Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Please i need help with SYS32.ACOVCNT !!!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Please i need help with SYS32.ACOVCNT !!!

Unread postby aires365 » February 15th, 2010, 5:42 am

Hi my name is Aires,

And i need help guys.. Im going crazy on my laptop, i use Firefox and everyday is going slower and slower..

I have Norton and Malwarebytes but only Removit Pro v4 could detect this Sys32.acovcnt

and its on c:\windows\system32\acovcnt.exe and i clean it and it comes back again..

Now i can not work anymore, my pc its going slow slow slow..

Can you please help me?


---------------------------------

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 00:13:16, on 14-02-2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\P4P\P4P.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ASUS\ASUS Direct Console\LCMP.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lockerz.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe"
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [DirectMessenger] "C:\Program Files\ASUS\ASUS Direct Console\LCMP.EXE"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SmartVoip] "C:\Program Files\SmartVoip.com\SmartVoip\SmartVoip.exe" -nosplash -minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Serviço de rede')
O4 - Global Startup: SetPoint.lnk = C:\Program Files\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Unibet - {00000000-0000-0000-0000-000000000000} - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Gruss Software Ltd: Betting Assistant update permissions manager. 30256. - Unknown owner - C:\Program Files\Betting Assistant\AUClient.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Logitech, Inc. - (no file)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

--
End of file - 8927 bytes
----------------------------------

Uninstall List

ABC (remove only)
AC3Filter (remove only)
Actualização do Microsoft Office Excel 2007 Help (KB963678)
Actualização do Microsoft Office Powerpoint 2007 Help (KB963669)
Actualização do Microsoft Office Word 2007 Help (KB963665)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8
Adobe Shockwave Player 11.5
Advanced SystemCare 3
Assistente de Início de Sessão do Windows Live
ASUS Data Security Manager
ASUS Direct Console
ASUS InstantFun
ASUS Live Update
ASUS Splendid Video Enhancement Technology
ATK Generic Function Service
ATK Hotkey
ATK Media
ATKOSD2
BetFairAndSquare Exchange Simulator
Betting Assistant
Bf Bot Manager v1
Bf Bot Manager v2
CCleaner
CDDRV_Installer
DivX Codec
DivX Converter
DivX Plus DirectShow Filters
DivX Web Player
Esquemas de Som do Windows
Ferramenta de Carregamento do Windows Live
ffdshow [rev 3014] [2009-06-20]
Football Manager 2010
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel® Turbo Memory e Intel® Matrix Storage Manager
JMB36X Raid Configurer
KhalInstallWrapper
LifeFrame2
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 Language Pack SP1 - esn
Microsoft .NET Framework 3.5 Language Pack SP1 - ptg
Microsoft .NET Framework 3.5 Language Pack SP1 - PTG
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (Portuguese (Portugal)) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Portuguese (Portugal)) 2007
Microsoft Office Groove MUI (Portuguese (Portugal)) 2007
Microsoft Office InfoPath MUI (Portuguese (Portugal)) 2007
Microsoft Office OneNote MUI (Portuguese (Portugal)) 2007
Microsoft Office Outlook MUI (Portuguese (Portugal)) 2007
Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Portuguese (Portugal)) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (Portuguese (Portugal)) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (Portuguese (Portugal)) 2007
Microsoft Office Shared MUI (Portuguese (Portugal)) 2007
Microsoft Office Word MUI (Portuguese (Portugal)) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Motorola SM56 Speakerphone Modem
Mozilla Firefox (3.5.7)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MV AntiSpy 4.0
MV RegClean 5.9 (Portugal)
NB Probe
Need for Speed™ Undercover
Nero 9
neroxml
Norton Internet Security
NVIDIA Drivers
P4P
Paquete de idioma de Microsoft .NET Framework 3.5 SP1 - esn
Power4Gear eXtreme
PowerISO
Real Alternative 1.9.0
Realtek High Definition Audio Driver
RemoveIT Pro v4 - SE
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
SetPoint
Smart Defrag
SmartVoip
Synaptics Pointing Device Driver
Ultimate Extras sounds from Microsoft® Tinker™
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb977839)
VC80CRTRedist - 8.0.50727.762
VistaFeaturePack
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Media Player Firefox Plugin
WinFlash
WinRAR archiver
Wireless Console 2

------------------------------
aires365
Regular Member
 
Posts: 21
Joined: February 13th, 2010, 6:55 pm
Advertisement
Register to Remove

Re: Please i need help with SYS32.ACOVCNT !!!

Unread postby MWR 3 day Mod » February 19th, 2010, 2:48 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Please i need help with SYS32.ACOVCNT !!!

Unread postby Katana » February 27th, 2010, 9:40 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.


Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
  1. Please Read All Instructions Carefully
  2. If you don't understand something, stop and ask! Don't keep going on.
  3. Please do not run any other tools or scans whilst I am helping you
  4. Please continue to respond until I give you the "All Clear"
    (Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly Image

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe


----------------------------------------------------------------------------------------

I apologize for the delay in responding, but as you can probably see the forums are quite busy.
Unfortunately there are far more people needing help than there are helpers.

If you still require help please do the following


Download and Run RSIT
  • Please download Random's System Information Tool by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.
  • Please post the contents of both log.txt and info.txt.


GMER Rootkit Detector

Please download GMER Rootkit Scanner from Here or Here

***Please close any open programs ***
  • Extract the contents of the zip file to your desktop.
  • Disable your onboard Anti Virus and any other Active protection programs you have installed.
  • Double-click gmer.exe. The program will begin to run.

    Note:- If GMER doesn't run, please Reboot and then rename gmer.exe to Look.exe and try again

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst


  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO,
  • Now use the following settings for a more complete scan..

    Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once the scan is complete, you may receive another notice about rootkit activity. If you recive it, click OK.
  • Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.


DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

Please post the results from the GMER scan in your reply.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Please i need help with SYS32.ACOVCNT !!!

Unread postby aires365 » February 28th, 2010, 7:38 am

Hi :) !!!

Thanks so much to helping me !!!

