Hello, I'm new at this forum, basically I entered specially to solve this problem.
Right after I installed Chrome, when a page crashed, this would show up:
http://chromestory.com/wp-content/up...w-Sad-Page.png

A blue screen saying the Star Trek quote: "It's dead Jim"
And sometimes when this screen came up, the computer rebooted but it's own.
I did a little research on Google, and found a site saying it was only Chrome's new tab for crashed pages. I kept ignoring it, but one day, I was watching a movie, and the blue screen appeared in the middle of my movie, rebooting the pc right after.

There was no way that would be a Chrome tab, appearing in the middle of my movie.
I searched a little more and found the FireFly virus.
It totally matches what's happening in my pc (that, by the way, it's slower than ever)

Please, someone, help me on this.
I have no idea of what to do. Here are the requested logs:

Malwarebytes:

Malwarebytes' Anti-Malware 1.51.1.1800
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Versão da Base de Dados: 7332

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

31/07/2011 15:33:29
mbam-log-2011-07-31 (15-33-29).txt

Tipo de Verificação: Verificação Completa (C:\|D:\|E:\|F:\|)
Objetos escaneados: 405915
Tempo decorrido: 55 minuto(s), 31 segundo(s)

Processos de Memória Infectados: 0
Módulos de Memória Infectados: 0
Chaves de Registro Infectadas: 0
Valores de Registro Infectados: 0
Itens de Dados no Registro Infectados: 0
Pastas Infectadas: 0
Arquivos Infectados: 0

Processos de Memória Infectados:
(Não foram detectados ítens maliciosos)

Módulos de Memória Infectados:
(Não foram detectados ítens maliciosos)

Chaves de Registro Infectadas:
(Não foram detectados ítens maliciosos)

Valores de Registro Infectados:
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Infectados:
(Não foram detectados ítens maliciosos)

Pastas Infectadas:
(Não foram detectados ítens maliciosos)

Arquivos Infectados:
(Não foram detectados ítens maliciosos)

*sorry, I have the portuguese version, if you need the english one just let me know and I'll make sure to post it in here*

GMER:


GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-07-31 17:09:33
Windows 6.1.7600
Running: usbsi5wd.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x16 0x4F 0x22 0x75 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC@hdf12 0x16 0x4F 0x22 0x75 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\

---- Files - GMER 1.0.15 ----

File C:\System Volume Information\Chkdsk 0 bytes
File C:\System Volume Information\Chkdsk\Chkdsk20101225153319.log 10240 bytes
File C:\System Volume Information\MountPointManagerRemoteDatabase 0 bytes
File C:\System Volume Information\SPP 0 bytes
File C:\System Volume Information\SPP\OnlineMetadataCache 0 bytes
File C:\System Volume Information\SPP\OnlineMetadataCache\{4ebf02d9-3eef-4c62-a51c-074ad38f7e73}_OnDiskSnapshotProp 10872 bytes
File C:\System Volume Information\SPP\OnlineMetadataCache\{50948750-674d-4d57-8ade-64ffbb0f81e3}_OnDiskSnapshotProp 10664 bytes
File C:\System Volume Information\SPP\OnlineMetadataCache\{7e257d0c-577e-45d6-9d21-c600cc0e3e3c}_OnDiskSnapshotProp 10384 bytes
File C:\System Volume Information\SPP\OnlineMetadataCache\{9239caea-ffca-4034-9ea1-7c0bd12b4bde}_OnDiskSnapshotProp 10512 bytes
File C:\System Volume Information\SPP\OnlineMetadataCache\{965f67f1-b7e5-4678-a3ae-586d7ac44fec}_OnDiskSnapshotProp 10672 bytes
File C:\System Volume Information\SPP\OnlineMetadataCache\{b1b9e36c-874c-469f-b93b-4375b76f9e7f}_OnDiskSnapshotProp 10608 bytes
File C:\System Volume Information\SPP\OnlineMetadataCache\{d43174aa-fb8b-47d9-bbac-94a37a8d434b}_OnDiskSnapshotProp 10664 bytes
File C:\System Volume Information\SPP\OnlineMetadataCache\{ed0bf7e6-cd23-4130-ac45-1e5ffd18fc7f}_OnDiskSnapshotProp 10392 bytes
File C:\System Volume Information\SPP\OnlineMetadataCache\{f979764a-a17d-4c36-aa28-e644ef075bd0}_OnDiskSnapshotProp 10696 bytes
File C:\System Volume Information\SPP\SppCbsHiveStore 0 bytes
File C:\System Volume Information\SPP\SppGroupCache 0 bytes
File C:\System Volume Information\SPP\SppGroupCache\{50948750-674D-4D57-8ADE-64FFBB0F81E3}_DriverPackageInfo 59856 bytes
File C:\System Volume Information\SPP\SppGroupCache\{50948750-674D-4D57-8ADE-64FFBB0F81E3}_WindowsUpdateInfo 16456 bytes
File C:\System Volume Information\SPP\SppGroupCache\{7E257D0C-577E-45D6-9D21-C600CC0E3E3C}_DriverPackageInfo 59768 bytes
File C:\System Volume Information\SPP\SppGroupCache\{7E257D0C-577E-45D6-9D21-C600CC0E3E3C}_WindowsUpdateInfo 16456 bytes
File C:\System Volume Information\SPP\SppGroupCache\{9239CAEA-FFCA-4034-9EA1-7C0BD12B4BDE}_DriverPackageInfo 59768 bytes
File C:\System Volume Information\SPP\SppGroupCache\{9239CAEA-FFCA-4034-9EA1-7C0BD12B4BDE}_WindowsUpdateInfo 16456 bytes
File C:\System Volume Information\SPP\SppGroupCache\{B1B9E36C-874C-469F-B93B-4375B76F9E7F}_DriverPackageInfo 59768 bytes
File C:\System Volume Information\SPP\SppGroupCache\{B1B9E36C-874C-469F-B93B-4375B76F9E7F}_WindowsUpdateInfo 16456 bytes
File C:\System Volume Information\SPP\SppGroupCache\{ED0BF7E6-CD23-4130-AC45-1E5FFD18FC7F}_DriverPackageInfo 59768 bytes
File C:\System Volume Information\SPP\SppGroupCache\{ED0BF7E6-CD23-4130-AC45-1E5FFD18FC7F}_WindowsUpdateInfo 16456 bytes
File C:\System Volume Information\SPP\SppGroupCache\{F979764A-A17D-4C36-AA28-E644EF075BD0}_DriverPackageInfo 59856 bytes
File C:\System Volume Information\SPP\SppGroupCache\{F979764A-A17D-4C36-AA28-E644EF075BD0}_WindowsUpdateInfo 16456 bytes
File C:\System Volume Information\Syscache.hve 18087936 bytes
File C:\System Volume Information\Syscache.hve.LOG1 262144 bytes
File C:\System Volume Information\Syscache.hve.LOG2 0 bytes
File C:\System Volume Information\SystemRestore 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Program Files 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Program Files\Common Files 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Program Files\Common Files\SpeechEngines 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Program Files\Common Files\SpeechEngines\Microsoft 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Program Files\Common Files\SpeechEngines\Microsoft\TTS20 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86) 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Common Files 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Common Files\SpeechEngines 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Common Files\SpeechEngines\Microsoft 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\servic ing 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\servic ing\Packages 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\servic ing\Sessions 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\DriverStore 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\DriverStore\FileRepository 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\DriverStore\FileRepository\prnms002.inf_amd64_n eutral_d439051ec90eeda4 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\DriverStore\FileRepository\prnms002.inf_amd64_n eutral_d439051ec90eeda4\Amd64 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\System 32\DriverStore\Temp 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_microsoft-windows-rpc-remote_31bf3856ad364e35_6.1.7600.16385_none_1c8e24 ec4cd20f75 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_microsoft-windows-s..center-controlpanel_31bf3856ad364e35_6.1.7600.16385_none_ a37456391d763cb2 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.7600.16762_none_f9a1c 80787c9c6e6 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_microsoft-windows-scripting-vbscript_31bf3856ad364e35_6.1.7600.16762_none_a461 9b88478a7aa5 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_microsoft-windows-searchfolder_31bf3856ad364e35_6.1.7600.16385_none_ f6652b9de2fd8a41 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7600.16661_none_7e1c e1176ee7379f 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.16723_none_767435e5 cb9af730 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_microsoft-windows-shell32_31bf3856ad364e35_6.1.7600.16644_none_c8486 19d2b8d62c0 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_microsoft-windows-t..mework-msctfmonitor_31bf3856ad364e35_6.1.7600.16385_none_ e1310860626a47c0 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_microsoft-windows-taskscheduler-client_31bf3856ad364e35_6.1.7600.16699_none_9fe870 a9b80560f9 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7600.16699_none_419a75 c3d88fecc0 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_microsoft-windows-taskscheduler-proxy_31bf3856ad364e35_6.1.7600.16385_none_d9b2caf ed4f953d2 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_microsoft-windows-thumbnailcache_31bf3856ad364e35_6.1.7600.16385_non e_9b0f780432d82d8b 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_microsoft-windows-uianimation_31bf3856ad364e35_6.1.7600.16385_none_e 771fb51894d14a5 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16772_none_3ddf45 2a9c04f6b8 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_microsoft-windows-errorreportingconsole_31bf3856ad364e35_6.1.7600.16 385_none_b202231e3c968e42 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_microsoft-windows-es-shellextension_31bf3856ad364e35_6.1.7600.16385_non e_54f343ff0f64640f 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_microsoft-windows-explorerframe_31bf3856ad364e35_6.1.7600.16623_none _1eb0dfb08d530aa2 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc2 4107935a7e25 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16402_none_061b8a877 3f9358d 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_microsoft-windows-h..nter-shellproviders_31bf3856ad364e35_6.1.7600.16385_non e_f06311f5098e0e17 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_microsoft-windows-healthcenter_31bf3856ad364e35_6.1.7600.16385_none_ 075213da7d858254 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_microsoft-windows-hotstart_31bf3856ad364e35_6.1.7600.16385_none_4c98 e958900f3bd6 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.7600.1 6800_none_2be3d82667407dff 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.1 6800_none_78e9b3c83249a492 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_microsoft-windows-directx-direct3d10.1_31bf3856ad364e35_6.1.7600.16741_none_ ac45b52cc3263d1d 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_microsoft-windows-iconcodecservice_31bf3856ad364e35_6.1.7600.16385_n one_832d9574a3c54749 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_microsoft-windows-msasn1_31bf3856ad364e35_6.1.7600.16415_none_239ab8 cbbed9a362 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_microsoft-windows-photobase_31bf3856ad364e35_6.1.7600.16385_none_9c7 564b9b4af5e86 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_microsoft-windows-webdavredir-davclient_31bf3856ad364e35_6.1.7600.16723_none_f00 141726bc15b73 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.307 29.6161_none_08e61857a83bc251 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \wow64_microsoft-windows-kernelbase_31bf3856ad364e35_6.1.7600.16823_none_8d 8afcbf0276f0ab 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \wow64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7600.16823_none_ceae4c7 5253211da 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \x86_microsoft-windows-d2d_31bf3856ad364e35_6.1.7600.16763_none_a786e3c3b d3618af 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \x86_microsoft-windows-msasn1_31bf3856ad364e35_6.1.7600.16415_none_c77c1d 48067c322c 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16821_none _8a2f3358b2af5f01 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.7600.16800_none_072fa 4a9db072f11 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.7600.16800_n one_bea46aa41cfac2ef 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_microsoft-windows-ieframe_31bf3856ad364e35_8.0.7600.16800_none_dba32 cea3e959bf5 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16816_none_efff 90246fc2d6d8 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_microsoft-windows-kernelbase_31bf3856ad364e35_6.1.7600.16823_none_83 36526cce162eb0 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_6.1.7600.16597_no ne_f84b55572678fa17 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_microsoft-windows-mobsync_31bf3856ad364e35_6.1.7600.16385_none_51649 8a863122b92 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_desktop_shell-search-srchadmin_31bf3856ad364e35_7.0.7600.16385_none_a7b f97adb28bd7c2 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_microsoft-windows-audio-volumecontrol_31bf3856ad364e35_6.1.7600.16385_none _221d630e212b064b 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_microsoft-windows-bcrypt-primitives-dll_31bf3856ad364e35_6.1.7600.16385_none_6e266b0c3 0bb5383 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7600.16624_none_08527df 30bd29da3 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7600.16823_none_d 08fa16a1b9be3c9 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7600.16385_none_c15 ac71fc7aafddc 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.1.7600.16385_none_334f1b474 840d621 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_microsoft-windows-directx-direct3d10.1_31bf3856ad364e35_6.1.7600.16699_none_ ac17a5fac3479663 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_microsoft-windows-msxml30_31bf3856ad364e35_6.1.7600.16723_none_e4a21 8cdb058432b 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_microsoft-windows-msxml60_31bf3856ad364e35_6.1.7600.16723_none_e4a1d 475b058900e 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.1.7600.16385_n one_f9cfc5e1446cdbd4 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_microsoft-windows-networkexplorer_31bf3856ad364e35_6.1.7600.16385_no ne_9c4752b95f916240 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_microsoft-windows-ntdll_31bf3856ad364e35_6.1.7600.16695_none_b4c105a f15e6c623 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7600.16722_none_19 33027714fd3ac0 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_microsoft-windows-p..soundservice-client_31bf3856ad364e35_6.1.7600.16385_none_0dbbf2 cf9197b2ab 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_microsoft-windows-webio_31bf3856ad364e35_6.1.7600.16688_none_b8e2325 4f861849d 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_microsoft-windows-windowscodec_31bf3856ad364e35_6.1.7600.16385_none_ f276a921bacf24a2 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_microsoft-windows-wintrust-dll_31bf3856ad364e35_6.1.7600.16493_none_4b965cd2b 3cbd214 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_microsoft-windows-wmi-core_31bf3856ad364e35_6.1.7600.16385_none_1548f4bc 3949a69a 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7600.16823_none_c459a22 2f0d14fdf 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.1.7600.16385_ none_a6f5b7ed05baf6d4 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_microsoft-windows-wpd-shellextension_31bf3856ad364e35_6.1.7600.16385_non e_6d1dde51e07ab90c 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \Backup 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \Catalogs 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \FileMaps 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \InstallTemp 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \ManifestCache 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \Manifests 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \wow64_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.1.7600.16576_none_727ba94d40 51917f 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \wow64_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.1.7600.16820_no ne_dd872ec37ad18d11 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16772_none_4833ef 7cd065b8b3 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16402_none_107034d9a 859f788 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16821_none _9483ddaae71020fc 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \wow64_microsoft-windows-ieframe_31bf3856ad364e35_8.0.7600.16800_none_e5f7d 73c72f65df0 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16816_none_fa54 3a76a42398d3 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.1.7600.16385_none_d7307fc38 fe364eb 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \x86_microsoft-windows-directwrite_31bf3856ad364e35_6.1.7600.16763_none_d 2876c2160b42f31 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \x86_microsoft-windows-directx-direct3d10.1_31bf3856ad364e35_6.1.7600.16699_none_ 4ff90a770aea252d 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \x86_microsoft-windows-directx-direct3d10.1_31bf3856ad364e35_6.1.7600.16741_none_ 502719a90ac8cbe7 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.7600.1 6800_none_cfc53ca2aee30cc9 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.1 6800_none_1ccb184479ec335c 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.7600.16800_none_ab110 92622a9bddb 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.7600.16800_n one_6285cf20649d51b9 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.1.7600.16543_none_79b0c375b 9c191b6 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.1.7600.16807_none_79e009ffb 99d7ec3 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \wow64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_0c932857a adde4a8 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7600.16667_none_71cb0536 9d197478 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \wow64_microsoft-windows-msxml30_31bf3856ad364e35_6.1.7600.16723_none_eef6c 31fe4b90526 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \wow64_microsoft-windows-msxml60_31bf3856ad364e35_6.1.7600.16723_none_eef67 ec7e4b95209 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \wow64_microsoft-windows-ntdll_31bf3856ad364e35_6.1.7600.16695_none_bf15b00 14a47881e 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \wow64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7600.16722_none_23 87acc9495dfcbb 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \wow64_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.7600.16762_none_03f67 259bc2a88e1 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \wow64_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7600.16661_none_8871 8b69a347f99a 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \wow64_microsoft-windows-shell32_31bf3856ad364e35_6.1.7600.16644_none_d29d0 bef5fee24bb 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \wow64_microsoft-windows-webio_31bf3856ad364e35_6.1.7600.16688_none_c336dca 72cc24698 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \x86_microsoft-windows-rasrtutils_31bf3856ad364e35_6.1.7600.16617_none_0d 399fee4b938b9a 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \x86_microsoft-windows-rpc-remote_31bf3856ad364e35_6.1.7600.16385_none_c06f89 6894749e3f 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \x86_microsoft-windows-thumbnailcache_31bf3856ad364e35_6.1.7600.16385_non e_3ef0dc807a7abc55 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \x86_microsoft-windows-windowscodec_31bf3856ad364e35_6.1.7600.16385_none_ 96580d9e0271b36c 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \x86_microsoft-windows-wintrust-dll_31bf3856ad364e35_6.1.7600.16493_none_ef77c14ef b6e60de 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727 .6195_none_d09154e044272b9a 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727 .6195_none_cbf5e994470a1a8f 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729 .6161_none_50934f2ebcb7eb57 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729 .6161_none_4bf7e3e2bf9ada4c 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_ebf b56996c72aefc 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420f e3fa2b8113bd 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \x86_microsoft.windows.gdiplus_6595b64144ccf1df_1. 1.7600.16385_none_72fc7cbf861225ca 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \wow64_microsoft.windows.winhttp_31bf3856ad364e35_ 5.1.7600.16723_none_c327aeaf713aedc3 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \x86_microsoft-windows-bcrypt-primitives-dll_31bf3856ad364e35_6.1.7600.16385_none_1207cf887 85de24d 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7600.16624_none_ac33e26 f53752c6d 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \x86_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7600.16385_none_653 c2b9c0f4d8ca6 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62 ad231704eab7 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_microsoft.windows.gdiplus_6595b64144ccf1df_ 1.1.7600.16385_none_2b4f45e87195fcc4 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_microsoft.windows.winhttp_31bf3856ad364e35_ 5.1.7600.16723_none_b8d3045d3cda2bc8 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_networking-mpssvc-svc_31bf3856ad364e35_6.1.7600.16385_none_f6092d1fe 18dc440 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_windowssearchengine-structuredquery_31bf3856ad364e35_7.0.7600.16587_no ne_2c1d54f073f708ff 0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs \amd64_windowssearchengine_31bf3856ad364e35_7.0.76 00.16808_none_cfa89e1b34e2d51d 0 bytes
File C:\System Volume Information\tracking.log 20480 bytes
File C:\System Volume Information\Windows Backup 0 bytes
File C:\System Volume Information\Windows Backup\Catalogs 0 bytes
File C:\System Volume Information\Windows Backup\Catalogs\GlobalCatalogLock.dat 0 bytes
File C:\System Volume Information\WindowsImageBackup 0 bytes
File C:\System Volume Information\WindowsImageBackup\SPPMetadataCache 0 bytes
File C:\System Volume Information\{71b80b52-b6b1-11e0-97ac-a4badb54ae18}{3808876b-c176-4e48-b7ae-04046e6cc752} -1502822400 bytes
File C:\System Volume Information\{78671cc8-b9ea-11e0-9c0c-a4badb54ae18}{3808876b-c176-4e48-b7ae-04046e6cc752} 935501824 bytes
File C:\System Volume Information\{78671d5e-b9ea-11e0-9c0c-a4badb54ae18}{3808876b-c176-4e48-b7ae-04046e6cc752} 415678464 bytes
File C:\System Volume Information\{c0250cc1-b4f9-11e0-9a01-a4badb54ae18}{3808876b-c176-4e48-b7ae-04046e6cc752} 951123968 bytes
File C:\System Volume Information\{36e049f8-bb24-11e0-8fa9-a4badb54ae18}{3808876b-c176-4e48-b7ae-04046e6cc752} 905969664 bytes
File C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} 65536 bytes
File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDia gLog.etl 72 bytes
File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEve ntLog-Application.etl 72 bytes
File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEve ntlog-Security.etl 72 bytes
File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEve ntLog-System.etl 72 bytes
File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsM pPsSession7.etl 0 bytes
File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBP M.etl 72 bytes

---- EOF - GMER 1.0.15 ----

aswMBR

aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-07-31 17:10:42
-----------------------------
17:10:42.414 OS Version: Windows x64 6.1.7600
17:10:42.414 Number of processors: 2 586 0x170A
17:10:42.429 ComputerName: MAGI UserName:
17:10:49.855 Initialize success
17:10:50.479 AVAST engine defs: 11073100
17:11:01.742 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:11:01.742 Disk 0 Vendor: WDC_WD3200BEVT-75A23T0 01.01A01 Size: 305245MB BusType: 11
17:11:03.770 Disk 0 MBR read successfully
17:11:03.770 Disk 0 MBR scan
17:11:03.770 Disk 0 Windows 7 default MBR code
17:11:03.786 Service scanning
17:11:05.096 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
17:11:05.704 Modules scanning
17:11:05.704 Disk 0 trace - called modules:
17:11:05.736 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa800241d2c0]<<
17:11:05.751 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80033dc310]
17:11:05.751 3 CLASSPNP.SYS[fffff88001a7243f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80032121f0]
17:11:05.767 \Driver\atapi[0xfffffa8002e18920] -> IRP_MJ_CREATE -> 0xfffffa800241d2c0
17:11:07.545 AVAST engine scan C:\Windows
17:11:11.430 AVAST engine scan C:\Windows\system32
17:12:43.470 AVAST engine scan C:\Windows\system32\drivers
17:12:55.919 AVAST engine scan C:\Users\Little Mousse
17:20:14.357 Disk 0 MBR has been saved successfully to "C:\Users\Little Mousse\Desktop\MBR.dat"
17:20:14.357 The log file has been saved successfully to "C:\Users\Little Mousse\Desktop\lololog.txt"


DDS

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
Run by Little Mousse at 17:22:53 on 2011-07-31
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.55.1046.18.3032.1790 [GMT -3:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \IE\rpbrowserrecordplugin.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll
BHO: ATLAS Toolbar: {3c6301ed-0f78-4af2-8150-d9c052361a8e} - C:\Program Files (x86)\ATLAS V14\ATLIECP.DLL
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Auxiliar de Conexão do Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: ATLAS Toolbar: {3c6301ed-0f78-4af2-8150-d9c052361a8e} - C:\Program Files (x86)\ATLAS V14\ATLIECP.DLL
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\LITTLE~1\AppData\Roaming\MICROS~1\Windows \STARTM~1\Programs\Startup\BROFFI~1.LNK - C:\Program Files (x86)\BrOffice.org 3\program\quickstart.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Translate with ATLAS - C:\Program Files (x86)\ATLAS V14\Atlscript.html
IE: ATLAS Translation &Editor - C:\Program Files (x86)\ATLAS V14\AtlscriptEdit.html
IE: {B7707A72-4355-11D4-82BD-00000EBBEF8D} - C:\Program Files (x86)\ATLAS V14\Atlscript.html
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll/206
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 173.230.130.167 8.8.8.8
TCP: Interfaces\{0DD50144-E71A-494F-AB7C-C9403A846D8F} : NameServer = 156.154.70.25,156.154.71.25
TCP: Interfaces\{615AFBE9-5408-4F90-B755-8E7A40A783B0} : NameServer = 156.154.70.25,156.154.71.25
TCP: Interfaces\{615AFBE9-5408-4F90-B755-8E7A40A783B0} : DhcpNameServer = 173.230.130.167 8.8.8.8
TCP: Interfaces\{615AFBE9-5408-4F90-B755-8E7A40A783B0}\7416C61687970235F543933333 : DhcpNameServer = 192.168.16.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{3049C3E9-B461-4BC5-8870-4C09146192CA}
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}
{3C6301ED-0F78-4AF2-8150-D9C052361A8E}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{9FDDE16B-836F-4806-AB1F-1455CBEFF289}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{3C6301ED-0F78-4AF2-8150-D9C052361A8E}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {B7707A72-4355-11D4-82BD-00000EBBEF8D} - C:\Program Files (x86)\ATLAS V14\Atlscript.html
IE-X64: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll/206
AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Little Mousse\AppData\Roaming\Mozilla\Firefox\Profiles\40 f9w1wp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.eco4planet.com/pt/
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \Firefox\Ext\components\nprpffbrowserrecordlegacye xt.dll
FF - component: C:\Users\Little Mousse\AppData\Roaming\Mozilla\Firefox\Profiles\40 f9w1wp.default\extensions\radiobar@toolbar\compone nts\toolbarhomewmp.dll
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npRLCT4Player.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Sony\Media Go\npmediago.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: RadioBar Toolbar: radiobar@toolbar - %profile%\extensions\radiobar@toolbar
FF - Ext: Rikaichan: {0AA9101C-D3C1-4129-A9B7-D778C6A17F82} - %profile%\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
FF - Ext: Rikaichan Japanese-English Dictionary File: rikaichan-jpen@polarcloud.com - %profile%\extensions\rikaichan-jpen@polarcloud.com
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \Firefox\Ext
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.s ys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswF sBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\driver s\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-7-23 42184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-7-23 366640]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-3-29 598312]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-4-24 483688]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system3 2\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\system32\drivers\ScreamingBAudio6 4.sys --> C:\Windows\system32\drivers\ScreamingBAudio64.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sy s --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftpla ylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftr edirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh .sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-4-24 209768]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-24 136176]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files (x86)\BitComet\tools\BitCometService.exe -service --> C:\Program Files (x86)\BitComet\tools\BitCometService.exe -service [?]
S3 dgderdrv;dgderdrv;C:\Windows\System32\drivers\dgde rdrv.sys [2010-5-25 18120]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssflt r.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Serviço do Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-24 136176]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E [2010-1-9 4925184]
S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TF sExDisk.Sys [2010-11-7 16392]
S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-07-31 19:19:01 -------- d-----w- C:\Users\Little Mousse\AppData\Local\{2B16D0A4-FE06-4594-8C5B-4C0A179EC773}
2011-07-31 03:26:29 254528 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2011-07-31 03:23:41 -------- d-----w- C:\Users\Little Mousse\AppData\Local\{9B0FCFF5-3FC7-46FA-8750-CBEB63B6A628}
2011-07-31 03:11:31 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2011-07-30 00:50:29 8578896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F3AC4A35-B6BC-456F-B3EA-B61F04FA4A2C}\mpengine.dll
2011-07-29 13:57:34 -------- d-----w- C:\Users\Little Mousse\AppData\Local\{E6D573DB-83EC-4EC0-8BF7-2101169D5640}
2011-07-24 23:13:06 -------- d-----w- C:\Users\Little Mousse\AppData\Local\{C9F5687E-7B95-4837-94CF-B629178F47AD}
2011-07-23 03:52:28 -------- d-----w- C:\Program Files\COMODO
2011-07-23 03:46:47 -------- d-----w- C:\ProgramData\Comodo
2011-07-23 03:43:44 -------- d-----w- C:\ProgramData\Comodo Downloader
2011-07-23 03:43:19 600920 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-07-23 03:43:05 64856 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-07-23 03:42:30 40112 ----a-w- C:\Windows\avastSS.scr
2011-07-23 03:38:24 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-23 03:38:20 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-07-23 03:19:24 -------- d-----w- C:\Users\Little Mousse\AppData\Local\{D544FEB3-3EF9-41F7-971A-E5C6539BCC17}
2011-07-22 03:14:31 -------- d-----w- C:\Users\Little Mousse\AppData\Roaming\Malwarebytes
2011-07-22 03:14:24 -------- d-----w- C:\ProgramData\Malwarebytes
2011-07-22 03:14:21 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-07-21 22:36:44 -------- d-----w- C:\Users\Little Mousse\AppData\Local\Sony
2011-07-21 22:36:01 -------- d-----w- C:\Users\Little Mousse\Podcasts
2011-07-21 22:19:21 -------- d-----w- C:\Users\Little Mousse\AppData\Local\{933C5C9F-E8DF-4BBF-810D-39F3C3C28F4C}
2011-07-21 20:53:00 -------- d-----w- C:\Windows\SysWow64\ZoneLabs
2011-07-21 20:51:00 -------- d-----w- C:\Program Files (x86)\Zone Labs
2011-07-21 20:49:54 -------- d-----w- C:\ProgramData\CheckPoint
2011-07-21 20:43:01 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-07-21 20:43:01 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-07-21 20:14:19 -------- d-----w- C:\ProgramData\AVAST Software
2011-07-21 20:14:19 -------- d-----w- C:\Program Files\AVAST Software
2011-07-21 19:51:40 -------- d-----w- C:\Users\Little Mousse\AppData\Local\WinAVI
2011-07-21 19:17:24 -------- d--h--w- C:\ProgramData\Common Files
2011-07-21 19:06:06 -------- d-----w- C:\ProgramData\AVG10
2011-07-21 19:04:47 -------- d-----w- C:\Program Files (x86)\AVG
2011-07-21 18:19:58 -------- d-----w- C:\ProgramData\MFAData
2011-07-21 03:27:32 -------- d-----w- C:\Users\Little Mousse\AppData\Local\{0DCC4B66-6FBE-4CD7-899E-C584A7C7ED7F}
2011-07-20 15:26:54 -------- d-----w- C:\Users\Little Mousse\AppData\Local\{4ECC5476-B2E0-4E4D-B353-0F9964145E3E}
2011-07-19 18:23:54 -------- d-----w- C:\Users\Little Mousse\AppData\Local\{2DB18F5E-6CAE-4920-AC0C-C24AC76D467F}
2011-07-19 05:48:57 -------- d-----w- C:\Users\Little Mousse\AppData\Roaming\go
2011-07-17 21:51:49 -------- d-----w- C:\Users\Little Mousse\AppData\Local\{07B639B0-DEF5-42F7-9C1E-685B495493CB}
2011-07-16 12:29:53 -------- d-----w- C:\Users\Little Mousse\AppData\Local\{DCFAD14D-BBD1-41DE-8CC2-C19160D01FB0}
2011-07-15 09:47:13 -------- d-----w- C:\Users\Little Mousse\AppData\Local\{C6888C43-F4BA-4E12-9495-EDF5A0ECBC03}
2011-07-14 19:43:59 -------- d-----w- C:\Users\Little Mousse\AppData\Local\{F6C8E3BE-424C-4559-9426-82EDEB817C32}
2011-07-10 22:52:56 -------- d-----w- C:\Users\Little Mousse\AppData\Local\{31EF207B-08B8-47E8-848E-1CBD30519679}
2011-07-10 02:46:41 421888 ----a-w- C:\Windows\System32\ac3filter.acm
2011-07-10 02:46:35 -------- d-----w- C:\Program Files (x86)\XP Codec Pack
2011-07-10 0133 237568 ----a-w- C:\Windows\SysWow64\yv12vfw.dll
2011-07-10 0133 232448 ----a-w- C:\Windows\SysWow64\mp3fhg.acm
2011-07-10 0133 151552 ----a-w- C:\Windows\SysWow64\ac3acm.acm
2011-07-10 0132 644608 ----a-w- C:\Windows\SysWow64\xvidcore.dll
2011-07-10 0132 243200 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
2011-07-08 10:10:54 -------- d-----w- C:\Users\Little Mousse\AppData\Local\Nero_AG
2011-07-08 10:10:08 -------- d-----w- C:\Users\Little Mousse\AppData\Local\Nero
2011-07-08 01:15:01 11776 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
2011-07-08 01:14:48 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2011-07-08 01:14:38 150712 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
2011-07-08 01:14:30 105472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
2011-07-06 21:41:57 -------- d-----w- C:\Users\Little Mousse\AppData\Local\{2DF328D8-E78B-447D-AAD5-23CFD740FB7D}
2011-07-06 01:50:00 -------- d-----w- C:\Users\Little Mousse\AppData\Local\{9EFC421C-A7AB-4D2B-A438-D958D89E4D99}
2011-07-04 19:24:42 -------- d-----w- C:\Users\Little Mousse\AppData\Local\{22B598DB-644D-49EE-89EC-F1005AB8FC9A}
2011-07-04 07:41:16 -------- d-----w- C:\Users\Little Mousse\AppData\Local\SecondLife
2011-07-03 15:01:53 -------- d-----w- C:\Temp
2011-07-03 14:44:12 -------- d-----w- C:\Program Files (x86)\WinAVI
2011-07-03 14:31:50 -------- d-----w- C:\DVDTemp
2011-07-02 19:23:22 -------- d-----w- C:\Program Files (x86)\Nero
2011-07-02 19:22:02 -------- d-----w- C:\ProgramData\Nero
2011-07-02 19:17:43 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll
2011-07-02 19:16:20 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll
2011-07-02 19:14:50 3727720 ----a-w- C:\Windows\SysWow64\d3dx9_35.dll
2011-07-02 19:13:23 3497832 ----a-w- C:\Windows\SysWow64\d3dx9_34.dll
.
==================== Find3M ====================
.
2011-07-08 01:14:23 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2011-07-08 01:14:23 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2011-06-30 12:38:10 41712 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
2011-06-30 12:38:08 252344 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys
2011-06-30 12:38:08 16016 ----a-w- C:\Windows\System32\drivers\cmderd.sys
2011-06-30 12:37:26 363560 ----a-w- C:\Windows\System32\guard64.dll
2011-06-30 12:37:26 285256 ----a-w- C:\Windows\SysWow64\guard32.dll
2011-06-28 00:05:55 1080947851 ----a-w- C:\Program Files (x86)\US_LUNAPlus_11011901.exe
2011-06-11 0244 3134464 ----a-w- C:\Windows\System32\win32k.sys
2011-06-02 06:45:22 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-06-02 06:45:22 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-06-02 06:45:22 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-06-02 06:44:54 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-02 06:42:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-06-02 06:39:54 422400 ----a-w- C:\Windows\System32\KernelBase.dll
2011-06-02 06:35:56 338944 ----a-w- C:\Windows\System32\conhost.exe
2011-06-02 05:59:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-06-02 0528 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-06-02 0506 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-06-02 05:54:51 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-06-02 05:54:50 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-06-02 03:51:00 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-06-02 03:50:59 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-06-02 03:45:49 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-02 03:45:49 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-02 03:45:49 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-02 03:45:49 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-05-28 03:25:16 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-05-28 03:00:02 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-05-24 22:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-05-24 1159 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-05-24 10:34:20 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-05-24 10:34:20 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:34:00 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:32:46 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-05-04 07:52:22 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-05-04 05:30:38 2326016 ----a-w- C:\Windows\System32\tquery.dll
2011-05-04 05:28:07 779264 ----a-w- C:\Windows\System32\mssvp.dll
2011-05-04 05:28:07 2228224 ----a-w- C:\Windows\System32\mssrch.dll
2011-05-04 05:28:06 75264 ----a-w- C:\Windows\System32\msscntrs.dll
2011-05-04 05:28:06 491520 ----a-w- C:\Windows\System32\mssph.dll
2011-05-04 05:28:06 288256 ----a-w- C:\Windows\System32\mssphtb.dll
2011-05-04 05:24:09 593408 ----a-w- C:\Windows\System32\SearchIndexer.exe
2011-05-04 05:24:09 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2011-05-04 05:24:09 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2011-05-04 04:53:10 1553920 ----a-w- C:\Windows\SysWow64\tquery.dll
2011-05-04 04:52:59 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
2011-05-04 04:52:59 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
2011-05-04 04:52:59 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
2011-05-04 04:52:59 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
2011-05-04 04:52:59 1401856 ----a-w- C:\Windows\SysWow64\mssrch.dll
2011-05-04 04:52:12 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:52:12 428032 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2011-05-04 04:52:12 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2011-05-04 02:51:08 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-05-04 02:51:08 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-05-04 02:51:05 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-05-03 0522 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-05-03 04:50:29 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
.
============= FINISH: 17:24:27,59 ===============


DDS - Attach

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 06/08/2010 13:40:47
System Uptime: 31/07/2011 16:15:18 (1 hours ago)
.
Motherboard: Dell Inc. | | 0W299R
Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz | Microprocessor | 1188/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 47,073 GiB free.
D: is CDROM ()
E: is Removable
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Adaptador do Microsoft ISATAP
Device ID: ROOT\*ISATAP\0000
Manufacturer: Microsoft
Name: Adaptador do Microsoft ISATAP
PNP Device ID: ROOT\*ISATAP\0000
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Adaptador do Microsoft ISATAP
Device ID: ROOT\*ISATAP\0001
Manufacturer: Microsoft
Name: Adaptador do Microsoft ISATAP #2
PNP Device ID: ROOT\*ISATAP\0001
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Adaptador do Microsoft ISATAP
Device ID: ROOT\*ISATAP\0002
Manufacturer: Microsoft
Name: Adaptador do Microsoft ISATAP #3
PNP Device ID: ROOT\*ISATAP\0002
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Adaptador do Microsoft ISATAP
Device ID: ROOT\*ISATAP\0003
Manufacturer: Microsoft
Name: Adaptador do Microsoft ISATAP #4
PNP Device ID: ROOT\*ISATAP\0003
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Adaptador de Túnel Teredo da Microsoft
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
RP202: 25/07/2011 02:55:52 - Installed Java(TM) 6 Update 26
RP203: 26/07/2011 09:52:48 - Windows Update
RP204: 29/07/2011 21:48:41 - Windows Update
RP206: 31/07/2011 00:11:56 - SPTD setup V1.76
RP207: 31/07/2011 00:27:49 - Instalação de Pacote de Driver de Dispositivo: Disc-Soft Dispositivos de sistema
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.0 - Português
Advanced Audio FX Engine
Apple Application Support
Apple Software Update
Arquivo do WinRAR
ATLAS Translation Standard V14.0 Trial Version
avast! Free Antivirus
BitComet 1.27
BrOffice.org 3.2
Controle ActiveX do Windows Live Mesh para Conexões Remotas
D3DX10
DAEMON Tools Lite
Dell Webcam Central
DVD Shrink 3.2
ETDrill - Demonstration Version
FormatFactory 2.60
Foxit Reader 5.0
Free AVI to WMV Converter
Free Sound Recorder 2010 v9.2.1
Google Chrome
Google Earth Plug-in
Google Update Helper
Guild Wars
High-Definition Video Playback
ImgBurn
IrfanView (remove only)
Japanese Fonts Support For Adobe Reader 9
Java Auto Updater
Java(TM) 6 Update 26
Junk Mail filter update
K-Lite Mega Codec Pack 7.2.0
KeyHoleTV
Live! Cam Avatar Creator
Malwarebytes' Anti-Malware versão 1.51.1.1800
Media Go
Mesh Runtime
Messenger Companion
Microsoft Office com Clique para Executar 2010
Microsoft Office Home and Business 2010 - Português (Brasil)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MorphVOX Pro
MotoHelper MergeModules
Mozilla Firefox (3.6.16)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyFreeCodec
Nero 10 Movie ThemePack Basic
Nero Core Components 10
Nero Dolby Files 10
Nero Kwik Media
Nero Update
NeroKwikMedia Help (CHM)
OpenAL
Pando Media Booster
Pangya (Ntreev USA)
Piano Eletrônico 2.5
PlayStation(R)Network Downloader
PlayStation(R)Store
Project64 1.6
QuickTime
Ragnarok Online
Real Alternative 2.0.2
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
RPG Maker VX 1.01
RPG Maker VX RTP ${PRODUCT_VERSION}
RTP 1.32 Add-On for RM2k
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (KB2478663)
Security Update for Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (KB2518870)
Skype Toolbars
Skype™ 5.3
Text To PDF Converter v1.5
Uniblue RegistryBooster
Uniblue SpeedUpMyPC
Veetle TV 0.9.18
Watson
WinAVI Video Converter
Windows Live Communications Platform
Windows Live Essentials
Windows Live Galeria de Fotos
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
XP Codec Pack
YAMAHA MidRadio Player
.
==== End Of File ===========================


One more thing, I found this page on internet:

Remove FireFly, removal instructions

But I'm not sure if is safe to follow that procedure, if you could check it out for me.

One thing I forgot xD
Before I noticed that this 'He's dead Jim' page wasn't normal, my computer suddenly adquired another virus, a very strange one ._.

I was watching a movie, and I heard something that wasn't from the movie.
It was a crying woman noise.. and she was saying 'Help Me!'
I got scared as hell, scanned my computer with everything I had, and found some things, that I deleted. But the adwares that redirected my google page continued, so I restored the PC to a date I knew it was safe, and it didn't had any of those problems after that.
Could this be a consequence of the FireFly? Or I just caught that somewhere else?
Because from what I read about FireFly it disables firewalls and anti-virus programmes.
Should I worry about that too?

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================================== =================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: Uninstall & Remove McAfee, Symantec, Norton, AVG, Avast & More Antivirus and Security Applications and Programs
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Help T-T
I've run Combo Fix, but the program rebooted the PC after finishing the analyze, and Avast initialized with the Windows.
I didn't knew it would reboot, so I hadn't disabled Avast completely, only until the PC were rebooted.
Combo fix showed this message (I'm translating it myself cause it's in portuguese):

Preparing the report
Don't use no other programmes until Combo Fix is fully finished
Acess denied

What do I do?
Just run Combo Fix again?

I'm sorry D:

Uh, wait...
now it went functioning on it's own.
It's saying:

Almost ready, wait a few seconds until the report show up
The report can be found on C:/ComboFix/log.txt

Then the window closed and the report showed, can I use this one?

Well, anyway xD
This is the log from the Combo Fix.
It's from the time when Avast initialized, if you need me to send a new one, just let me know and I'll run the program again.


ComboFix 11-07-31.04 - Little Mousse 31/07/2011 22:12:31.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.55.1046.18.3032.1712 [GMT -3:00]
Executando de: c:\users\Little Mousse\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
C:\install.exe
c:\level up!\Ragnarok Online\skin\default\_desktop.ini
c:\level up!\Ragnarok Online\skin\default\basic_interface\_desktop.ini
c:\level up!\Ragnarok Online\skin\Scribbling Kid\_desktop.ini
c:\level up!\Ragnarok Online\skin\Scribbling Kid\basic_interface\_desktop.ini
c:\windows\iun6002.exe
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\system32
c:\windows\SysWow64\system32\cis-2.4.dll
c:\windows\SysWow64\system32\issacapi_bs-2.3.dll
c:\windows\SysWow64\system32\issacapi_pe-2.3.dll
c:\windows\SysWow64\system32\issacapi_se-2.3.dll
c:\windows\SysWow64\system32\MACXMLProto.dll
c:\windows\SysWow64\system32\MaDRM.dll
c:\windows\SysWow64\system32\MaJGUILib.dll
c:\windows\SysWow64\system32\MaJUtilLib.dll
c:\windows\SysWow64\system32\MAMACExtract.dll
c:\windows\SysWow64\system32\MASetupCaller.dll
c:\windows\SysWow64\system32\MASetupCleaner.exe
c:\windows\SysWow64\system32\MaXMLProto.dll
c:\windows\SysWow64\system32\MetaStore2.dll
c:\windows\SysWow64\system32\Microsoft.Synchroniza tion.dll
c:\windows\SysWow64\system32\MK_Lyric.dll
c:\windows\SysWow64\system32\MSCLib.dll
c:\windows\SysWow64\system32\MSFLib.dll
c:\windows\SysWow64\system32\MSLUR71.dll
c:\windows\SysWow64\system32\msvcp60.dll
c:\windows\SysWow64\system32\MTTELECHIP.dll
c:\windows\SysWow64\system32\MTXSYNCICON.dll
c:\windows\SysWow64\system32\muzaf1.dll
c:\windows\SysWow64\system32\muzapp.dll
c:\windows\SysWow64\system32\muzapp.exe
c:\windows\SysWow64\system32\muzdecode.ax
c:\windows\SysWow64\system32\muzeffect.ax
c:\windows\SysWow64\system32\muzmp4sp.ax
c:\windows\SysWow64\system32\muzmpgsp.ax
c:\windows\SysWow64\system32\muzoggsp.ax
c:\windows\SysWow64\system32\muzwmts.dll
c:\windows\SysWow64\system32\psapi.dll
c:\windows\SysWow64\system32\Synchronization2.dll
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2011-07-01 to 2011-08-01 ))))))))))))))))))))))))))))
.
.
2011-08-01 01:24 . 2011-08-01 01:24 -------- d-----w- c:\users\dell\AppData\Local\temp
2011-08-01 01:24 . 2011-08-01 01:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-01 01:24 . 2011-08-01 01:24 -------- d-----w- c:\users\Choco Cake\AppData\Local\temp
2011-07-31 03:26 . 2011-07-31 03:26 254528 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-07-31 03:11 . 2011-07-31 03:26 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2011-07-30 00:50 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F3AC4A35-B6BC-456F-B3EA-B61F04FA4A2C}\mpengine.dll
2011-07-25 06:00 . 2011-07-25 06:00 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-07-23 03:52 . 2011-07-23 03:52 -------- d-----w- c:\program files\COMODO
2011-07-23 03:46 . 2011-07-23 04:04 -------- d-----w- c:\programdata\Comodo
2011-07-23 03:43 . 2011-07-04 11:32 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-23 03:43 . 2011-07-04 11:36 288088 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-23 03:43 . 2011-07-23 03:46 -------- d-----w- c:\programdata\Comodo Downloader
2011-07-23 03:43 . 2011-07-04 11:32 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-23 03:43 . 2011-07-04 11:35 45400 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-23 03:43 . 2011-07-04 11:36 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-23 03:43 . 2011-07-04 11:32 64856 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-23 03:43 . 2011-07-04 11:43 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-23 03:42 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-23 03:42 . 2011-07-04 11:43 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-07-23 03:38 . 2011-07-06 22:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-23 03:38 . 2011-07-06 22:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-22 03:14 . 2011-07-22 03:14 -------- d-----w- c:\users\Little Mousse\AppData\Roaming\Malwarebytes
2011-07-22 03:14 . 2011-07-22 03:14 -------- d-----w- c:\programdata\Malwarebytes
2011-07-22 03:14 . 2011-07-23 03:38 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-07-21 22:36 . 2011-07-23 03:12 -------- d-----w- c:\users\Little Mousse\AppData\Local\Sony
2011-07-21 22:36 . 2011-07-21 22:36 -------- d-----w- c:\users\Little Mousse\Podcasts
2011-07-21 22:35 . 2011-07-21 22:35 -------- d-----w- c:\users\Little Mousse\AppData\Roaming\Sony
2011-07-21 20:53 . 2011-03-18 04:24 69120 ----a-w- c:\windows\SysWow64\zlcomm.dll
2011-07-21 20:53 . 2011-07-23 03:12 -------- d-----w- c:\windows\SysWow64\ZoneLabs
2011-07-21 20:51 . 2011-07-21 20:51 -------- d-----w- c:\program files (x86)\Zone Labs
2011-07-21 20:49 . 2011-07-21 20:49 -------- d-----w- c:\programdata\CheckPoint
2011-07-21 20:43 . 2011-07-23 03:12 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-07-21 20:43 . 2011-07-23 03:12 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-07-21 20:14 . 2011-07-21 20:14 -------- d-----w- c:\programdata\AVAST Software
2011-07-21 20:14 . 2011-07-21 20:14 -------- d-----w- c:\program files\AVAST Software
2011-07-21 19:51 . 2011-07-21 19:51 -------- d-----w- c:\users\Little Mousse\AppData\Local\WinAVI
2011-07-21 19:42 . 2011-07-21 19:42 -------- d-----w- c:\users\dell\AppData\Roaming\AVG10
2011-07-21 19:17 . 2011-07-21 19:17 -------- d--h--w- c:\programdata\Common Files
2011-07-21 19:06 . 2011-07-21 23:19 -------- d-----w- c:\programdata\AVG10
2011-07-21 19:04 . 2011-07-21 19:04 -------- d-----w- c:\program files (x86)\AVG
2011-07-21 18:19 . 2011-07-21 22:34 -------- d-----w- c:\programdata\MFAData
2011-07-19 05:48 . 2011-07-22 06:14 -------- d-----w- c:\users\Little Mousse\AppData\Roaming\go
2011-07-10 02:46 . 2008-07-09 09:05 421888 ----a-w- c:\windows\system32\ac3filter.acm
2011-07-10 02:46 . 2011-07-10 02:46 -------- d-----w- c:\program files (x86)\XP Codec Pack
2011-07-10 01:56 . 2011-03-19 19:00 151552 ----a-w- c:\windows\SysWow64\ac3acm.acm
2011-07-10 01:56 . 2010-11-03 18:08 237568 ----a-w- c:\windows\SysWow64\yv12vfw.dll
2011-07-10 01:56 . 2006-10-18 18:05 232448 ----a-w- c:\windows\SysWow64\mp3fhg.acm
2011-07-10 01:56 . 2011-06-02 00:15 243200 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2011-07-10 01:56 . 2011-06-02 00:10 644608 ----a-w- c:\windows\SysWow64\xvidcore.dll
2011-07-08 10:10 . 2011-07-08 10:10 -------- d-----w- c:\users\Little Mousse\AppData\Local\Nero
2011-07-08 10:09 . 2011-07-08 10:09 -------- d-----w- c:\users\Little Mousse\AppData\Roaming\Nero
2011-07-08 01:15 . 2011-07-08 01:15 11776 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprjplug.dll
2011-07-08 01:14 . 2011-07-23 03:09 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2011-07-08 01:14 . 2011-07-08 01:14 150712 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppl3260.dll
2011-07-08 01:14 . 2011-07-08 01:14 105472 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
2011-07-04 07:41 . 2011-07-04 07:42 -------- d-----w- c:\users\Little Mousse\AppData\Roaming\SecondLife
2011-07-04 07:41 . 2011-07-04 07:51 -------- d-----w- c:\users\Little Mousse\AppData\Local\SecondLife
2011-07-03 15:01 . 2011-07-03 17:15 -------- d-----w- C:\Temp
2011-07-03 15:01 . 2011-07-03 15:01 -------- d-----w- c:\users\dell\AppData\Roaming\Digiarty
2011-07-03 14:44 . 2011-07-03 14:44 -------- d-----w- c:\users\dell\AppData\Roaming\WinAVI
2011-07-03 14:44 . 2011-07-03 14:44 -------- d-----w- c:\users\dell\AppData\Local\WinAVI
2011-07-03 14:44 . 2011-07-23 03:13 -------- d-----w- c:\program files (x86)\WinAVI
2011-07-03 14:37 . 2011-07-03 14:44 -------- d-----w- c:\users\dell\AppData\Roaming\GetRightToGo
2011-07-03 14:31 . 2011-07-03 14:31 -------- d-----w- C:\DVDTemp
2011-07-03 14:18 . 2011-07-03 14:18 -------- d-----w- c:\users\dell\AppData\Roaming\Nero
2011-07-03 14:18 . 2011-07-04 01:14 -------- d-----w- c:\users\dell\AppData\Local\Nero
2011-07-02 19:23 . 2011-07-23 03:09 -------- d-----w- c:\program files (x86)\Nero
2011-07-02 19:22 . 2011-07-23 03:09 -------- d-----w- c:\program files (x86)\Common Files\Nero
2011-07-02 19:22 . 2011-07-02 19:26 -------- d-----w- c:\programdata\Nero
2011-07-02 19:17 . 2009-09-04 20:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll
2011-07-02 19:16 . 2008-10-15 09:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2011-07-02 19:14 . 2007-07-19 21:14 3727720 ----a-w- c:\windows\SysWow64\d3dx9_35.dll
2011-07-02 19:13 . 2007-05-16 19:45 3497832 ----a-w- c:\windows\SysWow64\d3dx9_34.dll
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2011-07-08 01:14 . 2010-08-24 05:27 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-07-08 01:14 . 2010-08-24 05:27 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-06-30 12:38 . 2011-06-30 12:38 92688 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-06-30 12:38 . 2011-06-30 12:38 41712 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-06-30 12:38 . 2011-06-30 12:38 252344 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-06-30 12:38 . 2011-06-30 12:38 16016 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-06-30 12:37 . 2011-06-30 12:37 363560 ----a-w- c:\windows\system32\guard64.dll
2011-06-30 12:37 . 2011-06-30 12:37 285256 ----a-w- c:\windows\SysWow64\guard32.dll
2011-06-28 00:05 . 2011-06-27 23:10 1080947851 ----a-w- c:\program files (x86)\US_LUNAPlus_11011901.exe
2011-06-02 05:56 . 2011-07-13 13:56 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-28 03:25 . 2011-06-17 00:55 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-28 03:00 . 2011-06-17 00:55 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-05-24 22:14 . 2010-08-06 20:13 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 11:21 . 2011-06-29 12:39 404992 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-24 10:34 . 2011-06-29 12:39 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-05-24 10:34 . 2011-06-29 12:39 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-05-24 10:34 . 2011-06-29 12:39 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:32 . 2011-06-29 12:39 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2011-05-04 07:52 . 2010-10-21 15:20 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-05-04 05:30 . 2011-06-29 12:39 2326016 ----a-w- c:\windows\system32\tquery.dll
2011-05-04 05:28 . 2011-06-29 12:39 2228224 ----a-w- c:\windows\system32\mssrch.dll
2011-05-04 05:28 . 2011-06-29 12:39 779264 ----a-w- c:\windows\system32\mssvp.dll
2011-05-04 05:28 . 2011-06-29 12:39 491520 ----a-w- c:\windows\system32\mssph.dll
2011-05-04 05:28 . 2011-06-29 12:39 75264 ----a-w- c:\windows\system32\msscntrs.dll
2011-05-04 05:28 . 2011-06-29 12:39 288256 ----a-w- c:\windows\system32\mssphtb.dll
2011-05-04 05:24 . 2011-06-29 12:39 593408 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-05-04 05:24 . 2011-06-29 12:39 249856 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-05-04 05:24 . 2011-06-29 12:39 113664 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-05-04 04:53 . 2011-06-29 12:39 1553920 ----a-w- c:\windows\SysWow64\tquery.dll
2011-05-04 04:52 . 2011-06-29 12:39 1401856 ----a-w- c:\windows\SysWow64\mssrch.dll
2011-05-04 04:52 . 2011-06-29 12:39 666624 ----a-w- c:\windows\SysWow64\mssvp.dll
2011-05-04 04:52 . 2011-06-29 12:39 337408 ----a-w- c:\windows\SysWow64\mssph.dll
2011-05-04 04:52 . 2011-06-29 12:39 59392 ----a-w- c:\windows\SysWow64\msscntrs.dll
2011-05-04 04:52 . 2011-06-29 12:39 197120 ----a-w- c:\windows\SysWow64\mssphtb.dll
2011-05-04 04:52 . 2011-06-29 12:39 428032 ----a-w- c:\windows\SysWow64\SearchIndexer.exe
2011-05-04 04:52 . 2011-06-29 12:39 164352 ----a-w- c:\windows\SysWow64\SearchProtocolHost.exe
2011-05-04 04:52 . 2011-06-29 12:39 86528 ----a-w- c:\windows\SysWow64\SearchFilterHost.exe
2011-05-04 02:51 . 2011-06-17 00:55 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-05-04 02:51 . 2011-06-17 00:55 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-04 02:51 . 2011-06-17 00:55 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-05-03 05:21 . 2011-06-17 00:50 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-05-03 04:50 . 2011-06-17 00:50 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-06-27 3077528]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\users\Choco Cake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BrOffice.org 3.2.lnk - c:\program files (x86)\BrOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\users\dell\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup\
BrOffice.org 3.2.lnk - c:\program files (x86)\BrOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-24 136176]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files (x86)\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
R3 dc3d;Driver de detecção de dispositivos Microsoft Hardware;c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgde rdrv.sys [2010-05-25 20568]
R3 dump_wmimmc;dump_wmimmc;c:\level up!\Ragnarok Online\GameGuard\dump_wmimmc.sys [x]
R3 gupdatem;Serviço do Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-24 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E [2010-01-10 4925184]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TF sExDisk.sys [2010-05-25 16392]
R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\ sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\as wMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-03-29 598312]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys [x]
S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio6 4.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sy s [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftpla ylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftr edirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh .sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2011-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-24 05:26]
.
2011-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-24 05:26]
.
2011-08-01 c:\windows\Tasks\RegistryBooster.job
- c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2011-06-24 09:42]
.
2011-08-01 c:\windows\Tasks\SpeedUpMyPC.job
- c:\program files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe [2011-07-04 20:27]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\00 avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2010-08-25 415256]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-06-30 9048392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Scan Suplementar -------
.
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Translate with ATLAS - c:\program files (x86)\ATLAS V14\Atlscript.html
IE: ATLAS Translation &Editor - c:\program files (x86)\ATLAS V14\AtlscriptEdit.html
TCP: DhcpNameServer = 173.230.130.167 8.8.8.8
TCP: Interfaces\{0DD50144-E71A-494F-AB7C-C9403A846D8F}: NameServer = 156.154.70.25,156.154.71.25
TCP: Interfaces\{615AFBE9-5408-4F90-B755-8E7A40A783B0}: NameServer = 156.154.70.25,156.154.71.25
FF - ProfilePath - c:\users\Little Mousse\AppData\Roaming\Mozilla\Firefox\Profiles\40 f9w1wp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.eco4planet.com/pt/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: RadioBar Toolbar: radiobar@toolbar - %profile%\extensions\radiobar@toolbar
FF - Ext: Rikaichan: {0AA9101C-D3C1-4129-A9B7-D778C6A17F82} - %profile%\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
FF - Ext: Rikaichan Japanese-English Dictionary File: rikaichan-jpen@polarcloud.com - %profile%\extensions\rikaichan-jpen@polarcloud.com
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin \Firefox\Ext
.
- - - - ORFÃOS REMOVIDOS - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\n pggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macrome d\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUt il10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
------------------------ Outros Processos em Execução ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
.
************************************************** ************************
.
Tempo para conclusão: 2011-07-31 22:39:28 - Máquina reiniciou
ComboFix-quarantined-files.txt 2011-08-01 01:39
.
Pré-execução: 50.486.071.296 bytes disponíveis
Pós execução: 57.365.872.640 bytes disponíveis
.
- - End Of File - - B663234071ED82943E81D1E7465FC390

Combofix log looks good now.

How is computer doing?

Uninstall:
Uniblue RegistryBooster
Uniblue SpeedUpMyPC

Registry cleaners/optimizers are not recommended for several reasons:

• Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.
  
  The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  
• Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  
• Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  
• Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  
• The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

• Ed Bott's Webog: Why I don't use registry cleaners
• Do I need a Registry Cleaner?

================================================== ================

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

OTL log


OTL logfile created on: 01/08/2011 01:58:17 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Little Mousse\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

2,96 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 61,18% Memory free
7,40 Gb Paging File | 6,13 Gb Available in Paging File | 82,86% Paging File free
Paging file location(s): C:\pagefile.sys 4548 4548 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,99 Gb Total Space | 53,55 Gb Free Space | 17,97% Space Free | Partition Type: NTFS

Computer Name: MAGI | User Name: Little Mousse | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/01 01:54:26 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Little Mousse\Desktop\OTL.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/07/04 08:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Arquivos de Programas\AVAST Software\Avast\AvastUI.exe
PRC - [2011/07/04 08:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Arquivos de Programas\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/03/29 15:33:08 | 000,598,312 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010/04/24 01:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/04/24 01:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2009/07/13 22:14:47 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe


========== Modules (SafeList) ==========

MOD - [2011/08/01 01:54:26 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Little Mousse\Desktop\OTL.exe
MOD - [2011/06/30 09:37:26 | 000,285,256 | ---- | M] (COMODO) -- C:\Windows\SysWOW64\guard32.dll
MOD - [2010/08/21 0232 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420f e3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/07/04 08:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/06/30 09:37:30 | 002,528,096 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2010/10/13 21:28:54 | 000,149,032 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/03/29 15:33:08 | 000,598,312 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/12/28 05:00:34 | 001,296,728 | ---- | M] (BitComet - A free C++ BitTorrent/HTTP/FTP Download Client) [On_Demand | Stopped] -- C:\Program Files (x86)\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE)
SRV - [2010/08/30 16:57:41 | 003,653,504 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010/04/24 01:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/04/24 01:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/31 00:26:29 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/07/31 00:12:41 | 000,513,080 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/07/04 08:32:24 | 000,064,856 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/03/11 03:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 03:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/10/13 21:28:54 | 000,529,128 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010/10/13 21:28:54 | 000,121,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/25 18:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/07/01 17:52:18 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2010/05/25 03:45:52 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010/05/25 03:45:38 | 000,020,568 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv)
DRV:64bit: - [2010/04/24 01:10:32 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/04/24 01:10:28 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/04/24 01:10:28 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/04/24 01:10:20 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 22:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/15 12:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 17:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 17:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 17:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/09 01:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2006/09/26 23:17:48 | 000,029,984 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV - [2010/10/25 06:07:48 | 000,018,120 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2010/05/25 03:45:52 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2005/01/05 00:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2335185673-1746681900-3595516796-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
IE - HKU\S-1-5-21-2335185673-1746681900-3595516796-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BC 91 F7 F5 FD FE CB 01 [binary data]
IE - HKU\S-1-5-21-2335185673-1746681900-3595516796-1004\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.eco4planet.com/pt/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: radiobar@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: rikaichan-jpen@polarcloud.com:2.01.110409
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.co m/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware .com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \Firefox\Ext [2011/07/23 00:13:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/07/23 00:42:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/07/07 22:14:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/07/07 22:15:01 | 000,000,000 | ---D | M]

[2010/11/11 19:08:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Little Mousse\AppData\Roaming\mozilla\Extensions
[2011/05/11 19:23:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Little Mousse\AppData\Roaming\mozilla\Firefox\Profiles\40 f9w1wp.default\extensions
[2011/05/11 19:10:53 | 000,000,000 | ---D | M] (Rikaichan) -- C:\Users\Little Mousse\AppData\Roaming\mozilla\Firefox\Profiles\40 f9w1wp.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
[2010/08/15 18:27:09 | 000,000,000 | ---D | M] (RadioBar Toolbar) -- C:\Users\Little Mousse\AppData\Roaming\mozilla\Firefox\Profiles\40 f9w1wp.default\extensions\radiobar@toolbar
[2011/05/11 19:10:53 | 000,000,000 | ---D | M] (Rikaichan Japanese-English Dictionary File) -- C:\Users\Little Mousse\AppData\Roaming\mozilla\Firefox\Profiles\40 f9w1wp.default\extensions\rikaichan-jpen@polarcloud.com
[2010/08/09 20:42:25 | 000,002,180 | ---- | M] () -- C:\Users\Little Mousse\AppData\Roaming\Mozilla\Firefox\Profiles\40 f9w1wp.default\searchplugins\eco4planet.xml
[2011/07/25 02:59:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011/07/23 00:09:41 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/07/23 00:09:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/07/23 00:09:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/07/23 00:09:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/25 02:59:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/07/23 00:13:25 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN \FIREFOX\EXT
[2011/04/15 09:20:18 | 001,034,544 | ---- | M] (BitComet) -- C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/04/04 12:23:48 | 000,002,226 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2010/10/27 02:50:03 | 000,001,027 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\buscape.xml
[2010/10/27 02:50:03 | 000,001,212 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mercadolivre.xml
[2010/10/27 02:50:03 | 000,001,168 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-br.xml
[2010/10/27 02:50:03 | 000,000,952 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-br.xml

O1 HOSTS File: ([2011/07/31 22:28:05 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Arquivos de Programas\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (ATLAS Toolbar) - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files (x86)\ATLAS V14\ATLIECP.DLL (FUJITSU LIMITED)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de Programas\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Arquivos de Programas\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (ATLAS Toolbar) - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files (x86)\ATLAS V14\ATLIECP.DLL (FUJITSU LIMITED)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de Programas\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-2335185673-1746681900-3595516796-1004\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-2335185673-1746681900-3595516796-1004..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2335185673-1746681900-3595516796-1004..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - Startup: C:\Users\Choco Cake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BrOffice.org 3.2.lnk = C:\Program Files (x86)\BrOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\dell\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup\BrOffice.org 3.2.lnk = C:\Program Files (x86)\BrOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2335185673-1746681900-3595516796-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2335185673-1746681900-3595516796-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2335185673-1746681900-3595516796-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2335185673-1746681900-3595516796-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2335185673-1746681900-3595516796-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: &Translate with ATLAS - C:\Program Files (x86)\ATLAS V14\Atlscript.html ()
O8:64bit: - Extra context menu item: ATLAS Translation &Editor - C:\Program Files (x86)\ATLAS V14\AtlscriptEdit.html ()
O8 - Extra context menu item: &Translate with ATLAS - C:\Program Files (x86)\ATLAS V14\Atlscript.html ()
O8 - Extra context menu item: ATLAS Translation &Editor - C:\Program Files (x86)\ATLAS V14\AtlscriptEdit.html ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ATLAS Translation - {B7707A72-4355-11D4-82BD-00000EBBEF8D} - C:\Program Files (x86)\ATLAS V14\Atlscript.html ()
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 173.230.130.167 8.8.8.8
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.e xe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll ()
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.ac3filter - ac3filter.acm File not found
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\Windows\SysWow64\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ffdshow.ax ()
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/08/01 0113 | 000,000,000 | ---D | C] -- C:\ProgramData\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
[2011/08/01 0102 | 000,000,000 | ---D | C] -- C:\Users\Little Mousse\AppData\Local\PackageAware
[2011/08/01 01:54:26 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Little Mousse\Desktop\OTL.exe
[2011/07/31 22:39:31 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/07/31 22:28:54 | 000,000,000 | ---D | C] -- C:\Users\Little Mousse\AppData\Local\{96339746-AD53-480B-82A6-E8F0EE9A74A4}
[2011/07/31 22:09:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/07/31 22:09:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/07/31 22:09:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/07/31 22:09:46 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/07/31 22:08:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/31 22:00:32 | 004,159,367 | R--- | C] (Swearware) -- C:\Users\Little Mousse\Desktop\ComboFix.exe
[2011/07/31 16:19:01 | 000,000,000 | ---D | C] -- C:\Users\Little Mousse\AppData\Local\{2B16D0A4-FE06-4594-8C5B-4C0A179EC773}
[2011/07/31 00:26:29 | 000,254,528 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011/07/31 00:23:41 | 000,000,000 | ---D | C] -- C:\Users\Little Mousse\AppData\Local\{9B0FCFF5-3FC7-46FA-8750-CBEB63B6A628}
[2011/07/31 00:12:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2011/07/31 00:11:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2011/07/29 10:57:34 | 000,000,000 | ---D | C] -- C:\Users\Little Mousse\AppData\Local\{E6D573DB-83EC-4EC0-8BF7-2101169D5640}
[2011/07/25 03:00:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/07/24 20:13:06 | 000,000,000 | ---D | C] -- C:\Users\Little Mousse\AppData\Local\{C9F5687E-7B95-4837-94CF-B629178F47AD}
[2011/07/23 00:53:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
[2011/07/23 00:52:28 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2011/07/23 00:46:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2011/07/23 00:44:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/07/23 00:43:56 | 000,022,360 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/07/23 00:43:54 | 000,288,088 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/07/23 00:43:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2011/07/23 00:43:30 | 000,031,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/07/23 00:43:25 | 000,045,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/07/23 00:43:19 | 000,600,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/07/23 00:43:05 | 000,064,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/07/23 00:43:04 | 000,253,888 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/07/23 00:42:30 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/07/23 00:42:30 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/07/23 00:38:24 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/07/23 00:38:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/23 00:38:20 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/07/23 00:19:24 | 000,000,000 | ---D | C] -- C:\Users\Little Mousse\AppData\Local\{D544FEB3-3EF9-41F7-971A-E5C6539BCC17}
[2011/07/22 00:14:31 | 000,000,000 | ---D | C] -- C:\Users\Little Mousse\AppData\Roaming\Malwarebytes
[2011/07/22 00:14:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/07/22 00:14:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/07/21 19:36:44 | 000,000,000 | ---D | C] -- C:\Users\Little Mousse\AppData\Local\Sony
[2011/07/21 19:36:01 | 000,000,000 | ---D | C] -- C:\Users\Little Mousse\Podcasts
[2011/07/21 19:36:01 | 000,000,000 | ---D | C] -- C:\Users\Little Mousse\Documents\Media Go
[2011/07/21 19:35:57 | 000,000,000 | ---D | C] -- C:\Users\Little Mousse\AppData\Roaming\Sony
[2011/07/21 19:19:21 | 000,000,000 | ---D | C] -- C:\Users\Little Mousse\AppData\Local\{933C5C9F-E8DF-4BBF-810D-39F3C3C28F4C}
[2011/07/21 17:53:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ZoneLabs
[2011/07/21 17:51:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zone Labs
[2011/07/21 17:49:54 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2011/07/21 17:43:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/07/21 17:43:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/07/21 17:14:19 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/07/21 17:14:19 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/07/21 16:51:40 | 000,000,000 | ---D | C] -- C:\Users\Little Mousse\AppData\Local\WinAVI
[2011/07/21 16:17:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/07/21 16:06:06 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/07/21 16:04:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2011/07/21 15:19:58 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/07/21 00:27:32 | 000,000,000 | ---D | C] -- C:\Users\Little Mousse\AppData\Local\{0DCC4B66-6FBE-4CD7-899E-C584A7C7ED7F}
[2011/07/20 12:26:54 | 000,000,000 | ---D | C] -- C:\Users\Little Mousse\AppData\Local\{4ECC5476-B2E0-4E4D-B353-0F9964145E3E}
[2011/07/19 15:23:54 | 000,000,000 | ---D | C] -- C:\Users\Little Mousse\AppData\Local\{2DB18F5E-6CAE-4920-AC0C-C24AC76D467F}
[2011/07/19 02:48:57 | 000,000,000 | ---D | C] -- C:\Users\Little Mousse\AppData\Roaming\go
[2011/07/17 18:51:49 | 000,000,000 | ---D | C] -- C:\Users\Little Mousse\AppData\Local\{07B639B0-DEF5-42F7-9C1E-685B495493CB}
[2011/07/16 09:29:53 | 000,000,000 | ---D | C] -- C:\Users\Little Mousse\AppData\Local\{DCFAD14D-BBD1-41DE-8CC2-C19160D01FB0}
[2011/07/15 06:47:13 | 000,000,000 | ---D | C] -- C:\Users\Little Mousse\AppData\Local\{C6888C43-F4BA-4E12-9495-EDF5A0ECBC03}
[2011/07/14 16:43:59 | 000,000,000 | ---D | C] -- C:\Users\Little Mousse\AppData\Local\{F6C8E3BE-424C-4559-9426-82EDEB817C32}
[2011/07/10 19:52:56 | 000,000,000 | ---D | C] -- C:\Users\Little Mousse\AppData\Local\{31EF207B-08B8-47E8-848E-1CBD30519679}
[2011/07/09 23:46:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XP Codec Pack 2.5.1
[2011/07/09 23:46:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XP Codec Pack
[2011/07/09 2236 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2011/07/09 2233 | 000,237,568 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll
[2011/07/09 2233 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\SysWow64\ac3acm.acm
[2011/07/08 07:10:54 | 000,000,000 | ---D | C] -- C:\Users\Little Mousse\AppData\Local\Nero_AG
[2011/07/08 07:10:08 | 000,000,000 | ---D | C] -- C:\Users\Little Mousse\AppData\Local\Nero
[2011/07/08 07:09:58 | 000,000,000 | ---D | C] -- C:\Users\Little Mousse\AppData\Roaming\Nero
[2011/07/07 22:14:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2011/07/07 22:14:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2011/07/06 18:41:57 | 000,000,000 | ---D | C] -- C:\Users\Little Mousse\AppData\Local\{2DF328D8-E78B-447D-AAD5-23CFD740FB7D}
[2011/07/05 22:50:00 | 000,000,000 | ---D | C] -- C:\Users\Little Mousse\AppData\Local\{9EFC421C-A7AB-4D2B-A438-D958D89E4D99}
[2011/07/04 16:24:42 | 000,000,000 | ---D | C] -- C:\Users\Little Mousse\AppData\Local\{22B598DB-644D-49EE-89EC-F1005AB8FC9A}
[2011/07/04 04:41:17 | 000,000,000 | ---D | C] -- C:\Users\Little Mousse\AppData\Roaming\SecondLife
[2011/07/04 04:41:16 | 000,000,000 | ---D | C] -- C:\Users\Little Mousse\AppData\Local\SecondLife
[2011/07/03 12:01:53 | 000,000,000 | ---D | C] -- C:\Temp
[2011/07/03 11:44:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinAVI
[2011/07/03 11:31:50 | 000,000,000 | ---D | C] -- C:\DVDTemp
[2011/07/02 16:25:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2011/07/02 16:23:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2011/07/02 16:22:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2011/07/02 16:22:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2004/11/24 16:25:52 | 000,335,872 | ---- | C] ( ) -- C:\Windows\SysWow64\drvc.dll

========== Files - Modified Within 30 Days ==========

[2011/08/01 0100 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/01 01:54:26 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Little Mousse\Desktop\OTL.exe
[2011/07/31 22:37:19 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/31 22:37:18 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/31 22:34:09 | 001,628,988 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/07/31 22:34:09 | 000,703,840 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2011/07/31 22:34:09 | 000,652,408 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/07/31 22:34:09 | 000,146,368 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2011/07/31 22:34:09 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/07/31 22:28:05 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/07/31 22:27:40 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/31 22:26:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/31 22:26:31 | 2384,744,448 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/31 22:00:11 | 004,159,367 | R--- | M] (Swearware) -- C:\Users\Little Mousse\Desktop\ComboFix.exe
[2011/07/31 17:20:14 | 000,000,512 | ---- | M] () -- C:\Users\Little Mousse\Desktop\MBR.dat
[2011/07/31 15:46:09 | 000,000,000 | ---- | M] () -- C:\Users\Little Mousse\AppData\Local\{E11C56E9-46F5-4D96-830E-8BCAA0479E87}
[2011/07/31 00:26:29 | 000,254,528 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011/07/31 00:12:41 | 000,513,080 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2011/07/25 06:10:59 | 000,018,658 | ---- | M] () -- C:\Users\Little Mousse\.recently-used.xbel
[2011/07/23 00:43:05 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/07/14 10:13:34 | 000,318,176 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/07/04 08:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/07/04 08:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/07/04 08:43:42 | 000,253,888 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/07/04 08:36:56 | 000,600,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/07/04 08:36:54 | 000,288,088 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/07/04 08:35:28 | 000,045,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/07/04 08:32:35 | 000,031,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/07/04 08:32:24 | 000,064,856 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/07/04 08:32:14 | 000,022,360 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys

========== Files Created - No Company Name ==========

[2011/07/31 22:09:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/07/31 22:09:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/07/31 22:09:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/07/31 22:09:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/07/31 22:09:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/07/31 17:20:14 | 000,000,512 | ---- | C] () -- C:\Users\Little Mousse\Desktop\MBR.dat
[2011/07/31 15:46:09 | 000,000,000 | ---- | C] () -- C:\Users\Little Mousse\AppData\Local\{E11C56E9-46F5-4D96-830E-8BCAA0479E87}
[2011/07/25 06:10:59 | 000,018,658 | ---- | C] () -- C:\Users\Little Mousse\.recently-used.xbel
[2011/07/23 00:43:04 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011/07/09 23:46:41 | 000,421,888 | ---- | C] () -- C:\Windows\SysNative\ac3filter.acm
[2011/07/09 2234 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/07/09 2232 | 000,644,608 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/07/09 2232 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/06/27 20:10:00 | 1080,947,851 | ---- | C] () -- C:\Program Files (x86)\US_LUNAPlus_11011901.exe
[2011/02/27 19:22:49 | 000,010,752 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2011/01/31 01:12:34 | 000,087,040 | ---- | C] () -- C:\Windows\UnGins.exe
[2010/12/20 14:27:33 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2010/11/13 16:58:03 | 001,645,810 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/10/18 18:55:09 | 000,020,480 | ---- | C] () -- C:\Users\Little Mousse\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/25 18:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 18:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 18:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 17:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 17:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/08/11 21:30:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/05/25 03:45:24 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2010/05/25 03:45:24 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2010/05/25 03:45:24 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2010/05/25 03:45:24 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2009/07/14 02:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 23:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 21:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 20:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 18:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 18:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/01/19 04:29:46 | 000,000,256 | -H-- | C] () -- C:\Windows\SysWow64\LTAW14FN.BIN
[2009/01/19 04:29:46 | 000,000,256 | -H-- | C] () -- C:\Windows\SysWow64\FJLTAFOU.BIN
[2008/12/19 12:15:58 | 004,338,246 | ---- | C] () -- C:\Windows\SysWow64\libavcodec.dll
[2008/12/17 14:41:18 | 000,884,237 | ---- | C] () -- C:\Windows\SysWow64\ff_x264.dll
[2008/12/17 14:22:58 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2008/12/17 14:22:48 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2008/12/17 14:17:34 | 000,239,247 | ---- | C] () -- C:\Windows\SysWow64\ff_theora.dll
[2008/12/17 13:59:54 | 000,560,802 | ---- | C] () -- C:\Windows\SysWow64\libmplayer.dll
[2006/11/02 13:10:16 | 000,080,912 | ---- | C] () -- C:\Windows\SysWow64\sherlock2.exe
[2005/10/14 0550 | 000,921,600 | ---- | C] () -- C:\Windows\SysWow64\VorbisEnc.dll
[2005/10/14 0550 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\xvid.dll
[2005/10/14 0550 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\OggDS.dll
[2005/10/14 0550 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll
[2005/10/14 0550 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2005/10/14 0550 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll
[2004/10/03 14:50:54 | 000,129,024 | ---- | C] () -- C:\Windows\SysWow64\ff_mpeg2enc.dll

========== LOP Check ==========

[2010/10/10 20:15:23 | 000,000,000 | ---D | M] -- C:\Users\Choco Cake\AppData\Roaming\BrOffice.org
[2011/02/24 1004 | 000,000,000 | ---D | M] -- C:\Users\Choco Cake\AppData\Roaming\Fujitsu
[2010/11/17 09:25:27 | 000,000,000 | ---D | M] -- C:\Users\Choco Cake\AppData\Roaming\gtk-2.0
[2010/11/07 22:17:42 | 000,000,000 | ---D | M] -- C:\Users\Choco Cake\AppData\Roaming\IrfanView
[2010/11/07 10:41:55 | 000,000,000 | ---D | M] -- C:\Users\Choco Cake\AppData\Roaming\Samsung
[2011/04/19 14:37:52 | 000,000,000 | ---D | M] -- C:\Users\Little Mousse\AppData\Roaming\.minecraft
[2010/08/24 20:29:35 | 000,000,000 | ---D | M] -- C:\Users\Little Mousse\AppData\Roaming\BrOffice.org
[2011/06/07 12:37:43 | 000,000,000 | ---D | M] -- C:\Users\Little Mousse\AppData\Roaming\Cool Record Edit Pro
[2010/12/19 02:26:17 | 000,000,000 | ---D | M] -- C:\Users\Little Mousse\AppData\Roaming\DAEMON Tools Lite
[2010/12/17 02:11:05 | 000,000,000 | ---D | M] -- C:\Users\Little Mousse\AppData\Roaming\Enterbrain
[2011/01/26 19:11:31 | 000,000,000 | ---D | M] -- C:\Users\Little Mousse\AppData\Roaming\Free Sound Recorder
[2009/01/19 04:30:32 | 000,000,000 | ---D | M] -- C:\Users\Little Mousse\AppData\Roaming\Fujitsu
[2011/02/01 03:53:44 | 000,000,000 | ---D | M] -- C:\Users\Little Mousse\AppData\Roaming\GetRightToGo
[2011/07/22 03:14:33 | 000,000,000 | ---D | M] -- C:\Users\Little Mousse\AppData\Roaming\go
[2011/07/25 06:10:36 | 000,000,000 | ---D | M] -- C:\Users\Little Mousse\AppData\Roaming\gtk-2.0
[2010/08/22 01:44:07 | 000,000,000 | ---D | M] -- C:\Users\Little Mousse\AppData\Roaming\ImgBurn
[2011/07/23 00:13:25 | 000,000,000 | ---D | M] -- C:\Users\Little Mousse\AppData\Roaming\IrfanView
[2011/02/27 19:24:59 | 000,000,000 | ---D | M] -- C:\Users\Little Mousse\AppData\Roaming\Screaming Bee
[2011/07/04 04:42:03 | 000,000,000 | ---D | M] -- C:\Users\Little Mousse\AppData\Roaming\SecondLife
[2011/06/24 22:16:58 | 000,000,000 | ---D | M] -- C:\Users\Little Mousse\AppData\Roaming\SoftGrid Client
[2011/07/21 19:35:57 | 000,000,000 | ---D | M] -- C:\Users\Little Mousse\AppData\Roaming\Sony
[2010/09/07 22:01:49 | 000,000,000 | ---D | M] -- C:\Users\Little Mousse\AppData\Roaming\Synthesia
[2011/04/08 13:47:32 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/04/05 0110 | 000,024,576 | ---- | M] () -- C:\agth.exe
[2010/11/07 10:41:07 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp
[2011/07/31 22:39:29 | 000,026,338 | ---- | M] () -- C:\ComboFix.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2011/07/31 22:26:31 | 2384,744,448 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:44:20 | 000,075,280 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:44:20 | 000,090,128 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:44:20 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:44:20 | 000,094,224 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:44:20 | 000,080,400 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:44:20 | 000,078,864 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:44:20 | 000,074,768 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2010/12/30 21:55:21 | 001,739,393 | ---- | M] () -- C:\MALog.txt
[2011/07/31 22:26:34 | 473,956,351 | -HS- | M] () -- C:\pagefile.sys
[2010/10/10 23:08:21 | 637,748,367 | ---- | M] () -- C:\Pangya_Setup_GB.R4.500.Inst.exe
[2010/09/23 13:39:51 | 000,000,048 | ---- | M] () -- C:\pdfinfo.ini
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:50:40 | 001,927,956 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:53:12 | 000,242,176 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\Fonts\*.com >
[2009/07/14 02:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 02:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 02:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 02:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 17:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/07/04 08:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/11/10 02:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 01:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
[2011/06/27 21:05:55 | 1080,947,851 | ---- | M] () -- C:\Program Files (x86)\US_LUNAPlus_11011901.exe

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/08/08 14:27:16 | 000,000,221 | -HS- | M] () -- C:\Users\Little Mousse\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/07/31 22:00:11 | 004,159,367 | R--- | M] (Swearware) -- C:\Users\Little Mousse\Desktop\ComboFix.exe
[2011/08/01 01:54:26 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Little Mousse\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 18:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/08/09 19:16:27 | 000,000,402 | -HS- | M] () -- C:\Users\Little Mousse\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >


========== Files - Unicode (All) ==========
[2009/01/19 05:10:30 | 000,000,000 | ---D | M](C:\Program Files (x86)\?????????????CD(????ver.)) -- C:\Program Files (x86)\ハートの国のアリス予約特典CD（店舗予約ver.）
[2009/01/19 05:10:30 | 000,000,000 | ---D | M](C:\Program Files (x86)\?????????????CD(????ver.)) -- C:\Program Files (x86)\ハートの国のアリス予約特典CD（店舗予約ver.）
[2009/01/19 04:53:38 | 000,000,000 | ---D | M](C:\Program Files (x86)\?????????~ Wonderful Wonder World ~) -- C:\Program Files (x86)\ハートの国のアリス～ Wonderful Wonder World ～
[2009/01/19 04:53:38 | 000,000,000 | ---D | M](C:\Program Files (x86)\?????????~ Wonderful Wonder World ~) -- C:\Program Files (x86)\ハートの国のアリス～ Wonderful Wonder World ～
(C:\Users\Little Mousse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\?????????~ Wonderful Wonder World ~) -- C:\Users\Little Mousse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ハートの国のアリス～ Wonderful Wonder World ～
(C:\Users\Little Mousse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\?????????????CD(????ver.)) -- C:\Users\Little Mousse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ハートの国のアリス予約特典CD（店舗予約ver.）
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\?????????~ Wonderful Wonder World ~) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ハートの国のアリス～ Wonderful Wonder World ～
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\?????????????CD(????ver.)) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ハートの国のアリス予約特典CD（店舗予約ver.）
(C:\Program Files (x86)\?????????~ Wonderful Wonder World ~) -- C:\Program Files (x86)\ハートの国のアリス～ Wonderful Wonder World ～
(C:\Program Files (x86)\?????????????CD(????ver.)) -- C:\Program Files (x86)\ハートの国のアリス予約特典CD（店舗予約ver.）

< End of report >

Extras log

OTL Extras logfile created on: 01/08/2011 01:58:18 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Little Mousse\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

2,96 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 61,18% Memory free
7,40 Gb Paging File | 6,13 Gb Available in Paging File | 82,86% Paging File free
Paging file location(s): C:\pagefile.sys 4548 4548 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,99 Gb Total Space | 53,55 Gb Free Space | 17,97% Space Free | Partition Type: NTFS

Computer Name: MAGI | User Name: Little Mousse | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2335185673-1746681900-3595516796-1004\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6C8EEF0B-C4BE-35A7-BF08-7C3C667EB62A}" = Microsoft .NET Framework 4 Extended PTB Language Pack
"{717E49A9-8CA9-4B14-9D91-3591D7F4E9F8}" = Windows Live Family Safety
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0416-1000-0000000FF1CE}" = Microsoft Office com Clique para Executar 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{B7693CDE-074B-301C-9584-FC4343696C8B}" = Microsoft .NET Framework 4 Client Profile PTB Language Pack
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"GIMP-2_is1" = GIMP 2.6.10
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PTB Language Pack" = Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended PTB Language Pack" = Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Português (Brasil)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02FCAA8F-59D3-4198-822E-135C61EE4F0B}" = NeroKwikMedia Help (CHM)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0F895695-33CC-4203-9C47-25EF2AC9441C}" = Media Go
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}" = Nero Kwik Media
"{1FD5861E-57EE-49F2-9854-93B846D4E54F}" = BrOffice.org 3.2
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2DF215E0-BD3C-4C98-8616-AFEF09747285}" = Windows Live Sync
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3889988F-762B-4B85-AB17-71C9CC3AE445}" = Messenger Companion
"{39B3184E-0BFB-40FA-ADDC-E7E2D535CDA9}" = Controle ActiveX do Windows Live Mesh para Conexões Remotas
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{53C98066-CEA9-4E94-98C6-12A0D54ED42A}" = Ragnarok Online
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58CB9A9A-1EFB-4EA8-B50C-3097E754AC21}" = High-Definition Video Playback
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6652750B-AA69-49B7-9D09-C0A28B6FFC9F}" = ATLAS Translation Standard V14.0 Trial Version
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0062-0416-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - Português (Brasil)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B88DD94-1AAE-41C4-BD95-2D8737D5E9E2}" = Watson
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1046-7B44-A94000000001}" = Adobe Reader 9.4.0 - Português
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C541EEFC-49B0-4976-80DB-4D5B78B50114}" = MorphVOX Pro
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D54A52A8-DF24-4CE8-850B-074CA47DFA74}" = Windows Live Messenger
"{D9B5AE52-FEF9-4E5C-A63E-06A6638B2935}" = Nero Kwik Media
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5D03B2E-B2D4-477F-A60D-8E1969D821FA}" = Adobe Flash Player 10 ActiveX
"{E5E1E6CE-9E18-48A3-B102-595833A0008A}" = YAMAHA MidRadio Player
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"avast" = avast! Free Antivirus
"BitComet" = BitComet 1.27
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dell Webcam Central" = Dell Webcam Central
"DVD Shrink_is1" = DVD Shrink 3.2
"ETDemo.exe" = ETDrill - Demonstration Version
"FormatFactory" = FormatFactory 2.60
"Foxit Reader_is1" = Foxit Reader 5.0
"Free AVI to WMV Converter_is1" = Free AVI to WMV Converter
"Free Sound Recorder_is1" = Free Sound Recorder 2010 v9.2.1
"Google Chrome" = Google Chrome
"Guild Wars" = Guild Wars
"ImgBurn" = ImgBurn
"IrfanView" = IrfanView (remove only)
"KeyHoleTV" = KeyHoleTV
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.2.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware versão 1.51.1.1800
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MyFreeCodec" = MyFreeCodec
"Office14.Click2Run" = Microsoft Office com Clique para Executar 2010
"OpenAL" = OpenAL
"Pangya" = Pangya (Ntreev USA)
"Piano Eletrônico 2.5_is1" = Piano Eletrônico 2.5
"RealAlt_is1" = Real Alternative 2.0.2
"RealPlayer 12.0" = RealPlayer
"RPG Maker VX" = RPG Maker VX 1.01
"RPG Maker VX RTP" = RPG Maker VX RTP ${PRODUCT_VERSION}
"RTP 1.32 Add-On for RM2k" = RTP 1.32 Add-On for RM2k
"Text To PDF Converter v1.5_is1" = Text To PDF Converter v1.5
"Veetle TV" = Veetle TV 0.9.18
"WinAVI Video Converter" = WinAVI Video Converter
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = Arquivo do WinRAR
"XP Codec Pack" = XP Codec Pack

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2335185673-1746681900-3595516796-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 01/08/2011 0009 | Computer Name = MAGI | Source = SideBySide | ID = 16842785
Description = Falha na geração de contexto de ativação para "C:\Windows\system32\conhost.exe".
Assembly dependente Microsoft.Windows.SystemCompatible,processorArchit ecture="amd64",publicKeyToken="6595b64144ccf1df",t ype="win32",version="6.0.7600.16823"
não pôde ser localizado. Use o arquivo sxstrace.exe para obter um diagnóstico detalhado.

Error - 01/08/2011 0009 | Computer Name = MAGI | Source = SideBySide | ID = 16842785
Description = Falha na geração de contexto de ativação para "C:\Windows\system32\conhost.exe".
Assembly dependente Microsoft.Windows.SystemCompatible,processorArchit ecture="amd64",publicKeyToken="6595b64144ccf1df",t ype="win32",version="6.0.7600.16823"
não pôde ser localizado. Use o arquivo sxstrace.exe para obter um diagnóstico detalhado.

Error - 01/08/2011 0009 | Computer Name = MAGI | Source = SideBySide | ID = 16842785
Description = Falha na geração de contexto de ativação para "C:\Windows\system32\conhost.exe".
Assembly dependente Microsoft.Windows.SystemCompatible,processorArchit ecture="amd64",publicKeyToken="6595b64144ccf1df",t ype="win32",version="6.0.7600.16823"
não pôde ser localizado. Use o arquivo sxstrace.exe para obter um diagnóstico detalhado.

Error - 01/08/2011 0011 | Computer Name = MAGI | Source = SideBySide | ID = 16842785
Description = Falha na geração de contexto de ativação para "C:\Windows\system32\conhost.exe".
Assembly dependente Microsoft.Windows.SystemCompatible,processorArchit ecture="amd64",publicKeyToken="6595b64144ccf1df",t ype="win32",version="6.0.7600.16823"
não pôde ser localizado. Use o arquivo sxstrace.exe para obter um diagnóstico detalhado.

Error - 01/08/2011 0018 | Computer Name = MAGI | Source = SideBySide | ID = 16842785
Description = Falha na geração de contexto de ativação para "C:\Windows\system32\conhost.exe".
Assembly dependente Microsoft.Windows.SystemCompatible,processorArchit ecture="amd64",publicKeyToken="6595b64144ccf1df",t ype="win32",version="6.0.7600.16823"
não pôde ser localizado. Use o arquivo sxstrace.exe para obter um diagnóstico detalhado.

Error - 01/08/2011 0018 | Computer Name = MAGI | Source = SideBySide | ID = 16842785
Description = Falha na geração de contexto de ativação para "C:\Windows\system32\conhost.exe".
Assembly dependente Microsoft.Windows.SystemCompatible,processorArchit ecture="amd64",publicKeyToken="6595b64144ccf1df",t ype="win32",version="6.0.7600.16823"
não pôde ser localizado. Use o arquivo sxstrace.exe para obter um diagnóstico detalhado.

Error - 01/08/2011 0018 | Computer Name = MAGI | Source = SideBySide | ID = 16842785
Description = Falha na geração de contexto de ativação para "C:\Windows\system32\conhost.exe".
Assembly dependente Microsoft.Windows.SystemCompatible,processorArchit ecture="amd64",publicKeyToken="6595b64144ccf1df",t ype="win32",version="6.0.7600.16823"
não pôde ser localizado. Use o arquivo sxstrace.exe para obter um diagnóstico detalhado.

Error - 01/08/2011 0018 | Computer Name = MAGI | Source = SideBySide | ID = 16842785
Description = Falha na geração de contexto de ativação para "C:\Windows\system32\conhost.exe".
Assembly dependente Microsoft.Windows.SystemCompatible,processorArchit ecture="amd64",publicKeyToken="6595b64144ccf1df",t ype="win32",version="6.0.7600.16823"
não pôde ser localizado. Use o arquivo sxstrace.exe para obter um diagnóstico detalhado.

Error - 01/08/2011 0019 | Computer Name = MAGI | Source = SideBySide | ID = 16842785
Description = Falha na geração de contexto de ativação para "C:\Windows\system32\conhost.exe".
Assembly dependente Microsoft.Windows.SystemCompatible,processorArchit ecture="amd64",publicKeyToken="6595b64144ccf1df",t ype="win32",version="6.0.7600.16823"
não pôde ser localizado. Use o arquivo sxstrace.exe para obter um diagnóstico detalhado.

Error - 01/08/2011 01:05:55 | Computer Name = MAGI | Source = SideBySide | ID = 16842785
Description = Falha na geração de contexto de ativação para "C:\Windows\system32\conhost.exe".
Assembly dependente Microsoft.Windows.SystemCompatible,processorArchit ecture="amd64",publicKeyToken="6595b64144ccf1df",t ype="win32",version="6.0.7600.16823"
não pôde ser localizado. Use o arquivo sxstrace.exe para obter um diagnóstico detalhado.

[ Media Center Events ]
Error - 29/09/2010 16:49:15 | Computer Name = dell-PC | Source = MCUpdate | ID = 0
Description = 17:49:15 - Erro ao estabelecer conexão com a Internet. 17:49:15 -
Não foi possível contatar o servidor..

Error - 29/09/2010 16:49:28 | Computer Name = dell-PC | Source = MCUpdate | ID = 0
Description = 17:49:21 - Erro ao estabelecer conexão com a Internet. 17:49:21 -
Não foi possível contatar o servidor..

Error - 31/07/2011 1513 | Computer Name = MAGI | Source = MCUpdate | ID = 0
Description = 1613 - Erro ao estabelecer conexão com a Internet. 1613 -
Não foi possível contatar o servidor..

Error - 31/07/2011 1530 | Computer Name = MAGI | Source = MCUpdate | ID = 0
Description = 1618 - Erro ao estabelecer conexão com a Internet. 1618 -
Não foi possível contatar o servidor..

Error - 31/07/2011 1645 | Computer Name = MAGI | Source = MCUpdate | ID = 0
Description = 1745 - Erro ao estabelecer conexão com a Internet. 1745 -
Não foi possível contatar o servidor..

Error - 31/07/2011 1656 | Computer Name = MAGI | Source = MCUpdate | ID = 0
Description = 1750 - Erro ao estabelecer conexão com a Internet. 1750 -
Não foi possível contatar o servidor..

[ System Events ]
Error - 31/07/2011 15:01:07 | Computer Name = MAGI | Source = DCOM | ID = 10005
Description =

Error - 31/07/2011 15:01:07 | Computer Name = MAGI | Source = Service Control Manager | ID = 7001
Description = O serviço Serviço da Lista de Redes depende do serviço Reconhecimento
de Locais de Rede, mas não foi possível iniciá-lo devido ao seguinte erro: %%1068

Error - 31/07/2011 15:08:52 | Computer Name = MAGI | Source = Service Control Manager | ID = 7001
Description = O serviço Serviço da Lista de Redes depende do serviço Reconhecimento
de Locais de Rede, mas não foi possível iniciá-lo devido ao seguinte erro: %%1068

Error - 31/07/2011 15:12:37 | Computer Name = MAGI | Source = Service Control Manager | ID = 7001
Description = O serviço Serviço da Lista de Redes depende do serviço Reconhecimento
de Locais de Rede, mas não foi possível iniciá-lo devido ao seguinte erro: %%1068

Error - 31/07/2011 15:17:43 | Computer Name = MAGI | Source = Service Control Manager | ID = 7022
Description = Serviço Application Virtualization Client suspenso ao iniciar.

Error - 31/07/2011 15:17:43 | Computer Name = MAGI | Source = Service Control Manager | ID = 7001
Description = O serviço Client Virtualization Handler depende do serviço Application
Virtualization Client, mas não foi possível iniciá-lo devido ao seguinte erro:
%%1070

Error - 31/07/2011 21:17:04 | Computer Name = MAGI | Source = Service Control Manager | ID = 7030
Description = O serviço PEVSystemStart está marcado como um serviço interativo.
No entanto, o sistema está configurado para não permitir serviços interativos. Esse
serviço pode não funcionar corretamente.

Error - 31/07/2011 21:23:46 | Computer Name = MAGI | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys foi impedido de carregar devido a uma
incompatibilidade com este sistema. Contate o fornecedor do software para obter
uma versão compatível do driver.

Error - 31/07/2011 21:25:45 | Computer Name = MAGI | Source = Service Control Manager | ID = 7030
Description = O serviço PEVSystemStart está marcado como um serviço interativo.
No entanto, o sistema está configurado para não permitir serviços interativos. Esse
serviço pode não funcionar corretamente.

Error - 31/07/2011 21:32:47 | Computer Name = MAGI | Source = Service Control Manager | ID = 7022
Description = Serviço Windows Update suspenso ao iniciar.


< End of report >


My computer is acting normal, at least now.
But before I could enter this forum, it was very slow, only working at normal speed when I entered Safe Mode. But now it's normal again.
There are no more signs of that other virus I told you about, no more creepy crying woman nor redirected web pages.
The blue screen hasn't showed up too, but it doesn't appears that frequently, so that's normal.

And thank you so much for the help, this forum is just the best thing that could have happened to me right now, I'm really thankfull.

Good news

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  Code:

  :OTL
  SRV:64bit: - [2010/10/13 21:28:54 | 000,149,032 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
  DRV:64bit: - [2010/10/13 21:28:54 | 000,529,128 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
  DRV:64bit: - [2010/10/13 21:28:54 | 000,121,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
  FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
  FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
  FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.co m/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll File not found
  FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
  O3 - HKU\S-1-5-21-2335185673-1746681900-3595516796-1004\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
  [2011/07/21 16:06:06 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
  [2011/07/21 16:04:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

================================================== ====

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

Now I just had a little problem
When I tried to run OTL it stopped functioning and it's not responding, and Ctrl+Alt+Del is not responding too... I'm trying to reboot the PC but it just closed everything from my desktop and the empty screen with my wallpaper is there for 10 minutes now...
I'll try doing it through the button. If it works after this I'll post the log, if not... well, I'll ask for help xD
That's how it was before I entered the forum, slow and with problems to reboot and turn off.
Maybe I'll just try running OTL in Safe Mode.