122101
15:06:44.760 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
15:06:44.763 Disk 0 Vendor: ST3320620AS 3.AAK Size: 305245MB BusType: 3
15:06:44.772 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-5
15:06:44.776 Disk 1 Vendor: WDC_WD20EARS-00MVWB0 51.0AB51 Size: 1907729MB BusType: 3
15:06:44.787 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T0L0-3
15:06:44.793 Disk 2 Vendor: SAMSUNG_HD103UI 1AA01113 Size: 953869MB BusType: 3
15:06:46.819 Disk 0 MBR read successfully
15:06:46.826 Disk 0 MBR scan
15:06:46.832 Disk 0 Windows 7 default MBR code
15:06:46.839 Service scanning
15:06:48.186 Modules scanning
15:06:48.195 Disk 0 trace - called modules:
15:06:48.218 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
15:06:48.556 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80029a5060]
15:06:48.564 3 CLASSPNP.SYS[fffff880019be43f] -> nt!IofCallDriver -> [0xfffffa80026d8520]
15:06:48.572 5 ACPI.sys[fffff88000f8d7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa80026b6680]
15:06:49.036 AVAST engine scan C:\Windows
15:06:49.045 AVAST engine scan C:\Windows\system32
15:06:49.054 AVAST engine scan C:\Windows\system32\drivers
15:06:49.063 AVAST engine scan C:\Users\Ricardo
15:06:49.069 AVAST engine scan C:\ProgramData
15:06:49.073 Scan finished successfully
15:07:21.409 Disk 0 MBR has been saved successfully to "C:\Users\Ricardo\Desktop\MBR.dat"
15:07:21.414 The log file has been saved successfully to "C:\Users\Ricardo\Desktop\aswMBR.txt"
  • 0

#12
maliprog
Posted 22 December 2011 - 12:20 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Mordomo,

Here at Geeks to Go we have a policy of not offering assistance to those with 'cracked' software. It is quite evident from the VRT log that you have this type of material residing on your computer. It would appear that downloading this type of material is the most likely cause of the infections and problems you are experiencing with your system. Using 'cracked' software is not only inviting a host of different types of virus and malware but is also illegal.

I would recommend you to remove all cracks from your system because next time you require assistance you may not get any help.

Let's continue...

Step 1

Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" should be Cure
    • (If suspicious file is detected please click on it and change it to Skip).
  • Click Continue button
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.


Step 2

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Step 3

Please don't forget to include these items in your reply:

  • TDSSKiller log
  • Combofix log
It would be helpful if you could post each log in separate post
  • 0

#13
Mordomo
Posted 22 December 2011 - 08:33 AM

Mordomo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
TDSSKiller log:

14:30:52.0863 1008 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
14:30:53.0002 1008 ============================================================
14:30:53.0002 1008 Current date / time: 2011/12/22 14:30:53.0002
14:30:53.0002 1008 SystemInfo:
14:30:53.0002 1008
14:30:53.0002 1008 OS Version: 6.1.7601 ServicePack: 1.0
14:30:53.0002 1008 Product type: Workstation
14:30:53.0002 1008 ComputerName: RICARDO-PC
14:30:53.0002 1008 UserName: Ricardo
14:30:53.0002 1008 Windows directory: C:\Windows
14:30:53.0002 1008 System windows directory: C:\Windows
14:30:53.0002 1008 Running under WOW64
14:30:53.0002 1008 Processor architecture: Intel x64
14:30:53.0002 1008 Number of processors: 4
14:30:53.0002 1008 Page size: 0x1000
14:30:53.0002 1008 Boot type: Normal boot
14:30:53.0002 1008 ============================================================
14:30:53.0366 1008 Initialize success
14:31:01.0997 3588 ============================================================
14:31:01.0997 3588 Scan started
14:31:01.0997 3588 Mode: Manual;
14:31:01.0997 3588 ============================================================
14:31:02.0650 3588 1394ohci - ok
14:31:02.0656 3588 ACPI - ok
14:31:02.0669 3588 AcpiPmi - ok
14:31:02.0698 3588 adp94xx - ok
14:31:02.0707 3588 adpahci - ok
14:31:02.0714 3588 adpu320 - ok
14:31:02.0724 3588 AFD - ok
14:31:02.0727 3588 agp440 - ok
14:31:02.0740 3588 aliide - ok
14:31:02.0743 3588 amdide - ok
14:31:02.0745 3588 AmdK8 - ok
14:31:02.0749 3588 AmdPPM - ok
14:31:02.0752 3588 amdsata - ok
14:31:02.0755 3588 amdsbs - ok
14:31:02.0759 3588 amdxata - ok
14:31:02.0762 3588 androidusb - ok
14:31:02.0766 3588 AppID - ok
14:31:02.0774 3588 arc - ok
14:31:02.0776 3588 arcsas - ok
14:31:02.0778 3588 aswFsBlk - ok
14:31:02.0788 3588 aswMonFlt - ok
14:31:02.0791 3588 aswRdr - ok
14:31:02.0798 3588 aswSnx - ok
14:31:02.0800 3588 aswSP - ok
14:31:02.0803 3588 aswTdi - ok
14:31:02.0805 3588 AsyncMac - ok
14:31:02.0808 3588 atapi - ok
14:31:02.0814 3588 b06bdrv - ok
14:31:02.0817 3588 b57nd60a - ok
14:31:02.0822 3588 Beep - ok
14:31:02.0836 3588 blbdrive - ok
14:31:02.0838 3588 bowser - ok
14:31:02.0841 3588 BrFiltLo - ok
14:31:02.0843 3588 BrFiltUp - ok
14:31:02.0847 3588 Brserid - ok
14:31:02.0849 3588 BrSerWdm - ok
14:31:02.0852 3588 BrUsbMdm - ok
14:31:02.0854 3588 BrUsbSer - ok
14:31:02.0859 3588 BTHMODEM - ok
14:31:02.0864 3588 cdfs - ok
14:31:02.0867 3588 cdrom - ok
14:31:02.0871 3588 circlass - ok
14:31:02.0873 3588 CLFS - ok
14:31:02.0883 3588 CmBatt - ok
14:31:02.0885 3588 cmdide - ok
14:31:02.0891 3588 CNG - ok
14:31:02.0894 3588 Compbatt - ok
14:31:02.0896 3588 CompositeBus - ok
14:31:02.0920 3588 crcdisk - ok
14:31:02.0939 3588 CSC - ok
14:31:02.0959 3588 DfsC - ok
14:31:02.0962 3588 discache - ok
14:31:02.0965 3588 Disk - ok
14:31:02.0968 3588 dmvsc - ok
14:31:03.0003 3588 drmkaud - ok
14:31:03.0005 3588 DXGKrnl - ok
14:31:03.0009 3588 ebdrv - ok
14:31:03.0016 3588 elxstor - ok
14:31:03.0018 3588 ErrDev - ok
14:31:03.0024 3588 exfat - ok
14:31:03.0027 3588 fastfat - ok
14:31:03.0031 3588 fdc - ok
14:31:03.0036 3588 FileInfo - ok
14:31:03.0039 3588 Filetrace - ok
14:31:03.0041 3588 flpydisk - ok
14:31:03.0044 3588 FltMgr - ok
14:31:03.0049 3588 FsDepends - ok
14:31:03.0051 3588 Fs_Rec - ok
14:31:03.0053 3588 fvevol - ok
14:31:03.0064 3588 gagp30kx - ok
14:31:03.0068 3588 hcw85cir - ok
14:31:03.0070 3588 HdAudAddService - ok
14:31:03.0073 3588 HDAudBus - ok
14:31:03.0075 3588 HidBatt - ok
14:31:03.0078 3588 HidBth - ok
14:31:03.0080 3588 HidIr - ok
14:31:03.0101 3588 HidUsb - ok
14:31:03.0107 3588 HpSAMD - ok
14:31:03.0109 3588 HTTP - ok
14:31:03.0112 3588 hwpolicy - ok
14:31:03.0121 3588 i8042prt - ok
14:31:03.0127 3588 iaStorV - ok
14:31:03.0131 3588 iirsp - ok
14:31:03.0136 3588 intelide - ok
14:31:03.0152 3588 intelppm - ok
14:31:03.0156 3588 IpFilterDriver - ok
14:31:03.0159 3588 IPMIDRV - ok
14:31:03.0162 3588 IPNAT - ok
14:31:03.0164 3588 IRENUM - ok
14:31:03.0167 3588 isapnp - ok
14:31:03.0169 3588 iScsiPrt - ok
14:31:03.0172 3588 kbdclass - ok
14:31:03.0174 3588 kbdhid - ok
14:31:03.0177 3588 KSecDD - ok
14:31:03.0180 3588 KSecPkg - ok
14:31:03.0183 3588 ksthunk - ok
14:31:03.0193 3588 lltdio - ok
14:31:03.0200 3588 LSI_FC - ok
14:31:03.0203 3588 LSI_SAS - ok
14:31:03.0205 3588 LSI_SAS2 - ok
14:31:03.0207 3588 LSI_SCSI - ok
14:31:03.0210 3588 luafv - ok
14:31:03.0213 3588 megasas - ok
14:31:03.0216 3588 MegaSR - ok
14:31:03.0228 3588 Modem - ok
14:31:03.0231 3588 monitor - ok
14:31:03.0233 3588 mouclass - ok
14:31:03.0240 3588 mouhid - ok
14:31:03.0251 3588 mountmgr - ok
14:31:03.0253 3588 mpio - ok
14:31:03.0255 3588 mpsdrv - ok
14:31:03.0259 3588 MRxDAV - ok
14:31:03.0261 3588 mrxsmb - ok
14:31:03.0263 3588 mrxsmb10 - ok
14:31:03.0266 3588 mrxsmb20 - ok
14:31:03.0269 3588 msahci - ok
14:31:03.0271 3588 msdsm - ok
14:31:03.0276 3588 Msfs - ok
14:31:03.0279 3588 mshidkmdf - ok
14:31:03.0281 3588 msisadrv - ok
14:31:03.0286 3588 MSKSSRV - ok
14:31:03.0288 3588 MSPCLOCK - ok
14:31:03.0291 3588 MSPQM - ok
14:31:03.0293 3588 MsRPC - ok
14:31:03.0296 3588 mssmbios - ok
14:31:03.0299 3588 MSTEE - ok
14:31:03.0302 3588 MTConfig - ok
14:31:03.0324 3588 MTsensor - ok
14:31:03.0326 3588 Mup - ok
14:31:03.0334 3588 NativeWifiP - ok
14:31:03.0337 3588 NDIS - ok
14:31:03.0339 3588 NdisCap - ok
14:31:03.0341 3588 NdisTapi - ok
14:31:03.0344 3588 Ndisuio - ok
14:31:03.0346 3588 NdisWan - ok
14:31:03.0349 3588 NDProxy - ok
14:31:03.0351 3588 NetBIOS - ok
14:31:03.0354 3588 NetBT - ok
14:31:03.0363 3588 nfrd960 - ok
14:31:03.0370 3588 Npfs - ok
14:31:03.0373 3588 nsiproxy - ok
14:31:03.0377 3588 Ntfs - ok
14:31:03.0379 3588 Null - ok
14:31:03.0386 3588 NVHDA - ok
14:31:03.0388 3588 nvlddmkm - ok
14:31:03.0400 3588 nvraid - ok
14:31:03.0403 3588 nvstor - ok
14:31:03.0416 3588 nv_agp - ok
14:31:03.0418 3588 ohci1394 - ok
14:31:03.0422 3588 Parport - ok
14:31:03.0425 3588 partmgr - ok
14:31:03.0428 3588 pci - ok
14:31:03.0430 3588 pciide - ok
14:31:03.0433 3588 pcmcia - ok
14:31:03.0436 3588 pcw - ok
14:31:03.0438 3588 PEAUTH - ok
14:31:03.0467 3588 PptpMiniport - ok
14:31:03.0470 3588 Processor - ok
14:31:03.0475 3588 Psched - ok
14:31:03.0478 3588 ql2300 - ok
14:31:03.0480 3588 ql40xx - ok
14:31:03.0484 3588 QWAVEdrv - ok
14:31:03.0487 3588 RasAcd - ok
14:31:03.0492 3588 RasAgileVpn - ok
14:31:03.0496 3588 Rasl2tp - ok
14:31:03.0500 3588 RasPppoe - ok
14:31:03.0502 3588 RasSstp - ok
14:31:03.0504 3588 rdbss - ok
14:31:03.0507 3588 rdpbus - ok
14:31:03.0509 3588 RDPCDD - ok
14:31:03.0512 3588 RDPDR - ok
14:31:03.0514 3588 RDPENCDD - ok
14:31:03.0518 3588 RDPREFMP - ok
14:31:03.0522 3588 RdpVideoMiniport - ok
14:31:03.0524 3588 RDPWD - ok
14:31:03.0527 3588 rdyboost - ok
14:31:03.0543 3588 rspndr - ok
14:31:03.0545 3588 RTL8167 - ok
14:31:03.0547 3588 s3cap - ok
14:31:03.0551 3588 sbp2port - ok
14:31:03.0555 3588 scfilter - ok
14:31:03.0560 3588 secdrv - ok
14:31:03.0574 3588 Serenum - ok
14:31:03.0576 3588 Serial - ok
14:31:03.0579 3588 sermouse - ok
14:31:03.0586 3588 sffdisk - ok
14:31:03.0588 3588 sffp_mmc - ok
14:31:03.0590 3588 sffp_sd - ok
14:31:03.0592 3588 sfloppy - ok
14:31:03.0605 3588 SiSRaid2 - ok
14:31:03.0608 3588 SiSRaid4 - ok
14:31:03.0610 3588 Smb - ok
14:31:03.0623 3588 spldr - ok
14:31:03.0629 3588 srv - ok
14:31:03.0631 3588 srv2 - ok
14:31:03.0634 3588 srvnet - ok
14:31:03.0641 3588 ssadbus - ok
14:31:03.0646 3588 ssadmdfl - ok
14:31:03.0649 3588 ssadmdm - ok
14:31:03.0666 3588 stexstor - ok
14:31:03.0669 3588 storflt - ok
14:31:03.0672 3588 storvsc - ok
14:31:03.0674 3588 swenum - ok
14:31:03.0682 3588 Synth3dVsc - ok
14:31:03.0690 3588 Tcpip - ok
14:31:03.0707 3588 TCPIP6 - ok
14:31:03.0710 3588 tcpipreg - ok
14:31:03.0714 3588 TDPIPE - ok
14:31:03.0717 3588 TDTCP - ok
14:31:03.0719 3588 tdx - ok
14:31:03.0722 3588 TermDD - ok
14:31:03.0724 3588 terminpt - ok
14:31:03.0768 3588 tssecsrv - ok
14:31:03.0773 3588 TsUsbFlt - ok
14:31:03.0778 3588 TsUsbGD - ok
14:31:03.0782 3588 tsusbhub - ok
14:31:03.0796 3588 tunnel - ok
14:31:03.0799 3588 uagp35 - ok
14:31:03.0802 3588 udfs - ok
14:31:03.0808 3588 uliagpkx - ok
14:31:03.0818 3588 umbus - ok
14:31:03.0820 3588 UmPass - ok
14:31:03.0826 3588 usbccgp - ok
14:31:03.0829 3588 usbcir - ok
14:31:03.0831 3588 usbehci - ok
14:31:03.0835 3588 usbhub - ok
14:31:03.0838 3588 usbohci - ok
14:31:03.0840 3588 usbprint - ok
14:31:03.0843 3588 USBSTOR - ok
14:31:03.0846 3588 usbuhci - ok
14:31:03.0852 3588 vdrvroot - ok
14:31:03.0856 3588 vga - ok
14:31:03.0858 3588 VgaSave - ok
14:31:03.0860 3588 VGPU - ok
14:31:03.0863 3588 vhdmp - ok
14:31:03.0865 3588 viaide - ok
14:31:03.0868 3588 vmbus - ok
14:31:03.0870 3588 VMBusHID - ok
14:31:03.0872 3588 volmgr - ok
14:31:03.0874 3588 volmgrx - ok
14:31:03.0876 3588 volsnap - ok
14:31:03.0879 3588 vsmraid - ok
14:31:03.0882 3588 vwifibus - ok
14:31:03.0893 3588 WacomPen - ok
14:31:03.0907 3588 WANARP - ok
14:31:03.0910 3588 Wanarpv6 - ok
14:31:03.0925 3588 Wd - ok
14:31:03.0927 3588 Wdf01000 - ok
14:31:03.0937 3588 WfpLwf - ok
14:31:03.0939 3588 WIMMount - ok
14:31:03.0951 3588 WmiAcpi - ok
14:31:03.0959 3588 ws2ifsl - ok
14:31:03.0966 3588 WudfPf - ok
14:31:03.0968 3588 WUDFRd - ok
14:31:03.0983 3588 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:31:03.0986 3588 \Device\Harddisk0\DR0 - ok
14:31:03.0988 3588 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
14:31:03.0991 3588 \Device\Harddisk1\DR1 - ok
14:31:03.0993 3588 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
14:31:03.0996 3588 \Device\Harddisk2\DR2 - ok
14:31:03.0998 3588 Boot (0x1200) (780f21e12c386901e4cc570ba6f2184f) \Device\Harddisk1\DR1\Partition0
14:31:03.0998 3588 \Device\Harddisk1\DR1\Partition0 - ok
14:31:04.0000 3588 Boot (0x1200) (477c1d26a10d4841ad1fece788c5c1b0) \Device\Harddisk2\DR2\Partition0
14:31:04.0001 3588 \Device\Harddisk2\DR2\Partition0 - ok
14:31:04.0002 3588 ============================================================
14:31:04.0002 3588 Scan finished
14:31:04.0002 3588 ============================================================
14:31:04.0007 3204 Detected object count: 0
14:31:04.0007 3204 Actual detected object count: 0
14:31:48.0025 3424 ============================================================
14:31:48.0025 3424 Scan started
14:31:48.0025 3424 Mode: Manual;
14:31:48.0025 3424 ============================================================
14:31:48.0048 3424 1394ohci - ok
14:31:48.0052 3424 ACPI - ok
14:31:48.0056 3424 AcpiPmi - ok
14:31:48.0061 3424 adp94xx - ok
14:31:48.0064 3424 adpahci - ok
14:31:48.0068 3424 adpu320 - ok
14:31:48.0074 3424 AFD - ok
14:31:48.0076 3424 agp440 - ok
14:31:48.0079 3424 aliide - ok
14:31:48.0082 3424 amdide - ok
14:31:48.0084 3424 AmdK8 - ok
14:31:48.0086 3424 AmdPPM - ok
14:31:48.0088 3424 amdsata - ok
14:31:48.0091 3424 amdsbs - ok
14:31:48.0093 3424 amdxata - ok
14:31:48.0095 3424 androidusb - ok
14:31:48.0097 3424 AppID - ok
14:31:48.0102 3424 arc - ok
14:31:48.0105 3424 arcsas - ok
14:31:48.0107 3424 aswFsBlk - ok
14:31:48.0109 3424 aswMonFlt - ok
14:31:48.0111 3424 aswRdr - ok
14:31:48.0113 3424 aswSnx - ok
14:31:48.0115 3424 aswSP - ok
14:31:48.0117 3424 aswTdi - ok
14:31:48.0120 3424 AsyncMac - ok
14:31:48.0122 3424 atapi - ok
14:31:48.0128 3424 b06bdrv - ok
14:31:48.0130 3424 b57nd60a - ok
14:31:48.0135 3424 Beep - ok
14:31:48.0139 3424 blbdrive - ok
14:31:48.0141 3424 bowser - ok
14:31:48.0143 3424 BrFiltLo - ok
14:31:48.0146 3424 BrFiltUp - ok
14:31:48.0149 3424 Brserid - ok
14:31:48.0151 3424 BrSerWdm - ok
14:31:48.0153 3424 BrUsbMdm - ok
14:31:48.0156 3424 BrUsbSer - ok
14:31:48.0158 3424 BTHMODEM - ok
14:31:48.0162 3424 cdfs - ok
14:31:48.0164 3424 cdrom - ok
14:31:48.0167 3424 circlass - ok
14:31:48.0170 3424 CLFS - ok
14:31:48.0176 3424 CmBatt - ok
14:31:48.0178 3424 cmdide - ok
14:31:48.0180 3424 CNG - ok
14:31:48.0182 3424 Compbatt - ok
14:31:48.0185 3424 CompositeBus - ok
14:31:48.0188 3424 crcdisk - ok
14:31:48.0193 3424 CSC - ok
14:31:48.0199 3424 DfsC - ok
14:31:48.0202 3424 discache - ok
14:31:48.0204 3424 Disk - ok
14:31:48.0207 3424 dmvsc - ok
14:31:48.0212 3424 drmkaud - ok
14:31:48.0214 3424 DXGKrnl - ok
14:31:48.0217 3424 ebdrv - ok
14:31:48.0222 3424 elxstor - ok
14:31:48.0224 3424 ErrDev - ok
14:31:48.0229 3424 exfat - ok
14:31:48.0232 3424 fastfat - ok
14:31:48.0235 3424 fdc - ok
14:31:48.0239 3424 FileInfo - ok
14:31:48.0242 3424 Filetrace - ok
14:31:48.0244 3424 flpydisk - ok
14:31:48.0246 3424 FltMgr - ok
14:31:48.0250 3424 FsDepends - ok
14:31:48.0252 3424 Fs_Rec - ok
14:31:48.0254 3424 fvevol - ok
14:31:48.0257 3424 gagp30kx - ok
14:31:48.0260 3424 hcw85cir - ok
14:31:48.0262 3424 HdAudAddService - ok
14:31:48.0264 3424 HDAudBus - ok
14:31:48.0267 3424 HidBatt - ok
14:31:48.0269 3424 HidBth - ok
14:31:48.0271 3424 HidIr - ok
14:31:48.0274 3424 HidUsb - ok
14:31:48.0279 3424 HpSAMD - ok
14:31:48.0281 3424 HTTP - ok
14:31:48.0283 3424 hwpolicy - ok
14:31:48.0286 3424 i8042prt - ok
14:31:48.0288 3424 iaStorV - ok
14:31:48.0291 3424 iirsp - ok
14:31:48.0295 3424 intelide - ok
14:31:48.0298 3424 intelppm - ok
14:31:48.0301 3424 IpFilterDriver - ok
14:31:48.0304 3424 IPMIDRV - ok
14:31:48.0307 3424 IPNAT - ok
14:31:48.0309 3424 IRENUM - ok
14:31:48.0311 3424 isapnp - ok
14:31:48.0313 3424 iScsiPrt - ok
14:31:48.0315 3424 kbdclass - ok
14:31:48.0317 3424 kbdhid - ok
14:31:48.0321 3424 KSecDD - ok
14:31:48.0323 3424 KSecPkg - ok
14:31:48.0325 3424 ksthunk - ok
14:31:48.0332 3424 lltdio - ok
14:31:48.0337 3424 LSI_FC - ok
14:31:48.0339 3424 LSI_SAS - ok
14:31:48.0342 3424 LSI_SAS2 - ok
14:31:48.0344 3424 LSI_SCSI - ok
14:31:48.0346 3424 luafv - ok
14:31:48.0349 3424 megasas - ok
14:31:48.0351 3424 MegaSR - ok
14:31:48.0355 3424 Modem - ok
14:31:48.0357 3424 monitor - ok
14:31:48.0359 3424 mouclass - ok
14:31:48.0361 3424 mouhid - ok
14:31:48.0363 3424 mountmgr - ok
14:31:48.0366 3424 mpio - ok
14:31:48.0368 3424 mpsdrv - ok
14:31:48.0371 3424 MRxDAV - ok
14:31:48.0373 3424 mrxsmb - ok
14:31:48.0376 3424 mrxsmb10 - ok
14:31:48.0378 3424 mrxsmb20 - ok
14:31:48.0380 3424 msahci - ok
14:31:48.0382 3424 msdsm - ok
14:31:48.0387 3424 Msfs - ok
14:31:48.0390 3424 mshidkmdf - ok
14:31:48.0392 3424 msisadrv - ok
14:31:48.0396 3424 MSKSSRV - ok
14:31:48.0399 3424 MSPCLOCK - ok
14:31:48.0401 3424 MSPQM - ok
14:31:48.0403 3424 MsRPC - ok
14:31:48.0407 3424 mssmbios - ok
14:31:48.0409 3424 MSTEE - ok
14:31:48.0411 3424 MTConfig - ok
14:31:48.0413 3424 MTsensor - ok
14:31:48.0415 3424 Mup - ok
14:31:48.0418 3424 NativeWifiP - ok
14:31:48.0420 3424 NDIS - ok
14:31:48.0423 3424 NdisCap - ok
14:31:48.0425 3424 NdisTapi - ok
14:31:48.0427 3424 Ndisuio - ok
14:31:48.0429 3424 NdisWan - ok
14:31:48.0432 3424 NDProxy - ok
14:31:48.0434 3424 NetBIOS - ok
14:31:48.0436 3424 NetBT - ok
14:31:48.0442 3424 nfrd960 - ok
14:31:48.0446 3424 Npfs - ok
14:31:48.0449 3424 nsiproxy - ok
14:31:48.0452 3424 Ntfs - ok
14:31:48.0454 3424 Null - ok
14:31:48.0456 3424 NVHDA - ok
14:31:48.0459 3424 nvlddmkm - ok
14:31:48.0461 3424 nvraid - ok
14:31:48.0463 3424 nvstor - ok
14:31:48.0467 3424 nv_agp - ok
14:31:48.0469 3424 ohci1394 - ok
14:31:48.0474 3424 Parport - ok
14:31:48.0476 3424 partmgr - ok
14:31:48.0479 3424 pci - ok
14:31:48.0481 3424 pciide - ok
14:31:48.0483 3424 pcmcia - ok
14:31:48.0486 3424 pcw - ok
14:31:48.0488 3424 PEAUTH - ok
14:31:48.0504 3424 PptpMiniport - ok
14:31:48.0507 3424 Processor - ok
14:31:48.0511 3424 Psched - ok
14:31:48.0513 3424 ql2300 - ok
14:31:48.0515 3424 ql40xx - ok
14:31:48.0518 3424 QWAVEdrv - ok
14:31:48.0521 3424 RasAcd - ok
14:31:48.0522 3424 RasAgileVpn - ok
14:31:48.0526 3424 Rasl2tp - ok
14:31:48.0529 3424 RasPppoe - ok
14:31:48.0531 3424 RasSstp - ok
14:31:48.0533 3424 rdbss - ok
14:31:48.0535 3424 rdpbus - ok
14:31:48.0538 3424 RDPCDD - ok
14:31:48.0541 3424 RDPDR - ok
14:31:48.0543 3424 RDPENCDD - ok
14:31:48.0546 3424 RDPREFMP - ok
14:31:48.0549 3424 RdpVideoMiniport - ok
14:31:48.0552 3424 RDPWD - ok
14:31:48.0554 3424 rdyboost - ok
14:31:48.0561 3424 rspndr - ok
14:31:48.0564 3424 RTL8167 - ok
14:31:48.0566 3424 s3cap - ok
14:31:48.0569 3424 sbp2port - ok
14:31:48.0572 3424 scfilter - ok
14:31:48.0578 3424 secdrv - ok
14:31:48.0583 3424 Serenum - ok
14:31:48.0585 3424 Serial - ok
14:31:48.0587 3424 sermouse - ok
14:31:48.0594 3424 sffdisk - ok
14:31:48.0596 3424 sffp_mmc - ok
14:31:48.0598 3424 sffp_sd - ok
14:31:48.0600 3424 sfloppy - ok
14:31:48.0605 3424 SiSRaid2 - ok
14:31:48.0607 3424 SiSRaid4 - ok
14:31:48.0609 3424 Smb - ok
14:31:48.0614 3424 spldr - ok
14:31:48.0619 3424 srv - ok
14:31:48.0622 3424 srv2 - ok
14:31:48.0624 3424 srvnet - ok
14:31:48.0626 3424 ssadbus - ok
14:31:48.0629 3424 ssadmdfl - ok
14:31:48.0631 3424 ssadmdm - ok
14:31:48.0637 3424 stexstor - ok
14:31:48.0641 3424 storflt - ok
14:31:48.0643 3424 storvsc - ok
14:31:48.0645 3424 swenum - ok
14:31:48.0648 3424 Synth3dVsc - ok
14:31:48.0655 3424 Tcpip - ok
14:31:48.0657 3424 TCPIP6 - ok
14:31:48.0660 3424 tcpipreg - ok
14:31:48.0663 3424 TDPIPE - ok
14:31:48.0666 3424 TDTCP - ok
14:31:48.0668 3424 tdx - ok
14:31:48.0670 3424 TermDD - ok
14:31:48.0673 3424 terminpt - ok
14:31:48.0682 3424 tssecsrv - ok
14:31:48.0685 3424 TsUsbFlt - ok
14:31:48.0687 3424 TsUsbGD - ok
14:31:48.0692 3424 tsusbhub - ok
14:31:48.0696 3424 tunnel - ok
14:31:48.0700 3424 uagp35 - ok
14:31:48.0702 3424 udfs - ok
14:31:48.0708 3424 uliagpkx - ok
14:31:48.0710 3424 umbus - ok
14:31:48.0712 3424 UmPass - ok
14:31:48.0716 3424 usbccgp - ok
14:31:48.0718 3424 usbcir - ok
14:31:48.0720 3424 usbehci - ok
14:31:48.0723 3424 usbhub - ok
14:31:48.0725 3424 usbohci - ok
14:31:48.0727 3424 usbprint - ok
14:31:48.0730 3424 USBSTOR - ok
14:31:48.0732 3424 usbuhci - ok
14:31:48.0736 3424 vdrvroot - ok
14:31:48.0739 3424 vga - ok
14:31:48.0742 3424 VgaSave - ok
14:31:48.0744 3424 VGPU - ok
14:31:48.0746 3424 vhdmp - ok
14:31:48.0748 3424 viaide - ok
14:31:48.0750 3424 vmbus - ok
14:31:48.0753 3424 VMBusHID - ok
14:31:48.0755 3424 volmgr - ok
14:31:48.0757 3424 volmgrx - ok
14:31:48.0760 3424 volsnap - ok
14:31:48.0762 3424 vsmraid - ok
14:31:48.0765 3424 vwifibus - ok
14:31:48.0769 3424 WacomPen - ok
14:31:48.0771 3424 WANARP - ok
14:31:48.0774 3424 Wanarpv6 - ok
14:31:48.0781 3424 Wd - ok
14:31:48.0783 3424 Wdf01000 - ok
14:31:48.0792 3424 WfpLwf - ok
14:31:48.0794 3424 WIMMount - ok
14:31:48.0805 3424 WmiAcpi - ok
14:31:48.0813 3424 ws2ifsl - ok
14:31:48.0819 3424 WudfPf - ok
14:31:48.0821 3424 WUDFRd - ok
14:31:48.0840 3424 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:31:48.0843 3424 \Device\Harddisk0\DR0 - ok
14:31:48.0845 3424 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
14:31:48.0847 3424 \Device\Harddisk1\DR1 - ok
14:31:48.0849 3424 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
14:31:48.0852 3424 \Device\Harddisk2\DR2 - ok
14:31:48.0854 3424 Boot (0x1200) (780f21e12c386901e4cc570ba6f2184f) \Device\Harddisk1\DR1\Partition0
14:31:48.0854 3424 \Device\Harddisk1\DR1\Partition0 - ok
14:31:48.0856 3424 Boot (0x1200) (477c1d26a10d4841ad1fece788c5c1b0) \Device\Harddisk2\DR2\Partition0
14:31:48.0857 3424 \Device\Harddisk2\DR2\Partition0 - ok
14:31:48.0857 3424 ============================================================
14:31:48.0857 3424 Scan finished
14:31:48.0857 3424 ============================================================
14:31:48.0862 1708 Detected object count: 0
14:31:48.0862 1708 Actual detected object count: 0
14:31:49.0929 0676 ============================================================
14:31:49.0930 0676 Scan started
14:31:49.0930 0676 Mode: Manual;
14:31:49.0930 0676 ============================================================
14:31:49.0968 0676 1394ohci - ok
14:31:49.0973 0676 ACPI - ok
14:31:49.0979 0676 AcpiPmi - ok
14:31:49.0986 0676 adp94xx - ok
14:31:49.0991 0676 adpahci - ok
14:31:49.0994 0676 adpu320 - ok
14:31:50.0000 0676 AFD - ok
14:31:50.0003 0676 agp440 - ok
14:31:50.0007 0676 aliide - ok
14:31:50.0011 0676 amdide - ok
14:31:50.0014 0676 AmdK8 - ok
14:31:50.0016 0676 AmdPPM - ok
14:31:50.0019 0676 amdsata - ok
14:31:50.0022 0676 amdsbs - ok
14:31:50.0024 0676 amdxata - ok
14:31:50.0027 0676 androidusb - ok
14:31:50.0029 0676 AppID - ok
14:31:50.0035 0676 arc - ok
14:31:50.0037 0676 arcsas - ok
14:31:50.0040 0676 aswFsBlk - ok
14:31:50.0042 0676 aswMonFlt - ok
14:31:50.0044 0676 aswRdr - ok
14:31:50.0047 0676 aswSnx - ok
14:31:50.0049 0676 aswSP - ok
14:31:50.0051 0676 aswTdi - ok
14:31:50.0054 0676 AsyncMac - ok
14:31:50.0056 0676 atapi - ok
14:31:50.0063 0676 b06bdrv - ok
14:31:50.0066 0676 b57nd60a - ok
14:31:50.0070 0676 Beep - ok
14:31:50.0075 0676 blbdrive - ok
14:31:50.0077 0676 bowser - ok
14:31:50.0080 0676 BrFiltLo - ok
14:31:50.0082 0676 BrFiltUp - ok
14:31:50.0085 0676 Brserid - ok
14:31:50.0088 0676 BrSerWdm - ok
14:31:50.0090 0676 BrUsbMdm - ok
14:31:50.0092 0676 BrUsbSer - ok
14:31:50.0095 0676 BTHMODEM - ok
14:31:50.0099 0676 cdfs - ok
14:31:50.0102 0676 cdrom - ok
14:31:50.0105 0676 circlass - ok
14:31:50.0107 0676 CLFS - ok
14:31:50.0114 0676 CmBatt - ok
14:31:50.0117 0676 cmdide - ok
14:31:50.0119 0676 CNG - ok
14:31:50.0121 0676 Compbatt - ok
14:31:50.0124 0676 CompositeBus - ok
14:31:50.0127 0676 crcdisk - ok
14:31:50.0132 0676 CSC - ok
14:31:50.0138 0676 DfsC - ok
14:31:50.0142 0676 discache - ok
14:31:50.0145 0676 Disk - ok
14:31:50.0147 0676 dmvsc - ok
14:31:50.0152 0676 drmkaud - ok
14:31:50.0155 0676 DXGKrnl - ok
14:31:50.0158 0676 ebdrv - ok
14:31:50.0164 0676 elxstor - ok
14:31:50.0167 0676 ErrDev - ok
14:31:50.0172 0676 exfat - ok
14:31:50.0175 0676 fastfat - ok
14:31:50.0177 0676 fdc - ok
14:31:50.0182 0676 FileInfo - ok
14:31:50.0184 0676 Filetrace - ok
14:31:50.0186 0676 flpydisk - ok
14:31:50.0189 0676 FltMgr - ok
14:31:50.0193 0676 FsDepends - ok
14:31:50.0196 0676 Fs_Rec - ok
14:31:50.0198 0676 fvevol - ok
14:31:50.0200 0676 gagp30kx - ok
14:31:50.0204 0676 hcw85cir - ok
14:31:50.0206 0676 HdAudAddService - ok
14:31:50.0209 0676 HDAudBus - ok
14:31:50.0211 0676 HidBatt - ok
14:31:50.0213 0676 HidBth - ok
14:31:50.0216 0676 HidIr - ok
14:31:50.0219 0676 HidUsb - ok
14:31:50.0225 0676 HpSAMD - ok
14:31:50.0227 0676 HTTP - ok
14:31:50.0229 0676 hwpolicy - ok
14:31:50.0231 0676 i8042prt - ok
14:31:50.0234 0676 iaStorV - ok
14:31:50.0237 0676 iirsp - ok
14:31:50.0242 0676 intelide - ok
14:31:50.0245 0676 intelppm - ok
14:31:50.0248 0676 IpFilterDriver - ok
14:31:50.0252 0676 IPMIDRV - ok
14:31:50.0254 0676 IPNAT - ok
14:31:50.0256 0676 IRENUM - ok
14:31:50.0259 0676 isapnp - ok
14:31:50.0262 0676 iScsiPrt - ok
14:31:50.0264 0676 kbdclass - ok
14:31:50.0266 0676 kbdhid - ok
14:31:50.0270 0676 KSecDD - ok
14:31:50.0272 0676 KSecPkg - ok
14:31:50.0274 0676 ksthunk - ok
14:31:50.0281 0676 lltdio - ok
14:31:50.0287 0676 LSI_FC - ok
14:31:50.0289 0676 LSI_SAS - ok
14:31:50.0292 0676 LSI_SAS2 - ok
14:31:50.0294 0676 LSI_SCSI - ok
14:31:50.0296 0676 luafv - ok
14:31:50.0299 0676 megasas - ok
14:31:50.0302 0676 MegaSR - ok
14:31:50.0305 0676 Modem - ok
14:31:50.0307 0676 monitor - ok
14:31:50.0310 0676 mouclass - ok
14:31:50.0312 0676 mouhid - ok
14:31:50.0314 0676 mountmgr - ok
14:31:50.0317 0676 mpio - ok
14:31:50.0319 0676 mpsdrv - ok
14:31:50.0322 0676 MRxDAV - ok
14:31:50.0325 0676 mrxsmb - ok
14:31:50.0327 0676 mrxsmb10 - ok
14:31:50.0329 0676 mrxsmb20 - ok
14:31:50.0332 0676 msahci - ok
14:31:50.0334 0676 msdsm - ok
14:31:50.0340 0676 Msfs - ok
14:31:50.0342 0676 mshidkmdf - ok
14:31:50.0345 0676 msisadrv - ok
14:31:50.0349 0676 MSKSSRV - ok
14:31:50.0351 0676 MSPCLOCK - ok
14:31:50.0354 0676 MSPQM - ok
14:31:50.0356 0676 MsRPC - ok
14:31:50.0360 0676 mssmbios - ok
14:31:50.0362 0676 MSTEE - ok
14:31:50.0364 0676 MTConfig - ok
14:31:50.0366 0676 MTsensor - ok
14:31:50.0369 0676 Mup - ok
14:31:50.0372 0676 NativeWifiP - ok
14:31:50.0374 0676 NDIS - ok
14:31:50.0377 0676 NdisCap - ok
14:31:50.0379 0676 NdisTapi - ok
14:31:50.0382 0676 Ndisuio - ok
14:31:50.0384 0676 NdisWan - ok
14:31:50.0386 0676 NDProxy - ok
14:31:50.0389 0676 NetBIOS - ok
14:31:50.0391 0676 NetBT - ok
14:31:50.0398 0676 nfrd960 - ok
14:31:50.0401 0676 Npfs - ok
14:31:50.0405 0676 nsiproxy - ok
14:31:50.0408 0676 Ntfs - ok
14:31:50.0411 0676 Null - ok
14:31:50.0413 0676 NVHDA - ok
14:31:50.0415 0676 nvlddmkm - ok
14:31:50.0417 0676 nvraid - ok
14:31:50.0420 0676 nvstor - ok
14:31:50.0424 0676 nv_agp - ok
14:31:50.0427 0676 ohci1394 - ok
14:31:50.0431 0676 Parport - ok
14:31:50.0434 0676 partmgr - ok
14:31:50.0437 0676 pci - ok
14:31:50.0439 0676 pciide - ok
14:31:50.0442 0676 pcmcia - ok
14:31:50.0444 0676 pcw - ok
14:31:50.0447 0676 PEAUTH - ok
14:31:50.0464 0676 PptpMiniport - ok
14:31:50.0466 0676 Processor - ok
14:31:50.0471 0676 Psched - ok
14:31:50.0473 0676 ql2300 - ok
14:31:50.0475 0676 ql40xx - ok
14:31:50.0479 0676 QWAVEdrv - ok
14:31:50.0481 0676 RasAcd - ok
14:31:50.0484 0676 RasAgileVpn - ok
14:31:50.0487 0676 Rasl2tp - ok
14:31:50.0491 0676 RasPppoe - ok
14:31:50.0493 0676 RasSstp - ok
14:31:50.0496 0676 rdbss - ok
14:31:50.0498 0676 rdpbus - ok
14:31:50.0500 0676 RDPCDD - ok
14:31:50.0504 0676 RDPDR - ok
14:31:50.0506 0676 RDPENCDD - ok
14:31:50.0510 0676 RDPREFMP - ok
14:31:50.0513 0676 RdpVideoMiniport - ok
14:31:50.0516 0676 RDPWD - ok
14:31:50.0518 0676 rdyboost - ok
14:31:50.0526 0676 rspndr - ok
14:31:50.0528 0676 RTL8167 - ok
14:31:50.0530 0676 s3cap - ok
14:31:50.0534 0676 sbp2port - ok
14:31:50.0537 0676 scfilter - ok
14:31:50.0543 0676 secdrv - ok
14:31:50.0549 0676 Serenum - ok
14:31:50.0551 0676 Serial - ok
14:31:50.0554 0676 sermouse - ok
14:31:50.0561 0676 sffdisk - ok
14:31:50.0563 0676 sffp_mmc - ok
14:31:50.0566 0676 sffp_sd - ok
14:31:50.0568 0676 sfloppy - ok
14:31:50.0573 0676 SiSRaid2 - ok
14:31:50.0575 0676 SiSRaid4 - ok
14:31:50.0578 0676 Smb - ok
14:31:50.0583 0676 spldr - ok
14:31:50.0589 0676 srv - ok
14:31:50.0591 0676 srv2 - ok
14:31:50.0594 0676 srvnet - ok
14:31:50.0596 0676 ssadbus - ok
14:31:50.0598 0676 ssadmdfl - ok
14:31:50.0601 0676 ssadmdm - ok
14:31:50.0607 0676 stexstor - ok
14:31:50.0611 0676 storflt - ok
14:31:50.0613 0676 storvsc - ok
14:31:50.0616 0676 swenum - ok
14:31:50.0619 0676 Synth3dVsc - ok
14:31:50.0626 0676 Tcpip - ok
14:31:50.0629 0676 TCPIP6 - ok
14:31:50.0632 0676 tcpipreg - ok
14:31:50.0636 0676 TDPIPE - ok
14:31:50.0638 0676 TDTCP - ok
14:31:50.0640 0676 tdx - ok
14:31:50.0643 0676 TermDD - ok
14:31:50.0646 0676 terminpt - ok
14:31:50.0654 0676 tssecsrv - ok
14:31:50.0657 0676 TsUsbFlt - ok
14:31:50.0660 0676 TsUsbGD - ok
14:31:50.0662 0676 tsusbhub - ok
14:31:50.0664 0676 tunnel - ok
14:31:50.0667 0676 uagp35 - ok
14:31:50.0669 0676 udfs - ok
14:31:50.0675 0676 uliagpkx - ok
14:31:50.0677 0676 umbus - ok
14:31:50.0679 0676 UmPass - ok
14:31:50.0684 0676 usbccgp - ok
14:31:50.0686 0676 usbcir - ok
14:31:50.0688 0676 usbehci - ok
14:31:50.0691 0676 usbhub - ok
14:31:50.0694 0676 usbohci - ok
14:31:50.0696 0676 usbprint - ok
14:31:50.0698 0676 USBSTOR - ok
14:31:50.0701 0676 usbuhci - ok
14:31:50.0705 0676 vdrvroot - ok
14:31:50.0709 0676 vga - ok
14:31:50.0711 0676 VgaSave - ok
14:31:50.0713 0676 VGPU - ok
14:31:50.0715 0676 vhdmp - ok
14:31:50.0718 0676 viaide - ok
14:31:50.0720 0676 vmbus - ok
14:31:50.0723 0676 VMBusHID - ok
14:31:50.0725 0676 volmgr - ok
14:31:50.0727 0676 volmgrx - ok
14:31:50.0729 0676 volsnap - ok
14:31:50.0732 0676 vsmraid - ok
14:31:50.0735 0676 vwifibus - ok
14:31:50.0739 0676 WacomPen - ok
14:31:50.0741 0676 WANARP - ok
14:31:50.0744 0676 Wanarpv6 - ok
14:31:50.0751 0676 Wd - ok
14:31:50.0754 0676 Wdf01000 - ok
14:31:50.0762 0676 WfpLwf - ok
14:31:50.0764 0676 WIMMount - ok
14:31:50.0775 0676 WmiAcpi - ok
14:31:50.0783 0676 ws2ifsl - ok
14:31:50.0789 0676 WudfPf - ok
14:31:50.0791 0676 WUDFRd - ok
14:31:50.0805 0676 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:31:50.0808 0676 \Device\Harddisk0\DR0 - ok
14:31:50.0810 0676 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
14:31:50.0813 0676 \Device\Harddisk1\DR1 - ok
14:31:50.0815 0676 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
14:31:50.0818 0676 \Device\Harddisk2\DR2 - ok
14:31:50.0819 0676 Boot (0x1200) (780f21e12c386901e4cc570ba6f2184f) \Device\Harddisk1\DR1\Partition0
14:31:50.0820 0676 \Device\Harddisk1\DR1\Partition0 - ok
14:31:50.0822 0676 Boot (0x1200) (477c1d26a10d4841ad1fece788c5c1b0) \Device\Harddisk2\DR2\Partition0
14:31:50.0822 0676 \Device\Harddisk2\DR2\Partition0 - ok
14:31:50.0823 0676 ============================================================
14:31:50.0823 0676 Scan finished
14:31:50.0823 0676 ============================================================
14:31:50.0827 3420 Detected object count: 0
14:31:50.0827 3420 Actual detected object count: 0





Combofix log:


ComboFix 11-12-22.01 - Ricardo 22-12-2011 14:35:49.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.351.1033.18.2046.926 [GMT 0:00]
Executando de: c:\users\Ricardo\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
f:\$recycle.bin\S-1-5-21-3666519070-773516621-1427048961-1001\$RN65T08\amd64\filterpipelineprintproc.dll
f:\$recycle.bin\S-1-5-21-3666519070-773516621-1427048961-1001\$RN65T08\amd64\mxdwdrv.dll
f:\$recycle.bin\S-1-5-21-3666519070-773516621-1427048961-1001\$RN65T08\amd64\xpssvcs.dll
f:\$recycle.bin\S-1-5-21-3666519070-773516621-1427048961-1001\$RN65T08\i386\filterpipelineprintproc.dll
f:\$recycle.bin\S-1-5-21-3666519070-773516621-1427048961-1001\$RN65T08\i386\mxdwdrv.dll
f:\$recycle.bin\S-1-5-21-3666519070-773516621-1427048961-1001\$RN65T08\i386\xpssvcs.dll
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2011-11-22 to 2011-12-22 ))))))))))))))))))))))))))))
.
.
2011-12-22 14:39 . 2011-12-22 14:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-21 16:35 . 2011-12-22 01:28 280976 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-12-21 16:27 . 2011-12-21 16:27 -------- d-----w- c:\programdata\Ubisoft
2011-12-21 16:18 . 2011-12-22 01:28 280976 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-12-21 16:18 . 2011-12-22 01:15 280976 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-12-21 16:18 . 2011-12-21 16:18 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-12-21 16:18 . 2011-12-21 16:18 -------- d-----w- c:\program files (x86)\Ubisoft
2011-12-21 16:03 . 2011-12-21 16:18 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2011-12-21 15:10 . 2011-12-21 15:10 -------- d-----w- c:\programdata\Kaspersky Lab
2011-12-20 23:03 . 2011-03-02 11:43 203264 ----a-w- c:\windows\system32\unrar.dll
2011-12-20 23:03 . 2011-11-23 18:00 86016 ----a-w- c:\windows\system32\ff_vfw.dll
2011-12-20 23:03 . 2011-12-20 23:03 -------- d-----w- c:\program files\K-Lite Codec Pack x64
2011-12-20 23:02 . 2006-10-18 19:05 232448 ----a-w- c:\windows\SysWow64\mp3fhg.acm
2011-12-20 23:02 . 2011-11-23 18:00 74752 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2011-12-20 23:02 . 2011-07-16 15:17 151552 ----a-w- c:\windows\SysWow64\ac3acm.acm
2011-12-20 23:02 . 2011-06-24 15:44 243200 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2011-12-20 23:02 . 2011-06-24 15:28 650752 ----a-w- c:\windows\SysWow64\xvidcore.dll
2011-12-20 23:02 . 2011-12-20 23:03 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack
2011-12-20 22:09 . 2011-11-30 02:21 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F0439D3E-F120-4FF5-A102-5B50916B4B79}\mpengine.dll
2011-12-20 21:59 . 2011-12-20 21:59 -------- d-----w- C:\BTNext
2011-12-20 17:27 . 2011-12-20 17:27 302592 ----a-w- C:\pybeebbr.exe
2011-12-19 11:44 . 2011-12-19 03:50 -------- d-----w- c:\windows\Panther
2011-12-19 11:43 . 2011-12-19 11:43 -------- d-----w- C:\Boot
2011-12-19 05:35 . 2011-12-19 05:35 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2011-12-19 05:16 . 2011-12-19 05:16 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-12-19 05:08 . 2011-11-28 17:51 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-12-19 05:08 . 2011-11-28 17:53 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-12-19 05:08 . 2011-11-28 17:52 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-12-19 05:08 . 2011-11-28 17:52 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-12-19 05:08 . 2011-11-28 17:54 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-12-19 05:08 . 2011-11-28 17:52 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-12-19 05:08 . 2011-11-28 18:01 256960 ----a-w- c:\windows\system32\aswBoot.exe
2011-12-19 05:07 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2011-12-19 05:07 . 2011-11-28 18:01 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-12-19 05:07 . 2011-12-19 05:07 -------- d-----w- c:\programdata\AVAST Software
2011-12-19 05:07 . 2011-12-19 05:07 -------- d-----w- c:\program files\AVAST Software
2011-12-19 04:59 . 2011-12-19 04:59 -------- d-----w- c:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2011-12-19 04:59 . 2011-12-19 04:59 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2011-12-19 04:53 . 2010-06-02 04:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2011-12-19 04:52 . 2011-12-19 04:52 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-12-19 04:51 . 2011-12-19 04:51 -------- d-----w- c:\windows\Sun
2011-12-19 04:49 . 2011-03-02 11:43 175616 ----a-w- c:\windows\SysWow64\unrar.dll
2011-12-19 04:41 . 2011-12-19 04:41 -------- d-----w- c:\windows\SysWow64\Wat
2011-12-19 04:41 . 2011-12-19 04:41 -------- d-----w- c:\windows\system32\Wat
2011-12-19 04:33 . 2011-07-16 05:37 421888 ----a-w- c:\windows\system32\KernelBase.dll
2011-12-19 04:32 . 2011-04-29 03:06 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2011-12-19 04:31 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-19 04:31 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-19 04:31 . 2011-12-19 04:31 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-12-19 04:31 . 2011-12-19 04:31 -------- d-----w- c:\program files (x86)\Java
2011-12-19 04:29 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-19 04:29 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-12-19 04:29 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-12-19 04:18 . 2011-12-19 04:18 158056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin
2011-12-19 04:17 . 2011-12-19 04:17 -------- d-----w- c:\program files (x86)\Common Files\Steam
2011-12-19 04:11 . 2011-12-19 05:20 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-19 04:11 . 2011-12-19 04:11 -------- d-----w- c:\windows\SysWow64\Macromed
2011-12-19 04:11 . 2011-12-19 04:11 -------- d-----w- c:\windows\system32\Macromed
2011-12-19 04:05 . 2011-12-21 16:17 -------- d-sh--w- c:\windows\Installer
2011-12-19 03:52 . 2011-12-19 04:56 -------- d-----w- c:\users\UpdatusUser
2011-12-19 03:52 . 2011-12-22 14:40 -------- d-----w- c:\programdata\NVIDIA
2011-12-19 03:52 . 2011-12-19 04:56 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2011-12-19 03:52 . 2011-10-15 08:53 837952 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2011-12-19 03:52 . 2011-10-15 08:53 5067584 ----a-w- c:\windows\system32\nvsvc64.dll
2011-12-19 03:52 . 2011-10-15 08:53 222528 ----a-w- c:\windows\system32\nvmctray.dll
2011-12-19 03:52 . 2011-10-15 08:53 1640768 ----a-w- c:\windows\system32\nvvsvc.exe
2011-12-19 03:52 . 2011-10-15 08:53 137536 ----a-w- c:\windows\system32\nvshext.dll
2011-12-19 03:52 . 2011-10-15 08:53 10406208 ----a-w- c:\windows\system32\nvcpl.dll
2011-12-19 03:52 . 2011-05-21 06:01 2560616 ----a-w- c:\windows\system32\nvsvcr.dll
2011-12-19 03:52 . 2011-12-19 03:52 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-12-19 03:52 . 2011-12-19 03:52 -------- d-----w- c:\program files\NVIDIA Corporation
2011-12-19 03:50 . 2011-12-19 14:46 -------- d-----w- c:\users\Ricardo
2011-12-19 03:50 . 2011-12-19 03:50 -------- d-----w- C:\Recovery
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-15 14:29 . 2010-11-21 03:27 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-10-15 08:53 . 2011-05-21 06:01 8791360 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-10-15 08:53 . 2011-05-21 06:01 7041856 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-10-15 08:53 . 2011-05-21 06:01 2808128 ----a-w- c:\windows\system32\nvapi64.dll
2011-10-15 00:54 . 2011-10-15 00:54 321856 ----a-w- c:\windows\SysWow64\nvStreaming.exe
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\program files (x86)\Steam\steam.exe" [2011-12-19 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2011-12-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-121889406-3208898719-2922685598-1001Core.job
- c:\users\Ricardo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-19 04:37]
.
2011-12-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-121889406-3208898719-2922685598-1001UA.job
- c:\users\Ricardo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-19 04:37]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
FF - ProfilePath - c:\users\Ricardo\AppData\Roaming\Mozilla\Firefox\Profiles\5p2547rz.default\
FF - prefs.js: browser.startup.homepage - www.sapo.pt
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Outros Processos em Execução ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Tempo para conclusão: 2011-12-22 14:42:48 - Máquina reiniciou
ComboFix-quarantined-files.txt 2011-12-22 14:42
.
Pré-execução: 81.700.823.040 bytes free
Pós execução: 81.647.869.952 bytes free
.
- - End Of File - - A74E81A767E6D5943E1FABBE2951FE28

Edited by Mordomo, 22 December 2011 - 08:53 AM.

  • 0

#14
maliprog
Posted 23 December 2011 - 01:00 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
I don't see any infection on your system. Do you still have the same problem?
  • 0

#15
Mordomo
Posted 23 December 2011 - 08:08 AM

Mordomo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
No
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP