Hello, I’m using this topic, cause i also have tratBHO in my laptop.I’m using windows VISTA, and i have tried different tools, but nothing seems to work. As soon I start the computer, avast give me the warning about this Trojan, I move it to chest, but reborn every day.
Thanks for your help.
Please download HijackThis from here …
http://filehippo.com/download_hijackthis/
Download and run HijackThis and post the contents of the log file (cut and paste) into this topic, you may need to use two or more posts depending on how large it is. Do not make any fixes until someone tell you what to fix.
Log file from hjt:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:04:57, on 15-02-2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O4 - HKLM..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM..\Run: [QPService] “C:\Program Files\HP\QuickPlay\QPService.exe”
O4 - HKLM..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe”
O4 - HKLM..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM..\Run: [diagnostics] “C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe” /icon -l:pt
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM..\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM..\Run: [COMODO Firewall Pro] “C:\Program Files\COMODO\Firewall\cfp.exe” -h
O4 - HKLM..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU..\Run: [Skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU..\Run: [cmds] rundll32.exe C:\Users\AURELI~1\AppData\Local\Temp\qomlk.dll,c
O4 - HKCU..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKCU..\Run: [MS Juan] rundll32 “C:\Users\AURELI~1\AppData\Local\Temp\oeoottvq.dll”,run
O4 - HKCU..\Run: [26f7bf16] rundll32.exe “C:\Users\AURELI~1\AppData\Local\Temp\sfcppyvv.dll”,b
O4 - HKCU..\Run: [MSServer] rundll32.exe C:\Users\AURELI~1\AppData\Local\Temp\mllij.dll,#1
O4 - HKUS\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘SERVIÇO LOCAL’)
O4 - HKUS\S-1-5-19..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘SERVIÇO LOCAL’)
O4 - HKUS\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘Serviço de rede’)
O4 - Startup: Iniciação Rápida do Microsoft Office OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O17 - HKLM\System\CCS\Services\Tcpip..{1C000452-E157-4A27-9F1D-D618CDB1393A}: NameServer = 212.55.154.174
O17 - HKLM\System\CS1\Services\Tcpip..{1C000452-E157-4A27-9F1D-D618CDB1393A}: NameServer = 212.55.154.174
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: APSHook.dll C:\Windows\system32\guard32.dll
O23 - Service: Agendador do LiveUpdate automático - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Serviço SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - C:\Program Files/Thomson/ST330/service/st330service.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
–
End of file - 11952 bytes
As a Vista user I will require that all the programmes I ask you to run, be run by right clicking the icon and selecting Run as Administrator. Otherwise some programmes may fail to do their job properly
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. [b]
O4 - HKCU..\Run: [cmds] rundll32.exe C:\Users\AURELI~1\AppData\Local\Temp\qomlk.dll,c
O4 - HKCU..\Run: [MS Juan] rundll32 “C:\Users\AURELI~1\AppData\Local\Temp\oeoottvq.dll”,run
O4 - HKCU..\Run: [26f7bf16] rundll32.exe “C:\Users\AURELI~1\AppData\Local\Temp\sfcppyvv.dll”,b
O4 - HKCU..\Run: [MSServer] rundll32.exe C:\Users\AURELI~1\AppData\Local\Temp\mllij.dll,#1
[/b]Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.
THEN
Please download the OTMoveIt2 by OldTimer.
[*] Save it to your desktop.
[*] Please double-click OTMoveIt2.exe to run it.
[*]Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
C:\Users\AURELI~1\AppData\Local\Temp\qomlk.dll
C:\Users\AURELI~1\AppData\Local\Temp\oeoottvq.dll
C:\Users\AURELI~1\AppData\Local\Temp\sfcppyvv.dll
C:\Users\AURELI~1\AppData\Local\Temp\mllij.dll
[*] Return to OTMoveIt2, right click in the “Paste List of Files/Folders to be Moved” window (under the light blue bar) and choose Paste.
[*]Click the red Moveit! button.
[*]Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
[*]Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
FINALLY
Download ComboFix from Here or Here to your Desktop.
[*]Double click combofix.exe and follow the prompts.
[*]When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix’s window while its running. That may cause it to stall
Combofix may take up to 2 minutes to initialise in Vista
I’ve got some problems, using combofix. It seems not running, a blue comand line window prompt, but after 5 mnt nothing hapens. I also couldn’t get the OTMoveIt2 log file, because it askme to reboot at the end, and i dont now where is the log file, or even if there is a saved log file.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:14:15, on 16-02-2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\conime.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O4 - HKLM..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM..\Run: [QPService] “C:\Program Files\HP\QuickPlay\QPService.exe”
O4 - HKLM..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe”
O4 - HKLM..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM..\Run: [diagnostics] “C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe” /icon -l:pt
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM..\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM..\Run: [COMODO Firewall Pro] “C:\Program Files\COMODO\Firewall\cfp.exe” -h
O4 - HKLM..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU..\Run: [Skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKCU..\Run: [cmds] rundll32.exe C:\Users\AURELI~1\AppData\Local\Temp\qomlk.dll,c
O4 - HKCU..\Run: [MSServer] rundll32.exe C:\Users\AURELI~1\AppData\Local\Temp\mllij.dll,#1
O4 - HKUS\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘SERVIÇO LOCAL’)
O4 - HKUS\S-1-5-19..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘SERVIÇO LOCAL’)
O4 - HKUS\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘Serviço de rede’)
O4 - Startup: Iniciação Rápida do Microsoft Office OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: APSHook.dll C:\Windows\system32\guard32.dll
O23 - Service: Agendador do LiveUpdate automático - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Serviço SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - C:\Program Files/Thomson/ST330/service/st330service.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
–
End of file - 11495 bytes
Here you go 
If OTMOVEITE reboots, before you can get the ruslts they can be found here
C:_OTMoveIt\MovedFiles**_.log
(where “**_” is the “date_time”)
Ta Oldman… OK there is more than one way to skin a cat
Download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.
[*]Close ALL OTHER PROGRAMS.
[*]Open the WinPFind35u folder and double-click on WinPFind35U.exe to start the program.
[*]Under Additional Scans click the checkboxes in front of the following items to select them:
Reg - BotCheck
[*]Now click the Run Scan button on the toolbar.
[*]Let it run unhindered until it finishes.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and attach the log. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.
DllUnregisterServer procedure not found in C:\Users\AURELI~1\AppData\Local\Temp\qomlk.dll
C:\Users\AURELI~1\AppData\Local\Temp\qomlk.dll NOT unregistered.
File move failed. C:\Users\AURELI~1\AppData\Local\Temp\qomlk.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\Users\AURELI~1\AppData\Local\Temp\oeoottvq.dll
C:\Users\AURELI~1\AppData\Local\Temp\oeoottvq.dll NOT unregistered.
C:\Users\AURELI~1\AppData\Local\Temp\oeoottvq.dll moved successfully.
DllUnregisterServer procedure not found in C:\Users\AURELI~1\AppData\Local\Temp\sfcppyvv.dll
C:\Users\AURELI~1\AppData\Local\Temp\sfcppyvv.dll NOT unregistered.
C:\Users\AURELI~1\AppData\Local\Temp\sfcppyvv.dll moved successfully.
DllUnregisterServer procedure not found in C:\Users\AURELI~1\AppData\Local\Temp\mllij.dll
C:\Users\AURELI~1\AppData\Local\Temp\mllij.dll NOT unregistered.
File move failed. C:\Users\AURELI~1\AppData\Local\Temp\mllij.dll scheduled to be moved on reboot.
OTMoveIt2 v1.0.20 log created on 02162008_004940
WinPFind35 logfile created on: 16-02-2008 22:47:46
WinPFind35U Version Beta51 Folder = C:\Users\Aurelio Pereira\Desktop\WinPFind35u
Windows Vista (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16609)
Locale: 00000816 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy
2,00 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 57,09% Memory free
4,00 Gb Paging File | 3,23 Gb Available in Paging File | 80,72% Paging File free
Paging file location(s): ?:\pagefile.sys;
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 179,46 Gb Total Space | 154,38 Gb Free Space | 86,02% Space Free | Partition Type: NTFS
Drive D: | 6,85 Gb Total Space | 2,01 Gb Free Space | 29,36% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: AURELIOPEREI-PC
Current User Name: Aurelio Pereira
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
[Processes - Non-Microsoft Only]
st330service.exe -> %SystemDrive%\Programas\Thomson\ST330\service\st330service.exe -> THOMSON Telecom Belgium [Ver = 2.1.0.1 build 230 | Size = 581632 bytes | Modified Date = 04-10-2007 17:19:31 | Attr = ]
aswupdsv.exe -> %SystemDrive%\Programas\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 04-12-2007 14:36:33 | Attr = ]
ashserv.exe -> %SystemDrive%\Programas\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 04-12-2007 13:00:16 | Attr = ]
asghost.exe -> %SystemDrive%\Programas\Bioscrypt\VeriSoft\Bin\asghost.exe -> Cognizance Corporation [Ver = 2.5.0.057 | Size = 65536 bytes | Modified Date = 07-02-2007 14:30:00 | Attr = R ]
clcapsvc.exe -> %SystemDrive%\Programas\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -> [Ver = 5.00.2819 | Size = 262243 bytes | Modified Date = 23-04-2007 17:11:42 | Attr = ]
cmdagent.exe -> %SystemDrive%\Programas\COMODO\Firewall\cmdagent.exe -> COMODO [Ver = 2.4.0.19 | Size = 507648 bytes | Modified Date = 14-02-2008 07:20:31 | Attr = ]
iaantmon.exe -> %SystemDrive%\Programas\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> Intel Corporation [Ver = 7.0.0.1020 | Size = 355096 bytes | Modified Date = 12-02-2007 14:38:04 | Attr = ]
lssrvc.exe -> %SystemDrive%\Programas\Common Files\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.136.1 | Size = 61440 bytes | Modified Date = 14-12-2006 16:49:10 | Attr = ]
saservice.exe -> %SystemDrive%\Programas\SiteAdvisor\6253\SAService.exe -> [Ver = | Size = 345376 bytes | Modified Date = 12-02-2008 00:56:41 | Attr = ]
hpqwmiex.exe -> %SystemDrive%\Programas\Hewlett-Packard\Shared\hpqwmiex.exe -> Hewlett-Packard Development Company, L.P. [Ver = 2, 0, 1, 9 | Size = 135168 bytes | Modified Date = 02-05-2006 13:41:28 | Attr = ]
ashmaisv.exe -> %SystemDrive%\Programas\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 04-12-2007 12:59:53 | Attr = ]
ashwebsv.exe -> %SystemDrive%\Programas\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 345464 bytes | Modified Date = 04-12-2007 12:59:01 | Attr = ]
sm56hlpr.exe -> %SystemDrive%\Programas\Motorola\SMSERIAL\sm56hlpr.exe -> Motorola Inc. [Ver = 6.12.04 | Size = 729088 bytes | Modified Date = 09-10-2006 20:43:44 | Attr = ]
syntpenh.exe -> %SystemDrive%\Programas\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 9.1.11 12Jan07 | Size = 827392 bytes | Modified Date = 13-01-2007 03:36:40 | Attr = ]
rthdvcpl.exe -> %SystemRoot%\RtHDVCpl.exe -> Realtek Semiconductor [Ver = 1, 0, 0, 41 | Size = 4390912 bytes | Modified Date = 09-03-2007 17:50:02 | Attr = ]
iaanotif.exe -> %SystemDrive%\Programas\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> Intel Corporation [Ver = 7.0.0.1020 | Size = 174872 bytes | Modified Date = 12-02-2007 14:37:58 | Attr = ]
qpservice.exe -> %SystemDrive%\Programas\HP\QuickPlay\QPService.exe -> CyberLink Corp. [Ver = 4.5.0.0000 | Size = 176128 bytes | Modified Date = 23-04-2007 17:11:20 | Attr = ]
qlbctrl.exe -> %SystemDrive%\Programas\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe -> Hewlett-Packard Development Company, L.P. [Ver = 6, 2, 2, 1 | Size = 159744 bytes | Modified Date = 13-02-2007 10:38:36 | Attr = ]
hpwamain.exe -> %SystemDrive%\Programas\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe -> Hewlett-Packard Development Company, L.P. [Ver = 3, 0, 5, 1 | Size = 472776 bytes | Modified Date = 01-03-2007 12:18:36 | Attr = ]
wifimsg.exe -> %SystemDrive%\Programas\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe -> Hewlett-Packard Development Company, L.P. [Ver = 3.0.4.1 | Size = 317128 bytes | Modified Date = 10-01-2007 15:12:08 | Attr = ]
jusched.exe -> %SystemDrive%\Programas\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 25-09-2007 00:11:35 | Attr = ]
diagnostics.exe -> %SystemDrive%\Programas\Thomson\ST330\diagnostics\diagnostics.exe -> THOMSON Telecom Belgium [Ver = 2.1.0.1 build 211 | Size = 557149 bytes | Modified Date = 04-10-2007 17:19:29 | Attr = ]
hpwuschd2.exe -> %SystemDrive%\Programas\HP\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard [Ver = 80, 1, 0, 0 | Size = 54840 bytes | Modified Date = 08-05-2007 16:24:20 | Attr = ]
ashdisp.exe -> %SystemDrive%\Programas\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 04-12-2007 13:00:23 | Attr = ]
siteadv.exe -> %SystemDrive%\Programas\SiteAdvisor\6253\SiteAdv.exe -> [Ver = | Size = 36640 bytes | Modified Date = 04-12-2007 21:03:00 | Attr = ]
cfp.exe -> %SystemDrive%\Programas\COMODO\Firewall\cfp.exe -> COMODO [Ver = 1.0.0.1 | Size = 1500928 bytes | Modified Date = 14-02-2008 07:18:43 | Attr = ]
skype.exe -> %SystemDrive%\Programas\Skype\Phone\Skype.exe -> [Ver = | Size = 20034600 bytes | Modified Date = 13-07-2006 23:41:32 | Attr = ]
hpqtoaster.exe -> %SystemDrive%\Programas\Hewlett-Packard\Shared\HpqToaster.exe -> [Ver = 1, 10, 1, 1 | Size = 677576 bytes | Modified Date = 30-01-2007 14:58:52 | Attr = ]
soffice.exe -> %SystemDrive%\Programas\OpenOffice.org 2.2\program\soffice.exe -> OpenOffice.org [Ver = 1.09.9134 | Size = 2359296 bytes | Modified Date = 13-05-2007 07:46:34 | Attr = ]
soffice.bin -> %SystemDrive%\Programas\OpenOffice.org 2.2\program\soffice.bin -> OpenOffice.org [Ver = 1.09.9134 | Size = 2510848 bytes | Modified Date = 13-05-2007 07:46:34 | Attr = ]
winpfind35u.exe -> %SystemDrive%\Utilizadores\Aurelio Pereira\Ambiente de trabalho\WinPFind35u\WinPFind35U.exe -> File not found
[Win32 Services - Non-Microsoft Only]
(Agendador do LiveUpdate automático) Agendador do LiveUpdate automático [Win32_Own | Auto | Stopped] → %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe → File not found
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] → %SystemDrive%\Programas\Alwil Software\Avast4\aswUpdSv.exe → ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 04-12-2007 14:36:33 | Attr = ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] → %SystemDrive%\Programas\Alwil Software\Avast4\ashServ.exe → ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 04-12-2007 13:00:16 | Attr = ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] → %SystemDrive%\Programas\Alwil Software\Avast4\ashMaiSv.exe → ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 04-12-2007 12:59:53 | Attr = ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] → %SystemDrive%\Programas\Alwil Software\Avast4\ashWebSv.exe → ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 345464 bytes | Modified Date = 04-12-2007 12:59:01 | Attr = ]
(CertPropSvc) Propagação de Certificados [Win32_Shared | Unknown | Stopped] → → File not found
(CLCapSvc) CyberLink Background Capture Service (CBCS) [Win32_Own | Auto | Running] → %SystemDrive%\Programas\HP\QuickPlay\Kernel\TV\CLCapSvc.exe → [Ver = 5.00.2819 | Size = 262243 bytes | Modified Date = 23-04-2007 17:11:42 | Attr = ]
(CLSched) CyberLink Task Scheduler (CTS) [Win32_Own | Auto | Stopped] → %SystemDrive%\Programas\HP\QuickPlay\Kernel\TV\CLSched.exe → [Ver = 5.00.2819 | Size = 106593 bytes | Modified Date = 23-04-2007 17:11:44 | Attr = ]
(cmdAgent) COMODO Firewall Pro Helper Service [Win32_Own | Auto | Running] → %SystemDrive%\Programas\COMODO\Firewall\cmdagent.exe → COMODO [Ver = 2.4.0.19 | Size = 507648 bytes | Modified Date = 14-02-2008 07:20:31 | Attr = ]
(Com4Qlb) Com4Qlb [Win32_Own | On_Demand | Stopped] → %SystemDrive%\Programas\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe → Hewlett-Packard Development Company, L.P. [Ver = 1.0.0.1 | Size = 110592 bytes | Modified Date = 09-01-2007 13:55:34 | Attr = ]
(DcomLaunch) DCOM - Lançador de processo de servidor [Win32_Shared | Unknown | Running] → → File not found
(DPS) Serviço de Políticas de Diagnóstico [Win32_Shared | Unknown | Running] → → File not found
(gpsvc) Cliente de Política de Grupo [Win32_Own | Unknown | Running] → → File not found
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] → %SystemDrive%\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe → Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 04-10-2007 17:25:53 | Attr = ]
(HP Health Check Service) HP Health Check Service [Win32_Own | Auto | Stopped] → %SystemDrive%\Programas\Hewlett-Packard\HP Health Check\HPHC_Service.exe → Hewlett-Packard [Ver = 2.0.9.1 | Size = 62984 bytes | Modified Date = 14-03-2007 11:07:30 | Attr = ]
(hpqwmiex) hpqwmiex [Win32_Own | Auto | Running] → %SystemDrive%\Programas\Hewlett-Packard\Shared\hpqwmiex.exe → Hewlett-Packard Development Company, L.P. [Ver = 2, 0, 1, 9 | Size = 135168 bytes | Modified Date = 02-05-2006 13:41:28 | Attr = ]
(IAANTMON) Intel(R) Matrix Storage Event Monitor [Win32_Own | Auto | Running] → %SystemDrive%\Programas\Intel\Intel Matrix Storage Manager\IAANTmon.exe → Intel Corporation [Ver = 7.0.0.1020 | Size = 355096 bytes | Modified Date = 12-02-2007 14:38:04 | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] → %SystemDrive%\Programas\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe → Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 22-10-2004 02:24:18 | Attr = ]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] → → File not found
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] → %SystemDrive%\Programas\Common Files\LightScribe\LSSrvc.exe → Hewlett-Packard Company [Ver = 1.4.136.1 | Size = 61440 bytes | Modified Date = 14-12-2006 16:49:10 | Attr = ]
(MSDTC) Coordenador de Transacções Distribuídas [Win32_Own | Unknown | Stopped] → → File not found
(RoxMediaDB9) RoxMediaDB9 [Win32_Own | On_Demand | Stopped] → %SystemDrive%\Programas\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe → Sonic Solutions [Ver = 9.0.5.98 | Size = 880640 bytes | Modified Date = 12-02-2007 08:36:58 | Attr = ]
(RpcSs) Chamada de procedimento remoto (RPC) [Win32_Shared | Unknown | Running] → → File not found
(SCardSvr) Smart Card [Win32_Shared | Unknown | Running] → → File not found
(Schedule) Programador de tarefas [Win32_Shared | Unknown | Running] → → File not found
(SCPolicySvc) Política de Remoção de Smart Cards [Win32_Shared | Unknown | Stopped] → → File not found
(SiteAdvisor Service) Serviço SiteAdvisor [Win32_Own | Auto | Running] → %SystemDrive%\Programas\SiteAdvisor\6253\SAService.exe → [Ver = | Size = 345376 bytes | Modified Date = 12-02-2008 00:56:41 | Attr = ]
(st330service) SpeedTouch 330 Manager [Win32_Own | Auto | Running] → → File not found
(stllssvr) stllssvr [Win32_Own | On_Demand | Stopped] → %SystemDrive%\Programas\Common Files\SureThing Shared\stllssvr.exe → MicroVision Development, Inc. [Ver = 1.2.560 | Size = 74656 bytes | Modified Date = 17-02-2007 06:31:12 | Attr = R ]
(TrustedInstaller) Instalador de Módulos do Windows [Win32_Own | Unknown | Running] → → File not found
(WdiServiceHost) Anfitrião do Serviço de Diagnóstico [Win32_Shared | Unknown | Stopped] → → File not found
(WdiSystemHost) Anfitrião do Sistema de Diagnóstico [Win32_Shared | Unknown | Running] → → File not found
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run →
Adobe Reader Speed Launcher → %SystemDrive%\Programas\Adobe\Reader 8.0\Reader\Reader_SL.exe → Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 10-10-2007 19:51:55 | Attr = ]
avast! → %SystemDrive%\Programas\Alwil Software\Avast4\ashDisp.exe → ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 04-12-2007 13:00:23 | Attr = ]
CognizanceTS → %SystemDrive%\Programas\Bioscrypt\VeriSoft\Bin\ASTSVCC.dll → Cognizance Corporation [Ver = 1.0.0.008 | Size = 17920 bytes | Modified Date = 22-12-2003 18:12:00 | Attr = R ]
COMODO Firewall Pro → %SystemDrive%\Programas\COMODO\Firewall\cfp.exe → COMODO [Ver = 1.0.0.1 | Size = 1500928 bytes | Modified Date = 14-02-2008 07:18:43 | Attr = ]
diagnostics → %SystemDrive%\Programas\Thomson\ST330\diagnostics\diagnostics.exe → THOMSON Telecom Belgium [Ver = 2.1.0.1 build 211 | Size = 557149 bytes | Modified Date = 04-10-2007 17:19:29 | Attr = ]
HP Health Check Scheduler → %SystemDrive%\Programas\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe → Hewlett-Packard [Ver = 2.0.9.1 | Size = 50696 bytes | Modified Date = 12-03-2007 10:54:24 | Attr = ]
HP Software Update → %SystemDrive%\Programas\HP\HP Software Update\hpwuSchd2.exe → Hewlett-Packard [Ver = 80, 1, 0, 0 | Size = 54840 bytes | Modified Date = 08-05-2007 16:24:20 | Attr = ]
hpWirelessAssistant → HP Wireless Assistant\HPWAMain.exe → File not found
IAAnotif → %SystemDrive%\Programas\Intel\Intel Matrix Storage Manager\IAAnotif.exe → Intel Corporation [Ver = 7.0.0.1020 | Size = 174872 bytes | Modified Date = 12-02-2007 14:37:58 | Attr = ]
NvCplDaemon → %SystemRoot%\System32\nvcpl.dll → NVIDIA Corporation [Ver = 7.15.11.0123 | Size = 8429568 bytes | Modified Date = 01-05-2007 10:27:00 | Attr = ]
NvMediaCenter → %SystemRoot%\System32\nvmctray.dll → NVIDIA Corporation [Ver = 7.15.11.0123 | Size = 81920 bytes | Modified Date = 01-05-2007 10:27:00 | Attr = ]
NvSvc → %SystemRoot%\System32\nvsvc.dll → NVIDIA Corporation [Ver = 7.15.11.0123 | Size = 86016 bytes | Modified Date = 01-05-2007 10:27:00 | Attr = ]
QlbCtrl → HP Quick Launch Buttons\QlbCtrl.exe → File not found
QPService → %SystemDrive%\Programas\HP\QuickPlay\QPService.exe → CyberLink Corp. [Ver = 4.5.0.0000 | Size = 176128 bytes | Modified Date = 23-04-2007 17:11:20 | Attr = ]
QuickTime Task → %SystemDrive%\Programas\QuickTime\QTTask.exe → Apple Inc. [Ver = 7.4 | Size = 385024 bytes | Modified Date = 10-01-2008 15:27:36 | Attr = ]
RtHDVCpl → %SystemRoot%\RtHDVCpl.exe → Realtek Semiconductor [Ver = 1, 0, 0, 41 | Size = 4390912 bytes | Modified Date = 09-03-2007 17:50:02 | Attr = ]
SiteAdvisor → %SystemDrive%\Programas\SiteAdvisor\6253\SiteAdv.exe → [Ver = | Size = 36640 bytes | Modified Date = 04-12-2007 21:03:00 | Attr = ]
SMSERIAL → %SystemDrive%\Programas\Motorola\SMSERIAL\sm56hlpr.exe → Motorola Inc. [Ver = 6.12.04 | Size = 729088 bytes | Modified Date = 09-10-2006 20:43:44 | Attr = ]
SunJavaUpdateSched → %SystemDrive%\Programas\Java\jre1.6.0_03\bin\jusched.exe → Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 25-09-2007 00:11:35 | Attr = ]
SynTPEnh → %SystemDrive%\Programas\Synaptics\SynTP\SynTPEnh.exe → Synaptics, Inc. [Ver = 9.1.11 12Jan07 | Size = 827392 bytes | Modified Date = 13-01-2007 03:36:40 | Attr = ]
WAWifiMessage → HP Wireless Assistant\WiFiMsg.exe → File not found
Windows Defender → MSASCui.exe → File not found
< RunOnce [HKEY_LOCAL_MACHINE] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce →
Launcher → %SystemRoot%\SMINST\Launcher.exe → soft thinks [Ver = 1, 0, 0, 10 | Size = 44128 bytes | Modified Date = 07-11-2006 16:39:18 | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ →
IMAIL-> Installed = 1 →
MAPI-> Installed = 1 →
MSFS-> Installed = 1 →
< Run [HKEY_CURRENT_USER] > → HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run →
cmds → %SystemDrive%\Users\AURELI~1\AppData\Local\Temp\qomlk.DLL → File not found
MSServer → %SystemDrive%\Users\AURELI~1\AppData\Local\Temp\mllij.DLL → File not found
Skype → %SystemDrive%\Programas\Skype\Phone\Skype.exe → [Ver = | Size = 20034600 bytes | Modified Date = 13-07-2006 23:41:32 | Attr = ]
Uniblue RegistryBooster 2 → %SystemDrive%\Programas\Uniblue\RegistryBooster 2\StartRegistryBooster.exe → Uniblue Software [Ver = 2.0.965.2865 | Size = 99608 bytes | Modified Date = 05-12-2007 16:06:32 | Attr = ]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs →
AppInit_DLLs → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_Dlls →
APSHook.dll C:\Windows\system32\guard32.dll → APSHook.dll %SystemRoot%\system32\guard32.dll → File not found
MultiFile Done → ->
< SecurityProviders [HKEY_LOCAL_MACHINE] > → HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders →
< Winlogon settings [HKEY_LOCAL_MACHINE] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon →
< Winlogon settings [HKEY_CURRENT_USER] > → HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon →
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ → ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ → ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ScanWithAntiVirus → 3 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ → ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} → 1073741857 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{0DF44EAA-FF21-4412-828E-260A8728E7F1} → 32 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ → ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ConsentPromptBehaviorAdmin → 2 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ConsentPromptBehaviorUser → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\EnableInstallerDetection → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\EnableLUA → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\EnableSecureUIAPaths → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\EnableVirtualization → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\PromptOnSecureDesktop → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ValidateAdminCodeSignatures → 0 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\dontdisplaylastusername → 0 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\legalnoticecaption → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\legalnoticetext → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\scforceoption → 0 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\shutdownwithoutlogon → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\undockwithoutlogon → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\FilterAdministratorToken → 0 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\ → ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ → ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\ → ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\CF_TEXT → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\CF_BITMAP → 2 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\CF_OEMTEXT → 7 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\CF_DIB → 8 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\CF_PALETTE → 9 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\CF_UNICODETEXT → 13 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\CF_DIBV5 → 17 →
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > → HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ → ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ → ->
< HOSTS File > (759 bytes) → C:\Windows\System32\drivers\etc\Hosts →
::1 localhost → ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE] > → ->
HKEY_LOCAL_MACHINE: Main\Default_Page_URL → http://go.microsoft.com/fwlink/?LinkId=69157 →
HKEY_LOCAL_MACHINE: Main\Default_Search_URL → http://go.microsoft.com/fwlink/?LinkId=54896 →
HKEY_LOCAL_MACHINE: Main\Local Page → %SystemRoot%\system32\blank.htm →
HKEY_LOCAL_MACHINE: Main\Search Page → http://go.microsoft.com/fwlink/?LinkId=54896 →
HKEY_LOCAL_MACHINE: Main\Start Page → http://go.microsoft.com/fwlink/?LinkId=69157 →
< Internet Explorer Settings [HKEY_CURRENT_USER] > → ->
HKEY_CURRENT_USER: Main\Local Page → C:\Windows\system32\blank.htm →
HKEY_CURRENT_USER: Main\Search Page → http://go.microsoft.com/fwlink/?LinkId=54896 →
HKEY_CURRENT_USER: Main\Start Page → http://go.microsoft.com/fwlink/?LinkId=69157 →
HKEY_CURRENT_USER: ProxyEnable → 0 →
< Trusted Sites Domains [HKEY_LOCAL_MACHINE] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ → [Key] 0 domain(s) found. →
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ → [Key] 0 range(s) found. →
< Trusted Sites Domains [HKEY_CURRENT_USER] > → HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ → [Key] 3231 domain(s) found. →
26 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER] > → HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ → [Key] 0 range(s) found. →
< BHO’s [HKEY_LOCAL_MACHINE] > → HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ →
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] → %SystemDrive%\Programas\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Facilitador de Leitor de Link Adobe PDF] → Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 22-10-2006 22:08:42 | Attr = ]
{089FD14D-132B-48FC-8861-0048AE113215} [HKEY_LOCAL_MACHINE] → %SystemDrive%\Programas\SiteAdvisor\6253\SiteAdv.dll [Reg Error: Value does not exist or could not be read.] → [Ver = | Size = 927008 bytes | Modified Date = 04-12-2007 21:02:24 | Attr = ]
{145B29F4-A56B-4b90-BBAC-45784EBEBBB7} [HKEY_LOCAL_MACHINE] → %SystemDrive%\Programas\StumbleUpon\StumbleUponIEBar.dll [StumbleUpon Launcher] → stumbleupon.com [Ver = 1.0.0.1 | Size = 987832 bytes | Modified Date = 24-10-2007 18:57:00 | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] → %SystemDrive%\Programas\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] → Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 25-09-2007 00:11:33 | Attr = ]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] → Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] → File not found
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] → %SystemDrive%\Programas\Google\GoogleToolbar2.dll [Google Toolbar Helper] → Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2423872 bytes | Modified Date = 04-10-2007 17:25:52 | Attr = R ]
{DF21F1DB-80C6-11D3-9483-B03D0EC10000} [HKEY_LOCAL_MACHINE] → %SystemDrive%\Programas\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll [VeriSoft Access Manager] → Bioscrypt Inc. [Ver = 2.1.078 | Size = 71192 bytes | Modified Date = 21-11-2006 19:59:00 | Attr = R ]
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} [HKEY_LOCAL_MACHINE] → %SystemDrive%\Programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [HP Smart BHO Class] → Hewlett-Packard Co. [Ver = 110.0.19044 | Size = 501056 bytes | Modified Date = 07-01-2008 23:39:08 | Attr = ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar →
{0BF43445-2F28-4351-9252-17FE6E806AA0} [HKEY_LOCAL_MACHINE] → %SystemDrive%\Programas\SiteAdvisor\6253\SiteAdv.dll [McAfee SiteAdvisor] → [Ver = | Size = 927008 bytes | Modified Date = 04-12-2007 21:02:24 | Attr = ]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] → %SystemDrive%\Programas\Google\GoogleToolbar2.dll [&Google] → Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2423872 bytes | Modified Date = 04-10-2007 17:25:52 | Attr = R ]
{5093EB4C-3E93-40AB-9266-B607BA87BDC8} [HKEY_LOCAL_MACHINE] → %SystemDrive%\Programas\StumbleUpon\StumbleUponIEBar.dll [StumbleUpon Toolbar] → stumbleupon.com [Ver = 1.0.0.1 | Size = 987832 bytes | Modified Date = 24-10-2007 18:57:00 | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER] > → HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ →
WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] → %SystemDrive%\Programas\Google\GoogleToolbar2.dll [&Google] → Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2423872 bytes | Modified Date = 04-10-2007 17:25:52 | Attr = R ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ →
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] → %SystemDrive%\Programas\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] → Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 25-09-2007 00:11:33 | Attr = ]
{DDE87865-83C5-48c4-8357-2F5B1AA84522}:{DDE87865-83C5-48c4-8357-2F5B1AA84522} [HKEY_LOCAL_MACHINE] → %SystemDrive%\Programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [Seleção HP Smart] → Hewlett-Packard Co. [Ver = 110.0.19044 | Size = 501056 bytes | Modified Date = 07-01-2008 23:39:08 | Attr = ]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER] > → HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ →
StumbleUpon PhotoBlog It! → → File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ →
PluginsPageFriendlyName → Microsoft ActiveX Gallery →
PluginsPage → http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s →
< DNS Name Servers [HKEY_LOCAL_MACHINE] > → HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ →
{626D38C8-ED13-43A4-ADC4-66E0AF5CEEED} → (Realtek RTL8101 Family PCI-E Fast Ethernet NIC (NDIS 6.0)) →
{64FBAFF6-2C3A-4510-A3B8-4464A6AF2C07} → (Intel(R) PRO/Wireless 3945ABG Network Connection) →
{B8990172-5ECA-48ED-957E-B18A92C0083F} → (SpeedTouch Ethernet Adapter) →
{FCB3F392-45FB-49C8-A866-8C84FCAAE870} → (SpeedTouch Ethernet Adapter) →
< Default Protocols [HKEY_LOCAL_MACHINE] - Select to Repair > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults →
ldap → 4 = Restricted sites (Not a Default Protocol) →
news → 4 = Restricted sites (Not a Default Protocol) →
nntp → 4 = Restricted sites (Not a Default Protocol) →
oecmd → 4 = Restricted sites (Not a Default Protocol) →
snews → 4 = Restricted sites (Not a Default Protocol) →
< Protocol Handlers [HKEY_LOCAL_MACHINE] > → HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ →
msdaipp: [HKEY_LOCAL_MACHINE] → Reg Error: Key does not exist or could not be opened. → File not found
siteadvisor:{3A5DC592-7723-4EAA-9EE6-AF4222BCF879} [HKEY_LOCAL_MACHINE] → %SystemDrive%\Programas\SiteAdvisor\6253\SiteAdv.dll[Reg Error: Value does not exist or could not be read.] → [Ver = | Size = 927008 bytes | Modified Date = 04-12-2007 21:02:24 | Attr = ]
< Downloaded Program Files > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ →
{5ED80217-570B-4DA9-BF44-BE107C0EC166}[HKEY_LOCAL_MACHINE] → http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab[Windows Live Safety Center Base Module] →
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > → ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ → ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\DefaultLaunchPermission → (binary data) →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\EnableDCOM → Y →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\LegacyImpersonationLevel → 2 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\MachineAccessRestriction → (binary data) →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\MachineLaunchRestriction → (binary data) →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ → ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ → ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\{A50398B8-9075-4FBF-A7A1-456BF21937AD} → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\{C73106E0-AC80-11D1-8DF3-00C04FB6EF4F} → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\{835BEE60-8731-4159-8BFF-941301D76D05} → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\{D9F260BC-EE6A-4c66-A5C3-30B2ECF4C368} → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\{91BC037F-B58C-43cb-AD9C-1718ACA70E2F} → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\{AD65A69D-3831-40D7-9629-9B0B50A93843} → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\{0040D221-54A1-11D1-9DE0-006097042D69} → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\{9da0e0ea-86ce-11d1-8699-00c04fb98036} → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\{CA6C8347-120F-4122-873F-F89138694AC8} → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\{E8494122-79AD-11D2-909C-00A0C9AFE0AA} → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\{A373F3DA-7A87-11D3-B1C1-00C04F68155C} → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\{C7310557-AC80-11D1-8DF3-00C04FB6EF4F} → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\Eventlog\ → ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\Eventlog\SuppressDuplicateDuration → 86400 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ → ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\System.EnterpriseServices.Thunk.dll → ($build.emp [($build.empty)] → File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ → ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\cval → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UacDisableNotify → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\InternetSettingsDisableNotify → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AutoUpdateDisableNotify → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ → ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\DisableMonitoring → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ → ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\DisableMonitoring → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ → ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\DisableMonitoring → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\ → ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\AntiVirusOverride → 0 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\AntiSpywareOverride → 0 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\FirewallOverride → 0 →
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. → ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. → ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ → ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\auditbaseobjects → 0 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\auditbasedirectories → 0 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\crashonauditfail → 0 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\fullprivilegeauditing → (binary data) →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Bounds → (binary data) →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\LimitBlankPasswordUse → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\LmCompatibilityLevel → 3 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\NoLmHash → 1 →
Notification Packages → HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages →
scecli → %SystemRoot%\System32\scecli.dll → Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 176640 bytes | Modified Date = 02-11-2006 09:46:12 | Attr = ]
ASWLNPkg → → File not found
MultiFile Done → ->
Security Packages → HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages →
kerberos → %SystemRoot%\System32\kerberos.dll → Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 493056 bytes | Modified Date = 02-11-2006 09:46:05 | Attr = ]
msv1_0 → %SystemRoot%\System32\msv1_0.dll → Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 213504 bytes | Modified Date = 02-11-2006 09:46:10 | Attr = ]
schannel → %SystemRoot%\System32\schannel.dll → Microsoft Corporation [Ver = 6.0.6000.16508 (vista_gdr.070618-1500) | Size = 269824 bytes | Modified Date = 06-09-2007 19:16:16 | Attr = ]
wdigest → %SystemRoot%\System32\wdigest.dll → Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 168448 bytes | Modified Date = 02-11-2006 09:46:13 | Attr = ]
tspkg → %SystemRoot%\System32\TSpkg.dll → Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 61440 bytes | Modified Date = 02-11-2006 09:46:13 | Attr = ]
MultiFile Done → ->
Authentication Packages → HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages →
msv1_0 → %SystemRoot%\System32\msv1_0.dll → Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 213504 bytes | Modified Date = 02-11-2006 09:46:10 | Attr = ]
MultiFile Done → ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\LsaPid → 676 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SecureBoot → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ProductType → 3 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\disabledomaincreds → 0 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\everyoneincludesanonymous → 0 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\forceguest → 0 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\restrictanonymous → 0 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\restrictanonymoussam → 1 →
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ → ->
ProviderOrder → HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ProviderOrder →
Windows NT Access Provider → → File not found
After some posts I had note that this log file (from WinPFind35U.exe) is huge. Are sure that’s o.k? Because it takes the all weekend to post everything…
Could you add it as an attachment - On the post page select additional options
Where it says attach is a browse button - use that to navigate to the log and then add the attachment
I’ve got to split the winpfind log in tree files: