Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Have Hao123 and PSafe


  • This topic is locked This topic is locked
5 replies to this topic

#1 muitosal

muitosal

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 27 June 2014 - 09:52 PM

Hi. I'm using Microsoft Windows 7 Home Premium 64bit.

I was installing Alcohol 120% to open an .iso, but was rushing through the instalation and forgot to disable the option that installed Hao123... Now, whenever I open my Chrome, I get this:

 

8lZ64bC.png

 

 

 

The DDS.txt is as follows:

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17126  BrowserJavaVersion: 10.60.2
Run by Bruno at 23:44:46 on 2014-06-27
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.55.1046.18.8154.4419 [GMT -3:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Emsisoft Anti-Malware *Enabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Emsisoft Anti-Malware *Enabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Windows\system32\hasplms.exe
C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
C:\Windows\system32\HPSIsvc.exe
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\Windows\system32\mqsvc.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe
C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\viakaraokesrv.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Windows Server\Bin\WhsMcClient.exe
C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe
D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Windows Server\Bin\LANConfigSvc.exe
C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
C:\Windows\System32\alg.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Users\Bruno\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Emsisoft Anti-Malware\a2Guard.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Windows Server\Bin\Microsoft.HomeServer.Archive.TransferService.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bruno\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
uProxyServer = socks=209.249.157.67:3541
uProxyOverride = 192.168.*.*
mWinlogon: Userinit = userinit.exe
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
uRun: [F.lux] "C:\Users\Bruno\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [HPUsageTrackingLEDM] "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [EAM Trial Reset] "C:\Program Files (x86)\EAM-TR.exe" /autoreset
mRun: [PWRISOVM.EXE] d:\Program Files\PowerISO\PWRISOVM.EXE -startup
dRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Anexar a PDF existente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Anexar destino do link a PDF existente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converter destino do link em Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converter em Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - D:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - D:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: hdts.ru
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{6AE4A39D-CE3A-4672-B30F-7786915FCB2E} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-mStart Page = hxxp://br.hao123.com/?tn=incore_pay_hp_01_hao123_br
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [MsmqIntCert] regsvr32 /s mqrt.dll
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Seagate Serviço Scheduler2] "C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
Hosts: 66.35.215.12:443 
Hosts: 66.35.215.10 
Hosts: 66.35.215.51
Hosts: 66.35.215.0 
Hosts: 66.35.215.63 
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Bruno\AppData\Roaming\Mozilla\Firefox\Profiles\imimp8mg.default\
FF - prefs.js: browser.search.selectedEngine - PSafe ClikSeguro
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\Bruno\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
FF - plugin: D:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: D:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll
FF - plugin: D:\Program Files\VideoLAN\VLC\npvlc.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Driver de comutação do controlador host Intel® USB 3.0;C:\Windows\System32\drivers\iusb3hcs.sys [2012-7-6 19224]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-12-19 56208]
R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2012-11-2 210016]
R0 vidsflt53;Acronis Disk Storage Filter (53);C:\Windows\System32\drivers\vsflt53.sys [2014-6-25 141920]
R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2014-6-27 26176]
R1 a2injectiondriver;a2injectiondriver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2014-6-27 45208]
R1 a2util;a-squared Malware-IDS utility driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [2014-6-27 23088]
R1 ArcSec;ArcSec;C:\Windows\System32\drivers\ArcSec.sys [2012-10-5 311872]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-5-13 50464]
R2 a2AntiMalware;Emsisoft Anti-Malware 8.0 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2014-6-27 4725440]
R2 aksdf;aksdf;C:\Windows\System32\drivers\aksdf.sys [2013-5-4 74496]
R2 arXfrSvc;Windows Server Media Center TV Archive Transfer Service;C:\Program Files\Windows Server\Bin\Microsoft.HomeServer.Archive.TransferService.exe [2012-11-2 80504]
R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2014-6-9 435032]
R2 hasplms;Sentinel HASP License Manager;C:\Windows\System32\hasplms.exe  -run --> C:\Windows\System32\hasplms.exe  -run [?]
R2 HealthAlertsSvc;Windows Server Health Service;C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2011-3-2 30592]
R2 HPM1210RcvFaxSrvc;HP LaserJet Professional M1210 MFP Series Receive Fax Service;C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [2012-7-25 361888]
R2 HPSIService;HP SI Service;C:\Windows\System32\HPSIsvc.exe [2013-11-21 126856]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-2-2 13632]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-8 607456]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-7-6 161560]
R2 LANConfig;Windows Server LAN Configuration;C:\Program Files\Windows Server\Bin\LANConfigSvc.exe [2011-3-2 27520]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-6-25 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-6-25 860472]
R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2013-11-15 137528]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-3-11 133928]
R2 NotificationsProviderSvc;Windows Server Notifications Provider Service;C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2011-3-2 30592]
R2 PaceLicenseDServices;PACE License Services;C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2011-7-9 2932224]
R2 providers_system;Windows Server Download Service;C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2011-3-2 30592]
R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2013-6-17 65657]
R2 SBSDWSCService;SBSD Security Center Service;D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2013-12-18 1153368]
R2 Sentinel64;Sentinel64;C:\Windows\System32\drivers\sentinel64.sys [2013-2-10 142120]
R2 ServiceProviderRegistry;Windows Server Service Provider Registry;C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe [2012-11-2 41568]
R2 SgtSch2Svc;Seagate Serviço Scheduler2;C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2011-6-30 1191816]
R2 SqmProviderSvc;Windows Server SQM Service;C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2011-3-2 30592]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-23 414496]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-7-6 363800]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2012-7-6 27760]
R2 WhsMcClient;Windows Server Media Center Client Service;C:\Program Files\Windows Server\Bin\WhsMcClient.exe [2012-11-2 112224]
R2 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;C:\Windows\System32\drivers\DDCDrv.sys [2013-5-4 20832]
R2 WSConnectorUpdate;Windows Server Connector Update;C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe [2011-3-2 228736]
R2 WSS_ComputerBackupProviderSvc;Windows Server Client Computer Backup Provider Service;C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2011-3-2 30592]
R3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2014-6-27 71472]
R3 BackupReader;BackupReader;C:\Windows\System32\drivers\BackupReader.sys [2011-3-2 63872]
R3 cleanhlp;cleanhlp;C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [2014-6-27 57024]
R3 iusb3hub;Driver para hub Intel® USB 3.0;C:\Windows\System32\drivers\iusb3hub.sys [2012-7-6 356632]
R3 iusb3xhc;Driver de controlador host eXtensível Intel® USB 3.0;C:\Windows\System32\drivers\iusb3xhc.sys [2012-7-6 789272]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-7-6 104560]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-10-17 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-6-26 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-6-25 63704]
R3 motandroidusb;Mot ADB Interface Driver;C:\Windows\System32\drivers\motoandroid.sys [2013-3-26 32768]
R3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2013-3-19 23552]
R3 NisSrv;Inspeção de Rede da Microsoft;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 rzdaendpt;Razer DeathAdder end point;C:\Windows\System32\drivers\rzdaendpt.sys [2014-5-19 33448]
R3 rzudd;Razer Mouse Driver;C:\Windows\System32\drivers\rzudd.sys [2014-5-19 155816]
R3 rzvkeyboard;Razer Virtual Keyboard Driver;C:\Windows\System32\drivers\rzvkeyboard.sys [2014-5-19 31400]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2012-7-6 2196592]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 HP LaserJet Service;HP LaserJet Service;C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2009-10-15 136192]
S2 initMonitor;Windows Server Initialization Service;C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2011-3-2 30592]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\System32\drivers\motfilt.sys [2013-3-20 6144]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-11 111616]
S3 libusb0;LibUsb-Win32 - Kernel Driver 07/07/2009, 0.1.12.2;C:\Windows\System32\drivers\libusb0.sys [2009-7-7 32256]
S3 MHIKEY10;MHIKEY10;C:\Windows\System32\drivers\MHIKEY10x64.sys [2010-9-15 60288]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\System32\drivers\Motousbnet.sys [2013-3-19 27648]
S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\System32\drivers\motusbdevice.sys [2013-3-20 12288]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2014-6-26 31800]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 VBoxUSB;VirtualBox USB;C:\Windows\System32\drivers\VBoxUSB.sys [2014-5-16 115488]
S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-7 1255736]
S4 ADExchange;ArcSoft Exchange Service;C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [2012-3-19 43072]
S4 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-11-2 2848168]
S4 xrdd.exe;X-Rite Device Services Manager;C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe [2012-8-14 203640]
.
=============== File Associations ===============
.
FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2014-06-28 01:57:36 -------- d-----w- C:\Windows\ERUNT
2014-06-28 01:53:15 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-06-28 01:52:45 -------- d-----w- C:\AdwCleaner
2014-06-28 01:39:17 -------- d-----w- C:\Users\Bruno\AppData\Roaming\PowerISO
2014-06-28 01:36:46 129944 ----a-w- C:\Windows\System32\drivers\scdemu.sys
2014-06-28 01:36:35 -------- d-----w- C:\Program Files\PowerISO
2014-06-28 01:36:16 -------- d-----w- C:\ProgramData\Emsisoft
2014-06-28 01:28:05 386680 ----a-w- C:\Windows\System32\drivers\sptd.sys
2014-06-28 01:16:17 357337 ----a-w- C:\Program Files (x86)\EAM-TR.exe
2014-06-27 23:29:01 -------- d-----w- C:\Users\Bruno\AppData\Local\ElevatedDiagnostics
2014-06-27 22:22:20 254240 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2014-06-27 22:22:15 128288 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2014-06-27 17:25:19 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2014-06-27 14:29:39 10779000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A495B16F-EB5E-4FAF-BFDB-B82D86C6865B}\mpengine.dll
2014-06-27 14:29:29 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-06-27 04:46:35 -------- d-----w- C:\ProgramData\IDM
2014-06-27 04:46:34 -------- d-----w- C:\Users\Bruno\AppData\Roaming\DMCache
2014-06-27 04:26:20 -------- d-----w- C:\Program Files (x86)\Emsisoft Anti-Malware
2014-06-27 00:04:21 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys
2014-06-26 03:11:46 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-06-26 01:01:52 -------- d-----w- C:\ProgramData\Seagate
2014-06-26 01:01:44 971360 ----a-w- C:\Windows\System32\drivers\timntr.sys
2014-06-26 01:01:42 141920 ----a-w- C:\Windows\System32\drivers\vsflt53.sys
2014-06-26 01:01:41 275552 ----a-w- C:\Windows\System32\drivers\snapman.sys
2014-06-26 01:01:37 -------- d-----w- C:\Program Files (x86)\Seagate
2014-06-26 01:01:37 -------- d-----w- C:\Program Files (x86)\Common Files\Seagate
2014-06-25 22:15:42 -------- d-----w- C:\Users\Bruno\AppData\Roaming\Tibia
2014-06-25 20:20:42 -------- d-sh--w- C:\Users\Bruno\AppData\Local\EmieUserList
2014-06-25 20:20:42 -------- d-sh--w- C:\Users\Bruno\AppData\Local\EmieSiteList
2014-06-25 19:49:58 -------- d-----w- C:\Users\Bruno\AppData\Local\Wokhan
2014-06-25 18:10:40 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{28E9B294-E74E-44CA-AA9B-5FF67F896EED}\gapaengine.dll
2014-06-25 18:10:36 10779000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-06-25 18:09:16 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2014-06-25 18:09:14 -------- d-----w- C:\Program Files\Microsoft Security Client
2014-06-25 16:50:34 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-06-25 16:50:34 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-06-25 16:50:34 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-25 16:48:04 203304 ----a-w- C:\ProgramData\1403714843.bdinstall.bin
2014-06-24 06:13:48 10779000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{265F1986-5900-4234-9AA8-AE21404A2CAA}\mpengine.dll
2014-06-11 09:20:49 506368 ----a-w- C:\Windows\System32\aepdu.dll
2014-06-05 22:46:40 -------- d-----w- C:\Users\Bruno\AppData\Local\IBM
2014-06-05 22:46:38 -------- d-----w- C:\Users\Bruno\AppData\Local\javasharedresources
2014-06-05 22:45:42 -------- d-----w- C:\Program Files\Common Files\IBM
2014-06-04 17:58:59 -------- d-----w- C:\Users\Bruno\AppData\Local\Garmin
2014-06-04 17:58:48 -------- d-----w- C:\ProgramData\Ant
2014-06-04 17:58:33 -------- d-----w- C:\ProgramData\Garmin
2014-06-04 17:58:25 -------- d-----w- C:\ProgramData\Package Cache
2014-06-04 17:55:36 -------- d-----w- C:\Program Files (x86)\Garmin GPS Plugin
2014-06-04 17:55:35 -------- d-----w- C:\Program Files\Garmin GPS Plugin
2014-05-29 10:32:14 80384 ----a-w- C:\Windows\System32\RazerCoinstaller.dll
.
==================== Find3M  ====================
.
2014-06-19 12:42:19 50464 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2014-06-08 09:08:04 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-06-05 22:45:22 205 ----a-w- C:\Windows\SysWow64\lsprst7.dll
2014-05-30 10:02:37 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-30 10:02:09 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-05-30 09:39:43 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-05-30 09:39:23 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-05-30 09:38:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-05-30 09:21:23 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-05-30 09:21:05 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-05-30 09:20:36 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-05-30 09:11:24 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-05-30 09:08:22 5782528 ----a-w- C:\Windows\System32\jscript9.dll
2014-05-30 09:02:39 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-30 08:55:36 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-05-30 08:44:28 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-05-30 08:43:06 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-05-30 08:42:16 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-05-30 08:28:33 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-05-30 08:27:56 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-05-30 08:24:19 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-05-30 08:23:22 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-05-30 08:10:46 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-05-30 07:56:56 2266112 ----a-w- C:\Windows\System32\wininet.dll
2014-05-30 07:56:50 4244992 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-05-30 07:50:09 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-05-30 07:49:38 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-05-30 07:21:10 1790976 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-05-24 02:33:58 864256 ----a-w- C:\Windows\SysWow64\rzdevicedll.dll
2014-05-24 02:33:56 325120 ----a-w- C:\Windows\SysWow64\rzaudiodll.dll
2014-05-19 06:47:40 33448 ----a-w- C:\Windows\System32\drivers\rzdaendpt.sys
2014-05-19 06:47:38 31400 ----a-w- C:\Windows\System32\drivers\rzvkeyboard.sys
2014-05-19 06:47:28 155816 ----a-w- C:\Windows\System32\drivers\rzudd.sys
2014-05-19 06:26:50 89088 ----a-w- C:\Windows\SysWow64\rzdevinfo.dll
2014-05-19 06:26:50 155136 ----a-w- C:\Windows\SysWow64\rztouchdll.dll
2014-05-19 06:26:46 117248 ----a-w- C:\Windows\SysWow64\rzdisplaydll.dll
2014-05-16 17:03:30 141600 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
2014-05-16 17:03:30 115488 ----a-w- C:\Windows\System32\drivers\VBoxUSB.sys
2014-05-14 03:07:09 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 03:07:09 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-12 10:25:56 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-04-25 02:34:59 801280 ----a-w- C:\Windows\System32\usp10.dll
2014-04-25 02:06:17 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-04-05 02:47:20 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-04-05 02:47:09 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-07-22 01:50:29 14690376 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
.
============= FINISH: 23:45:13,84 ===============
 


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:02:20 AM

Posted 28 June 2014 - 11:33 AM

Good evening. :)

Please download AdwCleaner by Xplode from here and save it to your Desktop.

  • Close all open programs, including browsers.
  • Double click adwcleaner.exe to begin.
  • Click the I Agree button to continue.
  • Click on Scan and, once complete, click on Report and let me have the contents of the text that opens.
  • A copy of the text file will also be saved to C:\AdwCleaner[R*].txt - make sure you post the file with the biggest "R" number.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

Download OTL by OldTimer from here and save it to your Desktop.
 

  • Double click the tool to run it.
  • Click the Quick Scan button and allow it to do it's thing.
  • Once complete, it should open two Notepad Windows - OTL.Txt and Extras.Txt
  • It should also save copies in the same location as OTL.
  • I want you to copy and paste the contents of OTL.txt that should appear into one reply and Extras.Txt into another.
  • The length of the two logs sometimes results in the end being chopped off if you post both in one reply.

 

 


So long, and thanks for all the fish.

 

 


#3 muitosal

muitosal
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 28 June 2014 - 07:13 PM

Hello. Thank you for taking your time to help me!

 

I ran a scan from AdwCleaner yesterday (27.6.2014), and cleaned that it found. I will also copy the results here, don't know if it's helpful.

 

 

Scan from 27.6.2014 as follows:

 

# AdwCleaner v3.213 - Relatório criado 27/06/2014 às 22:52:54
# Atualizado 23/06/2014 por Xplode
# Sistema Operacional : Windows 7 Home Premium Service Pack 1 (64 bits)
# Usuário : Bruno - BRUNO-PC
# Executando de : D:\Downloads\AdwCleaner.exe
# Opção : Examinar
 
***** [ Serviços ] *****
 
Serviço Encontrado : vToolbarUpdater18.1.7
 
***** [ Arquivos / Pastas ] *****
 
Arquivo Encontrado : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Arquivo Encontrado : C:\Windows\System32\Tasks\YourFile Update
Pasta Encontrado : C:\Program Files (x86)\Common Files\AVG Secure Search
Pasta Encontrado : C:\Program Files (x86)\SearchProtect
Pasta Encontrado : C:\ProgramData\AVG Secure Search
Pasta Encontrado : C:\Users\Bruno\AppData\LocalLow\AVG Secure Search
 
***** [ Atalhos ] *****
 
 
***** [ Registro ] *****
 
Chave Encontrada : HKCU\Software\APN PIP
Chave Encontrada : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Chave Encontrada : [x64] HKCU\Software\APN PIP
Chave Encontrada : HKLM\SOFTWARE\0d79c293c1ed61418462e24595c90d04
Chave Encontrada : HKLM\Software\AVG Secure Search
Chave Encontrada : HKLM\Software\AVG Security Toolbar
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Chave Encontrada : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Chave Encontrada : HKLM\SOFTWARE\Classes\S
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Chave Encontrada : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_peerguardian_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_peerguardian_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_daemon-tools_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_daemon-tools_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_sony-vegas_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_sony-vegas_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Chave Encontrada : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Chave Encontrada : HKLM\Software\PIP
Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Valor Encontrada : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
 
***** [ Navegadores ] *****
 
-\\ Internet Explorer v11.0.9600.17126
 
 
-\\ Mozilla Firefox v14.0.1 (en-US)
 
[ Arquivo : C:\Users\Bruno\AppData\Roaming\Mozilla\Firefox\Profiles\imimp8mg.default\prefs.js ]
 
 
-\\ Google Chrome v
 
[ Arquivo : C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Encontrada [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Encontrada [Search Provider] : hxxp://www.softonic.com.br/s/{searchTerms}
Encontrada [Search Provider] : hxxp://www.newscientist.com/search?query={searchTerms}&doSearch=true
Encontrada [Search Provider] : hxxp://ratemyserver.net/index.php?iname={searchTerms}&page=item_db&quick=1&isearch=Search
Encontrada [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof
Encontrada [Extension] : nikpibnbobmbdbheedjfogjlikpgpnhp
 
*************************
 
AdwCleaner[R0].txt - [5441 octets] - [27/06/2014 22:52:54]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5501 octets] ##########

 

 
 
Scan from 28.6.2014 as follows:
 
# AdwCleaner v3.213 - Relatório criado 28/06/2014 às 20:56:24
# Atualizado 23/06/2014 por Xplode
# Sistema Operacional : Windows 7 Home Premium Service Pack 1 (64 bits)
# Usuário : Bruno - BRUNO-PC
# Executando de : D:\Desktop\AdwCleaner.exe
# Opção : Examinar
 
***** [ Serviços ] *****
 
 
***** [ Arquivos / Pastas ] *****
 
 
***** [ Atalhos ] *****
 
 
***** [ Registro ] *****
 
 
***** [ Navegadores ] *****
 
-\\ Internet Explorer v11.0.9600.17126
 
 
-\\ Mozilla Firefox v14.0.1 (en-US)
 
[ Arquivo : C:\Users\Bruno\AppData\Roaming\Mozilla\Firefox\Profiles\imimp8mg.default\prefs.js ]
 
 
-\\ Google Chrome v
 
[ Arquivo : C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [5609 octets] - [27/06/2014 22:52:54]
AdwCleaner[R1].txt - [816 octets] - [28/06/2014 20:56:24]
AdwCleaner[S0].txt - [5507 octets] - [27/06/2014 22:53:42]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [935 octets] ##########
 
 
OLT.txt as follows:

 

OTL logfile created on: 28/06/2014 21:00:24 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
 
7,96 Gb Total Physical Memory | 5,13 Gb Available Physical Memory | 64,38% Memory free
8,46 Gb Paging File | 5,04 Gb Available in Paging File | 59,56% Paging File free
Paging file location(s): c:\pagefile.sys 512 512 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 83,75 Gb Total Space | 20,68 Gb Free Space | 24,69% Space Free | Partition Type: NTFS
Drive D: | 2794,39 Gb Total Space | 49,62 Gb Free Space | 1,78% Space Free | Partition Type: NTFS
Drive E: | 1863,01 Gb Total Space | 84,27 Gb Free Space | 4,52% Space Free | Partition Type: NTFS
Drive H: | 7,44 Gb Total Space | 7,44 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Drive J: | 2794,39 Gb Total Space | 664,46 Gb Free Space | 23,78% Space Free | Partition Type: NTFS
 
Computer Name: BRUNO-PC | User Name: Bruno | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2014/06/28 20:55:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Desktop\OTL.exe
PRC - [2014/06/27 02:04:10 | 004,842,336 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2Guard.exe
PRC - [2014/06/27 02:04:04 | 004,725,440 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
PRC - [2014/06/09 12:46:48 | 000,435,032 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2014/05/31 16:26:48 | 000,585,048 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
PRC - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/05/12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/01/21 19:42:29 | 000,328,056 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2013/12/21 03:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/11/15 11:24:50 | 000,137,528 | ---- | M] (Motorola Mobility LLC) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
PRC - [2013/11/14 21:18:02 | 000,698,680 | ---- | M] (Motorola Mobility LLC) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
PRC - [2013/10/27 08:12:26 | 001,364,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/10/23 02:02:32 | 000,414,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/10/15 20:06:12 | 001,016,712 | ---- | M] (Flux Software LLC) -- C:\Users\Bruno\AppData\Local\FluxSoftware\Flux\flux.exe
PRC - [2012/05/30 13:00:02 | 000,013,632 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012/05/30 13:00:00 | 000,284,480 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/12/16 12:30:40 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/12/16 12:30:38 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/12/16 11:02:56 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
PRC - [2011/09/02 16:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
PRC - [2011/07/09 01:36:12 | 002,932,224 | ---- | M] (PACE Anti-Piracy, Inc.) -- C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
PRC - [2011/06/30 19:37:24 | 000,395,544 | ---- | M] (Seagate) -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
PRC - [2009/10/15 17:43:42 | 000,030,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/05/14 07:42:37 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\359e693030a92977455667e67fb74267\Microsoft.VisualBasic.ni.dll
MOD - [2014/05/14 07:42:00 | 000,489,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\d36c2c506d7dcf1d0237237b8bb33148\IAStorUtil.ni.dll
MOD - [2014/05/14 07:32:49 | 000,774,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\98c91b8d3f1d54c41ada5f37e0935303\System.Runtime.Remoting.ni.dll
MOD - [2014/02/26 03:06:13 | 000,399,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\b6c7a1ca929c1b10f36b683c9f1a0517\System.Xml.Linq.ni.dll
MOD - [2014/02/26 03:05:53 | 000,190,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75b6a68103e1b76063d9f69b8275ae61\UIAutomationTypes.ni.dll
MOD - [2014/02/26 03:05:52 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\47e7fc401facd4a5d3f2237f16948f36\PresentationFramework-SystemXml.ni.dll
MOD - [2014/02/26 03:05:52 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio4b37ff64#\0d3cb1df8b6af32cebdc6e2cc4948c69\PresentationFramework-SystemXmlLinq.ni.dll
MOD - [2014/02/26 03:02:56 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll
MOD - [2014/02/26 03:02:50 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll
MOD - [2014/02/26 03:02:48 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
MOD - [2014/02/26 03:02:48 | 001,180,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0893e0e7137e3b2da905da6216b75344\System.Management.ni.dll
MOD - [2014/02/26 03:02:41 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014/02/26 03:02:39 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014/02/26 03:02:38 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\78652b7fa68ee058bff6a118c657f565\SMDiagnostics.ni.dll
MOD - [2014/02/26 03:02:35 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014/02/26 03:02:35 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014/02/26 03:02:35 | 002,825,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll
MOD - [2014/02/26 03:02:35 | 000,806,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\34b53ecafa1d7ccc7ca961d722b5d983\System.ServiceModel.Internals.ni.dll
MOD - [2014/02/26 03:02:32 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014/02/26 03:02:30 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\75f8bc4cf08030c4a53b6d5e0ae20046\PresentationFramework.Aero.ni.dll
MOD - [2014/02/26 03:02:29 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014/02/26 03:02:28 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/02/26 03:02:23 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/02/14 02:26:54 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\372f8469f9c240599ceb339c0e215209\IAStorCommon.ni.dll
MOD - [2014/02/14 02:19:43 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\b34b348a9935338b1282fd0c9309eb1f\System.ServiceProcess.ni.dll
MOD - [2014/02/14 02:19:16 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/14 02:19:12 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/14 02:19:09 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/14 02:19:07 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/02/14 02:19:01 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014/02/14 02:18:59 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/14 02:18:56 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2013/09/04 23:14:10 | 004,300,456 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2013/07/08 09:42:09 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2011/05/01 01:32:08 | 000,054,000 | ---- | M] () -- C:\Windows\SysWOW64\PrxerNsp.dll
MOD - [2011/04/12 10:39:03 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_pt-BR_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
MOD - [2010/11/12 20:35:07 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009/10/15 17:44:46 | 000,067,128 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT LEDM\bin\HPTools.dll
MOD - [2009/10/15 17:44:24 | 000,075,320 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT LEDM\bin\HPToolkit.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/05/30 06:21:05 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/03/11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 02:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/11/08 07:32:34 | 000,126,856 | ---- | M] (HP) [Auto | Running] -- C:\Windows\SysNative\HPSIsvc.exe -- (HPSIService)
SRV:64bit: - [2012/11/02 21:43:00 | 000,112,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\WhsMcClient.exe -- (WhsMcClient)
SRV:64bit: - [2012/11/02 21:07:28 | 000,080,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\Microsoft.HomeServer.Archive.TransferService.exe -- (arXfrSvc)
SRV:64bit: - [2012/11/02 21:07:28 | 000,041,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe -- (ServiceProviderRegistry)
SRV:64bit: - [2012/07/25 09:44:06 | 000,361,888 | ---- | M] (HP) [Auto | Running] -- C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe -- (HPM1210RcvFaxSrvc)
SRV:64bit: - [2012/05/04 08:33:20 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV:64bit: - [2011/12/08 16:38:24 | 000,607,456 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2011/03/02 15:46:44 | 000,027,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\LANConfigSvc.exe -- (LANConfig)
SRV:64bit: - [2011/03/02 15:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe -- (WSS_ComputerBackupProviderSvc)
SRV:64bit: - [2011/03/02 15:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe -- (SqmProviderSvc)
SRV:64bit: - [2011/03/02 15:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe -- (providers_system)
SRV:64bit: - [2011/03/02 15:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe -- (NotificationsProviderSvc)
SRV:64bit: - [2011/03/02 15:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe -- (initMonitor)
SRV:64bit: - [2011/03/02 15:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe -- (HealthAlertsSvc)
SRV:64bit: - [2011/03/02 15:46:34 | 000,228,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe -- (WSConnectorUpdate)
SRV:64bit: - [2010/11/21 00:24:38 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\inetinfo.exe -- (IISADMIN)
SRV:64bit: - [2009/12/16 17:44:44 | 003,750,400 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV:64bit: - [2009/07/13 22:39:20 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ)
SRV - [2014/06/27 02:04:04 | 004,725,440 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2014/06/09 12:46:48 | 000,435,032 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2014/05/14 00:07:09 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/12/21 03:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/15 11:24:50 | 000,137,528 | ---- | M] (Motorola Mobility LLC) [Auto | Running] -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)
SRV - [2013/10/27 08:12:26 | 001,364,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/10/23 02:02:32 | 000,414,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/02/28 22:48:58 | 000,118,520 | ---- | M] (Riverbed Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2012/12/14 01:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/10/23 06:47:48 | 002,848,168 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/08/14 08:47:18 | 000,203,640 | ---- | M] (X-Rite Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe -- (xrdd.exe)
SRV - [2012/07/18 14:35:29 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/07 23:34:01 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/05/30 13:00:02 | 000,013,632 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012/03/19 17:28:00 | 000,043,072 | ---- | M] (ArcSoft, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe -- (ADExchange)
SRV - [2011/12/16 12:30:40 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/12/16 12:30:38 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/12/16 11:02:56 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2011/09/02 16:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service)
SRV - [2011/07/09 01:36:12 | 002,932,224 | ---- | M] (PACE Anti-Piracy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe -- (PaceLicenseDServices)
SRV - [2011/06/30 19:37:38 | 001,191,816 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2010/11/21 00:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/21 00:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/21 00:24:51 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/10/15 10:13:50 | 000,136,192 | ---- | M] (HP) [Auto | Stopped] -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2009/06/23 15:59:32 | 000,259,368 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe -- (NeroMediaHomeService.4)
SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/06/28 20:53:07 | 000,122,584 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/06/27 22:28:07 | 000,386,680 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2014/06/25 22:01:44 | 000,971,360 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2014/06/25 22:01:42 | 000,141,920 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsflt53.sys -- (vidsflt53)
DRV:64bit: - [2014/06/25 22:01:41 | 000,275,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2014/06/19 09:42:19 | 000,050,464 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2014/05/19 03:47:40 | 000,033,448 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzdaendpt.sys -- (rzdaendpt)
DRV:64bit: - [2014/05/19 03:47:38 | 000,031,400 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzvkeyboard.sys -- (rzvkeyboard)
DRV:64bit: - [2014/05/19 03:47:28 | 000,155,816 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd)
DRV:64bit: - [2014/05/16 14:03:30 | 000,141,600 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2014/05/12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/03/30 03:26:02 | 000,129,944 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2014/03/11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/10/27 08:12:42 | 000,196,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/03/26 15:16:34 | 000,032,768 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motoandroid.sys -- (motandroidusb)
DRV:64bit: - [2013/03/20 09:51:14 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService)
DRV:64bit: - [2013/03/20 09:49:34 | 000,012,288 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motusbdevice.sys -- (motusbdevice)
DRV:64bit: - [2013/03/19 17:25:46 | 000,027,648 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet)
DRV:64bit: - [2013/03/19 17:25:28 | 000,023,552 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2013/02/28 22:49:12 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2013/01/15 02:02:42 | 000,020,832 | ---- | M] (Nicomsoft Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\DDCDrv.sys -- (WinI2C-DDC)
DRV:64bit: - [2012/12/14 01:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/12/04 23:57:30 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2012/11/02 19:30:28 | 000,210,016 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vididr.sys -- (vididr)
DRV:64bit: - [2012/09/28 09:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/06/08 16:08:54 | 000,008,832 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService)
DRV:64bit: - [2012/05/30 13:42:10 | 000,569,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012/05/04 08:33:12 | 002,196,592 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2012/03/27 05:13:18 | 000,789,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/03/27 05:13:18 | 000,356,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/03/27 05:13:17 | 000,019,224 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/03/01 03:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/10 11:14:14 | 000,311,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ArcSec.sys -- (ArcSec)
DRV:64bit: - [2011/11/10 01:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/11/03 02:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/08/11 03:54:16 | 000,104,560 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/06/28 16:04:40 | 000,105,592 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd)
DRV:64bit: - [2011/03/11 03:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 03:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/02 13:33:12 | 000,063,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BackupReader.sys -- (BackupReader)
DRV:64bit: - [2010/11/21 00:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 00:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 00:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/09/15 08:46:14 | 000,060,288 | ---- | M] (Generic USB smartcard reader) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MHIKEY10x64.sys -- (MHIKEY10)
DRV:64bit: - [2010/04/13 12:54:34 | 000,131,072 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)
DRV:64bit: - [2010/04/12 13:29:24 | 000,074,496 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 21:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 21:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 21:26:13 | 000,189,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mqac.sys -- (MQAC)
DRV:64bit: - [2009/07/07 10:53:04 | 000,032,256 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0)
DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/13 11:55:38 | 000,318,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock)
DRV:64bit: - [2007/04/27 06:40:00 | 000,142,120 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64)
DRV - [2014/06/27 02:02:07 | 000,071,472 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Running] -- C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys -- (a2acc)
DRV - [2014/06/27 02:02:00 | 000,023,088 | ---- | M] (Emsisoft GmbH) [File_System | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys -- (a2util)
DRV - [2014/06/27 01:58:20 | 000,057,024 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys -- (cleanhlp)
DRV - [2014/06/27 01:58:01 | 000,045,208 | ---- | M] (Emsisoft GmbH) [File_System | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys -- (a2injectiondriver)
DRV - [2013/03/28 19:03:02 | 000,026,176 | ---- | M] (Emsisoft GmbH) [File_System | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys -- (A2DDA)
DRV - [2013/01/15 02:02:42 | 000,010,240 | ---- | M] (Nicomsoft Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\DDCDrv.sys -- (WinI2C-DDC)
DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com/?tn=incore_pay_hp_01_hao123_br
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{92001F8A-C36B-473A-91E7-5BE0C81CF2B3}: "URL" = http://clikseguro.com/Search.aspx?cx=017847565674971774939%3Aktp_l5v6i2u&ie=ISO-8859-1&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,DefaultNetworkProfile = 508736057
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-BR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 22 45 61 89 2D 66 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKCU\..\SearchScopes\{92001F8A-C36B-473A-91E7-5BE0C81CF2B3}: "URL" = http://clikseguro.com/Search.aspx?cx=017847565674971774939%3Aktp_l5v6i2u&ie=ISO-8859-1&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=209.249.157.67:3541
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "PSafe ClikSeguro"
FF - prefs.js..extensions.enabledAddons: support@lastpass.com:2.0.0
FF - prefs.js..extensions.enabledAddons: https-everywhere@eff.org:3.0.3
FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:1.10
FF - prefs.js..extensions.enabledAddons: firefox@ghostery.com:2.9.6
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: D:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Bruno\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Bruno\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014/05/15 18:32:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 13:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/01 03:56:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012/07/07 18:13:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruno\AppData\Roaming\mozilla\Extensions
[2014/06/27 22:36:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruno\AppData\Roaming\mozilla\Firefox\Profiles\imimp8mg.default\extensions
[2014/01/14 06:13:32 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Bruno\AppData\Roaming\mozilla\Firefox\Profiles\imimp8mg.default\extensions\firefox@ghostery.com
[2012/11/01 04:00:27 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Bruno\AppData\Roaming\mozilla\Firefox\Profiles\imimp8mg.default\extensions\https-everywhere@eff.org
[2012/07/21 22:50:29 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Bruno\AppData\Roaming\mozilla\Firefox\Profiles\imimp8mg.default\extensions\support@lastpass.com
[2014/01/14 05:06:27 | 000,069,465 | ---- | M] () (No name found) -- C:\Users\Bruno\AppData\Roaming\mozilla\firefox\profiles\imimp8mg.default\extensions\mediahint@jetpack.xpi
[2013/03/19 14:12:48 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Bruno\AppData\Roaming\mozilla\firefox\profiles\imimp8mg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/11/01 04:06:04 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Bruno\AppData\Roaming\mozilla\firefox\profiles\imimp8mg.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2014/01/14 06:13:32 | 000,275,262 | ---- | M] () (No name found) -- C:\Users\Bruno\AppData\Roaming\mozilla\firefox\profiles\imimp8mg.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013/07/30 13:22:37 | 000,002,235 | ---- | M] () -- C:\Users\Bruno\AppData\Roaming\mozilla\firefox\profiles\imimp8mg.default\searchplugins\clikseguro.xml
[2012/11/01 03:56:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/07/13 21:17:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/07/13 21:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/07/13 21:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Bruno\AppData\Local\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Bruno\AppData\Local\Google\Chrome\Application\35.0.1916.153\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Bruno\AppData\Local\Google\Chrome\Application\35.0.1916.153\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Intel® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Bruno\AppData\Local\Facebook\Messenger\2.1.4570.0\npFbDesktopPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Bruno\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: BetterTTV = C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped\6.6_0\
CHR - Extension: YouTube Center = C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcegdpionpopahcglnfiiioapcclamdj\2.1.0_0\
CHR - Extension: Adblock Plus = C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.3_0\
CHR - Extension: LastPass: Free Password Manager = C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\3.1.33_0\
CHR - Extension: DownFlickr - Flickr Downloader = C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\idiemcijhbenngdhkdiipmpkafnkbkeg\0.5.1_0\
CHR - Extension: Reddit Enhancement Suite = C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.3.2.1_0\
CHR - Extension: Ghostery = C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.3.0_0\
CHR - Extension: Google Wallet = C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Hover Zoom = C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\5.2_0\
 
O1 HOSTS File: ([2013/05/23 21:48:51 | 000,010,867 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 66.35.215.12:443    
O1 - Hosts: 66.35.215.10 
O1 - Hosts: 66.35.215.51
O1 - Hosts: 66.35.215.0 
O1 - Hosts: 66.35.215.63 
O1 - Hosts: 66.35.215.12 
O1 - Hosts: 66.35.192.0 
O1 - Hosts: 66.35.255.255 
O1 - Hosts: 127.0.0.1                   intouch.arcsoft.com 
O1 - Hosts: 127.0.0.1                   arcsoft.com   
O1 - Hosts: 127.0.0.1 license.superantispyware.com127.0.0.1                   activate.adobe.com
O1 - Hosts: 127.0.0.1                   practivate.adobe.com
O1 - Hosts: 127.0.0.1                   lmlicenses.wip4.adobe.com
O1 - Hosts: 127.0.0.1                   lm.licenses.adobe.com
O1 - Hosts: 127.255.255.255   3dns.adobe.com
O1 - Hosts: 127.255.255.255   3dns-1.adobe.com
O1 - Hosts: 127.255.255.255   3dns-2.adobe.com #192.150.22.22
O1 - Hosts: 127.255.255.255   3dns-3.adobe.com #192.150.14.21
O1 - Hosts: 127.255.255.255   3dns-4.adobe.com #192.150.18.247
O1 - Hosts: 127.255.255.255   3dns-5.adobe.com #192.150.22.46
O1 - Hosts: 127.255.255.255   adobe.activate.com #69.175.22.26
O1 - Hosts: 127.255.255.255   activate.adobe.com #192.150.22.40
O1 - Hosts: 127.255.255.255   activate.adobe.com:443
O1 - Hosts: 127.255.255.255   activate-sea.adobe.com #192.150.22.40
O1 - Hosts: 127.255.255.255   activate-sjc0.adobe.com #192.150.14.69
O1 - Hosts: 173 more lines...
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Adobe Acrobat Create PDF Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe Acrobat Create PDF Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MsmqIntCert] C:\Windows\SysNative\mqrt.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Seagate Serviço Scheduler2] C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [EAM Trial Reset] C:\Program Files (x86)\EAM-TR.exe ()
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [HPUsageTrackingLEDM] C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] d:\Program Files\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKLM..\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer Inc.)
O4 - HKCU..\Run: [F.lux] C:\Users\Bruno\AppData\Local\FluxSoftware\Flux\flux.exe (Flux Software LLC)
O4 - HKCU..\Run: [GarminExpressTrayApp] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8:64bit: - Extra context menu item: Anexar a PDF existente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Anexar destino do link a PDF existente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Converter destino do link em Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Converter em Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://D:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Anexar a PDF existente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Anexar destino do link a PDF existente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Converter destino do link em Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Converter em Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://D:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Windows\SysNative\PrxerNsp.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\PrxerNsp.dll ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: hdts.ru ([]https in Trusted sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6AE4A39D-CE3A-4672-B30F-7786915FCB2E}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{61683a57-d772-11e2-a56b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{61683a57-d772-11e2-a56b-806e6f6e6963}\Shell\AutoRun\command - "" = E:\MotorolaDeviceManagerSetup.exe -a
O33 - MountPoints2\{6e80fcb4-f1f9-11e3-ac5e-50e549eee758}\Shell - "" = AutoRun
O33 - MountPoints2\{6e80fcb4-f1f9-11e3-ac5e-50e549eee758}\Shell\AutoRun\command - "" = F:\Startme.exe
O33 - MountPoints2\{6fe09dbe-1aaa-11e3-9771-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{6fe09dbe-1aaa-11e3-9771-005056c00008}\Shell\AutoRun\command - "" = R:\SETUP.EXE
O33 - MountPoints2\{6fe09dbe-1aaa-11e3-9771-005056c00008}\Shell\configure\command - "" = R:\SETUP.EXE
O33 - MountPoints2\{6fe09dbe-1aaa-11e3-9771-005056c00008}\Shell\install\command - "" = R:\SETUP.EXE
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\MotorolaDeviceManagerSetup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/06/28 20:55:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- D:\Desktop\OTL.exe
[2014/06/27 23:44:46 | 000,000,000 | R--D | C] -- C:\Users\Bruno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/06/27 23:44:14 | 000,688,992 | R--- | C] (Swearware) -- D:\Desktop\dds.com
[2014/06/27 22:57:36 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/06/27 22:53:15 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/06/27 22:52:45 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/06/27 22:39:17 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Roaming\PowerISO
[2014/06/27 22:37:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
[2014/06/27 22:36:46 | 000,129,944 | ---- | C] (Power Software Ltd) -- C:\Windows\SysNative\drivers\scdemu.sys
[2014/06/27 22:36:35 | 000,000,000 | ---D | C] -- C:\Program Files\PowerISO
[2014/06/27 22:36:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Emsisoft
[2014/06/27 22:28:05 | 000,386,680 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
[2014/06/27 22:27:24 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Baidu
[2014/06/27 20:29:01 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\ElevatedDiagnostics
[2014/06/27 14:25:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2014/06/27 12:01:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MKVToolNix
[2014/06/27 01:46:35 | 000,000,000 | ---D | C] -- C:\ProgramData\IDM
[2014/06/27 01:46:34 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Roaming\DMCache
[2014/06/27 01:27:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2014/06/27 01:26:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2014/06/27 01:26:20 | 000,000,000 | ---D | C] -- D:\Documentos\Anti-Malware
[2014/06/26 21:24:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Turtle Sport
[2014/06/26 21:04:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2014/06/26 21:04:21 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\Windows\SysNative\drivers\revoflt.sys
[2014/06/26 00:11:46 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/06/25 22:27:42 | 000,000,000 | ---D | C] -- D:\Desktop\Programas
[2014/06/25 22:01:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Seagate
[2014/06/25 22:01:41 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Seagate
[2014/06/25 22:01:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Acronis
[2014/06/25 22:01:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Seagate
[2014/06/25 22:01:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Seagate
[2014/06/25 19:15:42 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Roaming\Tibia
[2014/06/25 17:40:52 | 000,000,000 | -H-D | C] -- C:\Users\Bruno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup (Disabled by Starter)
[2014/06/25 17:39:27 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CodeStuff Starter
[2014/06/25 17:20:42 | 000,000,000 | -HSD | C] -- C:\Users\Bruno\AppData\Local\EmieUserList
[2014/06/25 17:20:42 | 000,000,000 | -HSD | C] -- C:\Users\Bruno\AppData\Local\EmieSiteList
[2014/06/25 16:49:58 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\Wokhan
[2014/06/25 15:09:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2014/06/25 15:09:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2014/06/25 14:01:53 | 000,000,000 | ---D | C] -- D:\Documentos\OpenTTD
[2014/06/25 13:50:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/06/25 13:50:34 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/06/25 13:50:34 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/06/25 13:50:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/06/13 18:54:23 | 000,000,000 | ---D | C] -- D:\Documentos\!check-ups
[2014/06/13 02:05:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
[2014/06/05 19:47:47 | 000,000,000 | ---D | C] -- D:\Documentos\IBM
[2014/06/05 19:46:40 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\IBM
[2014/06/05 19:46:38 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\javasharedresources
[2014/06/05 19:45:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IBM SPSS Statistics
[2014/06/05 19:45:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\IBM
[2014/06/04 14:58:59 | 000,000,000 | ---D | C] -- C:\Users\Bruno\AppData\Local\Garmin
[2014/06/04 14:58:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Ant
[2014/06/04 14:58:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Garmin
[2014/06/04 14:58:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014/06/04 14:55:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garmin GPS Plugin
[2014/06/04 14:55:35 | 000,000,000 | ---D | C] -- C:\Program Files\Garmin GPS Plugin
[2013/04/06 18:45:18 | 001,964,032 | ---- | C] (MONOGRAM Mutimedia s.r.o.) -- C:\Users\Bruno\graphstudio64.exe
[2012/07/07 18:45:37 | 014,690,376 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/06/28 21:01:03 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/28 21:01:03 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/28 20:57:06 | 001,842,454 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/06/28 20:57:06 | 000,781,862 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2014/06/28 20:57:06 | 000,724,608 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/06/28 20:57:06 | 000,176,456 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2014/06/28 20:57:06 | 000,148,678 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/06/28 20:55:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Desktop\OTL.exe
[2014/06/28 20:53:07 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/06/28 20:52:38 | 000,000,435 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2014/06/28 20:52:28 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/28 20:52:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/28 10:08:24 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/28 10:07:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/28 09:49:25 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1560961482-1246515894-2953384062-1000UA.job
[2014/06/28 00:49:00 | 000,001,026 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1560961482-1246515894-2953384062-1000Core.job
[2014/06/27 23:44:20 | 000,688,992 | R--- | M] (Swearware) -- D:\Desktop\dds.com
[2014/06/27 22:51:43 | 001,342,659 | ---- | M] () -- D:\Desktop\AdwCleaner.exe
[2014/06/27 22:34:25 | 000,000,291 | ---- | M] () -- D:\Documentos\ax_files.xml
[2014/06/27 22:28:07 | 000,386,680 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
[2014/06/27 12:14:50 | 000,002,006 | -H-- | M] () -- D:\Documentos\Default.rdp
[2014/06/27 11:41:41 | 000,007,600 | ---- | M] () -- C:\Users\Bruno\AppData\Local\Resmon.ResmonCfg
[2014/06/26 11:18:10 | 005,137,600 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/06/25 21:39:36 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2014/06/25 15:09:25 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/06/25 13:48:04 | 000,203,304 | ---- | M] () -- C:\ProgramData\1403714843.bdinstall.bin
[2014/06/19 09:42:19 | 000,050,464 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2014/06/05 19:45:22 | 000,000,219 | ---- | M] () -- C:\Windows\SysWow64\lsprst7.tgz
[2014/06/05 19:45:22 | 000,000,205 | ---- | M] () -- C:\Windows\SysWow64\lsprst7.dll
[2014/06/05 19:45:22 | 000,000,016 | -H-- | M] () -- C:\Windows\SysWow64\servdat.slm
[2014/06/01 20:14:58 | 000,000,939 | ---- | M] () -- D:\Desktop\Idiomas - Atalho.lnk
[2014/06/01 20:14:52 | 000,000,919 | ---- | M] () -- D:\Desktop\Ibmec - Atalho.lnk
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/06/27 22:51:23 | 001,342,659 | ---- | C] () -- D:\Desktop\AdwCleaner.exe
[2014/06/27 22:33:08 | 000,000,291 | ---- | C] () -- D:\Documentos\ax_files.xml
[2014/06/27 22:16:17 | 000,357,337 | ---- | C] () -- C:\Program Files (x86)\EAM-TR.exe
[2014/06/26 11:18:01 | 005,137,600 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/06/25 21:39:36 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2014/06/25 15:09:25 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2014/06/25 15:09:18 | 000,002,086 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2014/06/25 13:48:04 | 000,203,304 | ---- | C] () -- C:\ProgramData\1403714843.bdinstall.bin
[2014/03/31 01:09:58 | 000,002,244 | ---- | C] () -- C:\Users\Bruno\AppData\Local\recently-used.xbel
[2013/12/11 23:58:34 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2013/12/11 22:48:41 | 000,000,318 | ---- | C] () -- C:\Windows\WPE PRO - modified.INI
[2013/11/21 13:39:59 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\mvusbews.dll
[2013/09/30 00:29:56 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2013/09/19 21:04:46 | 000,331,776 | ---- | C] ( ) -- C:\Windows\SysWow64\sbcrreag.dll
[2013/09/10 21:21:32 | 000,021,533 | ---- | C] () -- C:\Windows\SysWow64\netmo832.dll
[2013/08/16 20:05:49 | 000,000,029 | ---- | C] () -- C:\Users\Bruno\AppData\Roaming\mbam.context.scan
[2013/02/28 22:47:36 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2013/02/15 14:52:28 | 000,004,608 | ---- | C] () -- C:\Users\Bruno\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/02/14 13:53:08 | 004,412,622 | ---- | C] () -- C:\Users\Bruno\AppData\Local\ASbs.ac
[2013/02/10 13:25:09 | 000,017,408 | ---- | C] () -- C:\Users\Bruno\AppData\Local\WebpageIcons.db
[2012/12/19 14:37:35 | 000,151,916 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/12/14 01:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/12/14 01:42:24 | 000,754,652 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012/12/14 01:42:24 | 000,598,384 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012/11/26 13:58:21 | 000,000,600 | ---- | C] () -- C:\Users\Bruno\AppData\Local\PUTTY.RND
[2012/10/13 18:14:45 | 000,116,736 | ---- | C] () -- C:\Windows\SysWow64\libsndfile-1.dll
[2012/10/09 21:02:07 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012/10/04 01:45:01 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2012/10/04 01:45:01 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2012/10/01 15:16:50 | 000,007,600 | ---- | C] () -- C:\Users\Bruno\AppData\Local\Resmon.ResmonCfg
[2012/10/01 02:35:29 | 000,014,111 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
[2012/10/01 02:35:26 | 004,779,592 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2012/10/01 02:35:26 | 000,018,304 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2012/09/30 21:19:19 | 000,000,076 | ---- | C] () -- C:\Windows\SysWow64\llbiirc.dll
[2012/09/09 12:31:17 | 001,815,118 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/07 20:52:56 | 000,054,000 | ---- | C] () -- C:\Windows\SysWow64\PrxerNsp.dll
[2012/07/07 18:39:37 | 000,438,306 | ---- | C] () -- C:\ProgramData\1341696728.bdinstall.bin
[2012/07/07 18:19:58 | 000,021,380 | ---- | C] () -- C:\Windows\SysWow64\llb9dq.dll
 
========== ZeroAccess Check ==========
 
[2009/07/14 01:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 23:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 23:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 22:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 00:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 22:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/09/02 00:08:03 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\AnvSoft
[2012/07/16 19:37:29 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\AtomZombieData
[2013/08/16 00:49:57 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\Audacity
[2012/10/06 21:24:39 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\avidemux
[2012/10/09 18:21:50 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\BDREBUILDER
[2012/10/01 02:20:46 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\Bigasoft Audio Converter
[2013/08/29 15:50:56 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\Bizagi Ltd
[2013/05/07 14:15:18 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\calibre
[2012/07/07 22:32:54 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\CEZEO software
[2013/05/25 20:57:04 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\color
[2013/11/17 21:47:08 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\ColorCop
[2012/12/19 14:49:19 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013/08/15 15:18:55 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
[2013/09/22 21:34:10 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\DAEMON Tools Lite
[2013/09/11 12:55:11 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\DAEMON Tools Ult
[2012/10/02 13:41:08 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\dBpoweramp
[2013/12/18 15:50:47 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\deluge
[2013/05/30 18:55:36 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\dispcalGUI
[2014/06/27 02:01:01 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\DMCache
[2013/07/17 15:38:50 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\DVDVideoSoft
[2012/09/30 19:05:15 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\EAC
[2012/10/06 19:25:28 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\EasiestSoft
[2012/11/01 03:38:54 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\FileZilla
[2014/06/28 20:58:40 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\foobar2000
[2014/04/11 17:50:01 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\foobar2000 - Cópia
[2014/04/12 19:44:14 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\foobar2000 xchange
[2012/10/28 15:33:40 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\FTPRush
[2014/06/26 20:36:30 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\Garmin
[2012/10/26 22:29:49 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\GlobalSCAPE
[2012/11/11 17:26:40 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\HD Tune Pro
[2013/12/30 03:28:55 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\IrfanView
[2013/08/29 15:50:56 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\IsolatedStorage
[2014/06/26 21:15:07 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\J River
[2012/10/05 14:52:30 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\Leadertech
[2013/09/11 12:48:49 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\MediaBrowser-Classic
[2013/09/14 15:06:02 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\MediaBrowser-InstallLogs
[2012/10/06 18:31:22 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\mkvtoolnix
[2013/06/17 14:23:45 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\Motorola
[2013/06/17 14:24:56 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\Motorola Mobility
[2014/01/29 10:56:11 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\MPC-HC
[2012/11/26 14:02:53 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\NetSarang
[2013/02/10 17:56:09 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\PACE Anti-Piracy
[2012/11/04 20:14:27 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\Peter Souza IV
[2012/11/11 08:48:01 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\PFStaticIP
[2014/06/27 22:39:17 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\PowerISO
[2012/07/07 20:53:02 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\Proxifier
[2013/11/26 20:03:10 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\pxgclient
[2012/12/18 20:45:11 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\Python-Eggs
[2012/07/07 18:32:49 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\QuickScan
[2012/11/02 19:30:51 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\Seagate
[2013/03/12 18:49:25 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\SolidDocuments
[2013/02/10 13:26:17 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\Sony
[2014/02/24 13:45:06 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/10/06 21:17:55 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\Subtitle Edit
[2013/12/14 10:04:56 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\Subversion
[2012/10/06 20:38:41 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\SupRip
[2013/02/17 19:30:25 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\SVP 3.1
[2012/09/03 04:23:02 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\thriXXX
[2014/06/25 19:16:10 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\Tibia
[2013/06/12 22:53:55 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\Tibiacast
[2014/06/28 21:02:42 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\uTorrent
[2012/11/11 08:50:14 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\VS Revo Group
[2012/09/08 01:59:58 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\Winsome Technologies
[2013/12/11 22:53:53 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\Wireshark
[2013/09/17 10:31:44 | 000,000,000 | -HSD | M] -- C:\Users\Bruno\AppData\Roaming\wyUpdate AU
[2013/05/04 13:41:11 | 000,000,000 | ---D | M] -- C:\Users\Bruno\AppData\Roaming\X-Rite
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1312 bytes -> C:\ProgramData\Microsoft:MOMNiA60eXDcTNXXpxG1bKFfXl
@Alternate Data Stream - 1270 bytes -> C:\ProgramData\Microsoft:fmiKOwg1YlvEyWwjcuHMjTrR4Li
@Alternate Data Stream - 1234 bytes -> C:\Users\Bruno\AppData\Local\Temp:cnsP9JvKAOHHQHwXk8eBloa
@Alternate Data Stream - 1233 bytes -> C:\ProgramData\Microsoft:YXAySpNriU80YqOZjl
@Alternate Data Stream - 1192 bytes -> C:\ProgramData\Microsoft:1uNkZM5GA4joV78gzBtDZxY
 
< End of report >
 
 

Extras.txt as follows (tried to reply on a second post, but forum automatically put both together):

 

OTL Extras logfile created on: 28/06/2014 21:00:24 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
 
7,96 Gb Total Physical Memory | 5,13 Gb Available Physical Memory | 64,38% Memory free
8,46 Gb Paging File | 5,04 Gb Available in Paging File | 59,56% Paging File free
Paging file location(s): c:\pagefile.sys 512 512 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 83,75 Gb Total Space | 20,68 Gb Free Space | 24,69% Space Free | Partition Type: NTFS
Drive D: | 2794,39 Gb Total Space | 49,62 Gb Free Space | 1,78% Space Free | Partition Type: NTFS
Drive E: | 1863,01 Gb Total Space | 84,27 Gb Free Space | 4,52% Space Free | Partition Type: NTFS
Drive H: | 7,44 Gb Total Space | 7,44 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Drive J: | 2794,39 Gb Total Space | 664,46 Gb Free Space | 23,78% Space Free | Partition Type: NTFS
 
Computer Name: BRUNO-PC | User Name: Bruno | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultInboundAction" = 1
"DefaultOutboundAction" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultInboundAction" = 1
"DefaultOutboundAction" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultInboundAction" = 1
"DefaultOutboundAction" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01948B27-E86F-4352-B1D1-748BE5BB3EAF}" = lport=427 | protocol=17 | dir=in | name=slp | 
"{18384F29-B173-48DA-8B1A-5DDBCED60DE5}" = rport=138 | protocol=17 | dir=out | app=system | 
"{2D3B7A91-0FA1-4D46-A537-CEB2E3F1A835}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{37124F8A-0A0E-4120-B0E1-BAA4FD7B4E66}" = rport=80 | protocol=6 | dir=out | svc=wuauserv | app=c:\windows\system32\svchost.exe | 
"{4456259E-B40D-4FA2-85FD-5AB7DE4D00E3}" = lport=137 | protocol=17 | dir=in | app=system | 
"{4D521CB6-0F8B-4C94-A977-78A8083497BE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4E9BAC78-A9D3-40EE-907C-0F75B84FAFF4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{502AFC5B-77E5-43BE-9527-2ECFAF2954EE}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{545BCB61-EA23-4BC6-AA5F-DEE5A77ECEFC}" = lport=139 | protocol=6 | dir=in | app=system | 
"{608713C3-DEA7-4ABB-99C0-F093274470AE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{692D5D47-7D0E-4A20-927D-4FAB956E6E3E}" = lport=427 | protocol=6 | dir=in | name=advanced tcp/ip slp port | 
"{6CD02867-98A3-4FA2-955D-1108FAEDE1DF}" = lport=9100 | protocol=6 | dir=in | name=advanced tcp/ip printer port | 
"{76D4055C-F13C-4F2E-A634-B7ED1E35D877}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7C85F117-5F23-41C2-B815-C8F242EE91EA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{7D43808C-D120-42B8-A46E-3F793AE80FF5}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{808C3C73-C483-4AC0-8AF5-BEF4E110AF51}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{8BA51577-117F-44ED-8F2B-049A55D0FF05}" = lport=138 | protocol=17 | dir=in | app=system | 
"{8FD9EE93-D451-42B0-8619-C31384178563}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9E0E9D3A-6D8D-4735-A064-C0D812FFB663}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A37B08F0-569E-4A72-B738-DAF2A0A263D8}" = rport=80 | protocol=6 | dir=out | svc=cryptsvc | app=c:\windows\system32\svchost.exe | 
"{A59C4903-6B34-4E92-B65D-A1F7704AF8A8}" = rport=80 | protocol=6 | dir=out | svc=bits | app=c:\windows\system32\svchost.exe | 
"{A69823EC-B2FF-451E-9620-735C790892BB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{A7737D07-CF31-41D6-B1AA-AFBC192D0B92}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B200E4A4-CA6E-4CAF-A794-87F2AD9CFC6E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{B8337896-B460-4742-B861-6DD6F467B13C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B993B963-6D60-4AAC-BC1D-ECCE1B3BBCCB}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{BCF01D75-BA44-4082-B5B0-596851B04F8C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C04ACA30-1BE8-4849-A687-32D0BC4B0D3E}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{C17E1472-A918-48B0-8238-5960E4D0AA3A}" = rport=139 | protocol=6 | dir=out | app=system | 
"{C272F28F-DFFF-48AF-9CDE-BFDFD8F3BFC8}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{CFE82C84-5C86-41FB-BDD7-A5A6E54E33EC}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{D42501D5-17C1-42E6-9C4D-B4F04A97F6B2}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{D8366B96-F991-4782-B01C-EBBB2B76104A}" = rport=137 | protocol=17 | dir=out | app=system | 
"{D95742C8-719F-4DE1-BD1C-82AEB1C31339}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DA4A6227-B8C7-4E9F-922A-18CA9300AA64}" = lport=161 | protocol=6 | dir=in | name=advanced tcp/ip snmp port | 
"{DC74811F-86E7-4980-B3B0-16B7BBB3ABEC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DDDF23E1-E01A-46A5-99DA-0E068809ACAC}" = lport=445 | protocol=6 | dir=in | app=system | 
"{FE7E6474-02A6-4A13-B777-532FBCEFD7F4}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07759EBB-99ED-47C2-9F16-5FEABA67680D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{12DA1E93-32B1-4C52-9D90-A4C7FCCA30F5}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{1834A2A8-48AE-4F1D-840B-F0C39A2D8CAB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\10000000\10000000.exe | 
"{18BEEEBE-56CF-4B30-9670-CB77D6D0C357}" = dir=out | svc=hasplms | app=c:\windows\system32\hasplms.exe | 
"{2571B0CA-3FB9-4E2E-A56F-CDDA7ADA38F2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeons of dredmor\dungeons of dredmor.exe | 
"{26566FD9-3553-4392-8CF6-2F3073741886}" = protocol=17 | dir=in | app=c:\ljm1130_m1210_mfp_full_solution\productinst64.exe | 
"{296CC2C7-F011-4657-BEAE-0CACEFA40D25}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe | 
"{2C5081F4-5F42-4112-8BAB-1702BD7B4ED0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{2F7E1915-AD13-47CC-869C-3A4881641D0F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{35F62AF1-5B0C-4675-83FA-1FE35FF3BBF2}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{36B4A2E4-97DE-4D16-BC0E-047D43114075}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{4EFBF2F7-E94A-4939-B617-11841105BAE6}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{5339BE50-85B6-44A6-B170-3FD741C303BF}" = dir=in | name=mitchribarytube | 
"{58671342-4984-4AF1-8B89-3935884E6BCB}" = protocol=6 | dir=in | app=d:\users\bruno\appdata\roaming\ubisoft\mmdoc-pdclive\gamedata\game.exe | 
"{5D0A6BD2-63E6-4A20-B505-03DAD348B444}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{5D487DCC-F93D-475F-B7AF-69BF980D19F3}" = protocol=6 | dir=in | app=d:\users\bruno\appdata\roaming\ubisoft\mmdoc-pdclive\launcher.exe | 
"{5D4C929B-38F3-4634-A3EC-AC0836D13A3C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{607E8231-2C2F-4A4D-86F6-6E7B976EF05B}" = protocol=6 | dir=in | app=c:\windows\system32\hasplms.exe | 
"{6162CB2E-DCFE-4166-AE15-A9FB0D5DBC6C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\10000000\10000000.exe | 
"{61BA9D92-81B5-4AB6-91D9-06C27A04E71B}" = dir=out | svc=lanconfig | app=c:\program files\windows server\bin\lanconfigsvc.exe | 
"{652F789E-EE30-4C3A-8A29-3E31EC416627}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{65DBAB79-50E2-4CB1-9BD1-C9587065439D}" = protocol=6 | dir=in | app=c:\ljm1130_m1210_mfp_full_solution\productinst64.exe | 
"{6D0454E0-4D0A-4F46-8F63-CA574EFC9B7F}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{6F3DF754-4FFE-419E-9F1C-9FA6C569FB97}" = dir=out | svc=lanconfig | app=c:\program files\windows server\bin\lanconfigsvc.exe | 
"{6FE38563-2B8D-4860-94F8-72CE2F7340EA}" = protocol=6 | dir=in | app=c:\windows\ehome\ehexthost.exe | 
"{75D5226B-2DE2-4E17-9A6C-1F81017D0D73}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{89CB649A-A4F9-4E2C-9363-6F951A5B5246}" = protocol=17 | dir=in | app=c:\windows\system32\hasplms.exe | 
"{8C96F4AF-5F0C-4A42-A71E-207DB96DEBA2}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{9B708D68-1CB2-4125-BBF2-13F010755CF9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9D63867C-50CF-41B0-8BAE-52300536FCA5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9F594893-E08D-4A71-A7C3-DA053A20661D}" = protocol=17 | dir=in | app=c:\windows\ehome\ehexthost.exe | 
"{A0A436E9-C04F-4B78-BD2D-DBEEB5C82865}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{A210B793-6140-42A8-B8CE-0C11C1EA4524}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A34E3961-1CBD-4D75-B2EE-70BC44A6909D}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{A3794822-D8A1-4EB0-BA85-A0050C430284}" = dir=out | svc=lanconfig | app=c:\program files\windows server\bin\lanconfigsvc.exe | 
"{A98BF42C-84AE-4A51-9EFD-00DBA1E7AE43}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{AA8480F8-7D4C-4D90-923C-24AFE02D9749}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{AB3F9FD4-6D87-4676-AEC6-CC99A5B94B88}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe | 
"{AFF3EBEE-7482-4BAE-A22E-95F3DA5F265A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B6C0B47D-3857-44EA-9147-7C39817B9361}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B98D8B48-7811-423C-A60A-5C820F3CD0BB}" = dir=out | svc=lanconfig | app=c:\program files\windows server\bin\lanconfigsvc.exe | 
"{BC022A03-0F37-4804-9355-D572BADC3F76}" = dir=out | svc=serviceproviderregistry | app=c:\program files\windows server\bin\providerregistryservice.exe | 
"{C0A05BBF-BC07-40F4-8ED3-F6533E791222}" = dir=out | svc=hasplms | app=c:\windows\system32\hasplms.exe | 
"{C74BE3A8-ABB1-4CEA-82D6-8C0A4DEB947E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{CCAA0DEF-3D9D-4454-939C-9CA515A205A6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D3A40104-DDDB-4A87-A067-8E3AEC0B2F47}" = protocol=17 | dir=in | app=d:\users\bruno\appdata\roaming\ubisoft\mmdoc-pdclive\gamedata\game.exe | 
"{D543D81D-986F-455D-AE4B-D6691B177DA1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{D54E5C5C-641F-43CC-A139-85F4A564449B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D7F4994B-6963-49A2-A165-A95EC40FF3BB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E5DE91D3-3393-4B78-83D1-79345818E4E2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E775450E-44B9-4A21-BAA4-F20F7C6DC666}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E873B2E1-ADDC-40BD-9087-D67C290515D2}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{E8A0E234-58E6-4C61-B7B9-A47A6C207449}" = dir=out | svc=lanconfig | app=c:\program files\windows server\bin\lanconfigsvc.exe | 
"{E8B6EB6A-DEBC-48D0-BFC9-9290045D0731}" = protocol=17 | dir=in | app=d:\users\bruno\appdata\roaming\ubisoft\mmdoc-pdclive\launcher.exe | 
"{EA361C15-6AA3-4B83-B911-6E919E793225}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F08D375A-03BC-4990-B76D-B88A9EED4889}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{F3573336-37E5-4F1C-BEDA-055AB68E7398}" = dir=out | app=c:\windows\system32\svchost.exe | 
"{F917F711-0B7F-49C2-9A88-6693EE4C54FF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeons of dredmor\dungeons of dredmor.exe | 
"TCP Query User{3B4FCF4C-4539-4B13-B460-44335A1BC302}C:\windows\ehome\ehexthost.exe" = protocol=6 | dir=in | app=c:\windows\ehome\ehexthost.exe | 
"TCP Query User{61C1E1F0-8779-419B-8348-E292C57A74FB}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"TCP Query User{625AEED7-A576-4489-BB60-5D7361A7E507}D:\program files\arcsoft\totalmedia theatre 5\utotalmediatheatre5.exe" = protocol=6 | dir=in | app=d:\program files\arcsoft\totalmedia theatre 5\utotalmediatheatre5.exe | 
"TCP Query User{691A721E-FF5B-458A-8E21-B804D83ADB70}D:\program files\ibm\spss\statistics\22\jre\bin\javaw.exe" = protocol=6 | dir=in | app=d:\program files\ibm\spss\statistics\22\jre\bin\javaw.exe | 
"TCP Query User{699BD4FB-67BA-4A82-B090-DEBAEBBBDD0E}D:\program files\motorola\rsd lite\sdl.exe" = protocol=6 | dir=in | app=d:\program files\motorola\rsd lite\sdl.exe | 
"TCP Query User{6F2EE723-C6FE-45F8-A7EC-F77DAF013286}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"TCP Query User{964B87E2-694F-40E5-A215-43CAEA06031A}D:\users\bruno\appdata\roaming\ubisoft\mmdoc-pdclive\launcher.exe" = protocol=6 | dir=in | app=d:\users\bruno\appdata\roaming\ubisoft\mmdoc-pdclive\launcher.exe | 
"TCP Query User{D7D15FF7-0372-4138-993F-339DB684BFFF}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
"UDP Query User{2C6D43C9-0286-4506-8647-6B27EC695A7D}D:\program files\ibm\spss\statistics\22\jre\bin\javaw.exe" = protocol=17 | dir=in | app=d:\program files\ibm\spss\statistics\22\jre\bin\javaw.exe | 
"UDP Query User{3C7472CB-D758-416D-B9B0-ACF5E1299C9E}D:\program files\motorola\rsd lite\sdl.exe" = protocol=17 | dir=in | app=d:\program files\motorola\rsd lite\sdl.exe | 
"UDP Query User{52033B07-54BE-4D3B-A6DF-2CCE8198B9DA}C:\windows\ehome\ehexthost.exe" = protocol=17 | dir=in | app=c:\windows\ehome\ehexthost.exe | 
"UDP Query User{67BDD6D3-6C82-477C-9631-4054AD3EE068}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
"UDP Query User{9277AE98-7F80-4BCF-AAF8-6A85FC165623}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"UDP Query User{A193D7F1-4154-43A9-A951-EE1DCC952A72}D:\program files\arcsoft\totalmedia theatre 5\utotalmediatheatre5.exe" = protocol=17 | dir=in | app=d:\program files\arcsoft\totalmedia theatre 5\utotalmediatheatre5.exe | 
"UDP Query User{B0A99456-20D4-4172-850F-BDEA497F071B}D:\users\bruno\appdata\roaming\ubisoft\mmdoc-pdclive\launcher.exe" = protocol=17 | dir=in | app=d:\users\bruno\appdata\roaming\ubisoft\mmdoc-pdclive\launcher.exe | 
"UDP Query User{F25A0770-4EFF-48C0-8105-CC5C7438421C}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E563379-EB18-45F3-9C08-F6E85EE95677}" = Windows Media Center MPC-HC/BE Plug-in (64-bit)
"{104875A1-D083-4A34-BC4F-3F635B7F8EF7}" = IBM SPSS Statistics 22
"{1A72EC9A-8D86-4E32-86DF-FEF901B821FE}" = ANT Drivers Installer x64
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java™ 7 Update 5 (64-bit)
"{2E8A793D-E275-46A2-BAB3-35FB95ACED57}" = HP LaserJet Toolbox
"{3165EA9B-36CC-499B-96FF-36FC30E10EF4}" = License Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5B0E60DB-7741-412F-88B3-E6975D30D019}" = Visual C++ 64-bit Redistributables
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6199B534-A1B6-46ED-873B-97B0ECF8F81E}" = Intel® Trusted Connect Service Client
"{6448F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ SE Runtime Environment 6 Update 6
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{70A381F1-C161-4D61-A20C-BE12FC6777DF}" = Garmin Communicator Plugin x64
"{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}" = Motorola Mobile Drivers Installation 6.3.0
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AAA8780-1D35-11E2-A3A6-F04DA23A5C58}" = MSVCRT Redists
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0816-1000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Portugal)) 2010
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0816-1000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Portugal)) 2010
"{90140000-0017-0816-1000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Portuguese (Portugal)) 2010
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0816-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2010
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0816-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Portugal)) 2010
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0816-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Portugal)) 2010
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0816-1000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Portugal)) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0816-1000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Portugal)) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0816-1000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Portugal)) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0043-0816-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (Portuguese (Portugal)) 2010
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0816-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Portugal)) 2010
"{90140000-0054-0409-1000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010
"{90140000-0057-0000-1000-0000000FF1CE}" = Microsoft Office Visio 2010
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0816-1000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Portugal)) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0816-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Portugal)) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0816-1000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Portugal)) 2010
"{90140000-0100-0816-1000-0000000FF1CE}" = Microsoft Office O MUI (Portuguese (Portugal)) 2010
"{90140000-0101-0816-1000-0000000FF1CE}" = Microsoft Office X MUI (Portuguese (Portugal)) 2010
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1046" = Microsoft .NET Framework 4.5.1 (Português do Brasil)
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Driver do 3D Vision 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Painel de controle da NVIDIA 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Driver de gráficos 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Atualizações da NVIDIA 1.15.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Driver de áudio HD 1.3.26.4
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B9EA6F38-1EDE-3375-B447-220186DE6CF8}" = Microsoft .NET Framework 4.5.1 (PTB)
"{BFAE8D5B-F918-486F-B74E-90762DF11C5C}" = Microsoft Security Client
"{C1E4D639-4A33-4314-809E-89BD0EF48522}" = Windows Home Server 2011 Connector
"{E44368A0-62C5-44FB-8670-B4013EFD7DB8}" = Bizagi Process Modeler
"{E8A34AC8-0137-4515-A94B-0A0946DDC251}" = Scan To
"{E94AE378-725A-41FF-BA24-397469D27FC8}" = HP LaserJet Professional M1210 MFP Series Fax Installer
"{F958F851-8DBE-420C-9D37-5ECBB6C61148}" = HP LaserJet Professional M1210 MFP Series Toolbox
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0)
"CCleaner" = CCleaner
"GIMP-2_is1" = GIMP 2.8.8
"HP LaserJet Professional M1130-M1210 MFP Series" = HP LaserJet Professional M1130-M1210 MFP Series
"Media Center Themer" = Media Center Themer
"Microsoft Security Client" = Microsoft Security Essentials
"Office14.OMUI.pt-pt" = Microsoft Office Language Pack 2010 - Portuguese/Português
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Office14.VISIO" = Microsoft Visio Premium 2010
"Revo Uninstaller Pro PREACTIVATED by .:sHaRe:. @~1067B756_is1" = Revo Uninstaller Pro 3.0.5
"SsdReady_is1" = SsdReady
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02160E66-3A64-4047-8E88-D2B5D43A0575}" = Garmin Express
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}" = System Requirements Lab for Intel
"{09DF783E-0D1D-4405-A559-6A7B873519D7}" = RagnarokOnline
"{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}" = Razer Synapse 2.0
"{0E448256-D515-4C3E-A5BE-0A7B76CED5D4}" = hppM1130M1210SeriesLaserJetService
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{14B614CA-42E0-4545-A272-B1248809E95D}_is1" = Turtle Sport v1.5
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1AF9DBF1-89EA-424E-9AAF-6139B184FCDB}" = Tibiacast
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBAE18D-4DE4-47AA-83EC-D1B046F262DC}" = PDF Settings CC
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{249A8819-3335-4650-9B59-3724997ECA86}" = Media Browser
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 60
"{28DB8373-C1BB-444F-A427-A55585A12ED7}" = Motorola Device Manager
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{2B460966-D9B9-4365-87E5-C55E2720A8DB}" = Garmin Express Tray
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}" = Garmin USB Drivers
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1" = Adobe Update Management Tool
"{55ae01f2-f0a8-4342-a9cc-a0327cdaa811}" = Garmin Express
"{581AF03B-4008-41AE-846C-21CACF9B48A9}" = calibre
"{5A180ED5-0AC1-410A-B790-5E0319CD0A93}" = Sentinel Protection Installer 7.4.0
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5ED80B30-4DAE-4D73-9D62-AD89F661AF46}" = RSDLite
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{69fc3b9a-4149-43db-a557-6ed0c8d8ba44}" = Nero MediaHome 4 Help
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71DBFBF2-F7EB-4268-8485-9471D83C4E66}" = Garmin Communicator Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{848B970B-DFF4-467B-B062-17E790260BAF}" = RagnarokOnline
"{894AB83D-A9AF-4E54-BFF3-A7262A0A6C13}" = Motorola Device Software Update
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{8FB2A014-A0B0-42D8-8E18-9AFC6A6E2814}" = Seagate DiscWizard
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99ef387e-633e-4cfb-bfa3-ab961b685ddf}" = Nero MediaHome 4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E6541FE-086A-4C5D-BBAE-ED879B12A275}" = CalMAN 5 Home Theater
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-FFFF-7760-000000000006}" = Adobe Acrobat XI Pro
"{AC76BA86-7AD7-1046-7B44-AB0000000001}" = Adobe Reader XI (11.0.07) - Português
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C2AF7B2D-7018-414B-9B8B-D3C9F3BED04F}" = Visual C++ Redistributables
"{D371F551-0DB9-4CEC-844B-4C90CE91EA0B}" = hppLaserJetService
"{D7094137-21ED-49DC-814F-38C15EBABB69}" = X-Rite Device Services Manager
"{DA6CC3A5-1F5B-4068-8BFF-C597BB6B8158}" = hppusgM1130M1210Series
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DEA1CC63-5A71-4014-9816-40750C4F4823}" = Elevated Installer
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EFEDD205-43FE-4208-B682-0937E803E19E}_is1" = NexusFont 2.5 (ver 2.5.8.1582)
"{F03A4724-EBD9-42DF-BCBC-107DD1A520BF}" = PSUCalc
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"CodeStuff Starter" = CodeStuff Starter
"ESET Online Scanner" = ESET Online Scanner v3
"foobar2000" = foobar2000 v1.3.1
"HD Tune Pro_is1" = HD Tune Pro 5.00
"i1Profiler_is1" = i1Profiler
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Gerenciador de dispositivo de plataforma
"InstallShield_{3165EA9B-36CC-499B-96FF-36FC30E10EF4}" = License Support
"InstallShield_{5B0E60DB-7741-412F-88B3-E6975D30D019}" = Visual C++ 64-bit Redistributables
"InstallShield_{C2AF7B2D-7018-414B-9B8B-D3C9F3BED04F}" = Visual C++ Redistributables
"InstallShield_{E44368A0-62C5-44FB-8670-B4013EFD7DB8}" = Bizagi Process Modeler
"LastPass" = LastPass (uninstall only)
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware versão 2.0.2.1012
"Media Center Master_is1" = Media Center Master
"mIRC" = mIRC
"MKVToolNix" = MKVToolNix 7.0.0 (64bit)
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PowerISO" = PowerISO
"Scan Tailor" = Scan Tailor
"Sigil_is1" = Sigil 0.7.2
"Steam App 227580" = 10,000,000
"Steam App 98800" = Dungeons of Dredmor
"SubtitleWorkshop" = Subtitle Workshop 2.51
"TeamViewer 7" = TeamViewer 7
"uTorrent" = µTorrent
"WinPcapInst" = WinPcap 4.1.3
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Flux" = f.lux
"Google Chrome" = Google Chrome
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 27/06/2014 23:21:55 | Computer Name = Bruno-PC | Source = MSMQ | ID = 2170
Description = 
 
Error - 27/06/2014 23:22:00 | Computer Name = Bruno-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 28/06/2014 00:40:15 | Computer Name = Bruno-PC | Source = SideBySide | ID = 16842832
Description = Falha na geração de contexto de ativação para "D:\Downloads\!SETUPS\Segurança\esetsmartinstaller_enu.exe".Erro
 no arquivo de manifesto ou de diretiva "", na linha.  Uma versão de componente exigida
 pelo aplicativo está em conflito com outra versão de componente já ativa.  Os componentes
 conflitantes são:.  Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Componente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 28/06/2014 02:32:37 | Computer Name = Bruno-PC | Source = SideBySide | ID = 16842832
Description = Falha na geração de contexto de ativação para "c:\program files (x86)\ESET\eset
 online scanner\ESETSmartInstaller.exe".Erro no arquivo de manifesto ou de diretiva
 "", na linha.  Uma versão de componente exigida pelo aplicativo está em conflito 
com outra versão de componente já ativa.  Os componentes conflitantes são:.  Componente
 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Componente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 28/06/2014 02:34:08 | Computer Name = Bruno-PC | Source = SideBySide | ID = 16842832
Description = Falha na geração de contexto de ativação para "c:\program files (x86)\ESET\eset
 online scanner\ESETSmartInstaller.exe".Erro no arquivo de manifesto ou de diretiva
 "", na linha.  Uma versão de componente exigida pelo aplicativo está em conflito 
com outra versão de componente já ativa.  Os componentes conflitantes são:.  Componente
 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Componente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 28/06/2014 09:06:16 | Computer Name = Bruno-PC | Source = SideBySide | ID = 16842832
Description = Falha na geração de contexto de ativação para "D:\Downloads\!SETUPS\Segurança\esetsmartinstaller_enu.exe".Erro
 no arquivo de manifesto ou de diretiva "", na linha.  Uma versão de componente exigida
 pelo aplicativo está em conflito com outra versão de componente já ativa.  Os componentes
 conflitantes são:.  Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Componente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 28/06/2014 09:39:00 | Computer Name = Bruno-PC | Source = Application Hang | ID = 1002
Description = O programa WinToolkit.exe versão 1.4.41.3 parou de interagir com o
 Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema,
 verifique o histórico de problemas no painel de controle da Central de Ações.    ID
 de Processo: 1944    Hora de Início: 01cf928fc68efc32    Hora de Término: 9    Caminho do Aplicativo:
 D:\Downloads\WinToolkit_1.4.41\WinToolkit.exe    Id do Relatório:   
 
Error - 28/06/2014 19:52:22 | Computer Name = Bruno-PC | Source = MSMQ | ID = 2170
Description = 
 
Error - 28/06/2014 19:52:22 | Computer Name = Bruno-PC | Source = MSMQ | ID = 2170
Description = 
 
Error - 28/06/2014 19:52:26 | Computer Name = Bruno-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 27/06/2014 22:16:25 | Computer Name = Bruno-PC | Source = Service Control Manager | ID = 7031
Description = O serviço Motorola Device Manager Service foi finalizado inesperadamente.
 Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 1000 milissegundos:
 Reiniciar o serviço.
 
Error - 27/06/2014 22:17:21 | Computer Name = Bruno-PC | Source = Service Control Manager | ID = 7026
Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema 
ou de inicialização:   cdrom
 
Error - 27/06/2014 22:17:23 | Computer Name = Bruno-PC | Source = Service Control Manager | ID = 7034
Description = O serviço HP LaserJet Service foi encerrado inesperadamente.  Isso
 aconteceu 1 vez(es).
 
Error - 27/06/2014 23:20:36 | Computer Name = Bruno-PC | Source = Service Control Manager | ID = 7031
Description = O serviço Motorola Device Manager Service foi finalizado inesperadamente.
 Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 1000 milissegundos:
 Reiniciar o serviço.
 
Error - 27/06/2014 23:22:07 | Computer Name = Bruno-PC | Source = Service Control Manager | ID = 7026
Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema 
ou de inicialização:   cdrom
 
Error - 27/06/2014 23:22:11 | Computer Name = Bruno-PC | Source = Service Control Manager | ID = 7034
Description = O serviço HP LaserJet Service foi encerrado inesperadamente.  Isso
 aconteceu 1 vez(es).
 
Error - 28/06/2014 02:54:58 | Computer Name = Bruno-PC | Source = Disk | ID = 262151
Description = O dispositivo, \Device\Harddisk4\DR4, possui um bloco defeituoso.
 
Error - 28/06/2014 19:52:17 | Computer Name = Bruno-PC | Source = Disk | ID = 262151
Description = O dispositivo, \Device\Harddisk4\DR4, possui um bloco defeituoso.
 
Error - 28/06/2014 19:52:37 | Computer Name = Bruno-PC | Source = Service Control Manager | ID = 7034
Description = O serviço HP LaserJet Service foi encerrado inesperadamente.  Isso
 aconteceu 1 vez(es).
 
Error - 28/06/2014 19:52:37 | Computer Name = Bruno-PC | Source = Service Control Manager | ID = 7026
Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema 
ou de inicialização:   cdrom
 
 
< End of report >

Edited by muitosal, 28 June 2014 - 07:15 PM.


#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:02:20 AM

Posted 29 June 2014 - 11:02 AM

Good afternoon. :)

Open up Chrome and select a page, or pages, that you want to see on start-up. Once you have Chrome set up how you want, click the "three lines" icon in the top right hand corner and select Settings from the menu that appears.
Under On start-up ensure that the Open a specific page or set of pages radio button is selected and then click Set pages
Click Use current pages and then OK

Close Chrome and then re-open it and hopefully that should be that issue sorted.

 

Let me know how you get on.


So long, and thanks for all the fish.

 

 


#5 muitosal

muitosal
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 29 June 2014 - 01:47 PM

Thank you, Noviciate!

 

It's working as I would like. Have a great day, and keep the excellent work!  :thumbup2:



#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:02:20 AM

Posted 29 June 2014 - 03:12 PM

You're welcome. As this issue appears to have been resolved, this thread is now closed.


So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users