Here´s the Log of Rsit


Logfile of random's system information tool 1.06 (written by random/random)
Run by Aires at 2010-02-28 12:14:38
Microsoft® Windows Vista™ Ultimate Service Pack 2
System drive C: has 77 GB (54%) free of 143 GB
Total RAM: 2047 MB (39% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:15:09, on 28-02-2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\P4P\P4P.exe
C:\Program Files\ASUS\ASUS Direct Console\LCMP.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\Aires\Desktop\RSIT.exe
C:\Program Files\trend micro\Aires.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lockerz.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe"
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [DirectMessenger] "C:\Program Files\ASUS\ASUS Direct Console\LCMP.EXE"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Serviço de rede')
O4 - Global Startup: SetPoint.lnk = C:\Program Files\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Unibet - {00000000-0000-0000-0000-000000000000} - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Gruss Software Ltd: Betting Assistant update permissions manager. 30256. - Unknown owner - C:\Program Files\Betting Assistant\AUClient.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Logitech, Inc. - (no file)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

--
End of file - 9059 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Malwarebytes' Scheduled Scan for Aires.job
C:\Windows\tasks\Malwarebytes' Scheduled Update for Aires.job
C:\Windows\tasks\Registry Winner Schedule.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll [2009-12-10 394608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\IPSBHO.DLL [2009-11-17 79224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programa Auxiliar de Início de Sessão do Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-02-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll [2009-12-10 394608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-07-06 4669440]
"Skytel"=C:\Windows\Skytel.exe [2007-06-15 1826816]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2006-11-21 630784]
"JMB36X IDE Setup"=C:\Windows\RaidTool\xInsIDE.exe [2007-03-20 36864]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-03-01 857648]
"ATKMEDIA"=C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [2006-11-02 61440]
"PowerForPhone"=C:\Program Files\P4P\P4P.exe [2007-08-03 778240]
"IaNvSrv"=C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe [2007-07-24 33304]
"DirectMessenger"=C:\Program Files\ASUS\ASUS Direct Console\LCMP.EXE [2007-07-21 988160]
"Kernel and Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2007-04-11 56080]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2007-07-24 174616]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-06-06 86016]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-06-06 8433664]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-06-06 81920]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-01-07 1394000]
"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdSync.exe [2006-11-02 215552]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-01-07 429392]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
SetPoint.lnk - C:\Program Files\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll [2007-07-20 233888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29b0268f-62fc-11de-8063-001d60c4491e}]
shell\AutoRun\command - H:\CALC.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4db9ad9-c545-11de-afec-001d60c4491e}]
shell\AutoRun\command - G:\autorun.exe


======List of files/folders created in the last 3 months======

2010-02-28 12:14:46 ----D---- C:\Program Files\trend micro
2010-02-28 12:14:38 ----D---- C:\rsit
2010-02-27 22:30:42 ----D---- C:\Program Files\BeloSoft
2010-02-26 23:35:25 ----D---- C:\Program Files\City Interactive
2010-02-24 12:33:33 ----A---- C:\Windows\system32\tzres.dll
2010-02-15 23:06:35 ----D---- C:\ProgramData\Sun
2010-02-15 23:06:18 ----D---- C:\Program Files\Common Files\Java
2010-02-15 23:05:23 ----A---- C:\Windows\system32\javaws.exe
2010-02-15 23:05:23 ----A---- C:\Windows\system32\javaw.exe
2010-02-15 23:05:23 ----A---- C:\Windows\system32\deploytk.dll
2010-02-15 23:05:22 ----A---- C:\Windows\system32\java.exe
2010-02-15 23:04:27 ----D---- C:\Program Files\Java
2010-02-15 05:04:41 ----A---- C:\Windows\system32\acovcnt.exe
2010-02-14 00:00:48 ----D---- C:\Program Files\TrendMicro
2010-02-13 18:21:55 ----A---- C:\Windows\ScanSpyware.INI
2010-02-13 17:37:14 ----D---- C:\Users\Aires\AppData\Roaming\ScanSpyware
2010-02-10 06:25:10 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-02-10 06:25:10 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-02-10 06:24:59 ----A---- C:\Windows\system32\quartz.dll
2010-02-10 06:24:58 ----A---- C:\Windows\system32\tsbyuv.dll
2010-02-10 06:24:58 ----A---- C:\Windows\system32\msyuv.dll
2010-02-10 06:24:58 ----A---- C:\Windows\system32\msvidc32.dll
2010-02-10 06:24:58 ----A---- C:\Windows\system32\msrle32.dll
2010-02-10 06:24:58 ----A---- C:\Windows\system32\iyuv_32.dll
2010-02-10 06:24:57 ----A---- C:\Windows\system32\msvfw32.dll
2010-02-10 06:24:57 ----A---- C:\Windows\system32\mciavi32.dll
2010-02-10 06:24:57 ----A---- C:\Windows\system32\avifil32.dll
2010-02-08 13:27:11 ----D---- C:\ProgramData\TamoSoft
2010-02-07 23:51:29 ----D---- C:\Program Files\InCode Solutions
2010-02-04 00:27:13 ----D---- C:\Program Files\CCleaner
2010-01-31 14:17:44 ----D---- C:\Program Files\Symantec
2010-01-31 14:16:45 ----D---- C:\Program Files\Norton Internet Security
2010-01-31 14:16:27 ----D---- C:\Program Files\NortonInstaller
2010-01-29 03:35:41 ----D---- C:\Users\Aires\AppData\Roaming\BetFairAndSquare
2010-01-29 03:35:41 ----D---- C:\Program Files\BetFairAndSquare Exchange Simulator
2010-01-29 03:27:45 ----D---- C:\Program Files\Microsoft SQL Server
2010-01-27 11:21:12 ----D---- C:\Users\Aires\AppData\Roaming\Betting Assistant
2010-01-27 11:21:12 ----D---- C:\temp
2010-01-27 11:20:25 ----D---- C:\Program Files\Betting Assistant
2010-01-25 23:34:01 ----D---- C:\Program Files\Chat Republic Games
2010-01-23 16:35:18 ----A---- C:\Windows\ATKPF.ini
2010-01-22 10:17:51 ----A---- C:\Windows\system32\wininet.dll
2010-01-22 10:17:51 ----A---- C:\Windows\system32\mshtml.dll
2010-01-22 10:17:50 ----A---- C:\Windows\system32\urlmon.dll
2010-01-22 10:17:49 ----A---- C:\Windows\system32\ieframe.dll
2010-01-22 10:17:48 ----A---- C:\Windows\system32\ieui.dll
2010-01-22 10:17:48 ----A---- C:\Windows\system32\iepeers.dll
2010-01-22 10:17:48 ----A---- C:\Windows\system32\ieencode.dll
2010-01-22 10:17:47 ----A---- C:\Windows\system32\ieapfltr.dll
2010-01-18 19:01:52 ----D---- C:\Users\Aires\AppData\Roaming\SmartVoip
2010-01-18 18:59:55 ----D---- C:\Program Files\SmartVoip.com
2010-01-16 18:56:17 ----D---- C:\Program Files\Common Files\Innovative Solutions
2010-01-16 16:31:46 ----SH---- C:\Windows\system32\SC.dll
2010-01-16 15:46:17 ----D---- C:\Windows\system32\xlive
2010-01-16 15:46:16 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE
2010-01-15 17:31:59 ----D---- C:\Windows\system32\Adobe
2010-01-13 09:22:22 ----A---- C:\Windows\system32\t2embed.dll
2010-01-13 09:22:22 ----A---- C:\Windows\system32\fontsub.dll
2010-01-11 16:23:00 ----D---- C:\Users\Aires\AppData\Roaming\Microgaming
2010-01-08 12:49:05 ----D---- C:\Program Files\bfbotmanager.com4
2010-01-08 12:48:43 ----D---- C:\Program Files\bfbotmanager.com3
2010-01-06 16:48:49 ----D---- C:\Program Files\bfbotmanager.com2
2010-01-02 11:20:39 ----D---- C:\Program Files\bfbotmanager.com
2009-12-30 07:17:51 ----D---- C:\Users\Aires\AppData\Roaming\smc
2009-12-09 15:50:43 ----A---- C:\Windows\system32\iisrstap.dll
2009-12-09 15:50:43 ----A---- C:\Windows\system32\iisreset.exe
2009-12-09 15:50:42 ----A---- C:\Windows\system32\iisRtl.dll
2009-12-09 15:50:41 ----A---- C:\Windows\system32\nshhttp.dll
2009-12-09 15:50:40 ----A---- C:\Windows\system32\ahadmin.dll
2009-12-09 15:50:40 ----A---- C:\Windows\system32\admwprox.dll
2009-12-09 15:50:38 ----A---- C:\Windows\system32\httpapi.dll
2009-12-09 15:50:36 ----A---- C:\Windows\system32\wamregps.dll
2009-12-09 06:41:36 ----A---- C:\Windows\system32\winhttp.dll
2009-12-09 06:40:52 ----A---- C:\Windows\system32\rastls.dll
2009-11-30 23:12:24 ----D---- C:\ProgramData\Boss Media

======List of files/folders modified in the last 3 months======

2010-02-28 12:14:46 ----RD---- C:\Program Files
2010-02-28 12:14:44 ----D---- C:\Windows\Temp
2010-02-28 06:12:29 ----D---- C:\Windows\system32\drivers
2010-02-28 05:34:23 ----SHD---- C:\System Volume Information
2010-02-27 22:30:48 ----SHD---- C:\Windows\Installer
2010-02-27 21:52:32 ----AD---- C:\Windows\System32
2010-02-27 21:52:32 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-02-27 21:52:31 ----D---- C:\Windows\inf
2010-02-26 23:45:40 ----D---- C:\Windows
2010-02-25 11:21:42 ----D---- C:\Windows\rescache
2010-02-25 00:34:57 ----D---- C:\Windows\winsxs
2010-02-25 00:34:56 ----D---- C:\Windows\system32\pt-PT
2010-02-25 00:34:56 ----D---- C:\Windows\system32\es-ES
2010-02-25 00:34:56 ----D---- C:\Windows\system32\en-US
2010-02-25 00:19:46 ----A---- C:\Windows\system32\PnkBstrB.exe
2010-02-24 12:30:49 ----D---- C:\Windows\system32\catroot
2010-02-24 12:30:46 ----D---- C:\Windows\system32\catroot2
2010-02-22 11:28:18 ----D---- C:\Windows\Prefetch
2010-02-22 11:23:51 ----D---- C:\Program Files\Mozilla Firefox
2010-02-19 17:30:12 ----D---- C:\ProgramData\Microsoft Help
2010-02-15 23:06:35 ----HD---- C:\ProgramData
2010-02-15 23:06:18 ----D---- C:\Program Files\Common Files
2010-02-13 20:59:14 ----D---- C:\Windows\Debug
2010-02-12 19:03:52 ----D---- C:\Users\Aires\AppData\Roaming\IObit
2010-02-09 11:49:14 ----D---- C:\SPDISK
2010-02-03 12:39:02 ----D---- C:\Windows\system32\config
2010-02-01 20:26:20 ----A---- C:\Windows\system32\mrt.exe
2010-02-01 11:51:19 ----D---- C:\Windows\system32\Tasks
2010-01-31 14:17:45 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-01-31 14:16:45 ----D---- C:\ProgramData\Norton
2010-01-31 14:16:34 ----D---- C:\ProgramData\NortonInstaller
2010-01-29 03:33:44 ----RSD---- C:\Windows\assembly
2010-01-29 03:32:04 ----D---- C:\Program Files\Common Files\microsoft shared
2010-01-29 03:32:03 ----D---- C:\Program Files\Microsoft.NET
2010-01-28 11:55:50 ----SD---- C:\Users\Aires\AppData\Roaming\Microsoft
2010-01-17 23:18:49 ----D---- C:\Windows\Tasks
2010-01-16 20:39:10 ----D---- C:\Users\Aires\AppData\Roaming\Tropico 3
2010-01-16 18:59:46 ----D---- C:\Program Files\Innovative Solutions
2010-01-16 18:56:14 ----D---- C:\ProgramData\Innovative Solutions
2010-01-15 23:37:20 ----D---- C:\Program Files\IObit
2010-01-09 04:56:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-07 23:19:45 ----SD---- C:\Windows\Downloaded Program Files
2009-12-09 16:39:01 ----D---- C:\Windows\system32\migration
2009-12-09 16:39:00 ----D---- C:\Windows\system32\inetsrv

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 BHDrvx86;BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100211.001\BHDrvx86.sys [2010-02-11 536112]
R1 ccHP;Symantec Hash Provider; C:\Windows\system32\drivers\NIS\1105000.07F\ccHPx86.sys [2009-12-09 501888]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2009-04-11 351744]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2009-08-29 371248]
R1 IDSVix86;IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100224.002\IDSvix86.sys [2009-10-28 343088]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2009-07-27 58908]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\Windows\system32\drivers\NIS\1105000.07F\SRTSPX.SYS [2009-12-03 43696]
R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\NIS\1105000.07F\Ironx86.SYS [2009-11-26 116272]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver; C:\Windows\System32\Drivers\NIS\1105000.07F\SYMTDIV.SYS [2009-11-22 340016]
R2 ASMMAP;ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys [2007-07-24 13880]
R2 ghaio;ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2007-08-03 20936]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-24 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-22 37376]
R3 CmBatt;Controlador Microsoft ACPI Control Method Battery; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-29 102448]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-07-18 1841312]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2007-01-24 5632]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2007-04-11 34832]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2007-04-11 36112]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys [2007-04-11 28688]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2010-01-07 19160]
R3 MODEMCSA;Dispositivo de filtro de fluxo Unimodem; C:\Windows\system32\drivers\MODEMCSA.sys [2008-01-19 18432]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-13 7680]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100227.025\NAVENG.SYS [2010-02-04 84912]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100227.025\NAVEX15.SYS [2010-02-04 1324720]
R3 NETw4v32;Controlador do Adaptador da ligação WiFi sem fios Intel(R) para Windows Vista 32 Bits; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-06-20 2222080]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-06-06 7120768]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-03-05 76288]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-21 982272]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-05-25 1743232]
R3 SRTSP;Symantec Real Time Storage Protection; C:\Windows\System32\Drivers\NIS\1105000.07F\SRTSP.SYS [2009-12-03 325168]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2010-01-31 124976]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-03-01 182456]
S3 a54iyyfn;a54iyyfn; C:\Windows\system32\drivers\a54iyyfn.sys []
S3 BthEnum;Serviço enumerador Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Dispositivo Bluetooth (Rede de área pessoal); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
S3 BTHPORT;Controlador de porta Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;Controlador USB de rádio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 drmkaud;Microsoft Kernel DRM Descrambler Filter; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 RFCOMM;Dispositivo Bluetooth (TDI protocolo RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2006-11-02 41064]
S3 usb_rndisx;Adaptador RNDIS USB; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-04-11 15872]
S3 usbvideo;Dispositivo de vídeo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ADSMService;ADSM Service; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [2007-05-18 73728]
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-02-06 94208]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 Gruss Software Ltd: Betting Assistant update permissions manager. 30256.;Gruss Software Ltd: Betting Assistant update permissions manager. 30256.; C:\Program Files\Betting Assistant\AUClient.exe [2008-01-09 622592]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2007-07-24 354840]
R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-01-07 236368]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-25 29263712]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-30 935208]
R2 NetPipeActivator;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-02-18 129880]
R2 NetTcpActivator;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-02-18 129880]
R2 NIS;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe [2009-12-09 126392]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-10-01 66872]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2007-08-03 125496]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-19 523776]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2009-04-11 918528]
S4 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-25 45408]
S4 NetMsmqActivator;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-02-18 129880]
S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-25 239968]
S4 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-19 21504]

-----------------EOF-----------------

And here is the Info log:

info.txt logfile of random's system information tool 1.06 2010-02-28 12:15:18

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
ABC (remove only)-->C:\Program Files\ABC\Uninstall.exe
AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
Actualização do Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0816-0000-0000000FF1CE} /uninstall {CCDE3C71-5F35-477F-BA90-1A399C91C10C}
Actualização do Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0816-0000-0000000FF1CE} /uninstall {CF0BC77F-1B63-44BF-BCFE-3A8CBB9077D1}
Actualização do Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0816-0000-0000000FF1CE} /uninstall {A1A8C49E-BB40-4852-853E-B5A1F6BB2A3C}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Advanced SystemCare 3-->"C:\Program Files\IObit\Advanced SystemCare 3\unins000.exe"
Assistente de Início de Sessão do Windows Live-->MsiExec.exe /I{28DA1AA2-07F2-4451-A28B-A6A01A9CE8E9}
ASUS Data Security Manager-->C:\Program Files\InstallShield Installation Information\{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}\SETUP.exe -runfromtemp -l0x0009 -removeonly
ASUS Direct Console-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{064F2D10-83D0-4040-B5B7-BD22BFEB65A2}\SETUP.EXE" -l0x9
ASUS InstantFun-->MsiExec.exe /I{57B15AD4-8C9D-4164-82BB-E33D8644E757}
ASUS Live Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}\setup.exe" -l0x9
ASUS Splendid Video Enhancement Technology-->C:\Program Files\InstallShield Installation Information\{C0FC1C14-4824-4A73-87A6-9E888C9C3102}\SETUP.exe -runfromtemp -l0x0009 -removeonly
ATK Generic Function Service-->C:\Program Files\InstallShield Installation Information\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}\SETUP.exe -runfromtemp -l0x0009 -removeonly
ATK Hotkey-->C:\Program Files\InstallShield Installation Information\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}\SETUP.exe -runfromtemp -l0x0009 -removeonly
ATK Media-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}\SETUP.EXE" -l0x9
ATKOSD2-->C:\Program Files\InstallShield Installation Information\{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}\SETUP.exe -runfromtemp -l0x0009 -removeonly
BetFairAndSquare Exchange Simulator-->MsiExec.exe /I{DCFD9DF7-EA14-48D8-AE76-AF1B84CCB53F}
Betting Assistant-->MsiExec.exe /I{CA48BCFD-9615-42B7-9E3A-A672CE023843}
Bf Bot Manager v1-->MsiExec.exe /I{EC966A7F-13C4-4A16-A35B-D9EF9E798D79}
Bf Bot Manager v2-->MsiExec.exe /I{529889C0-FE3B-4C43-ADF3-7992B55F2C9B}
Bfexplorer-->MsiExec.exe /I{36B03711-528B-427C-8C09-19C1455E7768}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CDDRV_Installer-->MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Esquemas de Som do Windows-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\UltSound.inf,Uninstall
Ferramenta de Carregamento do Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
ffdshow [rev 3014] [2009-06-20]-->"C:\Program Files\ffdshow\unins000.exe"
Football Manager 2010-->"C:\Program Files\Sports Interactive\Football Manager 2010\Uninstall_Football Manager 2010\Uninstall Football Manager 2010.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HiJackThis-->MsiExec.exe /X{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Intel® Turbo Memory e Intel® Matrix Storage Manager-->C:\Windows\system32\imsmudlg.exe -uninstall
Java(TM) 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018FF}
JMB36X Raid Configurer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\SETUP.exe" -l0x9 -removeonly
KhalInstallWrapper-->MsiExec.exe /I{56918C0C-0D87-4CA6-92BF-4975A43AC719}
LifeFrame2-->MsiExec.exe /I{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 Language Pack SP1 - esn-->MsiExec.exe /I{92E4A65F-7007-3357-A69A-167F71A337BD}
Microsoft .NET Framework 3.5 Language Pack SP1 - PTG-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - ptg\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - ptg-->MsiExec.exe /I{7B1DBCBE-DF17-3B58-844C-F572F70EF5C4}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4D243BA7-9AC4-46D1-90E5-EEB88974F501}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0816-0000-0000000FF1CE} /uninstall {C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0816-0000-0000000FF1CE} /uninstall {C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0816-0000-0000000FF1CE} /uninstall {C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0816-0000-0000000FF1CE} /uninstall {C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0816-0000-0000000FF1CE} /uninstall {C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0816-0000-0000000FF1CE} /uninstall {C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0816-0000-0000000FF1CE} /uninstall {C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0816-0000-0000000FF1CE} /uninstall {A8523DA4-5563-4F0E-BD9D-4E4CC3CF7239}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0816-0000-0000000FF1CE} /uninstall {C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0816-0000-0000000FF1CE} /uninstall {C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}
Microsoft Office Access MUI (Portuguese (Portugal)) 2007-->MsiExec.exe /X{90120000-0015-0816-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Portuguese (Portugal)) 2007-->MsiExec.exe /X{90120000-0016-0816-0000-0000000FF1CE}
Microsoft Office Groove MUI (Portuguese (Portugal)) 2007-->MsiExec.exe /X{90120000-00BA-0816-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Portuguese (Portugal)) 2007-->MsiExec.exe /X{90120000-0044-0816-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Portuguese (Portugal)) 2007-->MsiExec.exe /X{90120000-00A1-0816-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Portuguese (Portugal)) 2007-->MsiExec.exe /X{90120000-001A-0816-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2007-->MsiExec.exe /X{90120000-0018-0816-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Portuguese (Portugal)) 2007-->MsiExec.exe /X{90120000-001F-0816-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (Portuguese (Portugal)) 2007-->MsiExec.exe /X{90120000-002C-0816-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0816-0000-0000000FF1CE} /uninstall {C312E1CD-EC19-4270-A072-F36F634DFF79}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (Portuguese (Portugal)) 2007-->MsiExec.exe /X{90120000-0019-0816-0000-0000000FF1CE}
Microsoft Office Shared MUI (Portuguese (Portugal)) 2007-->MsiExec.exe /X{90120000-006E-0816-0000-0000000FF1CE}
Microsoft Office Word MUI (Portuguese (Portugal)) 2007-->MsiExec.exe /X{90120000-001B-0816-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005-->"c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{56B4002F-671C-49F4-984C-C760FE3806B5}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Motorola SM56 Speakerphone Modem-->rundll32.exe sm56co6a.dll,SM56UnInstaller
Mozilla Firefox (3.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MV AntiSpy 4.0-->"C:\Program Files\Marcos Velasco Security\MV AntiSpy 4.0\unins000.exe"
MV RegClean 5.9 (Portugal)-->"C:\Program Files\Marcos Velasco Security\MV RegClean 5.9 (Portugal)\unins000.exe"
NB Probe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}\setup.exe" -l0x9
Need for Speed™ Undercover-->MsiExec.exe /X{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}
Nero 9-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M03-01A1-PCX7-K31A-8A94-98PT-KT2E-522A"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Norton Internet Security-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.5.0.127\InstStub.exe /X
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
P4P-->C:\Program Files\InstallShield Installation Information\{FC3D290D-79BE-44B7-ABF9-FDD110925930}\setup.exe -runfromtemp -l0x0009 -removeonly
Paquete de idioma de Microsoft .NET Framework 3.5 SP1 - esn-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - esn\setup.exe
Power4Gear eXtreme-->C:\Program Files\InstallShield Installation Information\{8CFEBE9C-F29F-4C49-80E0-7106970F8734}\setup.exe -runfromtemp -l0x0009 -removeonly
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
Real Alternative 1.9.0-->"C:\Program Files\Real Alternative\unins000.exe"
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
RemoveIT Pro v4 - SE-->C:\PROGRA~1\INCODE~1\REMOVE~1\UNWISE.EXE C:\PROGRA~1\INCODE~1\REMOVE~1\INSTALL.LOG
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\SETUP.EXE" -l0x9 anything
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
SetPoint-->C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe -runfromtemp -l0x0816 -removeonly
Smart Defrag-->"C:\Program Files\IObit\IObit SmartDefrag\unins000.exe"
SmartVoip-->"C:\Program Files\SmartVoip.com\SmartVoip\unins000.exe"
Sniper: Art of Victory-->"C:\Program Files\City Interactive\Sniper - Art of Victory\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Ultimate Extras sounds from Microsoft® Tinker™-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\UltSound2.inf,Uninstall
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Outlook 2007 Junk Email Filter (kb977839)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C568005C-5FC6-4C81-A664-BD136610A931}
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VistaFeaturePack-->C:\Program Files\InstallShield Installation Information\{D7E04009-B191-4E9D-9D2D-1BBE57BD8A42}\setup.exe -runfromtemp -l0x0409
Windows Live Call-->MsiExec.exe /I{418001D0-F48E-4910-966C-0DCCC996A87A}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{50CEA963-2745-46A8-BE71-767F2B36FEF2}
Windows Live Messenger-->MsiExec.exe /X{20B05668-C9F0-4469-AEF4-14DF41D6ACB6}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinFlash-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE10AB76-4756-4913-BE25-55D1C1051F9A}\setup.exe" -l0x9
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Wireless Console 2-->C:\Program Files\InstallShield Installation Information\{83F73CB1-7705-49D1-9852-84D839CA2A45}\SETUP.exe -runfromtemp -l0x0009 -removeonly

======Hosts File======

127.0.0.1 mynortonaccount.conxion.com
127.0.0.1 www.mynortonaccount.com

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: WifiLap
Event Code: 4383
Message: A Manutenção do Windows concluiu o processo de alteração da actualização 948609-1349_neutral_LDR do pacote KB948609 (Update) para o estado A Resolver(Resolving)
Record Number: 120761
Source Name: Microsoft-Windows-Servicing
Time Written: 20091103224644.000000-000
Event Type: Informações
User: WifiLap\Aires

Computer Name: WifiLap
Event Code: 4383
Message: A Manutenção do Windows concluiu o processo de alteração da actualização 948609-1348_neutral_GDR do pacote KB948609 (Update) para o estado A Resolver(Resolving)
Record Number: 120760
Source Name: Microsoft-Windows-Servicing
Time Written: 20091103224644.000000-000
Event Type: Informações
User: WifiLap\Aires

Computer Name: WifiLap
Event Code: 4383
Message: A Manutenção do Windows concluiu o processo de alteração da actualização 948609-1347_neutral_LDR do pacote KB948609 (Update) para o estado A Resolver(Resolving)
Record Number: 120759
Source Name: Microsoft-Windows-Servicing
Time Written: 20091103224644.000000-000
Event Type: Informações
User: WifiLap\Aires

Computer Name: WifiLap
Event Code: 4383
Message: A Manutenção do Windows concluiu o processo de alteração da actualização 948609-1346_neutral_GDR do pacote KB948609 (Update) para o estado A Resolver(Resolving)
Record Number: 120758
Source Name: Microsoft-Windows-Servicing
Time Written: 20091103224644.000000-000
Event Type: Informações
User: WifiLap\Aires

Computer Name: WifiLap
Event Code: 4383
Message: A Manutenção do Windows concluiu o processo de alteração da actualização 948609-1345_neutral_LDR do pacote KB948609 (Update) para o estado A Resolver(Resolving)
Record Number: 120757
Source Name: Microsoft-Windows-Servicing
Time Written: 20091103224644.000000-000
Event Type: Informações
User: WifiLap\Aires

=====Application event log=====

Computer Name: WifiLap
Event Code: 2
Message: O Cliente de Serviços de Certificados foi parado.
Record Number: 419
Source Name: Microsoft-Windows-CertificateServicesClient
Time Written: 20090620050735.402800-000
Event Type: Informações
User: NT AUTHORITY\Sistema

Computer Name: WifiLap
Event Code: 2
Message: O Cliente de Serviços de Certificados foi parado.
Record Number: 418
Source Name: Microsoft-Windows-CertificateServicesClient
Time Written: 20090620050735.387200-000
Event Type: Informações
User: WifiLap\Administrador

Computer Name: LH-AILFEU51KNEA
Event Code: 36
Message:
Record Number: 417
Source Name: ccSvcHst
Time Written: 20090620050735.000000-000
Event Type: Informações
User: NT AUTHORITY\Sistema

Computer Name: LH-AILFEU51KNEA
Event Code: 36
Message:
Record Number: 416
Source Name: ccSvcHst
Time Written: 20090620050735.000000-000
Event Type: Informações
User: NT AUTHORITY\Sistema

Computer Name: LH-AILFEU51KNEA
Event Code: 1013
Message: O Serviço Windows Search parou normalmente.

Record Number: 415
Source Name: Microsoft-Windows-Search
Time Written: 20090620050658.000000-000
Event Type: Informações
User:

=====Security event log=====

Computer Name: WifiLap
Event Code: 4624
Message: Uma conta iniciou sessão com êxito.

Assunto:
ID de Segurança: S-1-5-18
Nome da Conta: WIFILAP$
Domínio da Conta: WORKGROUP
ID de Início de Sessão: 0x3e7

Tipo de Início de Sessão: 5

Novo Início de Sessão:
ID de Segurança: S-1-5-17
Nome da Conta: IUSR
Domínio da Conta: NT AUTHORITY
ID de Início de Sessão: 0x3e3
GUID de Início de Sessão: {00000000-0000-0000-0000-000000000000}

Informações do Processo:
ID do Processo: 0x99c
Nome do Processo: C:\Windows\System32\svchost.exe

Informações de Rede:
Nome da Estação de Trabalho:
Endereço de Rede de Origem: -
Porta de Origem: -

Informações de Autenticação Detalhadas:
Processo de Início de Sessão: Advapi
Pacote de Autenticação: Negotiate
Serviços Transitados: -
Nome do Pacote (apenas NTLM): -
Comprimento da Chave: 0

Este evento é gerado quando é criada uma sessão de início de sessão, sendo gerado no computador que foi acedido.

Os campos de assunto indicam a conta do sistema local que pediu o início de sessão. Normalmente, trata-se de um serviço, tal como o serviço de Servidor, ou de um processo local, tal como Winlogon.exe ou Services.exe.

O campo de tipo de início de sessão indica o tipo de início de sessão ocorrido. Os tipos mais comuns são 2 (interactivo) e 3 (rede).

Os campos Novos Início de Sessão indicam a conta para a qual o novo início de sessão foi criado, ou seja, a conta que iniciou sessão.

Os campos de rede indicam a origem de um pedido de início de sessão. O nome da estação de trabalho pode nem sempre estar disponível, podendo ser deixado em branco em alguns casos.

Os campos de informações de autenticação fornecem informações detalhadas sobre este pedido de início de sessão específico.
- GUID de Início de Sessão é um identificador exclusivo que pode ser utilizado para correlacionar este evento com um evento KDC.
- Serviços transitados indica os serviços intermediários que participaram neste pedido de início de sessão.
- Nome do pacote indica o subprotocolo utilizado entre os protocolos NTLM.
- Comprimento da chave indica o comprimento da chave de sessão gerada. Este comprimento será 0 se não tiver sido pedida nenhuma chave de sessão.
Record Number: 34439
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091205035608.037536-000
Event Type: Êxito de Auditoria
User:

Computer Name: WifiLap
Event Code: 4672
Message: Foram atribuídos privilégios especiais a um novo início de sessão.

Assunto:
ID de Segurança: S-1-5-18
Nome da Conta: Sistema
Domínio da Conta: NT AUTHORITY
ID de Início de Sessão: 0x3e7

Privilégios: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 34438
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091205035607.881536-000
Event Type: Êxito de Auditoria
User:

Computer Name: WifiLap
Event Code: 4624
Message: Uma conta iniciou sessão com êxito.

Assunto:
ID de Segurança: S-1-5-18
Nome da Conta: WIFILAP$
Domínio da Conta: WORKGROUP
ID de Início de Sessão: 0x3e7

Tipo de Início de Sessão: 5

Novo Início de Sessão:
ID de Segurança: S-1-5-18
Nome da Conta: Sistema
Domínio da Conta: NT AUTHORITY
ID de Início de Sessão: 0x3e7
GUID de Início de Sessão: {00000000-0000-0000-0000-000000000000}

Informações do Processo:
ID do Processo: 0x390
Nome do Processo: C:\Windows\System32\services.exe

Informações de Rede:
Nome da Estação de Trabalho:
Endereço de Rede de Origem: -
Porta de Origem: -

Informações de Autenticação Detalhadas:
Processo de Início de Sessão: Advapi
Pacote de Autenticação: Negotiate
Serviços Transitados: -
Nome do Pacote (apenas NTLM): -
Comprimento da Chave: 0

Este evento é gerado quando é criada uma sessão de início de sessão, sendo gerado no computador que foi acedido.

Os campos de assunto indicam a conta do sistema local que pediu o início de sessão. Normalmente, trata-se de um serviço, tal como o serviço de Servidor, ou de um processo local, tal como Winlogon.exe ou Services.exe.

O campo de tipo de início de sessão indica o tipo de início de sessão ocorrido. Os tipos mais comuns são 2 (interactivo) e 3 (rede).

Os campos Novos Início de Sessão indicam a conta para a qual o novo início de sessão foi criado, ou seja, a conta que iniciou sessão.

Os campos de rede indicam a origem de um pedido de início de sessão. O nome da estação de trabalho pode nem sempre estar disponível, podendo ser deixado em branco em alguns casos.

Os campos de informações de autenticação fornecem informações detalhadas sobre este pedido de início de sessão específico.
- GUID de Início de Sessão é um identificador exclusivo que pode ser utilizado para correlacionar este evento com um evento KDC.
- Serviços transitados indica os serviços intermediários que participaram neste pedido de início de sessão.
- Nome do pacote indica o subprotocolo utilizado entre os protocolos NTLM.
- Comprimento da chave indica o comprimento da chave de sessão gerada. Este comprimento será 0 se não tiver sido pedida nenhuma chave de sessão.
Record Number: 34437
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091205035607.881536-000
Event Type: Êxito de Auditoria
User:

Computer Name: WifiLap
Event Code: 4648
Message: Foi tentado um início de sessão utilizando credenciais explícitas.

Assunto:
ID de Segurança: S-1-5-18
Nome da Conta: WIFILAP$
Domínio da Conta: WORKGROUP
ID de Início de Sessão: 0x3e7
GUID de Início de Sessão: {00000000-0000-0000-0000-000000000000}

Conta Cujas Credenciais Foram Utilizadas:
Nome da Conta: Sistema
Domínio da Conta: NT AUTHORITY
GUID de Início de Sessão: {00000000-0000-0000-0000-000000000000}

Servidor de Destino:
Nome do Servidor de Destino: localhost
Informações Adicionais: localhost

Informações do Processo:
ID do Processo: 0x390
Nome do Processo: C:\Windows\System32\services.exe

Informações de Rede:
Endereço de Rede: -
Porta: -

Este evento é gerado quando um processo tenta iniciar sessão numa conta especificando explicitamente as credenciais dessa conta. Isto ocorre mais frequentemente em configurações do tipo lote, tais como tarefas agendadas, ou durante a utilização do comando RUNAS.
Record Number: 34436
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091205035607.881536-000
Event Type: Êxito de Auditoria
User:

Computer Name: WifiLap
Event Code: 4672
Message: Foram atribuídos privilégios especiais a um novo início de sessão.

Assunto:
ID de Segurança: S-1-5-18
Nome da Conta: Sistema
Domínio da Conta: NT AUTHORITY
ID de Início de Sessão: 0x3e7

Privilégios: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 34435
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091205035607.850336-000
Event Type: Êxito de Auditoria
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\DivX Shared\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=2
"configsetroot"=%SystemRoot%\ConfigSetRoot

-----------------EOF-----------------


I´ll run the other program now..

Thanks
aires365
Regular Member
 
Posts: 21
Joined: February 13th, 2010, 6:55 pm

Re: Please i need help with SYS32.ACOVCNT !!!

Unread postby aires365 » February 28th, 2010, 7:47 am

Hi

I have a question..

in GMER Rootkit Scanner, in the image you just select drive c:\ but i have 2 hard drives C:\ and D:\ should i select just C:\ ??


thank you
Aires
aires365
Regular Member
 
Posts: 21
Joined: February 13th, 2010, 6:55 pm

Re: Please i need help with SYS32.ACOVCNT !!!

Unread postby Katana » February 28th, 2010, 12:33 pm

Katana wrote:
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)


I need you to Uncheck everything other than your main drive.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Please i need help with SYS32.ACOVCNT !!!

Unread postby aires365 » March 1st, 2010, 9:42 am

Hi..

Here is the log from GMER:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-01 14:41:36
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Aires\AppData\Local\Temp\uwldqpod.sys


---- System - GMER 1.0.15 ----

SSDT 87F94B30 ZwAlertResumeThread
SSDT 87FFE7D8 ZwAlertThread
SSDT A4E97D20 ZwAllocateVirtualMemory
SSDT 9657B648 ZwAlpcConnectPort
SSDT 8DA52B40 ZwAssignProcessToJobObject
SSDT 99959410 ZwCreateMutant
SSDT 9649E668 ZwCreateSymbolicLinkObject
SSDT 9A1DEBF0 ZwCreateThread
SSDT 9093D080 ZwDebugActiveProcess
SSDT A4E97F38 ZwDuplicateObject
SSDT 9A4445C8 ZwFreeVirtualMemory
SSDT 908A9210 ZwImpersonateAnonymousToken
SSDT 8DA16270 ZwImpersonateThread
SSDT 9658D290 ZwLoadDriver
SSDT 9A444428 ZwMapViewOfSection
SSDT 87FED050 ZwOpenEvent
SSDT 99839BF0 ZwOpenProcess
SSDT 871F7E50 ZwOpenProcessToken
SSDT 8DA4F178 ZwOpenSection
SSDT 99839AE0 ZwOpenThread
SSDT 974528A8 ZwProtectVirtualMemory
SSDT 87FA11F0 ZwResumeThread
SSDT 87DE91A8 ZwSetContextThread
SSDT 9746B490 ZwSetInformationProcess
SSDT 90938990 ZwSetSystemInformation
SSDT 908A6248 ZwSuspendProcess
SSDT 8DA226B8 ZwSuspendThread
SSDT 96434DE0 ZwTerminateProcess
SSDT 96588770 ZwTerminateThread
SSDT 8730C4F0 ZwUnmapViewOfSection
SSDT 9A444958 ZwWriteVirtualMemory
SSDT 909EB8C8 ZwCreateThreadEx

INT 0x51 ? 8468FBF8
INT 0x62 ? 87FD6F00
INT 0x71 ? 90941550
INT 0x72 ? 87FD6F00
INT 0x81 ? 909417D0
INT 0x92 ? 8468EBF8
INT 0x92 ? 87FD6F00
INT 0x92 ? 8468EBF8
INT 0xA2 ? 85024BF8
INT 0xA3 ? 87FD6F00
INT 0xB2 ? 85025BF8

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 850291F8
Device \FileSystem\fastfat \FatCdrom 9D7AE1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{0A9C6FD7-31C6-43E1-8932-F776D22FFDB9} 965191F8

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\volmgr \Device\VolMgrControl 846911F8
Device \Driver\usbuhci \Device\USBPDO-0 87FC5500
Device \Driver\usbuhci \Device\USBPDO-1 87FC5500
Device \Driver\usbehci \Device\USBPDO-2 8DA07500
Device \Driver\usbuhci \Device\USBPDO-3 87FC5500
Device \Driver\usbuhci \Device\USBPDO-4 87FC5500

AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbuhci \Device\USBPDO-5 87FC5500
Device \Driver\usbehci \Device\USBPDO-6 8DA07500
Device \Driver\volmgr \Device\HarddiskVolume1 846911F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\PCI_PNP3549 \Device\00000058 sprq.sys
Device \Driver\cdrom \Device\CdRom0 87FF9320
Device \Driver\volmgr \Device\HarddiskVolume2 846911F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume3 846911F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom1 87FF9320
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 850261F8
Device \Driver\iaStor \Device\Ide\iaStor0 [82903D80] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaNvStor \Device\Ide\IAACache0 850241F8
Device \Driver\atapi \Device\Ide\IdePort0 850261F8
Device \Driver\iaNvStor \Device\Ide\RobsonImd-0 850241F8
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [82903D80] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\volmgr \Device\HarddiskVolume4 846911F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\netbt \Device\NetBt_Wins_Export 965191F8
Device \Driver\sptd \Device\3630901562 sprq.sys
Device \Driver\Smb \Device\NetbiosSmb 964BB1F8
Device \Driver\iScsiPrt \Device\RaidPort0 877E8320

AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbuhci \Device\USBFDO-0 87FC5500
Device \Driver\usbuhci \Device\USBFDO-1 87FC5500
Device \Driver\usbehci \Device\USBFDO-2 8DA07500
Device \Driver\usbuhci \Device\USBFDO-3 87FC5500
Device \Driver\usbuhci \Device\USBFDO-4 87FC5500
Device \Driver\usbuhci \Device\USBFDO-5 87FC5500
Device \Driver\usbehci \Device\USBFDO-6 8DA07500
Device \Driver\afo2bc1v \Device\Scsi\afo2bc1v1Port4Path0Target0Lun0 8DA331F8
Device \Driver\JRAID \Device\Scsi\JRAID1 850281F8
Device \Driver\afo2bc1v \Device\Scsi\afo2bc1v1 8DA331F8
Device \Driver\netbt \Device\NetBT_Tcpip_{BA8DE336-243E-4739-BD4A-9C99649A1511} 965191F8
Device \FileSystem\fastfat \Fat 9D7AE1F8

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Gestor de Filtros de Sistema de Ficheiros da Microsoft/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)

Device \FileSystem\cdfs \Cdfs 9A0EC1F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001d6068b65b
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB7 0xCA 0xF2 0x89 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2D 0x36 0x1B 0x46 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x34 0x75 0x39 0x61 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001d6068b65b (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB7 0xCA 0xF2 0x89 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2D 0x36 0x1B 0x46 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x34 0x75 0x39 0x61 ...

---- Files - GMER 1.0.15 ----

File C:\ADSM_PData_0150 0 bytes
File C:\ADSM_PData_0150\DB 0 bytes
File C:\ADSM_PData_0150\DB\SI.db 624 bytes
File C:\ADSM_PData_0150\DB\UL.db 16 bytes
File C:\ADSM_PData_0150\DB\VL.db 16 bytes
File C:\ADSM_PData_0150\DB\_avt 512 bytes
File C:\ADSM_PData_0150\DragWait.exe 253952 bytes executable
File C:\ADSM_PData_0150\_avt 512 bytes
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86 0 bytes
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\AsDsm.sys 29752 bytes executable
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\_avt 512 bytes

---- EOF - GMER 1.0.15 ----
aires365
Regular Member
 
Posts: 21
Joined: February 13th, 2010, 6:55 pm

Re: Please i need help with SYS32.ACOVCNT !!!

Unread postby Katana » March 1st, 2010, 11:15 am

Information

REMOVE P2P PROGRAMS

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

ABC
P4P


Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected.
The bad guys use P2P filesharing as a major conduit to spread their wares.

Go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red) NOW.

----------------------------------------------------------------------------------------

Please ensure that any USB/Flash/External drives are connected whilst we are cleaning your machine.

Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC, e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras, memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.

----------------------------------------------------------------------------------------
Step 1

Malwarebytes' Anti-Malware
I notice that you have MBAM installed, please do the following

  • Start MalwareBytes AntiMalware
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update
  • When the update is complete, select the Scanner tab
  • Select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

----------------------------------------------------------------------------------------
Step 2


Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

  • You must download it to and run it from your Desktop
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply
  • Re-enable all the programs that were disabled during the running of ComboFix..


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

For instructions on how to disable your security programs, please see this topic
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs



----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.
  • MalwareBytes Log
  • Combofix Log
  • How are things running now ?

---------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------
Additional Notes



Your Adobe Acrobat Reader is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Adobe Reader is a large program and uses unnecessary space.
If you prefer a smaller program you can get Foxit 3.0 from http://www.foxitsoftware.com/pdf/rd_intro.php << Recommended

There is a newer version of Adobe Acrobat Reader available.
  • Please go to this link Adobe Acrobat Reader Download Link
  • Click Download
  • On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
  • Click the Continue button
  • Click Run, and click Run again
  • Next click the Install Now button and follow the on screen prompts
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Please i need help with SYS32.ACOVCNT !!!

Unread postby aires365 » March 1st, 2010, 12:28 pm

Hi..

im dont understand this:

"Please ensure that any USB/Flash/External drives are connected whilst we are cleaning your machine."

You want me to plug or unplug any usb device?

i dont have nothing connected at this time..



thanks for helping me
Aires.
aires365
Regular Member
 
Posts: 21
Joined: February 13th, 2010, 6:55 pm

Re: Please i need help with SYS32.ACOVCNT !!!

Unread postby Katana » March 1st, 2010, 1:49 pm

Your log shows evidence of an infection that can transfer itself via a USB connection.
If you have any USB/Flash/External drives, then you need to plug them into your machine while we clean it and them at the same time.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Please i need help with SYS32.ACOVCNT !!!

Unread postby aires365 » March 1st, 2010, 3:09 pm

Hi..

i dont have drives.. i just have a Pen.. but i already scan it with Norton and MBAM and its "clean"


here is the log from MBAM full scan:

Malwarebytes' Anti-Malware 1.44
Versão do banco de dados: 3809
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

01-03-2010 19:37:10
mbam-log-2010-03-01 (19-37-10).txt

Tipo de Verificação: Completa (C:\|)
Objetos verificados: 283377
Tempo decorrido: 1 hour(s), 58 minute(s), 33 second(s)

Processos da Memória infectados: 0
Módulos de Memória Infectados: 0
Chaves do Registo infectadas: 0
Valores do Registo infectados: 0
Ítens do Registo infectados: 0
Pastas infectadas: 0
Ficheiros infectados: 0

Processos da Memória infectados:
(Nenhum item malicioso foi detectado)

Módulos de Memória Infectados:
(Nenhum item malicioso foi detectado)

Chaves do Registo infectadas:
(Nenhum item malicioso foi detectado)

Valores do Registo infectados:
(Nenhum item malicioso foi detectado)

Ítens do Registo infectados:
(Nenhum item malicioso foi detectado)

Pastas infectadas:
(Nenhum item malicioso foi detectado)

Ficheiros infectados:
(Nenhum item malicioso foi detectado)
aires365
Regular Member
 
Posts: 21
Joined: February 13th, 2010, 6:55 pm

Re: Please i need help with SYS32.ACOVCNT !!!

Unread postby Katana » March 1st, 2010, 3:12 pm

i just have a Pen.. but i already scan it with Norton and MBAM and its "clean"

I still need you to have it plugged in during the cleaning process.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Please i need help with SYS32.ACOVCNT !!!

Unread postby aires365 » March 1st, 2010, 4:27 pm

Hi..

i have unistalled the P2P programs..


and run Combofix but i dont know where he has saved the log.. it didnt ask me..

just reboot 2 times.. and thats it..


regards,
Aires
aires365
Regular Member
 
Posts: 21
Joined: February 13th, 2010, 6:55 pm

Re: Please i need help with SYS32.ACOVCNT !!!

Unread postby Katana » March 1st, 2010, 5:22 pm

Please have a look for C:\Combofix.txt
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Please i need help with SYS32.ACOVCNT !!!

Unread postby aires365 » March 1st, 2010, 5:28 pm

Katana wrote:Please have a look for C:\Combofix.txt



No.. in C:\ there´s a combo file but its like a "my computer" file.. it opens the "my computer" window !

:(
aires365
Regular Member
 
Posts: 21
Joined: February 13th, 2010, 6:55 pm
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 130 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware