Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

how to completely remove trojan horse PSW generic9.BIVE? [Solved]

Started by Jocy7 , Feb 08 2012 01:17 PM

  • This topic is locked This topic is locked

#1
Jocy7
Posted 08 February 2012 - 01:17 PM

Jocy7

    Member

  • Member
  • PipPip
  • 17 posts
Hi,
my AVG 2011 antivirus found three threats on my computer:

Objetc name: E:/claro/databin:/CLARO_C150/AutoRun/AutoRunSetup.exe:/$BK/DataCardService/DCSHelper.exe
Detection name: Trojan Horse PSW generic9.BIVE
Object type: File
SDK type: Core
Result: infected

Objetc name: E:/claro/databin:/CLARO_C150/AutoRun/AutoRunSetup.exe
Detection name: Trojan Horse PSW generic9.BIVE
Object type: File
SDK type: Core
Result: infected

Objetc name: E:/claro/databin:/
Detection name: Trojan Horse PSW generic9.BIVE
Object type: File
SDK type: Core
Result: infected

These viruses seems to be in my 3G Mobile Internet modem. I could find the file, but I couldn't delete it. The AVG resident protection asked me to reboot the computer to remove the threat and I did it. Then I scanned the modem and the antivirus detected the viruses again, but AVG could not remove it also...

I've read some foruns about PSW generic9 viruses on the internet and I followed the recomended steps, but I could not remove the viruses. I deleted my temporary internet files and the file which originated the threat... Also, I'm not using the infected modem

My pc is running normally, but when I scan one file (a text file for example) it appears that was scanned 904 objects. It always scans the same objects (C:/Windows;system32;DRIVERS/cdfs.sys - C:/Windows;system32;DRIVERS/rassstp.sys - C:/Windows;system32;DRIVERS/wanarp.sys - HKLM/SYSTEM/CurrentControlset/Services/8042prt etc)

In the last scan AVG found two viruses:

Objetc name: C:/Program Files/claro/AutoRun/AutoRunSetup.exe:/$BK/DataCardService/DCSHelper.exe
Detection name: Trojan Horse PSW generic9.BIVE
Object type: File
SDK type: Core
Result: Moved to quarantine


Objetc name: C:/Program Files/claro/AutoRun/AutoRunSetup.exe
Detection name: Trojan Horse PSW generic9.BIVE
Object type: File
SDK type: Core
Result: Moved to quarantine

I delected the viruses from quarantine, and they are not detected by AVG anymore. However, I know they are not completely removed...

How can I procedure to remove completely the Trojan horse PSW generic9.BIVE??

I really need your help!

Sorry for the large post! :)

Thank you so much!
  • 0

Advertisements

#2
havredave
Posted 14 February 2012 - 11:19 AM

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,711 posts
Hi, welcome to GeeksToGo! I'm havredave, and I'll do my best to help you fix whatever it is that ails your computer.

Sorry for this coming so late - if you no longer need help, just let me know. :)

Just a few things before we begin, to ease the process on both of us:
  • Please don't run any scanning or cleaning software without my direction, as it can make things worse and take longer in the long run.
  • Please be patient. A good cleaning can take quite a while, and usually involves many steps before it is complete. I may not post back quickly, because I often have to research issues or run ideas by my peers for a more thorough fix.
  • You may wish to print out each instruction post in case you lose Internet connectivity (using safe mode, for example), so you can complete the fix.
  • If you have any question on any step, or if something doesn't work as described, please stop and ask before we proceed. Better safe than sorry!
  • Please paste your logs into your replies instead of attaching them. This makes it far easier to review. Feel free to use multiple replies if you need to.
  • Please stick with me until I let you know we're finished. Even if the machine is running better, it doesn't mean it's clean.


I actually don't believe you have a problem, but I'll get to that in a bit. For now, please follow these instructions:

First

Download OTL to your Desktop.
  • Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Copy the text from the codeblock below (ctrl-c) and paste it (ctrl-v) into the Custom Scans/Fixes box.

    netsvcs
%SYSTEMDRIVE%\*.exe
%USERPROFILE%\..|smtmp;true;true;true /FP
%ProgramFiles%\Common Files\ComObjects\*.* /s
%ProgramFiles%(x86)\Common Files\ComObjects\*.* /s
/md5start
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
volsnap.*
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
  • Put a checkmark in the Scan All Users checkbox.
  • Put checkmarks in the LOP Check and Purity Check checkboxes.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Next

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe file to run it. If it asks you about downloading an updated avast database, please agree to do so.

Click the "Scan" button to start scan. There's no need to change the scan type setting; just leave it where it is.
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply.
Posted Image


Please reply with OTL.txt, Extras.txt, and aswMBR.txt, pasted into your next reply. You may use multiple replies if you wish. :)
  • 0

#3
Jocy7
Posted 15 February 2012 - 06:41 PM

Jocy7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hi Havredave! Yes, I still need help! I'll follow your instructions and send you the logs as soon as possible!
Thanks! :)
  • 0

#4
havredave
Posted 15 February 2012 - 06:49 PM

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,711 posts
Sounds good. :)

I won't be available to respond until tomorrow - I typically am around from 8:30am until just after 5pm MST (little later than usual today!), but I look forward to seeing those logs, and hearing any issues you might have had with generating them.
  • 0

#5
Jocy7
Posted 15 February 2012 - 09:19 PM

Jocy7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Ok, the time is different here, but there is no problem!

Well, just to let you know that I could not finish the scan with OTL. I don't know what hapopened; after some time the screen became blue and appeared a message that a threat was found in one of the drivers and the computer would restart or it would damage the system.I remember the message says that if I had never seen a message like this one (I've never seen before) I should restart my computer... I could not read the message until the end because the system turned off.
I was not using the safe mode because I could not run some programs, maybe I am choosing the wrong option... Should I choose 'safer mode and command prompt??' I used to choose just 'safer mode'... what's wrong?
I am not using network on my computer now, I am using my sister's computer.

Well, I have a little knowledge about computers and softwares... :blush: Maybe I did something wrong...:/ So, I'll stop now and wait your instructions.

Doubt: I have two antivirus in my computer now: avg 2011 and avast. Should I uninstal them?? You said I should not run scan anymore or it would be worse and I have scheduled scan...

Thanks a lot!
  • 0

#6
havredave
Posted 16 February 2012 - 10:01 AM

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,711 posts
I'm glad you mentioned the antivirus software. You should never, ever have two antivirus products running at the same time. Antivirus can run with other software, such as antimalware (like Malwarebytes' Anti-Malware, for example), but not with another antivirus.

Please choose the antivirus you wish to keep, and remove the other. I would recommend keeping Avast, but that is my personal opinion.

After you have removed whichever antivirus you would like to remove, try the instructions from my first post again, and let me know how it goes. :)
  • 0

#7
Jocy7
Posted 17 February 2012 - 06:41 PM

Jocy7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hi Havredave, I chose keep Avast antivirus and uninstaled AVG.

I'll send you the logs in the next posts.
  • 0

#8
Jocy7
Posted 17 February 2012 - 06:45 PM

Jocy7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Here goes OTL.txt

OTL logfile created on: 17/02/2012 18:32:12 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jociele\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000416 | Country: Brazil | Language: PTB | Date Format: dd/MM/yyyy

2,75 Gb Total Physical Memory | 1,65 Gb Available Physical Memory | 60,09% Memory free
5,70 Gb Paging File | 4,63 Gb Available in Paging File | 81,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,32 Gb Total Space | 172,17 Gb Free Space | 59,71% Space Free | Partition Type: NTFS

Computer Name: JO | User Name: Jociele | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/15 23:05:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jociele\Desktop\OTL.exe
PRC - [2011/12/13 15:17:29 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\realplayer\Update\realsched.exe
PRC - [2011/11/28 16:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2010/12/10 23:28:31 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Jociele\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2010/01/15 10:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/07/27 17:54:14 | 000,110,592 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\Jociele\AppData\Roaming\VIVO INTERNET\ouc.exe
PRC - [2009/07/02 03:19:12 | 000,206,120 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
PRC - [2009/07/02 03:19:04 | 000,156,968 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2009/06/17 00:12:36 | 000,173,288 | ---- | M] (Acer Corp.) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2009/05/06 07:50:04 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2009/04/02 02:06:08 | 000,249,600 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2009/02/19 01:42:50 | 000,866,824 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2009/02/06 17:07:08 | 000,686,624 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
PRC - [2009/01/09 00:08:56 | 000,294,544 | ---- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\CarbonitePreinstaller.exe
PRC - [2008/10/29 04:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/21 00:24:13 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008/01/21 00:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/02 10:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
PRC - [2005/09/14 21:44:14 | 000,065,536 | ---- | M] (ali) -- C:\Program Files\USB Disk Win98 Driver\Res.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/16 11:49:25 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll
MOD - [2011/06/16 11:49:17 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll
MOD - [2011/06/16 11:48:29 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll
MOD - [2011/06/16 11:48:24 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d9228d58804dfd75fd92a4d12ffac8af\Accessibility.ni.dll
MOD - [2011/06/16 11:33:51 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
MOD - [2011/06/16 11:33:29 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2011/06/16 11:33:17 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2011/06/16 11:31:11 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2011/06/16 11:29:11 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2011/02/06 12:32:14 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/07/02 03:19:12 | 000,873,768 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/07/02 03:19:10 | 000,013,096 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll
MOD - [2009/05/06 07:50:04 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2009/05/06 07:41:13 | 001,728,512 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3364.37101__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2009/05/06 07:41:13 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3364.37179__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2009/05/06 07:41:13 | 000,290,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3364.37083__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2009/05/06 07:41:13 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3364.37103__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2009/05/06 07:41:13 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3364.37160__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2009/05/06 07:41:13 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3364.37141__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2009/05/06 07:41:13 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3364.37097__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2009/05/06 07:41:13 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3364.37128__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2009/05/06 07:41:13 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3364.37092__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2009/05/06 07:41:12 | 000,811,008 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3364.37130__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2009/05/06 07:41:12 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3364.37155__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2009/05/06 07:41:12 | 000,364,544 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3364.37146__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2009/05/06 07:41:12 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3364.37103__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2009/05/06 07:41:12 | 000,147,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3364.37179__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
MOD - [2009/05/06 07:41:12 | 000,139,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3364.37180__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2009/05/06 07:41:12 | 000,126,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3364.37139__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2009/05/06 07:41:12 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3364.37147__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2009/05/06 07:41:12 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3364.37129__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2009/05/06 07:41:12 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3364.37091__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2009/05/06 07:41:12 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3364.37146__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2009/05/06 07:41:12 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3364.37178__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2009/05/06 07:41:12 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3364.37138__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2009/05/06 07:41:11 | 000,712,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3364.37092__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2009/05/06 07:41:11 | 000,589,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3364.37104__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2009/05/06 07:41:11 | 000,450,560 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3364.37124__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2009/05/06 07:41:11 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3364.37129__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2009/05/06 07:41:11 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3364.37140__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2009/05/06 07:41:11 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3364.37108__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2009/05/06 07:41:11 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3364.37128__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2009/05/06 07:41:11 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3364.37107__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2009/05/06 07:41:11 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3364.37129__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2009/05/06 07:41:11 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3364.37140__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2009/05/06 07:41:11 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2009/05/06 07:41:11 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2009/05/06 07:41:11 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2009/05/06 07:41:11 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2009/05/06 07:41:11 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2009/05/06 07:41:11 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3309.28645__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2009/05/06 07:41:11 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2009/05/06 07:41:11 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3309.28627__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2009/05/06 07:41:11 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2009/05/06 07:41:11 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2009/05/06 07:41:10 | 000,503,808 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3364.37207__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
MOD - [2009/05/06 07:41:10 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2009/05/06 07:41:10 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2009/05/06 07:41:10 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2009/05/06 07:41:10 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2009/05/06 07:41:10 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2009/05/06 07:41:10 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2009/05/06 07:41:10 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2009/05/06 07:41:10 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2009/05/06 07:41:10 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3364.37188__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2009/05/06 07:41:10 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2009/05/06 07:41:10 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2009/05/06 07:41:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2009/05/06 07:41:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3309.28624__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2009/05/06 07:41:10 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2009/05/06 07:41:10 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2009/05/06 07:41:10 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2009/05/06 07:41:10 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2009/05/06 07:41:10 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3309.28627__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2009/05/06 07:41:10 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2009/05/06 07:41:10 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2009/05/06 07:41:10 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2009/05/06 07:41:10 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2009/05/06 07:41:10 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2009/05/06 07:41:10 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2009/05/06 07:41:10 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2009/05/06 07:41:10 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762e\APM.Foundation.dll
MOD - [2009/05/06 07:41:10 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll
MOD - [2009/05/06 07:41:10 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2009/05/06 07:41:10 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2009/05/06 07:41:10 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2009/05/06 07:41:10 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2009/05/06 07:41:10 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2009/05/06 07:41:10 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2009/05/06 07:41:10 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2009/05/06 07:41:10 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2009/05/06 07:41:10 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2009/05/06 07:41:10 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3364.37078__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2009/05/06 07:41:09 | 001,142,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3364.37087__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2009/05/06 07:41:09 | 000,544,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3364.37168__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2009/05/06 07:41:09 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3364.37097__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2009/05/06 07:41:09 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3364.37174__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2009/05/06 07:41:09 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3364.37080__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2009/05/06 07:41:09 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3364.37081__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2009/05/06 07:41:09 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3364.37172__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2009/05/06 07:41:09 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3364.37082__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2009/05/06 07:41:09 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2009/05/06 07:41:09 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2009/05/06 07:41:09 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2009/05/06 07:41:09 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2009/05/06 07:41:09 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3364.37173__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2009/05/06 07:41:09 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2009/05/06 07:41:09 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2009/05/06 07:41:09 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2009/05/06 07:41:09 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2009/05/06 07:41:09 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3309.28637__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2009/05/06 07:41:08 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3364.37080__90ba9c70f846762e\APM.Server.dll
MOD - [2009/05/06 07:41:08 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3364.37079__90ba9c70f846762e\AEM.Server.dll
MOD - [2009/05/06 07:41:08 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2009/03/19 01:16:10 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2009/02/02 22:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2009/01/26 19:56:58 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2003/06/07 19:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (DCService.exe)
SRV - File not found [On_Demand | Stopped] -- -- (AVG Security Toolbar Service)
SRV - [2011/11/28 16:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/01/15 10:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/05/20 21:18:32 | 000,075,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2009/04/02 02:06:02 | 000,054,528 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/02/06 17:07:06 | 000,653,856 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009/01/16 16:53:30 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2008/01/21 00:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/12/22 23:05:26 | 000,054,912 | R--- | M] (360安全中心) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\360HookOem.sys -- (360HookOem)
DRV - [2011/11/28 15:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 15:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 15:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 15:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 15:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/11/28 15:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/07/15 13:20:52 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/07/15 13:20:52 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/07/15 13:20:52 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009/03/19 02:06:28 | 004,386,304 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/02/21 00:10:00 | 000,153,952 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2009/01/16 16:53:32 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2008/12/29 20:57:56 | 000,952,832 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/10/03 15:08:52 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ahcix86s.sys -- (ahcix86s)
DRV - [2008/09/04 02:12:56 | 000,223,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink ™
DRV - [2008/05/28 22:54:20 | 000,022,072 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2008/04/28 12:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...9&m=aspire_5536
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://eis.esnips.co...d2-41fde8d1391d



IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1385451050-3991272558-646856949-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...9&m=aspire_5536
IE - HKU\S-1-5-21-1385451050-3991272558-646856949-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-1385451050-3991272558-646856949-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1385451050-3991272558-646856949-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/
IE - HKU\S-1-5-21-1385451050-3991272558-646856949-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1385451050-3991272558-646856949-1000\..\URLSearchHook: {32b29df0-2237-4370-9a29-37cebb730e9b} - No CLSID value found
IE - HKU\S-1-5-21-1385451050-3991272558-646856949-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1385451050-3991272558-646856949-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1385451050-3991272558-646856949-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jociele\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jociele\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F8943C10-0347-4da3-8652-72A942054DC7}: C:\Program Files\Common Files\Lingea Shared\lexfox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/02/14 23:29:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.0.0.7\ [2012/01/23 15:35:43 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://isearch.avg.c...fr&d=2011-12-12 15:00:44&v=10.0.0.7&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = http://clients5.goog...outputEncoding}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Jociele\AppData\Local\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jociele\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jociele\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Jociele\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Pesquisa do Google = C:\Users\Jociele\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Jociele\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: AVG Safe Search = C:\Users\Jociele\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\
CHR - Extension: Gmail = C:\Users\Jociele\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 19:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Barra de Ferramentas do Yahoo!) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1385451050-3991272558-646856949-1000\..\Toolbar\WebBrowser: (no name) - {32B29DF0-2237-4370-9A29-37CEBB730E9B} - No CLSID value found.
O3 - HKU\S-1-5-21-1385451050-3991272558-646856949-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-1385451050-3991272558-646856949-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.exe (ali)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1385451050-3991272558-646856949-1000..\Run: [HW_OPENEYE_OUC_VIVO INTERNET] C:\Program Files\VIVO INTERNET\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Jociele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk = C:\Program Files\Convesoft\Orion\Messenger.exe (Convesoft)
O7 - HKU\S-1-5-21-1385451050-3991272558-646856949-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1385451050-3991272558-646856949-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1385451050-3991272558-646856949-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F15FA49-E252-480F-8C10-70AE435B77C9}: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DFB88851-841E-4650-8DE3-1375FDF2B3ED}: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Jociele\Pictures\SMELP-USP-SP\são paulo noturna.bmp
O24 - Desktop BackupWallPaper: C:\Users\Jociele\Pictures\SMELP-USP-SP\são paulo noturna.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 19:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0437f759-2269-11e1-bb11-001f169b74e0}\Shell - "" = AutoRun
O33 - MountPoints2\{0437f759-2269-11e1-bb11-001f169b74e0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{3818bf0e-1aac-11e1-b753-001f169b74e0}\Shell - "" = AutoRun
O33 - MountPoints2\{3818bf0e-1aac-11e1-b753-001f169b74e0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{3818bf37-1aac-11e1-b753-001f169b74e0}\Shell - "" = AutoRun
O33 - MountPoints2\{3818bf37-1aac-11e1-b753-001f169b74e0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{479a0724-1ab0-11e1-a77e-001f169b74e0}\Shell - "" = AutoRun
O33 - MountPoints2\{479a0724-1ab0-11e1-a77e-001f169b74e0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{491363a4-3617-11e1-8f1d-001f169b74e0}\Shell - "" = AutoRun
O33 - MountPoints2\{491363a4-3617-11e1-8f1d-001f169b74e0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{665c5122-daee-11e0-99aa-001f169b74e0}\Shell - "" = AutoRun
O33 - MountPoints2\{665c5122-daee-11e0-99aa-001f169b74e0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{665c5134-daee-11e0-99aa-001f169b74e0}\Shell - "" = AutoRun
O33 - MountPoints2\{665c5134-daee-11e0-99aa-001f169b74e0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{67ca84e4-b13b-11df-a7db-001f169b74e0}\Shell\AutoRun\command - "" = gOUMRE.EXE
O33 - MountPoints2\{67ca84e4-b13b-11df-a7db-001f169b74e0}\Shell\oPeN\CoMMAnD - "" = GOUmRE.exe
O33 - MountPoints2\{68b9c9e8-644f-11df-8f56-001f169b74e0}\Shell\AutoRun\command - "" = rfg.exe
O33 - MountPoints2\{68b9c9e8-644f-11df-8f56-001f169b74e0}\Shell\open\Command - "" = rfg.exe
O33 - MountPoints2\{6c65b11c-2650-11e1-b9ce-001f169b74e0}\Shell - "" = AutoRun
O33 - MountPoints2\{6c65b11c-2650-11e1-b9ce-001f169b74e0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{6c65b198-2650-11e1-b9ce-001f169b74e0}\Shell - "" = AutoRun
O33 - MountPoints2\{6c65b198-2650-11e1-b9ce-001f169b74e0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{7096d30e-ca0c-11de-ab39-001f169b74e0}\Shell - "" = AutoRun
O33 - MountPoints2\{7096d30e-ca0c-11de-ab39-001f169b74e0}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{71617d04-d77c-11de-a708-001f169b74e0}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{71617d04-d77c-11de-a708-001f169b74e0}\Shell\explore\Command - "" = WScript.exe .\juejo.vbs
O33 - MountPoints2\{71617d04-d77c-11de-a708-001f169b74e0}\Shell\open\Command - "" = WScript.exe .\juejo.vbs
O33 - MountPoints2\{863bcb2b-ffed-11e0-b1b0-001f169b74e0}\Shell - "" = AutoRun
O33 - MountPoints2\{863bcb2b-ffed-11e0-b1b0-001f169b74e0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{863bcb37-ffed-11e0-b1b0-001f169b74e0}\Shell - "" = AutoRun
O33 - MountPoints2\{863bcb37-ffed-11e0-b1b0-001f169b74e0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{863bcb43-ffed-11e0-b1b0-001f169b74e0}\Shell - "" = AutoRun
O33 - MountPoints2\{863bcb43-ffed-11e0-b1b0-001f169b74e0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{863bcb45-ffed-11e0-b1b0-001f169b74e0}\Shell - "" = AutoRun
O33 - MountPoints2\{863bcb45-ffed-11e0-b1b0-001f169b74e0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{863bcb4b-ffed-11e0-b1b0-001f169b74e0}\Shell - "" = AutoRun
O33 - MountPoints2\{863bcb4b-ffed-11e0-b1b0-001f169b74e0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{863bcb4d-ffed-11e0-b1b0-001f169b74e0}\Shell - "" = AutoRun
O33 - MountPoints2\{863bcb4d-ffed-11e0-b1b0-001f169b74e0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{af9efb0a-f34f-11e0-a340-001f169b74e0}\Shell - "" = AutoRun
O33 - MountPoints2\{af9efb0a-f34f-11e0-a340-001f169b74e0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{b2362522-1cee-11e1-b9de-001f169b74e0}\Shell - "" = AutoRun
O33 - MountPoints2\{b2362522-1cee-11e1-b9de-001f169b74e0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{baaee556-f2cd-11e0-8bca-001f169b74e0}\Shell - "" = AutoRun
O33 - MountPoints2\{baaee556-f2cd-11e0-8bca-001f169b74e0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{dd7cdb43-25fa-11e1-93f8-001f169b74e0}\Shell - "" = AutoRun
O33 - MountPoints2\{dd7cdb43-25fa-11e1-93f8-001f169b74e0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{dd7cdb4d-25fa-11e1-93f8-001f169b74e0}\Shell - "" = AutoRun
O33 - MountPoints2\{dd7cdb4d-25fa-11e1-93f8-001f169b74e0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{f246ea7c-90d4-11df-9c95-001f169b74e0}\Shell - "" = AutoRun
O33 - MountPoints2\{f246ea7c-90d4-11df-9c95-001f169b74e0}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/17 18:07:13 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/02/15 23:33:27 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Jociele\Desktop\OTL.exe
[2012/02/15 23:28:43 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\Jociele\Desktop\aswMBR.exe
[2012/02/08 22:18:10 | 000,000,000 | ---D | C] -- C:\Users\Jociele\Documents\MAGISTÉRIO
[2012/02/03 18:55:44 | 000,000,000 | ---D | C] -- C:\Users\Jociele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/01/31 20:02:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/01/31 20:02:01 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/01/31 20:02:00 | 000,314,456 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/01/31 20:01:47 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/01/31 20:01:43 | 000,052,952 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/01/31 20:01:38 | 000,435,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/01/31 20:01:28 | 000,055,128 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/01/31 19:58:44 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/01/31 19:58:43 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/01/31 19:57:23 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/01/31 19:57:23 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2009/05/06 08:33:16 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[6 C:\Users\Jociele\Desktop\*.tmp files -> C:\Users\Jociele\Desktop\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/17 18:48:11 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/17 18:21:48 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/17 18:20:33 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/17 18:20:33 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/17 18:20:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/17 18:19:58 | 2951,069,696 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/17 18:15:39 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/02/17 17:59:53 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1385451050-3991272558-646856949-1000UA.job
[2012/02/16 01:38:03 | 000,000,000 | -H-- | M] () -- C:\Users\Jociele\Documents\Default.rdp
[2012/02/16 00:31:34 | 429,043,390 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/15 23:42:33 | 000,612,564 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/15 23:42:33 | 000,111,846 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/15 23:19:38 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Jociele\Desktop\aswMBR.exe
[2012/02/15 23:05:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jociele\Desktop\OTL.exe
[2012/02/14 18:59:03 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1385451050-3991272558-646856949-1000Core.job
[2012/02/13 19:52:59 | 000,001,356 | ---- | M] () -- C:\Users\Jociele\AppData\Local\d3d9caps.dat
[2012/02/07 22:54:41 | 000,002,599 | ---- | M] () -- C:\Users\Jociele\Desktop\Microsoft Office Word 2003.lnk
[2012/02/06 19:08:39 | 000,002,579 | ---- | M] () -- C:\Users\Jociele\Desktop\Microsoft Office PowerPoint 2003.lnk
[2012/02/06 18:52:50 | 088,314,941 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm.old
[2012/02/06 18:04:46 | 000,000,902 | ---- | M] () -- C:\Users\Jociele\Application Data\Microsoft\Internet Explorer\Quick Launch\Iniciar Microsoft Office Outlook.lnk
[2012/02/03 18:56:00 | 000,002,056 | ---- | M] () -- C:\Users\Jociele\Desktop\Google Chrome.lnk
[2012/02/03 18:56:00 | 000,002,018 | ---- | M] () -- C:\Users\Jociele\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/03 15:03:34 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/01/31 20:02:03 | 000,001,793 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[6 C:\Users\Jociele\Desktop\*.tmp files -> C:\Users\Jociele\Desktop\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/17 17:50:42 | 2951,069,696 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/16 01:38:03 | 000,000,000 | -H-- | C] () -- C:\Users\Jociele\Documents\Default.rdp
[2012/02/03 18:56:00 | 000,002,056 | ---- | C] () -- C:\Users\Jociele\Desktop\Google Chrome.lnk
[2012/02/03 18:56:00 | 000,002,018 | ---- | C] () -- C:\Users\Jociele\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/03 18:54:04 | 000,001,086 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1385451050-3991272558-646856949-1000UA.job
[2012/02/03 18:54:02 | 000,001,034 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1385451050-3991272558-646856949-1000Core.job
[2012/01/31 20:02:03 | 000,001,793 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/05/09 16:31:32 | 000,004,096 | -H-- | C] () -- C:\Users\Jociele\AppData\Local\keyfile3.drm
[2010/07/28 11:07:00 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009/12/27 00:38:00 | 000,023,888 | ---- | C] () -- C:\Users\Jociele\AppData\Roaming\UserTile.png
[2009/12/10 21:38:39 | 000,000,932 | ---- | C] () -- C:\Users\Jociele\AppData\Roaming\wklnhst.dat
[2009/10/09 18:00:35 | 000,001,356 | ---- | C] () -- C:\Users\Jociele\AppData\Local\d3d9caps.dat
[2009/10/03 15:19:14 | 000,000,418 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/09/27 00:01:57 | 000,040,448 | ---- | C] () -- C:\Users\Jociele\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/06 08:28:55 | 000,181,944 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/05/06 08:28:55 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/05/06 08:28:55 | 000,000,481 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2009/05/06 08:22:19 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2009/05/06 07:50:23 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2009/05/06 07:50:23 | 000,000,074 | ---- | C] () -- C:\Windows\PidList.ini
[2009/05/06 07:50:22 | 000,106,496 | ---- | C] () -- C:\Windows\FixUVC.exe
[2009/05/06 07:47:49 | 000,090,772 | ---- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT
[2009/05/06 07:47:49 | 000,000,536 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2009/05/06 07:47:49 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2009/05/06 07:47:49 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2009/05/06 07:47:49 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2009/05/06 07:47:49 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2009/05/06 07:40:03 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/03/12 10:43:37 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/03/12 10:43:37 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/02/20 22:26:15 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2009/02/20 22:26:15 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2009/02/20 22:26:14 | 000,000,056 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2009/02/20 22:26:14 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2006/11/02 10:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 10:47:37 | 000,362,296 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 10:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 08:33:01 | 000,612,564 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 08:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 08:33:01 | 000,111,846 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 08:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 08:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 06:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 06:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 05:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 05:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/04/07 11:30:02 | 000,005,383 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/03/12 11:58:05 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console
[2009/03/12 11:58:05 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console
[2010/05/11 21:27:46 | 000,000,000 | -HSD | M] -- C:\Users\Jociele\AppData\Roaming\.#
[2009/09/24 17:56:18 | 000,000,000 | ---D | M] -- C:\Users\Jociele\AppData\Roaming\Acer
[2009/03/12 11:58:05 | 000,000,000 | ---D | M] -- C:\Users\Jociele\AppData\Roaming\Acer GameZone Console
[2012/02/14 23:29:41 | 000,000,000 | ---D | M] -- C:\Users\Jociele\AppData\Roaming\Audacity
[2010/12/09 20:54:27 | 000,000,000 | ---D | M] -- C:\Users\Jociele\AppData\Roaming\AVG
[2011/12/13 14:49:23 | 000,000,000 | ---D | M] -- C:\Users\Jociele\AppData\Roaming\AVG2012
[2010/02/15 11:28:16 | 000,000,000 | ---D | M] -- C:\Users\Jociele\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/12/25 19:58:33 | 000,000,000 | ---D | M] -- C:\Users\Jociele\AppData\Roaming\EA
[2010/12/17 21:43:32 | 000,000,000 | ---D | M] -- C:\Users\Jociele\AppData\Roaming\eSobi
[2011/03/23 03:29:14 | 000,000,000 | ---D | M] -- C:\Users\Jociele\AppData\Roaming\Foxit Software
[2011/03/11 00:12:17 | 000,000,000 | ---D | M] -- C:\Users\Jociele\AppData\Roaming\Free Sound Recorder
[2010/07/15 13:20:50 | 000,000,000 | ---D | M] -- C:\Users\Jociele\AppData\Roaming\Lightcomm
[2010/09/12 23:57:58 | 000,000,000 | ---D | M] -- C:\Users\Jociele\AppData\Roaming\Logia
[2011/09/03 13:28:20 | 000,000,000 | ---D | M] -- C:\Users\Jociele\AppData\Roaming\Oi
[2010/02/13 14:00:14 | 000,000,000 | ---D | M] -- C:\Users\Jociele\AppData\Roaming\PlayFirst
[2012/02/14 23:29:43 | 000,000,000 | ---D | M] -- C:\Users\Jociele\AppData\Roaming\PowerCinema
[2012/02/14 23:29:43 | 000,000,000 | ---D | M] -- C:\Users\Jociele\AppData\Roaming\SoftDMA
[2010/07/29 14:26:55 | 000,000,000 | ---D | M] -- C:\Users\Jociele\AppData\Roaming\Softland
[2009/12/10 21:38:43 | 000,000,000 | ---D | M] -- C:\Users\Jociele\AppData\Roaming\Template
[2012/02/14 23:29:43 | 000,000,000 | ---D | M] -- C:\Users\Jociele\AppData\Roaming\VIVO INTERNET
[2009/10/05 17:29:42 | 000,000,000 | ---D | M] -- C:\Users\Jociele\AppData\Roaming\Windows Live Writer
[2012/02/17 18:15:41 | 000,032,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< >

< %ProgramFiles%\Common Files\ComObjects\*.* /s >

< >

< %ProgramFiles%(x86)\Common Files\ComObjects\*.* /s >

< >


< MD5 for: EXPLORER.EXE >
[2008/10/29 04:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 04:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008/10/29 04:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 01:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 04:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009/04/11 04:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 00:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 00:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/01/21 00:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/21 00:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/21 00:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/21 00:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: VOLSNAP.INF >
[2006/11/02 08:25:18 | 000,001,790 | ---- | M] () MD5=E5EE5E075DAB1367001C467C70E8C580 -- C:\Windows\inf\volsnap.inf
[2006/11/02 04:35:04 | 000,001,790 | ---- | M] () MD5=E5EE5E075DAB1367001C467C70E8C580 -- C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_7eb8cdb5\volsnap.inf

< MD5 for: VOLSNAP.INF_LOC >
[2006/11/02 10:41:18 | 000,000,198 | ---- | M] () MD5=F040058B592FE682204B2FC15DDEAC0D -- C:\Windows\System32\DriverStore\en-US\volsnap.inf_loc
[2006/11/02 10:41:18 | 000,000,198 | ---- | M] () MD5=F040058B592FE682204B2FC15DDEAC0D -- C:\Windows\winsxs\x86_volsnap.inf.resources_31bf3856ad364e35_6.0.6000.16386_en-us_112c68f98452eff6\volsnap.inf_loc

< MD5 for: VOLSNAP.PNF >
[2009/02/20 22:35:11 | 000,004,940 | ---- | M] () MD5=8BB59B2576993A142AF85BAC5D9995F7 -- C:\Windows\inf\volsnap.PNF
[2009/02/20 22:35:11 | 000,004,940 | ---- | M] () MD5=F86E905420A12D5AAE107DBBC25E6A18 -- C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_7eb8cdb5\volsnap.PNF

< MD5 for: VOLSNAP.SYS >
[2006/11/02 07:51:18 | 000,208,488 | ---- | M] (Microsoft Corporation) MD5=11EF6C1CAEF76B685233450A126125D6 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_9320b452\volsnap.sys
[2009/04/11 04:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_17a2308cf936c619\volsnap.sys
[2009/04/11 04:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_17a2308cf936c619\volsnap.sys
[2008/01/21 00:23:21 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\System32\drivers\volsnap.sys
[2008/01/21 00:23:21 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_f53a1785\volsnap.sys
[2008/01/21 00:23:21 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd\volsnap.sys

< MD5 for: VOLSNAP.SYS.MUI >
[2008/01/21 00:25:44 | 000,032,768 | ---- | M] (Microsoft Corporation) MD5=2A3DEAD70397152006B4E3CED20B41C4 -- C:\Windows\System32\drivers\en-US\volsnap.sys.mui
[2008/01/21 00:25:44 | 000,032,768 | ---- | M] (Microsoft Corporation) MD5=2A3DEAD70397152006B4E3CED20B41C4 -- C:\Windows\winsxs\x86_volume.inf.resources_31bf3856ad364e35_6.0.6001.18000_en-us_7b264a38bff55d35\volsnap.sys.mui
[2006/11/02 10:41:23 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=F9B09F7E31E49004666C9B3EB0BEBD94 -- C:\Windows\winsxs\x86_volume.inf.resources_31bf3856ad364e35_6.0.6000.16386_en-us_78ef883cc30a4c61\volsnap.sys.mui

< MD5 for: WINLOGON.EXE >
[2009/04/11 04:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009/04/11 04:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/21 00:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008/01/21 00:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = NETBT
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys -- [2008/01/21 00:24:59 | 000,184,320 | ---- | M] (Microsoft Corporation)
"Description" = This service implements NetBios over TCP/IP.
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
"Tag" = 87
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
"DhcpNodeType" = 4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{12A87125-5CC8-47EA-A449-C0372F58DA95}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{3D586F01-37AF-4DB7-81B3-56B10542D81D}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{44F0873F-5DE8-4903-90B2-9F0F09B46123}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{6F15FA49-E252-480F-8C10-70AE435B77C9}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{B76B2247-981B-4330-A11A-13968AF8EECD}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{DFB88851-841E-4650-8DE3-1375FDF2B3ED}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys -- [2008/01/21 00:24:20 | 000,035,840 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 09 01 01 01 02 01 05 01 00 01 0A 01 07 01 04 01 03 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 10
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2006/11/02 07:46:14 | 000,011,264 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< >

< C:\Windows\assembly\tmp\U\*.* /s >

< >

< %systemroot%\*. /mp /s >

< >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Jociele\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/01/20 03:35:36 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Jociele\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/01/20 03:35:36 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Jociele\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/01/20 03:35:36 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Jociele\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/01/20 03:35:36 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/28 02:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/28 02:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/28 02:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/28 04:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/05/28 04:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)

< >

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Jociele\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/01/20 03:35:36 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Jociele\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/01/20 03:35:36 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Jociele\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/01/20 03:35:36 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Jociele\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/01/20 03:35:36 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/28 02:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/28 02:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/28 02:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/28 04:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/05/28 04:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:E2B84483
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:BB24555F
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:B203B914
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:3064D21D
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:CDFF58FE
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:4F636E25
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:DCAF903C
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:ADE16379
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:9E22BBE8
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:814B9485
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:131C0EE9
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:E1982A23
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:F7862839
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:B623B5B8
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:CE0A077E
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:41099CE9
@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:8750DCE4
@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:35759C73
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:798A3728

< End of report >
  • 0

#9
Jocy7
Posted 17 February 2012 - 06:49 PM

Jocy7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
OTL Extras logfile created on: 17/02/2012 18:32:12 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jociele\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000416 | Country: Brazil | Language: PTB | Date Format: dd/MM/yyyy

2,75 Gb Total Physical Memory | 1,65 Gb Available Physical Memory | 60,09% Memory free
5,70 Gb Paging File | 4,63 Gb Available in Paging File | 81,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,32 Gb Total Space | 172,17 Gb Free Space | 59,71% Space Free | Partition Type: NTFS

Computer Name: JO | User Name: Jociele | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DD91065-1B48-445C-A429-D13150F35719}" = lport=139 | protocol=6 | dir=in | app=system |
"{27F0C939-91E1-4D41-8F23-6485DE1DEFEA}" = lport=137 | protocol=17 | dir=in | app=system |
"{2E6D1E91-7AEE-4AA9-9401-A91E895DC0A1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4DB227C8-4086-43A0-9F62-578DCFD64A83}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{55636261-1135-484F-8E49-AD3BFCA3D23B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{5FD12EAF-8383-43A7-A937-154B676B2C18}" = lport=138 | protocol=17 | dir=in | app=system |
"{63BE998B-E32D-435E-AC0D-EDB834DBD664}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{7B53D5B1-EC31-435A-9EE7-92361FAF55CD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{7EC04644-FF7E-411A-9077-C51E2EB5853E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{833313D7-9F0D-42D8-9F86-3A0272187500}" = rport=445 | protocol=6 | dir=out | app=system |
"{95A40668-35FD-40D5-94BA-1A2E83333DA5}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{9690BC84-62CD-4897-80CA-E35D6379506D}" = rport=139 | protocol=6 | dir=out | app=system |
"{9D6E29E8-7EFA-44BA-B149-7DA69E286A17}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A48C71A7-6283-4285-B39A-3BADB4E59441}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{B38703D4-FC52-4A4F-A1C7-1925016D8FE4}" = rport=137 | protocol=17 | dir=out | app=system |
"{CD5C14BB-55E2-43BA-B335-185662B9F27D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{DC408BD7-0AD1-421A-B29D-40B448587404}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{E5CC1D77-0ABA-4601-9DE8-CD502D786F45}" = lport=445 | protocol=6 | dir=in | app=system |
"{E6B833DE-71F9-45E0-A841-983955C26101}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{EDC4EB31-81B6-4E4D-97E7-D1F2906DF73A}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0308FB51-0D4B-460A-8FA4-05527E5F5EC4}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{09551FDE-10A6-429B-BB26-7818738DA3C3}" = protocol=1 | dir=in | [email protected],-28543 |
"{0D676435-7A52-45DF-A19B-1289456DBCE2}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{10E056B4-DF60-42B4-9ADF-B3E3C7AD1862}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{3311410B-93E7-4324-ADF4-DA0213A51F9F}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{34709E7D-521B-4251-9C0A-8405FF11E844}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{3C7C5271-3726-4D28-87CE-152E99014617}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{501C0F6A-E72D-44B4-B91B-9C22E818A020}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{567EA42D-B667-4D44-857A-DAA53AAB4168}" = protocol=58 | dir=in | [email protected],-28545 |
"{595F3477-6BD9-43A2-AF71-02EBD8DF4511}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{6EC0CF9C-130F-410E-A64F-F452D02A8235}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{979247FA-7F95-4CD1-8A63-8CCEA1461697}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{9B6085A0-3DF1-4BB8-81C2-5D0AC1AE0F65}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{A4E7359D-459D-472E-8ED2-136EEA6BB327}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{A56EAECD-499F-42D0-A451-6600D25F2460}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{ABDE33EF-68AC-44FC-80A9-1C3D9BDEB0B5}" = protocol=1 | dir=out | [email protected],-28544 |
"{B305EC6B-765F-46EF-8DB1-DCB5BD77A6AA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B35D5DFE-FD8A-455F-A2E7-4C87A11220E8}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{B61208AD-8C18-4CF0-BF68-4102A8B6B06E}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{C8FF27FA-1525-440B-BECB-CD23ABB65DAB}" = protocol=17 | dir=in | app=c:\program files\psafe\psrsync.exe |
"{C9AA622B-74CF-4E82-84B0-5EBAC22507A0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DF541450-DF2A-4880-8ECD-C8443383D598}" = protocol=58 | dir=out | [email protected],-28546 |
"{E9BB18D9-9C9D-45DB-859C-D461C4342C2C}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{F7C78094-E395-459E-AA06-0A98B8A8EA7E}" = protocol=6 | dir=in | app=c:\program files\psafe\psrsync.exe |
"TCP Query User{A7F714DF-C953-48C5-B6E5-A33D6140DECE}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{E5D42DE4-8C9E-446E-A8B6-5B4B13C6FD2B}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{FD800C43-1DC2-4C7B-B394-723F6102C35F}C:\program files\dsnet corp\atube catcher 2.0\yct.exe" = protocol=6 | dir=in | app=c:\program files\dsnet corp\atube catcher 2.0\yct.exe |
"UDP Query User{3BFCDF3A-9473-40DD-82D3-0E7655C2C95C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{3EE445ED-5A9A-4ED2-B6E9-2538869A5EFF}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{4E7365A7-2A7C-4521-8C6D-651A40FC90A4}C:\program files\dsnet corp\atube catcher 2.0\yct.exe" = protocol=17 | dir=in | app=c:\program files\dsnet corp\atube catcher 2.0\yct.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{082EF4D3-37D3-2ABE-8108-95B605157DBC}" = Catalyst Control Center Localization All
"{0FFEA8EE-7BC7-4C9D-8CC6-5B8C891BA3F2}" = Windows Live Essentials
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F727AEE-3992-AAD9-E8A7-560BF4F92999}" = CCC Help Chinese Standard
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 26
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2DF215E0-BD3C-4C98-8616-AFEF09747285}" = Windows Live Sync
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{31AC282F-3EF7-B239-9BBA-DB606B248F2A}" = CCC Help Spanish
"{33FA7D12-4740-D665-D17C-F5F25EA6EEA6}" = CCC Help Portuguese
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3F5677C0-9871-0BEF-12DD-9E157C1ABA2E}" = CCC Help Dutch
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AEAC717-86F8-DE21-3933-8E4377797AEF}" = CCC Help Japanese
"{4E79A62F-7A2D-4058-BCE0-94E6B9E2F162}" = USB Disk Win98 Driver
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{52BF91FE-7B2F-E26C-7A78-42C056B4461C}" = ccc-utility
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{590035D9-BFA0-406A-A7F0-479C72C0DDB2}" = Windows Live Call
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{5BF3F950-BDAF-C801-0BE4-6319CB412F9D}" = Catalyst Control Center InstallProxy
"{5FC61CFC-1CAA-7650-2755-721FFD78F8D4}" = CCC Help Swedish
"{61C770D4-6F09-52EA-5C84-FF58F324B62B}" = CCC Help Czech
"{63617A9B-A0EE-319B-2478-16CCDA8C945C}" = Catalyst Control Center Graphics Light
"{65EBA8F2-A7A0-E1A8-0986-BADCE1694362}" = Catalyst Control Center Core Implementation
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{69567CE7-08A6-F984-3BA1-9AE068EC7AAF}" = ATI Catalyst Install Manager
"{6D9D1582-2E8C-491B-C337-63B6810A4426}" = CCC Help Finnish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files\Acer GameZone\GameConsole
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{74AD1846-2010-4FB1-8E24-B6F2B87150C2}" = Windows Live Mail
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77411C79-3B2E-342F-D803-AB964746CE1D}" = CCC Help Italian
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7A745642-3020-E403-B67A-C19BF008687A}" = CCC Help Turkish
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110184263}" = Puzzle Express
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11037623}" = Tradewinds 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111205743}" = Tri-Peaks Solitaire To Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11170417}" = Luxor 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113494430}" = Wedding Dash
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{877D85BD-71AA-4BC0-5314-03B8D15F95A9}" = Catalyst Control Center Graphics Full Existing
"{87A9C015-C2BA-44EE-9C20-6E1A764B8E23}" = Windows Live Galeria de Fotos
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90110416-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edição 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{92ABBA93-EE00-41C7-8D44-67D0C9DEF51E}" = Catalyst Control Center - Branding
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9555B4ED-09A3-4722-8E8C-57A49401D059}" = Windows Live Writer
"{9ADC3E4F-34DA-48CD-8727-BB26D90257BD}" = Windows Live Messenger
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter
"{A5AC5F3C-9C4B-136A-5A21-5ADFF12B9657}" = ccc-core-static
"{A6F8719C-479C-4656-BFF7-393584B2034A}" = CCC Help German
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B6D73C82-714E-1E99-2A85-43E649F51F18}" = Catalyst Control Center Graphics Full New
"{B7C690A8-80D8-D09B-B35F-1201AA6B6FDE}" = CCC Help French
"{B8BE463A-E21C-8E7E-399D-CC9724283682}" = CCC Help Polish
"{B9587DFD-225C-1B2B-4FA1-E27768140EFC}" = CCC Help Russian
"{BB50C649-9BB5-BF21-E8C1-0CFFE263C866}" = CCC Help Chinese Traditional
"{C2E8B9C9-677A-46E6-AEC7-9435B5BCA765}_is1" = Vivo - Guia Vivo Internet versão 1.0
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CBD9E015-4A3C-A3DF-6FCF-C636251DF0C8}" = CCC Help Greek
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.74.216
"{D0F0DEFD-538E-8B1C-A2B7-12FB5135BA21}" = CCC Help Danish
"{D6E5E642-5975-C402-5EDC-181E0AAD10ED}" = CCC Help Korean
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD0DDC9E-2ED4-44DD-B461-0EFC126813A0}" = On2 VP7 Personal Edition
"{E12E7096-E796-BB35-02BD-C7720978E481}" = CCC Help English
"{E48A7361-D746-8706-5221-F49A207A6DD8}" = CCC Help Thai
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{ECF195B6-D7F0-B206-7A04-9F83284E9412}" = CCC Help Hungarian
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE3455C6-26CE-71F7-FC1B-7405C83451B7}" = CCC Help Norwegian
"4E1D8DC4BABC15A9FC505FC75418239342464F92" = Windows Driver Package - ZTE Corporation (ZTEusbnmea) Ports (11/04/2008 1.2050.0.9)
"717476F752ECD35068D55A70ADAB74C0865D0604" = Windows Driver Package - ZTE Corporation (ZTEusbmdm6k) Modem (11/04/2008 1.2050.0.9)
"960D2AF39B6968A9203A2E0B2A33256C2830F016" = Windows Driver Package - ZTE Corporation (ZTEusbser6k) Ports (11/04/2008 1.2050.0.9)
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"avast" = avast! Free Antivirus
"bre" = Oxford Escolar CD-ROM
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"doPDF 7 printer_is1" = doPDF 7.1 printer
"Doxillion" = Doxillion Document Converter
"FormatFactory" = FormatFactory 2.60
"Foxit Reader" = Foxit Reader
"GOM Player" = GOM Player
"GridVista" = Acer GridVista
"Houaiss" = Dicionário eletrônico Houaiss
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"LManager" = Launch Manager
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"oigsm_is1" = Velox3G.exe
"RealPlayer 15.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VideoPad" = VideoPad Video Editor
"VIVO INTERNET" = VIVO INTERNET
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Barra de Ferramentas do Yahoo!

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1385451050-3991272558-646856949-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/04/2011 17:17:11 | Computer Name = Jô | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/04/2011 17:17:11 | Computer Name = Jô | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4300807

Error - 12/04/2011 17:17:11 | Computer Name = Jô | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4300807

Error - 13/04/2011 10:00:25 | Computer Name = Jô | Source = WinMgmt | ID = 10
Description =

Error - 13/04/2011 14:11:10 | Computer Name = Jô | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 13/04/2011 14:11:10 | Computer Name = Jô | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9572018

Error - 13/04/2011 14:11:10 | Computer Name = Jô | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9572018

Error - 13/04/2011 18:17:22 | Computer Name = Jô | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 13/04/2011 18:17:22 | Computer Name = Jô | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12564898

Error - 13/04/2011 18:17:22 | Computer Name = Jô | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12564898

[ System Events ]
Error - 17/02/2012 15:42:55 | Computer Name = Jô | Source = Service Control Manager | ID = 7001
Description =

Error - 17/02/2012 15:51:52 | Computer Name = Jô | Source = HTTP | ID = 15016
Description =

Error - 17/02/2012 15:54:01 | Computer Name = Jô | Source = Service Control Manager | ID = 7000
Description =

Error - 17/02/2012 15:54:01 | Computer Name = Jô | Source = Service Control Manager | ID = 7009
Description =

Error - 17/02/2012 15:54:01 | Computer Name = Jô | Source = Service Control Manager | ID = 7000
Description =

Error - 17/02/2012 15:54:01 | Computer Name = Jô | Source = Service Control Manager | ID = 7000
Description =

Error - 17/02/2012 15:58:44 | Computer Name = Jô | Source = Service Control Manager | ID = 7022
Description =

Error - 17/02/2012 16:20:48 | Computer Name = Jô | Source = HTTP | ID = 15016
Description =

Error - 17/02/2012 16:21:43 | Computer Name = Jô | Source = Service Control Manager | ID = 7000
Description =

Error - 17/02/2012 16:21:43 | Computer Name = Jô | Source = Service Control Manager | ID = 7000
Description =


< End of report >
  • 0

#10
Jocy7
Posted 17 February 2012 - 06:51 PM

Jocy7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
OTL Extras logfile created on: 17/02/2012 18:32:12 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jociele\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000416 | Country: Brazil | Language: PTB | Date Format: dd/MM/yyyy

2,75 Gb Total Physical Memory | 1,65 Gb Available Physical Memory | 60,09% Memory free
5,70 Gb Paging File | 4,63 Gb Available in Paging File | 81,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,32 Gb Total Space | 172,17 Gb Free Space | 59,71% Space Free | Partition Type: NTFS

Computer Name: JO | User Name: Jociele | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DD91065-1B48-445C-A429-D13150F35719}" = lport=139 | protocol=6 | dir=in | app=system |
"{27F0C939-91E1-4D41-8F23-6485DE1DEFEA}" = lport=137 | protocol=17 | dir=in | app=system |
"{2E6D1E91-7AEE-4AA9-9401-A91E895DC0A1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4DB227C8-4086-43A0-9F62-578DCFD64A83}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{55636261-1135-484F-8E49-AD3BFCA3D23B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{5FD12EAF-8383-43A7-A937-154B676B2C18}" = lport=138 | protocol=17 | dir=in | app=system |
"{63BE998B-E32D-435E-AC0D-EDB834DBD664}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{7B53D5B1-EC31-435A-9EE7-92361FAF55CD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{7EC04644-FF7E-411A-9077-C51E2EB5853E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{833313D7-9F0D-42D8-9F86-3A0272187500}" = rport=445 | protocol=6 | dir=out | app=system |
"{95A40668-35FD-40D5-94BA-1A2E83333DA5}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{9690BC84-62CD-4897-80CA-E35D6379506D}" = rport=139 | protocol=6 | dir=out | app=system |
"{9D6E29E8-7EFA-44BA-B149-7DA69E286A17}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A48C71A7-6283-4285-B39A-3BADB4E59441}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{B38703D4-FC52-4A4F-A1C7-1925016D8FE4}" = rport=137 | protocol=17 | dir=out | app=system |
"{CD5C14BB-55E2-43BA-B335-185662B9F27D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{DC408BD7-0AD1-421A-B29D-40B448587404}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{E5CC1D77-0ABA-4601-9DE8-CD502D786F45}" = lport=445 | protocol=6 | dir=in | app=system |
"{E6B833DE-71F9-45E0-A841-983955C26101}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{EDC4EB31-81B6-4E4D-97E7-D1F2906DF73A}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0308FB51-0D4B-460A-8FA4-05527E5F5EC4}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{09551FDE-10A6-429B-BB26-7818738DA3C3}" = protocol=1 | dir=in | [email protected],-28543 |
"{0D676435-7A52-45DF-A19B-1289456DBCE2}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{10E056B4-DF60-42B4-9ADF-B3E3C7AD1862}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{3311410B-93E7-4324-ADF4-DA0213A51F9F}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{34709E7D-521B-4251-9C0A-8405FF11E844}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{3C7C5271-3726-4D28-87CE-152E99014617}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{501C0F6A-E72D-44B4-B91B-9C22E818A020}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{567EA42D-B667-4D44-857A-DAA53AAB4168}" = protocol=58 | dir=in | [email protected],-28545 |
"{595F3477-6BD9-43A2-AF71-02EBD8DF4511}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{6EC0CF9C-130F-410E-A64F-F452D02A8235}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{979247FA-7F95-4CD1-8A63-8CCEA1461697}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{9B6085A0-3DF1-4BB8-81C2-5D0AC1AE0F65}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{A4E7359D-459D-472E-8ED2-136EEA6BB327}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{A56EAECD-499F-42D0-A451-6600D25F2460}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{ABDE33EF-68AC-44FC-80A9-1C3D9BDEB0B5}" = protocol=1 | dir=out | [email protected],-28544 |
"{B305EC6B-765F-46EF-8DB1-DCB5BD77A6AA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B35D5DFE-FD8A-455F-A2E7-4C87A11220E8}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{B61208AD-8C18-4CF0-BF68-4102A8B6B06E}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{C8FF27FA-1525-440B-BECB-CD23ABB65DAB}" = protocol=17 | dir=in | app=c:\program files\psafe\psrsync.exe |
"{C9AA622B-74CF-4E82-84B0-5EBAC22507A0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DF541450-DF2A-4880-8ECD-C8443383D598}" = protocol=58 | dir=out | [email protected],-28546 |
"{E9BB18D9-9C9D-45DB-859C-D461C4342C2C}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{F7C78094-E395-459E-AA06-0A98B8A8EA7E}" = protocol=6 | dir=in | app=c:\program files\psafe\psrsync.exe |
"TCP Query User{A7F714DF-C953-48C5-B6E5-A33D6140DECE}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{E5D42DE4-8C9E-446E-A8B6-5B4B13C6FD2B}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{FD800C43-1DC2-4C7B-B394-723F6102C35F}C:\program files\dsnet corp\atube catcher 2.0\yct.exe" = protocol=6 | dir=in | app=c:\program files\dsnet corp\atube catcher 2.0\yct.exe |
"UDP Query User{3BFCDF3A-9473-40DD-82D3-0E7655C2C95C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{3EE445ED-5A9A-4ED2-B6E9-2538869A5EFF}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{4E7365A7-2A7C-4521-8C6D-651A40FC90A4}C:\program files\dsnet corp\atube catcher 2.0\yct.exe" = protocol=17 | dir=in | app=c:\program files\dsnet corp\atube catcher 2.0\yct.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{082EF4D3-37D3-2ABE-8108-95B605157DBC}" = Catalyst Control Center Localization All
"{0FFEA8EE-7BC7-4C9D-8CC6-5B8C891BA3F2}" = Windows Live Essentials
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F727AEE-3992-AAD9-E8A7-560BF4F92999}" = CCC Help Chinese Standard
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 26
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2DF215E0-BD3C-4C98-8616-AFEF09747285}" = Windows Live Sync
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{31AC282F-3EF7-B239-9BBA-DB606B248F2A}" = CCC Help Spanish
"{33FA7D12-4740-D665-D17C-F5F25EA6EEA6}" = CCC Help Portuguese
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3F5677C0-9871-0BEF-12DD-9E157C1ABA2E}" = CCC Help Dutch
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AEAC717-86F8-DE21-3933-8E4377797AEF}" = CCC Help Japanese
"{4E79A62F-7A2D-4058-BCE0-94E6B9E2F162}" = USB Disk Win98 Driver
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{52BF91FE-7B2F-E26C-7A78-42C056B4461C}" = ccc-utility
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{590035D9-BFA0-406A-A7F0-479C72C0DDB2}" = Windows Live Call
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{5BF3F950-BDAF-C801-0BE4-6319CB412F9D}" = Catalyst Control Center InstallProxy
"{5FC61CFC-1CAA-7650-2755-721FFD78F8D4}" = CCC Help Swedish
"{61C770D4-6F09-52EA-5C84-FF58F324B62B}" = CCC Help Czech
"{63617A9B-A0EE-319B-2478-16CCDA8C945C}" = Catalyst Control Center Graphics Light
"{65EBA8F2-A7A0-E1A8-0986-BADCE1694362}" = Catalyst Control Center Core Implementation
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{69567CE7-08A6-F984-3BA1-9AE068EC7AAF}" = ATI Catalyst Install Manager
"{6D9D1582-2E8C-491B-C337-63B6810A4426}" = CCC Help Finnish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files\Acer GameZone\GameConsole
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{74AD1846-2010-4FB1-8E24-B6F2B87150C2}" = Windows Live Mail
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77411C79-3B2E-342F-D803-AB964746CE1D}" = CCC Help Italian
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7A745642-3020-E403-B67A-C19BF008687A}" = CCC Help Turkish
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110184263}" = Puzzle Express
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11037623}" = Tradewinds 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111205743}" = Tri-Peaks Solitaire To Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11170417}" = Luxor 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113494430}" = Wedding Dash
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{877D85BD-71AA-4BC0-5314-03B8D15F95A9}" = Catalyst Control Center Graphics Full Existing
"{87A9C015-C2BA-44EE-9C20-6E1A764B8E23}" = Windows Live Galeria de Fotos
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90110416-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edição 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{92ABBA93-EE00-41C7-8D44-67D0C9DEF51E}" = Catalyst Control Center - Branding
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9555B4ED-09A3-4722-8E8C-57A49401D059}" = Windows Live Writer
"{9ADC3E4F-34DA-48CD-8727-BB26D90257BD}" = Windows Live Messenger
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter
"{A5AC5F3C-9C4B-136A-5A21-5ADFF12B9657}" = ccc-core-static
"{A6F8719C-479C-4656-BFF7-393584B2034A}" = CCC Help German
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B6D73C82-714E-1E99-2A85-43E649F51F18}" = Catalyst Control Center Graphics Full New
"{B7C690A8-80D8-D09B-B35F-1201AA6B6FDE}" = CCC Help French
"{B8BE463A-E21C-8E7E-399D-CC9724283682}" = CCC Help Polish
"{B9587DFD-225C-1B2B-4FA1-E27768140EFC}" = CCC Help Russian
"{BB50C649-9BB5-BF21-E8C1-0CFFE263C866}" = CCC Help Chinese Traditional
"{C2E8B9C9-677A-46E6-AEC7-9435B5BCA765}_is1" = Vivo - Guia Vivo Internet versão 1.0
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CBD9E015-4A3C-A3DF-6FCF-C636251DF0C8}" = CCC Help Greek
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.74.216
"{D0F0DEFD-538E-8B1C-A2B7-12FB5135BA21}" = CCC Help Danish
"{D6E5E642-5975-C402-5EDC-181E0AAD10ED}" = CCC Help Korean
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD0DDC9E-2ED4-44DD-B461-0EFC126813A0}" = On2 VP7 Personal Edition
"{E12E7096-E796-BB35-02BD-C7720978E481}" = CCC Help English
"{E48A7361-D746-8706-5221-F49A207A6DD8}" = CCC Help Thai
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{ECF195B6-D7F0-B206-7A04-9F83284E9412}" = CCC Help Hungarian
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE3455C6-26CE-71F7-FC1B-7405C83451B7}" = CCC Help Norwegian
"4E1D8DC4BABC15A9FC505FC75418239342464F92" = Windows Driver Package - ZTE Corporation (ZTEusbnmea) Ports (11/04/2008 1.2050.0.9)
"717476F752ECD35068D55A70ADAB74C0865D0604" = Windows Driver Package - ZTE Corporation (ZTEusbmdm6k) Modem (11/04/2008 1.2050.0.9)
"960D2AF39B6968A9203A2E0B2A33256C2830F016" = Windows Driver Package - ZTE Corporation (ZTEusbser6k) Ports (11/04/2008 1.2050.0.9)
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"avast" = avast! Free Antivirus
"bre" = Oxford Escolar CD-ROM
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"doPDF 7 printer_is1" = doPDF 7.1 printer
"Doxillion" = Doxillion Document Converter
"FormatFactory" = FormatFactory 2.60
"Foxit Reader" = Foxit Reader
"GOM Player" = GOM Player
"GridVista" = Acer GridVista
"Houaiss" = Dicionário eletrônico Houaiss
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"LManager" = Launch Manager
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"oigsm_is1" = Velox3G.exe
"RealPlayer 15.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VideoPad" = VideoPad Video Editor
"VIVO INTERNET" = VIVO INTERNET
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Barra de Ferramentas do Yahoo!

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1385451050-3991272558-646856949-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/04/2011 17:17:11 | Computer Name = Jô | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/04/2011 17:17:11 | Computer Name = Jô | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4300807

Error - 12/04/2011 17:17:11 | Computer Name = Jô | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4300807

Error - 13/04/2011 10:00:25 | Computer Name = Jô | Source = WinMgmt | ID = 10
Description =

Error - 13/04/2011 14:11:10 | Computer Name = Jô | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 13/04/2011 14:11:10 | Computer Name = Jô | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9572018

Error - 13/04/2011 14:11:10 | Computer Name = Jô | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9572018

Error - 13/04/2011 18:17:22 | Computer Name = Jô | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 13/04/2011 18:17:22 | Computer Name = Jô | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12564898

Error - 13/04/2011 18:17:22 | Computer Name = Jô | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12564898

[ System Events ]
Error - 17/02/2012 15:42:55 | Computer Name = Jô | Source = Service Control Manager | ID = 7001
Description =

Error - 17/02/2012 15:51:52 | Computer Name = Jô | Source = HTTP | ID = 15016
Description =

Error - 17/02/2012 15:54:01 | Computer Name = Jô | Source = Service Control Manager | ID = 7000
Description =

Error - 17/02/2012 15:54:01 | Computer Name = Jô | Source = Service Control Manager | ID = 7009
Description =

Error - 17/02/2012 15:54:01 | Computer Name = Jô | Source = Service Control Manager | ID = 7000
Description =

Error - 17/02/2012 15:54:01 | Computer Name = Jô | Source = Service Control Manager | ID = 7000
Description =

Error - 17/02/2012 15:58:44 | Computer Name = Jô | Source = Service Control Manager | ID = 7022
Description =

Error - 17/02/2012 16:20:48 | Computer Name = Jô | Source = HTTP | ID = 15016
Description =

Error - 17/02/2012 16:21:43 | Computer Name = Jô | Source = Service Control Manager | ID = 7000
Description =

Error - 17/02/2012 16:21:43 | Computer Name = Jô | Source = Service Control Manager | ID = 7000
Description =


< End of report >
  • 0

Advertisements

#11
Jocy7
Posted 17 February 2012 - 06:54 PM

Jocy7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-17 19:14:39
-----------------------------
19:14:39.032 OS Version: Windows 6.0.6001 Service Pack 1
19:14:39.032 Number of processors: 2 586 0x301
19:14:39.032 ComputerName: JO UserName:
19:15:48.125 Initialize success
19:15:56.361 AVAST engine defs: 12020701
19:16:37.109 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005e
19:16:37.109 Disk 0 Vendor: ST932032 0303 Size: 305245MB BusType: 8
19:16:37.249 Disk 0 MBR read successfully
19:16:37.265 Disk 0 MBR scan
19:16:40.587 Disk 0 unknown MBR code
19:16:40.619 Disk 0 Partition 1 00 27 Hidden NTFS WinRE MSDOS5.0 10000 MB offset 2048
19:16:41.055 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 295243 MB offset 20482048
19:16:41.726 Disk 0 scanning sectors +625139712
19:16:42.350 Disk 0 scanning C:\Windows\system32\drivers
19:17:17.169 Service scanning
19:17:21.927 Modules scanning
19:17:35.375 Disk 0 trace - called modules:
19:17:35.421 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys ahcix86s.sys
19:17:35.421 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x864a5030]
19:17:35.421 3 CLASSPNP.SYS[8a59e745] -> nt!IofCallDriver -> [0x8649bb68]
19:17:35.421 5 acpi.sys[8060b6a0] -> nt!IofCallDriver -> \Device\0000005e[0x861b89d0]
19:17:40.476 AVAST engine scan C:\Windows
19:17:51.567 AVAST engine scan C:\Windows\system32
19:22:54.785 AVAST engine scan C:\Windows\system32\drivers
19:23:20.681 AVAST engine scan C:\Users\Jociele
19:46:38.316 AVAST engine scan C:\ProgramData
19:56:52.893 Scan finished successfully
20:14:10.449 Disk 0 MBR has been saved successfully to "C:\Users\Jociele\Desktop\MBR.dat"
20:14:10.465 The log file has been saved successfully to "C:\Users\Jociele\Desktop\aswMBR_log.txt"
  • 0

#12
Jocy7
Posted 17 February 2012 - 07:11 PM

Jocy7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
These are the logs...

Thanks for your patience! :)
  • 0

#13
havredave
Posted 20 February 2012 - 10:44 AM

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,711 posts
I hope your patience is as good :)

I'm going over your logs, but I'm running on about 3.5 hours of sleep, so I might not get back to you as quickly as we'd both like.

How is the machine running with the extra antivirus removed? Any further hits on those 'infected' files you originally posted about? Incidentally, I believe that those were false positives.

While I go over your logs, you can do a boot-time scan with Avast, if you wish. Instructions follow:

Please start Avast!, and click the Scan Computer tab, on the left.

scan tab.JPG

  • Click Boot-time Scan.
  • Click Schedule Now.

bootscan1.JPG

Next, click Restart computer, which appears right below the Schedule Now button:

bootscan2.JPG

Your computer will restart, then scan your system before Windows itself loads fully.

If Avast! finds anything, follow the recommended options. If you have question about a specific find, don't hesitate to post. The machine can wait while you wait, if needed.

Once Avast! is finished with its scan, please post the scan log per the following instructions:

  • Click Start
  • In the search box, type the following:
    %PUBLIC%\AppData\AVAST Software\Avast\report\aswBoot.txt
  • A notepad window will appear with the contents of the scan report. Please copy (ctrl-c) and paste (ctrl-v) the report in your next post.

  • 0

#14
havredave
Posted 21 February 2012 - 04:04 PM

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,711 posts
While there are a few little things that could be cleaned up in your logs, there's nothing that needs to be cleaned up. They look pretty decent to me.

Go forward with the Avast boot scan if you would, and let me know what it finds, if anything.
  • 0

#15
Jocy7
Posted 22 February 2012 - 08:13 AM

Jocy7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Really? This is good!

Well, Avast didn't find any infection, but I could not find the boot-time scan report. I typed the direction %PUBLIC%\AppData\AVAST Software\Avast\report\aswBoot.txt in the searh box, but there are no items for my search. What should I do?

"How is the machine running with the extra antivirus removed? Any further hits on those 'infected' files you originally posted about? Incidentally, I believe that those were false positives".

My computer is running normally, except when I use the safer mode. I don't know why, but my system shuts down automatically after 15 or 20 minutes. It just turn off without any error message or windows symbol... So, I've been using the normal mode.

When AVG detected the infection, the file local was an removable media, my mobile internet modem. So, I had uninstalled my mobile internet program (because the antivirus could not clean the file infection) and I didn't use the modem since now. However, now, Avast did not find any infection in the modem...
Is it clean? There is no possibility of Avast failed to identify the virus? You said: "Incidentally, I believe that those were false positives". What does it mean?


thanks!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP