Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Removing facevideoupdt7.2 [Closed]


  • This topic is locked This topic is locked

#1
ReginaldoRigo

ReginaldoRigo

    New Member

  • Member
  • Pip
  • 1 posts
I'm trying to remove this malware. i've executed this file 'facevideoupdt7.2.exe' and since then may facebook account has been sending invitations to my face friends to
participate on events without my knowledge. I don't even know what more it's doing behind my back.

I've tryied hard to remove it but unsuccessfully so far. I would apreciate any help.

Thanks.

Reginaldo

FOLLOW THE OTL FILE

OTL logfile created on: 18/07/2013 08:26:02 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\reginaldo\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

2,99 Gb Total Physical Memory | 0,79 Gb Available Physical Memory | 26,38% Memory free
5,98 Gb Paging File | 1,36 Gb Available in Paging File | 22,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 75,03 Gb Total Space | 3,26 Gb Free Space | 4,34% Space Free | Partition Type: NTFS
Drive D: | 195,31 Gb Total Space | 97,06 Gb Free Space | 49,69% Space Free | Partition Type: NTFS
Drive G: | 195,32 Gb Total Space | 146,33 Gb Free Space | 74,92% Space Free | Partition Type: NTFS
Drive Z: | 100,00 Mb Total Space | 60,95 Mb Free Space | 60,95% Space Free | Partition Type: NTFS

Computer Name: REGINALDO-PC | User Name: reginaldo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2013/07/18 08:25:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\reginaldo\Downloads\OTL.exe
PRC - [2013/07/17 17:33:11 | 001,183,184 | ---- | M] (Google Inc.) -- C:\Users\REGINA~1\AppData\Local\Temp\CR_7D9D6.tmp\setup.exe
PRC - [2013/07/17 15:12:02 | 000,054,424 | ---- | M] (Bitdefender) -- C:\Arquivos de Programas\Bitdefender\Antivirus Free Edition\gzserv.exe
PRC - [2013/07/17 15:11:54 | 000,235,728 | ---- | M] (Bitdefender) -- C:\Arquivos de Programas\Bitdefender\Antivirus Free Edition\gziface.exe
PRC - [2013/07/12 15:49:47 | 000,846,288 | ---- | M] (Google Inc.) -- C:\Arquivos de Programas\Google\Chrome\Application\chrome.exe
PRC - [2013/07/11 20:27:21 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Users\reginaldo\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler.exe
PRC - [2013/06/27 01:19:20 | 000,569,256 | ---- | M] (Baidu Inc.) -- C:\Arquivos de Programas\Baidu Security\PC Faster\3.4.0.17\PCFasterSvc.exe
PRC - [2013/06/27 01:19:14 | 002,167,512 | ---- | M] (Baidu Inc.) -- C:\Arquivos de Programas\Baidu Security\PC Faster\3.4.0.17\PCFaster.exe
PRC - [2013/06/20 21:07:33 | 000,023,552 | ---- | M] (WebCake LLC) -- C:\Arquivos de Programas\WebCake\WebCakeDesktop.Updater.exe
PRC - [2013/06/05 01:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\reginaldo\AppData\Local\Akamai\netsession_win.exe
PRC - [2013/05/23 10:48:10 | 000,410,152 | ---- | M] (GAS Tecnologia) -- C:\Arquivos de Programas\GbPlugin\gbpsv.exe
PRC - [2013/05/22 05:49:54 | 001,618,280 | ---- | M] (Baidu, Inc.) -- C:\Arquivos de Programas\Baidu Security\Cloud Security\BAVSvc.exe
PRC - [2013/05/14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de Programas\AVG\AVG2013\avgidsagent.exe
PRC - [2013/04/29 00:58:42 | 004,408,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de Programas\AVG\AVG2013\avgui.exe
PRC - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de Programas\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/04/04 03:15:08 | 001,117,232 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de Programas\AVG\AVG2013\avgnsx.exe
PRC - [2013/03/28 02:48:36 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de Programas\AVG\AVG2013\avgrsx.exe
PRC - [2013/02/19 04:00:58 | 000,448,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de Programas\AVG\AVG2013\avgcsrvx.exe
PRC - [2013/02/12 23:37:16 | 001,263,952 | ---- | M] () -- C:\Arquivos de Programas\DivX\DivX Update\DivXUpdate.exe
PRC - [2012/10/17 17:27:37 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de Programas\Java\jre6\bin\javaw.exe
PRC - [2012/07/27 17:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Arquivos de Programas\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/10 04:49:01 | 000,935,008 | ---- | M] () -- C:\Arquivos de Programas\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
PRC - [2012/07/10 04:49:00 | 001,107,552 | ---- | M] () -- C:\Arquivos de Programas\AVG Secure Search\vprot.exe
PRC - [2012/03/25 23:02:04 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\NLSSRV32.EXE
PRC - [2012/02/24 12:57:02 | 000,067,640 | ---- | M] () -- D:\Program Files\Avanquest\PowerDesk\PDHookServer.exe
PRC - [2011/04/29 01:24:18 | 000,019,856 | ---- | M] () -- C:\Arquivos de Programas\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2011/04/01 20:17:08 | 000,067,400 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\IIS\Microsoft Web Deploy\MsDepSvc.exe
PRC - [2011/03/15 17:59:32 | 000,312,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Arquivos de Programas\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2011/03/09 12:35:08 | 008,144,896 | ---- | M] () -- c:\xampp\mysql\bin\mysqld.exe
PRC - [2010/05/21 12:40:26 | 000,324,976 | ---- | M] (Flexera Software, Inc.) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2010/04/20 16:54:28 | 000,137,272 | ---- | M] (Kaspersky Lab) -- C:\Arquivos de Programas\Kaspersky Lab\NetworkAgent 8\klnagent.exe
PRC - [2010/01/22 20:36:00 | 000,621,320 | ---- | M] (http://tortoisesvn.net) -- C:\Arquivos de Programas\TortoiseSVN\bin\TSVNCache.exe
PRC - [2009/07/13 22:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 22:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/05/19 18:10:02 | 000,057,344 | ---- | M] () -- C:\eclipse\eclipse.exe
PRC - [2008/06/13 14:24:02 | 000,081,920 | ---- | M] (Firebird Project) -- C:\Arquivos de Programas\Firebird\Firebird_2_1\bin\fbguard.exe
PRC - [2008/06/13 14:22:50 | 002,723,840 | ---- | M] (Firebird Project) -- C:\Arquivos de Programas\Firebird\Firebird_2_1\bin\fbserver.exe
PRC - [2007/10/08 09:27:04 | 000,072,240 | ---- | M] (VMware, Inc.) -- G:\VMware\VMware Workstation\vmware-tray.exe
PRC - [2007/10/08 09:26:52 | 000,150,064 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
PRC - [2007/10/08 09:26:50 | 000,121,392 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
PRC - [2007/10/08 09:26:38 | 000,055,856 | ---- | M] (VMware, Inc.) -- G:\VMware\VMware Workstation\hqtray.exe
PRC - [2007/10/08 09:26:28 | 000,109,104 | ---- | M] (VMware, Inc.) -- G:\VMware\VMware Workstation\vmware-authd.exe
PRC - [2007/03/23 10:02:52 | 000,269,104 | ---- | M] (VMware, Inc.) -- C:\Arquivos de Programas\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
PRC - [2007/02/10 10:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2007/02/10 05:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2006/10/27 00:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2006/10/26 20:24:54 | 000,098,632 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2005/10/22 23:35:22 | 004,431,872 | ---- | M] () -- C:\Arquivos de Programas\Quest Software\Benchmark Factory for Databases\Repository\MySQL\bin\mysqld-max-nt.exe
PRC - [2004/05/02 14:02:51 | 000,062,464 | ---- | M] (Elias Fotinis) -- C:\Arquivos de Programas\DeskPins\DeskPins.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/17 15:12:38 | 000,508,136 | ---- | M] () -- C:\Arquivos de Programas\Bitdefender\Antivirus Free Edition\sqlite3.dll
MOD - [2013/07/12 15:49:44 | 000,396,240 | ---- | M] () -- C:\Arquivos de Programas\Google\Chrome\Application\28.0.1500.72\ppgooglenaclpluginchrome.dll
MOD - [2013/07/12 15:49:43 | 013,599,184 | ---- | M] () -- C:\Arquivos de Programas\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
MOD - [2013/07/12 15:49:42 | 004,052,944 | ---- | M] () -- C:\Arquivos de Programas\Google\Chrome\Application\28.0.1500.72\pdf.dll
MOD - [2013/07/12 15:48:52 | 000,601,552 | ---- | M] () -- C:\Arquivos de Programas\Google\Chrome\Application\28.0.1500.72\libglesv2.dll
MOD - [2013/07/12 15:48:51 | 000,123,344 | ---- | M] () -- C:\Arquivos de Programas\Google\Chrome\Application\28.0.1500.72\libegl.dll
MOD - [2013/07/12 15:48:49 | 001,597,392 | ---- | M] () -- C:\Arquivos de Programas\Google\Chrome\Application\28.0.1500.72\ffmpegsumo.dll
MOD - [2013/02/12 23:38:06 | 000,100,688 | ---- | M] () -- C:\Arquivos de Programas\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2013/02/12 23:37:16 | 001,263,952 | ---- | M] () -- C:\Arquivos de Programas\DivX\DivX Update\DivXUpdate.exe
MOD - [2013/01/21 16:51:53 | 018,524,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\97e6b67983d07a066b68b3ae8be2f53d\PresentationFramework.ni.dll
MOD - [2013/01/21 16:51:43 | 000,786,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\4cfa42c8b69a64e192f3255ec900457d\System.Runtime.Remoting.ni.dll
MOD - [2013/01/21 16:51:41 | 001,156,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\95623e12dc6a64d28bad5b85f4c730ae\System.Management.ni.dll
MOD - [2013/01/21 16:51:38 | 000,462,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\e7d92730b571b31e62c2cf257f04a974\PresentationFramework.Aero.ni.dll
MOD - [2013/01/21 16:51:33 | 001,870,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\cc4d9093563dadee370788bbc3ecf4fb\System.Xaml.ni.dll
MOD - [2013/01/21 16:51:29 | 010,914,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b52bc540630c3aa5de542c382af35c20\PresentationCore.ni.dll
MOD - [2013/01/21 16:51:28 | 012,692,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\22ae167d586450ad3a9b9a9ee43ebc86\System.Windows.Forms.ni.dll
MOD - [2013/01/21 16:51:25 | 007,559,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9ba07396ae369d010c5c3927a82ef426\System.Xml.ni.dll
MOD - [2013/01/21 16:51:12 | 006,995,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b9f7adbc90a2bcbe8eb9e6e8d2bb975b\System.Core.ni.dll
MOD - [2013/01/21 16:51:08 | 003,905,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\cd235caf797fb017f140016be88f33b7\WindowsBase.ni.dll
MOD - [2013/01/21 16:51:08 | 000,958,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\28586400bcaf94c13a9fd0dff4a1e090\System.Configuration.ni.dll
MOD - [2013/01/21 16:51:07 | 001,630,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\72269ea7cc6281139e4d155e7c57dc67\System.Drawing.ni.dll
MOD - [2013/01/21 16:51:02 | 009,925,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\e40da7a49f8c3f0108e7c835b342f382\System.ni.dll
MOD - [2013/01/21 16:50:50 | 016,501,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\51e2934144ba15628ba5a31be2dae7dc\mscorlib.ni.dll
MOD - [2012/07/10 04:49:01 | 000,132,704 | ---- | M] () -- C:\Arquivos de Programas\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll
MOD - [2012/07/10 04:49:00 | 001,107,552 | ---- | M] () -- C:\Arquivos de Programas\AVG Secure Search\vprot.exe
MOD - [2012/06/20 20:46:16 | 000,322,986 | ---- | M] () -- d:\Program Files\Git\git-cheetah\git_shell_ext.dll
MOD - [2012/06/18 12:24:30 | 000,260,096 | ---- | M] () -- C:\Arquivos de Programas\Notepad++\NppShell_05.dll
MOD - [2012/02/24 12:57:02 | 000,067,640 | ---- | M] () -- D:\Program Files\Avanquest\PowerDesk\PDHookServer.exe
MOD - [2012/02/24 10:32:58 | 000,011,264 | ---- | M] () -- D:\Program Files\Avanquest\PowerDesk\DClickDesktopHook.dll
MOD - [2012/02/24 10:32:10 | 000,107,520 | ---- | M] () -- C:\Windows\System32\FileMonitor32.dll
MOD - [2012/02/24 10:21:30 | 000,111,616 | ---- | M] () -- D:\Program Files\Avanquest\PowerDesk\MXGView.dll
MOD - [2012/02/24 10:20:34 | 000,011,264 | ---- | M] () -- D:\Program Files\Avanquest\PowerDesk\mxcview.dll
MOD - [2011/05/31 16:58:34 | 000,055,816 | ---- | M] () -- C:\Users\reginaldo\AppData\Local\Temp\9b93aee4-5d0f-43c6-98ae-ec0b1e7534ab\CliSecureRT.dll
MOD - [2011/05/19 17:59:57 | 000,044,544 | ---- | M] () -- C:\eclipse\configuration\org.eclipse.osgi\bundles\65\1\.cp\jWinHttp-1.0.0.dll
MOD - [2011/05/19 17:59:53 | 000,032,768 | ---- | M] () -- C:\eclipse\configuration\org.eclipse.osgi\bundles\62\1\.cp\os\win32\x86\localfile_1_0_0.dll
MOD - [2011/04/29 01:24:18 | 000,019,856 | ---- | M] () -- C:\Arquivos de Programas\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2011/03/27 17:11:04 | 000,094,208 | ---- | M] () -- C:\Arquivos de Programas\FileZilla FTP Client\fzshellext.dll
MOD - [2010/06/09 20:31:25 | 000,254,888 | ---- | M] () -- G:\Program Files\Adobe\Adobe Flash Builder 4 Plug-in\eclipse\plugins\com.adobe.flexide.nativelibs_4.0.1.277662\os\win32\x86\BridgeTalk.dll
MOD - [2010/06/09 20:31:10 | 000,031,656 | ---- | M] () -- G:\Program Files\Adobe\Adobe Flash Builder 4 Plug-in\eclipse\plugins\com.adobe.flexide.amt_4.0.1.277662\os\win32\x86\amt_win_jnilib.dll
MOD - [2010/06/09 20:31:04 | 000,033,704 | ---- | M] () -- G:\Program Files\Adobe\Adobe Flash Builder 4 Plug-in\eclipse\plugins\com.adobe.flexide.nativelibs_4.0.1.277662\os\win32\x86\Headlights.dll
MOD - [2010/06/09 20:30:37 | 000,083,368 | ---- | M] () -- G:\Program Files\Adobe\Adobe Flash Builder 4 Plug-in\eclipse\plugins\com.adobe.flexbuilder.utils.osnative_4.0.1.277662\os\win32\x86\JNIToNativeBridge.dll
MOD - [2010/03/15 11:28:24 | 000,141,824 | ---- | M] () -- C:\Arquivos de Programas\WinRAR\RarExt.dll
MOD - [2009/05/19 18:10:02 | 000,057,344 | ---- | M] () -- C:\eclipse\eclipse.exe
MOD - [2009/05/19 18:09:58 | 000,081,920 | ---- | M] () -- C:\eclipse\plugins\org.eclipse.equinox.launcher.win32.win32.x86_1.0.200.v20090519\eclipse_1206.dll
MOD - [2007/10/08 09:27:16 | 000,970,288 | ---- | M] () -- G:\VMware\VMware Workstation\libxml2.dll
MOD - [2007/10/08 09:26:48 | 000,080,432 | ---- | M] () -- G:\VMware\VMware Workstation\zlib1.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\WebCake\WebCakeDesktop.Updater.exe C:\Users\reginaldo\AppData\Roaming\WebCake\WebCakeDesktop.exe -- (WebCake Desktop Updater)
SRV - File not found [Auto | Stopped] -- d:\Program Files\Black Duck Software\CodeSight\tomcat\bin\tomcat6.exe //RS//codesighttc6 -- (codesighttc6)
SRV - File not found [Auto | Stopped] -- d:/Program Files/Black Duck Software/CodeSight/postgresql/bin/pg_ctl.exe runservice -- (BDSCodeSightPG)
SRV - File not found [On_Demand | Stopped] -- c:\xampp\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2013/07/17 15:12:02 | 000,054,424 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe -- (gzserv)
SRV - [2013/07/12 11:21:40 | 000,148,000 | ---- | M] (DealPly Technologies Ltd) [On_Demand | Stopped] -- C:\Program Files\DealPlyLive\Update\DealPlyLive.exe -- (dealplylivem)
SRV - [2013/07/12 11:21:40 | 000,148,000 | ---- | M] (DealPly Technologies Ltd) [Auto | Stopped] -- C:\Program Files\DealPlyLive\Update\DealPlyLive.exe -- (dealplylive)
SRV - [2013/06/27 01:19:20 | 000,569,256 | ---- | M] (Baidu Inc.) [Auto | Running] -- C:\Arquivos de Programas\Baidu Security\PC Faster\3.4.0.17\PCFasterSvc.exe -- (PCFasterSvc_{PCFaster_3.4.0.17})
SRV - [2013/05/23 10:48:10 | 000,410,152 | ---- | M] (GAS Tecnologia) [Auto | Running] -- C:\Arquivos de Programas\GbPlugin\gbpsv.exe -- (GbpSv)
SRV - [2013/05/22 05:49:54 | 001,618,280 | ---- | M] (Baidu, Inc.) [Auto | Running] -- C:\Arquivos de Programas\Baidu Security\Cloud Security\BAVSvc.exe -- (BAVSvc)
SRV - [2013/05/14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Arquivos de Programas\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Arquivos de Programas\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/02/01 15:21:08 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/27 17:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Arquivos de Programas\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/10 04:49:01 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Arquivos de Programas\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
SRV - [2012/03/25 23:02:04 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2011/04/01 20:17:08 | 000,067,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de Programas\IIS\Microsoft Web Deploy\MsDepSvc.exe -- (MsDepSvc)
SRV - [2011/03/09 12:35:08 | 008,144,896 | ---- | M] () [Auto | Start_Pending] -- c:\xampp\mysql\bin\mysqld.exe -- (mysql)
SRV - [2010/04/20 16:54:28 | 000,137,272 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Arquivos de Programas\Kaspersky Lab\NetworkAgent 8\klnagent.exe -- (klnagent)
SRV - [2010/03/12 20:29:22 | 000,311,680 | ---- | M] (Kaspersky Lab) [Disabled | Stopped] -- C:\Arquivos de Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe -- (AVP)
SRV - [2009/07/13 22:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 22:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 22:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 22:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008/07/29 13:10:46 | 003,201,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2008/06/13 14:24:02 | 000,081,920 | ---- | M] (Firebird Project) [Auto | Running] -- C:\Arquivos de Programas\Firebird\Firebird_2_1\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)
SRV - [2008/06/13 14:22:50 | 002,723,840 | ---- | M] (Firebird Project) [On_Demand | Running] -- C:\Arquivos de Programas\Firebird\Firebird_2_1\bin\fbserver.exe -- (FirebirdServerDefaultInstance)
SRV - [2007/10/08 09:26:52 | 000,150,064 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2007/10/08 09:26:50 | 000,121,392 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2007/10/08 09:26:28 | 000,109,104 | ---- | M] (VMware, Inc.) [Auto | Running] -- G:\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2007/08/07 12:34:56 | 000,186,928 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- G:\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/03/23 10:02:52 | 000,269,104 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Arquivos de Programas\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe -- (vmount2)
SRV - [2007/02/10 10:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de Programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS)
SRV - [2007/02/10 10:29:47 | 000,242,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Arquivos de Programas\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2007/02/10 05:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de Programas\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2006/10/27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006/10/26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/10/22 23:35:22 | 004,431,872 | ---- | M] () [Auto | Running] -- C:\Arquivos de Programas\Quest Software\Benchmark Factory for Databases\Repository\MySQL\bin\mysqld-max-nt.exe -- (BMFMySQL)
SRV - [2005/10/14 07:50:19 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Arquivos de Programas\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\SmiUsbIsdbtFseg127.sys -- (SMIUSBDTVFM)
DRV - [2013/07/17 15:35:30 | 000,031,088 | ---- | M] (GbPlugin NDIS Device Driver) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GbpNdisrd.sys -- (NdisrdMP)
DRV - [2013/07/17 15:35:30 | 000,031,088 | ---- | M] (GbPlugin NDIS Device Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GbpNdisrd.sys -- (Ndisrd)
DRV - [2013/05/28 12:11:21 | 000,355,744 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\trufos.sys -- (trufos)
DRV - [2013/05/08 09:52:48 | 000,049,536 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gbpkm.sys -- (GbpKm)
DRV - [2013/04/22 13:20:34 | 000,164,952 | ---- | M] (BitDefender LLC) [File_System | System | Running] -- C:\Windows\System32\drivers\gzflt.sys -- (gzflt)
DRV - [2013/04/17 17:18:46 | 000,108,008 | ---- | M] (Bitdefender SRL) [Kernel | System | Running] -- C:\Arquivos de Programas\Bitdefender\Antivirus Free Edition\bdfwfpf.sys -- (bdfwfpf)
DRV - [2013/04/17 14:59:04 | 000,633,344 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avc3.sys -- (avc3)
DRV - [2013/04/17 14:59:04 | 000,486,536 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\avckf.sys -- (avckf)
DRV - [2013/03/29 02:53:48 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/03/21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/03/01 10:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/02/08 04:37:58 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/02/08 04:37:56 | 000,245,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/02/08 04:37:52 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/02/08 04:37:44 | 000,170,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/02/08 04:37:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012/10/02 12:31:18 | 000,134,136 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Arquivos de Programas\Bitdefender\Antivirus Free Edition\bdselfpr.sys -- (bdselfpr)
DRV - [2011/04/07 09:25:35 | 000,233,560 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2011/04/07 09:25:35 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2011/01/03 05:38:36 | 000,136,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/01/03 05:38:36 | 000,121,192 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011/01/03 05:38:36 | 000,114,152 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2011/01/03 05:38:36 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2010/12/21 02:55:02 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010/12/21 02:55:02 | 000,110,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd)
DRV - [2010/12/21 02:55:02 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2010/12/21 02:55:02 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010/12/21 02:55:02 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2010/04/12 05:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/11/12 18:49:02 | 000,126,480 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2009/09/03 16:24:40 | 000,024,848 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klfltdev.sys -- (KLFLTDEV)
DRV - [2009/07/13 22:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/13 22:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 22:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/13 21:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 20:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
DRV - [2009/07/13 20:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 20:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/06/10 18:19:48 | 009,853,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/10/08 09:27:34 | 000,924,976 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)
DRV - [2007/10/08 09:27:34 | 000,034,864 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)
DRV - [2007/10/08 09:27:32 | 000,025,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2007/10/08 09:27:30 | 000,020,912 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2007/10/08 09:27:02 | 000,015,920 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmparport.sys -- (VMparport)
DRV - [2007/10/08 09:26:06 | 000,028,592 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2007/10/08 09:26:06 | 000,016,816 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2007/08/07 12:33:54 | 000,019,248 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- G:\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2007/03/23 10:03:00 | 000,018,480 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Arquivos de Programas\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys -- (vstor2)
DRV - [2006/11/09 02:00:12 | 000,027,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\XPVCOM.sys -- (xpvcom)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www2.inbox.co...tb_id&%language
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...?babsrc=HP_Prot
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E8 03 1D B0 F9 47 CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://mixidj.delta-...121136&tsp=4941
IE - HKCU\..\SearchScopes\{39B8835F-B000-469B-98BD-6342F288E5A0}: "URL" = http://websearch.ask...47-D17E0DF9394E
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-06-04 10:58:24&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://www2.inbox.co...80585&lng=pt-br
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com Search"
FF - prefs.js..browser.search.selectedEngine: "Mixi.DJ Search"
FF - prefs.js..browser.startup.homepage: "http://search.babylo...00001d7d8baf62"
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37
FF - prefs.js..extensions.enabledAddons: avg%40toolbar:11.1.0.12
FF - prefs.js..extensions.enabledAddons: %7BEEE6C361-6118-11DC-9C72-001320C79847%7D:1.9.0.0
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40babylon.com:1.2.0
FF - prefs.js..extensions.enabledAddons: %7B906000a4-88d9-4d52-b209-7a772970d91f%7D:2.0
FF - prefs.js..extensions.enabledAddons: 1shady%40facebook.com:4.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=3: C:\Program Files\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)
FF - HKLM\Software\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=9: C:\Program Files\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\reginaldo\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\reginaldo\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\gastecnologia.com.br/sf/bb: C:\Users\reginaldo\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll (GAS Tecnologia)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\SiteRanker\firefox\ [2012/02/27 10:04:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/07/10 04:49:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/07/12 11:36:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/13 12:38:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/07/12 11:36:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{87F8774F-B485-47E2-A755-A40A8A5E886C}: C:\Users\reginaldo\AppData\Local\GAS Tecnologia\GBBD\bb\xpi [2013/07/17 15:28:36 | 000,000,000 | ---D | M]

[2011/05/31 09:34:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\reginaldo\AppData\Roaming\mozilla\Extensions
[2013/07/17 15:28:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\reginaldo\AppData\Roaming\mozilla\Firefox\Profiles\j7s47pnu.default\extensions
[2013/07/12 11:21:32 | 000,000,000 | ---D | M] (DealPly Shopping) -- C:\Users\reginaldo\AppData\Roaming\mozilla\Firefox\Profiles\j7s47pnu.default\extensions\{906000a4-88d9-4d52-b209-7a772970d91f}
[2012/07/17 12:07:40 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\reginaldo\AppData\Roaming\mozilla\Firefox\Profiles\j7s47pnu.default\extensions\[email protected]
[2013/07/12 11:24:00 | 000,000,000 | ---D | M] (MixiDJ Toolbar) -- C:\Users\reginaldo\AppData\Roaming\mozilla\Firefox\Profiles\j7s47pnu.default\extensions\[email protected]
[2013/07/12 11:23:06 | 000,000,000 | ---D | M] (WebCake) -- C:\Users\reginaldo\AppData\Roaming\mozilla\Firefox\Profiles\j7s47pnu.default\extensions\[email protected]
[2013/07/17 09:45:44 | 000,045,474 | ---- | M] () (No name found) -- C:\Users\reginaldo\AppData\Roaming\mozilla\firefox\profiles\j7s47pnu.default\extensions\[email protected]
[2013/04/17 12:03:56 | 000,053,943 | ---- | M] () (No name found) -- C:\Users\reginaldo\AppData\Roaming\mozilla\firefox\profiles\j7s47pnu.default\extensions\[email protected]
[2013/02/13 13:21:27 | 000,190,000 | ---- | M] () (No name found) -- C:\Users\reginaldo\AppData\Roaming\mozilla\firefox\profiles\j7s47pnu.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2013/02/08 14:53:16 | 000,002,333 | ---- | M] () -- C:\Users\reginaldo\AppData\Roaming\mozilla\firefox\profiles\j7s47pnu.default\searchplugins\askcom.xml
[2013/03/07 17:34:16 | 000,002,306 | ---- | M] () -- C:\Users\reginaldo\AppData\Roaming\mozilla\firefox\profiles\j7s47pnu.default\searchplugins\askcomsearch.xml
[2013/07/12 11:23:18 | 000,006,513 | ---- | M] () -- C:\Users\reginaldo\AppData\Roaming\mozilla\firefox\profiles\j7s47pnu.default\searchplugins\babylon.xml
[2013/07/12 11:24:02 | 000,001,305 | ---- | M] () -- C:\Users\reginaldo\AppData\Roaming\mozilla\firefox\profiles\j7s47pnu.default\searchplugins\mixidj.xml
[2012/06/15 15:37:24 | 000,003,915 | ---- | M] () -- C:\Users\reginaldo\AppData\Roaming\mozilla\firefox\profiles\j7s47pnu.default\searchplugins\sweetim.xml
[2013/06/14 12:16:07 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de Programas\Mozilla Firefox\extensions
[2013/06/14 12:16:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Arquivos de Programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2012/10/17 17:28:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Arquivos de Programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012/10/17 17:28:02 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012/07/10 04:49:07 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.12
[2013/02/01 15:21:57 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/07/10 04:48:59 | 000,003,770 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/07/17 12:07:23 | 000,002,349 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2013/02/01 17:20:56 | 000,001,240 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\buscape.xml
[2013/02/01 17:20:56 | 000,001,425 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mercadolivre.xml
[2013/02/01 17:20:56 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2013/02/01 17:20:56 | 000,001,381 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-br.xml
[2013/02/01 17:20:56 | 000,001,165 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-br.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll
CHR - plugin: DealPlyLive Update (Enabled) = C:\Program Files\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: WPI Detector 1.4 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: Google Docs = C:\Users\reginaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\reginaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\reginaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Pesquisa do Google = C:\Users\reginaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Chrome Service Pack = C:\Users\reginaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjhggkmkfbmbobefmohgfabbdibnmkpi\5.0.0_1\
CHR - Extension: Chrome Service Pack = C:\Users\reginaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjhggkmkfbmbobefmohgfabbdibnmkpi\5.1.0_0\
CHR - Extension: SweetIM for Facebook = C:\Users\reginaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of
CHR - Extension: SweetIM for Facebook = C:\Users\reginaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: DealPly Shopping = C:\Users\reginaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf\3.5.0.0_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\reginaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0\
CHR - Extension: Gmail = C:\Users\reginaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Google Docs = C:\Users\reginaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\reginaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\reginaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Pesquisa do Google = C:\Users\reginaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Chrome Service Pack = C:\Users\reginaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjhggkmkfbmbobefmohgfabbdibnmkpi\5.0.0_1\
CHR - Extension: Chrome Service Pack = C:\Users\reginaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjhggkmkfbmbobefmohgfabbdibnmkpi\5.1.0_0\
CHR - Extension: SweetIM for Facebook = C:\Users\reginaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of
CHR - Extension: SweetIM for Facebook = C:\Users\reginaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: DealPly Shopping = C:\Users\reginaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf\3.5.0.0_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\reginaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0\
CHR - Extension: Gmail = C:\Users\reginaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/01/16 10:30:04 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\Arquivos de Programas\SiteRanker\SiteRank.dll (Crawler, LLC)
O2 - BHO: (WebCake) - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Arquivos de Programas\WebCake\WebCakeIEClient.dll (WebCake LLC)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Arquivos de Programas\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Arquivos de Programas\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (mixidj Helper Object) - {4D6A9BBF-402C-4301-B1EF-28D04F71D761} - C:\Arquivos de Programas\mixidj\mixidj\1.8.18.8\bh\mixidj.dll (MixiDJ)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de Programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de Programas\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Arquivos de Programas\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (DealPly Shopping) - {ae48ed75-5a56-4c5f-bbce-6f1ac3875f66} - C:\Arquivos de Programas\DealPly\DealPlyIE.dll (DealPly)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de Programas\GbPlugin\gbieh.dll (Banco do Brasil)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de Programas\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Arquivos de Programas\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Arquivos de Programas\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Arquivos de Programas\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (MixiDJ Toolbar) - {CA9B9C89-4662-4ADC-9C23-A452BECD5D19} - C:\Arquivos de Programas\mixidj\mixidj\1.8.18.8\mixidjTlbr.dll (MixiDJ)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Arquivos de Programas\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Arquivos de Programas\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Baidu PC Faster 3.4.0.17] C:\Program Files\Baidu Security\PC Faster\3.4.0.17\PCFaster.exe (Baidu Inc.)
O4 - HKLM..\Run: [DivXMediaServer] C:\Arquivos de Programas\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe (Flexera Software, Inc.)
O4 - HKLM..\Run: [VMware hqtray] G:\VMware\VMware Workstation\hqtray.exe (VMware, Inc.)
O4 - HKLM..\Run: [vmware-tray] G:\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\reginaldo\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Flexera Software, Inc.)
O4 - HKCU..\Run: [KiesPDLR] C:\Arquivos de Programas\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [PDHookServer] D:\Program Files\Avanquest\PowerDesk\PDHookServer.exe ()
O4 - Startup: C:\Users\reginaldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeskPins.lnk = C:\Arquivos de Programas\DeskPins\DeskPins.exe (Elias Fotinis)
O4 - Startup: C:\Users\reginaldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de Programas\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\scieplgn.dll (Kaspersky Lab)
O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Arquivos de Programas\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www14] * in Trusted sites)
O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www2] * in Trusted sites)
O15 - HKCU\..Trusted Domains: bb.com.br ([www] * in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{70EE7DC9-969D-443D-9228-B72E0DD5A9BD}: NameServer = 201.6.2.45,200.153.0.68
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de Programas\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de Programas\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\qrev {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - C:\Arquivos de Programas\Quest Software\Toad for Oracle\RNetPin.dll ()
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Arquivos de Programas\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\FileMonitor32.dll) - C:\Windows\System32\FileMonitor32.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ GbPluginBb: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de Programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Arquivos de Programas\GbPlugin\gbieh.dll (Banco do Brasil)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/11/01 15:27:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Embarcadero RadPHP XE2
[2013/07/17 15:28:36 | 000,000,000 | ---D | C] -- C:\Users\reginaldo\AppData\Local\GAS Tecnologia
[2013/07/17 15:28:36 | 000,000,000 | ---D | C] -- C:\ProgramData\GAS Tecnologia
[2013/07/17 15:28:29 | 000,000,000 | ---D | C] -- C:\Users\reginaldo\AppData\Local\Programs
[2013/07/17 15:12:28 | 000,242,504 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\avchv.sys
[2013/07/17 14:34:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus Free Edition
[2013/07/17 14:33:54 | 000,633,344 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\avc3.sys
[2013/07/17 14:33:54 | 000,486,536 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\avckf.sys
[2013/07/17 14:26:41 | 000,000,000 | ---D | C] -- C:\Users\reginaldo\AppData\Roaming\QuickScan
[2013/07/17 14:26:21 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2013/07/17 14:25:50 | 000,164,952 | ---- | C] (BitDefender LLC) -- C:\Windows\System32\drivers\gzflt.sys
[2013/07/17 14:25:47 | 000,355,744 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\trufos.sys
[2013/07/17 12:38:51 | 000,229,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/07/17 12:35:41 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/07/17 12:34:28 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/07/17 12:13:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster
[2013/07/17 12:13:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Baidu Security
[2013/07/17 12:12:59 | 000,000,000 | ---D | C] -- C:\Users\reginaldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster
[2013/07/17 12:12:19 | 000,000,000 | ---D | C] -- C:\Users\reginaldo\AppData\Roaming\Baidu
[2013/07/17 12:12:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Baidu
[2013/07/17 12:11:52 | 000,000,000 | ---D | C] -- C:\Program Files\Baidu Security
[2013/07/17 12:10:17 | 000,000,000 | ---D | C] -- C:\Users\reginaldo\AppData\Roaming\Baidu Security
[2013/07/12 12:58:49 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/07/12 12:58:34 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/07/12 12:58:33 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/07/12 12:58:32 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/07/12 12:40:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/07/12 11:34:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2013/07/12 11:33:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2013/07/12 11:24:56 | 000,000,000 | ---D | C] -- C:\ErrorLog
[2013/07/12 11:24:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
[2013/07/12 11:24:03 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2013/07/12 11:23:58 | 000,000,000 | ---D | C] -- C:\Program Files\mixidj
[2013/07/12 11:23:56 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserDefender
[2013/07/12 11:23:47 | 000,000,000 | ---D | C] -- C:\Users\reginaldo\AppData\Roaming\BabSolution
[2013/07/12 11:23:43 | 000,000,000 | ---D | C] -- C:\Users\reginaldo\AppData\Roaming\Codec Package Packages
[2013/07/12 11:23:39 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid
[2013/07/12 11:23:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
[2013/07/12 11:23:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DirectVobSub
[2013/07/12 11:23:38 | 000,000,000 | ---D | C] -- C:\Users\reginaldo\AppData\Roaming\mixidj
[2013/07/12 11:23:29 | 000,000,000 | ---D | C] -- C:\Program Files\DirectVobSub
[2013/07/12 11:23:27 | 000,000,000 | ---D | C] -- C:\Users\reginaldo\AppData\Roaming\LavFilters
[2013/07/12 11:23:27 | 000,000,000 | ---D | C] -- C:\Users\reginaldo\AppData\Roaming\CDXReader
[2013/07/12 11:23:26 | 000,000,000 | ---D | C] -- C:\Users\reginaldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
[2013/07/12 11:23:26 | 000,000,000 | ---D | C] -- C:\Program Files\Haali
[2013/07/12 11:23:22 | 000,000,000 | ---D | C] -- C:\Program Files\DSP-worx
[2013/07/12 11:23:19 | 000,000,000 | ---D | C] -- C:\Program Files\Lame For Audacity
[2013/07/12 11:23:17 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2013/07/12 11:23:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
[2013/07/12 11:23:04 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2013/07/12 11:23:02 | 000,000,000 | ---D | C] -- C:\Users\reginaldo\AppData\Local\Babylon
[2013/07/12 11:23:00 | 000,000,000 | ---D | C] -- C:\Program Files\OpenSource Flash Video Splitter
[2013/07/12 11:22:54 | 000,000,000 | ---D | C] -- C:\Users\reginaldo\AppData\Roaming\WebCake
[2013/07/12 11:22:54 | 000,000,000 | ---D | C] -- C:\Program Files\WebCake
[2013/07/12 11:22:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013/07/12 11:21:44 | 000,000,000 | ---D | C] -- C:\Users\reginaldo\AppData\Local\DealPlyLive
[2013/07/12 11:21:44 | 000,000,000 | ---D | C] -- C:\ProgramData\DealPlyLive
[2013/07/12 11:21:44 | 000,000,000 | ---D | C] -- C:\Program Files\DealPlyLive
[2013/07/12 11:21:16 | 000,000,000 | ---D | C] -- C:\Users\reginaldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
[2013/07/12 11:21:10 | 000,000,000 | ---D | C] -- C:\Program Files\DealPly
[2013/07/10 15:02:24 | 000,000,000 | ---D | C] -- C:\Users\reginaldo\AppData\Roaming\FlexPaper-Desktop
[2013/07/10 15:01:21 | 000,000,000 | ---D | C] -- C:\Program Files\FlexPaper Desktop Publisher
[2013/07/10 15:01:20 | 000,000,000 | ---D | C] -- C:\Users\reginaldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FlexPaper Desktop Publisher
[2013/07/09 08:35:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/07/05 15:21:47 | 000,000,000 | ---D | C] -- C:\Temp
[2013/07/02 09:48:56 | 000,000,000 | ---D | C] -- C:\Users\reginaldo\AppData\Roaming\com.gnstudio.SudokuPuzzle.21A2A8CD1A195AC949E2627A88211BFA3C8EC02A.1
[2013/07/02 09:48:52 | 000,000,000 | ---D | C] -- C:\Program Files\SudokuPuzzle
[2013/07/01 14:46:42 | 000,000,000 | ---D | C] -- C:\Python26
[2013/06/27 09:57:58 | 000,000,000 | -H-D | C] -- C:\ProgramData\{857B0D11-62C8-4FE0-B933-B80313FE43AD}
[2013/06/27 09:57:34 | 000,000,000 | ---D | C] -- C:\Users\reginaldo\AppData\Local\PackageAware

========== Files - Modified Within 30 Days ==========

[2013/07/17 15:46:05 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/17 15:46:05 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/17 15:44:00 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/17 15:36:27 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/17 15:36:27 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\DealPlyLiveUpdateTaskMachineCore.job
[2013/07/17 15:35:30 | 000,031,088 | ---- | M] (GbPlugin NDIS Device Driver) -- C:\Windows\System32\drivers\GbpNdisrd.sys
[2013/07/17 15:35:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/17 15:35:08 | 2407,653,376 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/17 15:29:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\DealPlyLiveUpdateTaskMachineUA.job
[2013/07/17 15:28:42 | 000,012,990 | ---- | M] () -- C:\Users\reginaldo\AppData\Roaming\unins000.dat
[2013/07/17 15:28:28 | 000,720,082 | ---- | M] () -- C:\Users\reginaldo\AppData\Roaming\unins000.exe
[2013/07/17 15:12:28 | 000,242,504 | ---- | M] (BitDefender) -- C:\Windows\System32\drivers\avchv.sys
[2013/07/17 15:12:01 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/07/17 14:35:24 | 000,183,493 | ---- | M] () -- C:\ProgramData\1374081921.bdinstall.bin
[2013/07/17 14:34:12 | 000,002,176 | ---- | M] () -- C:\Users\Public\Desktop\Bitdefender Antivirus Free Edition.lnk
[2013/07/17 14:32:40 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2346645550-1623860638-3299836702-1000UA.job
[2013/07/17 12:39:41 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/07/17 12:39:41 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/07/17 12:39:41 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/07/17 12:13:03 | 000,001,300 | ---- | M] () -- C:\Users\reginaldo\Desktop\Baidu PC Faster.lnk
[2013/07/17 11:57:51 | 000,430,856 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/07/17 09:45:13 | 000,036,680 | ---- | M] () -- C:\Users\reginaldo\AppData\Roaming\temp.crx
[2013/07/16 20:32:01 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2346645550-1623860638-3299836702-1000Core.job
[2013/07/16 14:49:27 | 000,002,036 | -H-- | M] () -- C:\Users\reginaldo\Documents\Default.rdp
[2013/07/12 22:48:19 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/07/12 12:58:14 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/07/12 12:58:12 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/07/12 12:58:12 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/07/12 12:58:12 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/07/12 12:58:11 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2013/07/12 12:58:11 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013/07/12 11:36:21 | 000,001,555 | ---- | M] () -- C:\Users\reginaldo\Desktop\DivX Movies.lnk
[2013/07/12 11:35:48 | 000,001,086 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2013/07/12 11:34:57 | 000,001,126 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2013/07/12 11:23:06 | 000,001,792 | ---- | M] () -- C:\Windows\unins000.dat
[2013/07/12 11:23:01 | 000,715,038 | ---- | M] () -- C:\Windows\unins000.exe
[2013/07/09 08:35:34 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/07/02 09:48:53 | 000,000,881 | ---- | M] () -- C:\Users\Public\Desktop\SudokuPuzzle.lnk
[2013/06/27 15:32:27 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\PROCMON23.SYS
[2013/06/27 14:38:37 | 000,754,004 | ---- | M] () -- C:\Windows\System32\prfh0416.dat
[2013/06/27 14:38:37 | 000,702,516 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/06/27 14:38:37 | 000,165,480 | ---- | M] () -- C:\Windows\System32\prfc0416.dat
[2013/06/27 14:38:37 | 000,140,088 | ---- | M] () -- C:\Windows\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2013/07/17 15:28:36 | 000,720,082 | ---- | C] () -- C:\Users\reginaldo\AppData\Roaming\unins000.exe
[2013/07/17 15:28:36 | 000,012,990 | ---- | C] () -- C:\Users\reginaldo\AppData\Roaming\unins000.dat
[2013/07/17 14:35:22 | 000,183,493 | ---- | C] () -- C:\ProgramData\1374081921.bdinstall.bin
[2013/07/17 14:34:12 | 000,002,176 | ---- | C] () -- C:\Users\Public\Desktop\Bitdefender Antivirus Free Edition.lnk
[2013/07/17 12:39:42 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/07/17 12:39:41 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/07/17 12:39:41 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/07/17 12:13:03 | 000,001,300 | ---- | C] () -- C:\Users\reginaldo\Desktop\Baidu PC Faster.lnk
[2013/07/17 09:45:12 | 000,036,680 | ---- | C] () -- C:\Users\reginaldo\AppData\Roaming\temp.crx
[2013/07/12 12:40:07 | 000,002,129 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/07/12 11:36:21 | 000,001,555 | ---- | C] () -- C:\Users\reginaldo\Desktop\DivX Movies.lnk
[2013/07/12 11:35:48 | 000,001,086 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2013/07/12 11:34:57 | 000,001,126 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2013/07/12 11:24:07 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\DealPlyLiveUpdateTaskMachineUA.job
[2013/07/12 11:24:03 | 000,153,088 | ---- | C] () -- C:\Windows\System32\xvid.ax
[2013/07/12 11:24:02 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2013/07/12 11:24:02 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2013/07/12 11:23:30 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2013/07/12 11:23:07 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2013/07/12 11:23:04 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe
[2013/07/12 11:23:04 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2013/07/12 11:23:04 | 000,001,792 | ---- | C] () -- C:\Windows\unins000.dat
[2013/07/12 11:22:48 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\DealPlyLiveUpdateTaskMachineCore.job
[2013/07/02 09:48:53 | 000,000,893 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SudokuPuzzle.lnk
[2013/07/02 09:48:53 | 000,000,881 | ---- | C] () -- C:\Users\Public\Desktop\SudokuPuzzle.lnk
[2013/06/27 15:32:21 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\PROCMON23.SYS
[2013/04/24 14:42:40 | 000,000,176 | ---- | C] () -- C:\Windows\REC-NET.INI
[2012/08/16 16:43:34 | 000,027,520 | ---- | C] () -- C:\Users\reginaldo\AppData\Local\dt.dat
[2012/06/19 10:12:42 | 000,312,320 | ---- | C] () -- C:\Windows\System32\wwregex.dll
[2012/05/29 13:57:21 | 000,000,063 | ---- | C] () -- C:\Windows\UnisAval_LOG.INI
[2012/05/29 12:49:09 | 000,004,703 | ---- | C] () -- C:\Windows\InfoPowerMasks.ini
[2012/05/25 15:15:54 | 000,000,030 | ---- | C] () -- C:\Users\reginaldo\.mjsync_pt_BR
[2012/03/21 14:01:05 | 001,849,344 | ---- | C] () -- C:\Windows\System32\Qt4Pas5.dll
[2012/03/07 11:41:37 | 000,000,144 | ---- | C] () -- C:\Users\reginaldo\AppData\Local\HBKIENJTPKBTRBLGQDHS.4300.blb
[2012/03/05 15:30:43 | 000,000,144 | ---- | C] () -- C:\Users\reginaldo\AppData\Local\SFKBTDOTSSHIDRFDNKNS.7524.blb
[2012/03/05 14:56:25 | 000,000,144 | ---- | C] () -- C:\Users\reginaldo\AppData\Local\FOGGDNIARLMSJIOSDDLT.7524.blb
[2012/03/05 12:32:03 | 000,000,144 | ---- | C] () -- C:\Users\reginaldo\AppData\Local\DQPPSLQBQAINJLHTDKGR.7524.blb
[2012/02/24 10:32:10 | 000,107,520 | ---- | C] () -- C:\Windows\System32\FileMonitor32.dll
[2012/02/09 08:11:26 | 000,000,144 | ---- | C] () -- C:\Users\reginaldo\AppData\Local\PESAATFCPKIMOPTPERTR.4648.blb
[2012/02/08 14:21:17 | 000,000,144 | ---- | C] () -- C:\Users\reginaldo\AppData\Local\JDKOGFIJFPBSFBEGDJSK.4648.blb
[2012/02/08 11:51:50 | 000,000,144 | ---- | C] () -- C:\Users\reginaldo\AppData\Local\SDCDPRHTRGNEMKRKJERR.4648.blb
[2012/02/08 10:52:01 | 000,000,144 | ---- | C] () -- C:\Users\reginaldo\AppData\Local\COFIEMNBKQHCJLSFOQFB.4648.blb
[2012/02/08 09:08:31 | 000,000,144 | ---- | C] () -- C:\Users\reginaldo\AppData\Local\DHNMJSCTSERTILLQMTTE.3044.blb
[2012/02/03 08:28:46 | 000,000,144 | ---- | C] () -- C:\Users\reginaldo\AppData\Local\QBDHEHLPTDMNRPLGAISG.2776.blb
[2012/02/02 15:53:01 | 000,000,144 | ---- | C] () -- C:\Users\reginaldo\AppData\Local\CELAPGGJDMLPRBQBNRPQ.2776.blb
[2012/02/02 15:17:32 | 000,000,144 | ---- | C] () -- C:\Users\reginaldo\AppData\Local\ILIDTOMSSPAFIIKAQQTJ.2776.blb
[2012/02/02 14:08:20 | 000,000,144 | ---- | C] () -- C:\Users\reginaldo\AppData\Local\QETGSBLJPCHDLCAKBEFG.2776.blb
[2012/01/19 16:11:11 | 000,000,144 | ---- | C] () -- C:\Users\reginaldo\AppData\Local\RBARCJPKTQSHLBGQDONS.1324.blb
[2012/01/19 15:48:48 | 000,000,144 | ---- | C] () -- C:\Users\reginaldo\AppData\Local\RBARCJPKTQSHLBGQDONS.8080.blb
[2012/01/19 14:51:40 | 000,000,144 | ---- | C] () -- C:\Users\reginaldo\AppData\Local\SIFQGTBTPSSMHJPFLKLR.8080.blb
[2012/01/19 11:38:35 | 000,000,144 | ---- | C] () -- C:\Users\reginaldo\AppData\Local\FOQCCBENBAETMMHTSPRG.8080.blb
[2012/01/19 09:57:56 | 000,000,144 | ---- | C] () -- C:\Users\reginaldo\AppData\Local\MLQNMAPJOSNNLJJQIPPF.8080.blb
[2012/01/19 09:07:00 | 000,000,144 | ---- | C] () -- C:\Users\reginaldo\AppData\Local\IKGSGHMDDGRKTQNQDRMS.5564.blb
[2012/01/19 08:25:31 | 000,000,144 | ---- | C] () -- C:\Users\reginaldo\AppData\Local\RNGAMARRDSAPQRFJTPHJ.5564.blb
[2012/01/18 13:31:56 | 000,000,144 | ---- | C] () -- C:\Users\reginaldo\AppData\Local\MCPHPLPBTJDQFLFMMGBS.1576.blb
[2012/01/18 13:10:57 | 000,000,144 | ---- | C] () -- C:\Users\reginaldo\AppData\Local\OKQEIORMPJJONNIGKAFC.1576.blb
[2012/01/18 11:50:53 | 000,000,144 | ---- | C] () -- C:\Users\reginaldo\AppData\Local\LEJMQGEOSQCJNNFSFJQR.1576.blb
[2012/01/18 10:28:45 | 000,000,144 | ---- | C] () -- C:\Users\reginaldo\AppData\Local\RGDTAQRSQJEFFTELCGFP.1576.blb
[2012/01/17 13:44:30 | 000,000,144 | ---- | C] () -- C:\Users\reginaldo\AppData\Local\OIBMSLTGKCDCDKGPCLHN.4288.blb
[2012/01/17 13:33:54 | 000,000,144 | ---- | C] () -- C:\Users\reginaldo\AppData\Local\AQBQIIQLLHTAMDIPENJE.4120.blb
[2012/01/17 13:27:16 | 000,000,144 | ---- | C] () -- C:\Users\reginaldo\AppData\Local\AHNBAJHOQTBMTMAQARLT.1512.blb
[2012/01/17 13:21:23 | 000,000,144 | ---- | C] () -- C:\Users\reginaldo\AppData\Local\TGSAFTKHRABNQNKNCASP.5576.blb
[2012/01/17 13:09:42 | 000,000,144 | ---- | C] () -- C:\Users\reginaldo\AppData\Local\LONACLFJDEAPIBMCGCQR.1580.blb
[2012/01/17 11:22:54 | 000,000,144 | ---- | C] () -- C:\Users\reginaldo\AppData\Local\ONIHOBGKLEMPOCCLMAEH.1580.blb
[2011/11/11 14:23:37 | 000,007,611 | ---- | C] () -- C:\Users\reginaldo\AppData\Local\Resmon.ResmonCfg
[2011/10/11 08:55:28 | 000,000,014 | ---- | C] () -- C:\Windows\System32\systeminfo.dll
[2011/10/07 15:16:04 | 000,045,672 | ---- | C] () -- C:\Users\reginaldo\report2.jasper
[2011/10/07 15:14:05 | 000,006,780 | ---- | C] () -- C:\Users\reginaldo\report2.jrxml
[2011/10/07 15:04:04 | 000,043,860 | ---- | C] () -- C:\Users\reginaldo\report1.jasper
[2011/10/07 15:01:24 | 000,199,146 | ---- | C] () -- C:\Users\reginaldo\coffee_stain.png
[2011/10/07 15:01:24 | 000,100,830 | ---- | C] () -- C:\Users\reginaldo\coffee.jpg
[2011/10/07 15:01:24 | 000,009,073 | ---- | C] () -- C:\Users\reginaldo\report1.jrxml
[2011/08/24 17:43:06 | 000,000,157 | ---- | C] () -- C:\Users\reginaldo\.appletviewer
[2011/07/15 12:23:22 | 000,000,002 | ---- | C] () -- C:\Users\reginaldo\libbancodados.php
[2011/05/30 10:42:08 | 000,000,036 | ---- | C] () -- C:\Users\reginaldo\.org.eclipse.epp.usagedata.recording.userId
[2011/04/12 16:49:58 | 000,025,770 | ---- | C] () -- C:\Users\reginaldo\ntuserdirect_MyManager.dat
[2011/03/30 16:18:32 | 000,004,608 | ---- | C] () -- C:\Users\reginaldo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009/07/14 01:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/07/13 22:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 22:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 22:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 208 bytes -> C:\Windows\System32\drivers:GbpKmAp.lst
@Alternate Data Stream - 2 bytes -> C:\Windows\System32:3D52A046_Bb.gbp

< End of report >

Attached Files

  • Attached File  OTL.Txt   152.6KB   113 downloads

  • 0

Advertisements


#2
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello Reginaldo, :wave: Welcome to the forums!
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.
I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • If I ask a Question just answer it, don't run anything unless directed to.
Please read every post completely before doing anything.
  • Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
  • Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.
  • I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :lol: )
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

IMPORTANT:Change your browser(s) to download any tools to the desktop.
Follow the directions here
For FireFox check the dot beside "Always ask me where to save files."
For Chrome, check the box beside "Ask where to save each file before downloading"
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

When OTL runs the first time it creates a file named Extras.txt. It should be in the same directory you ran OTL from. The C:\Users\reginaldo\Downloads folder. Please post the contents of that file.

You have a couple of immediate issues that we will need to deal with before running any fixes on this machine.

1.
Multiple Antivitus Progams Installed

I see that you have more than one antivirus programs installed and running. You should only have one antivirus program installed and running. Antivirus programs run in the background providing continuous protection of your system. It's called Real-Time Protection, or scanning, and it uses system resources as it runs. Two or more antivirus programs running at the same time will use 2 or 3 times the amount of system resources, or more. Because each program wants control of the system, there will be conflicts caused, including false positives. The end result is actually LESS antivirus protection.

I can see at least four AV programs on the system. Not all aof them are running at the same time but AVG and Baidu PC Faster 3.4.0.17 are. I also see evidence of Bitdefender and Kaspersky AV programs.

2.
Hard-Drive Free Space Advice:

The OTL log shows the free space on the Windows drive C:\ to be critically low. When hard drive space is this low it could prevent our tools from operating properly.

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 75,03 Gb Total Space | 3,26 Gb Free Space | 4,34% Space Free | Partition Type: NTFS


3.34% free space is considered dangerously low. A Hard-Drive requires a bare minimum of 15% available free space to be able to function correctly, but at least 25% is better in my humble opinion.

You will need to uninstall some software you do not need and / or move any documents/files/pictures etc to a form of removable media. The lack of current Hard-Drive space will be impacting on overall system performance. Plus eventually any type of system maintenance will prove to be problematic.

3.
Your Windows version is out of date but we can't do anything about that until some space is freed up on the hard drive. Windows 7 should have Service Pack 1 installed.
From the OTL log:

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation


This is from the Microsoft website:

Support for Windows 7 without service packs ended on April 9, 2013.

This means that you no longer get any updates from Microsoft. We will address this in due course.


Step-1

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.

1. Free up at least 15% free space on your hard drive.
2. Tell me which antivirus you want to keep on the computer.
3. Can you tell me why Windows 7 hasn't been updated to Service Pack 1?
4. The Extras.txt log
  • 0

#3
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP