First of all, I'd like to say that I am from Brazil and, therefore, my english may be filled with mistakes ^^
Well, to the problem then:
A week ago, aproximately, my uncle opened his pendrive in my PC and installed a software (i don't remember the name) that enabled him to download videos from youtube. When the installation was complete, some error messages started appearing from like 2 to 2 seconds. My brother then messed up with something here that made those messages stop (EDIT: We removed the program my uncle installed). We thought the problem was over but since then the computer has not been the same. It got slowed down and i've been receiving error messages much frequently, like this one when i try to execute some programs:
Microsfot C++ Runtime Library
Program: C:\Program Files\Garena\Garena.exe
R6002
-floating point support not loaded
That one when windows starts up, from DAEMON Tools:
DAEMONS Tools Lite
This program requires at least Windows 2000 with SPTD 1.60 or higher.
Kernel debugger must be deactivated
And that one from Google Chrome, when I open some web pages:
Windows - Application Error
The application was unable to start correctly (0xc0000135). Click OK to close the application.
After the error message, even when I click OK, nothing happens and the page does not get loaded. I must close it manually and open a new tab to continue using the internet. That is very annoying.
Well, with the help from a brazillian help forum like this (BABOO's forum), i ran HijackThis several times, used ComboFix and MBAM but the problems persisted. After MBAM got installed, it detects malwares from the internet all the time and I always send them to quarentine. After this, I ran the "FixIt" program from this page " http://support.microsoft.com/kb/822798 ". The problems were not solved. I tried to run windows update but one updated between 83 could'nt be installed and I got error message 800B0100. At this very time, i've been running the "Microsoft Windows malicious software removal tool sep/2011" for two hours and the progress bar isn't eve near 30%. Aproximately 850 thousand files have been examinated, with 600 infected files encountered so far.
It might be important to say that I use Windows 7.
Sorry for the long text and possible bad english here, I tried to explain the problem as best as I could.
OTL's Log is below:
OTL logfile created on: 10/4/2011 7:18:30 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Matheus\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
990.67 Mb Total Physical Memory | 141.53 Mb Available Physical Memory | 14.29% Memory free
1.97 Gb Paging File | 0.66 Gb Available in Paging File | 33.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 228.44 Gb Total Space | 50.55 Gb Free Space | 22.13% Space Free | Partition Type: NTFS
Computer Name: PC | User Name: Matheus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/10/04 18:48:32 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Matheus\Desktop\OTL.exe
PRC - [2011/10/04 16:33:01 | 000,031,402 | ---- | M] () -- C:\Users\Matheus\AppData\Local\Temp\dukks.exe
PRC - [2011/10/04 16:32:51 | 000,012,970 | ---- | M] () -- C:\Users\Matheus\AppData\Local\Temp\ytgrj.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/07/08 04:50:33 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/31 02:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 22:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
========== Modules (No Company Name) ==========
MOD - [2011/10/04 16:33:01 | 000,031,402 | ---- | M] () -- C:\Users\Matheus\AppData\Local\Temp\dukks.exe
MOD - [2011/10/04 16:32:51 | 000,012,970 | ---- | M] () -- C:\Users\Matheus\AppData\Local\Temp\ytgrj.exe
MOD - [2011/10/01 17:40:54 | 000,076,288 | ---- | M] () -- C:\Users\Matheus\AppData\Roaming\Mozilla\Firefox\Profiles\9z5063qn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko5.dll
MOD - [2011/07/08 04:50:33 | 001,850,328 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2010/06/12 16:55:37 | 005,612,496 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2010/03/15 15:28:24 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- -- (gusvc)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/25 04:24:45 | 002,288,232 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/01/16 20:09:00 | 004,077,936 | ---- | M] (INCA Internet Co., Ltd.) [Disabled | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010/08/05 08:46:02 | 000,653,272 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/04/30 06:30:42 | 001,343,400 | ---- | M] () [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/13 22:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 22:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/05/25 04:24:42 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/07/13 21:24:29 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/07/13 20:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 19:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F8 9E 28 68 39 44 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..keyword.URL: "http://search.condui...d=CT2790392&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@Webzen.com/NPGameWebStarter: C:\Program Files\WEBZEN\WebzenGameStarter\NPGameWebStarter.dll (WEBZEN)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Matheus\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Matheus\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/17 01:32:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2010/04/29 16:24:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matheus\AppData\Roaming\mozilla\Extensions
[2011/10/02 12:43:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matheus\AppData\Roaming\mozilla\Firefox\Profiles\9z5063qn.default\extensions
[2011/10/02 10:51:46 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Matheus\AppData\Roaming\mozilla\Firefox\Profiles\9z5063qn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2010/12/07 11:33:35 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Matheus\AppData\Roaming\mozilla\Firefox\Profiles\9z5063qn.default\extensions\[email protected]
[2011/10/04 16:40:55 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Matheus\AppData\Roaming\mozilla\Firefox\Profiles\9z5063qn.default\extensions\[email protected]
[2011/06/20 14:07:00 | 000,000,863 | ---- | M] () -- C:\Users\Matheus\AppData\Roaming\Mozilla\Firefox\Profiles\9z5063qn.default\searchplugins\conduit.xml
[2011/09/12 21:30:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/12 21:30:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/07/08 04:50:33 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 05:00:00 | 000,001,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\buscape.xml
[2010/01/01 05:00:00 | 000,001,212 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mercadolivre.xml
[2010/01/01 05:00:00 | 000,001,168 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-br.xml
[2010/01/01 05:00:00 | 000,000,952 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-br.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Matheus\AppData\Local\Google\Chrome\Application\14.0.835.187\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\PFiles\Plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Matheus\AppData\Local\Google\Chrome\Application\14.0.835.187\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Matheus\AppData\Local\Google\Chrome\Application\14.0.835.187\pdf.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: NPGameWebStarter (Enabled) = C:\Program Files\WEBZEN\WebzenGameStarter\NPGameWebStarter.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Users\Matheus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2_0\
O1 HOSTS File: ([2011/10/01 10:24:39 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Extraram] C:\Program Files\Extra RAM\ExtraRAM.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.17.128.109 201.17.128.103
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF129B70-3092-4EE2-908D-5C1567260413}: DhcpNameServer = 201.17.128.109 201.17.128.103
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/10/01 10:25:38 | 000,000,239 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/10/04 18:47:27 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Matheus\Desktop\OTL.exe
[2011/10/04 17:07:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/10/04 13:55:51 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/10/04 13:31:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2
[2011/10/03 20:05:03 | 000,000,000 | ---D | C] -- C:\Users\Matheus\AppData\Local\AskToolbar
[2011/10/03 19:45:22 | 000,000,000 | ---D | C] -- C:\Users\Matheus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/10/02 23:15:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader 5.0
[2011/10/02 23:15:02 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2011/10/02 15:44:27 | 000,000,000 | ---D | C] -- C:\Users\Matheus\Desktop\epidemio
[2011/10/02 13:17:50 | 000,000,000 | ---D | C] -- C:\Users\Matheus\AppData\Roaming\GlarySoft
[2011/10/02 12:44:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Extra RAM
[2011/10/02 12:44:17 | 000,000,000 | ---D | C] -- C:\Program Files\Extra RAM
[2011/10/02 12:43:37 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2011/10/02 12:43:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities
[2011/10/02 12:43:04 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities
[2011/10/01 15:01:28 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/10/01 10:30:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/10/01 10:22:25 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/10/01 10:22:25 | 000,000,000 | ---D | C] -- C:\Users\Matheus\AppData\Local\temp
[2011/10/01 10:13:12 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011/10/01 10:06:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/01 10:06:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/01 10:06:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/10/01 10:05:51 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/01 10:05:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/30 21:28:48 | 004,311,925 | R--- | C] (Swearware) -- C:\Users\Matheus\Desktop\ComboFix.exe
[2011/09/28 16:41:16 | 000,000,000 | ---D | C] -- C:\Users\Matheus\AppData\Roaming\Malwarebytes
[2011/09/28 16:39:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/28 16:39:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/09/28 16:39:43 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/09/28 16:39:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/27 13:18:51 | 000,462,848 | ---- | C] (Trend Micro Inc.) -- C:\Users\Matheus\Desktop\HijackThis.exe
[2011/09/27 13:09:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/09/27 13:09:34 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/09/25 19:22:46 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/09/25 14:57:40 | 000,026,416 | ---- | C] (Nitro PDF Software) -- C:\Windows\System32\nitrolocalmon2.dll
[2011/09/25 14:57:40 | 000,017,712 | ---- | C] (Nitro PDF Software) -- C:\Windows\System32\nitrolocalui2.dll
[2011/09/25 14:54:55 | 000,000,000 | ---D | C] -- C:\Program Files\DsNET Corp
[2011/09/24 23:48:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epi Info
[2011/09/24 23:47:43 | 000,000,000 | ---D | C] -- C:\Program Files\DCube
[2011/09/24 23:47:41 | 000,000,000 | ---D | C] -- C:\Program Files\FathZip
[2011/09/24 23:47:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ESRI
[2011/09/24 23:47:30 | 000,000,000 | ---D | C] -- C:\Epi_Info
[2011/09/24 23:44:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2011/09/17 22:18:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/09/12 21:31:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/09/12 21:31:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/09/12 21:29:06 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Matheus\Desktop\*.tmp files -> C:\Users\Matheus\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/10/04 19:27:08 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3495871300-68735504-1991991994-1001UA.job
[2011/10/04 19:25:10 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/04 18:48:32 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Matheus\Desktop\OTL.exe
[2011/10/04 18:32:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3495871300-68735504-1991991994-1003UA.job
[2011/10/04 18:26:37 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/04 18:26:37 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/04 18:25:23 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/04 16:27:39 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2011/10/04 16:26:03 | 003,764,648 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/04 16:25:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/04 16:25:35 | 779,096,064 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/04 14:07:28 | 000,025,713 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2011/10/03 22:32:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3495871300-68735504-1991991994-1003Core.job
[2011/10/03 19:45:28 | 000,002,324 | ---- | M] () -- C:\Users\Matheus\Desktop\Google Chrome.lnk
[2011/10/02 23:15:11 | 000,001,063 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader 5.0.lnk
[2011/10/02 21:39:08 | 000,001,956 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/10/02 13:27:02 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3495871300-68735504-1991991994-1001Core.job
[2011/10/02 12:44:17 | 000,000,885 | ---- | M] () -- C:\Users\Public\Desktop\Extra RAM.lnk
[2011/10/02 12:43:10 | 000,000,991 | ---- | M] () -- C:\Users\Matheus\Desktop\Glary Utilities.lnk
[2011/10/01 10:25:38 | 000,103,140 | RHS- | M] () -- C:\ddtep.pif
[2011/10/01 10:25:38 | 000,000,239 | RHS- | M] () -- C:\autorun.inf
[2011/10/01 10:24:39 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/09/30 21:29:11 | 004,311,925 | R--- | M] (Swearware) -- C:\Users\Matheus\Desktop\ComboFix.exe
[2011/09/28 21:49:49 | 116,006,378 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/09/28 16:39:48 | 000,001,034 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/27 13:18:54 | 000,462,848 | ---- | M] (Trend Micro Inc.) -- C:\Users\Matheus\Desktop\HijackThis.exe
[2011/09/27 13:18:34 | 000,390,514 | ---- | M] () -- C:\Users\Matheus\Documents\cc_20110927_131816.reg
[2011/09/27 13:09:36 | 000,000,932 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/09/25 14:49:44 | 000,665,306 | ---- | M] () -- C:\Windows\System32\prfh0416.dat
[2011/09/25 14:49:44 | 000,618,026 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/25 14:49:44 | 000,125,694 | ---- | M] () -- C:\Windows\System32\prfc0416.dat
[2011/09/25 14:49:44 | 000,104,340 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/24 23:48:51 | 000,000,542 | ---- | M] () -- C:\Windows\openrda.ini
[2011/09/24 23:48:09 | 000,002,453 | ---- | M] () -- C:\Users\Matheus\Documents\Epi Info.lnk
[2011/09/23 09:51:28 | 000,002,409 | ---- | M] () -- C:\Users\Matheus\Documents\Google Chrome.lnk
[2011/09/17 22:18:28 | 000,002,209 | ---- | M] () -- C:\Users\Matheus\Documents\Google Earth.lnk
[2011/09/15 20:35:12 | 000,080,535 | ---- | M] () -- C:\Users\Matheus\Documents\asdasads.png
[2011/09/15 20:25:07 | 000,118,145 | ---- | M] () -- C:\Users\Matheus\Documents\asdasasd.png
[2011/09/15 20:23:16 | 000,110,783 | ---- | M] () -- C:\Users\Matheus\Documents\fotenha.png
[2011/09/15 20:19:06 | 000,066,349 | ---- | M] () -- C:\Users\Matheus\Documents\PQAAALv_m_2cOlwJuZp_m6rqSEE391q9cytn4vbN_6ckykc8WGfGvuJh9JGuESPB2pofiFuk6J4qQOj576Itrs44YREAm1T1UMP_rT_FbYA2Hy9grx7a73PjUpS5.jpg
[2011/09/15 20:12:39 | 000,074,086 | ---- | M] () -- C:\Users\Matheus\Documents\PQAAAOKK-54a3usUIIYqRxKQAMn2dfMIZw5z278jKGDX9NpT5ObgjeEK43qJgi_pObLdq13uEKDff8qGEwACFId6D_wAm1T1UFL7k94_YlGf05E8cyG692Fk8Tuh.jpg
[2011/09/15 01:37:58 | 000,145,997 | ---- | M] () -- C:\Users\Matheus\Documents\Untitled.png
[2011/09/15 01:22:00 | 000,055,930 | ---- | M] () -- C:\Users\Matheus\Documents\asdf.jpg
[2011/09/15 01:20:13 | 000,049,557 | ---- | M] () -- C:\Users\Matheus\Documents\ú.jpg
[2011/09/10 14:25:35 | 000,065,988 | ---- | M] () -- C:\Users\Matheus\Documents\jacekyerka12sx8.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Matheus\Desktop\*.tmp files -> C:\Users\Matheus\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/10/04 14:07:27 | 000,025,713 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/10/03 19:45:28 | 000,002,324 | ---- | C] () -- C:\Users\Matheus\Desktop\Google Chrome.lnk
[2011/10/02 23:15:11 | 000,001,063 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader 5.0.lnk
[2011/10/02 12:44:17 | 000,000,885 | ---- | C] () -- C:\Users\Public\Desktop\Extra RAM.lnk
[2011/10/02 12:43:18 | 000,000,314 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job
[2011/10/02 12:43:10 | 000,000,991 | ---- | C] () -- C:\Users\Matheus\Desktop\Glary Utilities.lnk
[2011/10/01 10:25:38 | 000,103,140 | RHS- | C] () -- C:\ddtep.pif
[2011/10/01 10:25:20 | 000,000,239 | RHS- | C] () -- C:\autorun.inf
[2011/10/01 10:06:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/01 10:06:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/01 10:06:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/01 10:06:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/01 10:06:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/09/28 21:49:49 | 116,006,378 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/09/28 16:39:48 | 000,001,034 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/27 13:18:28 | 000,390,514 | ---- | C] () -- C:\Users\Matheus\Documents\cc_20110927_131816.reg
[2011/09/27 13:09:36 | 000,000,932 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/09/24 23:48:09 | 000,002,453 | ---- | C] () -- C:\Users\Matheus\Documents\Epi Info.lnk
[2011/09/24 23:46:51 | 000,240,128 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2011/09/17 22:18:28 | 000,002,209 | ---- | C] () -- C:\Users\Matheus\Documents\Google Earth.lnk
[2011/09/15 20:35:11 | 000,080,535 | ---- | C] () -- C:\Users\Matheus\Documents\asdasads.png
[2011/09/15 20:24:28 | 000,118,145 | ---- | C] () -- C:\Users\Matheus\Documents\asdasasd.png
[2011/09/15 20:23:16 | 000,110,783 | ---- | C] () -- C:\Users\Matheus\Documents\fotenha.png
[2011/09/15 20:19:10 | 000,066,349 | ---- | C] () -- C:\Users\Matheus\Documents\PQAAALv_m_2cOlwJuZp_m6rqSEE391q9cytn4vbN_6ckykc8WGfGvuJh9JGuESPB2pofiFuk6J4qQOj576Itrs44YREAm1T1UMP_rT_FbYA2Hy9grx7a73PjUpS5.jpg
[2011/09/15 20:12:59 | 000,074,086 | ---- | C] () -- C:\Users\Matheus\Documents\PQAAAOKK-54a3usUIIYqRxKQAMn2dfMIZw5z278jKGDX9NpT5ObgjeEK43qJgi_pObLdq13uEKDff8qGEwACFId6D_wAm1T1UFL7k94_YlGf05E8cyG692Fk8Tuh.jpg
[2011/09/15 01:37:58 | 000,145,997 | ---- | C] () -- C:\Users\Matheus\Documents\Untitled.png
[2011/09/15 01:22:05 | 000,055,930 | ---- | C] () -- C:\Users\Matheus\Documents\asdf.jpg
[2011/09/15 01:20:36 | 000,049,557 | ---- | C] () -- C:\Users\Matheus\Documents\ú.jpg
[2011/09/10 14:25:51 | 000,065,988 | ---- | C] () -- C:\Users\Matheus\Documents\jacekyerka12sx8.jpg
[2011/08/27 12:01:43 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfmonnt.dll
[2011/08/27 12:01:39 | 000,000,164 | ---- | C] () -- C:\Windows\System32\psconv.ini
[2011/02/13 02:00:45 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe
[2010/12/10 22:11:53 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2010/12/09 22:44:33 | 000,000,286 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010/11/17 11:50:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/05/14 00:35:26 | 000,170,061 | ---- | C] () -- C:\Windows\hpoins14.dat
[2010/05/14 00:35:26 | 000,001,498 | ---- | C] () -- C:\Windows\hpomdl14.dat
[2010/05/04 16:12:54 | 000,000,418 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/07/21 18:51:23 | 000,665,306 | ---- | C] () -- C:\Windows\System32\prfh0416.dat
[2009/07/21 18:51:23 | 000,323,154 | ---- | C] () -- C:\Windows\System32\prfi0416.dat
[2009/07/21 18:51:23 | 000,125,694 | ---- | C] () -- C:\Windows\System32\prfc0416.dat
[2009/07/21 18:51:23 | 000,038,536 | ---- | C] () -- C:\Windows\System32\prfd0416.dat
[2009/07/14 01:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 01:33:53 | 003,764,648 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 23:05:48 | 000,618,026 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 23:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 23:05:48 | 000,104,340 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 23:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 23:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 23:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 20:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 20:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 20:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 18:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/30 10:14:26 | 000,000,542 | ---- | C] () -- C:\Windows\openrda.ini
========== LOP Check ==========
[2011/03/08 16:53:22 | 000,000,000 | ---D | M] -- C:\Users\Matheus\AppData\Roaming\.bsnes
[2011/09/27 13:14:12 | 000,000,000 | ---D | M] -- C:\Users\Matheus\AppData\Roaming\BitTorrent
[2011/07/15 11:38:22 | 000,000,000 | ---D | M] -- C:\Users\Matheus\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/09/27 13:15:12 | 000,000,000 | ---D | M] -- C:\Users\Matheus\AppData\Roaming\DAEMON Tools Lite
[2011/08/27 12:31:51 | 000,000,000 | ---D | M] -- C:\Users\Matheus\AppData\Roaming\Docx2Rtf
[2011/10/02 13:17:50 | 000,000,000 | ---D | M] -- C:\Users\Matheus\AppData\Roaming\GlarySoft
[2011/08/17 23:02:20 | 000,000,000 | ---D | M] -- C:\Users\Matheus\AppData\Roaming\InternetTV
[2011/08/27 12:31:21 | 000,000,000 | ---D | M] -- C:\Users\Matheus\AppData\Roaming\NwDocx
[2011/10/04 16:27:39 | 000,000,314 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2011/08/09 14:35:50 | 000,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >
OTL Extras logfile created on: 10/4/2011 7:18:30 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Matheus\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
990.67 Mb Total Physical Memory | 141.53 Mb Available Physical Memory | 14.29% Memory free
1.97 Gb Paging File | 0.66 Gb Available in Paging File | 33.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 228.44 Gb Total Space | 50.55 Gb Free Space | 22.13% Space Free | Partition Type: NTFS
Computer Name: PC | User Name: Matheus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusOverride" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"FirewallOverride" = 1
"UpdatesDisableNotify" = 1
"UacDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"UacDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 1
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\DAEMON Tools Lite\DTLite.exe" = C:\Program Files\DAEMON Tools Lite\DTLite.exe:*:Enabled:ipsec -- (DT Soft Ltd)
"C:\ComboFix\NircmdB.exe" = C:\ComboFix\NircmdB.exe:*:Enabled:ipsec
"C:\Windows\system32\conhost.exe" = C:\Windows\system32\conhost.exe:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\Windows\TEMP\winxareic.exe" = C:\Windows\TEMP\winxareic.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winekdj.exe" = C:\Windows\TEMP\winekdj.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winotsfvp.exe" = C:\Windows\TEMP\winotsfvp.exe:*:Enabled:ipsec
"C:\Windows\TEMP\cujweg.exe" = C:\Windows\TEMP\cujweg.exe:*:Enabled:ipsec
"C:\Windows\TEMP\wsng.exe" = C:\Windows\TEMP\wsng.exe:*:Enabled:ipsec
"C:\Windows\TEMP\dcdjm.exe" = C:\Windows\TEMP\dcdjm.exe:*:Enabled:ipsec
"C:\Windows\system32\taskhost.exe" = C:\Windows\system32\taskhost.exe:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\Users\Matheus\AppData\Local\Temp\wingtip.exe" = C:\Users\Matheus\AppData\Local\Temp\wingtip.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\kutg.exe" = C:\Users\Matheus\AppData\Local\Temp\kutg.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winspbvf.exe" = C:\Users\Matheus\AppData\Local\Temp\winspbvf.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winbnvr.exe" = C:\Users\Matheus\AppData\Local\Temp\winbnvr.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winylgyo.exe" = C:\Users\Matheus\AppData\Local\Temp\winylgyo.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winpxmumc.exe" = C:\Users\Matheus\AppData\Local\Temp\winpxmumc.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\dxvsfx.exe" = C:\Users\Matheus\AppData\Local\Temp\dxvsfx.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\bmjpex.exe" = C:\Users\Matheus\AppData\Local\Temp\bmjpex.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\ximqbh.exe" = C:\Users\Matheus\AppData\Local\Temp\ximqbh.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winfbdjwr.exe" = C:\Users\Matheus\AppData\Local\Temp\winfbdjwr.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\pokdlb.exe" = C:\Users\Matheus\AppData\Local\Temp\pokdlb.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winbutqv.exe" = C:\Users\Matheus\AppData\Local\Temp\winbutqv.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\tyjlge.exe" = C:\Users\Matheus\AppData\Local\Temp\tyjlge.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\fkjae.exe" = C:\Users\Matheus\AppData\Local\Temp\fkjae.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winnvex.exe" = C:\Users\Matheus\AppData\Local\Temp\winnvex.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winbipc.exe" = C:\Users\Matheus\AppData\Local\Temp\winbipc.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\aouy.exe" = C:\Users\Matheus\AppData\Local\Temp\aouy.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\vkfxya.exe" = C:\Users\Matheus\AppData\Local\Temp\vkfxya.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winmxnba.exe" = C:\Users\Matheus\AppData\Local\Temp\winmxnba.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\mcqe.exe" = C:\Users\Matheus\AppData\Local\Temp\mcqe.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winqwqe.exe" = C:\Users\Matheus\AppData\Local\Temp\winqwqe.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\obbdj.exe" = C:\Users\Matheus\AppData\Local\Temp\obbdj.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winksok.exe" = C:\Users\Matheus\AppData\Local\Temp\winksok.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winmwdxvr.exe" = C:\Users\Matheus\AppData\Local\Temp\winmwdxvr.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\wintpyqnf.exe" = C:\Users\Matheus\AppData\Local\Temp\wintpyqnf.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winvwrbh.exe" = C:\Users\Matheus\AppData\Local\Temp\winvwrbh.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\dhkjia.exe" = C:\Users\Matheus\AppData\Local\Temp\dhkjia.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winmbmef.exe" = C:\Users\Matheus\AppData\Local\Temp\winmbmef.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winecmwc.exe" = C:\Users\Matheus\AppData\Local\Temp\winecmwc.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\bufj.exe" = C:\Users\Matheus\AppData\Local\Temp\bufj.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winkmblwp.exe" = C:\Users\Matheus\AppData\Local\Temp\winkmblwp.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\grvseb.exe" = C:\Users\Matheus\AppData\Local\Temp\grvseb.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winlaah.exe" = C:\Users\Matheus\AppData\Local\Temp\winlaah.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winahmsk.exe" = C:\Users\Matheus\AppData\Local\Temp\winahmsk.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\hghucn.exe" = C:\Users\Matheus\AppData\Local\Temp\hghucn.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winnhkwiq.exe" = C:\Users\Matheus\AppData\Local\Temp\winnhkwiq.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winffoeda.exe" = C:\Users\Matheus\AppData\Local\Temp\winffoeda.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\dmgixu.exe" = C:\Users\Matheus\AppData\Local\Temp\dmgixu.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winmwfcjs.exe" = C:\Users\Matheus\AppData\Local\Temp\winmwfcjs.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winqvmes.exe" = C:\Users\Matheus\AppData\Local\Temp\winqvmes.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winpbmxg.exe" = C:\Users\Matheus\AppData\Local\Temp\winpbmxg.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winmfay.exe" = C:\Users\Matheus\AppData\Local\Temp\winmfay.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\wvkns.exe" = C:\Users\Matheus\AppData\Local\Temp\wvkns.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winamkpbg.exe" = C:\Users\Matheus\AppData\Local\Temp\winamkpbg.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winitvwha.exe" = C:\Users\Matheus\AppData\Local\Temp\winitvwha.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\ptqymr.exe" = C:\Users\Matheus\AppData\Local\Temp\ptqymr.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\palgf.exe" = C:\Users\Matheus\AppData\Local\Temp\palgf.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\mhnk.exe" = C:\Users\Matheus\AppData\Local\Temp\mhnk.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\civv.exe" = C:\Users\Matheus\AppData\Local\Temp\civv.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\pgsr.exe" = C:\Users\Matheus\AppData\Local\Temp\pgsr.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\hmsqn.exe" = C:\Users\Matheus\AppData\Local\Temp\hmsqn.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winpflsr.exe" = C:\Users\Matheus\AppData\Local\Temp\winpflsr.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winfbpm.exe" = C:\Users\Matheus\AppData\Local\Temp\winfbpm.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\bipw.exe" = C:\Users\Matheus\AppData\Local\Temp\bipw.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\bxnwu.exe" = C:\Users\Matheus\AppData\Local\Temp\bxnwu.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\wingiglr.exe" = C:\Users\Matheus\AppData\Local\Temp\wingiglr.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\wincfsbd.exe" = C:\Users\Matheus\AppData\Local\Temp\wincfsbd.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winxpwpi.exe" = C:\Users\Matheus\AppData\Local\Temp\winxpwpi.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\cxkhw.exe" = C:\Users\Matheus\AppData\Local\Temp\cxkhw.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\wineuwc.exe" = C:\Users\Matheus\AppData\Local\Temp\wineuwc.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winfyrt.exe" = C:\Users\Matheus\AppData\Local\Temp\winfyrt.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winnyaram.exe" = C:\Users\Matheus\AppData\Local\Temp\winnyaram.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winiotbs.exe" = C:\Users\Matheus\AppData\Local\Temp\winiotbs.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\auqk.exe" = C:\Users\Matheus\AppData\Local\Temp\auqk.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winepdnj.exe" = C:\Users\Matheus\AppData\Local\Temp\winepdnj.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winieggxc.exe" = C:\Users\Matheus\AppData\Local\Temp\winieggxc.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\wineqwh.exe" = C:\Users\Matheus\AppData\Local\Temp\wineqwh.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winrvmfp.exe" = C:\Users\Matheus\AppData\Local\Temp\winrvmfp.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winklyt.exe" = C:\Users\Matheus\AppData\Local\Temp\winklyt.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\ropd.exe" = C:\Users\Matheus\AppData\Local\Temp\ropd.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\ysqft.exe" = C:\Users\Matheus\AppData\Local\Temp\ysqft.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\busffv.exe" = C:\Users\Matheus\AppData\Local\Temp\busffv.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winhuwjae.exe" = C:\Users\Matheus\AppData\Local\Temp\winhuwjae.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winqfgjby.exe" = C:\Users\Matheus\AppData\Local\Temp\winqfgjby.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\dlqedx.exe" = C:\Users\Matheus\AppData\Local\Temp\dlqedx.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winotwc.exe" = C:\Users\Matheus\AppData\Local\Temp\winotwc.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winsspk.exe" = C:\Users\Matheus\AppData\Local\Temp\winsspk.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\mpksj.exe" = C:\Users\Matheus\AppData\Local\Temp\mpksj.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\uldjyr.exe" = C:\Users\Matheus\AppData\Local\Temp\uldjyr.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winsyvi.exe" = C:\Users\Matheus\AppData\Local\Temp\winsyvi.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winmlfi.exe" = C:\Users\Matheus\AppData\Local\Temp\winmlfi.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winyxyaxj.exe" = C:\Users\Matheus\AppData\Local\Temp\winyxyaxj.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\kapdti.exe" = C:\Users\Matheus\AppData\Local\Temp\kapdti.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\yptl.exe" = C:\Users\Matheus\AppData\Local\Temp\yptl.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winodxs.exe" = C:\Users\Matheus\AppData\Local\Temp\winodxs.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winygtakw.exe" = C:\Users\Matheus\AppData\Local\Temp\winygtakw.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winsyulix.exe" = C:\Users\Matheus\AppData\Local\Temp\winsyulix.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\windepf.exe" = C:\Users\Matheus\AppData\Local\Temp\windepf.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\mptl.exe" = C:\Users\Matheus\AppData\Local\Temp\mptl.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\qijix.exe" = C:\Users\Matheus\AppData\Local\Temp\qijix.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\jlxb.exe" = C:\Users\Matheus\AppData\Local\Temp\jlxb.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winjitn.exe" = C:\Users\Matheus\AppData\Local\Temp\winjitn.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\ilxbdp.exe" = C:\Users\Matheus\AppData\Local\Temp\ilxbdp.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winvixg.exe" = C:\Users\Matheus\AppData\Local\Temp\winvixg.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winydswoh.exe" = C:\Users\Matheus\AppData\Local\Temp\winydswoh.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\jmxlp.exe" = C:\Users\Matheus\AppData\Local\Temp\jmxlp.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\tymsi.exe" = C:\Users\Matheus\AppData\Local\Temp\tymsi.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winpodshm.exe" = C:\Users\Matheus\AppData\Local\Temp\winpodshm.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winvnqlh.exe" = C:\Users\Matheus\AppData\Local\Temp\winvnqlh.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winuvlmh.exe" = C:\Users\Matheus\AppData\Local\Temp\winuvlmh.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\dxshbr.exe" = C:\Users\Matheus\AppData\Local\Temp\dxshbr.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\wingwrjxr.exe" = C:\Users\Matheus\AppData\Local\Temp\wingwrjxr.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\qglrcj.exe" = C:\Users\Matheus\AppData\Local\Temp\qglrcj.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\fnji.exe" = C:\Users\Matheus\AppData\Local\Temp\fnji.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winmiiaqe.exe" = C:\Users\Matheus\AppData\Local\Temp\winmiiaqe.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\nkrj.exe" = C:\Users\Matheus\AppData\Local\Temp\nkrj.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\jtodi.exe" = C:\Users\Matheus\AppData\Local\Temp\jtodi.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winarwy.exe" = C:\Users\Matheus\AppData\Local\Temp\winarwy.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\wincjaml.exe" = C:\Users\Matheus\AppData\Local\Temp\wincjaml.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winapms.exe" = C:\Users\Matheus\AppData\Local\Temp\winapms.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winoqbe.exe" = C:\Users\Matheus\AppData\Local\Temp\winoqbe.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\amffh.exe" = C:\Users\Matheus\AppData\Local\Temp\amffh.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\hhsj.exe" = C:\Users\Matheus\AppData\Local\Temp\hhsj.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winicyfk.exe" = C:\Users\Matheus\AppData\Local\Temp\winicyfk.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\geev.exe" = C:\Users\Matheus\AppData\Local\Temp\geev.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winjnhuef.exe" = C:\Users\Matheus\AppData\Local\Temp\winjnhuef.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winolwv.exe" = C:\Users\Matheus\AppData\Local\Temp\winolwv.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\mcuy.exe" = C:\Users\Matheus\AppData\Local\Temp\mcuy.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\hiahpy.exe" = C:\Users\Matheus\AppData\Local\Temp\hiahpy.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winbxxmvt.exe" = C:\Users\Matheus\AppData\Local\Temp\winbxxmvt.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\wintaxynr.exe" = C:\Users\Matheus\AppData\Local\Temp\wintaxynr.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\redyvl.exe" = C:\Users\Matheus\AppData\Local\Temp\redyvl.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\lhhfr.exe" = C:\Users\Matheus\AppData\Local\Temp\lhhfr.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winawdvc.exe" = C:\Users\Matheus\AppData\Local\Temp\winawdvc.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\wincjhsqs.exe" = C:\Users\Matheus\AppData\Local\Temp\wincjhsqs.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winwwky.exe" = C:\Users\Matheus\AppData\Local\Temp\winwwky.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winrdomjh.exe" = C:\Users\Matheus\AppData\Local\Temp\winrdomjh.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winikhimr.exe" = C:\Users\Matheus\AppData\Local\Temp\winikhimr.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winlhnmi.exe" = C:\Users\Matheus\AppData\Local\Temp\winlhnmi.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\wincvbkjk.exe" = C:\Users\Matheus\AppData\Local\Temp\wincvbkjk.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winsybi.exe" = C:\Users\Matheus\AppData\Local\Temp\winsybi.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\goqlh.exe" = C:\Users\Matheus\AppData\Local\Temp\goqlh.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\wsidm.exe" = C:\Users\Matheus\AppData\Local\Temp\wsidm.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\rkad.exe" = C:\Users\Matheus\AppData\Local\Temp\rkad.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winhgkfir.exe" = C:\Users\Matheus\AppData\Local\Temp\winhgkfir.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\mvqu.exe" = C:\Users\Matheus\AppData\Local\Temp\mvqu.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winfjamk.exe" = C:\Users\Matheus\AppData\Local\Temp\winfjamk.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\yxpvyg.exe" = C:\Users\Matheus\AppData\Local\Temp\yxpvyg.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\yfngf.exe" = C:\Users\Matheus\AppData\Local\Temp\yfngf.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winbwtmt.exe" = C:\Users\Matheus\AppData\Local\Temp\winbwtmt.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winafgd.exe" = C:\Users\Matheus\AppData\Local\Temp\winafgd.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\oqtmf.exe" = C:\Users\Matheus\AppData\Local\Temp\oqtmf.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\windjau.exe" = C:\Users\Matheus\AppData\Local\Temp\windjau.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\btfe.exe" = C:\Users\Matheus\AppData\Local\Temp\btfe.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\qlac.exe" = C:\Users\Matheus\AppData\Local\Temp\qlac.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\hslbqv.exe" = C:\Users\Matheus\AppData\Local\Temp\hslbqv.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winwmvyi.exe" = C:\Users\Matheus\AppData\Local\Temp\winwmvyi.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\bivr.exe" = C:\Users\Matheus\AppData\Local\Temp\bivr.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\xqclmy.exe" = C:\Users\Matheus\AppData\Local\Temp\xqclmy.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\dyepf.exe" = C:\Users\Matheus\AppData\Local\Temp\dyepf.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\wmwri.exe" = C:\Users\Matheus\AppData\Local\Temp\wmwri.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winrdsu.exe" = C:\Users\Matheus\AppData\Local\Temp\winrdsu.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\aiysn.exe" = C:\Users\Matheus\AppData\Local\Temp\aiysn.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winjwnjq.exe" = C:\Users\Matheus\AppData\Local\Temp\winjwnjq.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winlwjn.exe" = C:\Users\Matheus\AppData\Local\Temp\winlwjn.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\windyunim.exe" = C:\Users\Matheus\AppData\Local\Temp\windyunim.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\bqtjmv.exe" = C:\Users\Matheus\AppData\Local\Temp\bqtjmv.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winbauqs.exe" = C:\Users\Matheus\AppData\Local\Temp\winbauqs.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winsvibpr.exe" = C:\Users\Matheus\AppData\Local\Temp\winsvibpr.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winfhwp.exe" = C:\Users\Matheus\AppData\Local\Temp\winfhwp.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winwgyin.exe" = C:\Users\Matheus\AppData\Local\Temp\winwgyin.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winwohf.exe" = C:\Users\Matheus\AppData\Local\Temp\winwohf.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\jyhsu.exe" = C:\Users\Matheus\AppData\Local\Temp\jyhsu.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winxtdk.exe" = C:\Users\Matheus\AppData\Local\Temp\winxtdk.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\ihbo.exe" = C:\Users\Matheus\AppData\Local\Temp\ihbo.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\csenn.exe" = C:\Users\Matheus\AppData\Local\Temp\csenn.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winiwwfaj.exe" = C:\Users\Matheus\AppData\Local\Temp\winiwwfaj.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winxclhga.exe" = C:\Users\Matheus\AppData\Local\Temp\winxclhga.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\wingdki.exe" = C:\Users\Matheus\AppData\Local\Temp\wingdki.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\wkwd.exe" = C:\Users\Matheus\AppData\Local\Temp\wkwd.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winulssj.exe" = C:\Users\Matheus\AppData\Local\Temp\winulssj.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\ccvx.exe" = C:\Users\Matheus\AppData\Local\Temp\ccvx.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winoptoa.exe" = C:\Users\Matheus\AppData\Local\Temp\winoptoa.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\llhww.exe" = C:\Users\Matheus\AppData\Local\Temp\llhww.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\oibg.exe" = C:\Users\Matheus\AppData\Local\Temp\oibg.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\ghxa.exe" = C:\Users\Matheus\AppData\Local\Temp\ghxa.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winsgmujp.exe" = C:\Users\Matheus\AppData\Local\Temp\winsgmujp.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\yxmnld.exe" = C:\Users\Matheus\AppData\Local\Temp\yxmnld.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winjrni.exe" = C:\Users\Matheus\AppData\Local\Temp\winjrni.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winejqe.exe" = C:\Users\Matheus\AppData\Local\Temp\winejqe.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winogcpy.exe" = C:\Users\Matheus\AppData\Local\Temp\winogcpy.exe:*:Enabled:ipsec
"C:\Program Files\Extra RAM\ExtraRAM.exe" = C:\Program Files\Extra RAM\ExtraRAM.exe:*:Enabled:ipsec -- ()
"C:\Users\Matheus\AppData\Local\Temp\jifex.exe" = C:\Users\Matheus\AppData\Local\Temp\jifex.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\mgjuxk.exe" = C:\Users\Matheus\AppData\Local\Temp\mgjuxk.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\txst.exe" = C:\Users\Matheus\AppData\Local\Temp\txst.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winntjdxr.exe" = C:\Users\Matheus\AppData\Local\Temp\winntjdxr.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winjlxgn.exe" = C:\Users\Matheus\AppData\Local\Temp\winjlxgn.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winvhegw.exe" = C:\Users\Matheus\AppData\Local\Temp\winvhegw.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winkvoku.exe" = C:\Users\Matheus\AppData\Local\Temp\winkvoku.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\lvxvux.exe" = C:\Users\Matheus\AppData\Local\Temp\lvxvux.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winqiks.exe" = C:\Users\Matheus\AppData\Local\Temp\winqiks.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\wincpavla.exe" = C:\Users\Matheus\AppData\Local\Temp\wincpavla.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\vrkcu.exe" = C:\Users\Matheus\AppData\Local\Temp\vrkcu.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\gbtlxa.exe" = C:\Users\Matheus\AppData\Local\Temp\gbtlxa.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winqfgt.exe" = C:\Users\Matheus\AppData\Local\Temp\winqfgt.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winsfjfb.exe" = C:\Users\Matheus\AppData\Local\Temp\winsfjfb.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\jespy.exe" = C:\Users\Matheus\AppData\Local\Temp\jespy.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winrxpcld.exe" = C:\Users\Matheus\AppData\Local\Temp\winrxpcld.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winbjpe.exe" = C:\Users\Matheus\AppData\Local\Temp\winbjpe.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winhpjpww.exe" = C:\Users\Matheus\AppData\Local\Temp\winhpjpww.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\vmnprj.exe" = C:\Users\Matheus\AppData\Local\Temp\vmnprj.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winojkeb.exe" = C:\Users\Matheus\AppData\Local\Temp\winojkeb.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\hdqf.exe" = C:\Users\Matheus\AppData\Local\Temp\hdqf.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winufom.exe" = C:\Users\Matheus\AppData\Local\Temp\winufom.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\wktw.exe" = C:\Users\Matheus\AppData\Local\Temp\wktw.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\tamx.exe" = C:\Users\Matheus\AppData\Local\Temp\tamx.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winahbmv.exe" = C:\Users\Matheus\AppData\Local\Temp\winahbmv.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\ttnbqx.exe" = C:\Users\Matheus\AppData\Local\Temp\ttnbqx.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winjjio.exe" = C:\Users\Matheus\AppData\Local\Temp\winjjio.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winvatss.exe" = C:\Users\Matheus\AppData\Local\Temp\winvatss.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\wintahis.exe" = C:\Users\Matheus\AppData\Local\Temp\wintahis.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winrshnh.exe" = C:\Users\Matheus\AppData\Local\Temp\winrshnh.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\xifntb.exe" = C:\Users\Matheus\AppData\Local\Temp\xifntb.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winddhuq.exe" = C:\Users\Matheus\AppData\Local\Temp\winddhuq.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winywlq.exe" = C:\Users\Matheus\AppData\Local\Temp\winywlq.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\vsipma.exe" = C:\Users\Matheus\AppData\Local\Temp\vsipma.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\lwdu.exe" = C:\Users\Matheus\AppData\Local\Temp\lwdu.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\wintwrk.exe" = C:\Users\Matheus\AppData\Local\Temp\wintwrk.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\wincffq.exe" = C:\Users\Matheus\AppData\Local\Temp\wincffq.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winnxaffy.exe" = C:\Users\Matheus\AppData\Local\Temp\winnxaffy.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\mtfh.exe" = C:\Users\Matheus\AppData\Local\Temp\mtfh.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\hvgs.exe" = C:\Users\Matheus\AppData\Local\Temp\hvgs.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\wingmbc.exe" = C:\Users\Matheus\AppData\Local\Temp\wingmbc.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\ebcais.exe" = C:\Users\Matheus\AppData\Local\Temp\ebcais.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winptqwe.exe" = C:\Users\Matheus\AppData\Local\Temp\winptqwe.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winjsgshl.exe" = C:\Users\Matheus\AppData\Local\Temp\winjsgshl.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winviti.exe" = C:\Users\Matheus\AppData\Local\Temp\winviti.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winvmtv.exe" = C:\Users\Matheus\AppData\Local\Temp\winvmtv.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winxxvbr.exe" = C:\Users\Matheus\AppData\Local\Temp\winxxvbr.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\jhsat.exe" = C:\Users\Matheus\AppData\Local\Temp\jhsat.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\qxyr.exe" = C:\Users\Matheus\AppData\Local\Temp\qxyr.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winxnbiob.exe" = C:\Users\Matheus\AppData\Local\Temp\winxnbiob.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winlifrof.exe" = C:\Users\Matheus\AppData\Local\Temp\winlifrof.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\bohvjo.exe" = C:\Users\Matheus\AppData\Local\Temp\bohvjo.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\wingxvbrj.exe" = C:\Users\Matheus\AppData\Local\Temp\wingxvbrj.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\windfrny.exe" = C:\Users\Matheus\AppData\Local\Temp\windfrny.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winhdxb.exe" = C:\Users\Matheus\AppData\Local\Temp\winhdxb.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winfynbim.exe" = C:\Users\Matheus\AppData\Local\Temp\winfynbim.exe:*:Enabled:ipsec
"C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe" = C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe:*:Enabled:ipsec -- (Adobe Systems Incorporated)
"C:\Users\Matheus\AppData\Local\Temp\winjepb.exe" = C:\Users\Matheus\AppData\Local\Temp\winjepb.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winkgal.exe" = C:\Users\Matheus\AppData\Local\Temp\winkgal.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winxtpuff.exe" = C:\Users\Matheus\AppData\Local\Temp\winxtpuff.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\nhlk.exe" = C:\Users\Matheus\AppData\Local\Temp\nhlk.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\nxda.exe" = C:\Users\Matheus\AppData\Local\Temp\nxda.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winouuc.exe" = C:\Users\Matheus\AppData\Local\Temp\winouuc.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winnfhb.exe" = C:\Users\Matheus\AppData\Local\Temp\winnfhb.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winesysow.exe" = C:\Users\Matheus\AppData\Local\Temp\winesysow.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winxytdti.exe" = C:\Users\Matheus\AppData\Local\Temp\winxytdti.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\ayklb.exe" = C:\Users\Matheus\AppData\Local\Temp\ayklb.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\pdjyld.exe" = C:\Users\Matheus\AppData\Local\Temp\pdjyld.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\wincsmdx.exe" = C:\Users\Matheus\AppData\Local\Temp\wincsmdx.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winxvpuq.exe" = C:\Users\Matheus\AppData\Local\Temp\winxvpuq.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\ytwy.exe" = C:\Users\Matheus\AppData\Local\Temp\ytwy.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\qpivwa.exe" = C:\Users\Matheus\AppData\Local\Temp\qpivwa.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\qpcx.exe" = C:\Users\Matheus\AppData\Local\Temp\qpcx.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\fwmh.exe" = C:\Users\Matheus\AppData\Local\Temp\fwmh.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winexpd.exe" = C:\Users\Matheus\AppData\Local\Temp\winexpd.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\yyrcl.exe" = C:\Users\Matheus\AppData\Local\Temp\yyrcl.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winjqiask.exe" = C:\Users\Matheus\AppData\Local\Temp\winjqiask.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winnldrop.exe" = C:\Users\Matheus\AppData\Local\Temp\winnldrop.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winacps.exe" = C:\Users\Matheus\AppData\Local\Temp\winacps.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\tkkwkq.exe" = C:\Users\Matheus\AppData\Local\Temp\tkkwkq.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winsqgro.exe" = C:\Users\Matheus\AppData\Local\Temp\winsqgro.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\htft.exe" = C:\Users\Matheus\AppData\Local\Temp\htft.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winyrrhey.exe" = C:\Users\Matheus\AppData\Local\Temp\winyrrhey.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\ktatf.exe" = C:\Users\Matheus\AppData\Local\Temp\ktatf.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winnilt.exe" = C:\Users\Matheus\AppData\Local\Temp\winnilt.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\wktplg.exe" = C:\Users\Matheus\AppData\Local\Temp\wktplg.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winekvi.exe" = C:\Users\Matheus\AppData\Local\Temp\winekvi.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\rxram.exe" = C:\Users\Matheus\AppData\Local\Temp\rxram.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\jivnm.exe" = C:\Users\Matheus\AppData\Local\Temp\jivnm.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winwpfp.exe" = C:\Users\Matheus\AppData\Local\Temp\winwpfp.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\yawsx.exe" = C:\Users\Matheus\AppData\Local\Temp\yawsx.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winwsed.exe" = C:\Users\Matheus\AppData\Local\Temp\winwsed.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\ktkqqp.exe" = C:\Users\Matheus\AppData\Local\Temp\ktkqqp.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\renqpi.exe" = C:\Users\Matheus\AppData\Local\Temp\renqpi.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winxrcnpf.exe" = C:\Users\Matheus\AppData\Local\Temp\winxrcnpf.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winjrofd.exe" = C:\Users\Matheus\AppData\Local\Temp\winjrofd.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\waxx.exe" = C:\Users\Matheus\AppData\Local\Temp\waxx.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winqiouyr.exe" = C:\Users\Matheus\AppData\Local\Temp\winqiouyr.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\kplaqp.exe" = C:\Users\Matheus\AppData\Local\Temp\kplaqp.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\wixaj.exe" = C:\Users\Matheus\AppData\Local\Temp\wixaj.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\wintxmub.exe" = C:\Users\Matheus\AppData\Local\Temp\wintxmub.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\gwlo.exe" = C:\Users\Matheus\AppData\Local\Temp\gwlo.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winesnl.exe" = C:\Users\Matheus\AppData\Local\Temp\winesnl.exe:*:Enabled:ipsec
"C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe:*:Enabled:ipsec -- (Malwarebytes Corporation)
"C:\Users\Matheus\AppData\Local\Temp\ytgrj.exe" = C:\Users\Matheus\AppData\Local\Temp\ytgrj.exe:*:Enabled:ipsec -- ()
"C:\Users\Matheus\AppData\Local\Temp\wincwuu.exe" = C:\Users\Matheus\AppData\Local\Temp\wincwuu.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\dukks.exe" = C:\Users\Matheus\AppData\Local\Temp\dukks.exe:*:Enabled:ipsec -- ()
"C:\Users\Matheus\AppData\Local\Temp\winhfoms.exe" = C:\Users\Matheus\AppData\Local\Temp\winhfoms.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winfubgy.exe" = C:\Users\Matheus\AppData\Local\Temp\winfubgy.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winelrm.exe" = C:\Users\Matheus\AppData\Local\Temp\winelrm.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\xgwg.exe" = C:\Users\Matheus\AppData\Local\Temp\xgwg.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winehstwp.exe" = C:\Users\Matheus\AppData\Local\Temp\winehstwp.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\kqpult.exe" = C:\Users\Matheus\AppData\Local\Temp\kqpult.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winewgi.exe" = C:\Users\Matheus\AppData\Local\Temp\winewgi.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\kbjyuh.exe" = C:\Users\Matheus\AppData\Local\Temp\kbjyuh.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winqusf.exe" = C:\Users\Matheus\AppData\Local\Temp\winqusf.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winuxajik.exe" = C:\Users\Matheus\AppData\Local\Temp\winuxajik.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\xshojw.exe" = C:\Users\Matheus\AppData\Local\Temp\xshojw.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\nwce.exe" = C:\Users\Matheus\AppData\Local\Temp\nwce.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\winjmsu.exe" = C:\Users\Matheus\AppData\Local\Temp\winjmsu.exe:*:Enabled:ipsec
"C:\Users\Matheus\AppData\Local\Temp\gsicl.exe" = C:\Users\Matheus\AppData\Local\Temp\gsicl.exe:*:Enabled:ipsec -- ()
"C:\Users\Matheus\AppData\Local\Temp\winsyhgav.exe" = C:\Users\Matheus\AppData\Local\Temp\winsyhgav.exe:*:Enabled:ipsec -- ()
"C:\Users\Matheus\AppData\Local\Temp\winqjqf.exe" = C:\Users\Matheus\AppData\Local\Temp\winqjqf.exe:*:Enabled:ipsec -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0FFEA8EE-7BC7-4C9D-8CC6-5B8C891BA3F2}" = Windows Live Essentials
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{255FC1CF-2620-4B64-BE02-79B9E609BB3D}" = Webzen Game Starter
"{2640314A-2D9A-4F58-B501-DB109CD9DBA2}" = DJ_AIO_ProductContext
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java 6 Update 27
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32DACAC3-6538-405D-915E-8F2D026F199C}" = DJ_AIO_Software_min
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CFDA3C2-6F0A-49EF-85DF-D4D928142D91}_is1" = Extra RAM 1.7
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4EC1177C-E3E8-4CEE-8E9F-E6D4E6F7B2E2}_is1" = WinDS PRO DSi 2.2.1
"{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live
"{590035D9-BFA0-406A-A7F0-479C72C0DDB2}" = Windows Live Call
"{5D90E53A-BD7C-8F32-9B82-7733D0F0BC8E}" = Adobe Download Assistant
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007
"{90120000-0015-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007
"{90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007
"{90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007
"{90120000-0019-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007
"{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007
"{90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{75EBE365-7FC5-4720-A7D3-804BF550D1BC}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0416-0000-0000000FF1CE}" = Pacote de Compatibilidade para o sistema Office 2007
"{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007
"{90120000-0044-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007
"{90120000-006E-0416-0000-0000000FF1CE}_ENTERPRISE_{9A141B2B-7C5E-47D2-8E9E-9AC6018F3C42}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007
"{90120000-00A1-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2007
"{90120000-00BA-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99E16265-E162-43E7-B3C5-D28640E23AE9}" = PSP ISO Shrink
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADC3E4F-34DA-48CD-8727-BB26D90257BD}" = Windows Live Messenger
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A6B90148-02C5-4fd3-8D7A-EF2386835CB9}" = F4100_Help
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AD99B476-6FB7-4985-A3C3-E40595A7E6DE}" = DJ_AIO_Software
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{d05a1414-a955-4c5c-9716-b7777ef86e85}" = F4100
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E8E2B4D8-503C-46C7-A6CE-BC78CC3D4F9A}" = Epi Info
"{EB773820-0871-46A8-9B96-F2B04F8B34F0}" = HP Deskjet All-In-One Driver Software 13.0 Rel. 1
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Age of Mythology 1.0" = Age of Mythology
"AviSynth" = AviSynth 2.5
"BitTorrent" = BitTorrent
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cheat Engine 5.6.1_is1" = Cheat Engine 5.6.1
"Cliente MuSteam 99z" = Cliente MuSteam 99z
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"DivX Codec" = DivX Codec
"DivX Player" = DivX Player
"DivX Subtitle Displayer 4.54" = DivX Subtitle Displayer 4.54
"Doro_is1" = Doro 1.64
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Foxit Reader_is1" = Foxit Reader 5.0
"Free DVD Burner (by minidvdsoft)_is1" = Free DVD Burner version 3.0
"Free PS Convert driver_is1" = Free PS Convert driver 8.15
"Garena 2010" = Garena 2010
"Glary Utilities_is1" = Glary Utilities 2.38.0.1288
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"Internet TV_is1" = Internet TV 8.1
"LastFM_is1" = Last.fm 1.5.4.27091
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware versão 1.51.2.1300
"Messenger Plus! Live" = Messenger Plus! Live
"Mozilla Firefox 5.0.1 (x86 pt-BR)" = Mozilla Firefox 5.0.1 (x86 pt-BR)
"Network Play System (Patching)" = Network Play System (Patching)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"PDFConverter Printer Driver_is1" = PDFConverter Printer Driver version 2.00
"Picasa 3" = Picasa 3
"Plugin Letras.mus.br" = Plugin Letras.mus.br 1.10
"RealAlt_is1" = Real Alternative 2.0.2
"Registry Mechanic_is1" = Registry Mechanic 10.0
"Shop for HP Supplies" = Shop for HP Supplies
"Sierra Utilities" = Sierra Utilities
"The Sims" = The Sims
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = Arquivo do WinRAR
"Word to PDF Converter_is1" = Word to PDF Converter 4.00
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Google Chrome SxS" = Google Chrome Canary
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 10/2/2011 8:31:12 AM | Computer Name = PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
Error - 10/2/2011 2:20:17 PM | Computer Name = PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
Error - 10/2/2011 8:35:41 PM | Computer Name = PC | Source = MsiInstaller | ID = 1013
Description =
Error - 10/2/2011 8:42:27 PM | Computer Name = PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
Error - 10/3/2011 5:58:00 PM | Computer Name = PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
Error - 10/4/2011 8:29:39 AM | Computer Name = PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
Error - 10/4/2011 12:28:52 PM | Computer Name = PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
Error - 10/4/2011 1:21:41 PM | Computer Name = PC | Source = Windows Search Service | ID = 3007
Description =
Error - 10/4/2011 3:27:28 PM | Computer Name = PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
Error - 10/4/2011 3:55:52 PM | Computer Name = PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 5.0.1.4205 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 7fc Start
Time: 01cc82cd8c268130 Termination Time: 292 Application Path: C:\Program Files\Mozilla
Firefox\firefox.exe Report Id: c06a9f11-eec2-11e0-9435-001617ae3ddf
[ OSession Events ]
Error - 6/15/2011 9:45:51 PM | Computer Name = PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6514.5001. This session
lasted 1582 seconds with 1080 seconds of active time. This session ended with a
crash.
Error - 6/21/2011 2:51:52 PM | Computer Name = PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6514.5001. This session
lasted 2270 seconds with 1440 seconds of active time. This session ended with a
crash.
Error - 6/26/2011 12:13:00 AM | Computer Name = PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6514.5001. This session
lasted 11829 seconds with 1020 seconds of active time. This session ended with
a crash.
Error - 8/27/2011 11:03:39 AM | Computer Name = PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6514.5001. This session lasted 70
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 10/4/2011 12:57:01 PM | Computer Name = PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80080005: Security Update for Windows 7 (KB979688).
Error - 10/4/2011 1:04:34 PM | Computer Name = PC | Source = Service Control Manager | ID = 7023
Description = The SPP Notification Service service terminated with the following
error: %%5
Error - 10/4/2011 2:04:33 PM | Computer Name = PC | Source = Service Control Manager | ID = 7023
Description = The SPP Notification Service service terminated with the following
error: %%5
Error - 10/4/2011 3:04:31 PM | Computer Name = PC | Source = Service Control Manager | ID = 7023
Description = The SPP Notification Service service terminated with the following
error: %%5
Error - 10/4/2011 3:31:08 PM | Computer Name = PC | Source = DCOM | ID = 10001
Description =
Error - 10/4/2011 3:56:37 PM | Computer Name = PC | Source = Service Control Manager | ID = 7023
Description = The SPP Notification Service service terminated with the following
error: %%5
Error - 10/4/2011 4:07:40 PM | Computer Name = PC | Source = Microsoft-Windows-Service Pack Installer | ID = 8
Description = Service Pack installation failed with error code 0x800b0100.
Error - 10/4/2011 4:12:41 PM | Computer Name = PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Windows 7 Service Pack 1 (KB976932).
Error - 10/4/2011 4:56:36 PM | Computer Name = PC | Source = Service Control Manager | ID = 7023
Description = The SPP Notification Service service terminated with the following
error: %%5
Error - 10/4/2011 5:56:36 PM | Computer Name = PC | Source = Service Control Manager | ID = 7023
Description = The SPP Notification Service service terminated with the following
error: %%5
< End of report >
Thank you very much!
Edited by Kelendril, 04 October 2011 - 04:52 PM.