Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected Windows 7 restarts, can't access Task Manager or windows updates


  • This topic is locked This topic is locked
49 replies to this topic

#1 rreis.gomes

rreis.gomes

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:08:37 AM

Posted 15 June 2014 - 10:02 AM

Hi,

 

This annoying virus keeps restarting my computer, prevents me to access Task Manager doesn't let me Shut Down the computer on Start menu, I have installed Kaspersky Internet Security 2014 fully licenced and it does not detect anything. 

The restarts happen more often in the afternoon (5-10min between) and If I use heavy programs it does not restart like rendering in 3DS Max (had seem this tip on your forum).

Had used Kaspersky TDSS, RKILL and it found nothing...

 

 

Her is DDS log:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 10.55.2
Run by LiquidPC at 15:40:24 on 2014-06-15
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.351.2070.18.8183.2060 [GMT 1:00]
.
AV: Kaspersky Anti-Virus *Disabled/Outdated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Anti-Virus *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\SysWOW64\ASTSRV.EXE
C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Jump Desktop\JumpService.exe
C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe
C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe
C:\Program Files\CyberLink\Shared files\RichVideo64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TightVNC\tvnserver.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Users\LiquidPC\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files (x86)\Jump Desktop\JumpDesktop.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\LiquidPC\AppData\Local\Akamai\netsession_win.exe
C:\Users\LiquidPC\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
C:\Users\LiquidPC\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\TightVNC\tvnserver.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Adobe\Adobe Photoshop CS4 (64 Bit)\Photoshop.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Autodesk\3ds Max 2012\3dsmax.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\AutoCAD 2009\acad.exe
C:\Program Files\AutoCAD 2009\ad32lw.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Common Files\Autodesk Shared\ISYS8\ISYSbridge.exe
C:\Program Files\Common Files\Autodesk Shared\WSCommCntr1.exe
C:\Program Files\Common Files\Autodesk Shared\WSCommCntr3\lib\WSCommCntr3.exe
C:\Windows\explorer.exe
C:\Windows\notepad.exe
C:\Users\LiquidPC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\LiquidPC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\LiquidPC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\LiquidPC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\LiquidPC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Autodesk\Revit Architecture 2013\Program\Revit.exe
C:\Program Files (x86)\Common Files\Autodesk Shared\Revit Shared\LibWrapper30.exe
C:\Windows\system32\taskeng.exe
C:\Users\LiquidPC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\LiquidPC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\LiquidPC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\Notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.trovi.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=MA9C3226C-AA01-4378-8D9E-AC6688B5A29B&SearchSource=55&CUI=&UM=5&UP=SPA3C47ABE-26C8-4D41-92EA-4274B7267854&SSPV=SP215B_sp_ie
uWindow Title = Windows Internet Explorer disponibilizado por MSN and Bing
uProxyOverride = 127.0.0.1:9421;<local>;*.local
mWinlogon: Userinit = userinit.exe,C:\Users\LiquidPC\AppData\Local\iswnsgyq\qyoadgih.exe
BHO: PassShow: {26DAF52A-3157-01E3-88B1-1DE88DAE0CFD} - C:\Program Files (x86)\PassShow-soft\171.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
uRun: [Akamai NetSession Interface] "C:\Users\LiquidPC\AppData\Local\Akamai\netsession_win.exe"
uRun: [Jump Desktop] C:\Program Files (x86)\Jump Desktop\JumpDesktop.exe autorun
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
uRun: [Google Update] "C:\Users\LiquidPC\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [uTorrent] "C:\Users\LiquidPC\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
uRun: [QyoAdgih] C:\Users\LiquidPC\AppData\Local\iswnsgyq\qyoadgih.exe
uRun: [AdobeBridge] <no file>
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_Plugin.exe -update plugin
mRun: [tvncontrol] "C:\Program Files (x86)\TightVNC\tvnserver.exe" -controlservice -slave
mRun: [Driver Genius] <no file>
dRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
StartupFolder: C:\Users\LiquidPC\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\LiquidPC\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm
IE: E&xportar para o Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{B2FE8B09-7BEC-4A45-A6E9-4EEE865AFECA} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{B2FE8B09-7BEC-4A45-A6E9-4EEE865AFECA}\14E64627569616723702960586F6E656 : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{B2FE8B09-7BEC-4A45-A6E9-4EEE865AFECA}\65D4732333930363D22374 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{E16A77D7-5708-48E4-8BB6-9C234CE34F13} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{E16A77D7-5708-48E4-8BB6-9C234CE34F13} : DHCPNameServer = 192.168.1.1
AppInit_DLLs= C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
SSODL: WebCheck - <orphaned>
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,,C:\Users\LiquidPC\AppData\Local\iswnsgyq\qyoadgih.exe
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\LiquidPC\AppData\Roaming\Mozilla\Firefox\Profiles\hianj9xh.default\
FF - prefs.js: browser.search.selectedEngine - Trovi search
FF - prefs.js: browser.startup.homepage - hxxp://www.trovi.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=MA9C3226C-AA01-4378-8D9E-AC6688B5A29B&SearchSource=55&CUI=&UM=5&UP=SPA3C47ABE-26C8-4D41-92EA-4274B7267854&SSPV=SP215B_sp_ff
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Autodesk\Autodesk Design Review Browser Add-on v1.2\npADRdwf.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\LiquidPC\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.claro.tlbrSrchUrl - 
FF - user.js: extensions.claro.id - 3af8ab57000000000000485b39024fe8
FF - user.js: extensions.claro.appId - {C3110516-8EFC-49D6-8B72-69354F332062}
FF - user.js: extensions.claro.instlDay - 15684
FF - user.js: extensions.claro.vrsn - 1.8.3.10
FF - user.js: extensions.claro.vrsni - 1.8.3.10
FF - user.js: extensions.claro_i.vrsnTs - 1.8.3.1012:57:04
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - claro
FF - user.js: extensions.claro.instlRef - sst
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-3-9 283200]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2014-5-27 29792]
R1 klpd;klpd;C:\Windows\System32\drivers\klpd.sys [2013-4-12 15456]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2013-5-14 55904]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2014-5-27 178272]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [2014-5-27 214512]
R2 JumpDesktop;Jump Desktop Service;C:\Program Files (x86)\Jump Desktop\JumpService.exe [2011-12-21 7680]
R2 mi-raysat_3dsMax2009_64;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 64-bit 64-bit;C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe [2008-6-2 86016]
R2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-2-22 86016]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [2009-9-15 324928]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2012-12-10 390672]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-3-14 383264]
R2 tvnserver;TightVNC Server;C:\Program Files (x86)\TightVNC\tvnserver.exe [2010-7-8 815704]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-10-1 1432400]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2014-5-27 29280]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2014-5-27 29280]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2013-12-4 1488448]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-3-6 805088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 CltMngSvc;Search Protect Service;C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe [2014-5-23 2497856]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 [2014-6-14 26752]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [2012-9-5 234776]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-8-2 22528]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WSDScan;Suporte de Procura do WSD através de UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-14 25088]
S4 klflt;klflt;C:\Windows\System32\drivers\klflt.sys [2014-6-11 115296]
SUnknown tsusbhub;tsusbhub; [x]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"
ShellExec: PortraitProfessional.exe: open="C:\Program Files (x86)\Portrait Professional Studio 9\PortraitProfessionalStudio.exe" /P "%1"
.
=============== Created Last 30 ================
.
2014-06-14 08:26:09 -------- d-----w- C:\Program Files (x86)\Itibiti Soft Phone
2014-06-14 08:26:05 -------- d-----w- C:\Program Files (x86)\PassShow-soft
2014-06-14 08:25:55 -------- d-----w- C:\Program Files (x86)\Lavalys
2014-06-14 08:25:50 -------- d-----w- C:\Users\LiquidPC\AppData\Local\SearchProtect
2014-06-14 08:25:43 -------- d-----w- C:\Program Files (x86)\SearchProtect
2014-06-14 08:25:35 -------- d-----w- C:\Program Files (x86)\MyPC Backup
2014-06-11 19:05:44 110176 ----a-w- C:\Windows\System32\klfphc.dll
2014-06-11 19:05:37 -------- d-----w- C:\Windows\ELAMBKUP
2014-06-11 19:05:35 -------- d-----w- C:\ProgramData\Kaspersky Lab
2014-06-11 19:05:35 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2014-06-11 19:05:33 115296 ----a-w- C:\Windows\System32\drivers\klflt.sys
2014-06-08 09:58:30 -------- d-----w- C:\Users\LiquidPC\AppData\Local\KSafe
2014-06-08 09:57:04 -------- d-----w- C:\Users\LiquidPC\AppData\Roaming\kingsoft
2014-06-08 09:57:00 -------- d-----w- C:\ProgramData\Kingsoft
2014-06-08 09:56:58 -------- d-----w- C:\Program Files (x86)\Kingsoft
2014-06-07 16:49:30 -------- d-----w- C:\Program Files (x86)\GIGABYTE
2014-06-01 13:41:21 -------- d-----w- C:\Users\LiquidPC\AppData\Local\Adobe
2014-06-01 11:51:19 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-01 11:51:19 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-27 13:48:54 458336 ----a-w- C:\Windows\System32\drivers\kl1.sys
2014-05-27 13:48:54 29792 ----a-w- C:\Windows\System32\drivers\klim6.sys
2014-05-27 13:48:54 29280 ----a-w- C:\Windows\System32\drivers\klmouflt.sys
2014-05-27 13:48:54 29280 ----a-w- C:\Windows\System32\drivers\klkbdflt.sys
2014-05-27 13:48:54 178272 ----a-w- C:\Windows\System32\drivers\kneps.sys
2014-05-18 04:40:03 -------- d-----w- C:\ProgramData\Oracle
2014-05-18 04:39:37 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-05-18 04:38:54 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
.
==================== Find3M  ====================
.
.
============= FINISH: 15:40:48.33 ===============
 


BC AdBot (Login to Remove)

 


#2 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:07:37 AM

Posted 16 June 2014 - 01:05 PM

Hi rreis.gomes and Welcome to BleepingComputer!

I am currently looking though your logs and will advice you on what to do in my next reply.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#3 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:07:37 AM

Posted 16 June 2014 - 02:12 PM

Hello rreis.gomes

I'm Seedy21 and I will be helping you with your issues.

Please note the following information about the malware forum:

  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by me
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • Please reply within 48 hours, if you are going to be away for longer please let us know or the topic will be closed for been inactive
  • If you are using Cracked or Illegal software your thread will be closed
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close.

Step 1
 
We need to stop Deamon Tools from running.
 
Please download Defogger and save it to your Desktop.

  • Double click Defogger.exe to run the program.
    Note Windows Vista /7 should right click and Run As Administrator
  • Click on Disable and then Yes. The Scan may take a while to complete
  • When this has completed you will get a new window open with the Finished box, click Continue and Close Defogger Down

Step 2

 

  • Download Farbar Recovery Scan Tool x64 and save it to your Desktop.
    • Double-click the downloaded icon to run the tool.

      frsticon_zpsdc3cbdc3.png
    • When the tool opens click Yes to disclaimer.

      frstdis_zps7f598f12.png
    • Press Scan button.

      newfrst_zpsa63ffa3d.png
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.

Edited by seedy21, 16 June 2014 - 02:14 PM.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#4 rreis.gomes

rreis.gomes
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:08:37 AM

Posted 17 June 2014 - 01:08 PM

Hi,

 

Many thanks for your help

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-06-2014
Ran by LiquidPC at 2014-06-17 19:07:45
Running from C:\Users\LiquidPC\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Kaspersky Anti-Virus (Disabled - Out of date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky Anti-Virus (Disabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.31139 - BitTorrent Inc.)
3DMark06 (HKLM-x32\...\{7F3AD00A-1819-4B15-BB7D-08B3586336D7}) (Version: 1.2.0 - Futuremark Corporation)
Actualizações da NVIDIA 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
Add or Remove Adobe Creative Suite 3 Master Collection (HKLM-x32\...\Adobe_4dcfd9b7e901b57f81f667144603236) (Version: 1.0 - Adobe Systems Incorporated)
Adobe After Effects CS3 Presets (x32 Version: 8 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.1.0.5790 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.1.0.5790 - Adobe Systems Inc.) Hidden
Adobe Anchor Service CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Anchor Service CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS3 (x32 Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS4 (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge Start Meeting (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe BridgeTalk Plugin CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Camera Raw 4.0 (x32 Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Extra Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Recommended Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Extra Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Recommended Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color Video Profiles CS CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 3 Master Collection (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit 2 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit CS4 (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS3 (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Fonts All (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Help Viewer CS3 (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Illustrator CS3 (x32 Version: 13.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS3 (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS3 Icon Handler (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS3 (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 (x32 Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe MotionPicture Color Files (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Output Module (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (HKLM-x32\...\Adobe_faf656ef605427ee2f42989c3ad31b8) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop CS4 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 Support (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop Lightroom 3 64-bit (HKLM\...\{1387BA33-3FAC-49E9-B545-0E8D3BBC550B}) (Version: 3.0.2 - Adobe)
Adobe Premiere Pro CS3 (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CS3 Functional Content (x32 Version: 8 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CS3 Third Party Content (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.07) - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Search for Help (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Service Manager Extension (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Setup (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Setup (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe SING CS3 (x32 Version: 0.1 - Adobe Systems Incorporated) Hidden
Adobe Stock Photos CS3 (x32 Version: 1.5 - Adobe Systems Incorporated) Hidden
Adobe Type Support CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS3 (x32 Version: 5.1.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS4 (x32 Version: 6.0.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Client (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe WAS CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (x32 Version: 1.1 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden
Adobe XMP DVA Panels CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetCMYK (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetRGB (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
AHV content for Acrobat and Flash (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
All Video Fixer 8.9 (HKLM-x32\...\All Video Fixer_is1) (Version:  - New Live Software, Inc.)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{5E03A267-415E-5383-FA8F-3CE4145663B9}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.71219.1540 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Applian FLV and Media Player 3.1.1.12 (HKLM-x32\...\Applian FLV and Media Player) (Version: 3.1.1.12 - Applian Technologies)
ArchShaders for V-Ray vol.1 (HKLM-x32\...\ArchShaders for V-Ray vol.1_is1) (Version:  - )
AutoCAD 2009 - English (HKLM\...\AutoCAD 2009 - English) (Version: 17.2.56.0 - Autodesk)
AutoCAD 2009 - English (Version: 17.2.711.0 - Autodesk) Hidden
AutoCAD 2009 - English Version 4 (HKLM\...\AutoCAD 2009 - English Version 4) (Version: 1 - Autodesk)
Autodesk 3ds Max 2009 64-bit (HKLM\...\{EC2280DF-BBAF-0409-9359-BCCD15545FFB}) (Version: 11.5.2.324 - Autodesk)
Autodesk 3ds Max 2009 64-bit Additional Maps and Material Libraries (HKLM\...\{CD853BA5-AA85-0409-85DC-A805D779DCA8}) (Version: 11.0 - Autodesk)
Autodesk 3ds Max 2009 64-bit Architectural Materials Library (HKLM\...\{155AB5E8-9913-0409-A7E7-D076DDE2AA6C}) (Version: 11.0 - Autodesk)
Autodesk 3ds Max 2009 64-bit Movies (HKLM\...\{7A1FD936-C444-0409-92D2-043B1F4ED886}) (Version: 11.0 - Autodesk)
Autodesk 3ds Max 2009 64-bit ProMaterials™ Library (HKLM\...\{5BD1364B-58D6-0409-8633-9B8E8D0AD52F}) (Version: 11.0 - Autodesk)
Autodesk 3ds Max 2009 64-bit Vault 2008 Plug-In (HKLM\...\{B7D0751A-3F16-0409-9F9B-FF3DC390F139}) (Version: 11.0 - Autodesk)
Autodesk 3ds Max 2009 64-bit Vault 2009 Plug-In (HKLM\...\{FA3E35E2-F088-0409-A563-C96430FF73F6}) (Version: 11.0 - Autodesk)
Autodesk 3ds Max 2012 64-bit - English - Product Update 12 (HKLM-x32\...\Autodesk 3ds Max 2012 64-bit - English SP9) (Version: 14.12.508.0 - Autodesk)
Autodesk 3ds Max 2012 64-bit - English (HKLM\...\Autodesk 3ds Max 2012 64-bit - English) (Version: 14.12.508.0 - Autodesk)
Autodesk 3ds Max 2012 64-bit - English (Version: 14.12.508.0 - Autodesk) Hidden
Autodesk 3ds Max 2012 64-bit - English SP2 (x32 Version: 14.12.508.0 - Autodesk) Hidden
Autodesk Backburner 2012.0.0 (HKLM-x32\...\{3D347E6D-5A03-4342-B5BA-6A771885F379}) (Version: 2012.0.0 - Autodesk, Inc.)
Autodesk Design Review 2012 (HKLM-x32\...\Autodesk Design Review 2012) (Version: 12.0.0.98 - Autodesk, Inc.)
Autodesk Design Review 2012 (x32 Version: 12.0.0.98 - Autodesk, Inc.) Hidden
Autodesk Design Review Browser Add-on v1.2  (HKLM-x32\...\{CD49E43B-88B1-48AD-A3AF-43FAAAB41CB8}) (Version: 1.2.0 - Autodesk)
Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 64-bit (HKLM\...\Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 64-bit) (Version:  - Autodesk)
Autodesk Material Library 2012 (HKLM-x32\...\{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}) (Version: 2.5.0.8 - Autodesk)
Autodesk Material Library 2013 (HKLM-x32\...\{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}) (Version: 3.0.13 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2012 (HKLM-x32\...\{65420DC9-306E-4371-905F-F4DC3B418E52}) (Version: 2.5.0.8 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2013 (HKLM-x32\...\{606E12B9-641F-4644-A22A-FF38AE980AFD}) (Version: 3.0.13 - Autodesk)
Autodesk Material Library Low Resolution Image Library 2012 (HKLM-x32\...\{24FF088D-CDCF-480C-8A4B-98F14A54CAA8}) (Version: 2.5.0.8 - Autodesk)
Autodesk Material Library Low Resolution Image Library 2013 (HKLM-x32\...\{27C6C0A2-2EC9-4FEA-BE2B-659EAAC2C68C}) (Version: 3.0.13 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2012 (HKLM-x32\...\{B5751715-EC10-43D9-8C95-62E1368433EF}) (Version: 2.5.0.8 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2013 (HKLM-x32\...\{58760EEC-8B6A-43F4-81AA-696E381DFADD}) (Version: 3.0.13 - Autodesk)
Autodesk Revit Architecture 2013 (HKLM\...\Autodesk Revit Architecture 2013) (Version: 12.02.21203 - Autodesk)
Bentley DGN IFilter (HKLM\...\{2E873893-A883-4C06-8308-7B491D58F3D6}) (Version: 1.0.1.11 - Bentley Systems, Incorporated)
Bentley DGN Preview Handler (HKLM-x32\...\{264B522D-1B7F-4AAF-A32B-55A6BF5679F2}) (Version: 8.11.8004 - Bentley Systems, Incorporated)
Bentley DGN Thumbnail Provider (HKLM\...\{74A8C1AF-75E5-4653-95AF-222725B7D877}) (Version: 8.11.7.410 - Bentley Systems, Incorporated)
Bentley V8i (SELECTseries 3) - Autodesk® RealDWG™ 2012 (HKLM-x32\...\{23D46254-9D4C-446C-900A-F53AF1D12A90}) (Version: 8.11.9.292 - Bentley Systems, Incorporated)
Bluerock Technologies Flight Studio 3ds Max 2009 64-bit (HKLM\...\{3605AC81-55E5-0409-BB41-0407FB67C639}) (Version: 11.0 - Autodesk)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.64.1073 - AB Team, d.o.o.)
BS.Player PRO (HKLM-x32\...\BSPlayerp) (Version: 2.63.1071 - AB Team, d.o.o.)
Bullzip PDF Printer 7.2.0.1338 (HKLM\...\Bullzip PDF Printer_is1) (Version: 7.2.0.1338 - Bullzip)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon MP Navigator EX 3.0 (HKLM-x32\...\MP Navigator EX 3.0) (Version:  - )
Canon MP640 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series) (Version:  - )
Canon MX430 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX430_series) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.1219.1521.27485 - Nome de sua empresa:) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Combined Community Codec Pack 2013-04-20 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2013.04.20.0 - CCCP Project)
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
CPUID CPU-Z 1.67.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CyberLink PowerDirector 11 (HKLM-x32\...\InstallShield_{551F492A-01B0-4DC4-866F-875EC4EDC0A8}) (Version: 11.0.0.2321 - CyberLink Corp.)
CyberLink PowerDirector 11 (Version: 11.0.0.2321 - CyberLink Corp.) Hidden
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.2.0.0348 - DT Soft Ltd)
Daniusoft Video Converter Ultimate(Build 3.1.1.0) (HKLM-x32\...\Daniusoft Video Converter Ultimate_is1) (Version:  - Daniusoft Software)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0002 - Microsoft Corporation)
DiskAid 5.09 (HKLM-x32\...\DiskAid_is1) (Version: 5.09 - DigiDNA)
Dream Video Converter Ultimate 4.3.8 (HKLM-x32\...\{66712EEE-ECBC-4CA6-solid-mp4-video-converter-converter}_is1) (Version:  - TopVideoSoft,Inc.)
Driver Genius (HKLM-x32\...\Driver Genius_is1) (Version: 12.0 - Driver-Soft Inc.)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
DWG TrueView 2012 (HKLM\...\DWG TrueView 2012) (Version: 18.2.51.0 - Autodesk)
DWG TrueView 2012 (Version: 18.2.51.0 - Autodesk) Hidden
EaseUS Data Recovery Wizard 7.5 (HKLM-x32\...\EaseUS Data Recovery Wizard 7.5_is1) (Version:  - EaseUS)
EVEREST Ultimate Edition v5.50 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 5.50 - Lavalys, Inc.)
FARO LS 1.1.406.58 (HKLM-x32\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
FARO LS 1.1.408.2 (HKLM-x32\...\{91221AAC-F2A0-4028-8016-C7DAF63CB6CC}) (Version: 4.8.2.25521 - FARO Scanner Production)
FARO LS 4.8.2.25521 (HKLM-x32\...\FARO LS_is1) (Version:  - FARO Technologies)
FastPictureViewer Codec Pack 2.1R2 (HKLM-x32\...\{F6A12E1E-30D6-404A-8381-56A896E44FA7}) (Version: 2.1.0.4 - Axel Rietschin Software Developments)
FBX Plugin 2009.0 for Max 2009 64 (HKLM\...\FBX Plugin 2009.0 for Max 2009 64) (Version:  - )
Freemake Video Converter versão 3.2.1 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 3.2.1 - Ellora Assets Corporation)
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 3.21.2.1 - Futuremark Corporation)
Geeks3D.com FurMark 1.9.2 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D.com)
Google Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
HDR Preview (HKLM\...\{9F7815C9-A323-4215-905C-73137D21BCC0}) (Version: 1.0.0.2 - Bentley Systems, Incorporated)
honestech Easy Video Editor (HKLM-x32\...\{37B9DFD1-EC6F-4040-9AEF-DD275BB95952}) (Version: 3.0 Trial - honestech)
iCloud (HKLM\...\{CE97E4D3-9F91-4D72-8A29-ED9EA90E5A15}) (Version: 2.1.3.25 - Apple Inc.)
i-model ODBC Driver for Windows 7 (HKLM-x32\...\{775616F7-2D4C-4D73-8773-A66C0BCECB38}) (Version: 01.00.00020 - Bentley Systems, Incorporated)
i-model ODBC Driver for Windows 7 (x64) (HKLM\...\{454AD0FD-21D2-4E73-99E9-A40CAC75A636}) (Version: 01.00.00020 - Bentley Systems, Incorporated)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416031FF}) (Version: 6.0.310 - Oracle)
Java™ 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.65.11 - JMicron Technology Corp.)
Jump Desktop (HKLM-x32\...\{641410DD-5F16-4DEA-83C9-36D2D290FC18}) (Version: 3.2.0 - Phase Five Systems)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
KNCTR (HKLM-x32\...\Itibiti_is1) (Version:  - Itibiti Inc.)
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Marvelous Designer 2 (HKLM-x32\...\Marvelous Designer 2) (Version:  - CLO Virtual Fashion Inc.)
Marvelous Designer 3 Personal (HKLM-x32\...\Marvelous Designer 3 Personal) (Version:  - CLO Virtual Fashion Inc.)
McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 3.0.285.6 - McAfee, Inc.)
Media Buzz (HKLM-x32\...\MediaBuzzV1mode5509) (Version: 1.1 - Media Buzz) <==== ATTENTION
Media Watch (HKLM-x32\...\MediaWatchV1home9227) (Version: 1.1 - Media Watch) <==== ATTENTION
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (Portuguese (Portugal)) 2007 (x32 Version: 12.0.4518.1029 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Portuguese (Portugal)) 2007 (x32 Version: 12.0.4518.1029 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (Portuguese (Portugal)) 2007 (x32 Version: 12.0.4518.1029 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Portuguese (Portugal)) 2007 (x32 Version: 12.0.4518.1029 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Portuguese (Portugal)) 2007 (x32 Version: 12.0.4518.1029 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Portuguese (Portugal)) 2007 (x32 Version: 12.0.4518.1029 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2007 (x32 Version: 12.0.4518.1029 - Microsoft Corporation) Hidden
Microsoft Office Project MUI (Portuguese (Portugal)) 2007 (x32 Version: 12.0.4518.1029 - Microsoft Corporation) Hidden
Microsoft Office Project Professional 2007 (HKLM-x32\...\PRJPRO) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Project Professional 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Portuguese (Portugal)) 2007 (x32 Version: 12.0.4518.1029 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Portuguese (Portugal)) 2007 (x32 Version: 12.0.4518.1029 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Portuguese (Portugal)) 2007 (x32 Version: 12.0.4518.1029 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (Portuguese (Portugal)) 2007 (Version: 12.0.4518.1029 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Portuguese (Portugal)) 2007 (x32 Version: 12.0.4518.1029 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Portuguese (Portugal)) 2007 (x32 Version: 12.0.4518.1029 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 x64 ATL Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 x64 CRT Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 x64 MFC Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 x64 OpenMP Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140) (HKLM-x32\...\{90A80D89-A0E4-33C1-B13D-B93CB3496867}.KB945140) (Version: 1 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MicroStation V8i (SELECTseries 3) 08.11.09.292 (HKLM-x32\...\{3E580885-4EF5-40EA-B2E9-7645CA1A0D73}) (Version: 08.11.09.292 - Bentley Systems, Incorporated)
Mozilla Firefox 29.0.1 (x86 pt-PT) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 pt-PT)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mp3Gain PRO (HKLM-x32\...\Mp3Gain PRO_is1) (Version: 1.02 - Pro-Software.)
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.2.11000.12.100 - Nero AG)
Nero Burning ROM 10 (HKLM-x32\...\{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}) (Version: 10.5.10300 - Nero AG)
Nero Control Center 10 (x32 Version: 10.2.10600.0.6 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.17400.8.2 - Nero AG) Hidden
Newblue Art Effects for PowerDirector (HKLM\...\NewBlue Art Effects for PowerDirector) (Version: 2.0 - NewBlue)
Nitro PDF Professional (HKLM\...\{634A0A5C-9B34-11DE-87AE-C7A555D89593}) (Version: 6.0.1.8 - Nitro PDF Software)
NVIDIA 3D Vision Controller Driver (x32 Version: 275.33 - NVIDIA Corporation) Hidden
NVIDIA Controlador 3D Vision 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.22 - NVIDIA Corporation)
NVIDIA Controlador gráfico 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.22 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.115.743 - NVIDIA Corporation) Hidden
NVIDIA nView Desktop Manager (Version: 6.14.10.13585 - NVIDIA Corporation) Hidden
NVIDIA O controlador de 3D Vision 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 314.22 - NVIDIA Corporation)
NVIDIA O controlador de HD Audio 1.3.23.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.23.1 - NVIDIA Corporation)
NVIDIA O software do sistema PhysX 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA O software nView 136.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.53 - NVIDIA Corporation)
NVIDIA Performance Driver for Autodesk 3ds Max 2009 64-bit (enu) (HKLM\...\NVIDIA Performance Driver for Autodesk 3ds Max 2009 64-bit (enu)) (Version: 3dsmaxpd: 11.0.8.0  - NVIDIA Corporation)
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1422 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.12.12 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Painel de controlo da NVIDIA 314.22 (Version: 314.22 - NVIDIA Corporation) Hidden
PassShow (HKLM-x32\...\0AADCD53-E02F-9B5A-5431-BAACC6D75585) (Version:  - PassShow-software) <==== ATTENTION
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Photomatix Pro version 4.1.3 (HKLM\...\PhotomatixPro41x64_is1) (Version: 4.1.3 - HDRsoft Sarl)
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden
Portrait Professional Studio 9.0 (HKLM-x32\...\Portrait Professional Studio 9_is1) (Version: 9.0 - Anthropics Technology Ltd.)
PowerDirector (Version: 11.0 - Nome da empresa:) Hidden
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.5.12.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6650 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6809 - Realtek Semiconductor Corp.)
Registro do usuário Canon MP640 series (HKLM-x32\...\Registro do usuário Canon MP640 series) (Version:  - )
Registro do usuário Canon MX430 series (HKLM-x32\...\Registro do usuário Canon MX430 series) (Version:  - )
Revit Architecture 2013 (Version: 12.02.21203 - Autodesk) Hidden
Revit Architecture 2013 Language Pack - English (Version: 12.02.21203 - Autodesk) Hidden
Rich Media View (HKLM-x32\...\RichMediaViewV1release680) (Version: 1.1 - Rich Media View) <==== ATTENTION
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.13.3.38 - Client Connect LTD) <==== ATTENTION
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.8 - SmartSound Software Inc.) Hidden
Software Version Updater (HKLM-x32\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version: 1.1.3.6 - ) <==== ATTENTION
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
TightVNC 2.0.2 (HKLM-x32\...\TightVNC) (Version: 2.0.2 - GlavSoft LLC.)
Topaz Adjust 5 (64-bit) (HKLM-x32\...\Topaz Adjust 5 (64-bit)) (Version: 5.0.0 - Topaz Labs)
Topaz Adjust 5 (HKLM-x32\...\Topaz Adjust 5) (Version: 5.0.0 - Topaz Labs)
Topaz B&W Effects (64-bit) (HKLM-x32\...\Topaz B&W Effects (64-bit)) (Version: 1.1.0 - Topaz Labs)
Topaz B&W Effects (HKLM-x32\...\Topaz B&W Effects) (Version: 1.1.0 - Topaz Labs)
Topaz Clean 3 (64-bit) (HKLM-x32\...\Topaz Clean 3 (64-bit)) (Version: 3.0.2 - Topaz Labs)
Topaz Clean 3 (HKLM-x32\...\Topaz Clean 3) (Version: 3.0.2 - Topaz Labs)
Topaz DeJpeg 4 (64-bit) (HKLM-x32\...\Topaz DeJpeg 4 (64-bit)) (Version: 4.0.2 - Topaz Labs)
Topaz DeJpeg 4 (HKLM-x32\...\Topaz DeJpeg 4) (Version: 4.0.2 - Topaz Labs)
Topaz DeNoise 5 (64-bit) (HKLM-x32\...\Topaz DeNoise 5 (64-bit)) (Version: 5.0.1 - Topaz Labs)
Topaz DeNoise 5 (HKLM-x32\...\Topaz DeNoise 5) (Version: 5.0.1 - Topaz Labs)
Topaz Detail 2 (64-bit) (HKLM-x32\...\Topaz Detail 2 (64-bit)) (Version: 2.0.5 - Topaz Labs)
Topaz Detail 2 (HKLM-x32\...\Topaz Detail 2) (Version: 2.0.5 - Topaz Labs)
Topaz Fusion Express 2 (64-bit) (HKLM-x32\...\Topaz Fusion Express 2 (64-bit)) (Version: 2.1.1 - Topaz Labs)
Topaz Fusion Express 2 (HKLM-x32\...\Topaz Fusion Express 2) (Version: 2.1.1 - Topaz Labs)
Topaz InFocus (64-bit) (HKLM-x32\...\Topaz InFocus (64-bit)) (Version: 1.0.0 - Topaz Labs)
Topaz InFocus (64-bit) (Version: 1.0.0 - Topaz Labs) Hidden
Topaz InFocus (HKLM-x32\...\Topaz InFocus) (Version: 1.0.0 - Topaz Labs)
Topaz InFocus (x32 Version: 1.0.0 - Topaz Labs) Hidden
Topaz Lens Effects (64-bit) (HKLM-x32\...\Topaz Lens Effects (64-bit)) (Version: 1.2.0 - Topaz Labs)
Topaz Lens Effects (HKLM-x32\...\Topaz Lens Effects) (Version: 1.2.0 - Topaz Labs)
Topaz ReMask 3 (64-bit) (HKLM-x32\...\Topaz ReMask 3 (64-bit)) (Version: 3.2.1 - Topaz Labs)
Topaz ReMask 3 (HKLM-x32\...\Topaz ReMask 3) (Version: 3.2.1 - Topaz Labs)
Topaz Simplify 3 (64-bit) (HKLM-x32\...\Topaz Simplify 3 (64-bit)) (Version: 3.0.2 - Topaz Labs)
Topaz Simplify 3 (HKLM-x32\...\Topaz Simplify 3) (Version: 3.0.2 - Topaz Labs)
Turbo Squid Tentacles 3ds Max 2009 64-bit (HKLM\...\{29421E62-F88F-45F1-8686-8EAE6748AE59}) (Version: 3.2.0 - Turbo Squid)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
VBA (2627.01) (x32 Version: 6.03.00.9402 - Microsoft Corporation) Hidden
Video Editor (HKLM-x32\...\{739226B3-1B80-4F9F-8D19-312A19633E1A}_is1) (Version:  - )
Visual Basic for Applications ® Core - English (x32 Version: 6.5.10.32 - Microsoft Corporation) Hidden
Visual Basic for Applications ® Core (x32 Version: 6.5.10.32 - Microsoft Corporation) Hidden
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visualization Content (HKLM-x32\...\{A12C2FC2-6122-4107-A6AE-677339873A24}) (Version: 8.11.9.292 - Bentley Systems, Incorporated)
V-Ray for 3dsmax 2009 for x64 (HKLM\...\V-Ray for 3dsmax 2009 for x64) (Version: 1.50.SP2 - Chaos Group Ltd)
V-Ray for 3dsmax 2012 for x64 (HKLM\...\V-Ray for 3dsmax 2012 for x64) (Version: 2.40.03 - Chaos Software Ltd)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
Zero Assumption Recovery Version 9 (HKLM-x32\...\Zero Assumption Recovery_is1) (Version:  - )
 
==================== Restore Points  =========================
 
14-06-2014 20:56:24 Removed VOB2MPG v3
15-06-2014 21:19:34 Restore Operation
 
==================== Hosts content: ==========================
 
2009-07-14 03:34 - 2011-10-01 09:39 - 00001306 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
 
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {17350C59-0E90-4BC8-9478-A7721C36B022} - System32\Tasks\BitGuard => Sc.exe start BitGuard <==== ATTENTION
Task: {1E2BFDD5-7548-4FA1-B0EF-07B34569729C} - System32\Tasks\PassShow Update => C:\Program Files (x86)\PassShow-soft\PassShown90.exe [2014-06-14] () <==== ATTENTION
Task: {2C6D26C0-EB1F-4E45-AE4C-581BED58D290} - System32\Tasks\{DB1FC0F7-5092-4B7E-B15A-A860BA6732A7} => Firefox.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.6.59.110&amp;LastError=-9
Task: {39203A8A-DA03-4416-AA8B-B49E4A411238} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-01] (Adobe Systems Incorporated)
Task: {424F0064-E298-49BC-AC77-04063B98D33A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-29] (Google Inc.)
Task: {58837932-9CED-4C4A-ADFD-9433559398FE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-29] (Google Inc.)
Task: {72C49D8B-B56E-49A9-9992-ABAD20534C24} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {86730F1D-588B-4A31-97F8-E990284FDC2B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3497392821-1682579423-1492870458-1000UA => C:\Users\LiquidPC\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-17] (Google Inc.)
Task: {A54E0B4C-A32B-4837-8309-77E2D1B21E7E} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION
Task: {D28B5775-5216-45DF-878E-6B8E9EE3351A} - System32\Tasks\AmiUpdXp => C:\Users\LiquidPC\AppData\Local\SwvUpdater\Updater.exe [2013-12-04] (Amonetizé Ltd) <==== ATTENTION
Task: {E34BE0C2-3BE2-4A20-9CD5-1C11262518B8} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION
Task: {E85F3303-A80C-42B0-AF26-6F82E259C359} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {EB651814-E91F-4C91-ACBC-8E5ED9831687} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3497392821-1682579423-1492870458-1000Core => C:\Users\LiquidPC\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-17] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\LiquidPC\AppData\Local\SwvUpdater\Updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3497392821-1682579423-1492870458-1000Core.job => C:\Users\LiquidPC\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3497392821-1682579423-1492870458-1000UA.job => C:\Users\LiquidPC\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PassShow Update.job => C:\Program Files (x86)\PassShow-soft\PassShown90.exe <==== ATTENTION
 
==================== Loaded Modules (whitelisted) =============
 
2013-12-04 20:50 - 2013-11-18 15:32 - 01958880 _____ () C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\loader.dll
2012-05-15 11:29 - 2013-03-15 05:16 - 00086304 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2008-06-02 11:09 - 2008-06-02 11:09 - 00086016 _____ () C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe
2011-02-22 22:52 - 2011-02-22 22:52 - 00086016 _____ () C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
2012-12-10 20:16 - 2012-09-12 00:14 - 00390672 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2010-04-01 17:10 - 2010-04-01 17:10 - 02803200 _____ () C:\Program Files\Common Files\Autodesk Shared\Adlm\R4\QtCoreAdlm4.dll
2010-04-01 17:28 - 2010-04-01 17:28 - 10493440 _____ () C:\Program Files\Common Files\Autodesk Shared\Adlm\R4\QtGuiAdlm4.dll
2010-04-01 17:12 - 2010-04-01 17:12 - 00915456 _____ () C:\Program Files\Common Files\Autodesk Shared\Adlm\R4\QtNetworkAdlm4.dll
2010-04-01 17:10 - 2010-04-01 17:10 - 00457216 _____ () C:\Program Files\Common Files\Autodesk Shared\Adlm\R4\QtXmlAdlm4.dll
2011-04-12 18:31 - 2011-04-12 18:31 - 02803200 _____ () C:\Program Files\Common Files\Autodesk Shared\Adlm\R5\QtCoreAdlm4.dll
2011-04-12 18:40 - 2011-04-12 18:40 - 09992704 _____ () C:\Program Files\Common Files\Autodesk Shared\Adlm\R5\QtGuiAdlm4.dll
2011-04-12 18:32 - 2011-04-12 18:32 - 01004032 _____ () C:\Program Files\Common Files\Autodesk Shared\Adlm\R5\QtNetworkAdlm4.dll
2011-04-12 18:31 - 2011-04-12 18:31 - 00423936 _____ () C:\Program Files\Common Files\Autodesk Shared\Adlm\R5\QtXmlAdlm4.dll
2014-06-17 19:05 - 2014-06-17 19:05 - 00050477 _____ () C:\Users\LiquidPC\Desktop\Defogger.exe
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2011-12-21 15:50 - 2011-12-21 15:50 - 02113608 _____ () C:\Program Files (x86)\Jump Desktop\JumpNetwork.dll
2014-06-17 19:04 - 2014-06-17 19:04 - 00043008 _____ () c:\users\liquidpc\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpptjc66.dll
2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\LiquidPC\AppData\Roaming\Dropbox\bin\libcef.dll
2014-06-13 13:31 - 2014-06-05 14:58 - 00716616 _____ () C:\Users\LiquidPC\AppData\Local\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-13 13:31 - 2014-06-05 14:58 - 00126280 _____ () C:\Users\LiquidPC\AppData\Local\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-06-13 13:31 - 2014-06-05 14:58 - 04217672 _____ () C:\Users\LiquidPC\AppData\Local\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-13 13:31 - 2014-06-05 14:58 - 00414536 _____ () C:\Users\LiquidPC\AppData\Local\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-13 13:31 - 2014-06-05 14:58 - 01732424 _____ () C:\Users\LiquidPC\AppData\Local\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\Windows:AstInfo
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== EXE Association (whitelisted) =============
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
MSCONFIG\startupfolder: C:^Users^LiquidPC^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: DAEMON Tools Pro Agent => "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
MSCONFIG\startupreg: Google Update => "C:\Users\LiquidPC\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: IJNetworkScanUtility => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SearchProtection => "C:\Users\LiquidPC\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/17/2014 07:04:35 PM) (Source: System Restore) (EventID: 8209) (User: )
Description: System Restore did not run because the system was restarted, lost power, or stopped responding. Additional information: (Removed VOB2MPG v3).
 
Error: (06/17/2014 07:04:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/15/2014 10:24:04 PM) (Source: System Restore) (EventID: 8209) (User: )
Description: System Restore did not run because the system was restarted, lost power, or stopped responding. Additional information: (Removed VOB2MPG v3).
 
Error: (06/15/2014 10:23:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/15/2014 10:21:35 PM) (Source: System Restore) (EventID: 8209) (User: )
Description: System Restore did not run because the system was restarted, lost power, or stopped responding. Additional information: (Removed VOB2MPG v3).
 
Error: (06/15/2014 10:21:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/15/2014 10:12:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/15/2014 10:06:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/15/2014 10:04:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/15/2014 10:02:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (06/17/2014 07:06:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
%%1069
 
Error: (06/17/2014 07:06:24 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 
%%1330
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (06/17/2014 07:04:42 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Serviço de Escuta do Grupo Doméstico service terminated with service-specific error %%-2147023143.
 
Error: (06/15/2014 10:24:12 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Serviço de Escuta do Grupo Doméstico service terminated with service-specific error %%-2147023143.
 
Error: (06/15/2014 10:21:43 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Serviço de Escuta do Grupo Doméstico service terminated with service-specific error %%-2147023143.
 
Error: (06/15/2014 10:14:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
%%1069
 
Error: (06/15/2014 10:14:45 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 
%%1330
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (06/15/2014 10:13:04 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Serviço de Escuta do Grupo Doméstico service terminated with service-specific error %%-2147023143.
 
Error: (06/15/2014 10:12:40 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 22:11:50 on ‎15-‎06-‎2014 was unexpected.
 
Error: (06/15/2014 10:08:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
%%1069
 
 
Microsoft Office Sessions:
=========================
Error: (05/21/2014 09:44:19 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 540 seconds with 540 seconds of active time.  This session ended with a crash.
 
Error: (04/29/2014 02:43:06 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1003 seconds with 840 seconds of active time.  This session ended with a crash.
 
Error: (04/11/2014 11:49:59 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 40 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (04/11/2014 11:49:10 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4995 seconds with 1680 seconds of active time.  This session ended with a crash.
 
Error: (04/08/2014 00:16:31 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 454 seconds with 360 seconds of active time.  This session ended with a crash.
 
Error: (04/08/2014 00:08:29 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 348 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error: (04/08/2014 00:09:53 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1821 seconds with 1440 seconds of active time.  This session ended with a crash.
 
Error: (04/07/2014 11:22:58 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 34 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (04/07/2014 05:28:23 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 5634 seconds with 3000 seconds of active time.  This session ended with a crash.
 
Error: (04/07/2014 03:54:22 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3042 seconds with 1260 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 27%
Total physical RAM: 8183.12 MB
Available physical RAM: 5927.16 MB
Total Pagefile: 16364.43 MB
Available Pagefile: 13446.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.69 GB) (Free:11.34 GB) NTFS
Drive d: (Backup 1) (Fixed) (Total:931.51 GB) (Free:58.28 GB) NTFS
Drive f: (BIBLIOTECA) (Fixed) (Total:149.04 GB) (Free:55.55 GB) exFAT
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 11039231)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=112 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: 1186743A)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 149 GB) (Disk ID: 5B6AC646)
Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

Edited by rreis.gomes, 17 June 2014 - 01:08 PM.


#5 rreis.gomes

rreis.gomes
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:08:37 AM

Posted 17 June 2014 - 01:09 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-06-2014
Ran by LiquidPC at 2014-06-17 19:07:45
Running from C:\Users\LiquidPC\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Kaspersky Anti-Virus (Disabled - Out of date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky Anti-Virus (Disabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.31139 - BitTorrent Inc.)
3DMark06 (HKLM-x32\...\{7F3AD00A-1819-4B15-BB7D-08B3586336D7}) (Version: 1.2.0 - Futuremark Corporation)
Actualizações da NVIDIA 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
Add or Remove Adobe Creative Suite 3 Master Collection (HKLM-x32\...\Adobe_4dcfd9b7e901b57f81f667144603236) (Version: 1.0 - Adobe Systems Incorporated)
Adobe After Effects CS3 Presets (x32 Version: 8 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.1.0.5790 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.1.0.5790 - Adobe Systems Inc.) Hidden
Adobe Anchor Service CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Anchor Service CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS3 (x32 Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS4 (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge Start Meeting (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe BridgeTalk Plugin CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Camera Raw 4.0 (x32 Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Extra Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Recommended Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Extra Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Recommended Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color Video Profiles CS CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 3 Master Collection (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit 2 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit CS4 (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS3 (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Fonts All (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Help Viewer CS3 (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Illustrator CS3 (x32 Version: 13.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS3 (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS3 Icon Handler (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS3 (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 (x32 Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe MotionPicture Color Files (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Output Module (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (HKLM-x32\...\Adobe_faf656ef605427ee2f42989c3ad31b8) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop CS4 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 Support (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop Lightroom 3 64-bit (HKLM\...\{1387BA33-3FAC-49E9-B545-0E8D3BBC550B}) (Version: 3.0.2 - Adobe)
Adobe Premiere Pro CS3 (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CS3 Functional Content (x32 Version: 8 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CS3 Third Party Content (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.07) - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Search for Help (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Service Manager Extension (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Setup (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Setup (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe SING CS3 (x32 Version: 0.1 - Adobe Systems Incorporated) Hidden
Adobe Stock Photos CS3 (x32 Version: 1.5 - Adobe Systems Incorporated) Hidden
Adobe Type Support CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS3 (x32 Version: 5.1.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS4 (x32 Version: 6.0.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Client (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe WAS CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (x32 Version: 1.1 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden
Adobe XMP DVA Panels CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetCMYK (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetRGB (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
AHV content for Acrobat and Flash (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
All Video Fixer 8.9 (HKLM-x32\...\All Video Fixer_is1) (Version:  - New Live Software, Inc.)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{5E03A267-415E-5383-FA8F-3CE4145663B9}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.71219.1540 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Applian FLV and Media Player 3.1.1.12 (HKLM-x32\...\Applian FLV and Media Player) (Version: 3.1.1.12 - Applian Technologies)
ArchShaders for V-Ray vol.1 (HKLM-x32\...\ArchShaders for V-Ray vol.1_is1) (Version:  - )
AutoCAD 2009 - English (HKLM\...\AutoCAD 2009 - English) (Version: 17.2.56.0 - Autodesk)
AutoCAD 2009 - English (Version: 17.2.711.0 - Autodesk) Hidden
AutoCAD 2009 - English Version 4 (HKLM\...\AutoCAD 2009 - English Version 4) (Version: 1 - Autodesk)
Autodesk 3ds Max 2009 64-bit (HKLM\...\{EC2280DF-BBAF-0409-9359-BCCD15545FFB}) (Version: 11.5.2.324 - Autodesk)
Autodesk 3ds Max 2009 64-bit Additional Maps and Material Libraries (HKLM\...\{CD853BA5-AA85-0409-85DC-A805D779DCA8}) (Version: 11.0 - Autodesk)
Autodesk 3ds Max 2009 64-bit Architectural Materials Library (HKLM\...\{155AB5E8-9913-0409-A7E7-D076DDE2AA6C}) (Version: 11.0 - Autodesk)
Autodesk 3ds Max 2009 64-bit Movies (HKLM\...\{7A1FD936-C444-0409-92D2-043B1F4ED886}) (Version: 11.0 - Autodesk)
Autodesk 3ds Max 2009 64-bit ProMaterials™ Library (HKLM\...\{5BD1364B-58D6-0409-8633-9B8E8D0AD52F}) (Version: 11.0 - Autodesk)
Autodesk 3ds Max 2009 64-bit Vault 2008 Plug-In (HKLM\...\{B7D0751A-3F16-0409-9F9B-FF3DC390F139}) (Version: 11.0 - Autodesk)
Autodesk 3ds Max 2009 64-bit Vault 2009 Plug-In (HKLM\...\{FA3E35E2-F088-0409-A563-C96430FF73F6}) (Version: 11.0 - Autodesk)
Autodesk 3ds Max 2012 64-bit - English - Product Update 12 (HKLM-x32\...\Autodesk 3ds Max 2012 64-bit - English SP9) (Version: 14.12.508.0 - Autodesk)
Autodesk 3ds Max 2012 64-bit - English (HKLM\...\Autodesk 3ds Max 2012 64-bit - English) (Version: 14.12.508.0 - Autodesk)
Autodesk 3ds Max 2012 64-bit - English (Version: 14.12.508.0 - Autodesk) Hidden
Autodesk 3ds Max 2012 64-bit - English SP2 (x32 Version: 14.12.508.0 - Autodesk) Hidden
Autodesk Backburner 2012.0.0 (HKLM-x32\...\{3D347E6D-5A03-4342-B5BA-6A771885F379}) (Version: 2012.0.0 - Autodesk, Inc.)
Autodesk Design Review 2012 (HKLM-x32\...\Autodesk Design Review 2012) (Version: 12.0.0.98 - Autodesk, Inc.)
Autodesk Design Review 2012 (x32 Version: 12.0.0.98 - Autodesk, Inc.) Hidden
Autodesk Design Review Browser Add-on v1.2  (HKLM-x32\...\{CD49E43B-88B1-48AD-A3AF-43FAAAB41CB8}) (Version: 1.2.0 - Autodesk)
Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 64-bit (HKLM\...\Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 64-bit) (Version:  - Autodesk)
Autodesk Material Library 2012 (HKLM-x32\...\{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}) (Version: 2.5.0.8 - Autodesk)
Autodesk Material Library 2013 (HKLM-x32\...\{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}) (Version: 3.0.13 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2012 (HKLM-x32\...\{65420DC9-306E-4371-905F-F4DC3B418E52}) (Version: 2.5.0.8 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2013 (HKLM-x32\...\{606E12B9-641F-4644-A22A-FF38AE980AFD}) (Version: 3.0.13 - Autodesk)
Autodesk Material Library Low Resolution Image Library 2012 (HKLM-x32\...\{24FF088D-CDCF-480C-8A4B-98F14A54CAA8}) (Version: 2.5.0.8 - Autodesk)
Autodesk Material Library Low Resolution Image Library 2013 (HKLM-x32\...\{27C6C0A2-2EC9-4FEA-BE2B-659EAAC2C68C}) (Version: 3.0.13 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2012 (HKLM-x32\...\{B5751715-EC10-43D9-8C95-62E1368433EF}) (Version: 2.5.0.8 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2013 (HKLM-x32\...\{58760EEC-8B6A-43F4-81AA-696E381DFADD}) (Version: 3.0.13 - Autodesk)
Autodesk Revit Architecture 2013 (HKLM\...\Autodesk Revit Architecture 2013) (Version: 12.02.21203 - Autodesk)
Bentley DGN IFilter (HKLM\...\{2E873893-A883-4C06-8308-7B491D58F3D6}) (Version: 1.0.1.11 - Bentley Systems, Incorporated)
Bentley DGN Preview Handler (HKLM-x32\...\{264B522D-1B7F-4AAF-A32B-55A6BF5679F2}) (Version: 8.11.8004 - Bentley Systems, Incorporated)
Bentley DGN Thumbnail Provider (HKLM\...\{74A8C1AF-75E5-4653-95AF-222725B7D877}) (Version: 8.11.7.410 - Bentley Systems, Incorporated)
Bentley V8i (SELECTseries 3) - Autodesk® RealDWG™ 2012 (HKLM-x32\...\{23D46254-9D4C-446C-900A-F53AF1D12A90}) (Version: 8.11.9.292 - Bentley Systems, Incorporated)
Bluerock Technologies Flight Studio 3ds Max 2009 64-bit (HKLM\...\{3605AC81-55E5-0409-BB41-0407FB67C639}) (Version: 11.0 - Autodesk)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.64.1073 - AB Team, d.o.o.)
BS.Player PRO (HKLM-x32\...\BSPlayerp) (Version: 2.63.1071 - AB Team, d.o.o.)
Bullzip PDF Printer 7.2.0.1338 (HKLM\...\Bullzip PDF Printer_is1) (Version: 7.2.0.1338 - Bullzip)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon MP Navigator EX 3.0 (HKLM-x32\...\MP Navigator EX 3.0) (Version:  - )
Canon MP640 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series) (Version:  - )
Canon MX430 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX430_series) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.1219.1521.27485 - Nome de sua empresa:) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Combined Community Codec Pack 2013-04-20 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2013.04.20.0 - CCCP Project)
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
CPUID CPU-Z 1.67.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CyberLink PowerDirector 11 (HKLM-x32\...\InstallShield_{551F492A-01B0-4DC4-866F-875EC4EDC0A8}) (Version: 11.0.0.2321 - CyberLink Corp.)
CyberLink PowerDirector 11 (Version: 11.0.0.2321 - CyberLink Corp.) Hidden
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.2.0.0348 - DT Soft Ltd)
Daniusoft Video Converter Ultimate(Build 3.1.1.0) (HKLM-x32\...\Daniusoft Video Converter Ultimate_is1) (Version:  - Daniusoft Software)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0002 - Microsoft Corporation)
DiskAid 5.09 (HKLM-x32\...\DiskAid_is1) (Version: 5.09 - DigiDNA)
Dream Video Converter Ultimate 4.3.8 (HKLM-x32\...\{66712EEE-ECBC-4CA6-solid-mp4-video-converter-converter}_is1) (Version:  - TopVideoSoft,Inc.)
Driver Genius (HKLM-x32\...\Driver Genius_is1) (Version: 12.0 - Driver-Soft Inc.)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
DWG TrueView 2012 (HKLM\...\DWG TrueView 2012) (Version: 18.2.51.0 - Autodesk)
DWG TrueView 2012 (Version: 18.2.51.0 - Autodesk) Hidden
EaseUS Data Recovery Wizard 7.5 (HKLM-x32\...\EaseUS Data Recovery Wizard 7.5_is1) (Version:  - EaseUS)
EVEREST Ultimate Edition v5.50 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 5.50 - Lavalys, Inc.)
FARO LS 1.1.406.58 (HKLM-x32\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
FARO LS 1.1.408.2 (HKLM-x32\...\{91221AAC-F2A0-4028-8016-C7DAF63CB6CC}) (Version: 4.8.2.25521 - FARO Scanner Production)
FARO LS 4.8.2.25521 (HKLM-x32\...\FARO LS_is1) (Version:  - FARO Technologies)
FastPictureViewer Codec Pack 2.1R2 (HKLM-x32\...\{F6A12E1E-30D6-404A-8381-56A896E44FA7}) (Version: 2.1.0.4 - Axel Rietschin Software Developments)
FBX Plugin 2009.0 for Max 2009 64 (HKLM\...\FBX Plugin 2009.0 for Max 2009 64) (Version:  - )
Freemake Video Converter versão 3.2.1 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 3.2.1 - Ellora Assets Corporation)
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 3.21.2.1 - Futuremark Corporation)
Geeks3D.com FurMark 1.9.2 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D.com)
Google Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
HDR Preview (HKLM\...\{9F7815C9-A323-4215-905C-73137D21BCC0}) (Version: 1.0.0.2 - Bentley Systems, Incorporated)
honestech Easy Video Editor (HKLM-x32\...\{37B9DFD1-EC6F-4040-9AEF-DD275BB95952}) (Version: 3.0 Trial - honestech)
iCloud (HKLM\...\{CE97E4D3-9F91-4D72-8A29-ED9EA90E5A15}) (Version: 2.1.3.25 - Apple Inc.)
i-model ODBC Driver for Windows 7 (HKLM-x32\...\{775616F7-2D4C-4D73-8773-A66C0BCECB38}) (Version: 01.00.00020 - Bentley Systems, Incorporated)
i-model ODBC Driver for Windows 7 (x64) (HKLM\...\{454AD0FD-21D2-4E73-99E9-A40CAC75A636}) (Version: 01.00.00020 - Bentley Systems, Incorporated)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416031FF}) (Version: 6.0.310 - Oracle)
Java™ 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.65.11 - JMicron Technology Corp.)
Jump Desktop (HKLM-x32\...\{641410DD-5F16-4DEA-83C9-36D2D290FC18}) (Version: 3.2.0 - Phase Five Systems)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
KNCTR (HKLM-x32\...\Itibiti_is1) (Version:  - Itibiti Inc.)
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Marvelous Designer 2 (HKLM-x32\...\Marvelous Designer 2) (Version:  - CLO Virtual Fashion Inc.)
Marvelous Designer 3 Personal (HKLM-x32\...\Marvelous Designer 3 Personal) (Version:  - CLO Virtual Fashion Inc.)
McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 3.0.285.6 - McAfee, Inc.)
Media Buzz (HKLM-x32\...\MediaBuzzV1mode5509) (Version: 1.1 - Media Buzz) <==== ATTENTION
Media Watch (HKLM-x32\...\MediaWatchV1home9227) (Version: 1.1 - Media Watch) <==== ATTENTION
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (Portuguese (Portugal)) 2007 (x32 Version: 12.0.4518.1029 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Portuguese (Portugal)) 2007 (x32 Version: 12.0.4518.1029 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (Portuguese (Portugal)) 2007 (x32 Version: 12.0.4518.1029 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Portuguese (Portugal)) 2007 (x32 Version: 12.0.4518.1029 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Portuguese (Portugal)) 2007 (x32 Version: 12.0.4518.1029 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Portuguese (Portugal)) 2007 (x32 Version: 12.0.4518.1029 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2007 (x32 Version: 12.0.4518.1029 - Microsoft Corporation) Hidden
Microsoft Office Project MUI (Portuguese (Portugal)) 2007 (x32 Version: 12.0.4518.1029 - Microsoft Corporation) Hidden
Microsoft Office Project Professional 2007 (HKLM-x32\...\PRJPRO) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Project Professional 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Portuguese (Portugal)) 2007 (x32 Version: 12.0.4518.1029 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Portuguese (Portugal)) 2007 (x32 Version: 12.0.4518.1029 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Portuguese (Portugal)) 2007 (x32 Version: 12.0.4518.1029 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (Portuguese (Portugal)) 2007 (Version: 12.0.4518.1029 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Portuguese (Portugal)) 2007 (x32 Version: 12.0.4518.1029 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Portuguese (Portugal)) 2007 (x32 Version: 12.0.4518.1029 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 x64 ATL Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 x64 CRT Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 x64 MFC Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 x64 OpenMP Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140) (HKLM-x32\...\{90A80D89-A0E4-33C1-B13D-B93CB3496867}.KB945140) (Version: 1 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MicroStation V8i (SELECTseries 3) 08.11.09.292 (HKLM-x32\...\{3E580885-4EF5-40EA-B2E9-7645CA1A0D73}) (Version: 08.11.09.292 - Bentley Systems, Incorporated)
Mozilla Firefox 29.0.1 (x86 pt-PT) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 pt-PT)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mp3Gain PRO (HKLM-x32\...\Mp3Gain PRO_is1) (Version: 1.02 - Pro-Software.)
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.2.11000.12.100 - Nero AG)
Nero Burning ROM 10 (HKLM-x32\...\{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}) (Version: 10.5.10300 - Nero AG)
Nero Control Center 10 (x32 Version: 10.2.10600.0.6 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.17400.8.2 - Nero AG) Hidden
Newblue Art Effects for PowerDirector (HKLM\...\NewBlue Art Effects for PowerDirector) (Version: 2.0 - NewBlue)
Nitro PDF Professional (HKLM\...\{634A0A5C-9B34-11DE-87AE-C7A555D89593}) (Version: 6.0.1.8 - Nitro PDF Software)
NVIDIA 3D Vision Controller Driver (x32 Version: 275.33 - NVIDIA Corporation) Hidden
NVIDIA Controlador 3D Vision 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.22 - NVIDIA Corporation)
NVIDIA Controlador gráfico 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.22 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.115.743 - NVIDIA Corporation) Hidden
NVIDIA nView Desktop Manager (Version: 6.14.10.13585 - NVIDIA Corporation) Hidden
NVIDIA O controlador de 3D Vision 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 314.22 - NVIDIA Corporation)
NVIDIA O controlador de HD Audio 1.3.23.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.23.1 - NVIDIA Corporation)
NVIDIA O software do sistema PhysX 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA O software nView 136.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.53 - NVIDIA Corporation)
NVIDIA Performance Driver for Autodesk 3ds Max 2009 64-bit (enu) (HKLM\...\NVIDIA Performance Driver for Autodesk 3ds Max 2009 64-bit (enu)) (Version: 3dsmaxpd: 11.0.8.0  - NVIDIA Corporation)
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1422 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.12.12 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Painel de controlo da NVIDIA 314.22 (Version: 314.22 - NVIDIA Corporation) Hidden
PassShow (HKLM-x32\...\0AADCD53-E02F-9B5A-5431-BAACC6D75585) (Version:  - PassShow-software) <==== ATTENTION
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Photomatix Pro version 4.1.3 (HKLM\...\PhotomatixPro41x64_is1) (Version: 4.1.3 - HDRsoft Sarl)
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden
Portrait Professional Studio 9.0 (HKLM-x32\...\Portrait Professional Studio 9_is1) (Version: 9.0 - Anthropics Technology Ltd.)
PowerDirector (Version: 11.0 - Nome da empresa:) Hidden
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.5.12.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6650 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6809 - Realtek Semiconductor Corp.)
Registro do usuário Canon MP640 series (HKLM-x32\...\Registro do usuário Canon MP640 series) (Version:  - )
Registro do usuário Canon MX430 series (HKLM-x32\...\Registro do usuário Canon MX430 series) (Version:  - )
Revit Architecture 2013 (Version: 12.02.21203 - Autodesk) Hidden
Revit Architecture 2013 Language Pack - English (Version: 12.02.21203 - Autodesk) Hidden
Rich Media View (HKLM-x32\...\RichMediaViewV1release680) (Version: 1.1 - Rich Media View) <==== ATTENTION
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.13.3.38 - Client Connect LTD) <==== ATTENTION
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.8 - SmartSound Software Inc.) Hidden
Software Version Updater (HKLM-x32\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version: 1.1.3.6 - ) <==== ATTENTION
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
TightVNC 2.0.2 (HKLM-x32\...\TightVNC) (Version: 2.0.2 - GlavSoft LLC.)
Topaz Adjust 5 (64-bit) (HKLM-x32\...\Topaz Adjust 5 (64-bit)) (Version: 5.0.0 - Topaz Labs)
Topaz Adjust 5 (HKLM-x32\...\Topaz Adjust 5) (Version: 5.0.0 - Topaz Labs)
Topaz B&W Effects (64-bit) (HKLM-x32\...\Topaz B&W Effects (64-bit)) (Version: 1.1.0 - Topaz Labs)
Topaz B&W Effects (HKLM-x32\...\Topaz B&W Effects) (Version: 1.1.0 - Topaz Labs)
Topaz Clean 3 (64-bit) (HKLM-x32\...\Topaz Clean 3 (64-bit)) (Version: 3.0.2 - Topaz Labs)
Topaz Clean 3 (HKLM-x32\...\Topaz Clean 3) (Version: 3.0.2 - Topaz Labs)
Topaz DeJpeg 4 (64-bit) (HKLM-x32\...\Topaz DeJpeg 4 (64-bit)) (Version: 4.0.2 - Topaz Labs)
Topaz DeJpeg 4 (HKLM-x32\...\Topaz DeJpeg 4) (Version: 4.0.2 - Topaz Labs)
Topaz DeNoise 5 (64-bit) (HKLM-x32\...\Topaz DeNoise 5 (64-bit)) (Version: 5.0.1 - Topaz Labs)
Topaz DeNoise 5 (HKLM-x32\...\Topaz DeNoise 5) (Version: 5.0.1 - Topaz Labs)
Topaz Detail 2 (64-bit) (HKLM-x32\...\Topaz Detail 2 (64-bit)) (Version: 2.0.5 - Topaz Labs)
Topaz Detail 2 (HKLM-x32\...\Topaz Detail 2) (Version: 2.0.5 - Topaz Labs)
Topaz Fusion Express 2 (64-bit) (HKLM-x32\...\Topaz Fusion Express 2 (64-bit)) (Version: 2.1.1 - Topaz Labs)
Topaz Fusion Express 2 (HKLM-x32\...\Topaz Fusion Express 2) (Version: 2.1.1 - Topaz Labs)
Topaz InFocus (64-bit) (HKLM-x32\...\Topaz InFocus (64-bit)) (Version: 1.0.0 - Topaz Labs)
Topaz InFocus (64-bit) (Version: 1.0.0 - Topaz Labs) Hidden
Topaz InFocus (HKLM-x32\...\Topaz InFocus) (Version: 1.0.0 - Topaz Labs)
Topaz InFocus (x32 Version: 1.0.0 - Topaz Labs) Hidden
Topaz Lens Effects (64-bit) (HKLM-x32\...\Topaz Lens Effects (64-bit)) (Version: 1.2.0 - Topaz Labs)
Topaz Lens Effects (HKLM-x32\...\Topaz Lens Effects) (Version: 1.2.0 - Topaz Labs)
Topaz ReMask 3 (64-bit) (HKLM-x32\...\Topaz ReMask 3 (64-bit)) (Version: 3.2.1 - Topaz Labs)
Topaz ReMask 3 (HKLM-x32\...\Topaz ReMask 3) (Version: 3.2.1 - Topaz Labs)
Topaz Simplify 3 (64-bit) (HKLM-x32\...\Topaz Simplify 3 (64-bit)) (Version: 3.0.2 - Topaz Labs)
Topaz Simplify 3 (HKLM-x32\...\Topaz Simplify 3) (Version: 3.0.2 - Topaz Labs)
Turbo Squid Tentacles 3ds Max 2009 64-bit (HKLM\...\{29421E62-F88F-45F1-8686-8EAE6748AE59}) (Version: 3.2.0 - Turbo Squid)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
VBA (2627.01) (x32 Version: 6.03.00.9402 - Microsoft Corporation) Hidden
Video Editor (HKLM-x32\...\{739226B3-1B80-4F9F-8D19-312A19633E1A}_is1) (Version:  - )
Visual Basic for Applications ® Core - English (x32 Version: 6.5.10.32 - Microsoft Corporation) Hidden
Visual Basic for Applications ® Core (x32 Version: 6.5.10.32 - Microsoft Corporation) Hidden
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visualization Content (HKLM-x32\...\{A12C2FC2-6122-4107-A6AE-677339873A24}) (Version: 8.11.9.292 - Bentley Systems, Incorporated)
V-Ray for 3dsmax 2009 for x64 (HKLM\...\V-Ray for 3dsmax 2009 for x64) (Version: 1.50.SP2 - Chaos Group Ltd)
V-Ray for 3dsmax 2012 for x64 (HKLM\...\V-Ray for 3dsmax 2012 for x64) (Version: 2.40.03 - Chaos Software Ltd)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
Zero Assumption Recovery Version 9 (HKLM-x32\...\Zero Assumption Recovery_is1) (Version:  - )
 
==================== Restore Points  =========================
 
14-06-2014 20:56:24 Removed VOB2MPG v3
15-06-2014 21:19:34 Restore Operation
 
==================== Hosts content: ==========================
 
2009-07-14 03:34 - 2011-10-01 09:39 - 00001306 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
 
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {17350C59-0E90-4BC8-9478-A7721C36B022} - System32\Tasks\BitGuard => Sc.exe start BitGuard <==== ATTENTION
Task: {1E2BFDD5-7548-4FA1-B0EF-07B34569729C} - System32\Tasks\PassShow Update => C:\Program Files (x86)\PassShow-soft\PassShown90.exe [2014-06-14] () <==== ATTENTION
Task: {2C6D26C0-EB1F-4E45-AE4C-581BED58D290} - System32\Tasks\{DB1FC0F7-5092-4B7E-B15A-A860BA6732A7} => Firefox.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.6.59.110&amp;LastError=-9
Task: {39203A8A-DA03-4416-AA8B-B49E4A411238} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-01] (Adobe Systems Incorporated)
Task: {424F0064-E298-49BC-AC77-04063B98D33A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-29] (Google Inc.)
Task: {58837932-9CED-4C4A-ADFD-9433559398FE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-29] (Google Inc.)
Task: {72C49D8B-B56E-49A9-9992-ABAD20534C24} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {86730F1D-588B-4A31-97F8-E990284FDC2B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3497392821-1682579423-1492870458-1000UA => C:\Users\LiquidPC\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-17] (Google Inc.)
Task: {A54E0B4C-A32B-4837-8309-77E2D1B21E7E} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION
Task: {D28B5775-5216-45DF-878E-6B8E9EE3351A} - System32\Tasks\AmiUpdXp => C:\Users\LiquidPC\AppData\Local\SwvUpdater\Updater.exe [2013-12-04] (Amonetizé Ltd) <==== ATTENTION
Task: {E34BE0C2-3BE2-4A20-9CD5-1C11262518B8} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION
Task: {E85F3303-A80C-42B0-AF26-6F82E259C359} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {EB651814-E91F-4C91-ACBC-8E5ED9831687} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3497392821-1682579423-1492870458-1000Core => C:\Users\LiquidPC\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-17] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\LiquidPC\AppData\Local\SwvUpdater\Updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3497392821-1682579423-1492870458-1000Core.job => C:\Users\LiquidPC\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3497392821-1682579423-1492870458-1000UA.job => C:\Users\LiquidPC\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PassShow Update.job => C:\Program Files (x86)\PassShow-soft\PassShown90.exe <==== ATTENTION
 
==================== Loaded Modules (whitelisted) =============
 
2013-12-04 20:50 - 2013-11-18 15:32 - 01958880 _____ () C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\loader.dll
2012-05-15 11:29 - 2013-03-15 05:16 - 00086304 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2008-06-02 11:09 - 2008-06-02 11:09 - 00086016 _____ () C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe
2011-02-22 22:52 - 2011-02-22 22:52 - 00086016 _____ () C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
2012-12-10 20:16 - 2012-09-12 00:14 - 00390672 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2010-04-01 17:10 - 2010-04-01 17:10 - 02803200 _____ () C:\Program Files\Common Files\Autodesk Shared\Adlm\R4\QtCoreAdlm4.dll
2010-04-01 17:28 - 2010-04-01 17:28 - 10493440 _____ () C:\Program Files\Common Files\Autodesk Shared\Adlm\R4\QtGuiAdlm4.dll
2010-04-01 17:12 - 2010-04-01 17:12 - 00915456 _____ () C:\Program Files\Common Files\Autodesk Shared\Adlm\R4\QtNetworkAdlm4.dll
2010-04-01 17:10 - 2010-04-01 17:10 - 00457216 _____ () C:\Program Files\Common Files\Autodesk Shared\Adlm\R4\QtXmlAdlm4.dll
2011-04-12 18:31 - 2011-04-12 18:31 - 02803200 _____ () C:\Program Files\Common Files\Autodesk Shared\Adlm\R5\QtCoreAdlm4.dll
2011-04-12 18:40 - 2011-04-12 18:40 - 09992704 _____ () C:\Program Files\Common Files\Autodesk Shared\Adlm\R5\QtGuiAdlm4.dll
2011-04-12 18:32 - 2011-04-12 18:32 - 01004032 _____ () C:\Program Files\Common Files\Autodesk Shared\Adlm\R5\QtNetworkAdlm4.dll
2011-04-12 18:31 - 2011-04-12 18:31 - 00423936 _____ () C:\Program Files\Common Files\Autodesk Shared\Adlm\R5\QtXmlAdlm4.dll
2014-06-17 19:05 - 2014-06-17 19:05 - 00050477 _____ () C:\Users\LiquidPC\Desktop\Defogger.exe
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2011-12-21 15:50 - 2011-12-21 15:50 - 02113608 _____ () C:\Program Files (x86)\Jump Desktop\JumpNetwork.dll
2014-06-17 19:04 - 2014-06-17 19:04 - 00043008 _____ () c:\users\liquidpc\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpptjc66.dll
2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\LiquidPC\AppData\Roaming\Dropbox\bin\libcef.dll
2014-06-13 13:31 - 2014-06-05 14:58 - 00716616 _____ () C:\Users\LiquidPC\AppData\Local\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-13 13:31 - 2014-06-05 14:58 - 00126280 _____ () C:\Users\LiquidPC\AppData\Local\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-06-13 13:31 - 2014-06-05 14:58 - 04217672 _____ () C:\Users\LiquidPC\AppData\Local\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-13 13:31 - 2014-06-05 14:58 - 00414536 _____ () C:\Users\LiquidPC\AppData\Local\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-13 13:31 - 2014-06-05 14:58 - 01732424 _____ () C:\Users\LiquidPC\AppData\Local\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\Windows:AstInfo
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== EXE Association (whitelisted) =============
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
MSCONFIG\startupfolder: C:^Users^LiquidPC^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: DAEMON Tools Pro Agent => "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
MSCONFIG\startupreg: Google Update => "C:\Users\LiquidPC\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: IJNetworkScanUtility => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SearchProtection => "C:\Users\LiquidPC\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/17/2014 07:04:35 PM) (Source: System Restore) (EventID: 8209) (User: )
Description: System Restore did not run because the system was restarted, lost power, or stopped responding. Additional information: (Removed VOB2MPG v3).
 
Error: (06/17/2014 07:04:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/15/2014 10:24:04 PM) (Source: System Restore) (EventID: 8209) (User: )
Description: System Restore did not run because the system was restarted, lost power, or stopped responding. Additional information: (Removed VOB2MPG v3).
 
Error: (06/15/2014 10:23:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/15/2014 10:21:35 PM) (Source: System Restore) (EventID: 8209) (User: )
Description: System Restore did not run because the system was restarted, lost power, or stopped responding. Additional information: (Removed VOB2MPG v3).
 
Error: (06/15/2014 10:21:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/15/2014 10:12:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/15/2014 10:06:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/15/2014 10:04:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/15/2014 10:02:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (06/17/2014 07:06:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
%%1069
 
Error: (06/17/2014 07:06:24 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 
%%1330
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (06/17/2014 07:04:42 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Serviço de Escuta do Grupo Doméstico service terminated with service-specific error %%-2147023143.
 
Error: (06/15/2014 10:24:12 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Serviço de Escuta do Grupo Doméstico service terminated with service-specific error %%-2147023143.
 
Error: (06/15/2014 10:21:43 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Serviço de Escuta do Grupo Doméstico service terminated with service-specific error %%-2147023143.
 
Error: (06/15/2014 10:14:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
%%1069
 
Error: (06/15/2014 10:14:45 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 
%%1330
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (06/15/2014 10:13:04 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Serviço de Escuta do Grupo Doméstico service terminated with service-specific error %%-2147023143.
 
Error: (06/15/2014 10:12:40 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 22:11:50 on ‎15-‎06-‎2014 was unexpected.
 
Error: (06/15/2014 10:08:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
%%1069
 
 
Microsoft Office Sessions:
=========================
Error: (05/21/2014 09:44:19 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 540 seconds with 540 seconds of active time.  This session ended with a crash.
 
Error: (04/29/2014 02:43:06 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1003 seconds with 840 seconds of active time.  This session ended with a crash.
 
Error: (04/11/2014 11:49:59 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 40 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (04/11/2014 11:49:10 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4995 seconds with 1680 seconds of active time.  This session ended with a crash.
 
Error: (04/08/2014 00:16:31 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 454 seconds with 360 seconds of active time.  This session ended with a crash.
 
Error: (04/08/2014 00:08:29 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 348 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error: (04/08/2014 00:09:53 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1821 seconds with 1440 seconds of active time.  This session ended with a crash.
 
Error: (04/07/2014 11:22:58 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 34 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (04/07/2014 05:28:23 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 5634 seconds with 3000 seconds of active time.  This session ended with a crash.
 
Error: (04/07/2014 03:54:22 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3042 seconds with 1260 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 27%
Total physical RAM: 8183.12 MB
Available physical RAM: 5927.16 MB
Total Pagefile: 16364.43 MB
Available Pagefile: 13446.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.69 GB) (Free:11.34 GB) NTFS
Drive d: (Backup 1) (Fixed) (Total:931.51 GB) (Free:58.28 GB) NTFS
Drive f: (BIBLIOTECA) (Fixed) (Total:149.04 GB) (Free:55.55 GB) exFAT
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 11039231)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=112 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: 1186743A)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 149 GB) (Disk ID: 5B6AC646)
Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#6 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:07:37 AM

Posted 17 June 2014 - 02:20 PM

Hi rreis.gomes

You have posted the Addional.txt log twice. I need a copy of the FRST.txt. This should be on your Desktop, please copy and paste the contents of this in your next reply.

Thank you
 


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#7 rreis.gomes

rreis.gomes
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:08:37 AM

Posted 17 June 2014 - 03:26 PM

Sorry

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-06-2014
Ran by LiquidPC (administrator) on LIQUIDPC-PC on 17-06-2014 19:07:15
Running from C:\Users\LiquidPC\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Portuguese Standard
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\ASTSRV.EXE
(Autodesk) C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Phase Five Systems) C:\Program Files (x86)\Jump Desktop\JumpService.exe
() C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe
() C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(GlavSoft LLC.) C:\Program Files (x86)\TightVNC\tvnserver.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Microsoft Corporation) C:\Windows\System32\wbengine.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Akamai Technologies, Inc.) C:\Users\LiquidPC\AppData\Local\Akamai\netsession_win.exe
(Phase Five Systems) C:\Program Files (x86)\Jump Desktop\JumpDesktop.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Akamai Technologies, Inc.) C:\Users\LiquidPC\AppData\Local\Akamai\netsession_win.exe
(BitTorrent Inc.) C:\Users\LiquidPC\AppData\Roaming\uTorrent\uTorrent.exe
(GlavSoft LLC.) C:\Program Files (x86)\TightVNC\tvnserver.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Dropbox, Inc.) C:\Users\LiquidPC\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Users\LiquidPC\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\LiquidPC\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\LiquidPC\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\LiquidPC\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\LiquidPC\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\LiquidPC\AppData\Local\Google\Chrome\Application\chrome.exe
(Flexera Software, Inc.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
(Autodesk, Inc.) C:\Program Files\Common Files\Autodesk Shared\AdLM\R4\LMU.exe
(Google Inc.) C:\Users\LiquidPC\AppData\Local\Google\Chrome\Application\chrome.exe
(Autodesk, Inc.) C:\Program Files\Common Files\Autodesk Shared\AdLM\R5\LMU.exe
() C:\Users\LiquidPC\Desktop\Defogger.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-03-17] (CANON INC.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-13] (Realtek Semiconductor)
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\TightVNC\tvnserver.exe [815704 2010-07-08] (GlavSoft LLC.)
HKLM-x32\...\Run: [Driver Genius] => [X]
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43608 2010-09-07] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,,C:\Users\LiquidPC\AppData\Local\iswnsgyq\qyoadgih.exe
HKLM-x32\...\Winlogon: [Userinit] userinit.exe,C:\Users\LiquidPC\AppData\Local\iswnsgyq\qyoadgih.exe [X]
HKU\S-1-5-21-3497392821-1682579423-1492870458-1000\...\Run: [Akamai NetSession Interface] => C:\Users\LiquidPC\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3497392821-1682579423-1492870458-1000\...\Run: [Jump Desktop] => C:\Program Files (x86)\Jump Desktop\JumpDesktop.exe [424008 2011-12-21] (Phase Five Systems)
HKU\S-1-5-21-3497392821-1682579423-1492870458-1000\...\Run: [Google Update] => C:\Users\LiquidPC\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-17] (Google Inc.)
HKU\S-1-5-21-3497392821-1682579423-1492870458-1000\...\Run: [uTorrent] => C:\Users\LiquidPC\AppData\Roaming\uTorrent\uTorrent.exe [1267536 2014-06-11] (BitTorrent Inc.)
HKU\S-1-5-21-3497392821-1682579423-1492870458-1000\...\Run: [QyoAdgih] => C:\Users\LiquidPC\AppData\Local\iswnsgyq\qyoadgih.exe [190976 2014-03-30] ()
HKU\S-1-5-21-3497392821-1682579423-1492870458-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3497392821-1682579423-1492870458-1000\...\MountPoints2: {2e124da8-8895-11e2-928e-485b39024fe8} - J:\Setup.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [202560 2014-05-23] (Client Connect LTD)
AppInit_DLLs:  c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll => C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\loader.dll [1958880 2013-11-18] ()
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [171840 2014-05-23] (Client Connect LTD)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\LiquidPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\LiquidPC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://pt.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC3BB245B1E7DCC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://pt.msn.com/?ocid=OIE9HP
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.claro-search.com/?affID=117452&tt=5012_1&babsrc=HP_ss&mntrId=3af8ab57000000000000485b39024fe8
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKCU - {B38747CA-116B-4DC3-AA9E-A0E74BBC0EA2} URL = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: PassShow - {26DAF52A-3157-01E3-88B1-1DE88DAE0CFD} - C:\Program Files (x86)\PassShow-soft\171.dll ()
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{E16A77D7-5708-48E4-8BB6-9C234CE34F13}: [NameServer]8.8.8.8,8.8.4.4
 
FireFox:
========
FF ProfilePath: C:\Users\LiquidPC\AppData\Roaming\Mozilla\Firefox\Profiles\hianj9xh.default
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=MA9C3226C-AA01-4378-8D9E-AC6688B5A29B&SearchSource=69&CUI=&SSPV=SP215B_sp_ff&Lay=1&UM=5&UP=SPA3C47ABE-26C8-4D41-92EA-4274B7267854
FF DefaultSearchEngine: Trovi search
FF SelectedSearchEngine: Trovi search
FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=MA9C3226C-AA01-4378-8D9E-AC6688B5A29B&SearchSource=55&CUI=&UM=5&UP=SPA3C47ABE-26C8-4D41-92EA-4274B7267854&SSPV=SP215B_sp_ff
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @autodesk.com/DWF - C:\Program Files (x86)\Autodesk\Autodesk Design Review Browser Add-on v1.2\npADRdwf.dll (Autodesk)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\LiquidPC\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\LiquidPC\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\LiquidPC\AppData\Roaming\Mozilla\Firefox\Profiles\hianj9xh.default\user.js
FF SearchPlugin: C:\Users\LiquidPC\AppData\Roaming\Mozilla\Firefox\Profiles\hianj9xh.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\LiquidPC\AppData\Roaming\Mozilla\Firefox\Profiles\hianj9xh.default\searchplugins\googlept.xml
FF SearchPlugin: C:\Users\LiquidPC\AppData\Roaming\Mozilla\Firefox\Profiles\hianj9xh.default\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\priberam.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\sapo.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipedia-ptpt.xml
FF Extension: British English Dictionary (Updated) - C:\Users\LiquidPC\AppData\Roaming\Mozilla\Firefox\Profiles\hianj9xh.default\Extensions\en-gb@flyingtophat.co.uk [2014-05-17]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\LiquidPC\AppData\Roaming\Mozilla\Firefox\Profiles\hianj9xh.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-05-18]
FF Extension: English (GB) Language Pack - C:\Users\LiquidPC\AppData\Roaming\Mozilla\Firefox\Profiles\hianj9xh.default\Extensions\langpack-en-GB@firefox.mozilla.org.xpi [2014-05-17]
FF Extension: Adblock Plus - C:\Users\LiquidPC\AppData\Roaming\Mozilla\Firefox\Profiles\hianj9xh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-26]
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-06-11]
FF Extension: No Name - C:\Program Files (x86)\PassShow-soft\171.xpi [2014-06-14]
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaWatchV1home9227.net] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home9227\ff
FF Extension: Media Watch - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home9227\ff [2014-03-30]
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaBuzzV1mode5509.net] - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode5509\ff
FF Extension: Media Buzz - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode5509\ff [2014-04-25]
FF HKLM-x32\...\Firefox\Extensions: [ext@RichMediaViewV1release680.net] - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release680\ff
FF Extension: Rich Media View - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release680\ff [2014-05-14]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-06-11]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-06-11]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-06-11]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-06-11]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-06-11]
FF HKCU\...\Firefox\Extensions: [{BD4ACD0E-3854-3C2A-20FC-BC9B823C8DED}] - C:\Program Files (x86)\PassShow-soft\171.xpi
FF Extension: No Name - C:\Program Files (x86)\PassShow-soft\171.xpi [2014-06-14]
 
Chrome: 
=======
CHR StartupUrls: "hxxp://www.trovi.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=MA9C3226C-AA01-4378-8D9E-AC6688B5A29B&SearchSource=55&CUI=&UM=5&UP=SPA3C47ABE-26C8-4D41-92EA-4274B7267854&SSPV=SP215B_sp_ch"
CHR DefaultSearchKeyword: google.co.uk
CHR Plugin: (Shockwave Flash) - C:\Users\LiquidPC\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\LiquidPC\AppData\Local\Google\Chrome\Application\35.0.1916.153\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\LiquidPC\AppData\Local\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\LiquidPC\AppData\Local\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Autodesk Design Review Browser Add-on v1.2) - C:\Program Files (x86)\Autodesk\Autodesk Design Review Browser Add-on v1.2\npADRdwf.dll (Autodesk)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Extension: (Google Drive) - C:\Users\LiquidPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-14]
CHR Extension: (Pesquisa do Google) - C:\Users\LiquidPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-14]
CHR Extension: (Search by Image (by Google)) - C:\Users\LiquidPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2014-06-14]
CHR Extension: (Google Wallet) - C:\Users\LiquidPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-05]
CHR Extension: (Dynamic Maps for Google+™) - C:\Users\LiquidPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\oipgklkggfaokcoipmecomffdpebimle [2014-06-14]
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-06-14]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2014-05-27]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2014-05-27]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2014-05-27]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2014-05-27]
CHR HKLM-x32\...\Chrome\Extension: [jjoianejlakljmbecdpidnpbiipaekfh] - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode5509\ch\MediaBuzzV1mode5509.crx [2014-04-24]
CHR HKLM-x32\...\Chrome\Extension: [liahaojpajfdeahdelpndhkfpfbghjnp] - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release680\ch\RichMediaViewV1release680.crx [2014-05-13]
CHR HKLM-x32\...\Chrome\Extension: [neinnaficapohmeocbfmkghipckdcedo] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home9227\ch\MediaWatchV1home9227.crx [2014-03-21]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2014-05-27]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
R2 astcc; C:\Windows\SysWOW64\ASTSRV.EXE [61760 2009-09-15] (Nalpeiron Ltd.)
R2 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [82584 2013-05-06] (Autodesk) [File not signed]
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2014-05-27] (Kaspersky Lab ZAO)
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2497856 2014-05-23] (Client Connect LTD)
R2 JumpDesktop; C:\Program Files (x86)\Jump Desktop\JumpService.exe [7680 2011-12-21] (Phase Five Systems) [File not signed]
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
R2 mi-raysat_3dsMax2009_64; C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe [86016 2008-06-02] () [File not signed]
R2 mi-raysat_3dsmax2012_64; C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [86016 2011-02-22] () [File not signed]
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)
R2 NitroDriverReadSpool; C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [324928 2009-09-15] (Nitro PDF Software)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-09-12] ()
R2 tvnserver; C:\Program Files (x86)\TightVNC\tvnserver.exe [815704 2010-07-08] (GlavSoft LLC.)
 
==================== Drivers (Whitelisted) ====================
 
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-09] (DT Soft Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-05-27] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-05-27] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-05-27] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-05-27] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-05-27] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2014-05-27] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-05-27] (Kaspersky Lab ZAO)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-08-02] (Apple Inc.) [File not signed]
S3 cpuz130; \??\C:\Users\LiquidPC\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]
S3 EverestDriver; \??\C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-17 19:07 - 2014-06-17 19:07 - 00027855 _____ () C:\Users\LiquidPC\Desktop\FRST.txt
2014-06-17 19:07 - 2014-06-17 19:07 - 00000000 ____D () C:\FRST
2014-06-17 19:06 - 2014-06-17 19:06 - 02081280 _____ (Farbar) C:\Users\LiquidPC\Desktop\FRST64.exe
2014-06-17 19:06 - 2014-06-17 19:06 - 00000478 _____ () C:\Users\LiquidPC\Desktop\defogger_disable.log
2014-06-17 19:06 - 2014-06-17 19:06 - 00000178 _____ () C:\Users\LiquidPC\defogger_reenable
2014-06-17 19:05 - 2014-06-17 19:05 - 00050477 _____ () C:\Users\LiquidPC\Desktop\Defogger.exe
2014-06-15 21:57 - 2014-06-15 22:15 - 00000000 ____D () C:\Users\LiquidPC\Downloads\Enemy (2013)
2014-06-15 21:57 - 2014-06-15 21:57 - 00007733 _____ () C:\Users\LiquidPC\Desktop\Enemy_2013_720p.torrent
2014-06-15 16:01 - 2014-06-15 16:01 - 00006141 _____ () C:\Users\LiquidPC\Desktop\attach.rar
2014-06-15 15:41 - 2014-06-15 15:41 - 00033425 _____ () C:\Users\LiquidPC\Desktop\attach.txt
2014-06-15 15:41 - 2014-06-15 15:40 - 00020881 _____ () C:\Users\LiquidPC\Desktop\dds.txt
2014-06-15 15:40 - 2014-06-15 15:40 - 00688992 ____R (Swearware) C:\Users\LiquidPC\Desktop\dds.com
2014-06-15 15:33 - 2014-06-15 15:35 - 00004188 _____ () C:\Users\LiquidPC\Desktop\Rkill.txt
2014-06-15 15:33 - 2014-06-15 15:33 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\LiquidPC\Desktop\rkill (1).exe
2014-06-15 15:33 - 2014-06-15 15:33 - 01061112 _____ (Bleeping Computer, LLC) C:\Users\LiquidPC\Desktop\rkill64.exe
2014-06-15 15:32 - 2014-06-15 15:32 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\LiquidPC\Desktop\rkill.exe
2014-06-15 13:56 - 2014-06-15 13:58 - 00219460 _____ () C:\Users\LiquidPC\Desktop\report.txt
2014-06-15 13:49 - 2014-06-15 13:49 - 00002532 _____ () C:\Users\LiquidPC\Desktop\aswMBR.txt
2014-06-15 13:49 - 2014-06-15 13:49 - 00000512 _____ () C:\Users\LiquidPC\Desktop\MBR.dat
2014-06-15 13:13 - 2014-06-15 13:13 - 04745728 _____ (AVAST Software) C:\Users\LiquidPC\Desktop\aswMBR.exe
2014-06-15 13:01 - 2014-06-15 13:01 - 00106514 _____ () C:\Users\LiquidPC\Desktop\Extras.Txt
2014-06-15 12:55 - 2014-06-15 13:46 - 00150976 _____ () C:\Users\LiquidPC\Desktop\OTL.Txt
2014-06-15 12:51 - 2014-06-15 12:51 - 00442464 _____ (Kaspersky Lab ZAO) C:\Users\LiquidPC\Desktop\capperkiller.exe
2014-06-15 12:48 - 2014-06-15 12:48 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\LiquidPC\Desktop\tdsskiller.exe
2014-06-15 12:39 - 2014-06-15 12:39 - 00602112 _____ (OldTimer Tools) C:\Users\LiquidPC\Desktop\OTL.exe
2014-06-15 12:25 - 2014-06-15 12:25 - 00000000 ____D () C:\Users\LiquidPC\Desktop\Tutoriais
2014-06-15 10:07 - 2014-06-15 10:13 - 00000000 ____D () C:\Users\LiquidPC\Downloads\Windows 7 Ultimate Fully Activated Genuine x86 x64 - Team ! M-J-R !
2014-06-14 09:26 - 2014-06-17 19:04 - 00000406 _____ () C:\Windows\Tasks\PassShow Update.job
2014-06-14 09:26 - 2014-06-14 09:26 - 00003060 _____ () C:\Windows\System32\Tasks\PassShow Update
2014-06-14 09:26 - 2014-06-14 09:26 - 00001074 _____ () C:\Users\Public\Desktop\KNCTR.lnk
2014-06-14 09:26 - 2014-06-14 09:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KNCTR
2014-06-14 09:26 - 2014-06-14 09:26 - 00000000 ____D () C:\Program Files (x86)\PassShow-soft
2014-06-14 09:26 - 2014-06-14 09:26 - 00000000 ____D () C:\Program Files (x86)\Itibiti Soft Phone
2014-06-14 09:25 - 2014-06-14 15:00 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-06-14 09:25 - 2014-06-14 09:25 - 00001126 _____ () C:\Users\LiquidPC\Desktop\EVEREST Ultimate Edition.lnk
2014-06-14 09:25 - 2014-06-14 09:25 - 00000000 ____D () C:\Users\LiquidPC\AppData\Local\SearchProtect
2014-06-14 09:25 - 2014-06-14 09:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys
2014-06-14 09:25 - 2014-06-14 09:25 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-06-14 09:25 - 2014-06-14 09:25 - 00000000 ____D () C:\Program Files (x86)\Lavalys
2014-06-14 08:14 - 2014-06-14 08:18 - 00009855 _____ () C:\Users\LiquidPC\Desktop\Viagens Lx curso MEP.xlsx
2014-06-14 07:28 - 2014-06-14 07:28 - 00000000 ____D () C:\Users\LiquidPC\Downloads\AUTODESK REVIT MEP Ver 2014-XFORCE
2014-06-14 07:27 - 2014-06-14 07:27 - 00000000 ____D () C:\Users\LiquidPC\Downloads\AUTODESK.REVIT.MEP.V2013-ISO
2014-06-14 07:24 - 2014-06-14 07:26 - 00000000 ____D () C:\Users\LiquidPC\Downloads\AUTODESK.REVIT.MEP.V2012-ISO
2014-06-11 20:37 - 2014-06-12 20:32 - 00000000 ____D () C:\Users\LiquidPC\Downloads\Non Stop (2014)
2014-06-11 20:32 - 2014-06-11 20:52 - 00000000 ____D () C:\Users\LiquidPC\Downloads\Winter's Tale (2014)
2014-06-11 20:05 - 2014-06-17 19:04 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-06-11 20:05 - 2014-06-11 20:05 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-06-11 20:05 - 2014-06-11 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2014-06-11 20:05 - 2014-06-11 20:05 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-06-11 20:05 - 2014-05-27 14:48 - 00625248 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-06-11 20:05 - 2014-05-27 14:48 - 00115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-06-11 20:05 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2014-06-08 16:33 - 2014-06-11 20:55 - 00000000 ____D () C:\Users\LiquidPC\Downloads\300 Rise of an Empire (2014)
2014-06-08 16:32 - 2014-06-08 16:32 - 00008805 _____ () C:\Users\LiquidPC\Downloads\300_Rise_of_an_Empire_2014_720p.torrent
2014-06-08 15:56 - 2014-06-08 15:56 - 00000000 ____D () C:\Users\LiquidPC\Desktop\AHDX9-SMJNA-H7W1E-WHYAD
2014-06-08 12:44 - 2014-06-08 12:45 - 00000000 ____D () C:\Users\LiquidPC\Desktop\RAC 2013
2014-06-08 11:04 - 2014-06-08 11:04 - 00003178 _____ () C:\Windows\System32\Tasks\KsafeDelay
2014-06-08 10:58 - 2014-06-08 10:58 - 00000000 ____D () C:\Users\LiquidPC\AppData\Local\KSafe
2014-06-08 10:57 - 2014-06-11 20:55 - 00000000 ____D () C:\ProgramData\Kingsoft
2014-06-08 10:57 - 2014-06-08 10:57 - 00000000 ____D () C:\Users\LiquidPC\AppData\Roaming\kingsoft
2014-06-08 10:56 - 2014-06-08 10:56 - 00000000 ____D () C:\Program Files (x86)\Kingsoft
2014-06-07 19:11 - 2014-06-11 20:55 - 00000000 ____D () C:\Users\LiquidPC\Downloads\PC Doctor Service Center 7.5
2014-06-07 19:08 - 2013-02-11 20:38 - 00000000 ____D () C:\Users\LiquidPC\Downloads\RAC 2013
2014-06-07 18:26 - 2014-06-07 18:29 - 550209170 _____ () C:\Users\LiquidPC\Downloads\RAC 2013 - Library.zip
2014-06-07 17:49 - 2014-06-07 17:49 - 00000000 ____D () C:\Program Files (x86)\GIGABYTE
2014-06-07 17:42 - 2014-06-07 17:42 - 00603191 _____ () C:\Users\LiquidPC\Desktop\Report.htm
2014-06-07 10:39 - 2014-06-15 16:34 - 00000000 ____D () C:\Users\LiquidPC\Desktop\NW27PB Hassan
2014-06-06 20:04 - 2014-06-06 20:04 - 02055233 _____ () C:\Users\LiquidPC\Downloads\AEC(UK)-RevitArchitecture2011-Template-201109.zip
2014-06-04 20:23 - 2014-06-04 20:23 - 00000000 ____D () C:\Users\LiquidPC\Desktop\Finished DTY dwg
2014-06-01 14:41 - 2014-06-02 00:33 - 00000000 ____D () C:\Users\LiquidPC\AppData\Local\Adobe
2014-06-01 12:51 - 2014-06-15 16:34 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-01 12:51 - 2014-06-01 12:51 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-01 12:51 - 2014-06-01 12:51 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-01 12:51 - 2014-06-01 12:51 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-01 12:48 - 2014-06-01 12:48 - 00848048 _____ (Adobe Systems Incorporated) C:\Users\LiquidPC\Downloads\uninstall_flash_player.exe
2014-05-28 22:18 - 2014-05-28 22:18 - 03971480 _____ () C:\Users\LiquidPC\Desktop\Payslips.rar
2014-05-28 01:59 - 2014-05-28 01:59 - 00009702 _____ () C:\Users\LiquidPC\Desktop\data.csv
2014-05-27 14:48 - 2014-05-27 14:48 - 00458336 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2014-05-27 14:48 - 2014-05-27 14:48 - 00178272 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
2014-05-27 14:48 - 2014-05-27 14:48 - 00029792 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klim6.sys
2014-05-27 14:48 - 2014-05-27 14:48 - 00029280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klmouflt.sys
2014-05-27 14:48 - 2014-05-27 14:48 - 00029280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys
2014-05-26 17:01 - 2014-05-26 17:01 - 00000754 _____ () C:\Users\LiquidPC\Desktop\Fotos CF Card 04.2014 - Shortcut.lnk
2014-05-26 12:08 - 2014-05-26 13:33 - 00001393 _____ () C:\Users\LiquidPC\Desktop\50º North.lnk
2014-05-26 12:08 - 2014-05-26 13:33 - 00001388 _____ () C:\Users\LiquidPC\Desktop\Personal.lnk
2014-05-26 12:08 - 2014-05-26 13:33 - 00001373 _____ () C:\Users\LiquidPC\Desktop\Andreia.lnk
2014-05-26 12:08 - 2014-05-26 13:33 - 00001353 _____ () C:\Users\LiquidPC\Desktop\Bikes.lnk
2014-05-26 12:08 - 2014-05-26 13:33 - 00001333 _____ () C:\Users\LiquidPC\Desktop\CAD.lnk
2014-05-26 12:08 - 2014-05-26 13:33 - 00001328 _____ () C:\Users\LiquidPC\Desktop\3D.lnk
2014-05-26 12:07 - 2014-05-26 12:07 - 00011776 ___SH () C:\Users\LiquidPC\Documents\Thumbs.db
2014-05-26 12:06 - 2014-05-26 12:06 - 00000666 _____ () C:\Users\LiquidPC\Desktop\Downloads.lnk
2014-05-26 11:59 - 2014-06-07 17:58 - 00000000 ____D () C:\Users\LiquidPC\Documents\Bikes
2014-05-26 11:05 - 2014-05-26 12:01 - 00000000 ____D () C:\Users\LiquidPC\Documents\3D
2014-05-26 11:05 - 2014-05-26 11:05 - 00000000 ____D () C:\Users\LiquidPC\Documents\CAD
2014-05-26 10:58 - 2014-05-28 22:55 - 00000000 ____D () C:\Users\LiquidPC\Documents\Personal
2014-05-25 08:16 - 2014-06-11 23:04 - 00000000 _____ () C:\Users\LiquidPC\AppData\Local\fdjqtthc.log
2014-05-21 09:54 - 2014-05-21 09:54 - 00000165 ____H () C:\Users\LiquidPC\Desktop\~$Tax return expenses 2013-2014.xlsx
2014-05-19 08:13 - 2014-06-15 22:24 - 00009611 _____ () C:\Windows\WindowsUpdate.log
2014-05-18 05:40 - 2014-05-18 05:40 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-18 05:39 - 2014-05-18 05:39 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-18 05:39 - 2014-05-18 05:39 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-18 05:38 - 2014-05-18 05:38 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
 
==================== One Month Modified Files and Folders =======
 
2014-06-17 19:07 - 2014-06-17 19:07 - 00027855 _____ () C:\Users\LiquidPC\Desktop\FRST.txt
2014-06-17 19:07 - 2014-06-17 19:07 - 00000000 ____D () C:\FRST
2014-06-17 19:07 - 2011-09-27 14:56 - 00000000 ____D () C:\Users\LiquidPC\AppData\Local\Temp
2014-06-17 19:06 - 2014-06-17 19:06 - 02081280 _____ (Farbar) C:\Users\LiquidPC\Desktop\FRST64.exe
2014-06-17 19:06 - 2014-06-17 19:06 - 00000478 _____ () C:\Users\LiquidPC\Desktop\defogger_disable.log
2014-06-17 19:06 - 2014-06-17 19:06 - 00000178 _____ () C:\Users\LiquidPC\defogger_reenable
2014-06-17 19:06 - 2011-09-28 23:42 - 00000000 ____D () C:\Users\LiquidPC\AppData\Roaming\uTorrent
2014-06-17 19:06 - 2011-09-27 14:56 - 00000000 ____D () C:\Users\LiquidPC
2014-06-17 19:05 - 2014-06-17 19:05 - 00050477 _____ () C:\Users\LiquidPC\Desktop\Defogger.exe
2014-06-17 19:05 - 2012-12-10 13:57 - 00000368 _____ () C:\Windows\Tasks\AmiUpdXp.job
2014-06-17 19:04 - 2014-06-14 09:26 - 00000406 _____ () C:\Windows\Tasks\PassShow Update.job
2014-06-17 19:04 - 2014-06-11 20:05 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-06-17 19:04 - 2014-05-14 01:15 - 00010226 _____ () C:\Windows\setupact.log
2014-06-17 19:04 - 2014-03-30 08:53 - 00000000 ____D () C:\Users\LiquidPC\AppData\Roaming\DropboxMaster
2014-06-17 19:04 - 2013-01-15 12:35 - 00000000 ___RD () C:\Users\LiquidPC\Dropbox
2014-06-17 19:04 - 2013-01-15 12:34 - 00000000 ____D () C:\Users\LiquidPC\AppData\Roaming\Dropbox
2014-06-17 19:04 - 2012-02-29 17:25 - 00001008 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-17 19:04 - 2011-09-27 15:08 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-17 19:04 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-15 22:24 - 2014-05-19 08:13 - 00009611 _____ () C:\Windows\WindowsUpdate.log
2014-06-15 22:20 - 2012-02-29 17:25 - 00001012 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-15 22:18 - 2011-01-27 17:00 - 00721486 _____ () C:\Windows\system32\prfh0816.dat
2014-06-15 22:18 - 2011-01-27 17:00 - 00152408 _____ () C:\Windows\system32\prfc0816.dat
2014-06-15 22:18 - 2009-07-14 06:13 - 01656736 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-15 22:15 - 2014-06-15 21:57 - 00000000 ____D () C:\Users\LiquidPC\Downloads\Enemy (2013)
2014-06-15 21:57 - 2014-06-15 21:57 - 00007733 _____ () C:\Users\LiquidPC\Desktop\Enemy_2013_720p.torrent
2014-06-15 21:49 - 2011-09-30 12:17 - 00000000 ____D () C:\Users\LiquidPC\AppData\Roaming\Nitro PDF
2014-06-15 21:47 - 2013-03-09 19:00 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-06-15 16:34 - 2014-06-07 10:39 - 00000000 ____D () C:\Users\LiquidPC\Desktop\NW27PB Hassan
2014-06-15 16:34 - 2014-06-01 12:51 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-15 16:29 - 2012-08-16 15:38 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3497392821-1682579423-1492870458-1000UA.job
2014-06-15 16:24 - 2009-07-14 05:45 - 00025568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-15 16:24 - 2009-07-14 05:45 - 00025568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-15 16:01 - 2014-06-15 16:01 - 00006141 _____ () C:\Users\LiquidPC\Desktop\attach.rar
2014-06-15 15:41 - 2014-06-15 15:41 - 00033425 _____ () C:\Users\LiquidPC\Desktop\attach.txt
2014-06-15 15:40 - 2014-06-15 15:41 - 00020881 _____ () C:\Users\LiquidPC\Desktop\dds.txt
2014-06-15 15:40 - 2014-06-15 15:40 - 00688992 ____R (Swearware) C:\Users\LiquidPC\Desktop\dds.com
2014-06-15 15:35 - 2014-06-15 15:33 - 00004188 _____ () C:\Users\LiquidPC\Desktop\Rkill.txt
2014-06-15 15:33 - 2014-06-15 15:33 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\LiquidPC\Desktop\rkill (1).exe
2014-06-15 15:33 - 2014-06-15 15:33 - 01061112 _____ (Bleeping Computer, LLC) C:\Users\LiquidPC\Desktop\rkill64.exe
2014-06-15 15:32 - 2014-06-15 15:32 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\LiquidPC\Desktop\rkill.exe
2014-06-15 13:58 - 2014-06-15 13:56 - 00219460 _____ () C:\Users\LiquidPC\Desktop\report.txt
2014-06-15 13:49 - 2014-06-15 13:49 - 00002532 _____ () C:\Users\LiquidPC\Desktop\aswMBR.txt
2014-06-15 13:49 - 2014-06-15 13:49 - 00000512 _____ () C:\Users\LiquidPC\Desktop\MBR.dat
2014-06-15 13:46 - 2014-06-15 12:55 - 00150976 _____ () C:\Users\LiquidPC\Desktop\OTL.Txt
2014-06-15 13:13 - 2014-06-15 13:13 - 04745728 _____ (AVAST Software) C:\Users\LiquidPC\Desktop\aswMBR.exe
2014-06-15 13:01 - 2014-06-15 13:01 - 00106514 _____ () C:\Users\LiquidPC\Desktop\Extras.Txt
2014-06-15 12:51 - 2014-06-15 12:51 - 00442464 _____ (Kaspersky Lab ZAO) C:\Users\LiquidPC\Desktop\capperkiller.exe
2014-06-15 12:48 - 2014-06-15 12:48 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\LiquidPC\Desktop\tdsskiller.exe
2014-06-15 12:39 - 2014-06-15 12:39 - 00602112 _____ (OldTimer Tools) C:\Users\LiquidPC\Desktop\OTL.exe
2014-06-15 12:25 - 2014-06-15 12:25 - 00000000 ____D () C:\Users\LiquidPC\Desktop\Tutoriais
2014-06-15 11:59 - 2013-03-09 18:41 - 00000000 ____D () C:\Users\LiquidPC\AppData\Roaming\DAEMON Tools Pro
2014-06-15 10:13 - 2014-06-15 10:07 - 00000000 ____D () C:\Users\LiquidPC\Downloads\Windows 7 Ultimate Fully Activated Genuine x86 x64 - Team ! M-J-R !
2014-06-14 21:58 - 2014-05-14 01:15 - 00002050 _____ () C:\Windows\PFRO.log
2014-06-14 21:55 - 2012-12-30 23:20 - 00000000 ____D () C:\Program Files (x86)\DsNET Corp
2014-06-14 19:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-14 15:00 - 2014-06-14 09:25 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-06-14 15:00 - 2011-09-27 14:56 - 00000000 ___RD () C:\Users\LiquidPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-14 09:26 - 2014-06-14 09:26 - 00003060 _____ () C:\Windows\System32\Tasks\PassShow Update
2014-06-14 09:26 - 2014-06-14 09:26 - 00001074 _____ () C:\Users\Public\Desktop\KNCTR.lnk
2014-06-14 09:26 - 2014-06-14 09:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KNCTR
2014-06-14 09:26 - 2014-06-14 09:26 - 00000000 ____D () C:\Program Files (x86)\PassShow-soft
2014-06-14 09:26 - 2014-06-14 09:26 - 00000000 ____D () C:\Program Files (x86)\Itibiti Soft Phone
2014-06-14 09:25 - 2014-06-14 09:25 - 00001126 _____ () C:\Users\LiquidPC\Desktop\EVEREST Ultimate Edition.lnk
2014-06-14 09:25 - 2014-06-14 09:25 - 00000000 ____D () C:\Users\LiquidPC\AppData\Local\SearchProtect
2014-06-14 09:25 - 2014-06-14 09:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys
2014-06-14 09:25 - 2014-06-14 09:25 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-06-14 09:25 - 2014-06-14 09:25 - 00000000 ____D () C:\Program Files (x86)\Lavalys
2014-06-14 08:18 - 2014-06-14 08:14 - 00009855 _____ () C:\Users\LiquidPC\Desktop\Viagens Lx curso MEP.xlsx
2014-06-14 07:28 - 2014-06-14 07:28 - 00000000 ____D () C:\Users\LiquidPC\Downloads\AUTODESK REVIT MEP Ver 2014-XFORCE
2014-06-14 07:27 - 2014-06-14 07:27 - 00000000 ____D () C:\Users\LiquidPC\Downloads\AUTODESK.REVIT.MEP.V2013-ISO
2014-06-14 07:26 - 2014-06-14 07:24 - 00000000 ____D () C:\Users\LiquidPC\Downloads\AUTODESK.REVIT.MEP.V2012-ISO
2014-06-13 18:39 - 2009-07-14 06:08 - 00032568 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-12 20:32 - 2014-06-11 20:37 - 00000000 ____D () C:\Users\LiquidPC\Downloads\Non Stop (2014)
2014-06-12 02:29 - 2012-08-16 15:38 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3497392821-1682579423-1492870458-1000Core.job
2014-06-11 23:04 - 2014-05-25 08:16 - 00000000 _____ () C:\Users\LiquidPC\AppData\Local\fdjqtthc.log
2014-06-11 23:04 - 2014-03-30 09:14 - 00000000 _____ () C:\Users\LiquidPC\AppData\Local\indyjhmv.log
2014-06-11 23:04 - 2014-03-30 08:47 - 00000028 _____ () C:\Users\LiquidPC\AppData\Local\kvtdxkog.log
2014-06-11 20:55 - 2014-06-08 16:33 - 00000000 ____D () C:\Users\LiquidPC\Downloads\300 Rise of an Empire (2014)
2014-06-11 20:55 - 2014-06-08 10:57 - 00000000 ____D () C:\ProgramData\Kingsoft
2014-06-11 20:55 - 2014-06-07 19:11 - 00000000 ____D () C:\Users\LiquidPC\Downloads\PC Doctor Service Center 7.5
2014-06-11 20:55 - 2014-04-30 20:56 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-06-11 20:55 - 2014-03-30 08:47 - 00000000 ____D () C:\Users\LiquidPC\AppData\Local\iswnsgyq
2014-06-11 20:55 - 2013-12-20 19:07 - 00000000 ____D () C:\Program Files (x86)\WebexpEnhancedV1
2014-06-11 20:55 - 2013-12-15 21:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2014-06-11 20:55 - 2012-12-10 13:57 - 00000000 ____D () C:\Users\LiquidPC\AppData\Local\SwvUpdater
2014-06-11 20:55 - 2012-01-02 18:58 - 00000000 ____D () C:\Users\LiquidPC\AppData\Local\Akamai
2014-06-11 20:55 - 2011-11-22 11:14 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-06-11 20:55 - 2011-11-22 11:13 - 00000000 ____D () C:\ProgramData\Apple
2014-06-11 20:55 - 2011-10-01 09:38 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-06-11 20:55 - 2011-09-28 23:48 - 00000000 __RHD () C:\MSOCache
2014-06-11 20:55 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-11 20:55 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-06-11 20:52 - 2014-06-11 20:32 - 00000000 ____D () C:\Users\LiquidPC\Downloads\Winter's Tale (2014)
2014-06-11 20:05 - 2014-06-11 20:05 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-06-11 20:05 - 2014-06-11 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2014-06-11 20:05 - 2014-06-11 20:05 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-06-11 12:00 - 2014-05-04 19:24 - 00000025 _____ () C:\Users\LiquidPC\AppData\Local\ksgkcgxu.log
2014-06-11 11:57 - 2014-03-30 08:48 - 00296660 _____ () C:\Users\LiquidPC\AppData\Local\tudngcwt.log
2014-06-11 11:57 - 2014-03-30 08:48 - 00003288 _____ () C:\Users\LiquidPC\AppData\Local\xjsdiltr.log
2014-06-11 11:57 - 2014-03-30 08:48 - 00002654 _____ () C:\Users\LiquidPC\AppData\Local\rcjqtdsq.log
2014-06-08 16:32 - 2014-06-08 16:32 - 00008805 _____ () C:\Users\LiquidPC\Downloads\300_Rise_of_an_Empire_2014_720p.torrent
2014-06-08 16:23 - 2014-03-30 08:47 - 03028368 _____ () C:\Users\LiquidPC\AppData\Local\lmxqthsg.log
2014-06-08 15:56 - 2014-06-08 15:56 - 00000000 ____D () C:\Users\LiquidPC\Desktop\AHDX9-SMJNA-H7W1E-WHYAD
2014-06-08 12:45 - 2014-06-08 12:44 - 00000000 ____D () C:\Users\LiquidPC\Desktop\RAC 2013
2014-06-08 12:43 - 2014-02-20 11:41 - 00000000 ____D () C:\Users\LiquidPC\Documents\Andreia
2014-06-08 11:10 - 2014-03-30 08:47 - 00000212 _____ () C:\Users\LiquidPC\AppData\Local\gvwcmhud.log
2014-06-08 11:04 - 2014-06-08 11:04 - 00003178 _____ () C:\Windows\System32\Tasks\KsafeDelay
2014-06-08 10:58 - 2014-06-08 10:58 - 00000000 ____D () C:\Users\LiquidPC\AppData\Local\KSafe
2014-06-08 10:57 - 2014-06-08 10:57 - 00000000 ____D () C:\Users\LiquidPC\AppData\Roaming\kingsoft
2014-06-08 10:56 - 2014-06-08 10:56 - 00000000 ____D () C:\Program Files (x86)\Kingsoft
2014-06-07 18:29 - 2014-06-07 18:26 - 550209170 _____ () C:\Users\LiquidPC\Downloads\RAC 2013 - Library.zip
2014-06-07 17:58 - 2014-05-26 11:59 - 00000000 ____D () C:\Users\LiquidPC\Documents\Bikes
2014-06-07 17:49 - 2014-06-07 17:49 - 00000000 ____D () C:\Program Files (x86)\GIGABYTE
2014-06-07 17:42 - 2014-06-07 17:42 - 00603191 _____ () C:\Users\LiquidPC\Desktop\Report.htm
2014-06-06 20:04 - 2014-06-06 20:04 - 02055233 _____ () C:\Users\LiquidPC\Downloads\AEC(UK)-RevitArchitecture2011-Template-201109.zip
2014-06-04 20:23 - 2014-06-04 20:23 - 00000000 ____D () C:\Users\LiquidPC\Desktop\Finished DTY dwg
2014-06-04 20:08 - 2014-04-19 15:54 - 00000000 ____D () C:\Users\LiquidPC\Documents\50º North
2014-06-03 02:12 - 2011-10-03 18:17 - 00004670 _____ () C:\Users\LiquidPC\Documents\plot.log
2014-06-02 23:06 - 2011-09-29 10:29 - 00000000 ____D () C:\Program Files\AutoCAD 2009
2014-06-02 00:33 - 2014-06-01 14:41 - 00000000 ____D () C:\Users\LiquidPC\AppData\Local\Adobe
2014-06-01 12:51 - 2014-06-01 12:51 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-01 12:51 - 2014-06-01 12:51 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-01 12:51 - 2014-06-01 12:51 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-01 12:48 - 2014-06-01 12:48 - 00848048 _____ (Adobe Systems Incorporated) C:\Users\LiquidPC\Downloads\uninstall_flash_player.exe
2014-05-28 22:55 - 2014-05-26 10:58 - 00000000 ____D () C:\Users\LiquidPC\Documents\Personal
2014-05-28 22:18 - 2014-05-28 22:18 - 03971480 _____ () C:\Users\LiquidPC\Desktop\Payslips.rar
2014-05-28 11:06 - 2013-01-15 12:34 - 00000000 ____D () C:\Users\LiquidPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-28 01:59 - 2014-05-28 01:59 - 00009702 _____ () C:\Users\LiquidPC\Desktop\data.csv
2014-05-27 14:48 - 2014-06-11 20:05 - 00625248 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-05-27 14:48 - 2014-06-11 20:05 - 00115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-05-27 14:48 - 2014-05-27 14:48 - 00458336 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2014-05-27 14:48 - 2014-05-27 14:48 - 00178272 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
2014-05-27 14:48 - 2014-05-27 14:48 - 00029792 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klim6.sys
2014-05-27 14:48 - 2014-05-27 14:48 - 00029280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klmouflt.sys
2014-05-27 14:48 - 2014-05-27 14:48 - 00029280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys
2014-05-26 17:01 - 2014-05-26 17:01 - 00000754 _____ () C:\Users\LiquidPC\Desktop\Fotos CF Card 04.2014 - Shortcut.lnk
2014-05-26 13:33 - 2014-05-26 12:08 - 00001393 _____ () C:\Users\LiquidPC\Desktop\50º North.lnk
2014-05-26 13:33 - 2014-05-26 12:08 - 00001388 _____ () C:\Users\LiquidPC\Desktop\Personal.lnk
2014-05-26 13:33 - 2014-05-26 12:08 - 00001373 _____ () C:\Users\LiquidPC\Desktop\Andreia.lnk
2014-05-26 13:33 - 2014-05-26 12:08 - 00001353 _____ () C:\Users\LiquidPC\Desktop\Bikes.lnk
2014-05-26 13:33 - 2014-05-26 12:08 - 00001333 _____ () C:\Users\LiquidPC\Desktop\CAD.lnk
2014-05-26 13:33 - 2014-05-26 12:08 - 00001328 _____ () C:\Users\LiquidPC\Desktop\3D.lnk
2014-05-26 12:07 - 2014-05-26 12:07 - 00011776 ___SH () C:\Users\LiquidPC\Documents\Thumbs.db
2014-05-26 12:06 - 2014-05-26 12:06 - 00000666 _____ () C:\Users\LiquidPC\Desktop\Downloads.lnk
2014-05-26 12:01 - 2014-05-26 11:05 - 00000000 ____D () C:\Users\LiquidPC\Documents\3D
2014-05-26 11:05 - 2014-05-26 11:05 - 00000000 ____D () C:\Users\LiquidPC\Documents\CAD
2014-05-24 22:28 - 2014-03-30 08:47 - 00776739 _____ () C:\Users\LiquidPC\AppData\Local\mmngrovw.log
2014-05-21 09:54 - 2014-05-21 09:54 - 00000165 ____H () C:\Users\LiquidPC\Desktop\~$Tax return expenses 2013-2014.xlsx
2014-05-21 09:47 - 2011-09-28 23:48 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-18 05:40 - 2014-05-18 05:40 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-18 05:39 - 2014-05-18 05:39 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-18 05:39 - 2014-05-18 05:39 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-18 05:39 - 2012-04-18 11:41 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-18 05:39 - 2012-04-18 11:41 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-05-18 05:38 - 2014-05-18 05:38 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-05-18 05:38 - 2012-03-08 17:37 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-18 05:38 - 2012-03-08 17:37 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-18 05:38 - 2012-03-08 17:37 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-18 05:38 - 2012-03-08 17:37 - 00000000 ____D () C:\Program Files\Java
 
Some content of TEMP:
====================
C:\Users\LiquidPC\AppData\Local\Temp\AcDeltree.exe
C:\Users\LiquidPC\AppData\Local\Temp\BackupSetup.exe
C:\Users\LiquidPC\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpptjc66.dll
C:\Users\LiquidPC\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
C:\Users\LiquidPC\AppData\Local\Temp\nscEB00.exe
C:\Users\LiquidPC\AppData\Local\Temp\nshEE2C.exe
C:\Users\LiquidPC\AppData\Local\Temp\nshF1D5.exe
C:\Users\LiquidPC\AppData\Local\Temp\nsm1550.exe
C:\Users\LiquidPC\AppData\Local\Temp\nsr1966.exe
C:\Users\LiquidPC\AppData\Local\Temp\nsx1D2F.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-05-29 23:54
 
==================== End Of Log ============================


#8 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:07:37 AM

Posted 18 June 2014 - 12:49 PM

Hi rreis.gomes
 
Step 1

Download this tool.

1. Double click on MGADiag.exe to run it.
2. Click Continue.
3. The program will run. It takes a while to finish the diagnosis, please be patient.
Please post the results as a reply to this thread.

Step 2

Download CKScanner

Important - Save it to your desktop.
Doubleclick CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file has been saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#9 rreis.gomes

rreis.gomes
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:08:37 AM

Posted 18 June 2014 - 03:38 PM

Hi,
 
Please note that I am running all these programs on my computer while its CPU renders a 3D Phisics simulation on Marvilous Designer Software because if not it would keep restarting over and over again...
 
Thanks
 
 
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
 
Validation Code: 50
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-Q6MMK-KYK6X-VKM6G
Windows Product Key Hash: 289NoAWl2ZoVfuieux/315WkDIc=
Windows Product ID: 00426-OEM-8992662-00173
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.001
ID: {6236B4D7-1C45-4506-876D-EE22CBE6C1A8}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000009
Build lab: 7601.win7sp1_rtm.101119-1850
TTS Error: 
Validation Diagnostic: 
Resolution Status: N/A
 
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
 
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
 
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
 
OGA Data-->
Office Status: 103 Blocked VLK
Microsoft Office Enterprise 2007 - 103 Blocked VLK
Microsoft Office Project Professional 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
 
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Users\LiquidPC\AppData\Local\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
 
File Scan Data-->
File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\npwatweb.dll[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watux.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watweb.dll[Hr = 0x80070003]
 
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{6236B4D7-1C45-4506-876D-EE22CBE6C1A8}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-VKM6G</PKey><PID>00426-OEM-8992662-00173</PID><PIDType>2</PIDType><SID>S-1-5-21-3497392821-1682579423-1492870458</SID><SYSTEM><Manufacturer>System manufacturer</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>0808   </Version><SMBIOSVersion major="2" minor="5"/><Date>20100308000000.000000+000</Date></BIOS><HWID>D3133207018400FE</HWID><UserLCID>0809</UserLCID><SystemLCID>0816</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>103</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>103</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>ACD7202654E586</Val><Hash>fFic3JgCreGGRxyF8uMWB4R4Jcg=</Hash><Pid>89388-707-1528066-65071</Pid><PidType>14</PidType></Product><Product GUID="{90120000-003B-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Project Professional 2007</Name><Ver>12</Ver><Val>7A839B4BD771586</Val><Hash>f6sX2Lb5FDd0xEPMnJnhTPOfEqs=</Hash><Pid>89403-707-6181183-63065</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="103"/><App Id="16" Version="12" Result="103"/><App Id="18" Version="12" Result="103"/><App Id="19" Version="12" Result="103"/><App Id="1A" Version="12" Result="103"/><App Id="1B" Version="12" Result="103"/><App Id="3A" Version="12" Result="100"/><App Id="44" Version="12" Result="103"/><App Id="A1" Version="12" Result="103"/><App Id="BA" Version="12" Result="103"/></Applications></Office></Software></GenuineResults>  
 
Spsys.log Content: 0x80070002
 
Licensing Data-->
Software licensing service version: 6.1.7601.17514
 
Name: Windows® 7, Ultimate edition
Description: Windows Operating System - Windows® 7, OEM_SLP channel
Activation ID: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00426-00178-926-600400-02-2070-7601.0000-1652014
Installation ID: 002746930264030914759133321060324960491276189556209752
Partial Product Key: P4K27
License Status: Notification
Notification Reason: 0xC004F057.
Remaining Windows rearm count: 3
Trusted time: 18/06/2014 21:33:07
 
Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
ActiveX: Not Registered - 0x80040154
Admin Service: Not Registered - 0x80040154
HealthStatus Bitmask Output:
 
 
HWID Data-->
HWID Hash Current: OAAAAAIABAABAAEAAQACAAAAAgABAAEAln3mDncWXEyMJka8aGWENOaFrgcKgCCvfro2jJQ26oI=
 
OEM Activation 1.0 Data-->
N/A
 
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information: 
  ACPI Table Name OEMID Value OEMTableID Value
  APIC 030810 APIC1134
  FACP 030810 FACP1134
  HPET 030810 OEMHPET 
  MCFG 030810 OEMMCFG 
  OEMB 030810 OEMB1134
  OSFR 030810 OEMOSFR 
  SSDT DpgPmm CpuPm


#10 rreis.gomes

rreis.gomes
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:08:37 AM

Posted 18 June 2014 - 03:40 PM

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\program files\autodesk\3ds max 2012\maps\substance\textures\cracked_plaster.sbsar
c:\program files (x86)\adobe\adobe premiere pro cs3\plug-ins\en_us\vstplugins\decrackler1.dll
c:\program files (x86)\adobe\adobe premiere pro cs3\plug-ins\en_us\vstplugins\decrackler2.dll
c:\program files (x86)\adobe\adobe premiere pro cs3\plug-ins\en_us\vstplugins\decrackler6.dll
hosts 127.0.0.1 activate.adobe.com
hosts 127.0.0.1 practivate.adobe.com
hosts 127.0.0.1 ereg.adobe.com
hosts 127.0.0.1 activate.wip3.adobe.com
hosts 127.0.0.1 wip3.adobe.com
hosts 127.0.0.1 3dns-3.adobe.com
hosts 127.0.0.1 3dns-2.adobe.com
hosts 127.0.0.1 adobe-dns.adobe.com
hosts 127.0.0.1 adobe-dns-2.adobe.com
hosts 127.0.0.1 adobe-dns-3.adobe.com
hosts 127.0.0.1 ereg.wip3.adobe.com
hosts 127.0.0.1 activate-sea.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip60.adobe.com
hosts 127.0.0.1 activate-sjc0.adobe.com
scanner sequence 3.II.11.PCAPPZ
 ----- EOF ----- 
 


#11 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:07:37 AM

Posted 19 June 2014 - 02:24 PM

Hi rreis.gomes

Step 1

Peer-to-Peer Programs Warning

Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case µTorrent ). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

I suggest you remove it via add/remove.

Step 2

Click on start... settings... control panel and double-click on Add or Remove Programs. From within Add or Remove Programs uninstall the following:

Java 7 Update 55 (64-bit)
Java 7 Update 55
Java™ 6 Update 31(64-bit)
Java™ 6 Update 31
McAfee Security Scan Plus
Media Buzz
Media Watch
PassShow
Rich Media View
Search Protect
Software Version Updater




Step 3


Open notepad. Please copy the contents of the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it on the Desktop as fixlist.txt
 

HKLM-x32\...\Run: [Driver Genius] => [X]HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,,C:\Users\LiquidPC\AppData\Local\iswnsgyq\qyoadgih.exe
HKLM-x32\...\Winlogon: [Userinit] userinit.exe,C:\Users\LiquidPC\AppData\Local\iswnsgyq\qyoadgih.exe [X]
HKU\S-1-5-21-3497392821-1682579423-1492870458-1000\...\Run: [QyoAdgih] => C:\Users\LiquidPC\AppData\Local\iswnsgyq\qyoadgih.exe [190976 2014-03-30] ()
HKU\S-1-5-21-3497392821-1682579423-1492870458-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3497392821-1682579423-1492870458-1000\...\MountPoints2: {2e124da8-8895-11e2-928e-485b39024fe8} - J:\Setup.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [202560 2014-05-23] (Client Connect LTD)
AppInit_DLLs: c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll => C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\loader.dll [1958880 2013-11-18] ()
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [171840 2014-05-23] (Client Connect LTD)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=MA9C3226C-AA01-4378-8D9E-AC6688B5A29B&SearchSource=55&CUI=&UM=5&UP=SPA3C47ABE-26C8-4D41-92EA-4274B7267854&SSPV=SP215B_sp_ie
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.claro-search.com/?affID=117452&tt=5012_1&babsrc=HP_ss&mntrId=3af8ab57000000000000485b39024fe8
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.claro-search.com/?q={searchTerms}&affID=117452&tt=5012_1&babsrc=SP_ss&mntrId=3af8ab57000000000000485b39024fe8
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.claro-search.com/?q={searchTerms}&affID=117452&tt=5012_1&babsrc=SP_ss&mntrId=3af8ab57000000000000485b39024fe8
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=MA9C3226C-AA01-4378-8D9E-AC6688B5A29B&SearchSource=69&CUI=&SSPV=SP215B_sp_ff&Lay=1&UM=5&UP=SPA3C47ABE-26C8-4D41-92EA-4274B7267854
FF DefaultSearchEngine: Trovi search
FF SelectedSearchEngine: Trovi search
FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=MA9C3226C-AA01-4378-8D9E-AC6688B5A29B&SearchSource=55&CUI=&UM=5&UP=SPA3C47ABE-26C8-4D41-92EA-4274B7267854&SSPV=SP215B_sp_ff
FF SearchPlugin: C:\Users\LiquidPC\AppData\Roaming\Mozilla\Firefox\Profiles\hianj9xh.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\LiquidPC\AppData\Roaming\Mozilla\Firefox\Profiles\hianj9xh.default\searchplugins\trovi-search.xml
FF - user.js: extensions.claro.tlbrSrchUrl -
FF - user.js: extensions.claro.id - 3af8ab57000000000000485b39024fe8
FF - user.js: extensions.claro.appId - {C3110516-8EFC-49D6-8B72-69354F332062}
FF - user.js: extensions.claro.instlDay - 15684
FF - user.js: extensions.claro.vrsn - 1.8.3.10
FF - user.js: extensions.claro.vrsni - 1.8.3.10
FF - user.js: extensions.claro_i.vrsnTs - 1.8.3.1012:57:04
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - claro
FF - user.js: extensions.claro.instlRef - sst
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false
CHR StartupUrls: "hxxp://www.trovi.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=MA9C3226C-AA01-4378-8D9E-AC6688B5A29B&SearchSource=55&CUI=&UM=5&UP=SPA3C47ABE-26C8-4D41-92EA-4274B7267854&SSPV=SP215B_sp_ch"
CHR Plugin: (Shockwave Flash) - C:\Users\LiquidPC\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\LiquidPC\AppData\Local\Google\Chrome\Application\35.0.1916.153\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2497856 2014-05-23] (Client Connect LTD)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
S3 cpuz130; \??\C:\Users\LiquidPC\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]
S3 EverestDriver; \??\C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 [X]
Task: {17350C59-0E90-4BC8-9478-A7721C36B022} - System32\Tasks\BitGuard => Sc.exe start BitGuard <==== ATTENTION
Task: {1E2BFDD5-7548-4FA1-B0EF-07B34569729C} - System32\Tasks\PassShow Update => C:\Program Files (x86)\PassShow-soft\PassShown90.exe [2014-06-14] () <==== ATTENTION
Task: {A54E0B4C-A32B-4837-8309-77E2D1B21E7E} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION
Task: {D28B5775-5216-45DF-878E-6B8E9EE3351A} - System32\Tasks\AmiUpdXp => C:\Users\LiquidPC\AppData\Local\SwvUpdater\Updater.exe [2013-12-04] (Amonetizé Ltd) <==== ATTENTION
Task: {E34BE0C2-3BE2-4A20-9CD5-1C11262518B8} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\LiquidPC\AppData\Local\SwvUpdater\Updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\PassShow Update.job => C:\Program Files (x86)\PassShow-soft\PassShown90.exe <==== ATTENTION
AlternateDataStreams: C:\Windows:AstInfo
MSCONFIG\startupreg: SearchProtection => "C:\Users\LiquidPC\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
C:\Users\LiquidPC\AppData\Local\iswnsgyq\
C:\Program Files (x86)\SearchProtect\
C:\Users\LiquidPC\AppData\Local\SearchProtect
C:\Program Files (x86)\PassShow-soft\
C:\Users\LiquidPC\AppData\Local\Temp\AcDeltree.exe
C:\Users\LiquidPC\AppData\Local\Temp\BackupSetup.exe
C:\Users\LiquidPC\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpptjc66.dll
C:\Users\LiquidPC\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
C:\Users\LiquidPC\AppData\Local\Temp\nscEB00.exe
C:\Users\LiquidPC\AppData\Local\Temp\nshEE2C.exe
C:\Users\LiquidPC\AppData\Local\Temp\nshF1D5.exe
C:\Users\LiquidPC\AppData\Local\Temp\nsm1550.exe
C:\Users\LiquidPC\AppData\Local\Temp\nsr1966.exe
C:\Users\LiquidPC\AppData\Local\Temp\nsx1D2F.exe

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the desktop (Fixlog.txt) please post it to your reply.

Step 4

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java Runtime Environment (JRE) 7 Update 60 and save it to your desktop.
  • Scroll down to where it says "Java SE 7 Update 60".
  • Click the "Download JRE" button.
  • Accept the license agreement.
  • select 'Windows x86'offline or 'Windows x64.exe' (depending on whether you are running a 32 or 64 bit system) from the list.
  • Save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on downloaded icon to install the newest version.

Step 5

We need to re-run FRST

  • Double-click the downloaded icon to run the tool.

    frsticon_zpsdc3cbdc3.png
  • When the tool opens click Yes to disclaimer.

    frstdis_zps7f598f12.png
  • Press Scan button.

    newfrst_zpsa63ffa3d.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#12 rreis.gomes

rreis.gomes
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:08:37 AM

Posted 20 June 2014 - 04:58 PM

Hi

Today when I started my computer the mause and keyboard were not working, I reconnected everything and restarted several times but it kept failing. Then after 20 minutes both mouse and keyboard suddenly started working.
Now the computer has restarted by himself and the mouse and keyboard keep not working and computer restarts every 5 minutes without warning....

#13 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:07:37 AM

Posted 20 June 2014 - 06:34 PM

Hi rreis.gomes
 

computer restarts every 5 minutes without warning


Lets try and fix this first.

Step 1

Click on the Start button and then on Control Panel.


Click on the System and Security link.

Click on the System link.

In the task pane on the left, click the Advanced system settings link.

Locate the Startup and Recovery section near the bottom of the window and click on the Settings button.

In the Startup and Recovery window, locate and uncheck the check box next to Automatically restart.

Click OK in the Startup and Recovery window.

Click OK in the System Properties window.

You can now close the System window.

Step 2


We need to re-run FRST

  • Double-click the downloaded icon to run the tool.

    frsticon_zpsdc3cbdc3.png
  • When the tool opens click Yes to disclaimer.

    frstdis_zps7f598f12.png
  • Press Scan button.

    newfrst_zpsa63ffa3d.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#14 rreis.gomes

rreis.gomes
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:08:37 AM

Posted 21 June 2014 - 09:21 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-06-2014
Ran by LiquidPC at 2014-06-20 21:12:01 Run:1
Running from C:\Users\LiquidPC\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKLM-x32\...\Run: [Driver Genius] => [X]HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,,C:\Users\LiquidPC\AppData\Local\iswnsgyq\qyoadgih.exe
HKLM-x32\...\Winlogon: [Userinit] userinit.exe,C:\Users\LiquidPC\AppData\Local\iswnsgyq\qyoadgih.exe [X]
HKU\S-1-5-21-3497392821-1682579423-1492870458-1000\...\Run: [QyoAdgih] => C:\Users\LiquidPC\AppData\Local\iswnsgyq\qyoadgih.exe [190976 2014-03-30] ()
HKU\S-1-5-21-3497392821-1682579423-1492870458-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3497392821-1682579423-1492870458-1000\...\MountPoints2: {2e124da8-8895-11e2-928e-485b39024fe8} - J:\Setup.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [202560 2014-05-23] (Client Connect LTD)
AppInit_DLLs: c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll => C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\loader.dll [1958880 2013-11-18] ()
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [171840 2014-05-23] (Client Connect LTD)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.claro-search.com/?affID=117452&tt=5012_1&babsrc=HP_ss&mntrId=3af8ab57000000000000485b39024fe8
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=MA9C3226C-AA01-4378-8D9E-AC6688B5A29B&SearchSource=69&CUI=&SSPV=SP215B_sp_ff&Lay=1&UM=5&UP=SPA3C47ABE-26C8-4D41-92EA-4274B7267854
FF DefaultSearchEngine: Trovi search
FF SelectedSearchEngine: Trovi search
FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=MA9C3226C-AA01-4378-8D9E-AC6688B5A29B&SearchSource=55&CUI=&UM=5&UP=SPA3C47ABE-26C8-4D41-92EA-4274B7267854&SSPV=SP215B_sp_ff
FF SearchPlugin: C:\Users\LiquidPC\AppData\Roaming\Mozilla\Firefox\Profiles\hianj9xh.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\LiquidPC\AppData\Roaming\Mozilla\Firefox\Profiles\hianj9xh.default\searchplugins\trovi-search.xml
FF - user.js: extensions.claro.tlbrSrchUrl -
FF - user.js: extensions.claro.id - 3af8ab57000000000000485b39024fe8
FF - user.js: extensions.claro.appId - {C3110516-8EFC-49D6-8B72-69354F332062}
FF - user.js: extensions.claro.instlDay - 15684
FF - user.js: extensions.claro.vrsn - 1.8.3.10
FF - user.js: extensions.claro.vrsni - 1.8.3.10
FF - user.js: extensions.claro_i.vrsnTs - 1.8.3.1012:57:04
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - claro
FF - user.js: extensions.claro.instlRef - sst
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false
CHR StartupUrls: "hxxp://www.trovi.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=MA9C3226C-AA01-4378-8D9E-AC6688B5A29B&SearchSource=55&CUI=&UM=5&UP=SPA3C47ABE-26C8-4D41-92EA-4274B7267854&SSPV=SP215B_sp_ch"
CHR Plugin: (Shockwave Flash) - C:\Users\LiquidPC\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\LiquidPC\AppData\Local\Google\Chrome\Application\35.0.1916.153\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2497856 2014-05-23] (Client Connect LTD)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
S3 cpuz130; \??\C:\Users\LiquidPC\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]
S3 EverestDriver; \??\C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 [X]
Task: {17350C59-0E90-4BC8-9478-A7721C36B022} - System32\Tasks\BitGuard => Sc.exe start BitGuard <==== ATTENTION
Task: {1E2BFDD5-7548-4FA1-B0EF-07B34569729C} - System32\Tasks\PassShow Update => C:\Program Files (x86)\PassShow-soft\PassShown90.exe [2014-06-14] () <==== ATTENTION
Task: {A54E0B4C-A32B-4837-8309-77E2D1B21E7E} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION
Task: {D28B5775-5216-45DF-878E-6B8E9EE3351A} - System32\Tasks\AmiUpdXp => C:\Users\LiquidPC\AppData\Local\SwvUpdater\Updater.exe [2013-12-04] (Amonetizé Ltd) <==== ATTENTION
Task: {E34BE0C2-3BE2-4A20-9CD5-1C11262518B8} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\LiquidPC\AppData\Local\SwvUpdater\Updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\PassShow Update.job => C:\Program Files (x86)\PassShow-soft\PassShown90.exe <==== ATTENTION
AlternateDataStreams: C:\Windows:AstInfo
MSCONFIG\startupreg: SearchProtection => "C:\Users\LiquidPC\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
C:\Users\LiquidPC\AppData\Local\iswnsgyq\
C:\Program Files (x86)\SearchProtect\
C:\Users\LiquidPC\AppData\Local\SearchProtect
C:\Program Files (x86)\PassShow-soft\
C:\Users\LiquidPC\AppData\Local\Temp\AcDeltree.exe
C:\Users\LiquidPC\AppData\Local\Temp\BackupSetup.exe
C:\Users\LiquidPC\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpptjc66.dll
C:\Users\LiquidPC\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
C:\Users\LiquidPC\AppData\Local\Temp\nscEB00.exe
C:\Users\LiquidPC\AppData\Local\Temp\nshEE2C.exe
C:\Users\LiquidPC\AppData\Local\Temp\nshF1D5.exe
C:\Users\LiquidPC\AppData\Local\Temp\nsm1550.exe
C:\Users\LiquidPC\AppData\Local\Temp\nsr1966.exe
C:\Users\LiquidPC\AppData\Local\Temp\nsx1D2F.exe
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Driver Genius => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => Value was restored successfully.
HKU\S-1-5-21-3497392821-1682579423-1492870458-1000\Software\Microsoft\Windows\CurrentVersion\Run\\QyoAdgih => value deleted successfully.
HKU\S-1-5-21-3497392821-1682579423-1492870458-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.
'HKU\S-1-5-21-3497392821-1682579423-1492870458-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e124da8-8895-11e2-928e-485b39024fe8}' => Key deleted successfully.
'HKCR\CLSID\{2e124da8-8895-11e2-928e-485b39024fe8}'=> Key not found.
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll" => Value Data not found.
"c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll" => Value Data removed successfully.
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" => Value Data not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk not found.
C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe not found.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\bProtector Start Page => value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\bProtectorDefaultScope => value deleted successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}' => Key deleted successfully.
'HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}' => Key deleted successfully.
'HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909}' => Key deleted successfully.
'HKCR\CLSID\{483830EE-A4CD-4b71-B0A3-3D82E62A6909}'=> Key not found.
Firefox newtab deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
C:\Users\LiquidPC\AppData\Roaming\Mozilla\Firefox\Profiles\hianj9xh.default\searchplugins\babylon.xml => Moved successfully.
C:\Users\LiquidPC\AppData\Roaming\Mozilla\Firefox\Profiles\hianj9xh.default\searchplugins\trovi-search.xml => Moved successfully.
CHR StartupUrls: "hxxp://www.trovi.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=MA9C3226C-AA01-4378-8D9E-AC6688B5A29B&SearchSource=55&CUI=&UM=5&UP=SPA3C47ABE-26C8-4D41-92EA-4274B7267854&SSPV=SP215B_sp_ch" ==> The Chrome "Settings" can be used to fix the entry.
C:\Users\LiquidPC\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll not found.
C:\Users\LiquidPC\AppData\Local\Google\Chrome\Application\35.0.1916.153\gcswf32.dll not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll not found.
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll not found.
'HKLM\SOFTWARE\Policies\Google' => Key deleted successfully.
CltMngSvc => Service not found.
McComponentHostService => Service not found.
cpuz130 => Service deleted successfully.
EverestDriver => Service deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{17350C59-0E90-4BC8-9478-A7721C36B022}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17350C59-0E90-4BC8-9478-A7721C36B022}' => Key deleted successfully.
C:\Windows\System32\Tasks\BitGuard => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BitGuard' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1E2BFDD5-7548-4FA1-B0EF-07B34569729C}'=> Key not found.
C:\Windows\System32\Tasks\PassShow Update not found.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PassShow Update'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A54E0B4C-A32B-4837-8309-77E2D1B21E7E}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A54E0B4C-A32B-4837-8309-77E2D1B21E7E}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeFlashPlayerUpdate' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D28B5775-5216-45DF-878E-6B8E9EE3351A}'=> Key not found.
C:\Windows\System32\Tasks\AmiUpdXp not found.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AmiUpdXp'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{E34BE0C2-3BE2-4A20-9CD5-1C11262518B8}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E34BE0C2-3BE2-4A20-9CD5-1C11262518B8}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeFlashPlayerUpdate 2' => Key deleted successfully.
C:\Windows\Tasks\AmiUpdXp.job not found.
C:\Windows\Tasks\PassShow Update.job not found.
"C:\Windows" => ":AstInfo" ADS not found.
 
"C:\Users\LiquidPC\AppData\Local\iswnsgyq" directory move:
 
C:\Users\LiquidPC\AppData\Local\iswnsgyq\qyoadgih.exe => Moved successfully.
Could not move "C:\Users\LiquidPC\AppData\Local\iswnsgyq" directory. => Scheduled to move on reboot.
 
"C:\Program Files (x86)\SearchProtect" => File/Directory not found.
"C:\Users\LiquidPC\AppData\Local\SearchProtect" => File/Directory not found.
"C:\Program Files (x86)\PassShow-soft" => File/Directory not found.
C:\Users\LiquidPC\AppData\Local\Temp\AcDeltree.exe => Moved successfully.
C:\Users\LiquidPC\AppData\Local\Temp\BackupSetup.exe => Moved successfully.
"C:\Users\LiquidPC\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpptjc66.dll" => File/Directory not found.
C:\Users\LiquidPC\AppData\Local\Temp\FNP_ACT_InstallerCA.dll => Moved successfully.
C:\Users\LiquidPC\AppData\Local\Temp\nscEB00.exe => Moved successfully.
C:\Users\LiquidPC\AppData\Local\Temp\nshEE2C.exe => Moved successfully.
C:\Users\LiquidPC\AppData\Local\Temp\nshF1D5.exe => Moved successfully.
C:\Users\LiquidPC\AppData\Local\Temp\nsm1550.exe => Moved successfully.
C:\Users\LiquidPC\AppData\Local\Temp\nsr1966.exe => Moved successfully.
C:\Users\LiquidPC\AppData\Local\Temp\nsx1D2F.exe => Moved successfully.
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-06-20 21:16:48)<=
 
C:\Users\LiquidPC\AppData\Local\iswnsgyq => Is moved successfully.
 
==== End of Fixlog ====


#15 rreis.gomes

rreis.gomes
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:08:37 AM

Posted 21 June 2014 - 09:22 AM

I had done step 1 before but it keeps restarting again and again






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users