Inactive Cannot get to login, computer won't start

Sorry...

 

Will this combofix take long? Cause if it does I'm gonna sleep right now,and tomorrow I'll post the results...

 

OK, it's done. Back tomorrow!



ComboFix 11-01-21.01 - MontySire 22/01/2011 2:04.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.3070.2148 [GMT -2:00]
Executando de: c:\users\MontySire\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Criado um novo ponto de restauração
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\MontySire\AppData\Roaming\Local
c:\windows\system32\ReadMe.txt

.
(((((((((((((((( Arquivos/Ficheiros criados de 2010-12-22 to 2011-01-22 ))))))))))))))))))))))))))))
.

2011-01-22 04:15 . 2011-01-22 04:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-22 04:15 . 2011-01-22 04:15 -------- d-----w- c:\users\Administrador\AppData\Local\temp
2011-01-21 23:58 . 2011-01-21 23:58 -------- d-----w- C:\Level Up! Games
2011-01-21 02:02 . 2011-01-21 23:43 -------- d-----w- c:\users\MontySire\dwhelper
2011-01-20 19:15 . 2011-01-20 19:15 -------- d-----w- c:\users\MontySire\AppData\Local\Apps
2011-01-20 19:15 . 2011-01-20 19:15 -------- d-----w- c:\users\MontySire\AppData\Local\Deployment
2011-01-20 16:23 . 2011-01-20 16:23 -------- d-----w- C:\_OTL
2011-01-16 23:16 . 2011-01-22 02:54 -------- d-----w- c:\program files\PC-Clean
2011-01-16 23:16 . 2011-01-16 23:16 -------- d-----w- c:\program files\NLIA
2011-01-16 23:16 . 2006-03-29 05:07 36864 ----a-w- c:\windows\system32\NliaControlRes.dll
2011-01-16 23:16 . 2006-03-09 23:28 139264 ----a-w- c:\windows\system32\NliaControl.cpl
2011-01-16 23:16 . 2004-04-19 01:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2011-01-16 23:16 . 2004-04-19 01:39 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2011-01-16 23:16 . 2004-04-19 01:39 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2011-01-16 23:16 . 2004-04-19 01:39 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2011-01-16 23:16 . 2011-01-16 23:16 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2011-01-16 23:16 . 2011-01-16 23:16 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2011-01-16 23:16 . 2004-04-19 01:42 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2011-01-16 23:15 . 2011-01-16 23:15 -------- d-----w- c:\users\MontySire\AppData\Roaming\Malwarebytes
2011-01-16 23:15 . 2010-12-20 20:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-16 23:15 . 2011-01-16 23:15 -------- d-----w- c:\programdata\Malwarebytes
2011-01-16 23:15 . 2010-12-20 20:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-16 23:15 . 2011-01-16 23:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-13 14:40 . 2011-01-13 14:40 -------- d-----w- C:\$AVG
2011-01-13 14:18 . 2011-01-13 14:18 -------- d--h--w- c:\programdata\Common Files
2011-01-13 14:17 . 2011-01-22 03:47 -------- d-----w- c:\windows\system32\drivers\AVG
2011-01-13 14:05 . 2011-01-13 14:05 -------- d-----w- c:\programdata\McAfee Security Scan
2011-01-13 14:05 . 2011-01-13 14:05 -------- d-----w- c:\program files\McAfee Security Scan
2011-01-13 14:05 . 2011-01-13 14:05 -------- d-----w- c:\programdata\McAfee
2011-01-13 01:00 . 2011-01-22 03:54 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2011-01-12 23:18 . 2010-10-16 04:34 573440 ----a-w- c:\windows\system32\odbc32.dll
2011-01-12 23:18 . 2010-10-16 04:33 372736 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-12 23:18 . 2010-10-16 04:33 352256 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-12 23:18 . 2010-10-16 04:33 987136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-12 23:18 . 2010-10-16 04:33 208896 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-12 08:06 . 2011-01-12 08:06 -------- d-----w- c:\users\MontySire\AppData\Local\ColdPlay
2011-01-12 08:06 . 2011-01-13 01:31 -------- d-----w- c:\users\MontySire\AppData\Roaming\updates
2011-01-09 05:56 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{21D8180E-2D3B-428C-93FF-BE01A5B4184B}\mpengine.dll
2011-01-05 09:24 . 2011-01-08 02:29 -------- d-----w- c:\users\MontySire\AppData\Roaming\DivX
2011-01-05 09:22 . 2011-01-05 09:22 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2011-01-03 14:41 . 2011-01-03 14:41 -------- d-----w- c:\program files\The Creative Assembly
2011-01-03 00:46 . 2005-04-04 01:02 753664 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-01-03 00:46 . 2005-04-04 01:02 69714 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-01-03 00:46 . 2005-04-04 01:01 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-01-03 00:46 . 2005-04-04 01:00 184320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-01-03 00:46 . 2005-04-04 00:59 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-01-03 00:46 . 2005-04-04 00:57 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-01-03 00:46 . 2011-01-03 00:46 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-01-03 00:46 . 2011-01-03 00:46 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2010-12-25 00:39 . 2010-12-25 01:10 -------- d-----w- c:\users\MontySire\AppData\Roaming\DiskAid
2010-12-25 00:39 . 2010-12-25 00:39 -------- d-----w- c:\program files\DigiDNA

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-15 01:22 . 2010-12-14 17:06 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-11-12 00:44 . 2010-11-12 00:44 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-11-08 22:57 . 2010-11-08 22:57 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2010-11-04 05:52 . 2010-12-15 00:52 978944 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 05:48 . 2010-12-15 00:52 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 04:41 . 2010-12-15 00:52 386048 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:08 . 2010-12-15 00:52 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-02 04:41 . 2010-12-15 00:52 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 04:40 . 2010-12-15 00:52 496128 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 04:40 . 2010-12-15 00:52 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 04:39 . 2010-12-15 00:52 749056 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 04:34 . 2010-12-15 00:52 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 04:34 . 2010-12-15 00:52 179712 ----a-w- c:\windows\system32\schtasks.exe
2010-10-27 04:32 . 2010-12-15 00:52 2048 ----a-w- c:\windows\system32\tzres.dll
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C7DCF5B-46DB-4ed8-AD11-DAE6C4FE9F60}]
2011-01-12 08:06 129536 ----a-w- c:\users\MontySire\AppData\Local\ColdPlay\coldplie.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@= "{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\MontySire\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@= "{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\MontySire\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@= "{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\MontySire\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite "= "c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"uTorrent "= "c:\program files\uTorrent\uTorrent.exe" [2010-04-10 288560]
"Windows® NetMeeting "= "c:\program files\NetMeeting\ca32.exe" [2005-10-26 0]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-10 39408]
"msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"AutoStartNPSAgent "= "c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-04-20 102400]
"BitTorrent "= "c:\program files\BitTorrent\BitTorrent.exe" [2010-08-26 2550640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Windows® NetMeeting "= "c:\program files\NetMeeting\ca32.exe" [2005-10-26 0]
"GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-11-17 421160]
"DivXUpdate "= "c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"DivX Download Manager "= "c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"NliaClient "= "c:\program files\NLIA\Netpia.exe" [2006-07-21 49152]
"PC-Clean "= "c:\program files\PC-Clean\PC-Clean.exe" [2006-03-31 1839104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Windows® NetMeeting "= "c:\program files\NetMeeting\ca32.exe" [2005-10-26 0]

c:\users\MontySire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\MontySire\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.188\SSScheduler.exe [2010-10-5 272528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 0 (0x0)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableLUA "= 0 (0x0)
"EnableUIADesktopToggle "= 0 (0x0)
"PromptOnSecureDesktop "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux "=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
SetupExecute REG_MULTI_SZ \0

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-05 135664]
R2 SwOffWeb;Airytec Switch Off - Web Interface;c:\program files\Airytec\Switch Off\swoff.exe [2010-02-04 121344]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.188\McCHSvc.exe [2010-10-05 237008]
R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-27 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-04-10 691696]
S1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [2010-09-05 41928]
S1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [2010-05-05 11776]
S2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2010-12-17 2850296]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-06-29 233472]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-11-16 50704]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-06-07 240232]
S2 SwOffScheduler;Airytec Switch Off - Task Scheduler;c:\program files\Airytec\Switch Off\swoff.exe [2010-02-04 121344]
S3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2010-09-19 72808]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-06-29 36608]
S3 HideMyIpSRV;HideMyIpSRV;c:\program files\Hide My IP\HideMyIpSrv.exe [2010-07-06 3039536]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]


--- =Outros Serviços/Drivers Na Memória ---

*NewlyCreated* - FSUSBEXDISK
.
Conteúdo da pasta 'Tarefas Agendadas'

2011-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-05 09:21]

2011-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-05 09:21]

2011-01-12 c:\windows\Tasks\Norton Security Scan for MontySire.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-03 13:06]

2011-01-20 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-10-28 14:45]

2011-01-13 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-10-28 14:45]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.skip-search.com/?cfg=2-82-0-0&engine_id=2&provider_id=2&product_id=82&country=BR
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
LSP: c:\windows\system32\HMIPCore.dll
FF - ProfilePath - c:\users\MontySire\AppData\Roaming\Mozilla\Firefox\Profiles\o64vavww.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: network.proxy.http - 109.110.97.192:3128
FF - prefs.js: network.proxy.type - 1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: SkipScreen: SkipScreen@SkipScreen - %profile%\extensions\SkipScreen@SkipScreen
FF - Ext: ColdPlayFF Module: {10BCE720-4C50-42c6-9AF9-8185EC2FEBBB} - %profile%\extensions\{10BCE720-4C50-42c6-9AF9-8185EC2FEBBB}
FF - Ext: ColdPlayFF: {10BCE720-4C50-42c6-9AF9-8185EC2FEBBB} - %profile%\extensions\{10BCE720-4C50-42c6-9AF9-8185EC2FEBBB}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
.
- - - - ORFÃOS REMOVIDOS - - - -

AddRemove-3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F - c:\progra~1\DIFX\270581355A767BF1\dpinst.exe
AddRemove-6194C28A8F62DD817EA1B918E6E46E806A21B452 - c:\progra~1\DIFX\270581355A767BF1\DPInst.exe
AddRemove-65B6FE5418CE28F4D72543FB2D964C3CEC83F161 - c:\progra~1\DIFX\270581355A767BF1\DPInst.exe
AddRemove-ACDLabs in C__Program_Files_ACDFREE12_ - c:\program files\ACDFREE12\setup\setup.exe
AddRemove-AP Guitar Tuner 1.02 - c:\program files\Audio Phonics
AddRemove-Ask Toolbar_is1 - c:\program files\AskBarDis\unins000.exe
AddRemove-Astroburn Lite - c:\program files\Astroburn Lite\uninst.exe
AddRemove-Astroburn Toolbar - c:\program files\Astroburn Toolbar\uninst.exe
AddRemove-BareBonesWars_Full.uninstall - c:\arquivos de programas\Activision\Rome - Total War\uninstal.exe
AddRemove-CCleaner - c:\program files\CCleaner\uninst.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-DVD to VCD AVI DivX Converter v3.2 (build 069) - c:\progra~1\MAGICD~1\UNWISE.EXE
AddRemove-E24870CB6AA1C3511635FF9020A3E9471287FBE7 - c:\progra~1\DIFX\270581355A767BF1\DPInst.exe
AddRemove-EA Download Manager - c:\program files\Electronic Arts\EADM\EADMUninstall.exe
AddRemove-Focus Magic_is1 - c:\program files\Focus Magic\unins000.exe
AddRemove-Free WMV to AVI MPEG Converter_is1 - c:\program files\Free WMV to AVI MPEG Converter\unins000.exe
AddRemove-Great Invasions_is1 - c:\program files\Great Invasions\unins000.exe
AddRemove-Hegemony Philip of Macedon - c:\arquivos de programas\Hegemony Philip of Macedon\uninstall.exe
AddRemove-LimeWire - c:\program files\LimeWire\uninstall.exe
AddRemove-Making History II - c:\program files\Muzzy Lane Software\Making History II\uninstall.exe
AddRemove-ManyCam - c:\program files\ManyCam 2.4\uninstall.exe
AddRemove-MPEG TO AVI_is1 - c:\program files\MPEGTOAVI\unins000.exe
AddRemove-PasswordTools - c:\program files\PasswordTools\unsetup.exe
AddRemove-WMV TO AVI CONVERTER_is1 - c:\program files\WMVTOAVI\unins000.exe
AddRemove-Yenka - c:\program files\Yenka\uninstall.exe
AddRemove-{2A9F95AB-65A3-432c-8631-B8BC5BF7477A} - c:\program files\Electronic Arts\The Battle for Middle-earth (tm) II\EAUninstall.exe
AddRemove-{5FE0C13A-63F1-4394-88A8-2D8722A75FE0}_is1 - c:\program files\Convert VOB to AVI\unins000.exe
AddRemove-{6A25EFF6-EB6B-43F8-B0DD-31660A940D1A}_is1 - c:\program files\Chris PC-Lock\unins000.exe
AddRemove-{D1725D54-279A-40C5-A70D-23C1785DB920}_is1 - c:\program files\AoA Audio Extractor\unins000.exe


.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_USERS\S-1-5-21-3359654452-1635225289-495877095-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"?? "=hex:80,97,7b,3d,bc,ea,ce,c2,e8,1c,aa,be,4f,6f,6b,7f,99,aa,e0,18,06,34,3d,
16,52,b7,dc,31,97,07,76,7c,65,36,6d,fb,da,cb,03,42,c3,9a,11,89,2c,4d,90,a7,\
"?? "=hex:de,60,ba,39,87,f0,a9,d0,d7,fe,be,10,d4,0f,bd,c2

[HKEY_USERS\S-1-5-21-3359654452-1635225289-495877095-1001\Software\SecuROM\License information*]
"datasecu "=hex:b2,fb,43,fd,92,9b,c8,94,5a,29,08,9f,f7,e3,66,a1,0c,75,57,5f,17,
3e,92,c9,b5,cc,94,ce,81,1d,1c,87,0d,43,52,16,ca,b1,00,a6,97,dd,87,bf,7c,47,\
"rkeysecu "=hex:3a,33,d8,2c,95,9d,6e,2e,84,32,c8,15,30,4a,6d,9b

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
"MSCurrentCountry "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2011-01-22 02:25:54
ComboFix-quarantined-files.txt 2011-01-22 04:25

Pré-execução: 24.364.773.376 bytes disponíveis
Pós execução: 26.185.695.232 bytes disponíveis

- - End Of File - - 796CD368602E6F80DA37EE532ECCB2F0

 

Yeah, my computer is a bit slow when I start it, but then it runs pretty "normal ".

Now, the logs:

OTL logfile created on: 22/01/2011 11:08:10 - Run 1
OTL by OldTimer - Version 3.2.20.3 Folder = C:\Users\MontySire\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 24,46 Gb Free Space | 10,50% Space Free | Partition Type: NTFS

Computer Name: MONTYSIRE-PC | User Name: MontySire | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/22 11:03:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MontySire\Desktop\OTL.exe
PRC - [2010/12/17 08:32:52 | 002,850,296 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe
PRC - [2010/12/09 17:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/12/08 19:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/10/05 00:27:16 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.188\SSScheduler.exe
PRC - [2010/08/26 19:17:52 | 002,550,640 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent\BitTorrent.exe
PRC - [2010/07/06 17:39:04 | 003,039,536 | ---- | M] (HideMyIP) -- C:\Program Files\Hide My IP\HideMyIpSrv.exe
PRC - [2010/06/07 18:05:06 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/04/19 23:16:39 | 000,102,400 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2010/04/01 07:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2010/03/31 21:39:58 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe
PRC - [2010/02/26 03:10:20 | 021,979,992 | ---- | M] () -- C:\Users\MontySire\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2010/02/04 19:15:14 | 000,121,344 | ---- | M] (Airytec) -- C:\Program Files\Airytec\Switch Off\swoff.exe
PRC - [2009/10/31 03:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/09/02 22:23:48 | 000,288,560 | ---- | M] (BitTorrent, Inc.) -- C:\Arquivos de programas\uTorrent\uTorrent.exe
PRC - [2009/07/26 16:44:26 | 003,883,840 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/07/13 23:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 23:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe
PRC - [2009/06/29 10:31:20 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2006/03/31 00:34:00 | 001,839,104 | ---- | M] (Netpia.com, Inc.) -- C:\Program Files\PC-Clean\PC-Clean.exe


========== Modules (SafeList) ==========

MOD - [2011/01/22 11:03:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MontySire\Desktop\OTL.exe
MOD - [2010/11/23 22:54:08 | 000,212,456 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll
MOD - [2010/08/21 03:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/13 23:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 23:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 23:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 23:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 23:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 23:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 23:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 23:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 23:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 23:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/12/17 08:32:52 | 002,850,296 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/10/05 00:27:16 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.188\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/07/06 17:39:04 | 003,039,536 | ---- | M] (HideMyIP) [On_Demand | Running] -- C:\Program Files\Hide My IP\HideMyIpSrv.exe -- (HideMyIpSRV)
SRV - [2010/06/07 18:05:06 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/04/27 04:00:27 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/07 20:19:59 | 000,332,720 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/02/04 19:15:14 | 000,121,344 | ---- | M] (Airytec) [Auto | Stopped] -- C:\Program Files\Airytec\Switch Off\swoff.exe -- (SwOffWeb)
SRV - [2010/02/04 19:15:14 | 000,121,344 | ---- | M] (Airytec) [Auto | Running] -- C:\Program Files\Airytec\Switch Off\swoff.exe -- (SwOffScheduler)
SRV - [2009/07/13 23:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 23:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 23:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 23:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 23:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 23:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 23:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 23:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 23:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 23:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 23:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 23:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 23:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009/07/13 23:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 23:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 23:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 23:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 23:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 23:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) Instalador do ActiveX (AxInstSV)
SRV - [2009/07/13 23:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 23:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/06/29 10:31:20 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008/04/07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)


========== Driver Services (SafeList) ==========

DRV - [2010/09/19 07:57:36 | 000,072,808 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Running] -- C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys -- (a2acc)
DRV - [2010/09/05 11:25:22 | 000,041,928 | ---- | M] (Emsi Software GmbH) [File_System | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys -- (a2injectiondriver)
DRV - [2010/06/07 21:57:00 | 010,888,168 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/05/05 08:40:32 | 000,011,776 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2util32.sys -- (a2util)
DRV - [2010/04/10 18:08:10 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/12/11 05:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/11/16 14:33:38 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf)
DRV - [2009/07/13 23:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 23:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 23:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 23:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 23:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 23:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 23:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 23:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 23:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 23:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 23:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 23:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 23:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 23:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 23:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 23:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 23:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 23:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 23:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 23:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 23:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 23:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 23:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 23:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 23:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 23:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 23:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 23:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 23:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 23:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 23:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 23:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 23:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 23:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 23:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 23:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 23:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 23:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 23:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 23:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 23:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 23:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 22:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 22:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 22:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 21:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 21:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 21:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 21:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 21:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 21:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 21:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 21:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 21:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 21:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 21:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 21:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 21:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 21:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 21:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 21:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 21:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 20:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 20:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 20:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 20:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 20:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 20:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (SrvHsfPCI)
DRV - [2009/07/13 20:13:46 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (SrvHsfV92)
DRV - [2009/07/13 20:13:45 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (SrvHsfWinac)
DRV - [2009/07/13 20:02:52 | 000,043,008 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009/07/13 20:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 20:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 20:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/06/29 10:31:20 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2008/01/14 08:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2007/09/17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/05/02 12:12:36 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssm_mdm.sys -- (ssm_mdm)
DRV - [2007/05/02 12:12:36 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssm_mdfl.sys -- (ssm_mdfl)
DRV - [2007/05/02 12:12:34 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.skip-search.com/?cfg=2-82-0-0&engine_id=2&provider_id=2&product_id=82&country=BR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C3 F8 49 3F EA D8 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.astroburn-search.com/startpage
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.com "
FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.5.17s
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {10BCE720-4C50-42c6-9AF9-8185EC2FEBBB}:2.0.0.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2
FF - prefs.js..network.proxy.http: "109.110.97.192:3128 "
FF - prefs.js..network.proxy.no_proxies_on: "*.local "
FF - prefs.js..network.proxy.type: 1

FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/01/05 07:26:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/01/05 07:26:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/05 17:27:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/31 21:40:02 | 000,000,000 | ---D | M]

[2010/08/17 16:21:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MontySire\AppData\Roaming\mozilla\Extensions
[2010/04/19 22:50:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MontySire\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010/04/10 18:56:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MontySire\AppData\Roaming\mozilla\Firefox\extensions
[2010/04/10 18:56:15 | 000,000,000 | ---D | M] ( "Ask Toolbar for Firefox ") -- C:\Users\MontySire\AppData\Roaming\mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2011/01/21 22:45:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MontySire\AppData\Roaming\mozilla\Firefox\Profiles\o64vavww.default\extensions
[2011/01/12 06:06:18 | 000,000,000 | ---D | M] (ColdPlayFF Module) -- C:\Users\MontySire\AppData\Roaming\mozilla\Firefox\Profiles\o64vavww.default\extensions\{10BCE720-4C50-42c6-9AF9-8185EC2FEBBB}
[2011/01/21 00:00:14 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\MontySire\AppData\Roaming\mozilla\Firefox\Profiles\o64vavww.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/01/02 21:24:22 | 000,000,000 | ---D | M] (SkipScreen) -- C:\Users\MontySire\AppData\Roaming\mozilla\Firefox\Profiles\o64vavww.default\extensions\SkipScreen@SkipScreen
[2010/10/01 17:55:17 | 000,002,071 | ---- | M] () -- C:\Users\MontySire\AppData\Roaming\Mozilla\Firefox\Profiles\o64vavww.default\searchplugins\absearch-search.xml
[2011/01/02 21:24:24 | 000,001,741 | ---- | M] () -- C:\Users\MontySire\AppData\Roaming\Mozilla\Firefox\Profiles\o64vavww.default\searchplugins\ask.uk.xml
[2011/01/20 23:45:27 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de Programas\Mozilla Firefox\extensions
[2011/01/05 07:26:07 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video&gt -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011/01/05 07:26:07 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2010/07/22 22:54:55 | 000,001,027 | ---- | M] () -- C:\Arquivos de Programas\Mozilla Firefox\searchplugins\buscape.xml
[2010/07/22 22:54:55 | 000,001,212 | ---- | M] () -- C:\Arquivos de Programas\Mozilla Firefox\searchplugins\mercadolivre.xml
[2010/07/22 22:54:55 | 000,001,168 | ---- | M] () -- C:\Arquivos de Programas\Mozilla Firefox\searchplugins\wikipedia-br.xml
[2010/07/22 22:54:55 | 000,000,952 | ---- | M] () -- C:\Arquivos de Programas\Mozilla Firefox\searchplugins\yahoo-br.xml

O1 HOSTS File: ([2011/01/22 02:15:48 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (coldHelper Class) - {7C7DCF5B-46DB-4ed8-AD11-DAE6C4FE9F60} - C:\Users\MontySire\AppData\Local\ColdPlay\coldplie.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Barra de Ferramentas do Yahoo!) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NliaClient] C:\Program Files\NLIA\Netpia.exe (Netpia International Corp.)
O4 - HKLM..\Run: [PC-Clean] C:\Program Files\PC-Clean\PC-Clean.exe (Netpia.com, Inc.)
O4 - HKLM..\Run: [Windows® NetMeeting] C:\Program Files\NetMeeting\ca32.exe ()
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Windows® NetMeeting] C:\Program Files\NetMeeting\ca32.exe ()
O4 - Startup: C:\Users\MontySire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\MontySire\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Windows® NetMeeting = C:\Program Files\NetMeeting\ca32.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkStation = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.6.2.28 201.6.2.30 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 19:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.FMVC - C:\Windows\System32\fmcodec.DLL (Fox Magic Software)
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\System32\DivX.dll (DivX, Inc.)


========== Files/Folders - Created Within 30 Days ==========

[2011/01/22 11:03:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\MontySire\Desktop\OTL.exe
[2011/01/22 02:00:30 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/01/22 02:00:30 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/01/22 02:00:30 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/01/22 02:00:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/01/22 01:59:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/22 01:59:13 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/01/21 22:01:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Level Up!
[2011/01/21 21:58:52 | 000,000,000 | ---D | C] -- C:\Level Up! Games
[2011/01/21 00:02:30 | 000,000,000 | ---D | C] -- C:\Users\MontySire\dwhelper
[2011/01/20 23:36:55 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/01/20 17:15:46 | 000,000,000 | ---D | C] -- C:\Users\MontySire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IntelliConcepts
[2011/01/20 17:15:17 | 000,000,000 | ---D | C] -- C:\Users\MontySire\AppData\Local\Apps
[2011/01/20 17:15:16 | 000,000,000 | ---D | C] -- C:\Users\MontySire\AppData\Local\Deployment
[2011/01/20 14:23:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/01/16 21:16:35 | 000,139,264 | ---- | C] (Netpia.com, Inc.) -- C:\Windows\System32\NliaControl.cpl
[2011/01/16 21:16:35 | 000,036,864 | ---- | C] (Netpia.com, Inc.) -- C:\Windows\System32\NliaControlRes.dll
[2011/01/16 21:16:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC-Clean
[2011/01/16 21:16:35 | 000,000,000 | ---D | C] -- C:\Program Files\PC-Clean
[2011/01/16 21:16:35 | 000,000,000 | ---D | C] -- C:\Program Files\NLIA
[2011/01/16 21:15:58 | 000,000,000 | ---D | C] -- C:\Users\MontySire\AppData\Roaming\Malwarebytes
[2011/01/16 21:15:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/16 21:15:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/01/16 21:15:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/01/16 21:15:45 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/01/16 21:15:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/13 12:40:07 | 000,000,000 | ---D | C] -- C:\$AVG
[2011/01/13 12:18:07 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/01/13 12:17:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011/01/13 12:05:14 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2011/01/13 12:05:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2011/01/13 12:05:03 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2011/01/13 12:05:00 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011/01/12 23:00:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2011/01/12 23:00:32 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2011/01/12 23:00:32 | 000,000,000 | ---D | C] -- C:\Users\MontySire\Documents\Anti-Malware
[2011/01/12 15:25:16 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/01/12 06:06:18 | 000,000,000 | ---D | C] -- C:\Users\MontySire\AppData\Local\ColdPlay
[2011/01/12 06:06:16 | 000,000,000 | ---D | C] -- C:\Users\MontySire\AppData\Roaming\updates
[2011/01/05 07:28:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/01/05 07:24:13 | 000,000,000 | ---D | C] -- C:\Users\MontySire\AppData\Roaming\DivX
[2011/01/05 07:22:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2011/01/03 20:31:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2011/01/03 12:41:29 | 000,000,000 | ---D | C] -- C:\Program Files\The Creative Assembly
[2011/01/02 22:54:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total War
[2010/12/24 22:39:23 | 000,000,000 | ---D | C] -- C:\Users\MontySire\AppData\Roaming\DiskAid
[2010/12/24 22:39:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DiskAid
[2010/12/24 22:39:17 | 000,000,000 | ---D | C] -- C:\Program Files\DigiDNA
[2010/12/23 15:40:31 | 000,000,000 | ---D | C] -- C:\Users\MontySire\Documents\Remote Assistance Logs

========== Files - Modified Within 30 Days ==========

[2011/01/22 11:03:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MontySire\Desktop\OTL.exe
[2011/01/22 10:59:00 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/22 10:58:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/22 10:58:43 | 2414,727,168 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/22 02:34:03 | 000,013,808 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/22 02:34:03 | 000,013,808 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/22 02:15:48 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/01/22 01:36:00 | 000,001,038 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/22 01:32:19 | 004,158,956 | R--- | M] () -- C:\Users\MontySire\Desktop\ComboFix.exe
[2011/01/22 01:14:17 | 000,133,632 | ---- | M] () -- C:\Users\MontySire\Desktop\RKUnhookerLE.EXE
[2011/01/21 21:38:27 | 000,001,156 | ---- | M] () -- C:\Users\MontySire\Desktop\xVideos Video Downloader.lnk
[2011/01/21 21:10:42 | 000,624,128 | ---- | M] () -- C:\Users\MontySire\Desktop\dds.scr
[2011/01/20 22:35:50 | 000,080,384 | ---- | M] () -- C:\Users\MontySire\Desktop\MBRCheck.exe
[2011/01/20 17:00:06 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\RegCure Program Check.job
[2011/01/13 12:05:13 | 000,002,120 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/01/13 12:03:44 | 000,000,036 | ---- | M] () -- C:\Users\MontySire\AppData\Local\housecall.guid.cache
[2011/01/13 11:37:15 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\RegCure.job
[2011/01/12 14:56:53 | 000,000,482 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for MontySire.job
[2011/01/09 11:55:21 | 000,666,670 | ---- | M] () -- C:\Windows\System32\prfh0416.dat
[2011/01/09 11:55:21 | 000,618,664 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/01/09 11:55:21 | 000,130,608 | ---- | M] () -- C:\Windows\System32\prfc0416.dat
[2011/01/09 11:55:21 | 000,108,240 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/01/08 01:58:38 | 000,274,379 | ---- | M] () -- C:\Users\MontySire\Documents\Yeah.wma
[2011/01/03 20:28:20 | 000,001,037 | ---- | M] () -- C:\Users\MontySire\Desktop\Super Meat Boy.lnk
[2011/01/02 19:49:57 | 000,000,038 | ---- | M] () -- C:\Windows\avisplitter.INI

========== Files Created - No Company Name ==========

[2011/01/22 02:00:30 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/01/22 02:00:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/01/22 02:00:30 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/01/22 02:00:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/01/22 02:00:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/01/22 01:32:09 | 004,158,956 | R--- | C] () -- C:\Users\MontySire\Desktop\ComboFix.exe
[2011/01/22 01:14:17 | 000,133,632 | ---- | C] () -- C:\Users\MontySire\Desktop\RKUnhookerLE.EXE
[2011/01/21 21:38:27 | 000,001,156 | ---- | C] () -- C:\Users\MontySire\Desktop\xVideos Video Downloader.lnk
[2011/01/21 21:10:43 | 000,624,128 | ---- | C] () -- C:\Users\MontySire\Desktop\dds.scr
[2011/01/20 22:35:51 | 000,080,384 | ---- | C] () -- C:\Users\MontySire\Desktop\MBRCheck.exe
[2011/01/13 12:05:06 | 000,002,120 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/01/13 12:03:44 | 000,000,036 | ---- | C] () -- C:\Users\MontySire\AppData\Local\housecall.guid.cache
[2011/01/08 01:58:38 | 000,274,379 | ---- | C] () -- C:\Users\MontySire\Documents\Yeah.wma
[2011/01/05 07:23:35 | 000,001,038 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/05 07:22:47 | 000,001,034 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/02 19:49:47 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.INI
[2010/12/14 23:27:13 | 000,000,097 | ---- | C] () -- C:\Users\MontySire\AppData\Local\fusioncache.dat
[2010/12/04 17:47:55 | 000,000,360 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/11/09 22:03:18 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/11/09 22:03:16 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2010/11/09 22:03:16 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/11/09 22:03:16 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/11/09 22:03:15 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/09/28 22:23:42 | 000,007,605 | ---- | C] () -- C:\Users\MontySire\AppData\Local\Resmon.ResmonCfg
[2010/06/29 11:45:24 | 000,000,165 | ---- | C] () -- C:\Users\MontySire\AppData\Roaming\PLGComp.ini
[2010/06/07 17:34:33 | 000,014,336 | ---- | C] () -- C:\Users\MontySire\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/25 22:36:47 | 000,001,127 | ---- | C] () -- C:\Windows\System32\ansiq13.sys
[2010/04/19 22:53:14 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010/04/19 22:53:14 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010/04/10 18:08:10 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/11/16 14:33:38 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009/07/13 22:55:09 | 000,587,776 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2009/07/13 21:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 21:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/07 09:27:20 | 000,073,728 | ---- | C] () -- C:\Windows\System32\vbzlib1.dll
[2007/10/25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys

(Part 1)

 

(Part 2)

========== LOP Check ==========

[2010/12/06 23:10:57 | 000,000,000 | ---D | M] -- C:\Users\MontySire\AppData\Roaming\.minecraft
[2010/05/09 12:01:25 | 000,000,000 | ---D | M] -- C:\Users\MontySire\AppData\Roaming\Advanced Chemistry Development
[2010/05/04 23:56:22 | 000,000,000 | ---D | M] -- C:\Users\MontySire\AppData\Roaming\Airytec
[2010/10/01 17:54:46 | 000,000,000 | ---D | M] -- C:\Users\MontySire\AppData\Roaming\Astroburn Lite
[2011/01/22 11:11:18 | 000,000,000 | ---D | M] -- C:\Users\MontySire\AppData\Roaming\BitTorrent
[2010/04/10 18:14:32 | 000,000,000 | ---D | M] -- C:\Users\MontySire\AppData\Roaming\DAEMON Tools Lite
[2010/12/24 23:10:18 | 000,000,000 | ---D | M] -- C:\Users\MontySire\AppData\Roaming\DiskAid
[2011/01/22 11:04:27 | 000,000,000 | ---D | M] -- C:\Users\MontySire\AppData\Roaming\Dropbox
[2010/04/12 23:56:13 | 000,000,000 | ---D | M] -- C:\Users\MontySire\AppData\Roaming\GetRightToGo
[2010/04/25 00:10:28 | 000,000,000 | ---D | M] -- C:\Users\MontySire\AppData\Roaming\LimeWire
[2010/09/17 10:37:01 | 000,000,000 | ---D | M] -- C:\Users\MontySire\AppData\Roaming\Lionhead Studios
[2010/06/14 20:50:36 | 000,000,000 | ---D | M] -- C:\Users\MontySire\AppData\Roaming\Longbow Digital Arts
[2010/04/26 17:13:24 | 000,000,000 | ---D | M] -- C:\Users\MontySire\AppData\Roaming\Lost Marble
[2010/05/03 17:03:41 | 000,000,000 | ---D | M] -- C:\Users\MontySire\AppData\Roaming\ManyCam
[2010/08/26 19:10:23 | 000,000,000 | ---D | M] -- C:\Users\MontySire\AppData\Roaming\Mount&Blade
[2010/09/29 18:08:22 | 000,000,000 | ---D | M] -- C:\Users\MontySire\AppData\Roaming\My Battle for Middle-earth(tm) II Files
[2010/12/07 17:25:10 | 000,000,000 | ---D | M] -- C:\Users\MontySire\AppData\Roaming\NetMeeting
[2010/04/19 23:19:04 | 000,000,000 | ---D | M] -- C:\Users\MontySire\AppData\Roaming\PC Suite
[2010/04/19 22:53:05 | 000,000,000 | ---D | M] -- C:\Users\MontySire\AppData\Roaming\Samsung
[2010/05/08 21:55:36 | 000,000,000 | ---D | M] -- C:\Users\MontySire\AppData\Roaming\SPORE
[2010/10/28 14:41:08 | 000,000,000 | ---D | M] -- C:\Users\MontySire\AppData\Roaming\The Creative Assembly
[2011/01/12 23:31:57 | 000,000,000 | ---D | M] -- C:\Users\MontySire\AppData\Roaming\updates
[2011/01/22 11:09:18 | 000,000,000 | ---D | M] -- C:\Users\MontySire\AppData\Roaming\uTorrent
[2011/01/20 17:00:06 | 000,000,398 | ---- | M] () -- C:\Windows\Tasks\RegCure Program Check.job
[2011/01/13 11:37:15 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\RegCure.job
[2011/01/22 01:53:32 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/04/10 11:40:57 | 000,000,000 | ---- | M] () -- C:\adorage-protocol.txt
[2009/06/10 19:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/11/23 19:01:57 | 000,000,223 | -H-- | M] () -- C:\Boot.BAK
[2010/04/10 20:36:33 | 000,000,367 | RHS- | M] () -- C:\Boot.ini.saved
[2004/08/04 10:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2009/07/13 23:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/04/10 20:36:34 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011/01/22 02:25:59 | 000,020,466 | ---- | M] () -- C:\ComboFix.txt
[2009/06/10 19:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/01/22 10:58:43 | 2414,727,168 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/05 21:21:13 | 000,038,087 | ---- | M] () -- C:\hpfr3420.log
[2010/04/05 21:21:13 | 000,000,522 | ---- | M] () -- C:\hpfr3420.xml
[2009/08/26 14:30:33 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/12/15 14:51:51 | 004,194,322 | ---- | M] () -- C:\memory_map.tga
[2009/08/26 14:30:33 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 10:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/08/31 13:55:34 | 000,251,696 | RHS- | M] () -- C:\ntldr
[2011/01/20 02:19:05 | 000,094,898 | ---- | M] () -- C:\OTL.Txt
[2011/01/22 10:58:43 | 3219,640,320 | -HS- | M] () -- C:\pagefile.sys
[2009/09/01 10:49:52 | 027,262,976 | ---- | M] () -- C:\VIRTPART.DAT

< %systemroot%\Fonts\*.com >
[2009/07/14 02:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 02:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 02:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 02:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 19:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/06/22 18:58:20 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2009/07/13 23:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
[2009/07/13 23:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/04/17 01:21:08 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 02:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/04/10 18:02:05 | 000,000,221 | -HS- | M] () -- C:\Users\MontySire\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/01/22 01:32:19 | 004,158,956 | R--- | M] () -- C:\Users\MontySire\Desktop\ComboFix.exe
[2011/01/20 22:35:50 | 000,080,384 | ---- | M] () -- C:\Users\MontySire\Desktop\MBRCheck.exe
[2011/01/22 11:03:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MontySire\Desktop\OTL.exe
[2011/01/22 01:14:17 | 000,133,632 | ---- | M] () -- C:\Users\MontySire\Desktop\RKUnhookerLE.EXE

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 19:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2010/06/25 19:00:05 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2010/12/04 18:57:44 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2010/06/25 17:22:16 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2010/06/25 17:22:16 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2010/12/04 18:57:44 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/08/03 16:40:52 | 000,000,402 | -HS- | M] () -- C:\Users\MontySire\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/12/04 18:55:11 | 000,000,360 | ---- | M] () -- C:\ProgramData\hpzinstall.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:8CE646EE

< End of report >




And now extras.txt:



OTL Extras logfile created on: 22/01/2011 11:08:10 - Run 1
OTL by OldTimer - Version 3.2.20.3 Folder = C:\Users\MontySire\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 24,46 Gb Free Space | 10,50% Space Free | Partition Type: NTFS

Computer Name: MONTYSIRE-PC | User Name: MontySire | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L "
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}" = Medieval II Total War : Kingdoms : Crusades
"{0FFEA8EE-7BC7-4C9D-8CC6-5B8C891BA3F2}" = Windows Live Essentials
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2BDBD1DE-2959-407F-BBC2-C9B2828CEDF2}" = HPSSupply
"{2DF215E0-BD3C-4C98-8616-AFEF09747285}" = Windows Live Sync
"{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3CAE8527-3E5D-465B-9830-40C2DAE9CE4F}" = PC-Clean
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live
"{590035D9-BFA0-406A-A7F0-479C72C0DDB2}" = Windows Live Call
"{59C80C5E-8C92-40FF-B910-2BB5C7281F61}" = Europa Universalis III
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{70376A8D-C6E7-4A61-9E30-42AD268CD45D}_is1" = MagicCamera 6.4.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75983B66-804C-40D1-BA13-64DAF652A6F1}" = Medieval II Total War : Kingdoms : Americas
"{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}" = Medieval II Total War : Kingdoms : Teutonic
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87A9C015-C2BA-44EE-9C20-6E1A764B8E23}" = Windows Live Galeria de Fotos
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90850416-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADC3E4F-34DA-48CD-8727-BB26D90257BD}" = Windows Live Messenger
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPOREâ„¢
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1046-7B44-A93000000001}" = Adobe Reader 9.3 - Português
"{AF36CE1D-FD2C-4BA0-93FA-1196785DD610}" = Adobe Flash Player 10 Plugin
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}" = NVIDIA PhysX
"{B975F4A1-63B6-11D4-BFEC-005004AF2D32}" = Monopoly Tycoon
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}" = Medieval II Total War : Kingdoms : Britannia
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF581945-BBE9-11D5-A7FE-50275FC10000}" = Capitalism II
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Airytec Switch Off" = Airytec Switch Off
"Anime Studio_is1" = Anime Studio 5.6
"aTube Catcher" = aTube Catcher
"BitTorrent" = BitTorrent
"City Life" = City Life 2008
"ColdPlay" = ColdPlay
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Combat Arms" = Combat Arms
"Digital Guitar Tuner 2.3_is1" = Digital Guitar Tuner 2.3
"DiskAid_is1" = DiskAid 4.5
"DivX Setup.divx.com" = Instalação do DivX
"DoremiSoft AVI to MP4 Converter" = DoremiSoft AVI to MP4 Converter 1.0
"Emsisoft Anti-Malware_is1" = Emsisoft Anti-Malware 5.1
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FMCODEC" = FM Screen Capture Codec (Remove Only)
"For the Glory_is1" = For the Glory
"Free Convert to DIVX AVI WMV MP4 MPEG Converter_is1" = Free Convert to DIVX AVI WMV MP4 MPEG Converter 5.8
"Google Chrome" = Google Chrome
"HMIP50_is1" = Hide My IP 5.2
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.0.0 (Full)
"Lionheart Kings Crusade_is1" = Lionheart Kings Crusade
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Mount&Blade" = Mount&Blade
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NSS" = Norton Security Scan
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OJOsoft Total Video Converter_is1" = OJOsoft Total Video Converter
"Redtube Video Downloader_is1" = Redtube Video Downloader 3.25
"RegCure" = RegCure
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"Shop for HP Supplies" = Shop for HP Supplies
"SystemRequirementsLab" = System Requirements Lab
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.0-rc
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = Arquivo do WinRAR
"WinX Free WMV to MP4 Converter_is1" = WinX Free WMV to MP4 Converter 2.0.5
"xVideos Video Downloader_is1" = xVideos Video Downloader 3.24
"Yahoo! Companion" = Barra de Ferramentas do Yahoo!

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"ea973adb42edb53d" = Disk Space Finder
"Third Age - Total War 1.0 Part1" = Third Age - Total War 1.0 Part1
"Third Age - Total War 1.0 Part2" = Third Age - Total War 1.0 Part2
"Third Age - Total War Hotfix1" = Third Age - Total War Hotfix1
"Third Age - Total War Patch 1.1" = Third Age - Total War Patch 1.1
"Third Age - Total War Patch 1.2" = Third Age - Total War Patch 1.2
"Third Age - Total War Patch 1.3" = Third Age - Total War Patch 1.3
"Third Age - Total War Patch 1.4" = Third Age - Total War Patch 1.4

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 21/01/2011 15:58:05 | Computer Name = MontySire-PC | Source = SideBySide | ID = 16842815
Description = Falha na geração de contexto de ativação para "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll ". Erro no arquivo de manifesto ou de
diretiva c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll ", na
linha 3. O valor "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR "
do atributo version no elemento assemblyIdentity é inválido.

Error - 21/01/2011 20:35:04 | Computer Name = MontySire-PC | Source = Application Hang | ID = 1002
Description = O programa firefox.exe versão 1.9.2.3989 parou de interagir com o
Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema,
verifique o histórico de problemas no painel de controle da Central de Ações. ID
de Processo: 1274 Hora de Início: 01cbb9c01d178961 Hora de Término: 22 Caminho do
Aplicativo: C:\Program Files\Mozilla Firefox\firefox.exe Id do Relatório: 713b873c-25bf-11e0-977c-001c25466d90


Error - 21/01/2011 21:08:33 | Computer Name = MontySire-PC | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: Engine.exe, versão: 0.0.0.0, carimbo
de hora: 0x4d1d91f1 Nome do módulo de falhas: ntdll.dll, versão: 6.1.7600.16385,
carimbo de hora: 0x4a5bdadb Código de exceção: 0xc0000005 Deslocamento com falha:
0x0005ea89 Identificação do processo com falha: 0x168c Hora de início do aplicativo
com falha: 0x01cbb9cfe0eea739 Caminho do aplicativo com falha: C:\Level Up! Games\Combat
Arms\Engine.exe FCaminho do módulo de falhas: C:\Windows\SYSTEM32\ntdll.dll Identificação
do Relatório: 21280a4b-25c4-11e0-977c-001c25466d90

Error - 21/01/2011 21:11:21 | Computer Name = MontySire-PC | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: Engine.exe, versão: 0.0.0.0, carimbo
de hora: 0x4d1d91f1 Nome do módulo de falhas: ntdll.dll, versão: 6.1.7600.16385,
carimbo de hora: 0x4a5bdadb Código de exceção: 0xc0000005 Deslocamento com falha:
0x0005ea89 Identificação do processo com falha: 0x16e4 Hora de início do aplicativo
com falha: 0x01cbb9d0ec9918be Caminho do aplicativo com falha: C:\Level Up! Games\Combat
Arms\Engine.exe FCaminho do módulo de falhas: C:\Windows\SYSTEM32\ntdll.dll Identificação
do Relatório: 855e203e-25c4-11e0-977c-001c25466d90

Error - 21/01/2011 22:34:22 | Computer Name = MontySire-PC | Source = SideBySide | ID = 16842815
Description = Falha na geração de contexto de ativação para "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll ". Erro no arquivo de manifesto ou de
diretiva c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll ", na
linha 3. O valor "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR "
do atributo version no elemento assemblyIdentity é inválido.

Error - 21/01/2011 23:49:36 | Computer Name = MontySire-PC | Source = Application Hang | ID = 1002
Description = O programa avgui.exe versão 10.0.0.1181 parou de interagir com o Windows
e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique
o histórico de problemas no painel de controle da Central de Ações. ID de Processo:
148c Hora de Início: 01cbb9e7493f3942 Hora de Término: 7 Caminho do Aplicativo: C:\Program
Files\AVG\AVG10\avgui.exe Id do Relatório:

Error - 22/01/2011 00:15:32 | Computer Name = MontySire-PC | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: REGT.cfxxe, versão: 6.1.7600.16385,
carimbo de hora: 0x4a5bc072 Nome do módulo de falhas: a2hooks32.dll, versão: 5.0.0.85,
carimbo de hora: 0x4cec3784 Código de exceção: 0xc0000005 Deslocamento com falha:
0x00002a47 Identificação do processo com falha: 0x10a0 Hora de início do aplicativo
com falha: 0x01cbb9eb01e8e19e Caminho do aplicativo com falha: C:\ComboFix\REGT.cfxxe
FCaminho
do módulo de falhas: C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll Identificação
do Relatório: 4039ab71-25de-11e0-88f7-001c25466d90

Error - 22/01/2011 00:16:04 | Computer Name = MontySire-PC | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: REGT.cfxxe, versão: 6.1.7600.16385,
carimbo de hora: 0x4a5bc072 Nome do módulo de falhas: a2hooks32.dll, versão: 5.0.0.85,
carimbo de hora: 0x4cec3784 Código de exceção: 0xc0000005 Deslocamento com falha:
0x00002a47 Identificação do processo com falha: 0x86c Hora de início do aplicativo
com falha: 0x01cbb9eb158054ff Caminho do aplicativo com falha: C:\ComboFix\REGT.cfxxe
FCaminho
do módulo de falhas: C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll Identificação
do Relatório: 53829169-25de-11e0-88f7-001c25466d90

Error - 22/01/2011 00:26:09 | Computer Name = MontySire-PC | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: regedit.exe, versão: 6.1.7600.16385,
carimbo de hora: 0x4a5bc072 Nome do módulo de falhas: a2hooks32.dll, versão: 5.0.0.85,
carimbo de hora: 0x4cec3784 Código de exceção: 0xc0000005 Deslocamento com falha:
0x00002a47 Identificação do processo com falha: 0x10e8 Hora de início do aplicativo
com falha: 0x01cbb9ec7cb23a98 Caminho do aplicativo com falha: C:\Windows\regedit.exe
FCaminho
do módulo de falhas: C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll Identificação
do Relatório: bbd94043-25df-11e0-88f7-001c25466d90

Error - 22/01/2011 09:07:31 | Computer Name = MontySire-PC | Source = Application Hang | ID = 1002
Description = O programa OTL.exe versão 3.2.20.3 parou de interagir com o Windows
e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique
o histórico de problemas no painel de controle da Central de Ações. ID de Processo:
1610 Hora de Início: 01cbba34ee368c6f Hora de Término: 0 Caminho do Aplicativo: C:\Users\MontySire\Desktop\OTL.exe

Id
do Relatório:

[ System Events ]
Error - 16/01/2011 20:22:05 | Computer Name = MontySire-PC | Source = Service Control Manager | ID = 7001
Description = O serviço Serviço da Lista de Redes depende do serviço Reconhecimento
de Locais de Rede, mas não foi possível iniciá-lo devido ao seguinte erro: %%1068

Error - 16/01/2011 20:22:05 | Computer Name = MontySire-PC | Source = Service Control Manager | ID = 7001
Description = O serviço Serviço da Lista de Redes depende do serviço Reconhecimento
de Locais de Rede, mas não foi possível iniciá-lo devido ao seguinte erro: %%1068

Error - 16/01/2011 20:22:05 | Computer Name = MontySire-PC | Source = Service Control Manager | ID = 7001
Description = O serviço Serviço da Lista de Redes depende do serviço Reconhecimento
de Locais de Rede, mas não foi possível iniciá-lo devido ao seguinte erro: %%1068

Error - 16/01/2011 20:22:24 | Computer Name = MontySire-PC | Source = DCOM | ID = 10005
Description =

Error - 20/01/2011 13:04:35 | Computer Name = MontySire-PC | Source = BugCheck | ID = 1001
Description =

Error - 20/01/2011 13:15:16 | Computer Name = MontySire-PC | Source = EventLog | ID = 6008
Description = O desligamento anterior do sistema em 15:13:25 às ?20/?01/?2011 não
era esperado.

Error - 21/01/2011 15:39:44 | Computer Name = MontySire-PC | Source = EventLog | ID = 6008
Description = O desligamento anterior do sistema em 13:16:04 às ?21/?01/?2011 não
era esperado.

Error - 21/01/2011 16:14:26 | Computer Name = MontySire-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = O firmware da plataforma corrompeu a memória na transição de energia
anterior. Use um firmware atualizado em seu sistema.

Error - 22/01/2011 00:03:42 | Computer Name = MontySire-PC | Source = Service Control Manager | ID = 7030
Description = O serviço PEVSystemStart está marcado como um serviço interativo.
No entanto, o sistema está configurado para não permitir serviços interativos. Esse
serviço pode não funcionar corretamente.

Error - 22/01/2011 00:15:56 | Computer Name = MontySire-PC | Source = Service Control Manager | ID = 7030
Description = O serviço PEVSystemStart está marcado como um serviço interativo.
No entanto, o sistema está configurado para não permitir serviços interativos. Esse
serviço pode não funcionar corretamente.


< End of report >

 

What next sir?

 

I ran the Java update, and uninstalled as told to the older ones. UNinstalled RegCure too.

As of my AV, I re-downloaded AVG Free, but something tells me that does not suffice...

What next?

 

Seriously man, is there any way I can speed this ESET thing up? Cause this way, it'll take a whole day to finish. There are about 1,500,000 files to be scanned, it's on 34,240 right now, after 15 mins...

As of the security check, here it goes:


Results of screen317's Security Check version 0.99.7
Windows 7 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
AVG 2011
McAfee Security Scan Plus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 23
Out of date Java installed!
Adobe Flash Player 10.0.45.2
Adobe Reader 9.3 - Português
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Emsisoft Anti-Malware a2service.exe
``````````End of Log````````````




(P.S.: I ran the TFC, apparently it removed as much as 3GB, so it's amazing...)

 

Yep, installed AR and uninstalled McAfee.

Now, and off the topic question, why is it that you guys maintain this website? Is it a random act of help towards others or do you actually make a living out of it, if you don't mind me asking...