Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Please kindly analize my hijackthis log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Please kindly analize my hijackthis log

Unread postby lmgoncalve » September 30th, 2010, 9:47 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:44:17, on 30-09-2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.7930.16406)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\PROGRA~1\MI1933~1\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BitDefender\BitDefender 2010\uiscan.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\System32\TwcToolbarIe7.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [IgfxTray] "C:\Windows\system32\igfxtray.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Serviço de rede')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - (no file)
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe

--
End of file - 7381 bytes
lmgoncalve
Active Member
 
Posts: 4
Joined: September 29th, 2010, 1:45 pm
Advertisement
Register to Remove

Re: Please kindly analize my hijackthis log

Unread postby turtledove » October 2nd, 2010, 11:36 am

Hello lmgoncalve and welcome to the forums :)

I am turtledove, and will be assisting you with your log.
If you still need assistance, please do the following:

*Print all instructions or Copy to Notepad for reference.
*Please note, unless I'm notified ahead of time, this topic will close if there is not a response in 3 Days.
*Place a link to this thread in your Favorites/Bookmarks for easily returning here.
*Please respond until I give the all clear, as absence of symptoms does NOT always mean Clean.
*Please do not run any other tools/scans unless requested* Do not install/uninstall anything unless requested
**Please be sure you have read Malware Removal Forum Guidelines and Rules especially P2P Policy
*If you can do the above all should go well.
*If you do not understand a step, please STOP and ASK before proceeding*

**All fixes are for this computer and the current issues on it. Please Do Not use these instructions on another issue or computer.**


Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

**For Vista: Please Right click and select Run ans Administrator for all tools I have you run**

Since it has been some time since your above post, please post the following logs. I will go over the new logs and return as soon as possible.

Next Step: Download and Run RSIT
  • Please download Random's System Information Tool by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.
  • Please post the contents of both log.txt and info.txt.

Please list symptoms; and when listing any sites redirected to if any, please use hxxp in place if http.
**What Firewall do you have? Is it Windows Firewall?
Thank you,

turtledove
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: Please kindly analize my hijackthis log

Unread postby lmgoncalve » October 2nd, 2010, 2:31 pm

Understood, here they are
Regards


Logfile of random's system information tool 1.08 (written by random/random)
Run by Leonardo at 2010-10-02 19:17:50
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 87 GB (45%) free of 191 GB
Total RAM: 2047 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:18:49, on 02-10-2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.7930.16406)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\conime.exe
C:\PROGRA~1\MI1933~1\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Users\Leonardo\Downloads\RSIT.exe
C:\Program Files\trend micro\Leonardo.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\System32\TwcToolbarIe7.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [IgfxTray] "C:\Windows\system32\igfxtray.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Serviço de rede')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - (no file)
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe

--
End of file - 7240 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{E0A3517A-1C65-470C-BBC7-46FCACBB0E0D}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2B9F5787-88A5-4945-90E7-C4B18563BC5E}]
KeyScramblerBHO Class - C:\Program Files\KeyScrambler\KeyScramblerIE.dll [2010-09-21 796192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programa Auxiliar de Início de Sessão do Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}]
WOT Helper - C:\Program Files\WOT\WOT.dll [2010-03-03 1677472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2010-04-16 1067872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2010-04-16 1067872]
{71576546-354D-41c9-AAE8-31F2EC22BF0D} - WOT - C:\Program Files\WOT\WOT.dll [2010-03-03 1677472]
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll [2009-10-20 128832]
{2E5E800E-6AC0-411E-940A-369530A35E43} - The Weather Channel Toolbar - C:\Windows\System32\TwcToolbarIe7.dll [2009-06-23 331776]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-11-03 7866912]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-02-11 141848]
"BDAgent"=C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe [2010-03-18 1123360]
"BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe [2009-10-19 71152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Rohos]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Rohos]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SolutoService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskmgr"=0
"DisableChangePassword"=0
"DisableLockWorkstation"=0
"NoDispSettingsPage"=0
"NoDispAppearancePage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"ShutdownWithoutLogon"=1
"NoDispCPL"=0
"NoDispSettingsPage"=0
"NoDispScrSavPage"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149
"NoFolderOptions"=0
"NoFileUrl"=0
"NoRun"=0
"NoLogoff"=0
"NoClose"=0
"NoSetFolders"=0
"NoFind"=0
"NoDrives"=0
"NoDesktop"=0
"NoUpdateCheck"=0
"NoWindowsUpdate"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDriveTypeAutoRun"=255
"NoResolveTrack"=1
"NoViewContextMenu"=0
"NoFileAssociate"=0
"NoFind"=0
"NoRun"=0
"NoClose"=0
"StartMenuLogoff"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-10-02 19:17:50 ----D---- C:\rsit
2010-10-02 18:33:59 ----D---- C:\Program Files\ThreatFire
2010-10-02 16:57:01 ----D---- C:\Program Files\7-Zip
2010-10-02 16:55:33 ----D---- C:\ProgramData\WinZip
2010-10-02 16:55:26 ----D---- C:\Program Files\WinZip
2010-09-30 15:29:44 ----D---- C:\Program Files\eMule
2010-09-30 15:21:50 ----D---- C:\Program Files\DOSBox-0.70
2010-09-29 18:46:12 ----D---- C:\Program Files\Trend Micro
2010-09-29 09:38:12 ----A---- C:\Windows\system32\tzres.dll
2010-09-25 17:58:09 ----D---- C:\Program Files\SystemRequirementsLab
2010-09-25 17:57:53 ----D---- C:\Users\Leonardo\AppData\Roaming\SystemRequirementsLab
2010-09-25 17:49:55 ----A---- C:\Windows\system32\drivers\DrvAgent32.sys
2010-09-25 14:59:00 ----D---- C:\ProgramData\McAfee
2010-09-25 09:45:03 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-09-25 09:44:52 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-09-25 09:44:52 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-09-24 23:40:45 ----RD---- C:\Segurança Grátis
2010-09-23 19:19:14 ----A---- C:\Windows\system32\TURegOpt.exe
2010-09-23 19:19:11 ----A---- C:\Windows\system32\uxtuneup.dll
2010-09-23 19:19:11 ----A---- C:\Windows\system32\authuitu.dll
2010-09-23 19:18:33 ----D---- C:\Program Files\TuneUp Utilities 2010
2010-09-23 19:18:00 ----D---- C:\ProgramData\TuneUp Software
2010-09-23 19:17:40 ----SHD---- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-09-22 18:58:52 ----A---- C:\Windows\system32\drivers\08675612.sys
2010-09-22 18:58:52 ----A---- C:\Windows\system32\drivers\0867561.sys
2010-09-22 18:55:32 ----A---- C:\Windows\reimage.ini
2010-09-21 22:51:09 ----A---- C:\Windows\system32\drivers\74921221.sys
2010-09-21 22:51:09 ----A---- C:\Windows\system32\drivers\7492122.sys
2010-09-21 15:36:58 ----D---- C:\Program Files\KeyScrambler
2010-09-21 15:36:58 ----A---- C:\Windows\system32\drivers\keyscrambler.sys
2010-09-21 15:33:20 ----D---- C:\Program Files\Password Prime Full
2010-09-21 12:22:43 ----D---- C:\ProgramData\Soluto
2010-09-21 12:04:26 ----A---- C:\Windows\system32\TwcToolInstDll.dll
2010-09-21 12:04:26 ----A---- C:\Windows\system32\atl71.dll
2010-09-21 12:04:25 ----A---- C:\Windows\system32\TwcToolbarBho.dll
2010-09-21 12:04:24 ----A---- C:\Windows\system32\TwcToolbarIe7.dll
2010-09-21 11:12:28 ----D---- C:\ProgramData\F-Secure
2010-09-21 10:30:46 ----D---- C:\ProgramData\Symantec
2010-09-21 10:09:53 ----A---- C:\Windows\system32\drivers\revoflt.sys
2010-09-20 17:00:10 ----A---- C:\Windows\system32\DfSdkBt64.exe
2010-09-20 14:33:04 ----D---- C:\Users\Leonardo\AppData\Roaming\BitDefender
2010-09-20 14:33:03 ----D---- C:\ProgramData\BitDefender
2010-09-20 14:33:03 ----D---- C:\Program Files\BitDefender
2010-09-20 14:32:08 ----D---- C:\Program Files\Common Files\BitDefender
2010-09-20 14:11:19 ----SHD---- C:\Config.Msi
2010-09-19 22:37:31 ----A---- C:\Windows\system32\DfSdkBt.exe
2010-09-19 22:07:24 ----D---- C:\Program Files\Windows Installer Clean Up
2010-09-19 22:06:47 ----D---- C:\Program Files\MSECACHE
2010-09-19 15:25:21 ----D---- C:\Program Files\Common Files\Steam
2010-09-19 15:25:15 ----A---- C:\Windows\system32\XAudio2_7.dll
2010-09-19 15:25:15 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2010-09-19 15:25:15 ----A---- C:\Windows\system32\xactengine3_7.dll
2010-09-19 15:25:14 ----A---- C:\Windows\system32\d3dcsx_43.dll
2010-09-19 15:25:14 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2010-09-19 15:25:13 ----A---- C:\Windows\system32\d3dx11_43.dll
2010-09-19 15:25:13 ----A---- C:\Windows\system32\d3dx10_43.dll
2010-09-19 15:25:12 ----A---- C:\Windows\system32\D3DX9_43.dll
2010-09-19 15:25:07 ----A---- C:\Windows\system32\XAudio2_6.dll
2010-09-19 15:25:07 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2010-09-19 15:25:05 ----A---- C:\Windows\system32\xactengine3_6.dll
2010-09-19 15:25:05 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2010-09-19 15:25:04 ----A---- C:\Windows\system32\XAudio2_5.dll
2010-09-19 15:25:04 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2010-09-19 15:25:04 ----A---- C:\Windows\system32\xactengine3_5.dll
2010-09-19 15:25:03 ----A---- C:\Windows\system32\d3dx11_42.dll
2010-09-19 15:25:03 ----A---- C:\Windows\system32\d3dcsx_42.dll
2010-09-19 15:25:03 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2010-09-19 15:25:02 ----A---- C:\Windows\system32\D3DX9_42.dll
2010-09-19 15:25:02 ----A---- C:\Windows\system32\d3dx10_42.dll
2010-09-19 15:25:01 ----A---- C:\Windows\system32\XAudio2_3.dll
2010-09-19 15:25:01 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2010-09-19 15:25:00 ----A---- C:\Windows\system32\xactengine3_3.dll
2010-09-19 15:25:00 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2010-09-19 15:24:59 ----A---- C:\Windows\system32\XAudio2_2.dll
2010-09-19 15:24:59 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2010-09-19 15:24:59 ----A---- C:\Windows\system32\xactengine3_2.dll
2010-09-19 15:24:04 ----D---- C:\Users\Leonardo\AppData\Roaming\Xfire
2010-09-19 15:24:00 ----D---- C:\ProgramData\Xfire
2010-09-19 15:23:59 ----D---- C:\Program Files\Xfire
2010-09-19 15:23:38 ----HD---- C:\Windows\msdownld.tmp
2010-09-19 15:23:33 ----D---- C:\Windows\system32\directx
2010-09-17 17:46:33 ----D---- C:\Program Files\Mozilla Firefox
2010-09-16 19:22:53 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2010-09-16 19:22:53 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2010-09-16 19:22:53 ----A---- C:\Windows\system32\pngfilt.dll
2010-09-16 19:22:53 ----A---- C:\Windows\system32\mshta.exe
2010-09-16 19:22:53 ----A---- C:\Windows\system32\msfeedssync.exe
2010-09-16 19:22:53 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-09-16 19:22:53 ----A---- C:\Windows\system32\msfeeds.dll
2010-09-16 19:22:53 ----A---- C:\Windows\system32\licmgr10.dll
2010-09-16 19:22:53 ----A---- C:\Windows\system32\jsproxy.dll
2010-09-16 19:22:53 ----A---- C:\Windows\system32\jscript9.dll
2010-09-16 19:22:53 ----A---- C:\Windows\system32\jscript.dll
2010-09-16 19:22:53 ----A---- C:\Windows\system32\inseng.dll
2010-09-16 19:22:52 ----A---- C:\Windows\system32\webcheck.dll
2010-09-16 19:22:52 ----A---- C:\Windows\system32\vbscript.dll
2010-09-16 19:22:52 ----A---- C:\Windows\system32\urlmon.dll
2010-09-16 19:22:52 ----A---- C:\Windows\system32\url.dll
2010-09-16 19:22:52 ----A---- C:\Windows\system32\SetDepNx.exe
2010-09-16 19:22:52 ----A---- C:\Windows\system32\occache.dll
2010-09-16 19:22:52 ----A---- C:\Windows\system32\msrating.dll
2010-09-16 19:22:52 ----A---- C:\Windows\system32\msls31.dll
2010-09-16 19:22:52 ----A---- C:\Windows\system32\mshtmler.dll
2010-09-16 19:22:52 ----A---- C:\Windows\system32\mshtmled.dll
2010-09-16 19:22:52 ----A---- C:\Windows\system32\mshtml.dll
2010-09-16 19:22:52 ----A---- C:\Windows\system32\admparse.dll
2010-09-16 19:22:51 ----A---- C:\Windows\system32\iedkcs32.dll
2010-09-16 19:22:51 ----A---- C:\Windows\system32\ieapfltr.dll
2010-09-16 19:22:51 ----A---- C:\Windows\system32\ieakui.dll
2010-09-16 19:22:51 ----A---- C:\Windows\system32\ieaksie.dll
2010-09-16 19:22:51 ----A---- C:\Windows\system32\ieakeng.dll
2010-09-16 19:22:51 ----A---- C:\Windows\system32\IEAdvpack.dll
2010-09-16 19:22:51 ----A---- C:\Windows\system32\dxtrans.dll
2010-09-16 19:22:51 ----A---- C:\Windows\system32\dxtmsft.dll
2010-09-16 19:22:50 ----A---- C:\Windows\system32\imgutil.dll
2010-09-16 19:22:50 ----A---- C:\Windows\system32\ieUnatt.exe
2010-09-16 19:22:50 ----A---- C:\Windows\system32\ieui.dll
2010-09-16 19:22:50 ----A---- C:\Windows\system32\iesysprep.dll
2010-09-16 19:22:50 ----A---- C:\Windows\system32\ie4uinit.exe
2010-09-16 19:22:50 ----A---- C:\Windows\system32\icardie.dll
2010-09-16 19:22:50 ----A---- C:\Windows\system32\advpack.dll
2010-09-16 19:22:49 ----A---- C:\Windows\system32\wininet.dll
2010-09-16 19:22:49 ----A---- C:\Windows\system32\wextract.exe
2010-09-16 19:22:49 ----A---- C:\Windows\system32\iexpress.exe
2010-09-16 19:22:49 ----A---- C:\Windows\system32\iesetup.dll
2010-09-16 19:22:49 ----A---- C:\Windows\system32\iertutil.dll
2010-09-16 19:22:49 ----A---- C:\Windows\system32\iernonce.dll
2010-09-16 19:22:49 ----A---- C:\Windows\system32\iepeers.dll
2010-09-16 19:22:49 ----A---- C:\Windows\system32\ieframe.dll
2010-09-16 19:21:57 ----A---- C:\Windows\system32\XpsRasterService.dll
2010-09-16 19:21:57 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2010-09-16 19:21:57 ----A---- C:\Windows\system32\mfreadwrite.dll
2010-09-16 19:21:57 ----A---- C:\Windows\system32\mfmp4src.dll
2010-09-16 19:21:57 ----A---- C:\Windows\system32\MFHEAACdec.dll
2010-09-16 19:21:57 ----A---- C:\Windows\system32\MFH264Dec.dll
2010-09-16 19:21:57 ----A---- C:\Windows\system32\d3d10_1core.dll
2010-09-16 19:21:57 ----A---- C:\Windows\system32\d3d10_1.dll
2010-09-16 19:21:56 ----A---- C:\Windows\system32\FntCache.dll
2010-09-16 19:21:56 ----A---- C:\Windows\system32\DWrite.dll
2010-09-16 19:21:56 ----A---- C:\Windows\system32\d3d10warp.dll
2010-09-16 19:21:56 ----A---- C:\Windows\system32\d2d1.dll
2010-09-16 19:21:03 ----D---- C:\Program Files\Feedback Tool
2010-09-15 21:13:27 ----A---- C:\Windows\system32\cnat.exe
2010-09-15 15:49:54 ----A---- C:\Windows\system32\spoolsv.exe
2010-09-15 15:49:26 ----A---- C:\Windows\system32\usp10.dll
2010-09-15 15:49:23 ----A---- C:\Windows\system32\inetcomm.dll
2010-09-15 15:49:21 ----A---- C:\Windows\system32\MP4SDECD.DLL
2010-09-15 14:31:04 ----D---- C:\bd_logs
2010-09-15 14:04:23 ----A---- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2010-09-15 13:48:22 ----A---- C:\Windows\system32\drivers\cumon.sys
2010-09-15 13:48:13 ----A---- C:\Windows\system32\drivers\evdd.sys
2010-09-15 13:45:36 ----D---- C:\Program Files\COMODO
2010-09-04 18:35:48 ----A---- C:\index.ini
2010-09-04 09:41:03 ----D---- C:\Windows\system32\RTCOM
2010-09-04 09:39:25 ----A---- C:\Windows\system32\WavesLib.dll
2010-09-04 09:39:25 ----A---- C:\Windows\system32\SRSWOW.dll
2010-09-04 09:39:25 ----A---- C:\Windows\system32\SRSTSXT.dll
2010-09-04 09:39:24 ----A---- C:\Windows\system32\SRSTSHD.dll
2010-09-04 09:39:24 ----A---- C:\Windows\system32\SRSHP360.dll
2010-09-04 09:39:21 ----A---- C:\Windows\system32\RtkPgExt.dll
2010-09-04 09:39:21 ----A---- C:\Windows\system32\RtkCoInst.dll
2010-09-04 09:39:21 ----A---- C:\Windows\system32\drivers\RTKVHDA.sys
2010-09-04 09:39:20 ----A---- C:\Windows\system32\RtkApoApi.dll
2010-09-04 09:39:19 ----A---- C:\Windows\system32\RtkAPO.dll
2010-09-04 09:39:14 ----A---- C:\Windows\system32\RTEEP32A.dll
2010-09-04 09:39:14 ----A---- C:\Windows\system32\RTEEL32A.dll
2010-09-04 09:39:14 ----A---- C:\Windows\system32\RTEEG32A.dll
2010-09-04 09:39:14 ----A---- C:\Windows\system32\RTEED32A.dll
2010-09-04 09:39:13 ----A---- C:\Windows\system32\RP3DHT32.dll
2010-09-04 09:39:13 ----A---- C:\Windows\system32\RP3DAA32.dll
2010-09-04 09:39:11 ----A---- C:\Windows\system32\MaxxAudioEQ.dll
2010-09-04 09:39:11 ----A---- C:\Windows\system32\MaxxAudioAPO20.dll
2010-09-04 09:39:11 ----A---- C:\Windows\system32\MaxxAudioAPO.dll
2010-09-04 09:39:07 ----A---- C:\Windows\system32\FMAPO.dll
2010-09-04 09:39:06 ----A---- C:\Windows\system32\AERTARen.dll
2010-09-04 09:39:06 ----A---- C:\Windows\system32\AERTACap.dll
2010-09-04 09:39:05 ----D---- C:\Program Files\Realtek
2010-09-04 09:39:01 ----A---- C:\Windows\RtlExUpd.dll
2010-09-04 09:27:43 ----HD---- C:\Program Files\Temp
2010-09-04 09:26:29 ----A---- C:\Windows\system32\CmdRtr.DLL
2010-09-04 09:26:29 ----A---- C:\Windows\system32\APOMngr.DLL
2010-09-03 19:33:26 ----D---- C:\Users\Leonardo\AppData\Roaming\SUPERAntiSpyware.com
2010-09-03 19:33:07 ----D---- C:\Program Files\SUPERAntiSpyware

======List of files/folders modified in the last 1 months======

2010-10-02 19:17:46 ----D---- C:\Windows\Temp
2010-10-02 19:11:33 ----D---- C:\Windows\System32
2010-10-02 19:07:58 ----HD---- C:\ProgramData
2010-10-02 19:07:57 ----D---- C:\Windows\Tasks
2010-10-02 19:07:57 ----D---- C:\Program Files\Google
2010-10-02 19:07:38 ----RD---- C:\Program Files
2010-10-02 19:07:22 ----SHD---- C:\System Volume Information
2010-10-02 19:02:04 ----D---- C:\Windows\system32\drivers
2010-10-02 19:00:59 ----D---- C:\Windows\inf
2010-10-02 19:00:59 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-10-02 18:54:10 ----D---- C:\Windows\system32\drivers\etc
2010-10-02 17:02:36 ----D---- C:\Windows
2010-10-02 16:59:35 ----D---- C:\Users\Leonardo\AppData\Roaming\WinRAR
2010-10-02 16:55:56 ----SHD---- C:\Windows\Installer
2010-10-02 14:09:52 ----D---- C:\Windows\system32\Tasks
2010-09-30 21:58:15 ----D---- C:\Users\Leonardo\AppData\Roaming\uTorrent
2010-09-30 21:29:46 ----RD---- C:\Jogos
2010-09-30 19:20:59 ----D---- C:\Windows\winsxs
2010-09-30 19:20:39 ----RSD---- C:\Windows\assembly
2010-09-30 19:17:54 ----D---- C:\Windows\system32\catroot
2010-09-30 18:42:43 ----D---- C:\Windows\system32\catroot2
2010-09-30 18:23:20 ----D---- C:\Users\Leonardo\AppData\Roaming\QuickScan
2010-09-30 15:30:08 ----D---- C:\ProgramData\eMule
2010-09-29 17:49:02 ----D---- C:\Windows\rescache
2010-09-29 14:49:51 ----D---- C:\Program Files\Microsoft Silverlight
2010-09-29 14:49:50 ----D---- C:\Program Files\uTorrent
2010-09-29 10:35:45 ----D---- C:\Windows\Prefetch
2010-09-29 10:25:02 ----D---- C:\Windows\system32\pt-PT
2010-09-27 22:39:04 ----HD---- C:\_Backup
2010-09-27 21:42:52 ----RD---- C:\Users
2010-09-26 21:59:55 ----D---- C:\Windows\Debug
2010-09-25 23:59:19 ----RD---- C:\Setups
2010-09-25 23:53:06 ----D---- C:\Windows\system32\config
2010-09-25 23:41:46 ----D---- C:\Program Files\CDBurnerXP
2010-09-25 19:02:43 ----AD---- C:\ProgramData\TEMP
2010-09-25 17:31:16 ----RD---- C:\Documentário
2010-09-25 17:30:20 ----RD---- C:\Fórmula 1
2010-09-23 19:19:21 ----D---- C:\Program Files\Windows Sidebar
2010-09-23 19:14:14 ----D---- C:\Program Files\Ashampoo
2010-09-21 10:45:02 ----RD---- C:\Filmes
2010-09-21 10:34:13 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-09-21 10:09:50 ----D---- C:\Program Files\VS Revo Group
2010-09-20 22:12:33 ----D---- C:\Users\Leonardo\AppData\Roaming\IObit
2010-09-20 18:48:29 ----D---- C:\Users\Leonardo\AppData\Roaming\Any Video Converter
2010-09-20 15:25:38 ----D---- C:\ProgramData\Microsoft Help
2010-09-20 14:42:42 ----A---- C:\bdlog.txt
2010-09-20 14:32:08 ----D---- C:\Program Files\Common Files
2010-09-17 18:02:37 ----D---- C:\Users\Leonardo\AppData\Roaming\Ashampoo
2010-09-17 15:13:16 ----SD---- C:\Users\Leonardo\AppData\Roaming\Microsoft
2010-09-17 11:12:27 ----RD---- C:\Bonecos da Leonor
2010-09-17 11:10:16 ----D---- C:\Users\Leonardo\AppData\Roaming\dvdcss
2010-09-16 19:34:35 ----RD---- C:\Windows\Offline Web Pages
2010-09-16 19:34:35 ----D---- C:\Windows\system32\wbem
2010-09-16 19:34:35 ----D---- C:\Windows\system32\migration
2010-09-16 19:34:35 ----D---- C:\Windows\system32\en-US
2010-09-16 19:34:35 ----D---- C:\Windows\PolicyDefinitions
2010-09-16 19:34:35 ----D---- C:\Program Files\Internet Explorer
2010-09-16 19:34:33 ----SD---- C:\Windows\Downloaded Program Files
2010-09-16 19:20:52 ----D---- C:\Windows\Logs
2010-09-16 15:36:54 ----D---- C:\Program Files\Sublight
2010-09-16 14:48:26 ----D---- C:\Windows\tracing
2010-09-16 14:29:59 ----D---- C:\Users\Leonardo\AppData\Roaming\Systweak
2010-09-15 15:53:04 ----A---- C:\Windows\system32\mrt.exe
2010-09-15 15:52:41 ----D---- C:\Program Files\Windows Mail
2010-09-15 15:24:48 ----RD---- C:\Fotos família
2010-09-04 09:39:28 ----A---- C:\Windows\DIFxAPI.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 08675612;08675612 Boot Guard Driver; C:\Windows\system32\DRIVERS\08675612.sys [2009-10-22 37392]
R0 bdfsfltr;bdfsfltr; C:\Windows\system32\DRIVERS\bdfsfltr.sys [2010-02-22 291352]
R0 cumon;cumon; C:\Windows\system32\drivers\cumon.sys [2010-07-21 227872]
R0 Evdd;evdd; C:\Windows\system32\drivers\evdd.sys [2010-07-16 19816]
R0 giveio;giveio; C:\Windows\system32\giveio.sys [1996-04-03 5248]
R0 speedfan;speedfan; C:\Windows\system32\speedfan.sys [2006-09-24 5248]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-07-01 691696]
R1 74921221;74921221; C:\Windows\system32\DRIVERS\74921221.sys [2009-09-25 128016]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver; C:\Windows\system32\DRIVERS\BdfNdisf6.sys [2010-09-20 72784]
R1 bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys [2010-09-20 119504]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R1 setup_9.0.0.722_22.09.2010_00-26drv;setup_9.0.0.722_22.09.2010_00-26drv; C:\Windows\system32\DRIVERS\7492122.sys [2009-10-09 311312]
R2 BDVEDISK;BDVEDISK; \??\C:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys [2010-01-19 85128]
R3 BDFM;BDFM; C:\Windows\system32\DRIVERS\bdfm.sys [2010-02-03 153448]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-11-03 2790048]
R3 KeyScrambler;KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [2010-02-11 114952]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2010-07-10 11008040]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2010-03-04 261152]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010-02-25 10064]
S0 74921222;74921222 Boot Guard Driver; C:\Windows\system32\DRIVERS\74921222.sys []
S0 AvgRkx86;avgrkx86.sys; C:\Windows\System32\Drivers\avgrkx86.sys []
S1 08675611;08675611; C:\Windows\system32\DRIVERS\08675611.sys []
S1 AvgTdiX;AVG Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys []
S1 SBRE;SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys []
S3 aj5113ej;aj5113ej; C:\Windows\system32\drivers\aj5113ej.sys []
S3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys [2010-04-23 58368]
S3 cpuz132;cpuz132; \??\C:\Users\Leonardo\AppData\Local\Temp\cpuz132\cpuz132_x32.sys []
S3 drmkaud;Microsoft Kernel DRM Descrambler Filter; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 DrvAgent32;DrvAgent32; \??\C:\Windows\system32\Drivers\DrvAgent32.sys [2010-09-25 23456]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2010-06-22 17488]
S3 HdAudAddService;Controlador de Função UAA Microsoft 1.1 para Serviço de High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\Windows\system32\5966.tmp []
S3 MSKSSRV;Proxy da Microsoft para serviços de fluxo; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Proxy da Microsoft para gestão de qualidade de fluxo; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Conversor da Microsoft para fluxos Tee/Sink-to-Sink; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NDISKIO;NDISKIO; \??\C:\Users\Leonardo\AppData\Local\Temp\00000085.nmc\nse\bin\ndiskio.sys []
S3 PAC207;SoC PC-Camera; C:\Windows\system32\DRIVERS\PFC027.SYS [2006-12-05 507136]
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys [2010-09-20 14720]
S3 Revoflt;Revoflt; C:\Windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
S3 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys []
S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys [2010-09-20 39808]
S3 uti0otkz;AVZ Kernel Driver; \??\C:\Windows\system32\Drivers\uti0otkz.sys []
S3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-08-09 29696]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys []
S4 SABKUTIL;SABKUTIL; \??\C:\Segurança Grátis\Super Antispywrae\SABKUTIL.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2010-01-11 308552]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-02-25 1047880]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe [2010-04-26 1615688]
R3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Arrakis3;BitDefender Arrakis Server; C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2009-10-19 183880]
S3 DfSdkS;Defragmentation-Service; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe [2009-08-24 406016]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 scan;BitDefender Threat Scanner; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S3 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S3 TuneUp.Defrag;@C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-09-23 435016]
S4 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S4 CPMService;COMODO Programs Manager Service; C:\Program Files\COMODO\COMODO Programs Manager\CPMService.exe [2010-07-22 79304]
S4 Fix-It Utilities 10 Essentials Task Manager;Fix-It Utilities 10 Essentials Task Manager; C:\PROGRA~1\Avanquest\Fix-It\mxtask.exe [2010-03-25 529688]
S4 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.08 2010-10-02 19:18:59

======Uninstall list======

@BIOS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}\setup.exe" -l0x9 -removeonly
-->MsiExec.exe /X{4B45B12B-CD31-4235-9D44-03A368510635}
µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
7-Zip 4.44 beta-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10i_Plugin.exe -maintain plugin
Adobe Reader 9.3.4 - Português-->MsiExec.exe /I{AC76BA86-7AD7-1046-7B44-A93000000001}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Ares 2.1.6-->"C:\Program Files\Ares\uninstall.exe"
Ashampoo Burning Studio 2010 Advanced-->"C:\Program Files\Ashampoo\Ashampoo Burning Studio 2010 Advanced\unins000.exe"
Ashampoo HDD Control 1.11-->"C:\Program Files\Ashampoo\Ashampoo HDD Control\unins000.exe"
Ashampoo Photo Commander 7.60-->"C:\Program Files\Ashampoo\Ashampoo Photo Commander 7\unins000.exe"
Ashampoo WinOptimizer 6.60-->"C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\unins000.exe"
Assistente de Início de Sessão do Windows Live-->MsiExec.exe /I{28DA1AA2-07F2-4451-A28B-A6A01A9CE8E9}
Atualização do produto Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0416-0000-0000000FF1CE} /uninstall {717C9095-8AAE-41CB-B046-BD6E8399F4F3}
Atualização do produto Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0416-0000-0000000FF1CE} /uninstall {5016CB22-B9A7-44FB-AA72-AF28B27B15EA}
Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0416-0000-0000000FF1CE} /uninstall {BE3A7C0C-0081-4694-B5F9-980DD66BDDF8}
Atualização do produto Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0416-0000-0000000FF1CE} /uninstall {7297E3A9-FCD4-4E0E-A306-7A90359E50E3}
Backup4all Lite 4-->MsiExec.exe /I{9F31961E-9536-4D0C-A0B0-BBEB25636A84}
BitDefender Internet Security 2010-->MsiExec.exe /X{0DFF6117-CBBC-4F5C-9C57-6936644F10D4}
COMODO Programs Manager-->C:\Windows\Installer\{D968E920-3A49-48EB-BA1D-8964DCDF0CA9}\uninstall.exe
Device Doctor 1.0.0.1-->"C:\Program Files\Device Doctor\1.0.0.1\unins000.exe"
DJ OldGames Package: Grand Prix 2-->C:\Jogos\Classicos\gP2\Uninst.exe
eMule-->"C:\Program Files\eMule\Uninstall.exe"
Ferramenta de Carregamento do Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Fix-It Utilities 10 Essentials-->MsiExec.exe /I{5158974E-2D28-4018-9335-7694C2974746}
Galeria de Fotografias do Windows Live-->MsiExec.exe /X{96EBD346-F6B4-4EBE-B6EC-CB559CCEBBC9}
Grand Prix 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\Intel 32\ctor.dll,LaunchSetup "C:\Jogos\Gp 4 2001\setup.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Java(TM) 6 Update 21-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF}
KeyScrambler-->C:\Program Files\KeyScrambler\uninstall.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 Language Pack SP1 - PTG-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - ptg\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - ptg-->MsiExec.exe /I{7B1DBCBE-DF17-3B58-844C-F572F70EF5C4}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0416-0000-0000000FF1CE} /uninstall {9A141B2B-7C5E-47D2-8E9E-9AC6018F3C42}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}
Microsoft Office Access MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0015-0416-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0016-0416-0000-0000000FF1CE}
Microsoft Office Groove MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-00BA-0416-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0044-0416-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-00A1-0416-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001A-0416-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0018-0416-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001F-0416-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-002C-0416-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0416-0000-0000000FF1CE} /uninstall {75EBE365-7FC5-4720-A7D3-804BF550D1BC}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0019-0416-0000-0000000FF1CE}
Microsoft Office Shared MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-006E-0416-0000-0000000FF1CE}
Microsoft Office Word MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001B-0416-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.6.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0 SP2 and SOAP Toolkit 3.0-->MsiExec.exe /I{32343DB6-9A52-40C9-87E4-5E7C79791C87}
NVIDIA Display Control Panel-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe DisplayControlPanel
NVIDIA Drivers-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe UninstallGUI
Password Prime Full-->MsiExec.exe /I{CC53C7A4-1B51-4B43-A8D2-32415D260F65}
PVSonyDll-->MsiExec.exe /I{3D3E663D-4E7E-4577-A560-7ECDDD45548A}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
Revo Uninstaller 1.89-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
Revo Uninstaller Pro 2.4.1-->"C:\Program Files\VS Revo Group\Revo Uninstaller Pro\unins000.exe"
Security Update for 2007 Microsoft Office System (KB2277947)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5857EE21-03D0-482E-9620-5A30B314A2AE}
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}
Security Update for 2007 Microsoft Office System (KB982331)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E8766951-2B6C-4022-86E8-80D2D1762B76}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1142CCEC-ACA9-484B-BA90-C3A5CA1988C5}
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5A4E43D5-858F-49BD-BA72-8F30E1793060}
Security Update for Microsoft Office Excel 2007 (KB982308)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1109D0B3-EFA3-4553-AAED-4C3E9AD130E8}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office Outlook 2007 (KB2288953)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8B772E1C-7C05-42D2-839D-3EC2D39EFF22}
Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
Security Update for Microsoft Office Publisher 2007 (KB982124)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {289FA8BC-6A8E-4341-B194-EB26B49E9F5D}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB2251419)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7E9103DA-253F-41FF-9E83-7C83806C77DA}
Sophos Anti-Rootkit 1.5.4-->C:\Segurança Grátis\Sophos\helper.exe remove
SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe"
Sublight 2.5.5-->"C:\Program Files\Sublight\unins000.exe"
SUPERAntiSpyware-->"C:\Program Files\SUPERAntiSpyware\Uninstall.exe"
System Requirements Lab for Intel-->MsiExec.exe /I{ADD72094-D289-4714-A62E-70574478A2BC}
TuneUp Utilities-->C:\Program Files\TuneUp Utilities 2010\TUInstallHelper.exe --Trigger-Uninstall
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update for Outlook 2007 Junk Email Filter (kb2291599)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {768A5B4B-2FDF-4F3D-981E-33C53724BBC8}
Veetle TV 0.9.17-->C:\Program Files\Veetle\UninstallVeetleTV.exe
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
VLC media player 1.1.0-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Live Call-->MsiExec.exe /I{9FD7C77D-5657-49C1-8FB5-5C7BFCAFC6DB}
Windows Live Communications Platform-->MsiExec.exe /I{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{9F67D8FC-2A5F-440E-855C-E26A7FE88D28}
Windows Live Messenger-->MsiExec.exe /X{FD702B54-2FD4-459B-97F3-977BDF2C3C5C}
Windows Live Movie Maker-->MsiExec.exe /X{28C5B4EB-B652-4DD6-B4F7-775F802EAC66}
Windows Live Sync-->MsiExec.exe /X{587139F5-9B76-4D5A-94C6-76E6B219BF7F}
Windows Live Toolbar-->MsiExec.exe /X{1C7DED19-3D86-4D6E-B4B4-6CADF547ECF5}
WinZip 14.5-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}
WOT for Internet Explorer-->MsiExec.exe /X{DB0BB9FA-1B60-4036-8E29-3D56D8085256}
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"

======Security center information======

AS: Windows Defender (disabled)
AS: SUPERAntiSpyware (disabled)

======System event log======

Computer Name: PcLeoGi
Event Code: 4383
Message: A Manutenção do Windows concluiu o processo de alteração da actualização 938371-380_neutral_PACKAGE do pacote KB938371 (Update) para o estado Instalado(Installed)
Record Number: 118687
Source Name: Microsoft-Windows-Servicing
Time Written: 20100817211644.000000-000
Event Type: Informações
User: PcLeoGi\Leonardo

Computer Name: PcLeoGi
Event Code: 4383
Message: A Manutenção do Windows concluiu o processo de alteração da actualização 938371-379_neutral_PACKAGE do pacote KB938371 (Update) para o estado Instalado(Installed)
Record Number: 118686
Source Name: Microsoft-Windows-Servicing
Time Written: 20100817211644.000000-000
Event Type: Informações
User: PcLeoGi\Leonardo

Computer Name: PcLeoGi
Event Code: 4383
Message: A Manutenção do Windows concluiu o processo de alteração da actualização 938371-378_neutral_PACKAGE do pacote KB938371 (Update) para o estado Instalado(Installed)
Record Number: 118685
Source Name: Microsoft-Windows-Servicing
Time Written: 20100817211644.000000-000
Event Type: Informações
User: PcLeoGi\Leonardo

Computer Name: PcLeoGi
Event Code: 4383
Message: A Manutenção do Windows concluiu o processo de alteração da actualização 938371-377_neutral_PACKAGE do pacote KB938371 (Update) para o estado Instalado(Installed)
Record Number: 118684
Source Name: Microsoft-Windows-Servicing
Time Written: 20100817211644.000000-000
Event Type: Informações
User: PcLeoGi\Leonardo

Computer Name: PcLeoGi
Event Code: 4383
Message: A Manutenção do Windows concluiu o processo de alteração da actualização 938371-376_neutral_PACKAGE do pacote KB938371 (Update) para o estado Instalado(Installed)
Record Number: 118683
Source Name: Microsoft-Windows-Servicing
Time Written: 20100817211644.000000-000
Event Type: Informações
User: PcLeoGi\Leonardo

=====Application event log=====

Computer Name: 26L2233B2-11
Event Code: 1003
Message: O Serviço Windows Search foi iniciado.

Record Number: 5
Source Name: Microsoft-Windows-Search
Time Written: 20100619082142.000000-000
Event Type: Informações
User:

Computer Name: 26L2233B2-11
Event Code: 5615
Message: Windows Management Instrumentation Service started sucessfully
Record Number: 4
Source Name: Microsoft-Windows-WMI
Time Written: 20100619082141.000000-000
Event Type: Informações
User:

Computer Name: 26L2233B2-11
Event Code: 4625
Message: O sub sistema EventSystem está a suprimir entradas de registo de eventos duplicadas para uma duração de 86400 segundos. O tempo limite de supressão pode ser controlado pelo valor REG_DWORD chamado SuppressDuplicateDuration debaixo da seguinte chave de registo: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 3
Source Name: Microsoft-Windows-EventSystem
Time Written: 20100619082137.000000-000
Event Type: Informações
User:

Computer Name: LH-OU1OQ7LDIOVE
Event Code: 900
Message: O serviço de Licenciamento de Software está a ser iniciado.

Record Number: 2
Source Name: Microsoft-Windows-Security-Licensing-SLC
Time Written: 20100619082136.000000-000
Event Type: Informações
User:

Computer Name: LH-OU1OQ7LDIOVE
Event Code: 1531
Message: O Serviço de Perfis de Utilizador foi iniciado com êxito.


Record Number: 1
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20100619082136.000000-000
Event Type: Informações
User: NT AUTHORITY\Sistema

=====Security event log=====

Computer Name: 26L2233B2-11
Event Code: 4648
Message: Foi tentado um início de sessão utilizando credenciais explícitas.

Assunto:
ID de Segurança: S-1-5-18
Nome da Conta: 26L2233B2-11$
Domínio da Conta: WORKGROUP
ID de Início de Sessão: 0x3e7
GUID de Início de Sessão: {00000000-0000-0000-0000-000000000000}

Conta Cujas Credenciais Foram Utilizadas:
Nome da Conta: Sistema
Domínio da Conta: NT AUTHORITY
GUID de Início de Sessão: {00000000-0000-0000-0000-000000000000}

Servidor de Destino:
Nome do Servidor de Destino: localhost
Informações Adicionais: localhost

Informações do Processo:
ID do Processo: 0x1e4
Nome do Processo: C:\Windows\System32\services.exe

Informações de Rede:
Endereço de Rede: -
Porta: -

Este evento é gerado quando um processo tenta iniciar sessão numa conta especificando explicitamente as credenciais dessa conta. Isto ocorre mais frequentemente em configurações do tipo lote, tais como tarefas agendadas, ou durante a utilização do comando RUNAS.
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100619082122.736095-000
Event Type: Êxito de Auditoria
User:

Computer Name: 26L2233B2-11
Event Code: 4902
Message: A tabela de políticas de auditoria por utilizador foi criada.

Número de Elementos: 0
ID da Política: 0x4c531
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100619082115.497648-000
Event Type: Êxito de Auditoria
User:

Computer Name: 26L2233B2-11
Event Code: 4624
Message: Uma conta iniciou sessão com êxito.

Assunto:
ID de Segurança: S-1-0-0
Nome da Conta: -
Domínio da Conta: -
ID de Início de Sessão: 0x0

Tipo de Início de Sessão: 0

Novo Início de Sessão:
ID de Segurança: S-1-5-18
Nome da Conta: Sistema
Domínio da Conta: NT AUTHORITY
ID de Início de Sessão: 0x3e7
GUID de Início de Sessão: {00000000-0000-0000-0000-000000000000}

Informações do Processo:
ID do Processo: 0x4
Nome do Processo:

Informações de Rede:
Nome da Estação de Trabalho: -
Endereço de Rede de Origem: -
Porta de Origem: -

Informações de Autenticação Detalhadas:
Processo de Início de Sessão: -
Pacote de Autenticação: -
Serviços Transitados: -
Nome do Pacote (apenas NTLM): -
Comprimento da Chave: 0

Este evento é gerado quando é criada uma sessão de início de sessão, sendo gerado no computador que foi acedido.

Os campos de assunto indicam a conta do sistema local que pediu o início de sessão. Normalmente, trata-se de um serviço, tal como o serviço de Servidor, ou de um processo local, tal como Winlogon.exe ou Services.exe.

O campo de tipo de início de sessão indica o tipo de início de sessão ocorrido. Os tipos mais comuns são 2 (interactivo) e 3 (rede).

Os campos Novos Início de Sessão indicam a conta para a qual o novo início de sessão foi criado, ou seja, a conta que iniciou sessão.

Os campos de rede indicam a origem de um pedido de início de sessão. O nome da estação de trabalho pode nem sempre estar disponível, podendo ser deixado em branco em alguns casos.

Os campos de informações de autenticação fornecem informações detalhadas sobre este pedido de início de sessão específico.
- GUID de Início de Sessão é um identificador exclusivo que pode ser utilizado para correlacionar este evento com um evento KDC.
- Serviços transitados indica os serviços intermediários que participaram neste pedido de início de sessão.
- Nome do pacote indica o subprotocolo utilizado entre os protocolos NTLM.
- Comprimento da chave indica o comprimento da chave de sessão gerada. Este comprimento será 0 se não tiver sido pedida nenhuma chave de sessão.
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100619082113.719237-000
Event Type: Êxito de Auditoria
User:

Computer Name: 26L2233B2-11
Event Code: 4608
Message: O Windows está a arrancar.

Este evento é registado quando LSASS.EXE é iniciado e o subsistema de auditoria é inicializado.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100619082113.719237-000
Event Type: Êxito de Auditoria
User:

Computer Name: 26L2233B2-11
Event Code: 4647
Message: Fim de sessão iniciado pelo utilizador:

Assunto:
ID de Segurança: S-1-5-21-2152478756-3922319563-605102323-500
Nome da Conta: Administrator
Domínio da Conta: 26L2233B2-11
ID de Início de Sessão: 0x8496a

Este evento é gerado quando um início de sessão é iniciado para a contagem de referência de tokens não é zero e não é possível destruir a sessão de início de sessão. Não podem ocorrer mais actividades iniciadas pelo utilizador. Este evento pode ser interpretado como um evento de fim de sessão.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20061102130954.400000-000
Event Type: Êxito de Auditoria
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=040a
"NUMBER_OF_PROCESSORS"=2
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

-----------------EOF-----------------
lmgoncalve
Active Member
 
Posts: 4
Joined: September 29th, 2010, 1:45 pm

Re: Please kindly analize my hijackthis log

Unread postby turtledove » October 3rd, 2010, 12:35 am

Good Day lmgoncalve

Thank you for the logs. These will take some time to investigate.
I'll return as soon as possible.
Meanwhile, please descibe the symptoms you are having as this information will help in diagnosing the issue.

Thank you

turtledove
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: Please kindly analize my hijackthis log

Unread postby turtledove » October 5th, 2010, 11:38 pm

Good Day lmgoncalve

Apologies for the delay, I had internet connection problems.

***Please Right Click, Choose Run as Administrator for each tool I have you run**
Please print out or copy all instructions to notepad for reference.

Remove P2P Programs



  • I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.


    Ares 2.1.6
    eMule
    uTorrent


  • Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

  • Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.


  • Click on Start > All programs > Accessories > Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the programs listed above (in red) and any other P2P you have installed NOW.
  • Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

The following also should be uninstalled, as they do not optimize or improve speed. They often cause problems that are hard to find out. Also the extra Anti Virus and Firewall are not needed; uninstall if in the list. Then remove each of the below items folder.

COMODO Programs Manager
Fix-It Utilities 10 Essentials
SUPERAntiSpyware
ThreatFire
TuneUp Utilities 2010
Ares
eMule
uTorrent




Run CKScanner

  • Please download CKScanner from Here
  • Important: - Save it to your desktop.
  • Right-click CKScanner.exe > select " Run as administrator " then click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.



RSIT (Random's System Information Tool)

  • Ensure rsit.exe is on your desktop
  • Click the Windows Start > All programs > Accessories then Run
  • Copy/paste the following into the run box & click OK, Do not include the word Quote:
    "%userprofile%\desktop\rsit.exe" /info

  • Click Continue at the disclaimer screen
  • Once it has finished, two logs will open, log.txt << will be maximized and info.txt << will be minimized
  • Copy & paste the contents of both logs in your next reply



Post
Symptoms computer has for example redirected searches or other odd behaviors.
CKFiles.txt
Both NEW RSIT files: log.txt and info.txt

Thank you


turtledove
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: Please kindly analize my hijackthis log

Unread postby lmgoncalve » October 6th, 2010, 2:01 pm

Thank you in advance for your kind attention. Regarding listed programs about une up utilities and fix it utilities i ve already paid for the respective licence keys. Unistalling them is a disappointement. Comodo nd the others fine. About the p2p as long we have a good firewall no problems i thought. Cant´i have any p2p programs is that what you mean? Any at all? They are often useful.

Threat fire was already removed i used him to try to fix it out before asking you.
Super ant spyware isn´t good? its just a search engine...

Warmest
regards
lmgoncalve
Active Member
 
Posts: 4
Joined: September 29th, 2010, 1:45 pm

Re: Please kindly analize my hijackthis log

Unread postby turtledove » October 7th, 2010, 1:14 am

Good Day lmgoncalve,

You're welcome :)
Regarding Peer to Peer File sharing: As we note, the malware writers use them to inject malicious code into legitimate programs. Therefore unless you remove the file sharing programs, I can not do much to help and will close the topic per our site policy.

You may keep the Tuneup utilities you purchased; although if they need renewed I suggest removing them then.
Superantispyware is just an another anti spyware program; it does have a boot option that has caused people to lose their ability to boot. Therefore it is just taking up extra space.

If you agree with our policy to remove peer to peer programs, then please follow the steps in my previous post.

Thank you

turtledove
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: Please kindly analize my hijackthis log

Unread postby lmgoncalve » October 7th, 2010, 1:58 pm

Understood. P2P programs already removed. Yesterday, my anti virus solution found and quanrentined the following objects on a rotine scan:

Trojan.Generic 4770188
trojan.Delf.InjecT.BQ
Trojan.Generic 1663370
trojan.Generic 3900810

After that computer returned to its usual perFormance. I think problem was solved.
The reason why only now this threats were founded is something i do not understand nor can explain.

Anyway thanks for you help
lmgoncalve
Active Member
 
Posts: 4
Joined: September 29th, 2010, 1:45 pm

Re: Please kindly analize my hijackthis log

Unread postby turtledove » October 9th, 2010, 7:49 am

Good day :)

Are you requesting then we close this topic? If not then please follow my above instructions to run CKScanner and obtain new RSIT logs.

Thank you

turtledove
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: Please kindly analize my hijackthis log

Unread postby Elrond » October 12th, 2010, 12:29 pm

Due to lack of activity this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 477 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware