Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Double accent

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Double accent

Unread postby artolassss » April 11th, 2011, 5:26 pm

Hi,

I'm having a keyboard problem, when i type an accent it appears in duplicate, like this ´´.

Below DDS.txt and Attach.txt :


.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Paula Andrade at 22:11:32,03 on 11-04-2011
Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_24
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.351.2070.18.2038.802 [GMT 1:00]
.
AV: Kaspersky Anti-Virus *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Anti-Virus *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\system32\lxbkcoms.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PrintCtrl.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\PrintDisp.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtblfs.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Paula Andrade\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.pt
uDefault_Page_URL = hxxp://www.google.pt
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [{79C2D018-E41C-D1D4-CA38-974B6EF47836}] "c:\users\paula andrade\ziexi\wayn.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [TOSCDSPD] TOSCDSPD.EXE
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/5.0_(Windows;_U;_Windows_NT_6.0;_pt-PT;_rv:1.9.2.13)_Gecko/20101203_Firefox/3.6.13_(_.NET_CLR_3.5.30729;_.NET4.0C)" -"http://www.miniclip.com/games/free-running/pt/content_iframe.php"
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10n_Plugin.exe -update plugin
mRun: [<NO NAME>]
mRun: [NPSStartup]
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [PrintDisp] c:\windows\system32\PrintDisp.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe
mRun: [Skytel] Skytel.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Toshiba Registration] c:\program files\toshiba\registration\ToshibaRegistration.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe"
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [topi] c:\program files\toshiba\toshiba online product information\topi.exe -startup
mRun: [NDSTray.exe] NDSTray.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [HWSetup] \HWSetup.exe hwSetUP
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2011\avp.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\paulaa~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\inicia~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {76577871-04EC-495E-A12B-91F7C3600AFA} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url2.pl?PT
IE: {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/red ... &site=home
IE: {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?PT
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skyline - {3a4f9195-65a8-11d5-85c1-0001023952c1} - c:\program files\skyline\terraexplorer\TerraExplorerX.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\paulaa~1\appdata\roaming\mozilla\firefox\profiles\h10dh0wc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pt/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\paula andrade\appdata\roaming\mozilla\firefox\profiles\h10dh0wc.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Corretor para Português Europeu: pt-PT@dictionaries.addons.mozilla.org - %profile%\extensions\pt-PT@dictionaries.addons.mozilla.org
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2010-4-22 22104]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky anti-virus 2011\avp.exe [2010-11-2 365336]
R2 FontCache;Serviço de Cache de Tipos de Letra do Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-1-21 21504]
R2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe -service --> c:\windows\system32\lxbkcoms.exe -service [?]
R2 Printer Control;Printer Control;c:\windows\system32\PrintCtrl.exe [2010-7-18 77824]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19984]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c99eae410bc3f0;Serviço Google Update (gupdate1c99eae410bc3f0);c:\program files\google\update\GoogleUpdate.exe [2009-3-6 133104]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-23 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 OXSDIDRV_x32;Oxford Semi eSATA Filter (x32);c:\windows\system32\drivers\OXSDIDRV_x32.sys [2009-9-28 52656]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 CplIR;Embedded IR Driver;c:\windows\system32\drivers\CplIR.sys [2007-3-6 14848]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-04-10 23:36:20 -------- d-----w- C:\VundoFix Backups
2011-04-10 21:20:36 -------- d-----w- c:\users\paulaa~1\appdata\roaming\SUPERAntiSpyware.com
2011-04-10 21:20:22 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-09 15:01:55 -------- d-----w- C:\!KillBox
2011-04-09 12:16:12 150200 ----a-w- c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
2011-04-09 12:15:54 97859 ----a-w- c:\windows\system32\drivers\klick.dat
2011-04-09 12:15:54 115267 ----a-w- c:\windows\system32\drivers\klin.dat
2011-04-09 12:13:24 -------- d-----w- c:\program files\Kaspersky Lab
2011-04-09 12:13:22 -------- d-----w- c:\progra~2\Kaspersky Lab
2011-04-09 11:54:51 -------- d-----w- c:\users\paulaa~1\appdata\roaming\Malwarebytes
2011-04-09 11:54:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-09 11:54:34 -------- d-----w- c:\progra~2\Malwarebytes
2011-04-09 11:54:30 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-09 11:54:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-09 01:17:21 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2011-04-09 01:15:47 -------- d-----w- c:\program files\CCleaner
2011-04-09 01:07:58 -------- d-----w- c:\users\paulaa~1\appdata\roaming\Reviversoft
2011-04-09 01:07:42 16704 ----a-w- c:\windows\system32\roboot.exe
2011-04-09 01:07:42 -------- d-----w- c:\program files\Reviversoft
2011-04-08 13:39:21 6792528 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{c5ce1261-e9df-452b-9d19-719423a54885}\mpengine.dll
2011-04-08 10:56:36 -------- d-----w- c:\windows\pss
2011-03-23 19:31:31 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-03-23 19:31:31 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-23 19:31:31 1068544 ----a-w- c:\windows\system32\DWrite.dll
.
==================== Find3M ====================
.
2011-02-02 20:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 18:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
.
============= FINISH: 22:13:19,08 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 29-04-2008 19:21:17
System Uptime: 11-04-2011 22:02:58 (0 hours ago)
.
Motherboard: TOSHIBA | | ISKAA
Processor: Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz | U2E1 | 2201/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 93 GiB total, 27,532 GiB free.
E: is FIXED (NTFS) - 92 GiB total, 74,438 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Actualização do Microsoft Office Excel 2007 Help (KB963678)
Actualização do Microsoft Office Powerpoint 2007 Help (KB963669)
Actualização do Microsoft Office Word 2007 Help (KB963665)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.3 - Português
Adobe Shockwave Player 11.5
ALPS Touch Pad Driver
Apple Application Support
Apple Software Update
ArcSoft Panorama Maker 5
µTorrent
Bluetooth Stack for Windows by Toshiba
BufferChm
C4600
Camera Assistant Software for Toshiba
CCleaner
Complemento Messenger
Compressor WinRAR
Controlo ActiveX do Windows Live Mesh para Ligações Remotas
D3DX10
Desktop SMS
Destinations
DeviceDiscovery
DVD MovieFactory for TOSHIBA
Emdedded IR Driver
File Uploader
Free Videos To DVD V 3.2.0
Galeria de Fotografias do Windows Live
Google Earth
Google SketchUp 7
Google Update Helper
GPBaseService2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 13.0
HP Imaging Device Functions 13.0
HP Photosmart C4600 All-In-One Driver Software 13.0 Rel .5
HP Print Projects 1.0
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
HPPhotoGadget
hpPrintProjects
HPProductAssistant
HPSSupply
hpWLPGInstaller
Infix 4.04
Intel Matrix Storage Manager
Intel(R) Graphics Media Accelerator Driver
Iomega Encryption
IRS - Modelo 3 v2.0.8
Java Auto Updater
Java(TM) 6 Update 24
Junk Mail filter update
Kaspersky Anti-Virus 2011
Lexmark X1100 Series
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Malwarebytes' Anti-Malware
MarketResearch
Mesh Runtime
Microsoft .NET Framework 3.5 Language Pack SP1 - PTG
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile PTG Language Pack
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (Portuguese (Portugal)) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Portuguese (Portugal)) 2007
Microsoft Office Groove MUI (Portuguese (Portugal)) 2007
Microsoft Office InfoPath MUI (Portuguese (Portugal)) 2007
Microsoft Office OneNote MUI (Portuguese (Portugal)) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (Portuguese (Portugal)) 2007
Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Portuguese (Portugal)) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (Portuguese (Portugal)) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (Portuguese (Portugal)) 2007
Microsoft Office Shared MUI (Portuguese (Portugal)) 2007
Microsoft Office Word MUI (Portuguese (Portugal)) 2007
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft XML Parser
Mozilla Firefox (3.6.16)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
neroxml
Nikon Message Center
Nikon RAW Codec
Nikon Transfer
Picasa 3
Picture Control Utility
PS_AIO_05_C4600_Software_Min
QuickTime
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
RemoteComms External Disk Access
Revo Uninstaller 1.91
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Segoe UI
Shop for HP Supplies
Silenciador Acúst. Unid. CD/DVD
Skype Toolbars
Skype™ 5.0
SmartWebPrinting
SolutionCenter
Sony Ericsson Device Data
Sony Ericsson Drivers
Sony Ericsson PC Suite
Status
SUPERAntiSpyware
Talk Now
TerraExplorer
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Toolbox
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
Toshiba Online Product Information
TOSHIBA Palavra-passe do supervisor
TOSHIBA SD Memory Utilities
TOSHIBA Software Modem
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TrayApp
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Outlook 2007 Junk Email Filter (KB2508979)
Utility Common Driver
ViewNX
Vista Codec Package
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
.
==== End Of File ===========================
artolassss
Regular Member
 
Posts: 16
Joined: April 9th, 2011, 12:11 pm
Advertisement
Register to Remove

Re: Double accent

Unread postby askey127 » April 13th, 2011, 1:24 pm

Looking at your logs.
be right back.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Double accent

Unread postby askey127 » April 13th, 2011, 1:30 pm

Hi artolassss,
That keyboard thing could be a defect in the switch under that key, or a software problem.
-----------------------------------------------
Please Note Our Policy on the Use of P2P (Person to Person / Peer to Peer) file sharing programs
It is posted here: http://malwareremoval.com/forum/viewtopic.php?p=491394#p491394
As a condition of receiving our help, I have included the P2P program µTorrent in the removal instructions below, so we are not wasting our time.
If you have used this, and your computer is infected, you can be fairly confident this is a principal reason.

It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like utorrent, Bittorrent, Azureus, Frostwire, Vuze, Shareaza, Bitlord.
(Limewire has just been shut down by the courts).
Criminals have "planted" thousands upon thousands of infections in the "free" shared files.
Virtually all of these recent infections will compromise your Security, and some can turn your machine into a useless "doorstop".
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:
Adobe Reader 9.4.3 - Português
µTorrent
MarketResearch

Take extra care in answering questions posed by any Uninstaller.
--------------------------------------------------------
Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 10.0 are vulnerable.
Go HERE and download the latest version of Adobe Acrobat Reader in your language of choice.
Save this file to your desktop and run it to install the latest version of Adobe Reader.

After the new Reader is installed, Open Adobe Reader X. (Right click and Run as administrator in Vista/Win7)
OK the license.
Click on Edit and select Preferences.
On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
Click on the Security (Enhanced) category and Uncheck Automatically trust sites from my Win OS security zones.
Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
Click the OK button
---------------------------------------------
Run a Scan with OTL
  1. Please download OTL.exe by OldTimer and save it to your desktop.
  2. Right click on OTL.exe and select Run As Administrator to run it. If Windows UAC prompts you, please allow it.
    If you have a 64-bit version of Windows, check the box at the top, labeled Include 64 bit scans
  3. Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
  4. Click on the Run Scan button at the top left hand corner.
  5. OTL will start running. When done, 2 Notepad files will open; OTL.txt and Extras.txt.
    They will be saved on your desktop.
Please post the contents of these files.
You may use separate replies if you wish.
If any of the files are too large to post, you can split the oversize one(s) into multiple replies

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Double accent

Unread postby artolassss » April 14th, 2011, 3:06 pm

Hi askey127,

thanks for your reply.

I can't found the follow program:MarketResearch so I can't remove it.

In the follow replies I will post OTL.txt and Extras.txt.

Thanks in advance
artolassss
Regular Member
 
Posts: 16
Joined: April 9th, 2011, 12:11 pm

Re: Double accent

Unread postby artolassss » April 14th, 2011, 3:07 pm

OTL logfile created on: 13-04-2011 20:41:29 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Paula Andrade\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000816 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 46,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 93,16 Gb Total Space | 27,27 Gb Free Space | 29,27% Space Free | Partition Type: NTFS
Drive E: | 91,69 Gb Total Space | 74,44 Gb Free Space | 81,19% Space Free | Partition Type: NTFS

Computer Name: PAULAANDRADE-PC | User Name: Paula Andrade | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-04-13 20:09:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Paula Andrade\Desktop\OTL.exe
PRC - [2011-03-24 19:26:07 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programas\Mozilla Firefox\firefox.exe
PRC - [2011-03-16 23:24:21 | 002,423,752 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010-11-02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
PRC - [2010-10-27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Programas\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010-10-05 20:26:46 | 000,129,720 | ---- | M] (Kaspersky Lab ZAO) -- C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtblfs.exe
PRC - [2010-09-21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programas\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010-09-21 14:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programas\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010-08-25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Programas\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010-03-18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programas\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009-08-21 11:36:46 | 000,878,080 | ---- | M] (ActMask Co.,Ltd - http://www.all2pdf.com) -- C:\Windows\System32\PrintDisp.exe
PRC - [2009-06-16 07:38:34 | 000,077,824 | ---- | M] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) -- C:\Windows\System32\PrintCtrl.exe
PRC - [2009-04-11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programas\Windows Sidebar\sidebar.exe
PRC - [2009-04-11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009-02-26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Programas\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2009-02-24 17:00:26 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Programas\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2008-10-25 11:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008-02-19 10:12:18 | 000,537,256 | ---- | M] ( ) -- C:\Windows\System32\lxbkcoms.exe
PRC - [2008-01-29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Programas\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007-09-19 11:01:12 | 000,077,824 | ---- | M] (TOSHIBA Corporation) -- C:\Programas\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2007-09-12 18:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Programas\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007-09-03 11:39:22 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007-07-20 20:45:16 | 001,372,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programas\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2007-07-11 15:57:42 | 000,880,640 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Programas\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
PRC - [2007-07-10 09:24:10 | 000,581,632 | ---- | M] (TOSHIBA) -- C:\Programas\TOSHIBA\Toshiba Online Product Information\TOPI.exe
PRC - [2007-06-19 15:28:32 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programas\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2007-06-13 08:16:02 | 000,528,384 | R--- | M] () -- C:\Programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
PRC - [2007-05-17 16:03:24 | 004,813,312 | ---- | M] () -- C:\Programas\Camera Assistant Software for Toshiba\CEC_MAIN.exe
PRC - [2007-04-10 16:40:28 | 000,413,696 | ---- | M] (Chicony) -- C:\Programas\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2007-03-29 10:39:00 | 000,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Programas\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2007-03-16 03:23:20 | 000,983,040 | R--- | M] (Teleca AB) -- C:\Programas\Common Files\Teleca Shared\Generic.exe
PRC - [2007-02-12 13:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Programas\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007-02-12 13:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Programas\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006-11-14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programas\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2006-11-13 13:43:14 | 000,413,696 | ---- | M] (TOSHIBA) -- C:\Programas\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2006-11-06 17:14:44 | 000,034,352 | ---- | M] () -- C:\Programas\TOSHIBA\Utilities\KeNotify.exe
PRC - [2006-10-05 05:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006-08-23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programas\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006-05-25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe


========== Modules (SafeList) ==========

MOD - [2011-04-13 20:09:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Paula Andrade\Desktop\OTL.exe
MOD - [2010-08-31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010-11-02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe -- (AVP)
SRV - [2010-03-18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programas\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009-06-16 07:38:34 | 000,077,824 | ---- | M] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) [Auto | Running] -- C:\Windows\System32\PrintCtrl.exe -- (Printer Control)
SRV - [2008-02-19 10:12:18 | 000,537,256 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxbkcoms.exe -- (lxbk_device)
SRV - [2008-01-29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008-01-19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programas\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007-09-19 11:01:12 | 000,077,824 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programas\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007-09-12 18:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programas\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007-09-12 18:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007-03-29 10:39:00 | 000,427,576 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007-02-12 13:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programas\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2006-11-14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programas\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006-10-05 05:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006-08-23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programas\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006-05-25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)


========== Driver Services (SafeList) ==========

DRV - [2011-04-09 13:12:56 | 000,488,536 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2011-03-26 17:37:28 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010-06-09 16:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2010-06-09 16:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\kl1.sys -- (KL1)
DRV - [2010-05-10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programas\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010-04-22 18:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2010-02-17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programas\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009-11-02 19:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009-09-28 10:55:38 | 000,052,656 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OXSDIDRV_x32.sys -- (OXSDIDRV_x32) Oxford Semi eSATA Filter (x32)
DRV - [2007-09-26 13:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Controlador do Adaptador da ligação WiFi sem fios Intel(R)
DRV - [2007-07-26 16:18:04 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2007-04-30 06:42:14 | 000,081,408 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007-04-16 13:02:36 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007-04-16 10:19:10 | 000,011,776 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007-03-06 15:01:04 | 000,014,848 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\DRIVERS\CplIR.SYS -- (CplIR)
DRV - [2007-01-24 13:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2007-01-18 15:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2007-01-18 15:40:56 | 000,219,392 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006-11-28 08:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006-11-02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006-11-02 08:30:52 | 000,467,456 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2006-10-23 16:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006-10-18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006-10-05 22:22:14 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2006-08-30 09:35:58 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006-07-28 16:25:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)
DRV - [2005-03-11 16:17:46 | 000,079,488 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750obex.sys -- (k750obex)
DRV - [2005-03-11 16:17:44 | 000,081,728 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mgmt.sys -- (k750mgmt)
DRV - [2005-03-11 16:17:40 | 000,089,872 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mdm.sys -- (k750mdm)
DRV - [2005-03-11 16:17:38 | 000,006,576 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mdfl.sys -- (k750mdfl)
DRV - [2005-03-11 16:17:34 | 000,055,216 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-471489040-2664526950-1667590331-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.pt
IE - HKU\S-1-5-21-471489040-2664526950-1667590331-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-471489040-2664526950-1667590331-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt
IE - HKU\S-1-5-21-471489040-2664526950-1667590331-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-471489040-2664526950-1667590331-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-471489040-2664526950-1667590331-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-471489040-2664526950-1667590331-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.pt/"
FF - prefs.js..extensions.enabledItems: pt-PT@dictionaries.addons.mozilla.org:11.3.25.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.2.556
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-08-05 19:55:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-03-24 19:26:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-04-13 20:24:19 | 000,000,000 | ---D | M]

[2009-01-30 02:09:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paula Andrade\AppData\Roaming\mozilla\Extensions
[2011-04-13 20:37:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paula Andrade\AppData\Roaming\mozilla\Firefox\Profiles\h10dh0wc.default\extensions
[2010-09-18 01:45:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Paula Andrade\AppData\Roaming\mozilla\Firefox\Profiles\h10dh0wc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010-02-13 17:59:33 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Paula Andrade\AppData\Roaming\mozilla\Firefox\Profiles\h10dh0wc.default\extensions\firefox@tvunetworks.com
[2011-03-27 22:01:38 | 000,000,000 | ---D | M] (Corretor para Português Europeu) -- C:\Users\Paula Andrade\AppData\Roaming\mozilla\Firefox\Profiles\h10dh0wc.default\extensions\pt-PT@dictionaries.addons.mozilla.org
[2010-12-07 22:19:54 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Paula Andrade\AppData\Roaming\mozilla\Firefox\Profiles\h10dh0wc.default\extensions\vshare@toolbar
[2010-04-17 16:19:17 | 000,000,571 | ---- | M] () -- C:\Users\Paula Andrade\AppData\Roaming\Mozilla\Firefox\Profiles\h10dh0wc.default\searchplugins\dicionrio-priberam.xml
[2009-01-30 02:47:18 | 000,002,119 | ---- | M] () -- C:\Users\Paula Andrade\AppData\Roaming\Mozilla\Firefox\Profiles\h10dh0wc.default\searchplugins\pesquisa-de-vdeos-do-youtube.xml
[2011-04-09 13:16:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programas\Mozilla Firefox\extensions
[2010-05-25 22:46:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-08-30 18:52:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010-11-07 04:57:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011-04-05 00:22:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011-04-09 13:16:12 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Programas\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2009-05-10 21:34:51 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009-09-09 20:28:56 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009-12-27 19:02:31 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010-04-01 13:49:36 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
[2010-05-25 22:46:33 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-08-30 18:52:57 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010-11-07 04:57:12 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011-04-05 00:22:21 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011-04-09 13:16:12 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\LINKFILTER@KASPERSKY.RU
[2011-02-02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programas\Mozilla Firefox\plugins\npdeployJava1.dll
[2011-03-07 19:58:21 | 000,001,525 | ---- | M] () -- C:\Programas\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011-03-07 19:58:21 | 000,001,529 | ---- | M] () -- C:\Programas\Mozilla Firefox\searchplugins\priberam.xml
[2011-03-07 19:58:21 | 000,002,071 | ---- | M] () -- C:\Programas\Mozilla Firefox\searchplugins\sapo.xml
[2011-03-07 19:58:21 | 000,000,942 | ---- | M] () -- C:\Programas\Mozilla Firefox\searchplugins\wikipedia-ptpt.xml
[2011-03-07 19:58:21 | 000,000,953 | ---- | M] () -- C:\Programas\Mozilla Firefox\searchplugins\yahoo-br.xml

Hosts file not found
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programas\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Programas\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programas\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [HSON] C:\Programas\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Programas\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KeNotify] C:\Programas\TOSHIBA\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Programas\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [PrintDisp] C:\Windows\System32\PrintDisp.exe (ActMask Co.,Ltd - http://www.all2pdf.com)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Programas\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Programas\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [TPwrMain] C:\Programas\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-471489040-2664526950-1667590331-1000..\Run: [{79C2D018-E41C-D1D4-CA38-974B6EF47836}] C:\Users\Paula Andrade\Ziexi\wayn.exe ()
O4 - HKU\S-1-5-21-471489040-2664526950-1667590331-1000..\Run: [SUPERAntiSpyware] C:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-471489040-2664526950-1667590331-1000..\Run: [TOSCDSPD] File not found
O4 - HKU\S-1-5-21-471489040-2664526950-1667590331-1000..\RunOnce: [Shockwave Updater] File not found
O4 - Startup: C:\Users\Paula Andrade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Iniciação Rápida do Microsoft Office OneNote 2007.lnk = C:\Programas\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Programas\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programas\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programas\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - File not found
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programas\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programas\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programas\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programas\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skyline {3a4f9195-65a8-11d5-85c1-0001023952c1} - C:\Programas\Skyline\TerraExplorer\TerraExplorerX.dll (Skyline software systems Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programas\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programas\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programas\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Users\Paula Andrade\AppData\Roaming\Microsoft\Windows Photo Gallery\DSCF8497.JPG
O24 - Desktop BackupWallPaper: C:\Users\Paula Andrade\AppData\Roaming\Microsoft\Windows Photo Gallery\DSCF8497.JPG
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{34249b88-b08c-11df-9598-001cbfb8fce5}\Shell\AutoRun\command - "" = DIJAMANTE\\veciti.exe
O33 - MountPoints2\{34249b88-b08c-11df-9598-001cbfb8fce5}\Shell\explore\command - "" = DIJAMANTE\\\veciti.exe
O33 - MountPoints2\{34249b88-b08c-11df-9598-001cbfb8fce5}\Shell\open\command - "" = DIJAMANTE\\\veciti.exe
O33 - MountPoints2\{87c331ae-a3c6-11df-8751-001eec032670}\Shell - "" = AutoRun
O33 - MountPoints2\{87c331ae-a3c6-11df-8751-001eec032670}\Shell\AutoRun\command - "" = D:\NPSAI.exe
O33 - MountPoints2\{a24642fb-d770-11dd-8f8c-001cbfb8fce5}\Shell - "" = AutoRun
O33 - MountPoints2\{a24642fb-d770-11dd-8f8c-001cbfb8fce5}\Shell\AutoRun\command - "" = D:\VMC_PBStarter.exe
O33 - MountPoints2\{a2464309-d770-11dd-8f8c-001cbfb8fce5}\Shell - "" = AutoRun
O33 - MountPoints2\{a2464309-d770-11dd-8f8c-001cbfb8fce5}\Shell\AutoRun\command - "" = D:\VMC_PBStarter.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\Users\Paula Andrade\Desktop\Maitê grava vídeo a pedir desculpa aos portugueses - JN - Google Chrome.flv.flv
[2011-04-13 20:23:39 | 000,000,000 | ---D | C] -- C:\Programas\Common Files\Adobe
[2011-04-13 20:09:35 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Paula Andrade\Desktop\OTL.exe
[2011-04-13 20:06:34 | 048,536,984 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Paula Andrade\Desktop\AdbeRdr1001_en_US.exe
[2011-04-13 19:59:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011-04-11 00:36:20 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2011-04-11 00:33:23 | 000,119,808 | ---- | C] (Atribune.org) -- C:\Users\Paula Andrade\Desktop\VundoFix.exe
[2011-04-10 22:20:36 | 000,000,000 | ---D | C] -- C:\Users\Paula Andrade\AppData\Roaming\SUPERAntiSpyware.com
[2011-04-10 22:20:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011-04-10 22:20:22 | 000,000,000 | ---D | C] -- C:\Programas\SUPERAntiSpyware
[2011-04-10 22:19:13 | 010,849,672 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Paula Andrade\Desktop\SUPERAntiSpyware.exe
[2011-04-10 22:18:55 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Paula Andrade\Desktop\mbam-setup-1.50.1.1100.exe
[2011-04-10 19:45:14 | 000,000,000 | ---D | C] -- C:\Users\Paula Andrade\Desktop\Tudo
[2011-04-09 16:01:55 | 000,000,000 | ---D | C] -- C:\!KillBox
[2011-04-09 15:26:37 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Paula Andrade\Desktop\HijackThis.exe
[2011-04-09 15:23:41 | 000,092,672 | ---- | C] (Option^Explicit Software vbtechcd@gmail.com) -- C:\Users\Paula Andrade\Desktop\KillBox.exe
[2011-04-09 13:16:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2011
[2011-04-09 13:13:24 | 000,000,000 | ---D | C] -- C:\Programas\Kaspersky Lab
[2011-04-09 13:13:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011-04-09 13:12:56 | 000,488,536 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2011-04-09 12:57:25 | 115,842,960 | ---- | C] (Kaspersky Lab) -- C:\Users\Paula Andrade\Desktop\kav11.0.2.556en.exe
[2011-04-09 12:54:51 | 000,000,000 | ---D | C] -- C:\Users\Paula Andrade\AppData\Roaming\Malwarebytes
[2011-04-09 12:54:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011-04-09 12:54:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011-04-09 12:54:30 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011-04-09 12:54:29 | 000,000,000 | ---D | C] -- C:\Programas\Malwarebytes' Anti-Malware
[2011-04-09 12:52:36 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Paula Andrade\Desktop\mbam-setup.exe
[2011-04-09 02:17:21 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011-04-09 02:15:47 | 000,000,000 | ---D | C] -- C:\Programas\CCleaner
[2011-04-09 02:12:59 | 003,050,664 | ---- | C] (Piriform Ltd) -- C:\Users\Paula Andrade\Desktop\ccsetup305.exe
[2011-04-09 02:07:58 | 000,000,000 | ---D | C] -- C:\Users\Paula Andrade\AppData\Roaming\Reviversoft
[2011-04-09 02:07:42 | 000,016,704 | ---- | C] (ReviverSoft) -- C:\Windows\System32\roboot.exe
[2011-04-09 02:07:42 | 000,000,000 | ---D | C] -- C:\Programas\Reviversoft
[2011-04-08 11:58:11 | 008,104,967 | ---- | C] (McAfee Inc.) -- C:\Users\Paula Andrade\Desktop\stinger10101504.exe
[2011-04-08 11:57:18 | 000,178,312 | ---- | C] (Symantec Corporation) -- C:\Users\Paula Andrade\Desktop\FxBgbear.exe
[2011-04-08 11:57:12 | 000,164,040 | ---- | C] (Symantec Corporation) -- C:\Users\Paula Andrade\Desktop\FixBugb.exe
[2011-04-08 11:56:36 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011-04-05 23:49:40 | 012,580,112 | ---- | C] (Mozilla) -- C:\Users\Paula Andrade\Desktop\Firefox Setup 4.0.exe
[2011-04-05 00:22:12 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011-04-05 00:22:12 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011-04-05 00:22:12 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011-03-28 19:39:16 | 000,000,000 | ---D | C] -- C:\Users\Paula Andrade\Desktop\Censos 2011
[2011-03-26 18:11:12 | 000,000,000 | ---D | C] -- C:\Users\Paula Andrade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2011-03-26 17:42:30 | 000,000,000 | ---D | C] -- C:\Users\Paula Andrade\Documents\Alcohol 120%
[2011-03-23 20:31:31 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011-03-23 20:31:31 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2009-02-12 14:49:30 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxbkusb1.dll
[2009-02-12 14:49:30 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbkinpa.dll
[2009-02-12 14:49:30 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbkiesc.dll
[2009-02-12 14:49:30 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXBKhcp.dll
[2009-02-12 14:49:29 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbkserv.dll
[2009-02-12 14:49:29 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbkpmui.dll
[2009-02-12 14:49:29 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbkprox.dll
[2009-02-12 14:49:29 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbkpplc.dll
[2009-02-12 14:49:28 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbkhbn3.dll
[2009-02-12 14:49:28 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbklmpm.dll
[2009-02-12 14:49:28 | 000,385,704 | ---- | C] ( ) -- C:\Windows\System32\lxbkih.exe
[2009-02-12 14:49:27 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbkcomc.dll
[2009-02-12 14:49:27 | 000,537,256 | ---- | C] ( ) -- C:\Windows\System32\lxbkcoms.exe
[2009-02-12 14:49:27 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbkcomm.dll
[2009-02-12 14:49:27 | 000,381,608 | ---- | C] ( ) -- C:\Windows\System32\lxbkcfg.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\Users\Paula Andrade\Desktop\Maitê grava vídeo a pedir desculpa aos portugueses - JN - Google Chrome.flv.flv
[2011-04-13 20:31:47 | 000,001,008 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011-04-13 20:29:57 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011-04-13 20:29:57 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011-04-13 20:29:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-04-13 20:29:43 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2011-04-13 20:24:19 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011-04-13 20:17:44 | 048,536,984 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Paula Andrade\Desktop\AdbeRdr1001_en_US.exe
[2011-04-13 20:11:05 | 000,001,012 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011-04-13 20:09:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Paula Andrade\Desktop\OTL.exe
[2011-04-11 22:11:10 | 000,625,664 | ---- | M] () -- C:\Users\Paula Andrade\Desktop\dds.scr
[2011-04-11 13:36:56 | 000,659,894 | ---- | M] () -- C:\Windows\System32\prfh0816.dat
[2011-04-11 13:36:56 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011-04-11 13:36:56 | 000,131,142 | ---- | M] () -- C:\Windows\System32\prfc0816.dat
[2011-04-11 13:36:56 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011-04-11 01:13:57 | 000,002,603 | ---- | M] () -- C:\Users\Paula Andrade\Desktop\Excel.lnk
[2011-04-11 00:33:26 | 000,119,808 | ---- | M] (Atribune.org) -- C:\Users\Paula Andrade\Desktop\VundoFix.exe
[2011-04-10 22:22:23 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-04-10 22:20:33 | 000,001,805 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011-04-10 22:19:50 | 010,849,672 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Paula Andrade\Desktop\SUPERAntiSpyware.exe
[2011-04-10 22:19:41 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Paula Andrade\Desktop\mbam-setup-1.50.1.1100.exe
[2011-04-09 16:55:48 | 000,092,882 | ---- | M] () -- C:\Users\Paula Andrade\Desktop\cc_20110409_165528.reg
[2011-04-09 16:46:43 | 000,453,632 | ---- | M] () -- C:\Users\Paula Andrade\Desktop\CKScanner.exe
[2011-04-09 15:26:38 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Paula Andrade\Desktop\HijackThis.exe
[2011-04-09 15:23:44 | 000,092,672 | ---- | M] (Option^Explicit Software vbtechcd@gmail.com) -- C:\Users\Paula Andrade\Desktop\KillBox.exe
[2011-04-09 15:21:25 | 000,047,722 | ---- | M] () -- C:\Users\Paula Andrade\Desktop\f-bugbr.zip
[2011-04-09 13:43:59 | 000,002,493 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011-04-09 13:34:09 | 000,115,267 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2011-04-09 13:34:09 | 000,097,859 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2011-04-09 13:12:56 | 000,488,536 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2011-04-09 12:59:44 | 115,842,960 | ---- | M] (Kaspersky Lab) -- C:\Users\Paula Andrade\Desktop\kav11.0.2.556en.exe
[2011-04-09 12:53:56 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Paula Andrade\Desktop\mbam-setup.exe
[2011-04-09 02:13:08 | 003,050,664 | ---- | M] (Piriform Ltd) -- C:\Users\Paula Andrade\Desktop\ccsetup305.exe
[2011-04-08 11:58:25 | 008,104,967 | ---- | M] (McAfee Inc.) -- C:\Users\Paula Andrade\Desktop\stinger10101504.exe
[2011-04-08 11:57:19 | 000,178,312 | ---- | M] (Symantec Corporation) -- C:\Users\Paula Andrade\Desktop\FxBgbear.exe
[2011-04-08 11:57:13 | 000,164,040 | ---- | M] (Symantec Corporation) -- C:\Users\Paula Andrade\Desktop\FixBugb.exe
[2011-04-05 23:52:04 | 012,580,112 | ---- | M] (Mozilla) -- C:\Users\Paula Andrade\Desktop\Firefox Setup 4.0.exe
[2011-03-26 18:14:27 | 000,000,124 | ---- | M] () -- C:\Users\Paula Andrade\Documents\ax_files.xml
[2011-03-26 18:11:13 | 000,000,900 | ---- | M] () -- C:\Users\Paula Andrade\Desktop\Revo Uninstaller.lnk
[2011-03-20 05:35:40 | 000,000,458 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{76757496-0F36-4228-BD15-54FCD1F5BDDB}.job
[2011-03-17 21:13:31 | 000,040,541 | ---- | M] () -- C:\Users\Paula Andrade\Desktop\Rooster.mp3
[2011-03-16 13:28:20 | 000,016,704 | ---- | M] (ReviverSoft) -- C:\Windows\System32\roboot.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011-04-13 20:24:19 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011-04-13 20:24:19 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011-04-11 23:52:58 | 2137,448,448 | -HS- | C] () -- C:\hiberfil.sys
[2011-04-11 22:10:56 | 000,625,664 | ---- | C] () -- C:\Users\Paula Andrade\Desktop\dds.scr
[2011-04-10 22:20:33 | 000,001,805 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011-04-09 16:55:43 | 000,092,882 | ---- | C] () -- C:\Users\Paula Andrade\Desktop\cc_20110409_165528.reg
[2011-04-09 16:46:37 | 000,453,632 | ---- | C] () -- C:\Users\Paula Andrade\Desktop\CKScanner.exe
[2011-04-09 15:21:14 | 000,047,722 | ---- | C] () -- C:\Users\Paula Andrade\Desktop\f-bugbr.zip
[2011-04-09 13:15:54 | 000,115,267 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2011-04-09 13:15:54 | 000,097,859 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2011-04-09 12:54:37 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-04-08 11:58:22 | 000,001,977 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011-04-08 11:58:22 | 000,001,124 | ---- | C] () -- C:\Users\Paula Andrade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Iniciação Rápida do Microsoft Office OneNote 2007.lnk
[2011-03-26 17:55:55 | 000,000,124 | ---- | C] () -- C:\Users\Paula Andrade\Documents\ax_files.xml
[2011-03-17 21:13:26 | 000,040,541 | ---- | C] () -- C:\Users\Paula Andrade\Desktop\Rooster.mp3
[2010-12-28 21:56:10 | 000,024,880 | ---- | C] () -- C:\Windows\System32\drivers\OXUDIDRV_x32.sys
[2010-08-05 19:54:34 | 000,023,204 | ---- | C] () -- C:\Windows\hpqins15.dat.temp
[2010-07-18 15:35:01 | 001,391,616 | ---- | C] () -- C:\Windows\System32\ActPDF.dll
[2010-07-18 15:34:27 | 000,691,200 | ---- | C] () -- C:\Windows\System32\PrintLog.exe
[2010-07-18 15:34:27 | 000,524,288 | ---- | C] () -- C:\Windows\System32\PrtPass.exe
[2010-07-18 14:15:56 | 000,075,776 | ---- | C] () -- C:\Windows\cadkasdeinst01e.exe
[2010-06-06 17:01:24 | 000,172,973 | ---- | C] () -- C:\Windows\hpoins36.dat
[2010-04-24 02:26:23 | 000,000,000 | ---- | C] () -- C:\Users\Paula Andrade\AppData\Roaming\AVSMediaPlayer.m3u
[2010-04-16 21:11:42 | 000,000,288 | ---- | C] () -- C:\Windows\ODBC.INI
[2010-04-16 21:11:41 | 000,001,644 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010-04-12 03:08:25 | 000,522,928 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2010-03-30 00:09:33 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Organic
[2010-03-30 00:09:33 | 000,000,268 | RH-- | C] () -- C:\Users\Paula Andrade\AppData\Roaming\Nature
[2010-03-30 00:09:33 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Percussion Kit
[2010-03-30 00:09:32 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2010-03-30 00:06:38 | 000,000,268 | RH-- | C] () -- C:\ProgramData\NetServices
[2010-03-30 00:06:38 | 000,000,268 | RH-- | C] () -- C:\Users\Paula Andrade\AppData\Roaming\Metadata Importer
[2010-03-30 00:06:38 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2010-03-30 00:06:38 | 000,000,012 | RH-- | C] () -- C:\ProgramData\PPD Plugins
[2010-03-01 02:01:21 | 000,023,191 | ---- | C] () -- C:\Windows\hpqins15.dat
[2009-10-20 20:24:09 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009-10-20 20:24:09 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009-09-28 10:55:38 | 000,052,656 | ---- | C] () -- C:\Windows\System32\drivers\OXSDIDRV_x32.sys
[2009-09-28 10:55:16 | 000,048,688 | ---- | C] () -- C:\Windows\System32\OXSDICIN_x32.dll
[2009-09-24 00:46:04 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009-09-09 18:01:40 | 000,027,675 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2009-06-24 10:40:36 | 000,000,652 | ---- | C] () -- C:\Windows\hpomdl36.dat
[2009-05-29 16:52:26 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009-05-29 16:47:06 | 000,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009-05-25 13:04:57 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009-02-12 14:53:13 | 000,000,093 | ---- | C] () -- C:\Windows\Lexstat.ini
[2009-02-12 14:49:30 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxbkutil.dll
[2009-02-12 14:49:30 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXBKinst.dll
[2009-01-21 13:31:05 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008-10-14 14:56:21 | 000,011,845 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2008-09-14 15:46:47 | 000,000,680 | ---- | C] () -- C:\Users\Paula Andrade\AppData\Local\d3d9caps.dat
[2008-05-01 19:27:00 | 000,097,792 | ---- | C] () -- C:\Users\Paula Andrade\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007-10-25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007-10-17 11:27:34 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2007-10-17 11:27:33 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007-10-17 11:27:33 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007-10-17 11:27:29 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007-10-17 11:24:25 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007-10-17 11:24:25 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007-10-17 11:24:25 | 000,010,151 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007-10-17 11:24:25 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007-09-04 12:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007-07-13 15:33:31 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007-07-13 15:33:31 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007-07-13 15:33:31 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007-07-13 15:33:31 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007-07-13 15:33:31 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007-07-13 15:33:31 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007-07-13 15:16:32 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2007-07-13 14:57:08 | 000,000,176 | R--- | C] () -- C:\Windows\System32\drivers\RTHDAEQ3.dat
[2007-07-13 14:57:08 | 000,000,176 | R--- | C] () -- C:\Windows\System32\drivers\RTHDAEQ2.dat
[2007-07-13 14:57:08 | 000,000,176 | R--- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2007-07-13 14:57:08 | 000,000,176 | R--- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2007-04-25 11:40:59 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007-02-07 18:57:50 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
[2007-02-05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2007-01-22 09:49:34 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxbkcoin.dll
[2007-01-18 05:49:15 | 000,659,894 | ---- | C] () -- C:\Windows\System32\prfh0816.dat
[2007-01-18 05:49:15 | 000,332,682 | ---- | C] () -- C:\Windows\System32\prfi0816.dat
[2007-01-18 05:49:15 | 000,131,142 | ---- | C] () -- C:\Windows\System32\prfc0816.dat
[2007-01-18 05:49:15 | 000,039,514 | ---- | C] () -- C:\Windows\System32\prfd0816.dat
[2006-12-05 13:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006-11-02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006-11-02 13:47:37 | 000,404,384 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006-11-02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006-11-02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006-11-02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006-11-02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006-11-02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006-11-02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006-11-02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006-11-02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006-11-02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006-11-02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005-11-23 14:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[2005-10-05 13:19:32 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbkvs.dll
[2005-09-13 17:27:10 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxbkcnv5.dll
[2005-09-13 17:27:10 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxbkcnv4.dll
[2005-07-22 21:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== LOP Check ==========

[2008-05-01 01:14:49 | 000,000,000 | ---D | M] -- C:\Users\Paula Andrade\AppData\Roaming\DesktopSMS
[2009-01-26 23:04:20 | 000,000,000 | ---D | M] -- C:\Users\Paula Andrade\AppData\Roaming\EuroTalk
[2010-08-29 19:15:24 | 000,000,000 | ---D | M] -- C:\Users\Paula Andrade\AppData\Roaming\FreeMoviesToDVD
[2010-08-13 13:35:43 | 000,000,000 | ---D | M] -- C:\Users\Paula Andrade\AppData\Roaming\GetRightToGo
[2010-07-19 22:25:31 | 000,000,000 | ---D | M] -- C:\Users\Paula Andrade\AppData\Roaming\Iceni
[2010-03-30 14:43:02 | 000,000,000 | ---D | M] -- C:\Users\Paula Andrade\AppData\Roaming\Nikon
[2011-04-09 02:07:58 | 000,000,000 | ---D | M] -- C:\Users\Paula Andrade\AppData\Roaming\Reviversoft
[2010-08-09 20:17:53 | 000,000,000 | ---D | M] -- C:\Users\Paula Andrade\AppData\Roaming\Samsung
[2010-07-29 21:48:23 | 000,000,000 | ---D | M] -- C:\Users\Paula Andrade\AppData\Roaming\Teleca
[2008-05-25 18:49:08 | 000,000,000 | ---D | M] -- C:\Users\Paula Andrade\AppData\Roaming\Toshiba
[2010-04-19 19:24:45 | 000,000,000 | ---D | M] -- C:\Users\Paula Andrade\AppData\Roaming\Uniblue
[2009-12-20 20:53:50 | 000,000,000 | ---D | M] -- C:\Users\Paula Andrade\AppData\Roaming\VistaCodecs
[2009-01-03 16:38:21 | 000,000,000 | ---D | M] -- C:\Users\Paula Andrade\AppData\Roaming\VSRevoGroup
[2011-02-07 02:58:01 | 000,000,000 | ---D | M] -- C:\Users\Paula Andrade\AppData\Roaming\Windows Live Writer
[2011-04-13 20:28:49 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011-03-20 05:35:40 | 000,000,458 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{76757496-0F36-4228-BD15-54FCD1F5BDDB}.job

========== Purity Check ==========



< End of report >
artolassss
Regular Member
 
Posts: 16
Joined: April 9th, 2011, 12:11 pm

Re: Double accent

Unread postby artolassss » April 14th, 2011, 3:07 pm

OTL Extras logfile created on: 13-04-2011 20:41:29 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Paula Andrade\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000816 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 46,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 93,16 Gb Total Space | 27,27 Gb Free Space | 29,27% Space Free | Partition Type: NTFS
Drive E: | 91,69 Gb Total Space | 74,44 Gb Free Space | 81,19% Space Free | Partition Type: NTFS

Computer Name: PAULAANDRADE-PC | User Name: Paula Andrade | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-471489040-2664526950-1667590331-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2D68596B-41EE-4AC4-8573-4697AD318A89}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{7212A921-7E73-45CC-A9AF-4A4203536B74}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{EA65C1AA-8C76-4141-ADF6-F011F5CE085A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{233B1082-0203-40D3-8E71-785571A8D052}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{2580DA19-1CE9-475F-A193-46EC0DEAE7D9}" = protocol=17 | dir=in | app=c:\windows\system32\lxbkcoms.exe |
"{2B18E2F4-99AA-420A-9BFC-5E87A1C7EC22}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{360507BD-EA23-49C1-94A7-749B536CB497}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{38D92314-EDD6-417F-B026-60546DBB8A53}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{397C14C8-4659-47D9-A734-0CE5E141F5C2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{43B390FD-5ABC-4A89-896D-9F6436318F9D}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{4B20BC41-DE2B-49C3-9CA8-A9C63B994DED}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{6998F83F-D0E6-4D47-8E49-B22398740FC4}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{6EDF310D-59C6-4B55-9F51-7E8820E89691}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{7C7553C4-CC22-4A3A-A67D-C5C26236B90C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{83266026-614B-43D7-A3C2-849E7464DEC2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{8DAB52B4-0227-4812-AFD7-052BF655CF7A}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{9158A217-6BDF-4D83-9CCF-08D03863BDC8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{AE68C12F-A51B-431C-B16B-2DF7EB191B64}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{B3C86905-884C-4F3A-AB5D-34DB70028829}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{B6105322-35F8-4FEA-988D-DDE182DCD71C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{B9D37817-9300-4139-9835-F3E9920D435D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{BEF8BC66-62F9-4B75-A127-D68CFC13C403}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{C1A1DC85-8503-492B-9AF5-9B473D834998}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C6C286BA-1398-455C-8DAC-C6D5D37499B0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{EC6ABEC4-ACAB-444A-9DA5-ABB06A2D28D5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{F165669B-B8EA-41B3-B12F-1E4F744AB7C8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{F1803B79-CD50-49FB-9D14-31D89BDA2CF9}" = protocol=6 | dir=in | app=c:\windows\system32\lxbkcoms.exe |
"{FA9AD13F-656B-41F4-B265-A5C223061969}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{02FA8388-67D2-4482-BCFB-1FD0465AC1DA}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{12FD6E31-7604-476F-BBEF-4E8BADED9276}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{3A6DAE27-897E-48DE-9A92-5E946617664E}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{77EE6DE7-3F0F-4D64-9FFD-8FF4FA516F46}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{7C5A50C2-02FD-466C-B059-BDE87B2D47B2}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{4C57C1B6-1336-4DF3-91E8-55B41261E4D7}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{52EEAD6C-E566-4550-89A6-C781C3479E3F}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{7884AFAE-FADB-4074-908B-2A3F790BA3F3}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{882D0530-FD62-45DA-8F52-E0A271CFBBD4}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{E6CC8494-8D58-4E16-91F5-A86EEBA9D6CD}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00405945-70C1-4B1D-9A3C-45A2883366AF}" = PS_AIO_05_C4600_Software_Min
"{04FCD5DE-1662-4F99-BDA9-C57212113EF2}" = RemoteComms External Disk Access
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25BEC3AB-5CD4-481D-9143-215C1BBB189E}" = Sony Ericsson PC Suite
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{31B620F7-A6E7-4F91-AF10-6EC9DB2EA564}" = ArcSoft Panorama Maker 5
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3A09ED0F-8DDF-47BB-B53D-841AB9D1D3A7}" = Complemento Messenger
"{3BC3B1A5-30E3-4DDB-BE08-E7262B838B5F}" = Windows Live Remote Client Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{44C81D1A-0520-49BB-B510-98B8DD414EA1}" = HP Photosmart C4600 All-In-One Driver Software 13.0 Rel .5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{587139F5-9B76-4D5A-94C6-76E6B219BF7F}" = Windows Live Sync
"{597E70FF-7C46-4EED-8092-91B7C2E0529D}" = Google SketchUp 7
"{5980B928-1C95-4B3E-957B-B02D8147FF9E}" = Desktop SMS
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{62A2F901-2962-439B-AB2B-83C02B849B4B}" = Talk Now
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{76046298-768C-492C-8C93-2983C9E3719E}" = Windows Live UX Platform Language Pack
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{7B1DBCBE-DF17-3B58-844C-F572F70EF5C4}" = Microsoft .NET Framework 3.5 Language Pack SP1 - ptg
"{7CDD7C4C-5224-40E4-951F-51C12FEAB8AB}" = C4600
"{82EE333F-45A9-4585-A5D9-31FE16B7FB25}" = Windows Live Remote Service Resources
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0816-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Portugal)) 2007
"{90120000-0015-0816-0000-0000000FF1CE}_ENTERPRISE_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0816-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Portugal)) 2007
"{90120000-0016-0816-0000-0000000FF1CE}_ENTERPRISE_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0816-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2007
"{90120000-0018-0816-0000-0000000FF1CE}_ENTERPRISE_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0816-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Portugal)) 2007
"{90120000-0019-0816-0000-0000000FF1CE}_ENTERPRISE_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0816-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Portugal)) 2007
"{90120000-001A-0816-0000-0000000FF1CE}_ENTERPRISE_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0816-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Portugal)) 2007
"{90120000-001B-0816-0000-0000000FF1CE}_ENTERPRISE_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0816-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Portugal)) 2007
"{90120000-001F-0816-0000-0000000FF1CE}_ENTERPRISE_{C312E1CD-EC19-4270-A072-F36F634DFF79}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0816-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Portugal)) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0816-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Portugal)) 2007
"{90120000-0044-0816-0000-0000000FF1CE}_ENTERPRISE_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0816-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Portugal)) 2007
"{90120000-006E-0816-0000-0000000FF1CE}_ENTERPRISE_{A8523DA4-5563-4F0E-BD9D-4E4CC3CF7239}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0816-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Portugal)) 2007
"{90120000-00A1-0816-0000-0000000FF1CE}_ENTERPRISE_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0816-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Portugal)) 2007
"{90120000-00BA-0816-0000-0000000FF1CE}_ENTERPRISE_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0816-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = Silenciador Acúst. Unid. CD/DVD
"{A6D4234C-CB02-4048-AC3E-AD09404FA35A}" = Emdedded IR Driver
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC2A2343-4144-48E7-B693-A1B44EA5FAEF}" = Windows Live Family Safety
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}" = Sony Ericsson Drivers
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C8616041-2802-4DE2-B3BD-6285AAD65C2A}" = Nikon RAW Codec
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F803D042-5A46-42E8-86CA-C8A0A5C63518}" = Iomega Encryption
"{F855451C-21E2-3034-B042-E1E66923548A}" = Microsoft .NET Framework 4 Client Profile PTG Language Pack
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"4041-6604-5356-9626" = IRS - Modelo 3 v2.0.8
"43442AE9-6512-4392-B5DD-9167BECD1114_is1" = Infix 4.04
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"CCleaner" = CCleaner
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Videos To DVD_is1" = Free Videos To DVD V 3.2.0
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Palavra-passe do supervisor
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{A6D4234C-CB02-4048-AC3E-AD09404FA35A}" = Emdedded IR Driver
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
"Lexmark X1100 Series" = Lexmark X1100 Series
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - ptg" = Microsoft .NET Framework 3.5 Language Pack SP1 - PTG
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PTG Language Pack" = Microsoft .NET Framework 4 Client Profile PTG Language Pack
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Picasa 3" = Picasa 3
"Revo Uninstaller" = Revo Uninstaller 1.91
"Shop for HP Supplies" = Shop for HP Supplies
"TerraExplorer" = TerraExplorer
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = Compressor WinRAR

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10-04-2011 20:13:34 | Computer Name = PaulaAndrade-PC | Source = Application Hang | ID = 1002
Description = O programa VundoFix.exe versão 7.0.0.6 parou de interagir com o Windows
e foi fechado. Para verificar se existem outras informações disponíveis sobre o
problema, consulte o histórico de problemas em Relatórios e Soluções de Problemas
do Painel de Controlo. ID do Processo: 154c Hora de Início: 01cbf7d8044e997c Hora
de Fim: 10

Error - 10-04-2011 20:18:47 | Computer Name = PaulaAndrade-PC | Source = EventSystem | ID = 4609
Description =

Error - 11-04-2011 08:35:49 | Computer Name = PaulaAndrade-PC | Source = Application Error | ID = 1000
Description = Aplicação em falha avp.exe, versão 11.0.2.571, carimbo de data/hora
0x4cd05f34, módulo em falha ntdll.dll, versão 6.0.6002.18327, carimbo de data/hora
0x4cb750b6, código de excepção 0xc0000005, desvio da falha 0x0004a2d4, ID do processo
0x54c, hora de início da aplicação 0x01cbf844a15786df.

Error - 11-04-2011 17:08:01 | Computer Name = PaulaAndrade-PC | Source = Application Error | ID = 1000
Description = Aplicação em falha avp.exe, versão 11.0.2.571, carimbo de data/hora
0x4cd05f34, módulo em falha ntdll.dll, versão 6.0.6002.18327, carimbo de data/hora
0x4cb750b6, código de excepção 0xc0000005, desvio da falha 0x0004a2d4, ID do processo
0xeb0, hora de início da aplicação 0x01cbf88c500823b7.

Error - 11-04-2011 17:55:20 | Computer Name = PaulaAndrade-PC | Source = EventSystem | ID = 4609
Description =

Error - 11-04-2011 18:57:49 | Computer Name = PaulaAndrade-PC | Source = Application Error | ID = 1000
Description = Aplicação em falha avp.exe, versão 11.0.2.571, carimbo de data/hora
0x4cd05f34, módulo em falha ntdll.dll, versão 6.0.6002.18327, carimbo de data/hora
0x4cb750b6, código de excepção 0xc0000005, desvio da falha 0x0004a2d4, ID do processo
0x9c0, hora de início da aplicação 0x01cbf89bac045d1e.

Error - 12-04-2011 07:01:23 | Computer Name = PaulaAndrade-PC | Source = Application Error | ID = 1000
Description = Aplicação em falha avp.exe, versão 11.0.2.571, carimbo de data/hora
0x4cd05f34, módulo em falha ntdll.dll, versão 6.0.6002.18327, carimbo de data/hora
0x4cb750b6, código de excepção 0xc0000005, desvio da falha 0x0004a2d4, ID do processo
0x125c, hora de início da aplicação 0x01cbf900bf161fe1.

Error - 13-04-2011 14:55:59 | Computer Name = PaulaAndrade-PC | Source = VSS | ID = 8194
Description =

Error - 13-04-2011 14:58:40 | Computer Name = PaulaAndrade-PC | Source = VSS | ID = 8194
Description =

Error - 13-04-2011 15:34:20 | Computer Name = PaulaAndrade-PC | Source = Application Error | ID = 1000
Description = Aplicação em falha avp.exe, versão 11.0.2.571, carimbo de data/hora
0x4cd05f34, módulo em falha ntdll.dll, versão 6.0.6002.18327, carimbo de data/hora
0x4cb750b6, código de excepção 0xc0000005, desvio da falha 0x0004a2d4, ID do processo
0xd90, hora de início da aplicação 0x01cbfa117eeee1ad.

[ OSession Events ]
Error - 19-01-2011 09:09:29 | Computer Name = PaulaAndrade-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 233
seconds with 180 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 11-04-2011 17:56:08 | Computer Name = PaulaAndrade-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 11-04-2011 18:54:44 | Computer Name = PaulaAndrade-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12-04-2011 06:56:06 | Computer Name = PaulaAndrade-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12-04-2011 14:57:04 | Computer Name = PaulaAndrade-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 13-04-2011 06:41:06 | Computer Name = PaulaAndrade-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 13-04-2011 15:00:14 | Computer Name = PaulaAndrade-PC | Source = DCOM | ID = 10005
Description =

Error - 13-04-2011 15:00:14 | Computer Name = PaulaAndrade-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 13-04-2011 15:00:14 | Computer Name = PaulaAndrade-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 13-04-2011 15:28:30 | Computer Name = PaulaAndrade-PC | Source = DCOM | ID = 10010
Description =

Error - 13-04-2011 15:31:27 | Computer Name = PaulaAndrade-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >
artolassss
Regular Member
 
Posts: 16
Joined: April 9th, 2011, 12:11 pm

Re: Double accent

Unread postby askey127 » April 14th, 2011, 7:23 pm

artolassss,
--------------------------------------------
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    (Vista - W7 users: Right-click and select "Run As Administrator")
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the main directory of C:
    (the dd.mm.yyyy_hh.mm.ss numbers in the filename represent the time/date stamp)
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Double accent

Unread postby artolassss » April 15th, 2011, 6:35 pm

Hi askey127,

I run TDSSKiller and nothing was found. But i'm in SAFE MODE because there are a lot of problems if i run windows normally:

windows explorer don't run;
kaspersky can't run;
and many other things happened.

And in safe mode there aren't double accent problem "OLÁ!" (portuguese word to "HI!") if I didn't write in safe mode: "OL´´A!"

Thanks very much,
artolassss
artolassss
Regular Member
 
Posts: 16
Joined: April 9th, 2011, 12:11 pm

Re: Double accent

Unread postby askey127 » April 16th, 2011, 7:58 am

artolassss,
aswMBR
Download aswMBR and save it to your Desktop.

  • Right Click aswMBR.exe and choose "Run as administrator" to run it.
  • Click the Scan button.
  • After a short while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
  • Click OK
  • Two files will be created, aswMBR.txt & a file named MBR.dat
  • Save MBR.dat to a USB flash drive. This is a backup of your Master Boot Record. Do not delete this file.
  • NOTE: Do not click to fix anything at this stage!
  • Click EXIT.
  • Copy & Paste the contents of aswMBR.txt into your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Double accent

Unread postby artolassss » April 16th, 2011, 10:03 am

aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software
Run date: 2011-04-16 15:00:57
-----------------------------
15:00:57.834 OS Version: Windows 6.0.6002 Service Pack 2
15:00:57.834 Number of processors: 2 586 0xF0B
15:00:57.834 ComputerName: PAULAANDRADE-PC UserName: Paula Andrade
15:00:58.489 Initialize success
15:01:05.774 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
15:01:05.774 Disk 0 Vendor: Hitachi_ BBDO Size: 190782MB BusType: 3
15:01:05.790 Disk 0 MBR read successfully
15:01:05.805 Disk 0 MBR scan
15:01:05.805 Disk 0 scanning sectors +390721536
15:01:05.837 Disk 0 scanning C:\Windows\system32\drivers
15:01:14.775 Service scanning
15:01:17.973 Disk 0 trace - called modules:
15:01:17.989 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
15:01:17.989 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86a262e0]
15:01:17.989 3 CLASSPNP.SYS[8956c8b3] -> nt!IofCallDriver -> [0x8605b7b8]
15:01:18.005 5 acpi.sys[805c06bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8604e030]
15:01:18.005 Scan finished successfully


thanks, artolassss
artolassss
Regular Member
 
Posts: 16
Joined: April 9th, 2011, 12:11 pm

Re: Double accent

Unread postby askey127 » April 17th, 2011, 7:18 am

artolassss,
Those look OK.
Let's check some more things:
-----------------------------------------------
Please download MiniToolBox and run it.
Check ONLY the following in the list:
  • Flush DNS
  • Report IE Proxy Settings
  • List IP configuration
  • List Windows version, partitions, and memory size
Click GO and post the result (Result.txt).
-----------------------------------------
Check hard Drive for Errors
Open Notepad... then copy and paste the following line into Notepad:
(Notepad is in Start, Programs, Accessories)
Code: Select all
cmd  /c  chkdsk  c:  |find  /v  "percent"  >> "%userprofile%\desktop\checkhd.txt"

Now Save the NotePad file like this:
  • Click on File from the top menu bar.
  • Select Save As, use Filename: testhd.bat and Save As Type: All Files.
  • Choose Desktop as the location
  • Click Save.
Right click on testhd.bat on your desktop and select Run As Administrator to run it. OK the UAC.
A Command Prompt box will pop up, then close after a couple minutes.
Please post the contents of the checkhd.txt file from your desktop.
If the file is very long, just copy and paste the LAST 20 or 30 lines into your reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Double accent

Unread postby artolassss » April 17th, 2011, 2:53 pm

Both, Result.txt and checkhd.txt, are wrote in portuguese but I will post them:

Result.txt

MiniToolBox by Farbar
Ran by Paula Andrade (administrator) at 2011-04-17 18:14:07
Windows Vista (TM) Home Premium Service Pack 2 (X86)

***************************************************************************


================= Flush DNS: ==============================================

Configura‡Æo IP do Windows

Cache de resolu‡Æo DNS limpa com ˆxito.

================= End of Flush DNS ========================================

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= End of IE Proxy Settings ========================

================= IP Configuration: =======================================

# ----------------------------------
# Configura‡Æo IPv4
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
#Fim da configura‡Æo de IPv4



Configura‡Æo IP do Windows

Nome do sistema anfitriÆo. . . . .: PaulaAndrade-PC
Sufixo DNS principal. . . . . . . :
Tipo de n¢. . . . . . . . . . . . : H¡brido
Rota IP activada. . . . . . . . . : NÆo
WINS Proxy activado . . . . . . . : NÆo
Lista de procura de sufixo de DNS : lan

Placa de rede local sem fios Liga‡Æo de rede sem fios:

Sufixo DNS espec¡fico da liga‡Æo. : lan
Descri‡Æo . . . . . . . . . . . . : Intel(R) PRO/Wireless 3945ABG Network Connection
Endere‡o f¡sico . . . . . . . . . : 00-1C-BF-B8-FC-E5
DHCP activado . . . . . . . . . . : Sim
Autoconfigura‡Æo activada . . . . : Sim
Endere‡o IPv6 de local de liga‡Æo : fe80::41cc:cf93:d2c1:17f7%10(Preferido)
Endere‡o IPv4 . . . . . . . . . . . . . . : 192.168.1.64(Preferido)
M scara de sub-rede . . . . . . . : 255.255.255.0
ConcessÆo obtida. . . . . . . . . : s bado, 16 de Abril de 2011 20:17:34
ConcessÆo obtida v lida at‚ . . . : segunda-feira, 18 de Abril de 2011 17:54:09
Gateway predefinido . . . . . . . : 192.168.1.254
Servidor DHCP . . . . . . . . . . : 192.168.1.254
IAID DHCPv6 . . . . . . . . . . . : 234888383
DUID Cliente DHCPv6 . . . . . . . : 00-01-00-01-0F-A9-1E-7D-00-1E-EC-03-26-70
Servidores DNS. . . . . . . . . . : 192.168.1.254
NetBIOS atrav‚s de Tcpip. . . . . . . . . : Activado

Adaptador ethernet Liga‡Æo de µrea Local:

Estado do suporte . . . . . . . . : Suporte desligado
Sufixo DNS espec¡fico da liga‡Æo. :
Descri‡Æo . . . . . . . . . . . . : Realtek RTL8101E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
Endere‡o f¡sico . . . . . . . . . : 00-1E-EC-03-26-70
DHCP activado . . . . . . . . . . : Sim
Autoconfigura‡Æo activada . . . . : Sim

Adaptador Tunnel Liga‡Æo de  rea local*:

Sufixo DNS espec¡fico da liga‡Æo. :
Descri‡Æo . . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Endere‡o f¡sico . . . . . . . . . : 02-00-54-55-4E-01
DHCP activado . . . . . . . . . . : NÆo
Autoconfigura‡Æo activada . . . . : Sim
Endere‡o IPv6 . . . . . . . . . . : 2001:0:5ef5:79fd:1ccb:22dc:3f57:febf(Preferido)
Endere‡o IPv6 de local de liga‡Æo : fe80::1ccb:22dc:3f57:febf%8(Preferido)
Gateway predefinido . . . . . . . : ::
NetBios atrav‚s de TCP/IP . . . . : Desactivado

Adaptador Tunnel Liga‡Æo de  rea local* 2:

Estado do suporte . . . . . . . . : Suporte desligado
Sufixo DNS espec¡fico da liga‡Æo. :
Descri‡Æo . . . . . . . . . . . . : isatap.{A7140A94-F131-4CA1-AC50-C24D56E5873E}
Endere‡o f¡sico . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP activado . . . . . . . . . . : NÆo
Autoconfigura‡Æo activada . . . . : Sim

Adaptador Tunnel Liga‡Æo de  rea local* 3:

Estado do suporte . . . . . . . . : Suporte desligado
Sufixo DNS espec¡fico da liga‡Æo. :
Descri‡Æo . . . . . . . . . . . . : isatap.lan
Endere‡o f¡sico . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP activado . . . . . . . . . . : NÆo
Autoconfigura‡Æo activada . . . . : Sim
Servidor: dsldevice.lan
Address: 192.168.1.254

Nome: google.com
Addresses: 209.85.143.99
209.85.143.104



A fazer ping para google.com [209.85.143.99] com 32 bytes de dados:

Resposta de 209.85.143.99: bytes=32 tempo=54ms TTL=54

Resposta de 209.85.143.99: bytes=32 tempo=53ms TTL=54



Estat¡sticas de ping para 209.85.143.99:

Pacotes: Enviados = 2, Recebidos = 2,

Perdidos = 0 (perda: 0%),

Tempo aproximado de ida e volta em milissegundos:

M¡nimo = 53ms, M ximo = 54ms, M‚dia = 53ms

Servidor: dsldevice.lan
Address: 192.168.1.254

Nome: yahoo.com
Addresses: 209.191.122.70
67.195.160.76
69.147.125.65
72.30.2.43
98.137.149.56



A fazer ping para yahoo.com [209.191.122.70] com 32 bytes de dados:

Resposta de 209.191.122.70: bytes=32 tempo=201ms TTL=46

Resposta de 209.191.122.70: bytes=32 tempo=201ms TTL=46



Estat¡sticas de ping para 209.191.122.70:

Pacotes: Enviados = 2, Recebidos = 2,

Perdidos = 0 (perda: 0%),

Tempo aproximado de ida e volta em milissegundos:

M¡nimo = 201ms, M ximo = 201ms, M‚dia = 201ms



A fazer ping para 127.0.0.1 com 32 bytes de dados:

Resposta de 127.0.0.1: bytes=32 tempo<1 ms TTL=128

Resposta de 127.0.0.1: bytes=32 tempo<1 ms TTL=128



Estat¡sticas de ping para 127.0.0.1:

Pacotes: Enviados = 2, Recebidos = 2,

Perdidos = 0 (perda: 0%),

Tempo aproximado de ida e volta em milissegundos:

M¡nimo = 0ms, M ximo = 0ms, M‚dia = 0ms

===========================================================================
Lista de interface
10 ...00 1c bf b8 fc e5 ...... Intel(R) PRO/Wireless 3945ABG Network Connection
9 ...00 1e ec 03 26 70 ...... Realtek RTL8101E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
1 ........................... Software Loopback Interface 1
8 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
11 ...00 00 00 00 00 00 00 e0 isatap.{A7140A94-F131-4CA1-AC50-C24D56E5873E}
14 ...00 00 00 00 00 00 00 e0 isatap.lan
===========================================================================

IPv4 Tabela de rotas
===========================================================================
Rotas activas:
Destino de rede M scara de rede Gateway Interface M‚trica
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.64 30
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.64 286
192.168.1.64 255.255.255.255 On-link 192.168.1.64 286
192.168.1.255 255.255.255.255 On-link 192.168.1.64 286
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.64 286
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.64 286
===========================================================================
Rotas persistentes:
Nenhum

IPv6 Tabela de rotas
===========================================================================
Rotas activas:
Se destino de rede m‚trica Gateway
8 18 ::/0 On-link
1 306 ::1/128 On-link
8 18 2001::/32 On-link
8 266 2001:0:5ef5:79fd:1ccb:22dc:3f57:febf/128
On-link
10 286 fe80::/64 On-link
8 266 fe80::/64 On-link
8 266 fe80::1ccb:22dc:3f57:febf/128
On-link
10 286 fe80::41cc:cf93:d2c1:17f7/128
On-link
1 306 ff00::/8 On-link
8 266 ff00::/8 On-link
10 286 ff00::/8 On-link
===========================================================================
Rotas persistentes:
Nenhum

================= End of IP Configuration =================================

========================= Memory info: ====================================

Percentage of memory in use: 67%
Total physical RAM: 2037.69 MB
Available physical RAM: 654.53 MB
Total Pagefile: 4314.4 MB
Available Pagefile: 2580.73 MB
Total Virtual: 2047.88 MB
Available Virtual: 1979.66 MB

======================= Partitions: =======================================

1 Drive c: (Vista) (Fixed) (Total:93.16 GB) (Free:29.86 GB) NTFS
2 Drive e: (Data) (Fixed) (Total:91.69 GB) (Free:74.44 GB) NTFS

================= Users: ==================================================

Contas de utilizador para \\PAULAANDRADE-PC

-------------------------------------------------------------------------------
Administrador Convidado Paula Andrade
O comando foi conclu¡do com ˆxito.

================= End of Users ============================================
artolassss
Regular Member
 
Posts: 16
Joined: April 9th, 2011, 12:11 pm

Re: Double accent

Unread postby artolassss » April 17th, 2011, 2:54 pm

checkhd.txt

O tipo do sistema de ficheiros ‚ NTFS.
O volume est  a ser utilizado por outro processo. Chkdsk
pode relatar erros quando nÆo existe dano.
O nome do volume ‚ Vista.

AVISO! Parƒmetro F nÆo especificado.
A executar o CHKDSK no modo s¢ de leitura.

O CHKDSK est  a verificar os ficheiros (fase 1 de 3)...
0 por cento conclu¡do. (0 de 206656 registos de ficheiro processados)
0 por cento conclu¡do. (6785 de 206656 registos de ficheiro processados)
1 por cento conclu¡do. (20666 de 206656 registos de ficheiro processados)
1 por cento conclu¡do. (35693 de 206656 registos de ficheiro processados)
2 por cento conclu¡do. (41332 de 206656 registos de ficheiro processados)
2 por cento conclu¡do. (45120 de 206656 registos de ficheiro processados)
2 por cento conclu¡do. (45756 de 206656 registos de ficheiro processados)
2 por cento conclu¡do. (57473 de 206656 registos de ficheiro processados)
3 por cento conclu¡do. (61997 de 206656 registos de ficheiro processados)
4 por cento conclu¡do. (82663 de 206656 registos de ficheiro processados)
5 por cento conclu¡do. (103328 de 206656 registos de ficheiro processados)
5 por cento conclu¡do. (122081 de 206656 registos de ficheiro processados)
6 por cento conclu¡do. (123994 de 206656 registos de ficheiro processados)
7 por cento conclu¡do. (144660 de 206656 registos de ficheiro processados)
7 por cento conclu¡do. (161409 de 206656 registos de ficheiro processados)
8 por cento conclu¡do. (165325 de 206656 registos de ficheiro processados)
9 por cento conclu¡do. (185991 de 206656 registos de ficheiro processados)
206656 registos de ficheiros processados.

Verifica‡Æo dos ficheiros conclu¡da.
1119 registos de ficheiros grandes processados.

0 registos de ficheiros danificados processados.

0 registos EA processados.

67 registos de rean lise processados.

O CHKDSK est  a verificar os ¡ndices (fase 2 de 3)...
11 por cento conclu¡do. (4794 de 260006 entradas de ¡ndice processadas)
12 por cento conclu¡do. (9984 de 260006 entradas de ¡ndice processadas)
13 por cento conclu¡do. (15173 de 260006 entradas de ¡ndice processadas)
14 por cento conclu¡do. (20362 de 260006 entradas de ¡ndice processadas)
15 por cento conclu¡do. (25551 de 260006 entradas de ¡ndice processadas)
16 por cento conclu¡do. (30741 de 260006 entradas de ¡ndice processadas)
17 por cento conclu¡do. (35930 de 260006 entradas de ¡ndice processadas)
18 por cento conclu¡do. (41119 de 260006 entradas de ¡ndice processadas)
18 por cento conclu¡do. (44290 de 260006 entradas de ¡ndice processadas)
18 por cento conclu¡do. (45884 de 260006 entradas de ¡ndice processadas)
19 por cento conclu¡do. (46308 de 260006 entradas de ¡ndice processadas)
20 por cento conclu¡do. (51498 de 260006 entradas de ¡ndice processadas)
21 por cento conclu¡do. (56687 de 260006 entradas de ¡ndice processadas)
22 por cento conclu¡do. (61876 de 260006 entradas de ¡ndice processadas)
23 por cento conclu¡do. (67065 de 260006 entradas de ¡ndice processadas)
24 por cento conclu¡do. (72255 de 260006 entradas de ¡ndice processadas)
25 por cento conclu¡do. (77444 de 260006 entradas de ¡ndice processadas)
26 por cento conclu¡do. (82633 de 260006 entradas de ¡ndice processadas)
27 por cento conclu¡do. (87822 de 260006 entradas de ¡ndice processadas)
28 por cento conclu¡do. (93012 de 260006 entradas de ¡ndice processadas)
29 por cento conclu¡do. (98201 de 260006 entradas de ¡ndice processadas)
30 por cento conclu¡do. (103390 de 260006 entradas de ¡ndice processadas)
31 por cento conclu¡do. (108579 de 260006 entradas de ¡ndice processadas)
32 por cento conclu¡do. (113769 de 260006 entradas de ¡ndice processadas)
33 por cento conclu¡do. (118958 de 260006 entradas de ¡ndice processadas)
34 por cento conclu¡do. (124147 de 260006 entradas de ¡ndice processadas)
35 por cento conclu¡do. (129336 de 260006 entradas de ¡ndice processadas)
36 por cento conclu¡do. (134526 de 260006 entradas de ¡ndice processadas)
37 por cento conclu¡do. (139715 de 260006 entradas de ¡ndice processadas)
38 por cento conclu¡do. (144904 de 260006 entradas de ¡ndice processadas)
39 por cento conclu¡do. (150093 de 260006 entradas de ¡ndice processadas)
40 por cento conclu¡do. (155283 de 260006 entradas de ¡ndice processadas)
41 por cento conclu¡do. (160472 de 260006 entradas de ¡ndice processadas)
42 por cento conclu¡do. (165661 de 260006 entradas de ¡ndice processadas)
43 por cento conclu¡do. (170850 de 260006 entradas de ¡ndice processadas)
44 por cento conclu¡do. (176040 de 260006 entradas de ¡ndice processadas)
45 por cento conclu¡do. (181229 de 260006 entradas de ¡ndice processadas)
46 por cento conclu¡do. (186418 de 260006 entradas de ¡ndice processadas)
47 por cento conclu¡do. (191607 de 260006 entradas de ¡ndice processadas)
48 por cento conclu¡do. (196797 de 260006 entradas de ¡ndice processadas)
49 por cento conclu¡do. (201986 de 260006 entradas de ¡ndice processadas)
49 por cento conclu¡do. (206659 de 260006 entradas de ¡ndice processadas)
49 por cento conclu¡do. (206667 de 260006 entradas de ¡ndice processadas)
49 por cento conclu¡do. (206917 de 260006 entradas de ¡ndice processadas)
49 por cento conclu¡do. (207065 de 260006 entradas de ¡ndice processadas)
50 por cento conclu¡do. (207175 de 260006 entradas de ¡ndice processadas)
50 por cento conclu¡do. (207494 de 260006 entradas de ¡ndice processadas)
50 por cento conclu¡do. (207620 de 260006 entradas de ¡ndice processadas)
50 por cento conclu¡do. (207790 de 260006 entradas de ¡ndice processadas)
50 por cento conclu¡do. (208152 de 260006 entradas de ¡ndice processadas)
50 por cento conclu¡do. (208386 de 260006 entradas de ¡ndice processVerifica‡Æo dos ¡ndices conclu¡da.
0 ficheiros nÆo indexados processados.

O CHKDSK est  a verificar os descritores de seguran‡a (fase 3 de 3)...
60 por cento conclu¡do. (0 de 206656 descritores processados)
61 por cento conclu¡do. (12752 de 206656 descritores processados)
62 por cento conclu¡do. (28320 de 206656 descritores processados)
63 por cento conclu¡do. (43888 de 206656 descritores processados)
64 por cento conclu¡do. (59455 de 206656 descritores processados)
65 por cento conclu¡do. (75023 de 206656 descritores processados)
66 por cento conclu¡do. (90591 de 206656 descritores processados)
67 por cento conclu¡do. (106159 de 206656 descritores processados)
68 por cento conclu¡do. (121726 de 206656 descritores processados)
69 por cento conclu¡do. (137294 de 206656 descritores processados)
70 por cento conclu¡do. (152862 de 206656 descritores processados)
71 por cento conclu¡do. (168430 de 206656 descritores processados)
72 por cento conclu¡do. (183997 de 206656 descritores processados)
73 por cento conclu¡do. (199565 de 206656 descritores processados)
206656 descritores de seguran‡a processados.

Verifica‡Æo dos descritores de seguran‡a conclu¡da.
26676 ficheiros de dados processados.

O CHKDSK est  a verificar o di rio USN...
99 por cento conclu¡do. (0 de 36197368 bytes USN processados)
99 por cento conclu¡do. (12455936 de 36197368 bytes USN processados)
99 por cento conclu¡do. (25563136 de 36197368 bytes USN processados)
100 por cento conclu¡do. (36192256 de 36197368 bytes USN processados)
36197368 bytes USN processados.

Verifica‡Æo do di rio USN conclu¡da.
O Mapa de Bits do Volume est  incorrecto.
O Windows encontrou problemas no sistema de ficheiros.
Execute o CHKDSK com a op‡Æo /F (corrigir) para corrigir estes problemas.

97680383 KB de espa‡o total em disco.
65275184 KB em 140293 ficheiros.
81056 KB em 26677 ¡ndices.
0 KB em sectores danificados.
332503 KB em utiliza‡Æo pelo sistema.
65536 KB ocupados pelo ficheiro de registo.
31991640 KB dispon¡veis em disco.

4096 bytes em cada unidade de atribui‡Æo.
24420095 unidades de atribui‡Æo no disco.
7997910 unidades de atribui‡Æo dispon¡veis no disco.
artolassss
Regular Member
 
Posts: 16
Joined: April 9th, 2011, 12:11 pm

Re: Double accent

Unread postby askey127 » April 18th, 2011, 7:17 am

artolassss,
Those outputs look OK. The bitmap error is a known false report from chkdsk and can be ignored.
-----------------------------------------------------------
Download and Run ComboFix
IMPORTANT NOTE: ComboFix is a VERY POWERFUL tool. DO NOT use it without guidance.
ComboFix uses very forceful tactics to remove malware from your system. Your antivirus software may warn you about the file.
You will need to disable all your antivirus software BEFORE running ComboFix.
.
  • Download ComboFix from here
  • Rename it while saving the download to zzz.exe and save it to your Desktop. Do not try to rename it after it has been saved to your desktop, or the infection may prevent you from using it.
    **Note: It is important that it is saved directly to your desktop and run from the desktop, not from any other folder on your computer**
  • DISABLE KASPERSKY ANTIVIRUS
    Please navigate to the system tray on the bottom right hand corner and look for a Image sign.
    • right click it-> select Pause Protection.
    • click on -> By User Request
    • a popup will claim that protection is now disabled and a sign like this: Imagewill now be shown.
    Kaspersky Antivirus Guard is now disabled.
  • Now start ComboFix (zzz.exe). Right click and choose "Run as administrator".
  • OK any disclaimers and start the Scan.
  • Do not touch the computer AT ALL while ComboFix is running.
  • It will run through about 50 tasks, and take a while to assemble the report.
    When finished, the report will open. Post the log in your next reply, and then Reenable your Kaspersky protection software
A copy of the log will be located here if you need it-> C:\ComboFix.txt
If you cannot connect to the internet after running ComboFix, unplug the cable you use to connect to the internet and plug it back in.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Double accent

Unread postby artolassss » April 18th, 2011, 3:42 pm

My PC is too slow. Only in safe mode it's ok. The log:

ComboFix 11-04-17.03 - Paula Andrade 18-04-2011 19:25:40.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.351.2070.18.2038.759 [GMT 1:00]
Executando de: c:\users\Paula Andrade\Desktop\zzz.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2011-03-18 to 2011-04-18 ))))))))))))))))))))))))))))
.
.
2011-04-18 18:37 . 2011-04-18 18:44 -------- d-----w- c:\users\Paula Andrade\AppData\Local\temp
2011-04-18 18:37 . 2011-04-18 18:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-17 17:18 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{23718949-86F2-4968-ACC6-6AE92B2F63F8}\mpengine.dll
2011-04-14 22:10 . 2011-03-10 17:03 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-14 22:10 . 2011-03-10 17:03 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-04-14 22:10 . 2011-02-16 16:16 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-14 22:10 . 2011-02-16 14:02 292864 ----a-w- c:\windows\system32\atmfd.dll
2011-04-13 19:23 . 2011-04-13 19:24 -------- d-----w- c:\program files\Common Files\Adobe
2011-04-10 23:36 . 2011-04-10 23:36 -------- d-----w- C:\VundoFix Backups
2011-04-10 21:20 . 2011-04-10 21:20 -------- d-----w- c:\users\Paula Andrade\AppData\Roaming\SUPERAntiSpyware.com
2011-04-10 21:20 . 2011-04-10 21:20 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-09 15:01 . 2011-04-09 15:01 -------- d-----w- C:\!KillBox
2011-04-09 12:16 . 2010-10-05 19:27 150200 ----a-w- c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
2011-04-09 12:15 . 2011-04-09 12:34 97859 ----a-w- c:\windows\system32\drivers\klick.dat
2011-04-09 12:15 . 2011-04-09 12:34 115267 ----a-w- c:\windows\system32\drivers\klin.dat
2011-04-09 12:13 . 2011-04-09 12:13 -------- d-----w- c:\program files\Kaspersky Lab
2011-04-09 12:13 . 2011-04-18 18:42 -------- d-----w- c:\programdata\Kaspersky Lab
2011-04-09 11:54 . 2011-04-09 11:54 -------- d-----w- c:\users\Paula Andrade\AppData\Roaming\Malwarebytes
2011-04-09 11:54 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-09 11:54 . 2011-04-09 11:54 -------- d-----w- c:\programdata\Malwarebytes
2011-04-09 11:54 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-09 11:54 . 2011-04-10 21:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-09 01:17 . 2011-04-09 01:17 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-04-09 01:15 . 2011-04-09 01:15 -------- d-----w- c:\program files\CCleaner
2011-04-09 01:07 . 2011-04-09 01:07 -------- d-----w- c:\users\Paula Andrade\AppData\Roaming\Reviversoft
2011-04-09 01:07 . 2011-04-09 10:55 -------- d-----w- c:\program files\Reviversoft
2011-04-09 01:07 . 2011-03-16 12:28 16704 ----a-w- c:\windows\system32\roboot.exe
2011-03-23 19:31 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-23 19:31 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-03-23 19:31 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-26 16:37 . 2010-02-28 18:45 436792 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-03-13 01:14 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-02 20:40 . 2010-05-10 22:31 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 18:11 . 2009-10-12 14:28 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 16:37 . 2011-02-08 21:39 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-08 21:39 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-08 21:39 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-08 21:39 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08 . 2011-02-08 21:39 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-08 21:39 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07 . 2011-02-08 21:39 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-08 21:39 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-08 21:39 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-08 21:39 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-08 21:39 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-08 21:39 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-08 21:39 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-08 21:39 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-08 21:39 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-08 21:39 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-08 21:39 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-08 21:39 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-08 21:39 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-08 21:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-08 21:39 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14 . 2011-02-08 21:39 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-08 21:39 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-08 21:39 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-08 21:39 683008 ----a-w- c:\windows\system32\d2d1.dll
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{79C2D018-E41C-D1D4-CA38-974B6EF47836}"="c:\users\Paula Andrade\Ziexi\wayn.exe" [2010-10-10 118784]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-03-16 2423752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HWSetup"="\HWSetup.exe hwSetUP" [X]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"PrintDisp"="c:\windows\system32\PrintDisp.exe" [2009-08-21 878080]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-02-24 479232]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-02-19 571024]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-04-10 413696]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-20 129560]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-20 154136]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-20 141848]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"NDSTray.exe"="NDSTray.exe" [BU]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 4702208]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-22 438272]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" [2010-11-02 365336]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
c:\users\Paula Andrade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Inicia‡Æo R pida do Microsoft Office OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c99eae410bc3f0;Serviço Google Update (gupdate1c99eae410bc3f0);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-06 133104]
R3 OXSDIDRV_x32;Oxford Semi eSATA Filter (x32);c:\windows\system32\DRIVERS\OXSDIDRV_x32.sys [2009-09-28 52656]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 CplIR;Embedded IR Driver;c:\windows\system32\DRIVERS\CplIR.SYS [2007-03-06 14848]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-03-26 436792]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-09 11352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 22104]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe [2008-02-19 537256]
S2 Printer Control;Printer Control;c:\windows\system32\PrintCtrl.exe [2009-06-16 77824]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2011-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-06 22:52]
.
2011-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-06 22:52]
.
2011-03-20 c:\windows\Tasks\User_Feed_Synchronization-{76757496-0F36-4228-BD15-54FCD1F5BDDB}.job
- c:\windows\system32\msfeedssync.exe [2011-04-14 04:43]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.pt
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Paula Andrade\AppData\Roaming\Mozilla\Firefox\Profiles\h10dh0wc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pt/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Corretor para Português Europeu: pt-PT@dictionaries.addons.mozilla.org - %profile%\extensions\pt-PT@dictionaries.addons.mozilla.org
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORFÃOS REMOVIDOS - - - -
.
HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
HKLM-Run-NPSStartup - (no file)
HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-HSON - %ProgramFiles%\TOSHIBA\TBS\HSON.exe
HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
AddRemove-Picasa 3 - g:\picasa3\Uninstall.exe
.
.
.
**************************************************************************
Procurando processos ocultos ...
.
Procurando entradas auto inicializáveis ocultas ...
.
Procurando ficheiros/arquivos ocultos ...
.
Varredura completada com sucesso
arquivos/ficheiros ocultos:
.
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Outros Processos em Execução ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conime.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Tempo para conclusão: 2011-04-18 19:51:22 - Máquina reiniciou
ComboFix-quarantined-files.txt 2011-04-18 18:50
.
Pré-execução: 30.088.835.072 bytes livres
Pós execução: 29.737.504.768 bytes livres
.
- - End Of File - - B33A55584CF4C418BCCB86461C522B67
artolassss
Regular Member
 
Posts: 16
Joined: April 9th, 2011, 12:11 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 41 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware