Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Got a problem with combofix


  • This topic is locked This topic is locked
7 replies to this topic

#1 Mataraia

Mataraia

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 11 December 2012 - 11:09 AM

Hello guys,
I've been through a rought week with my computer, in the past 2 weeks it got some infection and it's performance got drastically reduced...

Well, i was going to back up some of my files to format my PC, but i wanted to make sure those backup files were clean before doing it, so yesterday i used combofix like i usually do(ye, now i know i shouldnt do it by myself), combofix really fixed it perfectly, it's performance is back to it's maximum + the task manager/gpedit/regedit are working again.

But here's my problem: ALL the folders in desktop and in program files are not showing there, but they are working perfectly. I can even reach those folders if i go to it's destin (For example: C:\Users\My User\Program Files\Adobe), but when i'm on the program files folder, there's only one file there, i can't see the folders.

I'll post the DDS and attach files and the combofix log is gonna be attached too, as i think it's important in that case since my misuse the combofix caused the problem...

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16455
Run by Marcelo Mataraia at 0:32:59 on 2012-12-11
Microsoft Windows 7 Starter 6.1.7600.0.1252.55.1046.18.2009.632 [GMT -2:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\IBUpdaterService\ibsvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Last.fm\Last.fm.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Marcelo Mataraia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marcelo Mataraia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marcelo Mataraia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marcelo Mataraia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marcelo Mataraia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marcelo Mataraia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marcelo Mataraia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Marcelo Mataraia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marcelo Mataraia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.semptoshiba.com.br/
uProxyServer = 72.181.191.145:80
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540001} - c:\program files\gbplugin\gbiehBmb.dll
BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540003} - c:\program files\gbplugin\gbiehcef.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [Facebook Update] "c:\users\marcelo mataraia\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [OiVelox] c:\program files\oi\programmer\OiVeloxCheck.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} - hxxp://fifa-online.easports.com/fo3-theme/addons/EAFO3AXLauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E37CB5F0-51F5-4395-A808-5FA49E399001} - hxxps://bdu.bmb.com.br/plugin/GbPluginBmb.cab
TCP: Interfaces\{7B06D777-9B74-46BB-8771-EF419994E897} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{C001B907-2AD7-4E1D-869D-6B2468D6E385} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{C001B907-2AD7-4E1D-869D-6B2468D6E385}\255646560246F60235565702649627D696E6F6 : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{C001B907-2AD7-4E1D-869D-6B2468D6E385}\75A5143414 : DHCPNameServer = 200.222.123.100 200.149.55.142
TCP: Interfaces\{C001B907-2AD7-4E1D-869D-6B2468D6E385}\94E4455425E45445F54786961676F616C6C604D637E6E236F6D6 : DHCPNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: GbPluginBmb - c:\progra~1\gbplugin\gbiehBmb.dll
Notify: GbPluginCef - c:\program files\gbplugin\gbiehCef.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - c:\program files\gbplugin\gbiehcef.dll
SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399001} - c:\program files\gbplugin\gbiehBmb.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\marcelo mataraia\appdata\roaming\mozilla\firefox\profiles\oyezusao.default\
.
============= SERVICES / DRIVERS ===============
.
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2011-10-24 44208]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-5-18 913752]
R2 GbpSv;Gbp Service;c:\progra~1\gbplugin\GbpSv.exe [2012-11-7 211888]
R2 IBUpdaterService;Updater Service;c:\programdata\ibupdaterservice\ibsvc.exe [2012-5-18 397848]
R2 LiveGpdKBFilter;LiveGpdKBFilter;c:\windows\system32\drivers\LiveGpdKBFilter.sys [2009-9-30 4096]
R2 LiveIO;LiveIO;c:\windows\system32\drivers\LiveIO.sys [2009-9-30 15312]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-9-30 122880]
R3 Livekbc;Livekbc;c:\windows\system32\drivers\Livekbc.sys [2009-9-30 4096]
R3 Livemouclass;Livemouclass;c:\windows\system32\drivers\Livemouclass.sys [2009-9-30 3968]
R3 ReallusionVirtualAudio;Reallusion Virtual Audio;c:\windows\system32\drivers\RLVrtAuCbl.sys [2009-9-30 37072]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2012-6-29 190464]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-6-10 347136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;c:\windows\system32\drivers\BUSB2902.sys [2011-10-22 384576]
S3 BUSB_AUDIO_WDM;BEHRINGER USB WDM AUDIO;c:\windows\system32\drivers\busbwdm.sys [2011-10-22 39488]
S3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\drivers\KMWDFILTER.sys [2009-4-29 25088]
S4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2012-6-27 1385896]
S4 NIHardwareService;NIHardwareService;c:\program files\common files\native instruments\hardware\NIHardwareService.exe [2009-7-17 3576320]
S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2012-1-23 92592]
.
=============== Created Last 30 ================
.
2012-12-10 18:51:48 -------- d-sh--w- C:\$RECYCLE.BIN
2012-12-10 18:37:49 -------- d-----w- c:\users\marcelo mataraia\appdata\local\temp
2012-12-10 18:22:58 98816 ----a-w- c:\windows\sed.exe
2012-12-10 18:22:58 256000 ----a-w- c:\windows\PEV.exe
2012-12-10 18:22:58 208896 ----a-w- c:\windows\MBR.exe
2012-12-10 18:13:11 -------- d-----w- c:\users\marcelo mataraia\appdata\local\{BD69C601-A99E-4364-BB53-86E389B7EFA5}
2012-12-10 17:21:33 -------- d-----w- c:\users\marcelo mataraia\appdata\local\{3A80FA1A-164A-4248-9EA0-C1B0418F16A5}
2012-12-07 11:15:52 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{33b79140-9c9f-4416-a3d1-5985d9dfb414}\mpengine.dll
2012-12-04 03:39:56 -------- d-----w- c:\users\marcelo mataraia\appdata\local\Facebook
2012-12-02 20:40:54 -------- d-----w- c:\users\marcelo mataraia\appdata\local\{9BECEDED-58B0-4164-95C7-C2070F91E957}
2012-12-01 13:29:09 -------- d-sh--r- c:\program files\Spybot - Search & Destroy
2012-12-01 13:29:09 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-12-01 04:04:49 -------- d-----w- c:\users\marcelo mataraia\appdata\local\{62628015-FAC0-4EF2-B176-355CBE626B8C}
2012-11-30 16:04:01 -------- d-----w- c:\users\marcelo mataraia\appdata\local\{BE4B529A-0BE5-4CFD-952D-B95B4DC6C0AC}
2012-11-30 15:49:31 -------- d-----w- c:\users\marcelo mataraia\appdata\local\Downloaded Installations
2012-11-29 12:08:42 -------- d-----w- c:\users\marcelo mataraia\appdata\local\{E354D61F-1985-49A6-AAD1-36A379FE23F1}
2012-11-19 19:35:37 -------- d-----w- c:\users\marcelo mataraia\appdata\local\{DF8277D4-A385-4849-90BE-41C2A13EECB5}
2012-11-16 15:15:01 105088 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2012-11-16 15:15:01 105088 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2012-11-16 15:15:01 105088 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2012-11-16 15:14:46 -------- d-sh--r- c:\program files\InstallAffixationInfo
2012-11-16 15:14:41 -------- d-sh--r- c:\program files\Claro 3G
2012-11-16 01:50:44 -------- d-----w- c:\users\marcelo mataraia\appdata\local\{EA26994E-A2A6-4D7D-8515-60B6AFE13D0F}
2012-11-15 05:04:15 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-15 05:04:15 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-15 05:04:15 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-15 05:03:09 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-15 05:03:09 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-15 05:03:05 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-15 05:03:05 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-15 05:03:05 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-15 05:03:05 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-15 05:03:04 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-14 17:25:04 78336 ----a-w- c:\windows\system32\synceng.dll
2012-11-14 17:24:36 2344960 ----a-w- c:\windows\system32\win32k.sys
.
==================== Find3M ====================
.
2012-11-10 14:28:53 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-10 14:28:53 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-16 20:34:37 559104 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-08 07:56:24 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-09-14 18:30:38 2048 ----a-w- c:\windows\system32\tzres.dll
2012-05-28 12:46:04 961808274 ----a-w- c:\program files\DarkedenNA111124.exe.downloading
.
============= FINISH: 0:34:17,91 ===============


Hope you can help me.
Thanks anyway...

Attached Files



BC AdBot (Login to Remove)

 


#2 Mataraia

Mataraia
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 13 December 2012 - 12:52 AM

Anyone? ;/

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,746 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:56 PM

Posted 15 December 2012 - 09:41 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • alternate download link 2
    • Make sure you are connected to the Internet.
    • Double-click on Download_mbam-setup.exe to install the application.
    • When the installation begins, follow the prompts and do not make any changes to default settings.
    • When installation has finished, make sure you leave both of these checked:[list]
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Post back with the Malwarebytes Anti-Malware log once it's complete.
===

  • Download OTL to your Desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    proquota.exe
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    ahcix86.sys
    srsvc.dll
    /md5stop
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
===

Please post the logs for my review.

#4 Mataraia

Mataraia
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 15 December 2012 - 01:14 PM

Mbam log:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Versão da Base de Dados: v2012.12.15.05

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Marcelo Mataraia :: MATARAIA [administrador]

15/12/2012 15:09:14
mbam-log-2012-12-15 (15-09-14).txt

Tipo de Verificação: Verificação Rápida
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 212707
Tempo decorrido: 9 minuto(s), 46 segundo(s)

Processos de Memória Detectados: 1
C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> 1768 -> Será deletado na próxima inicialização.

Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 2
HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.BundleInstaller.IB) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service (PUP.BundleInstaller.IB) -> Enviado para a Quarentena e deletado com sucesso.

Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Pastas Detectadas: 1
C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Será deletado na próxima inicialização.

Arquivos Detectados: 8
C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> Será deletado na próxima inicialização.
C:\Users\Marcelo Mataraia\Downloads\SoftonicDownloader_for_itunes-art-importer.exe (PUP.OfferBundler.ST) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcelo Mataraia\Downloads\SoftonicDownloader_for_quick-media-converter.exe (PUP.OfferBundler.ST) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcelo Mataraia\Downloads\mzgame.exe (PUP.BundleInstaller.IB) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcelo Mataraia\Downloads\drivermax-638-baixaki-32-bits.exe (PUP.AdBundle) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcelo Mataraia\Downloads\SoftonicDownloader_para_itunes-art-importer.exe (PUP.OfferBundler.ST) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Marcelo Mataraia\Downloads\SoftonicDownloader_para_media-player-codec-pack.exe (PUP.OfferBundler.ST) -> Enviado para a Quarentena e deletado com sucesso.
C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Enviado para a Quarentena e deletado com sucesso.

(fim)


-----


OTL logfile created on: 15/12/2012 15:40:53 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marcelo Mataraia\Downloads
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

1,96 Gb Total Physical Memory | 1,23 Gb Available Physical Memory | 62,94% Memory free
3,92 Gb Paging File | 3,19 Gb Available in Paging File | 81,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,79 Gb Total Space | 16,44 Gb Free Space | 7,06% Space Free | Partition Type: NTFS
Drive D: | 3,36 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 931,51 Gb Total Space | 706,79 Gb Free Space | 75,88% Space Free | Partition Type: NTFS

Computer Name: MATARAIA | User Name: Marcelo Mataraia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Marcelo Mataraia\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Arquivos de Programas\GbPlugin\gbpsv.exe ( )
PRC - C:\Arquivos de Programas\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
PRC - C:\Arquivos de Programas\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
PRC - C:\Arquivos de Programas\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Arquivos de Programas\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Arquivos de Programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Arquivos de Programas\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Arquivos de Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)


========== Modules (No Company Name) ==========

MOD - C:\Arquivos de Programas\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Arquivos de Programas\Common Files\Apple\Apple Application Support\libxml2.dll ()


========== Services (SafeList) ==========

SRV - (SkypeUpdate) -- C:\Arquivos de Programas\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MozillaMaintenance) -- C:\Arquivos de Programas\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Hamachi2Svc) -- C:\Arquivos de Programas\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (GbpSv) -- C:\Arquivos de Programas\GbPlugin\gbpsv.exe ( )
SRV - (AdvancedSystemCareService5) -- C:\Arquivos de Programas\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (TomTomHOMEService) -- C:\Arquivos de Programas\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (wlidsvc) -- C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (NIHardwareService) -- C:\Arquivos de Programas\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
SRV - (WinDefend) -- C:\Arquivos de Programas\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Arquivos de Programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Arquivos de Programas\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (StarWindServiceAE) -- C:\Arquivos de Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)


========== Driver Services (SafeList) ==========

DRV - (XDva389) -- C:\Windows\system32\XDva389.sys File not found
DRV - (ONDAusbvoice) -- system32\DRIVERS\ONDAusbvoice.sys File not found
DRV - (ONDAusbser6k) -- system32\DRIVERS\ONDAusbser6k.sys File not found
DRV - (ONDAusbnmea) -- system32\DRIVERS\ONDAusbnmea.sys File not found
DRV - (ONDAusbmdm6k) -- system32\DRIVERS\ONDAusbmdm6k.sys File not found
DRV - (GGSAFERDriver) -- C:\Program Files\Garena\safedrv.sys File not found
DRV - (catchme) -- C:\Users\MARCEL~1\AppData\Local\Temp\catchme.sys File not found
DRV - (aeoxbylg) -- File not found
DRV - (ab19spsg) -- File not found
DRV - (GbpKm) -- C:\Windows\System32\drivers\gbpkm.sys (GAS Tecnologia)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (BEHRINGER_2902) -- C:\Windows\System32\drivers\BUSB2902.sys (BEHRINGER)
DRV - (BUSB_AUDIO_WDM) -- C:\Windows\System32\drivers\busbwdm.sys (BEHRINGER)
DRV - (ReallusionVirtualAudio) -- C:\Windows\System32\drivers\RLVrtAuCbl.sys ()
DRV - (ctxusbm) -- C:\Windows\System32\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV - (RMCAST) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation )
DRV - (IntcHdmiAddService) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel® Corporation)
DRV - (LiveIO) -- C:\Windows\System32\drivers\LiveIO.sys ()
DRV - (Livekbc) -- C:\Windows\System32\drivers\Livekbc.sys (Systems Internals)
DRV - (Livemouclass) -- C:\Windows\System32\drivers\Livemouclass.sys (Systems Internals)
DRV - (LiveGpdKBFilter) -- C:\Windows\System32\drivers\LiveGpdKBFilter.sys (Windows ® Win 7 DDK provider)
DRV - (KMWDFILTERx86) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows ® Codename Longhorn DDK provider)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.semptoshiba.com.br/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0E502AEC-5101-419C-A496-942C810A91DA}: "URL" = http://www.google.com/search?hl=en&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 72.181.191.145:80

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.17: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.17: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Marcelo Mataraia\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Marcelo Mataraia\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Marcelo Mataraia\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Marcelo Mataraia\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/07 22:16:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2010/12/23 16:54:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcelo Mataraia\AppData\Roaming\mozilla\Extensions
[2010/12/23 16:54:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcelo Mataraia\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012/11/07 22:16:21 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de Programas\Mozilla Firefox\extensions
[2012/10/24 15:50:58 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/24 15:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/24 15:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.semptoshiba.com.br/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.semptoshiba.com.br/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Marcelo Mataraia\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Marcelo Mataraia\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Marcelo Mataraia\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Marcelo Mataraia\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Battlefield Play4Free Updater (Enabled) = C:\Users\Marcelo Mataraia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkejhbcdagodjdndmfnhaibnealjonei\1.0.66.2_0\npBP4FUpdater.dll
CHR - plugin: Battlefield Play4Free Updater (Enabled) = C:\Users\Marcelo Mataraia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkejhbcdagodjdndmfnhaibnealjonei\1.0.66.2_0\BP4FUpdater.exe
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Marcelo Mataraia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Marcelo Mataraia\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Marcelo Mataraia\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Chrome for a Cause = C:\Users\Marcelo Mataraia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbfammmagchhaohncbhghoohcfoeckdi\1.5.3_0\
CHR - Extension: YouTube = C:\Users\Marcelo Mataraia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Pesquisa do Google = C:\Users\Marcelo Mataraia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Battlefield Play4Free = C:\Users\Marcelo Mataraia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkejhbcdagodjdndmfnhaibnealjonei\1.0.66.2_0\
CHR - Extension: AdBlock = C:\Users\Marcelo Mataraia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.51_0\
CHR - Extension: FastestChrome - Browse Faster = C:\Users\Marcelo Mataraia\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\7.0.0_0\
CHR - Extension: Gmail = C:\Users\Marcelo Mataraia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/12/10 16:46:42 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de Programas\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de Programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de Programas\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540001} - C:\Arquivos de Programas\GbPlugin\gbiehBmb.dll (Banco Mercantil do Brasil)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de Programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [OiVelox] C:\Arquivos de Programas\Oi\Programmer\OiVeloxCheck.exe ()
O4 - HKCU..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Marcelo Mataraia\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Arquivos de Programas\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de Programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de Programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de Programas\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de Programas\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Arquivos de Programas\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O15 - HKCU\..Trusted Domains: bmb.com.br ([bdu] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mercantildobrasil.com.br ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mercantildobrasil.com.br ([www2] https in Trusted sites)
O16 - DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} http://fifa-online.easports.com/fo3-theme/addons/EAFO3AXLauncher.cab (EAFO3AXLauncher Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399001} https://bdu.bmb.com.br/plugin/GbPluginBmb.cab (GbPluginObj Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B06D777-9B74-46BB-8771-EF419994E897}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C001B907-2AD7-4E1D-869D-6B2468D6E385}: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de Programas\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de Programas\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Arquivos de Programas\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ GbPluginBmb: DllName - (C:\PROGRA~1\GbPlugin\gbiehBmb.dll) - C:\Arquivos de Programas\GbPlugin\gbiehBmb.dll (Banco Mercantil do Brasil)
O20 - Winlogon\Notify\ GbPluginCef: DllName - (C:\Program Files\GbPlugin\gbiehCef.dll) - C:\Arquivos de Programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399001} - C:\Arquivos de Programas\GbPlugin\gbiehBmb.dll (Banco Mercantil do Brasil)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Arquivos de Programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 19:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/05/13 18:24:35 | 000,000,000 | RH-D | M] - E:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002/10/17 00:56:50 | 000,000,036 | RH-- | M] () - E:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/12/15 15:06:14 | 000,000,000 | ---D | C] -- C:\Users\Marcelo Mataraia\AppData\Roaming\Malwarebytes
[2012/12/15 15:05:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/12/15 15:05:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/12/15 15:05:27 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/12/15 15:05:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/12/15 00:14:23 | 000,000,000 | ---D | C] -- C:\Gravity
[2012/12/12 03:11:41 | 000,000,000 | ---D | C] -- C:\Users\Marcelo Mataraia\Desktop\aa
[2012/12/12 03:04:35 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/12/12 03:04:34 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/12/12 03:04:34 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/12/12 03:04:34 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/12/12 03:04:34 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/12/12 03:04:33 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/12/12 03:04:33 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/12/12 03:04:31 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/12/11 21:42:19 | 002,344,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/12/11 21:41:54 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012/12/11 21:41:54 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012/12/11 21:41:54 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012/12/11 21:41:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/11 21:41:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/11 21:41:53 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/11 21:41:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/11 21:41:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012/12/11 21:41:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012/12/11 21:41:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/11 21:41:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012/12/11 21:41:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012/12/11 21:41:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/11 21:41:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012/12/11 21:41:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/11 21:41:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/11 21:41:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/11 21:41:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012/12/11 21:41:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012/12/11 21:41:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012/12/11 21:41:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/11 21:41:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/11 21:41:49 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012/12/11 21:41:49 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/11 21:41:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/11 21:41:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012/12/11 21:41:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012/12/11 21:41:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/11 21:41:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012/12/11 21:41:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012/12/11 21:40:33 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2012/12/11 21:40:30 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012/12/11 21:40:30 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012/12/11 21:40:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/12/11 00:35:39 | 000,000,000 | ---D | C] -- C:\Users\Marcelo Mataraia\Desktop\gmer
[2012/12/10 16:51:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/12/10 16:37:49 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/12/10 16:37:49 | 000,000,000 | ---D | C] -- C:\Users\Marcelo Mataraia\AppData\Local\temp
[2012/12/10 16:22:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/12/10 16:22:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/12/10 16:22:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/12/10 16:22:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/12/10 16:22:22 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/12/10 16:13:11 | 000,000,000 | ---D | C] -- C:\Users\Marcelo Mataraia\AppData\Local\{BD69C601-A99E-4364-BB53-86E389B7EFA5}
[2012/12/10 15:21:33 | 000,000,000 | ---D | C] -- C:\Users\Marcelo Mataraia\AppData\Local\{3A80FA1A-164A-4248-9EA0-C1B0418F16A5}
[2012/12/04 10:02:57 | 000,000,000 | RHSD | C] -- C:\Users\Marcelo Mataraia\Desktop\Discografia - O Teatro Mágico
[2012/12/04 01:39:56 | 000,000,000 | ---D | C] -- C:\Users\Marcelo Mataraia\AppData\Local\Facebook
[2012/12/02 20:38:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WorldUnlock Calculator
[2012/12/02 18:40:54 | 000,000,000 | ---D | C] -- C:\Users\Marcelo Mataraia\AppData\Local\{9BECEDED-58B0-4164-95C7-C2070F91E957}
[2012/12/01 11:29:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/12/01 11:29:09 | 000,000,000 | RHSD | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/12/01 11:29:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/12/01 02:04:49 | 000,000,000 | ---D | C] -- C:\Users\Marcelo Mataraia\AppData\Local\{62628015-FAC0-4EF2-B176-355CBE626B8C}
[2012/11/30 14:04:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/11/30 14:04:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/11/30 14:04:01 | 000,000,000 | ---D | C] -- C:\Users\Marcelo Mataraia\AppData\Local\{BE4B529A-0BE5-4CFD-952D-B95B4DC6C0AC}
[2012/11/30 13:49:31 | 000,000,000 | ---D | C] -- C:\Users\Marcelo Mataraia\AppData\Local\Downloaded Installations
[2012/11/29 10:08:42 | 000,000,000 | ---D | C] -- C:\Users\Marcelo Mataraia\AppData\Local\{E354D61F-1985-49A6-AAD1-36A379FE23F1}
[2012/11/19 17:35:37 | 000,000,000 | ---D | C] -- C:\Users\Marcelo Mataraia\AppData\Local\{DF8277D4-A385-4849-90BE-41C2A13EECB5}
[2012/11/16 13:15:01 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbser6k.sys
[2012/11/16 13:15:01 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbnmea.sys
[2012/11/16 13:15:01 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys
[2012/11/16 13:14:46 | 000,000,000 | RHSD | C] -- C:\Program Files\InstallAffixationInfo
[2012/11/16 13:14:41 | 000,000,000 | RHSD | C] -- C:\Program Files\Claro 3G
[2012/11/16 13:14:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Claro 3G
[2012/11/16 13:11:42 | 000,000,000 | RHSD | C] -- C:\Windows\LastGood
[2012/11/15 23:50:44 | 000,000,000 | ---D | C] -- C:\Users\Marcelo Mataraia\AppData\Local\{EA26994E-A2A6-4D7D-8515-60B6AFE13D0F}
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/15 15:43:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/15 15:34:19 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/15 15:34:19 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/15 15:32:13 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/15 15:27:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/15 15:26:46 | 1579,843,584 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/15 15:05:35 | 000,001,074 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/15 14:27:07 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2821982559-343958672-2473211886-1000UA.job
[2012/12/15 13:45:01 | 000,000,972 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2821982559-343958672-2473211886-1000UA.job
[2012/12/15 01:45:00 | 000,000,950 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2821982559-343958672-2473211886-1000Core.job
[2012/12/14 23:27:02 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2821982559-343958672-2473211886-1000Core.job
[2012/12/12 17:41:01 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012/12/12 15:36:29 | 000,713,894 | ---- | M] () -- C:\Windows\System32\prfh0416.dat
[2012/12/12 15:36:29 | 000,661,724 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/12/12 15:36:29 | 000,152,206 | ---- | M] () -- C:\Windows\System32\prfc0416.dat
[2012/12/12 15:36:29 | 000,125,810 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/12/12 03:41:23 | 001,784,131 | ---- | M] () -- C:\Users\Marcelo Mataraia\Desktop\cinza 100x.png
[2012/12/12 03:41:09 | 009,394,695 | ---- | M] () -- C:\Users\Marcelo Mataraia\Desktop\cinza 100x.psd
[2012/12/12 03:24:50 | 000,281,432 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/12/10 16:46:42 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/12/03 14:19:33 | 001,830,715 | ---- | M] () -- C:\Users\Marcelo Mataraia\Desktop\P28-11-12_15.png
[2012/12/02 20:56:04 | 000,000,200 | ---- | M] () -- C:\Users\Marcelo Mataraia\Documents\imei corby.rtf
[2012/12/01 12:18:33 | 000,000,369 | ---- | M] () -- C:\Windows\wininit.ini
[2012/11/28 15:27:56 | 000,318,264 | ---- | M] () -- C:\Users\Marcelo Mataraia\Desktop\P28-11-12_15.27.jpg
[2012/11/23 17:45:30 | 000,000,213 | ---- | M] () -- C:\Users\Marcelo Mataraia\Desktop\Dota 2.url
[2012/11/22 05:43:13 | 002,344,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/11/19 09:19:11 | 000,003,715 | ---- | M] () -- C:\Users\Marcelo Mataraia\Desktop\promessas.rtf
[2012/11/16 13:14:58 | 000,001,638 | ---- | M] () -- C:\Users\Public\Desktop\Claro 3G.lnk
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/15 15:05:35 | 000,001,074 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/12 03:41:17 | 001,784,131 | ---- | C] () -- C:\Users\Marcelo Mataraia\Desktop\cinza 100x.png
[2012/12/12 03:41:07 | 009,394,695 | ---- | C] () -- C:\Users\Marcelo Mataraia\Desktop\cinza 100x.psd
[2012/12/10 16:22:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/12/10 16:22:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/12/10 16:22:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/12/10 16:22:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/12/10 16:22:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/12/03 14:19:25 | 001,830,715 | ---- | C] () -- C:\Users\Marcelo Mataraia\Desktop\P28-11-12_15.png
[2012/12/03 14:16:11 | 000,318,264 | ---- | C] () -- C:\Users\Marcelo Mataraia\Desktop\P28-11-12_15.27.jpg
[2012/12/02 20:56:04 | 000,000,200 | ---- | C] () -- C:\Users\Marcelo Mataraia\Documents\imei corby.rtf
[2012/12/01 12:18:32 | 000,000,369 | ---- | C] () -- C:\Windows\wininit.ini
[2012/11/23 17:45:26 | 000,000,213 | ---- | C] () -- C:\Users\Marcelo Mataraia\Desktop\Dota 2.url
[2012/11/19 03:03:34 | 000,003,715 | ---- | C] () -- C:\Users\Marcelo Mataraia\Desktop\promessas.rtf
[2012/11/16 13:14:41 | 000,001,638 | ---- | C] () -- C:\Users\Public\Desktop\Claro 3G.lnk
[2012/05/20 23:51:15 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012/05/18 17:51:14 | 000,065,536 | ---- | C] () -- C:\Windows\IFinst27.exe
[2012/05/16 23:44:19 | 961,808,274 | ---- | C] () -- C:\Program Files\DarkedenNA111124.exe.downloading
[2012/04/04 00:18:18 | 000,109,216 | ---- | C] () -- C:\Windows\System32\EasyHook64.dll
[2012/04/04 00:18:18 | 000,084,480 | ---- | C] () -- C:\Windows\System32\EasyHook32.dll
[2012/04/02 01:25:47 | 000,140,952 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012/04/02 01:25:46 | 000,138,056 | ---- | C] () -- C:\Users\Marcelo Mataraia\AppData\Roaming\PnkBstrK.sys
[2012/04/02 01:25:30 | 000,298,280 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012/04/02 01:25:27 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012/04/02 01:25:26 | 003,360,624 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2012/01/20 01:28:53 | 000,000,000 | ---- | C] () -- C:\Users\Marcelo Mataraia\AppData\Local\{CAD173AA-DCA4-4874-8C72-0A47D9AE08AE}
[2012/01/14 04:11:09 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2011/10/06 17:45:03 | 000,051,078 | ---- | C] () -- C:\Users\Marcelo Mataraia\AppData\Roaming\room_v3.dat
[2011/08/17 19:29:02 | 000,000,104 | ---- | C] () -- C:\Users\Marcelo Mataraia\AppData\Local\fusioncache.dat
[2011/08/17 18:06:27 | 000,000,104 | ---- | C] () -- C:\Users\Marcelo Mataraia\AppData\Roaming\iTunesAlbumArtFinderPrefs
[2011/08/17 18:06:27 | 000,000,081 | -H-- | C] () -- C:\Users\Marcelo Mataraia\AppData\Roaming\iaaf_system_file
[2011/06/28 21:14:08 | 000,000,000 | ---- | C] () -- C:\Users\Marcelo Mataraia\AppData\Local\{6DB08696-14F2-4547-A312-EF3C7A569D86}
[2011/06/01 21:09:36 | 000,009,728 | ---- | C] () -- C:\Windows\System32\vvprotect.sys
[2011/03/12 00:55:55 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2011/02/17 13:15:46 | 000,001,112 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2011/02/17 13:15:46 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2011/02/17 13:15:45 | 000,189,796 | ---- | C] () -- C:\Windows\System32\drivers\RTConvEQ.dat
[2011/02/17 13:15:45 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2011/02/17 13:15:45 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2011/02/17 13:15:45 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2010/12/03 05:47:25 | 000,000,000 | ---- | C] () -- C:\Users\Marcelo Mataraia\AppData\Roaming\downloads.m3u
[2010/04/15 19:20:34 | 000,024,064 | ---- | C] () -- C:\Users\Marcelo Mataraia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/30 21:42:31 | 000,000,149 | ---- | C] () -- C:\Users\Marcelo Mataraia\AppData\Roaming\default.rss

========== ZeroAccess Check ==========

[2009/07/14 02:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 02:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 23:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 23:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/02/03 00:08:37 | 000,000,000 | ---D | M] -- C:\Users\Marcelo Mataraia\AppData\Roaming\Aegisub
[2010/09/18 16:12:55 | 000,000,000 | ---D | M] -- C:\Users\Marcelo Mataraia\AppData\Roaming\Atari
[2012/09/21 18:36:32 | 000,000,000 | ---D | M] -- C:\Users\Marcelo Mataraia\AppData\Roaming\Audacity
[2012/03/20 00:25:53 | 000,000,000 | ---D | M] -- C:\Users\Marcelo Mataraia\AppData\Roaming\BitComet
[2010/04/26 20:34:20 | 000,000,000 | ---D | M] -- C:\Users\Marcelo Mataraia\AppData\Roaming\BrOffice.org
[2011/09/02 18:53:02 | 000,000,000 | ---D | M] -- C:\Users\Marcelo Mataraia\AppData\Roaming\BSplayer
[2011/09/02 04:09:26 | 000,000,000 | ---D | M] -- C:\Users\Marcelo Mataraia\AppData\Roaming\BSplayer Pro
[2011/10/07 21:02:34 | 000,000,000 | ---D | M] -- C:\Users\Marcelo Mataraia\AppData\Roaming\Cocoon Software
[2012/05/18 15:24:14 | 000,000,000 | ---D | M] -- C:\Users\Marcelo Mataraia\AppData\Roaming\DAEMON Tools Lite
[2010/11/29 03:57:00 | 000,000,000 | ---D | M] -- C:\Users\Marcelo Mataraia\AppData\Roaming\DeviceDoctorSoftware
[2012/06/29 20:21:56 | 000,000,000 | ---D | M] -- C:\Users\Marcelo Mataraia\AppData\Roaming\Easeware
[2010/12/02 09:52:21 | 000,000,000 | ---D | M] -- C:\Users\Marcelo Mataraia\AppData\Roaming\ICAClient
[2012/05/18 15:18:30 | 000,000,000 | ---D | M] -- C:\Users\Marcelo Mataraia\AppData\Roaming\IObit
[2010/09/18 15:00:10 | 000,000,000 | ---D | M] -- C:\Users\Marcelo Mataraia\AppData\Roaming\Leadertech
[2011/09/02 03:38:50 | 000,000,000 | ---D | M] -- C:\Users\Marcelo Mataraia\AppData\Roaming\Nullsoft
[2010/03/31 19:31:32 | 000,000,000 | ---D | M] -- C:\Users\Marcelo Mataraia\AppData\Roaming\Oi
[2011/10/07 23:05:24 | 000,000,000 | ---D | M] -- C:\Users\Marcelo Mataraia\AppData\Roaming\OxelonMC
[2011/10/16 05:55:52 | 000,000,000 | ---D | M] -- C:\Users\Marcelo Mataraia\AppData\Roaming\RGE
[2010/11/11 23:29:35 | 000,000,000 | ---D | M] -- C:\Users\Marcelo Mataraia\AppData\Roaming\SPORE
[2011/05/03 14:03:09 | 000,000,000 | ---D | M] -- C:\Users\Marcelo Mataraia\AppData\Roaming\Thinstall
[2012/06/25 12:58:49 | 000,000,000 | ---D | M] -- C:\Users\Marcelo Mataraia\AppData\Roaming\Tibia
[2011/04/14 02:09:42 | 000,000,000 | ---D | M] -- C:\Users\Marcelo Mataraia\AppData\Roaming\Tibiacast
[2010/11/16 16:09:10 | 000,000,000 | ---D | M] -- C:\Users\Marcelo Mataraia\AppData\Roaming\Tific
[2010/12/23 16:54:38 | 000,000,000 | ---D | M] -- C:\Users\Marcelo Mataraia\AppData\Roaming\TomTom
[2012/03/20 14:35:08 | 000,000,000 | ---D | M] -- C:\Users\Marcelo Mataraia\AppData\Roaming\TS3Client
[2012/12/10 16:01:53 | 000,000,000 | ---D | M] -- C:\Users\Marcelo Mataraia\AppData\Roaming\uTorrent
[2011/11/07 14:10:03 | 000,000,000 | ---D | M] -- C:\Users\Marcelo Mataraia\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\drivers\*.sys /90 >
[2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbam.sys

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >
[2012/12/10 16:51:48 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-2821982559-343958672-2473211886-1000\desktop.ini
[2009/07/14 02:53:46 | 000,032,608 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU(6).TXT
[2009/07/14 02:53:46 | 000,032,608 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/07/14 02:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2010/03/30 21:52:46 | 000,001,070 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2821982559-343958672-2473211886-1000Core.job
[2010/03/30 21:52:47 | 000,001,122 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2821982559-343958672-2473211886-1000UA.job
[2010/09/30 20:29:55 | 000,001,072 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2010/09/30 20:29:56 | 000,001,076 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2011/11/25 02:29:26 | 000,000,950 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2821982559-343958672-2473211886-1000Core.job
[2011/11/25 02:29:28 | 000,000,972 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2821982559-343958672-2473211886-1000UA.job

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-12-12 05:05:52

< MD5 for: AGP440.SYS >
[2009/07/13 23:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\erdnt\cache\AGP440.sys
[2009/07/13 23:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/13 23:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/13 23:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/13 23:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 23:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\erdnt\cache\atapi.sys
[2009/07/13 23:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 23:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/13 23:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/13 23:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009/07/13 23:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\System32\autochk.exe
[2009/07/13 23:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2010/11/20 10:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: BEEP.SYS >
[2009/07/13 21:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\erdnt\cache\beep.sys
[2009/07/13 21:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\System32\drivers\beep.sys
[2009/07/13 21:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_c3f6f77668f0ddcc\beep.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 23:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\erdnt\cache\cngaudit.dll
[2009/07/13 23:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/13 23:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: EXPLORER.EXE >
[2011/02/26 03:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 23:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 03:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 03:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 03:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\erdnt\cache\explorer.exe
[2011/02/26 03:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe
[2011/02/26 03:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 10:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 03:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 03:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 03:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 04:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: IASTORV.SYS >
[2011/03/11 03:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 03:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 03:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys
[2011/03/11 03:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011/03/11 03:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009/07/13 23:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 23:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 10:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011/03/11 03:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys

< MD5 for: KERNEL32.DLL >
[2011/05/14 04:26:31 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=02D5E2D9D9497F314C97E082A1CB9808 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17617_none_95c851f0b48aeae5\kernel32.dll
[2009/12/08 09:33:31 | 000,857,088 | ---- | M] (Microsoft Corporation) MD5=0369BA73CE6D918745579B24339765E8 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16481_none_93903c22b7a2b5ea\kernel32.dll
[2012/08/20 15:54:52 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=0B0ACE1E9F27AA44B4FAC72F881B908C -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21306_none_94753f2bd07b1432\kernel32.dll
[2011/06/03 04:01:43 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=11826814AA8C1177CBF6BC40105E9A87 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.20978_none_942bb277d0b1dfc0\kernel32.dll
[2011/07/16 02:25:25 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=12DD18C6ECADEDB922E40B494D315206 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21010_none_946467d1d088a0a4\kernel32.dll
[2012/10/04 14:43:05 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=3ED262888758E350C29E02207AF9AC59 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17965_none_95904772b4b53b61\kernel32.dll
[2009/07/13 23:15:35 | 000,857,088 | ---- | M] (Microsoft Corporation) MD5=4605F7EE9805F7E1C98D6C959DD2949C -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16385_none_93943b64b79f1e1f\kernel32.dll
[2011/05/14 04:35:39 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=4F9C07F0D68E135F1E07C20647FC54F9 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16816_none_93e0f4a0b76565a2\kernel32.dll
[2010/11/20 10:19:26 | 000,857,600 | ---- | M] (Microsoft Corporation) MD5=5553784D774CA845380650E010BBDA2C -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_95c54f2cb48da1b9\kernel32.dll
[2011/05/14 05:40:52 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=5717FC9D2A1DAA0596DC7D940F2D613C -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21728_none_96481f19cdafbff7\kernel32.dll
[2012/10/04 14:49:12 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=5EB52C62998CF36BAE774FC67775EAEB -- C:\Windows\System32\kernel32.dll
[2012/10/04 14:49:12 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=5EB52C62998CF36BAE774FC67775EAEB -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.17135_none_93ca306cb776b1bd\kernel32.dll
[2012/10/04 14:32:16 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=63350392C018D28C87E6FCB638DFCFE8 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22125_none_9644fc0fcdb29ea9\kernel32.dll
[2012/08/20 15:40:01 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=6F93A0F455963DC8A9A16BB682C8D589 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17932_none_95adb658b49f9b89\kernel32.dll
[2011/07/16 02:34:28 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=7E99A20C758ABB5AE89C7AEEA3A9AEB2 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16850_none_93afb334b78b3d5c\kernel32.dll
[2012/08/18 09:21:20 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=8EA21D5227121072B985525B6C0C36A0 -- C:\Windows\erdnt\cache\kernel32.dll
[2012/08/18 09:21:20 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=8EA21D5227121072B985525B6C0C36A0 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.17107_none_93eca0c4b75c9098\kernel32.dll
[2012/08/20 15:34:45 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=9139B25AA9CA8749A11F2BE863EF391B -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22091_none_95f5498dcdeeffbd\kernel32.dll
[2011/07/16 02:54:28 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=921F8B3FF01501C9934CCB3C270833D7 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_960c0dc1cdddb3a2\kernel32.dll
[2012/10/04 14:51:02 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=A49F39AD51987F9360C316D85040D763 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21335_none_9453cf1dd0944eae\kernel32.dll
[2011/07/16 02:27:30 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=E570CBD732848438EAC574EB3442A2A8 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17651_none_95971084b4b0c29f\kernel32.dll
[2009/12/08 09:57:44 | 000,857,088 | ---- | M] (Microsoft Corporation) MD5=EB7B2309A2B16EEB73C2C13477FEF8FB -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.20591_none_940f0901d0c871a5\kernel32.dll

< MD5 for: MSWSOCK.DLL >
[2009/07/13 23:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\erdnt\cache\mswsock.dll
[2009/07/13 23:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\System32\mswsock.dll
[2009/07/13 23:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll
[2010/11/20 10:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll

< MD5 for: NDIS.SYS >
[2009/07/13 23:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\erdnt\cache\ndis.sys
[2009/07/13 23:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\System32\drivers\ndis.sys
[2009/07/13 23:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys
[2010/11/20 10:30:06 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_a9ce95b27a512623\ndis.sys

< MD5 for: NETLOGON.DLL >
[2010/11/20 10:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/13 23:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\erdnt\cache\netlogon.dll
[2009/07/13 23:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/13 23:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NTFS.SYS >
[2012/08/31 15:18:09 | 001,211,760 | ---- | M] (Microsoft Corporation) MD5=0D87503986BB3DFED58E343FE39DDE13 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17945_none_a8592bc67b451464\ntfs.sys
[2011/03/11 03:44:01 | 001,210,240 | ---- | M] (Microsoft Corporation) MD5=187002CE05693C306F43C873F821381F -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.16778_none_a65558427e3453b4\ntfs.sys
[2010/11/20 10:30:06 | 001,211,264 | ---- | M] (Microsoft Corporation) MD5=33C3093D09017CFE2E219F2472BFF6EB -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17514_none_a87893a87b2db29e\ntfs.sys
[2009/07/13 23:20:44 | 001,210,432 | ---- | M] (Microsoft Corporation) MD5=3795DCD21F740EE799FB7223234215AF -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.16385_none_a6477fe07e3f2f04\ntfs.sys
[2012/08/31 15:21:56 | 001,210,736 | ---- | M] (Microsoft Corporation) MD5=5126C5402C730C2A953275D8497A4715 -- C:\Windows\erdnt\cache\ntfs.sys
[2012/08/31 15:21:56 | 001,210,736 | ---- | M] (Microsoft Corporation) MD5=5126C5402C730C2A953275D8497A4715 -- C:\Windows\System32\drivers\ntfs.sys
[2012/08/31 15:21:56 | 001,210,736 | ---- | M] (Microsoft Corporation) MD5=5126C5402C730C2A953275D8497A4715 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.17119_none_a69715e87e02f01c\ntfs.sys
[2012/08/31 15:20:14 | 001,210,736 | ---- | M] (Microsoft Corporation) MD5=72D1BB12770F86033C73E288CD8E3869 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.21316_none_a71db3bb97234108\ntfs.sys
[2011/03/11 03:39:00 | 001,211,264 | ---- | M] (Microsoft Corporation) MD5=81189C3D7763838E55C397759D49007A -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17577_none_a83ab4fe7b5ba649\ntfs.sys
[2011/03/11 03:52:25 | 001,210,752 | ---- | M] (Microsoft Corporation) MD5=A7266D82DB9675AFBDED39695B69EDAC -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.20921_none_a70e0489972fb38f\ntfs.sys
[2011/03/11 03:28:10 | 001,211,264 | ---- | M] (Microsoft Corporation) MD5=E2EDE3F02F95B896A1C7C6F0CC0C4083 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.21680_none_a8b27fd79487b0a3\ntfs.sys
[2012/08/31 15:01:43 | 001,212,272 | ---- | M] (Microsoft Corporation) MD5=E6C295C6F8E639957235FEE1D95077F4 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.22104_none_a90ce01994435e55\ntfs.sys

< MD5 for: NVSTOR.SYS >
[2011/03/11 03:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 03:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys
[2011/03/11 03:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys
[2011/03/11 03:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/11 03:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/11 03:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010/11/20 10:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/13 23:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 23:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: PROQUOTA.EXE >
[2010/11/20 10:17:30 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E77BAB79F078654782F83F0A0AEFE31 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-proquota_31bf3856ad364e35_6.1.7601.17514_none_29ce61c2f0a740f4\proquota.exe
[2009/07/13 23:14:29 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=8CDF71E78469BE54C29C1AD2FC8DE611 -- C:\Windows\System32\proquota.exe
[2009/07/13 23:14:29 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=8CDF71E78469BE54C29C1AD2FC8DE611 -- C:\Windows\winsxs\x86_microsoft-windows-proquota_31bf3856ad364e35_6.1.7600.16385_none_279d4dfaf3b8bd5a\proquota.exe

< MD5 for: QMGR.DLL >
[2009/07/13 23:16:12 | 000,589,312 | ---- | M] (Microsoft Corporation) MD5=53F476476F55A27F580661BDE09C4EC4 -- C:\Windows\erdnt\cache\qmgr.dll
[2009/07/13 23:16:12 | 000,589,312 | ---- | M] (Microsoft Corporation) MD5=53F476476F55A27F580661BDE09C4EC4 -- C:\Windows\System32\qmgr.dll
[2009/07/13 23:16:12 | 000,589,312 | ---- | M] (Microsoft Corporation) MD5=53F476476F55A27F580661BDE09C4EC4 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_23671b105ac5a0fd\qmgr.dll
[2010/11/20 10:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_25982ed857b42497\qmgr.dll

< MD5 for: SCECLI.DLL >
[2009/07/13 23:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\erdnt\cache\scecli.dll
[2009/07/13 23:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/13 23:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 10:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

< MD5 for: SPOOLSV.EXE >
[2012/02/11 03:31:45 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=13B48314BF02091B30597DF20B71CBAC -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.21149_none_d6daba6e3bd61215\spoolsv.exe
[2010/08/20 02:25:14 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=2FB4CE429488156B19C0D8E5C4552043 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.20785_none_d6ab9bc23bf9f1c6\spoolsv.exe
[2009/07/13 23:14:41 | 000,316,416 | ---- | M] (Microsoft Corporation) MD5=49B6DD6AB3715B7A67965F17194E98A9 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16385_none_d621f94522dc5a87\spoolsv.exe
[2010/11/20 10:17:45 | 000,317,440 | ---- | M] (Microsoft Corporation) MD5=866A43013535DC8587C258E43579C764 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_d8530d0d1fcade21\spoolsv.exe
[2012/02/11 03:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) MD5=9AEA093B8F9C37CF45538382CABA2475 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17777_none_d815322f1ff8cc1a\spoolsv.exe
[2012/02/11 03:21:14 | 000,317,952 | ---- | M] (Microsoft Corporation) MD5=CAE10A25F936C053E41CBE0FA06FF15D -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.21921_none_d8cedec038f3454c\spoolsv.exe
[2010/08/21 03:32:37 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=D1BB750EB51694DE183E08B9C33BE5B2 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16661_none_d6339da722cfb4be\spoolsv.exe
[2012/02/11 03:41:06 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=E17323B0AA9FB3FF9945731D736EDA2F -- C:\Windows\erdnt\cache\spoolsv.exe
[2012/02/11 03:41:06 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=E17323B0AA9FB3FF9945731D736EDA2F -- C:\Windows\System32\spoolsv.exe
[2012/02/11 03:41:06 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=E17323B0AA9FB3FF9945731D736EDA2F -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16962_none_d634a3a322cec58a\spoolsv.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 23:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache\svchost.exe
[2009/07/13 23:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 23:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: TERMSRV.DLL >
[2010/11/20 10:21:28 | 000,521,216 | ---- | M] (Microsoft Corporation) MD5=382C804C92811BE57829D8E550A900E2 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_90a6abb3b286306d\termsrv.dll
[2009/07/13 23:16:15 | 000,543,232 | ---- | M] (Microsoft Corporation) MD5=A01E50A04D7B1960B33E92B9080E6A94 -- C:\Windows\erdnt\cache\termsrv.dll
[2009/07/13 23:16:15 | 000,543,232 | ---- | M] (Microsoft Corporation) MD5=A01E50A04D7B1960B33E92B9080E6A94 -- C:\Windows\System32\termsrv.dll
[2009/07/13 23:16:15 | 000,543,232 | ---- | M] (Microsoft Corporation) MD5=A01E50A04D7B1960B33E92B9080E6A94 -- C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7600.16385_none_8e7597ebb597acd3\termsrv.dll

< MD5 for: USERINIT.EXE >
[2010/11/20 10:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 23:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\erdnt\cache\userinit.exe
[2009/07/13 23:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/13 23:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 315 bytes -> C:\ProgramData\TEMP:E41EAF13
@Alternate Data Stream - 314 bytes -> C:\Windows\System32\drivers:GbpKmAp.lst
@Alternate Data Stream - 231 bytes -> C:\ProgramData\TEMP:6BE50C2B
@Alternate Data Stream - 226 bytes -> C:\ProgramData\TEMP:4EE74317
@Alternate Data Stream - 2 bytes -> C:\Windows\System32:FAA691DA_Cef.gbp
@Alternate Data Stream - 2 bytes -> C:\Windows\System32:FAA691DA_Bmb.gbp
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:553CA6CA

< End of report >

OTL Extras logfile created on: 15/12/2012 15:40:53 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marcelo Mataraia\Downloads
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

1,96 Gb Total Physical Memory | 1,23 Gb Available Physical Memory | 62,94% Memory free
3,92 Gb Paging File | 3,19 Gb Available in Paging File | 81,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,79 Gb Total Space | 16,44 Gb Free Space | 7,06% Space Free | Partition Type: NTFS
Drive D: | 3,36 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 931,51 Gb Total Space | 706,79 Gb Free Space | 75,88% Space Free | Partition Type: NTFS

Computer Name: MATARAIA | User Name: Marcelo Mataraia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:Windows Update -- (Microsoft Corporation)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A976988-82E8-468D-B5E5-73B0EC86C4D7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0F0D6266-6F96-4907-8C12-22EBE48367FC}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{119C0498-5BF2-4C76-9DD2-EF8FD9517F58}" = lport=137 | protocol=17 | dir=in | app=system |
"{152B6120-09C5-4B82-B770-21C86460DD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{1B235938-58AD-4443-ABD1-12E0847318FF}" = rport=137 | protocol=17 | dir=out | app=system |
"{225B25E7-F985-467E-8F1B-1A1B75F77069}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{2C98C476-337D-445B-AED9-760AB19896A9}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2D6DC2D1-C2B3-4418-8384-8B0EBD349AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{2F3989D6-9E9F-407A-B2EA-FE0D9E4ACC82}" = rport=138 | protocol=17 | dir=out | app=system |
"{2F3ED0AA-5CBA-4C47-AD44-4A5AC4234C41}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{40A7772A-6C9A-41DC-A8D9-385C9ADF98E8}" = lport=21374 | protocol=17 | dir=in | name=bitcomet 21374 udp |
"{5117D917-9E44-4EB7-B7FD-7F2463E3601A}" = lport=139 | protocol=6 | dir=in | app=system |
"{6498B609-8987-46B0-8DDF-1E7FE9FAD489}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6A3D6607-204D-40E3-ABE6-BFE37D3F244C}" = lport=21374 | protocol=17 | dir=in | name=bitcomet 21374 udp |
"{6AD926A3-F0FF-4453-B52C-989804A58B80}" = lport=21374 | protocol=6 | dir=in | name=bitcomet 21374 tcp |
"{6D230502-74ED-4B2E-A0B9-0B2CEAC6566E}" = lport=138 | protocol=17 | dir=in | app=system |
"{732D5498-4C42-4A71-84F4-0003F21CCA79}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8D9C57FA-0F5F-479E-9B25-98FD988B52B7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8ECACDB4-923A-4E13-B9B9-96701686780C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{96662739-567F-464E-98C8-CBDC16BDCCA0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{98D0CAA7-E602-4A41-9308-FDCCA3607D99}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{99E42CD7-CDAD-4FEE-8D66-54FB8F1FFCFA}" = rport=139 | protocol=6 | dir=out | app=system |
"{A31042B0-4D91-4405-9A3D-52E3E7E56FA1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B701371E-4F2B-43D1-BF28-F178DA2A340E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BEEB0DDE-4AE7-4AEB-911F-6DCD7B36A1E8}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C5C24EC9-B940-4146-B247-A04B73052B51}" = lport=445 | protocol=6 | dir=in | app=system |
"{CFCE803C-2BCC-458C-91A0-41F60AB90900}" = lport=21374 | protocol=6 | dir=in | name=bitcomet 21374 tcp |
"{E6F22C19-4A18-4E2E-9C71-E8F3ABD7132A}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{FB2B10FD-4ABE-4AE3-85EF-5B15AE8A8CCA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02C446AC-B5D6-451B-9EF7-6057764A1734}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{048C5702-0349-4571-BF92-431EA7552D04}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{04BC0EA5-9548-4BA4-BB17-62FA1AF5A2F3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0836F5C6-6C9E-4187-AFA5-ADCF571A61DA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0DF5E31F-3F1F-43F5-897A-41FBAE045917}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{12B9A7ED-C84D-4F87-AA9B-4B0E710FCFB7}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{1CE7BCA7-DC1A-477B-9549-3110DC5B3247}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{2132B555-0539-4EA6-AD7D-2ED0EDCC4FD9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{26D0388C-00EF-4888-9B0F-7D2F3B608881}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2948BEEA-BC01-4ED9-8B6B-08A8499AEF0E}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{2C57362C-10FB-43B9-93EA-8F6968C2EE56}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2D5789B8-8E36-4439-A717-51646F5151E9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3072E6F8-89E6-4D00-8920-B1258DC1F157}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3343C6E0-7964-4D1C-ADC3-9228FD53B4A4}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{33911229-0A7F-4C89-8932-091B9CE3CB4C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{35058318-8677-446B-A8FE-A10163261B04}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{38BF2150-8894-4AB9-B167-3C3513FC9A08}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3943463F-C13C-4EE5-8406-0C33AC9088AE}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{3CF1E6A3-D422-423C-8DE3-455630C48595}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{3FFDC272-75E7-4824-A450-FCD387CF4E84}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{404D0B73-4E51-4663-93DC-D15AB6425516}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{425F2FE1-3169-415E-9B0B-3ACB67546AA7}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{47649F7E-420D-4EDC-B183-0DA6D24BAD3C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{49CF4A0D-2D45-4F9A-A65A-D12D42098F8D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4F36736E-7B73-49AA-BF20-88D3479B36CC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4FDE864A-D3D8-4320-A50B-248F327F2B32}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe |
"{501A1174-2FCC-4317-A6F8-8EEA184B1213}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{50A73ADB-392A-446B-A3FA-44A1095052B9}" = protocol=6 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{55B3CA4F-A580-4880-90C8-6FB7BFB2A54B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{563DF6A4-3922-4781-B38F-9ED0C3808C67}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{57DB583C-A8D2-4874-B710-A537ADDF8AEA}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{581C457A-F43C-4A42-9A3A-31ABCFC92E38}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\mataraia\counter-strike\hl.exe |
"{5917386B-BDDD-4EA5-9A3F-1A6139592DDF}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{5A17E7C9-98E0-4BFD-8A9C-0589BCF0D0E0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5C0CF174-9AE9-4377-8B3D-2E2E86456B14}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5D04D043-6FE9-445B-9C6C-D1DB83FC8210}" = protocol=58 | dir=in | app=system |
"{5D9C8AB4-EB7D-4697-93E5-9FA47C306839}" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"{6159C36B-7D56-43E2-9BA5-CAD2770C1910}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{645ED553-9293-4540-AAF6-3EB98A631F4D}" = dir=in | app=c:\users\marcelo mataraia\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{65849E74-5AC5-43B2-8A14-0208328B8B9F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{66483304-0AA8-45AB-8E12-8B7DD1A9B688}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\mataraia\counter-strike\hl.exe |
"{668F4D64-C6B5-422A-83EF-9D9F415D4933}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{67765B1F-CB9A-40EB-A8EE-992065918646}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{692B2B1F-1C65-4207-932D-E230B41BF2AD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{69509830-6E13-4EE5-916A-9EA228110BF1}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{6DDC504B-9740-45FE-9C8A-94F2AE153DED}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6EDE2578-5754-4602-BAAC-36116451C1C8}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{70A9D33F-D0A8-4F84-8A49-396F0FCDE3A3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{714F9DD7-CC85-4EE2-935C-B3D71A54669C}" = protocol=17 | dir=in | app=c:\program files\diablo ii\diablo ii.exe |
"{71ECE0B7-C486-44E5-98AD-A9BF45390B7A}" = protocol=17 | dir=in | app=c:\program files\garena\garena.exe |
"{72C39DB0-107E-404D-83FF-E57AF1EF9CD7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{731AEE35-BC16-4020-9111-A7FF17CA2809}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7548AFF2-8A35-4D0A-A06A-FDEFFD01F048}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7584E1DA-2256-4A73-8BE8-EB647A7B5189}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{762C289C-D859-4A38-AF86-AAFF18641FCE}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{76EC1EBD-5D9C-4E07-9861-D4111B694294}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{771F8DBC-A805-4F96-9D63-D04AFCA620C7}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{783CE297-5615-4B57-B272-4E82F8BADE66}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7A23A606-E891-4928-A976-C90E019C8583}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7C405FEB-53A3-4995-BBD0-ED4D73661CFC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7D96F542-BE14-419C-8935-102948B4D72B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7DE12F51-0C5E-4A5F-B241-3D5D74AA7A6D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{80DE0067-76BA-4ACA-92B4-8AB92A48BF26}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{823A7B20-5703-4CCF-B6E7-8EE40D4796F6}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe |
"{835989D8-2535-4C11-BF09-342DC7A4ED18}" = protocol=17 | dir=in | app=c:\program files\logmein hamachi\hamachi-2-ui.exe |
"{8524BFF4-3693-4DF9-A8DF-F3A42A02CF26}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8B48DCA0-6165-476E-88D4-11EEC5BB0BAD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{8C9A0A8A-9F8A-4479-995C-F4F05EEF046F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8F537679-D30D-46E1-B05A-29DA71B0D08A}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{907428F8-9EE8-431F-BADB-A45A3DCC84D6}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{922A34B5-BE42-4C00-83F6-AEA788651ECC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{95CCAA96-C01E-496A-9591-4105FDA04F70}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{9729BE1D-A489-4B7C-BC68-4CE59A92707A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{97CA608E-6B16-46C2-A6DB-41964707916E}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{9E0047EB-3A57-4D5B-BDA4-A9C44D1D0D63}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{A0039110-C688-4F46-8610-0654A8C80732}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A10C4548-7AB7-44D8-B9E7-93FBF273E0DF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A14348E6-8607-48FD-BDB0-5DBA7F854CEB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A1599E87-7C00-4C8E-9787-61709FBF734D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{A56770E6-13DD-4E2F-A45D-F9C433E48BFA}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{A7BDA3DA-D3F2-4F9D-9A21-626F1803735E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AB8E6D56-5BC9-4359-AD57-8F3B102D1193}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ABC2326E-158D-43A4-89D3-CEF0FA683982}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AD214B08-C391-4846-8B30-49136ADBB1E3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B5EC0D21-EDCC-4A82-9D83-B931025723A4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B91A121D-EF30-4053-9FBD-D3188CFA1A3B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B924C586-286F-4FC4-98B2-75D83710F875}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{B9891AC5-68E3-4B6A-8C96-8EA4BB000BE3}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{B9C36758-09DC-4B15-A976-CA6E30332880}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BB95F66F-CAA1-471F-94AE-9B3392914972}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BDB889BB-88F8-4211-8B6C-52979A3A62E6}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C080301A-9F4C-490A-AEBC-4269DEF87F14}" = protocol=6 | dir=in | app=c:\program files\logmein hamachi\hamachi-2-ui.exe |
"{C1A93726-84DD-4C07-A896-05EF34B97D85}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C260D397-0AC3-40AF-B29E-F8921A2C2EAE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CB22D50D-59FD-44F5-BFFC-1EE236BBC231}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CD27A4D7-B9C7-48F1-9BE9-4672D7AC4F02}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe |
"{D166FAFF-7718-4414-9D7E-95CB4350A1FB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D1F8623C-B2C1-4E3E-9D26-CA918ED1E81C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D413FDD0-41DE-4153-A6DB-BC30AD0FB0FE}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{D54859C9-F93E-4DAF-83A3-01FFADFEB8FC}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{D8F80103-6E19-47F9-AD29-68741445C479}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DA1E792B-F15B-4BCA-8994-E3B71EBA8C02}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DAFF90B4-19EB-491B-BA76-EDA0F5F60293}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DBABF2F9-4AC7-40D8-8503-11A832E32A26}" = protocol=6 | dir=in | app=c:\program files\diablo ii\diablo ii.exe |
"{DC52196C-C4B4-4D33-82FC-C3AD25AC6760}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DC89F6F2-F9D6-44B7-B440-47893DF2A9BC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DCD2F597-E7A5-434E-A5FC-F8972CB1DB7E}" = protocol=6 | dir=in | app=c:\program files\garena\garena.exe |
"{DD3F1952-E9BF-40FB-99CC-37CA05CCF56F}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{E1356646-0FAB-4D42-9AAC-A4DC9DA05EBE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E255C416-83DF-45BD-A87F-2670F4F91FF7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E2CBCBB5-2676-449C-992F-4CA9940150F2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E7011A22-D36F-46B8-836D-A75663D5B509}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{E9407AD3-EB94-4BE5-B26D-5213567DE36A}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{E99D9A0D-A119-4E9A-B119-FB19E1521203}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{ECCEF9B3-D10E-4CD7-834D-C054E82E57F0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EFAE9B6B-A173-4E17-BFEA-DF5151BBFFB3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EFAF5276-B455-4DE4-A1A9-ABC49156C5F4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F063BF0B-F95F-4FBF-982D-13732134367D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F16BAA14-8D00-4DDD-9023-DF4E18A9D9AB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F269E57A-56A8-4A59-B43C-AE9BC01EBABF}" = protocol=17 | dir=in | app=c:\ongame\pointblank\pointblank.exe |
"{F36D3528-5B3E-43E3-B1C2-686663361806}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F376129A-CD31-49E1-8428-E5BCE7266FAA}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe |
"{F5E1726E-E98E-4E1C-8755-755AA3A73BC5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F787DA5D-799E-4010-956B-AC83310FE511}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F9A026C8-E658-4DD7-930C-228773302211}" = protocol=17 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F9CDC33C-757D-4E5F-8DC9-05E06C8D2550}" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"{FA627F51-DD5C-4A66-A758-9C6B39339DDA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FBF1DC1F-F1E4-4623-9A13-684B9B17D5BF}" = protocol=6 | dir=in | app=c:\ongame\pointblank\pointblank.exe |
"{FF69A30C-30DF-4F0D-AFEF-064FDBA8612E}" = dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{23F0D181-11E5-4545-A238-736E32200219}C:\program files\dklegend\dklegend.exe" = protocol=6 | dir=in | app=c:\program files\dklegend\dklegend.exe |
"TCP Query User{2C842CAA-3F43-487F-B926-74C2C1662D35}C:\program files\valve\portal 2\portal2.exe" = protocol=6 | dir=in | app=c:\program files\valve\portal 2\portal2.exe |
"TCP Query User{2F53C92A-26D5-46F4-9F10-73C8CA686B02}C:\program files\valve\hl.exe" = protocol=6 | dir=in | app=c:\program files\valve\hl.exe |
"TCP Query User{38950A07-1BB2-4D46-91AA-49A0D4315C4D}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{399BDDA3-C8CC-4371-B404-477A5427AD83}C:\program files\valve\hlds.exe" = protocol=6 | dir=in | app=c:\program files\valve\hlds.exe |
"TCP Query User{440AF789-6422-4B9D-877F-6623AA870E23}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{4F78FC9E-31E5-45F2-BAF5-4FC1E9223C1F}C:\users\marcelo mataraia\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\marcelo mataraia\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{5DD7A062-3637-4B2F-B7E4-8AB423B55415}C:\program files\microsoft research\microsoft worldwide telescope\wwtexplorer.exe" = protocol=6 | dir=in | app=c:\program files\microsoft research\microsoft worldwide telescope\wwtexplorer.exe |
"TCP Query User{65500D20-E694-4ABF-BFA5-5750066CA4BF}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"TCP Query User{6FA99F4B-D9BF-4534-981C-1CF43D801255}C:\program files\tibiacast\tibiacast client.exe" = protocol=6 | dir=in | app=c:\program files\tibiacast\tibiacast client.exe |
"TCP Query User{7D9A5ACC-CE03-483F-8B56-0EA61241B64E}C:\program files\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"TCP Query User{7DFC0D09-FCD9-4931-8C48-341DC56FC9F7}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{83A34E8D-F6D9-4018-99A5-D08DE92F0864}D:\assistente.exe" = protocol=6 | dir=in | app=d:\assistente.exe |
"TCP Query User{8F708928-B4D4-4F16-88F6-FDF700D02773}C:\program files\steam\steamapps\common\america's army 3\binaries\aa3game.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\america's army 3\binaries\aa3game.exe |
"TCP Query User{97EF4E24-AB9C-486C-A23A-830AF7AC2241}C:\program files\garena\garena.exe" = protocol=6 | dir=in | app=c:\program files\garena\garena.exe |
"TCP Query User{9E97C496-2BE0-439B-98A2-ED71FC148C37}C:\program files\ubisoft\splinter cell pandora tomorrow\pandora.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\splinter cell pandora tomorrow\pandora.exe |
"TCP Query User{A8EE7786-6C61-4247-8440-BEB6A5EE97E8}C:\program files\darkeden moonlight\darkeden.exe" = protocol=6 | dir=in | app=c:\program files\darkeden moonlight\darkeden.exe |
"TCP Query User{BBE33573-6241-4E9B-8603-73B68BF63B83}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe |
"TCP Query User{CD0E071B-5C81-4D18-8153-3EB3C3A4617D}C:\users\marcelo mataraia\desktop\jogos\dark eden\darkeden.exe" = protocol=6 | dir=in | app=c:\users\marcelo mataraia\desktop\jogos\dark eden\darkeden.exe |
"TCP Query User{D31A2348-86EC-4C51-A8F8-6AD5AB54AC45}C:\program files\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |
"TCP Query User{D65D213B-870C-4116-8838-8EBA5D42587C}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{ED4859AA-34F2-441B-B797-609D262E4355}C:\program files\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files\heroes of newerth\hon.exe |
"TCP Query User{ED7A4F00-420A-4870-A347-858CC900664B}C:\program files\diablo ii\game.exe" = protocol=6 | dir=in | app=c:\program files\diablo ii\game.exe |
"TCP Query User{EF16C6B5-D218-451B-97CF-756159978B5D}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{00C51B83-F706-44FD-93AE-171CCDE63ADE}C:\program files\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"UDP Query User{12B03FBE-A942-4393-A772-E3C7364B8C6A}C:\program files\tibiacast\tibiacast client.exe" = protocol=17 | dir=in | app=c:\program files\tibiacast\tibiacast client.exe |
"UDP Query User{150AFF8E-FFBA-44FD-BB62-E781B0C86CAE}C:\users\marcelo mataraia\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\marcelo mataraia\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{27899A5A-20AA-416A-A125-D3FBF9EDB079}C:\users\marcelo mataraia\desktop\jogos\dark eden\darkeden.exe" = protocol=17 | dir=in | app=c:\users\marcelo mataraia\desktop\jogos\dark eden\darkeden.exe |
"UDP Query User{281D2C24-749B-4E01-899E-33173200A3F1}C:\program files\valve\portal 2\portal2.exe" = protocol=17 | dir=in | app=c:\program files\valve\portal 2\portal2.exe |
"UDP Query User{2C44D3BD-306C-4C3E-B997-F3FBB14B9D6E}C:\program files\steam\steamapps\common\america's army 3\binaries\aa3game.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\america's army 3\binaries\aa3game.exe |
"UDP Query User{2D4B8A56-C4A2-4159-9989-FD74ED59392C}D:\assistente.exe" = protocol=17 | dir=in | app=d:\assistente.exe |
"UDP Query User{2F536CFF-A0FB-47AF-92EB-CD7AC18C117D}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{58615FEC-6861-43A6-A7FD-565ACA1ABFEF}C:\program files\ubisoft\splinter cell pandora tomorrow\pandora.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\splinter cell pandora tomorrow\pandora.exe |
"UDP Query User{5ABF4327-A131-401E-9A6B-FF5204109298}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"UDP Query User{68BA51C2-0779-4D2F-9B30-E7174526E654}C:\program files\diablo ii\game.exe" = protocol=17 | dir=in | app=c:\program files\diablo ii\game.exe |
"UDP Query User{6B5D2F28-89F6-4731-8ABA-981F0E329E4C}C:\program files\dklegend\dklegend.exe" = protocol=17 | dir=in | app=c:\program files\dklegend\dklegend.exe |
"UDP Query User{6DE72B3F-FC42-4A94-937C-6E355B8ADD4D}C:\program files\valve\hlds.exe" = protocol=17 | dir=in | app=c:\program files\valve\hlds.exe |
"UDP Query User{6FD110A7-DFD0-49BE-9AA6-259AD6BFE259}C:\program files\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files\heroes of newerth\hon.exe |
"UDP Query User{8AB9E319-8A37-4FEE-AAC5-64D864E4CF91}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{8D04C229-0074-4F82-A11F-5CF43D7D6B85}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe |
"UDP Query User{95FE755A-0D29-4B9D-84EF-F0DECE2DF5E1}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{96E10A6B-7886-41BF-B948-22479D3EC35A}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"UDP Query User{982F06BE-5EA1-4434-8C4B-9AFB2073BF3D}C:\program files\valve\hl.exe" = protocol=17 | dir=in | app=c:\program files\valve\hl.exe |
"UDP Query User{AC4DEC80-BC95-4631-8728-175785955D03}C:\program files\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |
"UDP Query User{BCA82915-66E1-4B4E-9BC4-CF75D542E302}C:\program files\darkeden moonlight\darkeden.exe" = protocol=17 | dir=in | app=c:\program files\darkeden moonlight\darkeden.exe |
"UDP Query User{BE8E24B9-F2D7-4E8F-84EA-2C7377552CF7}C:\program files\microsoft research\microsoft worldwide telescope\wwtexplorer.exe" = protocol=17 | dir=in | app=c:\program files\microsoft research\microsoft worldwide telescope\wwtexplorer.exe |
"UDP Query User{E271473F-CE4B-48E0-9880-30689966158F}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{ED30F743-8B45-4DF6-88D1-BD26ED4B3992}C:\program files\garena\garena.exe" = protocol=17 | dir=in | app=c:\program files\garena\garena.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CC6719B-F874-49CF-82A0-D3F5D65FFE2A}" = Microsoft WorldWide Telescope
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Suporte para Aplicativos Apple
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710F4C1C-CC18-4C49-8CBF-51240C89A1A2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}" = Claro 3G
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC381102-E482-4312-AC62-1D4C3EED8E4F}" = Tibiacast
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BF6379E6-9936-46B0-B6AC-C56EE3987D2E}" = inSSIDer
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
"{CE12493A-CDCE-458B-AD87-3FC822E6CE30}" = Prime
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D4EEC21C-04F0-4CF4-8078-82C11E38EF11}" = REALTEK Wireless LAN Driver
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5F05232-96B6-4552-A480-785A60A94B21}" = System Requirements Lab CYRI
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced SystemCare 5_is1" = Advanced SystemCare 5
"Audacity_is1" = Audacity 2.0
"CCleaner" = CCleaner
"DarkEden" = DarkEden
"ElfBot NG_is1" = ElfBot NG 4.5.9
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"LastFM_is1" = Last.fm 2.1.24
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versão 1.65.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MzGameAccelerator_is1" = Mz Game Accelerator
"programmeroi_is1" = Oi Velox
"PunkBusterSvc" = PunkBuster Services
"Steam App 10" = Counter-Strike
"Steam App 570" = Dota 2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Tibia Auto" = NSIS Example2
"Tibia_is1" = Tibia
"TibiaBot NG_is1" = TibiaBot NG 4.9.7
"TMIPC" = Tibia MULTI-ip changer
"TomTom HOME" = TomTom HOME 2.8.3.2499
"uTorrent" = µTorrent
"VideoPad" = VideoPad Video Editor
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"PowerOT Client" = PowerOT Client
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 05/03/2012 19:50:57 | Computer Name = Mataraia | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12761

Error - 05/03/2012 21:18:50 | Computer Name = Mataraia | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Falha ao extrair lista raiz de terceiros do arquivo cab de atualização
automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
com erro: Um certificado necessário não está no período de validade ao ser verificado
em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado.
.

Error - 05/03/2012 21:35:13 | Computer Name = Mataraia | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 05/03/2012 22:42:40 | Computer Name = Mataraia | Source = SideBySide | ID = 16842827
Description = A geração de contexto de ativação falhou com relação a "C:\Program
Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Erro em arquivo
de manifesto ou diretiva "C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe",
na linha 2. Vários elementos de requestedPrivileges não são permitidos em manifesto.

Error - 05/03/2012 22:43:21 | Computer Name = Mataraia | Source = SideBySide | ID = 16842785
Description = Falha na geração de contexto de ativação para "C:\Program Files\Windows
Sidebar\Gadgets\NeroLive.Gadget\PTT\NMTvWizard.exe.Manifest". Assembly dependente
NScCoreComponents,type="win32",version="4.2.0.0" não pôde ser localizado. Use o
arquivo sxstrace.exe para obter um diagnóstico detalhado.

Error - 05/03/2012 22:43:46 | Computer Name = Mataraia | Source = SideBySide | ID = 16842811
Description = Falha na geração de contexto de ativação para "C:\Program Files\Microsoft\Search
Enhancement Pack\Search Helper\SEPsearchhelperie.dll". Erro no arquivo de manifesto
ou de diretiva C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll",
na linha 2. Sintaxe XMl inválida.

Error - 05/03/2012 22:43:50 | Computer Name = Mataraia | Source = SideBySide | ID = 16842811
Description = Falha na geração de contexto de ativação para "C:\Program Files\Microsoft\Search
Enhancement Pack\Search Box Extension\SrchBxEx.dll". Erro no arquivo de manifesto
ou de diretiva C:\Program Files\Microsoft\Search Enhancement Pack\Search Box Extension\SrchBxEx.dll",
na linha 2. Sintaxe XMl inválida.

Error - 05/03/2012 22:44:57 | Computer Name = Mataraia | Source = SideBySide | ID = 16842811
Description = Falha na geração de contexto de ativação para "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll". Erro no arquivo de manifesto
ou de diretiva c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll",
na linha 2. Sintaxe XMl inválida.

Error - 06/03/2012 10:14:20 | Computer Name = Mataraia | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Falha ao extrair lista raiz de terceiros do arquivo cab de atualização
automática de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
com erro: Um certificado necessário não está no período de validade ao ser verificado
em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo assinado.
.

Error - 06/03/2012 22:08:58 | Computer Name = Mataraia | Source = Customer Experience Improvement Program | ID = 1008
Description =

[ System Events ]
Error - 10/12/2012 22:17:33 | Computer Name = Mataraia | Source = DCOM | ID = 10005
Description =

Error - 10/12/2012 22:17:34 | Computer Name = Mataraia | Source = DCOM | ID = 10005
Description =

Error - 10/12/2012 22:17:34 | Computer Name = Mataraia | Source = Service Control Manager | ID = 7001
Description = O serviço Serviço da Lista de Redes depende do serviço Reconhecimento
de Locais de Rede, mas não foi possível iniciá-lo devido ao seguinte erro: %%1068

Error - 10/12/2012 22:17:34 | Computer Name = Mataraia | Source = Service Control Manager | ID = 7001
Description = O serviço Serviço da Lista de Redes depende do serviço Reconhecimento
de Locais de Rede, mas não foi possível iniciá-lo devido ao seguinte erro: %%1068

Error - 10/12/2012 22:17:34 | Computer Name = Mataraia | Source = Service Control Manager | ID = 7001
Description = O serviço Serviço da Lista de Redes depende do serviço Reconhecimento
de Locais de Rede, mas não foi possível iniciá-lo devido ao seguinte erro: %%1068

Error - 10/12/2012 22:17:34 | Computer Name = Mataraia | Source = Service Control Manager | ID = 7001
Description = O serviço Serviço da Lista de Redes depende do serviço Reconhecimento
de Locais de Rede, mas não foi possível iniciá-lo devido ao seguinte erro: %%1068

Error - 10/12/2012 22:17:34 | Computer Name = Mataraia | Source = Service Control Manager | ID = 7001
Description = O serviço Serviço da Lista de Redes depende do serviço Reconhecimento
de Locais de Rede, mas não foi possível iniciá-lo devido ao seguinte erro: %%1068

Error - 10/12/2012 22:17:34 | Computer Name = Mataraia | Source = Service Control Manager | ID = 7001
Description = O serviço Serviço da Lista de Redes depende do serviço Reconhecimento
de Locais de Rede, mas não foi possível iniciá-lo devido ao seguinte erro: %%1068

Error - 10/12/2012 22:17:58 | Computer Name = Mataraia | Source = DCOM | ID = 10005
Description =

Error - 12/12/2012 01:21:32 | Computer Name = Mataraia | Source = DCOM | ID = 10010
Description =


< End of report >


That's all

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,746 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:56 PM

Posted 16 December 2012 - 09:29 AM

Run OTL - Double-click OTL.exe Posted Image to start it.

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    DRV - (XDva389) -- C:\Windows\system32\XDva389.sys File not found
    DRV - (catchme) -- C:\Users\MARCEL~1\AppData\Local\Temp\catchme.sys File not found
    DRV - (aeoxbylg) -- File not found
    DRV - (ab19spsg) -- File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    @Alternate Data Stream - 315 bytes -> C:\ProgramData\TEMP:E41EAF13
    @Alternate Data Stream - 314 bytes -> C:\Windows\System32\drivers:GbpKmAp.lst
    @Alternate Data Stream - 231 bytes -> C:\ProgramData\TEMP:6BE50C2B
    @Alternate Data Stream - 226 bytes -> C:\ProgramData\TEMP:4EE74317
    @Alternate Data Stream - 2 bytes -> C:\Windows\System32:FAA691DA_Cef.gbp
    @Alternate Data Stream - 2 bytes -> C:\Windows\System32:FAA691DA_Bmb.gbp
    @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:553CA6CA

    :Commands
    [emptytemp]
    [REBOOT]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Empty Control panel and Program files/folders.

Make sure they are not hidden.

Unhide files/folders in Windows 7
http://www.bleepingcomputer.com/tutorials/tutorial151.html
Follow these instructions.
===

Third party programs if not up to date can be an open door for an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Search for AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).

Submit the logs and let me know if the problem persists.

#6 Mataraia

Mataraia
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 17 December 2012 - 12:01 AM

Here are the logs:

OTL logfile created on: 17/12/2012 02:34:14 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marcelo Mataraia\Downloads
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

1,96 Gb Total Physical Memory | 0,91 Gb Available Physical Memory | 46,64% Memory free
3,92 Gb Paging File | 2,82 Gb Available in Paging File | 71,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,79 Gb Total Space | 13,79 Gb Free Space | 5,92% Space Free | Partition Type: NTFS
Drive D: | 3,36 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 931,51 Gb Total Space | 706,79 Gb Free Space | 75,88% Space Free | Partition Type: NTFS

Computer Name: MATARAIA | User Name: Marcelo Mataraia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Marcelo Mataraia\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Arquivos de Programas\GbPlugin\gbpsv.exe ( )
PRC - C:\Arquivos de Programas\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
PRC - C:\Arquivos de Programas\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
PRC - C:\Arquivos de Programas\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Arquivos de Programas\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Arquivos de Programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Arquivos de Programas\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Arquivos de Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)


========== Modules (No Company Name) ==========

MOD - C:\Users\Marcelo Mataraia\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Marcelo Mataraia\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll ()
MOD - C:\Users\Marcelo Mataraia\AppData\Local\Google\Chrome\Application\23.0.1271.97\libglesv2.dll ()
MOD - C:\Users\Marcelo Mataraia\AppData\Local\Google\Chrome\Application\23.0.1271.97\libegl.dll ()
MOD - C:\Users\Marcelo Mataraia\AppData\Local\Google\Chrome\Application\23.0.1271.97\avutil-51.dll ()
MOD - C:\Users\Marcelo Mataraia\AppData\Local\Google\Chrome\Application\23.0.1271.97\avformat-54.dll ()
MOD - C:\Users\Marcelo Mataraia\AppData\Local\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll ()
MOD - C:\Arquivos de Programas\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Arquivos de Programas\Common Files\Apple\Apple Application Support\libxml2.dll ()


========== Services (SafeList) ==========

SRV - (SkypeUpdate) -- C:\Arquivos de Programas\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MozillaMaintenance) -- C:\Arquivos de Programas\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Hamachi2Svc) -- C:\Arquivos de Programas\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (GbpSv) -- C:\Arquivos de Programas\GbPlugin\gbpsv.exe ( )
SRV - (AdvancedSystemCareService5) -- C:\Arquivos de Programas\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (TomTomHOMEService) -- C:\Arquivos de Programas\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (wlidsvc) -- C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (NIHardwareService) -- C:\Arquivos de Programas\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
SRV - (WinDefend) -- C:\Arquivos de Programas\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Arquivos de Programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Arquivos de Programas\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (StarWindServiceAE) -- C:\Arquivos de Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)


========== Driver Services (SafeList) ==========

DRV - (ONDAusbvoice) -- system32\DRIVERS\ONDAusbvoice.sys File not found
DRV - (ONDAusbser6k) -- system32\DRIVERS\ONDAusbser6k.sys File not found
DRV - (ONDAusbnmea) -- system32\DRIVERS\ONDAusbnmea.sys File not found
DRV - (ONDAusbmdm6k) -- system32\DRIVERS\ONDAusbmdm6k.sys File not found
DRV - (GGSAFERDriver) -- C:\Program Files\Garena\safedrv.sys File not found
DRV - (arx5hobd) -- File not found
DRV - (agsfelam) -- File not found
DRV - (GbpKm) -- C:\Windows\System32\drivers\gbpkm.sys (GAS Tecnologia)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (BEHRINGER_2902) -- C:\Windows\System32\drivers\BUSB2902.sys (BEHRINGER)
DRV - (BUSB_AUDIO_WDM) -- C:\Windows\System32\drivers\busbwdm.sys (BEHRINGER)
DRV - (ReallusionVirtualAudio) -- C:\Windows\System32\drivers\RLVrtAuCbl.sys ()
DRV - (ctxusbm) -- C:\Windows\System32\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV - (RMCAST) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation )
DRV - (IntcHdmiAddService) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel® Corporation)
DRV - (LiveIO) -- C:\Windows\System32\drivers\LiveIO.sys ()
DRV - (Livekbc) -- C:\Windows\System32\drivers\Livekbc.sys (Systems Internals)
DRV - (Livemouclass) -- C:\Windows\System32\drivers\Livemouclass.sys (Systems Internals)
DRV - (LiveGpdKBFilter) -- C:\Windows\System32\drivers\LiveGpdKBFilter.sys (Windows ® Win 7 DDK provider)
DRV - (KMWDFILTERx86) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows ® Codename Longhorn DDK provider)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.semptoshiba.com.br/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0E502AEC-5101-419C-A496-942C810A91DA}: "URL" = http://www.google.com/search?hl=en&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 72.181.191.145:80

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.17: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.17: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Marcelo Mataraia\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Marcelo Mataraia\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Marcelo Mataraia\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Marcelo Mataraia\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/07 22:16:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2010/12/23 16:54:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcelo Mataraia\AppData\Roaming\mozilla\Extensions
[2010/12/23 16:54:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcelo Mataraia\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012/11/07 22:16:21 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de Programas\Mozilla Firefox\extensions
[2012/10/24 15:50:58 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/24 15:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/24 15:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.semptoshiba.com.br/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.semptoshiba.com.br/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Marcelo Mataraia\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Marcelo Mataraia\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Marcelo Mataraia\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Marcelo Mataraia\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Battlefield Play4Free Updater (Enabled) = C:\Users\Marcelo Mataraia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkejhbcdagodjdndmfnhaibnealjonei\1.0.66.2_0\npBP4FUpdater.dll
CHR - plugin: Battlefield Play4Free Updater (Enabled) = C:\Users\Marcelo Mataraia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkejhbcdagodjdndmfnhaibnealjonei\1.0.66.2_0\BP4FUpdater.exe
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Marcelo Mataraia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Marcelo Mataraia\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Marcelo Mataraia\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Chrome for a Cause = C:\Users\Marcelo Mataraia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbfammmagchhaohncbhghoohcfoeckdi\1.5.3_0\
CHR - Extension: YouTube = C:\Users\Marcelo Mataraia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Pesquisa do Google = C:\Users\Marcelo Mataraia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Battlefield Play4Free = C:\Users\Marcelo Mataraia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkejhbcdagodjdndmfnhaibnealjonei\1.0.66.2_0\
CHR - Extension: AdBlock = C:\Users\Marcelo Mataraia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.51_0\
CHR - Extension: FastestChrome - Browse Faster = C:\Users\Marcelo Mataraia\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\7.0.0_0\
CHR - Extension: Gmail = C:\Users\Marcelo Mataraia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/12/10 16:46:42 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de Programas\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de Programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de Programas\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540001} - C:\Arquivos de Programas\GbPlugin\gbiehBmb.dll (Banco Mercantil do Brasil)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de Programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [OiVelox] C:\Arquivos de Programas\Oi\Programmer\OiVeloxCheck.exe ()
O4 - HKCU..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Marcelo Mataraia\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Arquivos de Programas\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de Programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de Programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de Programas\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de Programas\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Arquivos de Programas\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O15 - HKCU\..Trusted Domains: bmb.com.br ([bdu] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mercantildobrasil.com.br ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mercantildobrasil.com.br ([www2] https in Trusted sites)
O16 - DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} http://fifa-online.easports.com/fo3-theme/addons/EAFO3AXLauncher.cab (EAFO3AXLauncher Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399001} https://bdu.bmb.com.br/plugin/GbPluginBmb.cab (GbPluginObj Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B06D777-9B74-46BB-8771-EF419994E897}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C001B907-2AD7-4E1D-869D-6B2468D6E385}: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de Programas\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de Programas\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Arquivos de Programas\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ GbPluginBmb: DllName - (C:\PROGRA~1\GbPlugin\gbiehBmb.dll) - C:\Arquivos de Programas\GbPlugin\gbiehBmb.dll (Banco Mercantil do Brasil)
O20 - Winlogon\Notify\ GbPluginCef: DllName - (C:\Program Files\GbPlugin\gbiehCef.dll) - C:\Arquivos de Programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399001} - C:\Arquivos de Programas\GbPlugin\gbiehBmb.dll (Banco Mercantil do Brasil)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Arquivos de Programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 19:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/05/13 18:24:35 | 000,000,000 | RH-D | M] - E:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002/10/17 00:56:50 | 000,000,036 | RH-- | M] () - E:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/17 02:24:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/12/15 15:06:14 | 000,000,000 | ---D | C] -- C:\Users\Marcelo Mataraia\AppData\Roaming\Malwarebytes
[2012/12/15 15:05:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/12/15 15:05:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/12/15 15:05:27 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/12/15 15:05:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/12/15 00:14:23 | 000,000,000 | ---D | C] -- C:\Gravity
[2012/12/12 03:11:41 | 000,000,000 | ---D | C] -- C:\Users\Marcelo Mataraia\Desktop\aa
[2012/12/11 00:35:39 | 000,000,000 | ---D | C] -- C:\Users\Marcelo Mataraia\Desktop\gmer
[2012/12/10 16:51:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/12/10 16:37:49 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/12/10 16:37:49 | 000,000,000 | ---D | C] -- C:\Users\Marcelo Mataraia\AppData\Local\temp
[2012/12/10 16:22:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/12/10 16:22:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/12/10 16:22:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/12/10 16:22:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/12/10 16:22:22 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/12/10 16:13:11 | 000,000,000 | ---D | C] -- C:\Users\Marcelo Mataraia\AppData\Local\{BD69C601-A99E-4364-BB53-86E389B7EFA5}
[2012/12/10 15:21:33 | 000,000,000 | ---D | C] -- C:\Users\Marcelo Mataraia\AppData\Local\{3A80FA1A-164A-4248-9EA0-C1B0418F16A5}
[2012/12/04 10:02:57 | 000,000,000 | RHSD | C] -- C:\Users\Marcelo Mataraia\Desktop\Discografia - O Teatro Mágico
[2012/12/04 01:39:56 | 000,000,000 | ---D | C] -- C:\Users\Marcelo Mataraia\AppData\Local\Facebook
[2012/12/02 20:38:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WorldUnlock Calculator
[2012/12/02 18:40:54 | 000,000,000 | ---D | C] -- C:\Users\Marcelo Mataraia\AppData\Local\{9BECEDED-58B0-4164-95C7-C2070F91E957}
[2012/12/01 11:29:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/12/01 11:29:09 | 000,000,000 | RHSD | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/12/01 11:29:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/12/01 02:04:49 | 000,000,000 | ---D | C] -- C:\Users\Marcelo Mataraia\AppData\Local\{62628015-FAC0-4EF2-B176-355CBE626B8C}
[2012/11/30 14:04:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/11/30 14:04:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/11/30 14:04:01 | 000,000,000 | ---D | C] -- C:\Users\Marcelo Mataraia\AppData\Local\{BE4B529A-0BE5-4CFD-952D-B95B4DC6C0AC}
[2012/11/30 13:49:31 | 000,000,000 | ---D | C] -- C:\Users\Marcelo Mataraia\AppData\Local\Downloaded Installations
[2012/11/29 10:08:42 | 000,000,000 | ---D | C] -- C:\Users\Marcelo Mataraia\AppData\Local\{E354D61F-1985-49A6-AAD1-36A379FE23F1}
[2012/11/19 17:35:37 | 000,000,000 | ---D | C] -- C:\Users\Marcelo Mataraia\AppData\Local\{DF8277D4-A385-4849-90BE-41C2A13EECB5}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/17 02:36:01 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/17 02:36:01 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/17 02:29:04 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/17 02:28:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/17 02:28:26 | 1579,843,584 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/17 02:27:01 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2821982559-343958672-2473211886-1000UA.job
[2012/12/17 01:45:01 | 000,000,972 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2821982559-343958672-2473211886-1000UA.job
[2012/12/17 01:45:00 | 000,000,950 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2821982559-343958672-2473211886-1000Core.job
[2012/12/17 01:43:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/16 23:27:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2821982559-343958672-2473211886-1000Core.job
[2012/12/15 15:05:35 | 000,001,074 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/12 17:41:01 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012/12/12 15:36:29 | 000,713,894 | ---- | M] () -- C:\Windows\System32\prfh0416.dat
[2012/12/12 15:36:29 | 000,661,724 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/12/12 15:36:29 | 000,152,206 | ---- | M] () -- C:\Windows\System32\prfc0416.dat
[2012/12/12 15:36:29 | 000,125,810 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/12/12 03:41:23 | 001,784,131 | ---- | M] () -- C:\Users\Marcelo Mataraia\Desktop\cinza 100x.png
[2012/12/12 03:41:09 | 009,394,695 | ---- | M] () -- C:\Users\Marcelo Mataraia\Desktop\cinza 100x.psd
[2012/12/12 03:24:50 | 000,281,432 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/12/10 16:46:42 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/12/03 14:19:33 | 001,830,715 | ---- | M] () -- C:\Users\Marcelo Mataraia\Desktop\P28-11-12_15.png
[2012/12/02 20:56:04 | 000,000,200 | ---- | M] () -- C:\Users\Marcelo Mataraia\Documents\imei corby.rtf
[2012/12/01 12:18:33 | 000,000,369 | ---- | M] () -- C:\Windows\wininit.ini
[2012/11/28 15:27:56 | 000,318,264 | ---- | M] () -- C:\Users\Marcelo Mataraia\Desktop\P28-11-12_15.27.jpg
[2012/11/23 17:45:30 | 000,000,213 | ---- | M] () -- C:\Users\Marcelo Mataraia\Desktop\Dota 2.url
[2012/11/19 09:19:11 | 000,003,715 | ---- | M] () -- C:\Users\Marcelo Mataraia\Desktop\promessas.rtf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/15 15:05:35 | 000,001,074 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/12 03:41:17 | 001,784,131 | ---- | C] () -- C:\Users\Marcelo Mataraia\Desktop\cinza 100x.png
[2012/12/12 03:41:07 | 009,394,695 | ---- | C] () -- C:\Users\Marcelo Mataraia\Desktop\cinza 100x.psd
[2012/12/10 16:22:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/12/10 16:22:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/12/10 16:22:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/12/10 16:22:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/12/10 16:22:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/12/03 14:19:25 | 001,830,715 | ---- | C] () -- C:\Users\Marcelo Mataraia\Desktop\P28-11-12_15.png
[2012/12/03 14:16:11 | 000,318,264 | ---- | C] () -- C:\Users\Marcelo Mataraia\Desktop\P28-11-12_15.27.jpg
[2012/12/02 20:56:04 | 000,000,200 | ---- | C] () -- C:\Users\Marcelo Mataraia\Documents\imei corby.rtf
[2012/12/01 12:18:32 | 000,000,369 | ---- | C] () -- C:\Windows\wininit.ini
[2012/11/23 17:45:26 | 000,000,213 | ---- | C] () -- C:\Users\Marcelo Mataraia\Desktop\Dota 2.url
[2012/11/19 03:03:34 | 000,003,715 | ---- | C] () -- C:\Users\Marcelo Mataraia\Desktop\promessas.rtf
[2012/05/20 23:51:15 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012/05/18 17:51:14 | 000,065,536 | ---- | C] () -- C:\Windows\IFinst27.exe
[2012/05/16 23:44:19 | 961,808,274 | ---- | C] () -- C:\Program Files\DarkedenNA111124.exe.downloading
[2012/04/04 00:18:18 | 000,109,216 | ---- | C] () -- C:\Windows\System32\EasyHook64.dll
[2012/04/04 00:18:18 | 000,084,480 | ---- | C] () -- C:\Windows\System32\EasyHook32.dll
[2012/04/02 01:25:47 | 000,140,952 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012/04/02 01:25:46 | 000,138,056 | ---- | C] () -- C:\Users\Marcelo Mataraia\AppData\Roaming\PnkBstrK.sys
[2012/04/02 01:25:30 | 000,298,280 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012/04/02 01:25:27 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012/04/02 01:25:26 | 003,360,624 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2012/01/20 01:28:53 | 000,000,000 | ---- | C] () -- C:\Users\Marcelo Mataraia\AppData\Local\{CAD173AA-DCA4-4874-8C72-0A47D9AE08AE}
[2012/01/14 04:11:09 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2011/10/06 17:45:03 | 000,051,078 | ---- | C] () -- C:\Users\Marcelo Mataraia\AppData\Roaming\room_v3.dat
[2011/08/17 19:29:02 | 000,000,104 | ---- | C] () -- C:\Users\Marcelo Mataraia\AppData\Local\fusioncache.dat
[2011/08/17 18:06:27 | 000,000,104 | ---- | C] () -- C:\Users\Marcelo Mataraia\AppData\Roaming\iTunesAlbumArtFinderPrefs
[2011/08/17 18:06:27 | 000,000,081 | -H-- | C] () -- C:\Users\Marcelo Mataraia\AppData\Roaming\iaaf_system_file
[2011/06/28 21:14:08 | 000,000,000 | ---- | C] () -- C:\Users\Marcelo Mataraia\AppData\Local\{6DB08696-14F2-4547-A312-EF3C7A569D86}
[2011/06/01 21:09:36 | 000,009,728 | ---- | C] () -- C:\Windows\System32\vvprotect.sys
[2011/03/12 00:55:55 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2011/02/17 13:15:46 | 000,001,112 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2011/02/17 13:15:46 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2011/02/17 13:15:45 | 000,189,796 | ---- | C] () -- C:\Windows\System32\drivers\RTConvEQ.dat
[2011/02/17 13:15:45 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2011/02/17 13:15:45 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2011/02/17 13:15:45 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2010/12/03 05:47:25 | 000,000,000 | ---- | C] () -- C:\Users\Marcelo Mataraia\AppData\Roaming\downloads.m3u
[2010/04/15 19:20:34 | 000,024,064 | ---- | C] () -- C:\Users\Marcelo Mataraia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/30 21:42:31 | 000,000,149 | ---- | C] () -- C:\Users\Marcelo Mataraia\AppData\Roaming\default.rss

========== ZeroAccess Check ==========

[2009/07/14 02:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 02:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 23:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 23:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/02/03 00:08:37 | 000,000,000 | ---D | M] -- C:\Users\Marcelo Mataraia\AppData\Roaming\Aegisub
[2010/09/18 16:12:55 | 000,000,000 | ---D | M] -- C:\Users\Marcelo Mataraia\AppData\Roaming\Atari
[2012/09/21 18:36:32 | 000,000,000 | ---D | M] -- C:\Users\Marcelo Mataraia\AppData\Roaming\Audacity
[2012/03/20 00:25:53 | 000,000,000 | ---D | M] -- C:\Users\Marcelo Mataraia\AppData\Roaming\BitComet
[2010/04/26 20:34:20 | 000,000,000 | ---D | M] -- C:\Users\Marcelo Mataraia\AppData\Roaming\BrOffice.org
[2011/09/02 18:53:02 | 000,000,000 | ---D | M] -- C:\Users\Marcelo Mataraia\AppData\Roaming\BSplayer
[2011/09/02 04:09:26 | 000,000,000 | ---D | M] -- C:\Users\Marcelo Mataraia\AppData\Roaming\BSplayer Pro
[2011/10/07 21:02:34 | 000,000,000 | ---D | M] -- C:\Users\Marcelo Mataraia\AppData\Roaming\Cocoon Software
[2012/05/18 15:24:14 | 000,000,000 | ---D | M] -- C:\Users\Marcelo Mataraia\AppData\Roaming\DAEMON Tools Lite
[2010/11/29 03:57:00 | 000,000,000 | ---D | M] -- C:\Users\Marcelo Mataraia\AppData\Roaming\DeviceDoctorSoftware
[2012/06/29 20:21:56 | 000,000,000 | ---D | M] -- C:\Users\Marcelo Mataraia\AppData\Roaming\Easeware
[2010/12/02 09:52:21 | 000,000,000 | ---D | M] -- C:\Users\Marcelo Mataraia\AppData\Roaming\ICAClient
[2012/05/18 15:18:30 | 000,000,000 | ---D | M] -- C:\Users\Marcelo Mataraia\AppData\Roaming\IObit
[2010/09/18 15:00:10 | 000,000,000 | ---D | M] -- C:\Users\Marcelo Mataraia\AppData\Roaming\Leadertech
[2011/09/02 03:38:50 | 000,000,000 | ---D | M] -- C:\Users\Marcelo Mataraia\AppData\Roaming\Nullsoft
[2010/03/31 19:31:32 | 000,000,000 | ---D | M] -- C:\Users\Marcelo Mataraia\AppData\Roaming\Oi
[2011/10/07 23:05:24 | 000,000,000 | ---D | M] -- C:\Users\Marcelo Mataraia\AppData\Roaming\OxelonMC
[2011/10/16 05:55:52 | 000,000,000 | ---D | M] -- C:\Users\Marcelo Mataraia\AppData\Roaming\RGE
[2010/11/11 23:29:35 | 000,000,000 | ---D | M] -- C:\Users\Marcelo Mataraia\AppData\Roaming\SPORE
[2011/05/03 14:03:09 | 000,000,000 | ---D | M] -- C:\Users\Marcelo Mataraia\AppData\Roaming\Thinstall
[2012/06/25 12:58:49 | 000,000,000 | ---D | M] -- C:\Users\Marcelo Mataraia\AppData\Roaming\Tibia
[2011/04/14 02:09:42 | 000,000,000 | ---D | M] -- C:\Users\Marcelo Mataraia\AppData\Roaming\Tibiacast
[2010/11/16 16:09:10 | 000,000,000 | ---D | M] -- C:\Users\Marcelo Mataraia\AppData\Roaming\Tific
[2010/12/23 16:54:38 | 000,000,000 | ---D | M] -- C:\Users\Marcelo Mataraia\AppData\Roaming\TomTom
[2012/03/20 14:35:08 | 000,000,000 | ---D | M] -- C:\Users\Marcelo Mataraia\AppData\Roaming\TS3Client
[2012/12/17 02:24:13 | 000,000,000 | ---D | M] -- C:\Users\Marcelo Mataraia\AppData\Roaming\uTorrent
[2011/11/07 14:10:03 | 000,000,000 | ---D | M] -- C:\Users\Marcelo Mataraia\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 314 bytes -> C:\Windows\System32\drivers:GbpKmAp.lst
@Alternate Data Stream - 2 bytes -> C:\Windows\System32:FAA691DA_Cef.gbp
@Alternate Data Stream - 2 bytes -> C:\Windows\System32:FAA691DA_Bmb.gbp

< End of report >

Results of screen317's Security Check version 0.99.56
Windows 7 x86 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware versão 1.65.1.1000
CCleaner
Java™ 6 Update 31
Java version out of Date!
Adobe Flash Player 11.5.502.110
Mozilla Firefox 16.0.2 Firefox out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
Google Chrome 23.0.1271.91
Google Chrome 23.0.1271.95
Google Chrome 23.0.1271.97
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

---

# AdwCleaner v2.101 - Logfile created 12/17/2012 at 02:54:18
# Updated 16/12/2012 by Xplode
# Operating system : Windows 7 Starter (32 bits)
# User : Marcelo Mataraia - MATARAIA
# Boot Mode : Normal
# Running from : C:\Users\Marcelo Mataraia\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Program Files\Claro
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Claro

***** [Registry] *****

Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Softonic
Key Found : HKLM\Software\Conduit

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Users\Marcelo Mataraia\AppData\Roaming\Mozilla\Firefox\Profiles\oyezusao.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Marcelo Mataraia\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1082 octets] - [17/12/2012 02:54:18]

########## EOF - C:\AdwCleaner[R1].txt - [1142 octets] ##########



Thanks for the help, i tried this (show hidden folders) before and the folders didn't show, now they're there...

Edited by Mataraia, 17 December 2012 - 12:06 AM.


#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,746 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:56 PM

Posted 17 December 2012 - 02:06 PM

Learn how to install Windows 7 Service Pack 1 (SP1)
http://windows.microsoft.com/installwindows7sp1

===

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 31


===

Search for AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).

Please post the log and let me know what problem persists.

#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,746 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:56 PM

Posted 23 December 2012 - 09:03 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users