Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Internet problems and bluescreen


  • Please log in to reply

#16
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,016 posts
  • MVP

OK.  Then we have to point Windows at the folder when it tries to install the driver.  If you delete the atheros under Network adapters and reboot it should find it and it should ask you where to find the files since it doesn't have them.  Point it at the folder you extracted.


  • 0

Advertisements


#17
Vicdd

Vicdd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

Wow, i cleaned the vent and suddenly, after deleting atheros again and rebooting, my internet started working again! It's a miracle. If the bluescreen doesn't appear the problem is almost solved. The only problem left is the com surrogate one. Also, before the surrogate problem there's another error that appears just 1 time saying: "Host process for windows services stopped working and was closed" when i open Skype. The surrogate problem appears with many things but the host problem appears just with skype ( or maybe it's because skype is the first thing i open and the problem just appears 1 time only)


  • 0

#18
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,016 posts
  • MVP

A cool PC is a happier PC!

 

I expect Windows found the drivers we just downloaded.  Sometimes you get lucky.

 

Since the problem appears to be related to Skype, I would uninstall Skype, download a brand new version and reinstall. (watch out for the adware/optional programs they have started throwing in)


  • 0

#19
Vicdd

Vicdd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

But the COM Surrogate problem happens with everything and appears multiple times, just that "Host process for windows services stopped working and was closed" happens with skype. I will try the reinstall though.

Edit: Ok, the host problem is gone, but the com surrogate one happens everytime everywhere (with skype it appears 5 or 6 times).


Edited by Vicdd, 07 January 2015 - 02:28 PM.

  • 0

#20
Vicdd

Vicdd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

So... no solution?

I guess it's related to pictures or thumbnails.


  • 0

#21
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,016 posts
  • MVP

Let's look at the files in question and see what version they are:

 

Copy the text in the code box by highlighting and Ctrl + c 
 
 
/md5start
DllHost.exe
ESENT.dll
/md5stop
 
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text.  Verify that you got it all and Then click the Run SCAN button at the top
Let the program run unhindered, OTL will not reboot the PC when it is done.  Save the log and copy and paste it to a reply.

  • 0

#22
Vicdd

Vicdd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

Here:

OTL logfile created on: 2015/01/10 20:01:46 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Victor\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: yyyy/MM/dd
 
3,93 Gb Total Physical Memory | 1,45 Gb Available Physical Memory | 36,97% Memory free
4,97 Gb Paging File | 1,79 Gb Available in Paging File | 36,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,40 Gb Total Space | 5,78 Gb Free Space | 1,94% Space Free | Partition Type: NTFS
Drive D: | 287,67 Gb Total Space | 2,38 Gb Free Space | 0,83% Space Free | Partition Type: NTFS
 
Computer Name: WIN7-PC | User Name: Victor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Victor\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.15\deploy\LoLPatcher.exe ()
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe (Adobe Systems, Inc.)
PRC - C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.231\deploy\LoLLauncher.exe ()
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.124\deploy\LolClient.exe ()
PRC - C:\Program Files\AVAST Software\Avast\avastui.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\foobar2000\foobar2000.exe (Piotr Pawlowski)
PRC - C:\Users\Victor\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
PRC - C:\Users\Victor\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation)
PRC - C:\Users\Victor\AppData\Local\FluxSoftware\Flux\flux.exe (Flux Software LLC)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (NVIDIA Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.15\deploy\LoLPatcher.exe ()
MOD - C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.15\deploy\RiotLauncher.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
MOD - C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.231\deploy\LoLLauncher.exe ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Users\Victor\AppData\Roaming\foobar2000\user-components\foo_ac3\foo_ac3.dll ()
MOD - C:\Users\Victor\AppData\Roaming\foobar2000\user-components\foo_input_dvda\foo_input_dvda.dll ()
MOD - C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.124\deploy\LolClient.exe ()
MOD - C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.124\deploy\Adobe AIR\Versions\1.0\Resources\WebKit.dll ()
MOD - C:\Users\Victor\AppData\Roaming\foobar2000\user-components\foo_input_sacd\foo_input_sacd.dll ()
MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
MOD - C:\Program Files\AVAST Software\Avast\aswProperty.dll ()
MOD - C:\Users\Victor\AppData\Roaming\foobar2000\user-components\foo_input_vio2sf\foo_input_vio2sf.dll ()
MOD - C:\Users\Victor\AppData\Roaming\foobar2000\user-components\foo_abx\foo_abx.dll ()
MOD - C:\Users\Victor\AppData\Roaming\foobar2000\user-components\foo_gep\foo_gep.dll ()
MOD - C:\Users\Victor\AppData\Roaming\foobar2000\user-components\foo_input_monkey\foo_input_monkey.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\foobar2000\components\foo_input_std.dll ()
MOD - C:\Program Files (x86)\foobar2000\shared.dll ()
MOD - C:\Program Files (x86)\foobar2000\components\foo_ui_std.dll ()
MOD - C:\Program Files (x86)\foobar2000\components\foo_albumlist.dll ()
MOD - C:\Program Files (x86)\foobar2000\components\foo_dsp_eq.dll ()
MOD - C:\Program Files (x86)\foobar2000\components\foo_rgscan.dll ()
MOD - C:\Program Files (x86)\foobar2000\components\foo_freedb2.dll ()
MOD - C:\Program Files (x86)\foobar2000\components\foo_dsp_std.dll ()
MOD - C:\Program Files (x86)\foobar2000\components\foo_converter.dll ()
MOD - C:\Program Files (x86)\foobar2000\components\foo_cdda.dll ()
MOD - C:\Program Files (x86)\foobar2000\components\foo_fileops.dll ()
MOD - C:\Program Files (x86)\foobar2000\components\foo_unpack.dll ()
MOD - C:\Users\Victor\AppData\Roaming\foobar2000\user-components\foo_convolve\foo_convolve.dll ()
MOD - C:\Users\Victor\AppData\Roaming\foobar2000\user-components\foo_out_wasapi\foo_out_wasapi.dll ()
MOD - C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe ()
MOD - C:\Program Files (x86)\foobar2000\components\foo_tags.dll ()
MOD - C:\Program Files (x86)\foobar2000\zlib1.dll ()
MOD - C:\Program Files (x86)\foobar2000\components\foo_quicksearch.dll ()
MOD - C:\Program Files (x86)\foobar2000\components\foo_simplaylist.dll ()
MOD - C:\Program Files (x86)\foobar2000\components\foo_channel_mixer.dll ()
MOD - C:\Program Files (x86)\foobar2000\components\foo_vst.dll ()
MOD - C:\Program Files (x86)\foobar2000\components\foo_input_tta.dll ()
MOD - C:\Program Files (x86)\foobar2000\components\foo_quicktag.dll ()
MOD - C:\Program Files (x86)\foobar2000\components\foo_dsp_dolbyhp.dll ()
MOD - C:\Program Files (x86)\foobar2000\components\foo_dsp_mm.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (NvStreamSvc) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (NvNetworkService) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswsnx.sys (AVAST Software)
DRV:64bit: - (MBAMWebAccessControl) -- C:\Windows\SysNative\drivers\mwac.sys (Malwarebytes Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswsp.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswStm) -- C:\Windows\SysNative\drivers\aswStm.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswHwid) -- C:\Windows\SysNative\drivers\aswHwid.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (nvvad_WaveExtensible) -- C:\Windows\SysNative\drivers\nvvad64v.sys (NVIDIA Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Corel Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (rtl8192se) -- C:\Windows\SysNative\drivers\rtl8192se.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (npf) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-BR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E2 E8 75 FC B2 C4 CF 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Victor\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2015/01/04 11:33:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2014/01/26 11:42:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Victor\AppData\Roaming\mozilla\Extensions
[2015/01/07 18:24:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Victor\AppData\Roaming\mozilla\Firefox\Profiles\mknxlisv.default\extensions
[2014/12/22 18:42:47 | 000,433,727 | ---- | M] () (No name found) -- C:\Users\Victor\AppData\Roaming\mozilla\firefox\profiles\mknxlisv.default\extensions\[email protected]
[2014/12/23 12:55:51 | 004,178,155 | ---- | M] () (No name found) -- C:\Users\Victor\AppData\Roaming\mozilla\firefox\profiles\mknxlisv.default\extensions\[email protected]
[2014/10/21 20:40:47 | 000,537,656 | ---- | M] () (No name found) -- C:\Users\Victor\AppData\Roaming\mozilla\firefox\profiles\mknxlisv.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
[2014/06/07 21:30:00 | 000,013,460 | ---- | M] () (No name found) -- C:\Users\Victor\AppData\Roaming\mozilla\firefox\profiles\mknxlisv.default\extensions\{1fc895a6-2042-46ec-a61b-233165b4c218}.xpi
[2014/12/08 21:54:54 | 000,202,127 | ---- | M] () (No name found) -- C:\Users\Victor\AppData\Roaming\mozilla\firefox\profiles\mknxlisv.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
[2014/11/12 21:29:02 | 000,979,699 | ---- | M] () (No name found) -- C:\Users\Victor\AppData\Roaming\mozilla\firefox\profiles\mknxlisv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/10/30 13:24:55 | 000,304,000 | ---- | M] () (No name found) -- C:\Users\Victor\AppData\Roaming\mozilla\firefox\profiles\mknxlisv.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2014/12/09 16:31:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2014/12/09 16:32:02 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/12/09 16:31:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\[email protected]
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\eecoahjklhopckkiefihjloeidikepdh\0.4.2_0\
CHR - Extension: No name found = C:\Users\Victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2009/06/10 19:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [f.lux] C:\Users\Victor\AppData\Local\FluxSoftware\Flux\flux.exe (Flux Software LLC)
O4 - HKCU..\Run: [SansaDispatch] C:\Users\Victor\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Users\Victor\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06E8340F-951A-42D3-8D4E-E6D66F40258E}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE9E0649-6612-489D-9CD2-EAF341CC01D4}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/01/09 09:29:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2015/01/07 18:25:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2015/01/07 18:25:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2015/01/07 18:25:34 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2015/01/07 12:37:52 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/01/07 12:37:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2015/01/07 12:37:10 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2015/01/07 12:37:10 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2015/01/07 12:37:10 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2015/01/07 12:37:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2015/01/07 12:37:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015/01/06 22:30:10 | 000,000,000 | ---D | C] -- C:\Users\Victor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft AppLocale
[2015/01/06 22:13:19 | 000,000,000 | ---D | C] -- C:\Users\Victor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2015/01/06 22:13:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2015/01/06 22:13:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan
[2015/01/05 23:08:45 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2015/01/05 22:50:49 | 000,000,000 | ---D | C] -- C:\FRST
[2015/01/05 18:19:08 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2015/01/02 18:39:07 | 000,000,000 | ---D | C] -- C:\Users\Victor\Documents\Klei
[2015/01/02 12:54:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\by Decepticon
[2015/01/02 12:53:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\by Decepticon
[2014/12/19 13:26:27 | 000,000,000 | ---D | C] -- C:\Users\Victor\AppData\Roaming\Siggy Holiday - Freebird Games
[2014/12/15 12:33:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FTL
[2014/12/11 22:23:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/05/15 15:24:48 | 000,607,664 | ---- | C] (Neople inc) -- C:\Users\Victor\AppData\Local\DFOIns.exe
[2014/05/15 15:24:21 | 000,477,104 | ---- | C] (Neople inc) -- C:\Users\Victor\AppData\Local\NeopleCustomURLStarter.exe
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2015/01/10 20:02:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/01/10 19:47:33 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/01/10 09:33:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/01/08 11:35:01 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/01/08 11:35:01 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/01/08 11:29:30 | 000,437,912 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2015/01/08 11:29:04 | 3162,918,912 | -HS- | M] () -- C:\hiberfil.sys
[2015/01/08 11:12:01 | 001,609,232 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2015/01/08 11:12:01 | 000,708,998 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2015/01/08 11:12:01 | 000,657,414 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/01/08 11:12:01 | 000,148,738 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2015/01/08 11:12:01 | 000,123,226 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/01/08 11:11:42 | 001,609,232 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/01/07 13:32:30 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/01/06 22:13:18 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2015/01/02 12:54:59 | 000,001,070 | ---- | M] () -- C:\Users\Victor\Desktop\Dont Starve.lnk
[2014/12/16 21:06:42 | 000,048,582 | ---- | M] () -- C:\Users\Victor\Documents\xin1.jpg
[2014/12/16 21:06:34 | 000,038,402 | ---- | M] () -- C:\Users\Victor\Documents\xin2.jpg
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2015/01/06 22:13:17 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2015/01/03 21:52:58 | 000,001,995 | ---- | C] () -- C:\Users\Public\Desktop\This War of Mine.lnk
[2015/01/02 12:54:59 | 000,001,070 | ---- | C] () -- C:\Users\Victor\Desktop\Dont Starve.lnk
[2014/12/16 21:06:41 | 000,048,582 | ---- | C] () -- C:\Users\Victor\Documents\xin1.jpg
[2014/12/16 21:06:33 | 000,038,402 | ---- | C] () -- C:\Users\Victor\Documents\xin2.jpg
[2014/12/11 22:23:10 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/12/08 21:34:07 | 000,000,761 | ---- | C] () -- C:\Users\Victor\AppData\Local\recently-used.xbel
[2014/08/17 21:45:15 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2014/07/07 17:12:38 | 000,000,057 | ---- | C] () -- C:\Windows\sierra.ini
[2014/06/04 21:48:47 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\IN_SPC.DLL
[2014/06/04 21:48:47 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\SPC700EMU.DLL
[2014/06/04 21:48:47 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\MCISPCDLG.DLL
[2014/06/04 21:48:47 | 000,013,824 | ---- | C] () -- C:\Windows\SysWow64\OUT_WAVE.DLL
[2014/04/08 15:42:56 | 000,021,764 | ---- | C] () -- C:\Windows\SysWow64\CoreAAC-uninstall.exe
[2014/01/29 21:53:44 | 000,007,680 | ---- | C] () -- C:\Users\Victor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/07/23 16:40:36 | 000,191,860 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2013/06/16 20:08:05 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/06/16 20:07:40 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/03/10 23:41:35 | 000,000,266 | ---- | C] () -- C:\Windows\n02.ini
[2013/01/10 22:02:05 | 001,609,232 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009/07/14 02:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/25 00:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 23:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 23:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 10:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 23:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Custom Scans ==========
 
< MD5 for: DLLHOST.EXE  >
[2009/07/13 23:14:18 | 000,007,168 | ---- | M] (Microsoft Corporation) MD5=A63DC5C2EA944E6657203E0C8EDEAF61 -- C:\Windows\SysWOW64\dllhost.exe
[2009/07/13 23:14:18 | 000,007,168 | ---- | M] (Microsoft Corporation) MD5=A63DC5C2EA944E6657203E0C8EDEAF61 -- C:\Windows\winsxs\x86_microsoft-windows-com-surrogate_31bf3856ad364e35_6.1.7600.16385_none_43fa44d954d596e7\dllhost.exe
[2009/07/13 23:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=A8EDB86FC2A4D6D1285E4C70384AC35A -- C:\Windows\SysNative\dllhost.exe
[2009/07/13 23:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=A8EDB86FC2A4D6D1285E4C70384AC35A -- C:\Windows\winsxs\amd64_microsoft-windows-com-surrogate_31bf3856ad364e35_6.1.7600.16385_none_a018e05d0d33081d\dllhost.exe
 
< MD5 for: ESENT.DLL  >
[2010/11/20 10:19:01 | 001,698,816 | ---- | M] (Microsoft Corporation) MD5=256503028879103E9741A276FA24D65D -- C:\Windows\winsxs\x86_microsoft-windows-e..estorageengine-isam_31bf3856ad364e35_6.1.7601.17514_none_f3ebb0cc8a4dd814\esent.dll
[2011/03/11 04:33:29 | 002,565,632 | ---- | M] (Microsoft Corporation) MD5=522B0466ED967A0762E9AF5B37D8F40A -- C:\Windows\SysNative\esent.dll
[2011/03/11 04:33:29 | 002,565,632 | ---- | M] (Microsoft Corporation) MD5=522B0466ED967A0762E9AF5B37D8F40A -- C:\Windows\winsxs\amd64_microsoft-windows-e..estorageengine-isam_31bf3856ad364e35_6.1.7601.17577_none_4fcc6da642d93cf5\esent.dll
[2011/03/11 03:33:09 | 001,699,328 | ---- | M] (Microsoft Corporation) MD5=5C3F9DBA818CD93379D1A0F215270374 -- C:\Windows\SysWOW64\esent.dll
[2011/03/11 03:33:09 | 001,699,328 | ---- | M] (Microsoft Corporation) MD5=5C3F9DBA818CD93379D1A0F215270374 -- C:\Windows\winsxs\x86_microsoft-windows-e..estorageengine-isam_31bf3856ad364e35_6.1.7601.17577_none_f3add2228a7bcbbf\esent.dll
[2011/03/11 03:20:09 | 001,699,328 | ---- | M] (Microsoft Corporation) MD5=91F40C9147D0459DAB3432ACF62A7CD8 -- C:\Windows\winsxs\x86_microsoft-windows-e..estorageengine-isam_31bf3856ad364e35_6.1.7601.21680_none_f4259cfba3a7d619\esent.dll
[2011/03/11 04:10:16 | 002,565,632 | ---- | M] (Microsoft Corporation) MD5=AAA781D30652B714CEDFDF15A1968DA2 -- C:\Windows\winsxs\amd64_microsoft-windows-e..estorageengine-isam_31bf3856ad364e35_6.1.7601.21680_none_5044387f5c05474f\esent.dll
[2010/11/20 11:26:20 | 002,565,632 | ---- | M] (Microsoft Corporation) MD5=D63F0353F632FB1EDE724173BE6DB5B5 -- C:\Windows\winsxs\amd64_microsoft-windows-e..estorageengine-isam_31bf3856ad364e35_6.1.7601.17514_none_500a4c5042ab494a\esent.dll
 
========== Files - Unicode (All) ==========
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\黄昏フロンティア

< End of report >
 

OTL Extras logfile created on: 2015/01/10 20:01:46 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Victor\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: yyyy/MM/dd
 
3,93 Gb Total Physical Memory | 1,45 Gb Available Physical Memory | 36,97% Memory free
4,97 Gb Paging File | 1,79 Gb Available in Paging File | 36,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,40 Gb Total Space | 5,78 Gb Free Space | 1,94% Space Free | Partition Type: NTFS
Drive D: | 287,67 Gb Total Space | 2,38 Gb Free Space | 0,83% Space Free | Partition Type: NTFS
 
Computer Name: WIN7-PC | User Name: Victor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01215449-F479-4ACF-B03E-CFC51EC7E342}" = rport=139 | protocol=6 | dir=out | app=system |
"{0247C4F5-58F0-4A0A-9877-483EECFEE5A9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1480CBB5-6EA1-4960-BF4F-9FD7D8A11512}" = rport=138 | protocol=17 | dir=out | app=system |
"{2A94B82F-1366-415E-9722-80D275112AA1}" = lport=445 | protocol=6 | dir=in | app=system |
"{429BCD57-1EDE-4CCA-8A8E-ED21AC073F33}" = rport=137 | protocol=17 | dir=out | app=system |
"{55A0BA5E-331A-4F8E-8F2B-DD15ACC86B4D}" = lport=137 | protocol=17 | dir=in | app=system |
"{62ED8897-F39F-49CA-966E-B0E95AA4479D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{93747EC0-5399-4E56-BC09-386B78614F04}" = lport=139 | protocol=6 | dir=in | app=system |
"{A4482FB0-2892-486C-BA98-C6641E6095AA}" = rport=445 | protocol=6 | dir=out | app=system |
"{B98CED58-0D4F-4BFD-BCA3-E7FEA93BFC11}" = lport=138 | protocol=17 | dir=in | app=system |
"{C68B5BC8-0F19-4E91-935D-F2BDDB35C267}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{CD71F159-B95A-4CE5-8CB9-9AFD1C6F48D5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CFE813C8-5FAA-4D46-AB71-E095FAE3A35D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E28E8934-F35B-49BB-BF50-20AACAEA95C8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E65961E0-424B-4E17-82C6-DAEE246D4EAB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06C1AE43-7BFB-445F-8EE2-16FA61FF84F6}" = protocol=58 | dir=out | [email protected],-28546 |
"{08986382-1AB7-4581-8885-BB8DC6E05BC5}" = protocol=17 | dir=in | app=c:\users\victor\appdata\roaming\utorrent\utorrent.exe |
"{23A7C016-3568-47E0-809C-4D635942C8BF}" = protocol=6 | dir=in | app=d:\steam2\steamapps\common\trine\_enchanted_edition_\trine1_launcher.exe |
"{246CBF1D-6B41-4044-84F9-10D3E4887865}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brothers - a tale of two sons\binaries\win32\brotherslauncher.exe |
"{29594BE5-A88E-47BE-BC0F-670224B68342}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2A78ED2E-6DFC-4AE3-B7C3-7D80F099A3DF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2CD34242-7F5A-47F9-8D3C-6B5A07FD4869}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{35324E55-CE7A-42E4-A30E-A83B58E3C7A7}" = protocol=17 | dir=in | app=c:\users\victor\appdata\local\hola\firefox\app\hola_plugin.exe |
"{38812B8C-1377-4AA6-B6B6-C06AA672EA8C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\castlecrashers\castle.exe |
"{45AC6BAE-89BE-454A-AC52-628557DD3432}" = protocol=1 | dir=out | [email protected],-28544 |
"{475AD719-5DFF-4B19-A979-AEE36D62970A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{529C6B4E-9292-442D-8BED-62AB88699C3B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spelunky\spelunky.exe |
"{5A1366E3-B8CD-472B-9928-611FC7964DC1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mark_of_the_ninja\bin\game.exe |
"{6518D019-8A86-4452-8DD8-C5A324175121}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{6712717A-A7E3-4C37-9401-C6614C0BBE03}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{716A9B3E-93DC-4533-B9C6-E550A3A445CE}" = protocol=1 | dir=in | [email protected],-28543 |
"{7531932A-D5B8-42A9-ACC9-A8C65F9790B4}" = dir=in | app=c:\users\victor\appdata\local\hola\firefox\app\hola_plugin.exe |
"{80815DF8-BC6B-43BB-A83B-16241E2FCA22}" = protocol=17 | dir=in | app=d:\steam2\steamapps\common\trine\_enchanted_edition_\trine1_launcher.exe |
"{852AF816-F755-481D-893B-25E8D7E56FA1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{911A68EC-63DD-42C0-B28E-3CB0B79754BD}" = protocol=6 | dir=in | app=d:\steam2\steamapps\common\portal 2\portal2.exe |
"{921FD01E-756D-424A-B342-B3FF44EB7093}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\castlecrashers\castle.exe |
"{9435C583-EF5F-4D7C-8EF4-1B469EDAC45C}" = protocol=6 | dir=in | app=c:\program files (x86)\qbittorrent\qbittorrent.exe |
"{9A9404C1-9F8E-4BFB-B2E7-0F8B7F7CE211}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mark_of_the_ninja\bin\game.exe |
"{9BD265EB-8056-4F5A-9D5A-BD60683FE565}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9D5CEEF5-6F2A-48CD-BA3E-995F957D2DD5}" = protocol=6 | dir=in | app=c:\users\victor\appdata\local\hola\firefox\app\hola_plugin.exe |
"{A0B75DCD-FD46-4D7E-984F-46EDD54AE23B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rogue legacy\roguelegacy.exe |
"{A2364B05-8DDE-4CC8-968A-9716061778E4}" = protocol=17 | dir=in | app=c:\program files (x86)\qbittorrent\qbittorrent.exe |
"{AFE83A7A-1238-49D9-B72C-424799AA0357}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion\bastion.exe |
"{B1C49452-8C07-4B4B-B5E2-B569C2BCDEDC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dustforce\dustforce.exe |
"{B4DC2AD7-016C-43D4-A347-A5DF897DF356}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brothers - a tale of two sons\binaries\win32\brothers.exe |
"{B9EAC1F4-3B64-4BC5-A6F9-235F5C7813A4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brothers - a tale of two sons\binaries\win32\brotherslauncher.exe |
"{BE643581-63BF-4FA5-B7F5-860E71B9D96F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spelunky\spelunky.exe |
"{C3B4946A-B588-4A0C-94A1-F940C0C2C54E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skullgirls\skullgirls.exe |
"{CB93B324-5120-444F-9C01-FCA593628522}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brothers - a tale of two sons\binaries\win32\brothers.exe |
"{CE6319B5-6788-45F3-9929-969B3A757C8D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{D5030A5F-2A24-465D-A591-8096A7569CAA}" = protocol=6 | dir=in | app=c:\users\victor\appdata\roaming\utorrent\utorrent.exe |
"{E1F1870E-4CB5-4FA1-9F7B-53FF9E279E0B}" = dir=in | app=c:\users\victor\appdata\roaming\mozilla\firefox\profiles\mknxlisv.default\extensions\[email protected]\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe |
"{E789FB51-D45A-4EB1-8390-F2042DEF2193}" = protocol=17 | dir=in | app=d:\steam2\steamapps\common\portal 2\portal2.exe |
"{E9A4DD1F-40CF-41B0-88F1-FF7B65CA89B5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion\bastion.exe |
"{E9C0513C-3B63-432B-85AB-48B37AC60E6D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F18C5365-3AC5-438C-B14C-F70A311BE07E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dustforce\dustforce.exe |
"{F50BCBE8-F01B-460A-8693-B373E72722C1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F6BE9A67-2FE9-4E8B-96BB-30390B04BCA8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skullgirls\skullgirls.exe |
"{FB0580A1-70D2-42FA-9EED-74B4986EC2B6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rogue legacy\roguelegacy.exe |
"{FF400F63-45BF-48D0-926A-A2F3EE63CF5E}" = protocol=58 | dir=in | [email protected],-28545 |
"TCP Query User{8ABEFCEB-744F-4B34-99C1-704D3476FDE9}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{F3B2D4A9-3666-4A80-A895-8696A7316306}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2A05A52B-BDD8-4FD5-A65A-687CB10D98DF}_is1" = Steins;Gate version 1.0
"{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
"{5A68A656-979F-4168-8795-E2E368AA4DC2}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0416-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2007
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1046" = Microsoft .NET Framework 4.5.1 (Português do Brasil)
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Painel de controle da NVIDIA 332.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Driver de gráficos 332.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.8.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Software do sistema PhysX 9.13.0725
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Atualizações da NVIDIA 10.11.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC" = GeForce Experience NvStream Client Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Driver de áudio HD 1.3.30.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 10.11.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.19
"{B9EA6F38-1EDE-3375-B447-220186DE6CF8}" = Microsoft .NET Framework 4.5.1 (PTB)
"{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"AutoHotkey" = AutoHotkey 1.1.14.04
"CDisplayEx_is1" = CDisplayEx 1.10.29
"HexChat_is1" = HexChat
"WinRAR archiver" = WinRAR 4.20 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{085957E0-56FD-4640-9B2B-A560CB52526C}_is1" = Valdis Sory - Abyssal City v1.0.0.22
"{1744E95A-53A5-9D5F-9935-A1CF739879A4}_is1" = «Dark Souls - Prepare to Die»  1.0.0.1
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 7.0
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = MPC-HC 1.6.5.6366
"{26A24AE4-039D-4CA4-87B4-2F83218025F0}" = Java 8 Update 25
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{51adbf11-493f-431c-a862-967a0fae2944}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007
"{90120000-0015-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007
"{90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007
"{90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007
"{90120000-0019-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007
"{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007
"{90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{8A524694-0CA4-476A-9301-B1E9D70FC952}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0416-1000-0000000FF1CE}_ENTERPRISE_{51530CD1-8244-4E0F-B536-BCCC05325C7F}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007
"{90120000-0044-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007
"{90120000-006E-0416-0000-0000000FF1CE}_ENTERPRISE_{51530CD1-8244-4E0F-B536-BCCC05325C7F}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007
"{90120000-00A1-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2007
"{90120000-00BA-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{A20BFF62-AE3C-42BD-9C52-841CAB96BC49}" = Curse
"{a2199617-3609-410f-a8e8-e8806c73545b}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1046-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Português
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{B641E348-377C-4819-B92F-03F1D35A7EE3}_is1" = 東方心綺楼 Ver1.20
"{BCCDE721-9F4D-4396-9592-92DD865D965E}" = League of Legends
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{C3592426-531E-4110-911D-BFECE2CE284B}" = puush
"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
"{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh
"{D9DAD0FF-495A-472B-9F10-BAE430A26682}" = Suporte para Aplicativos Apple
"{DE1E055B-679C-42F8-B114-7B6ED0B8ED95}" = Adobe Audition CC
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{f0080ca2-80ae-4958-b6eb-e8fa916d744a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3FCB08B-E752-444D-86A0-0634A4F3B23D}" = System Requirements Lab CYRI
"1207664823_is1" = Shovel Knight
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 16 NPAPI
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"ASIOProxy" = ASIO Proxy for foobar2000
"Avast" = avast! Free Antivirus
"Battle.net" = Battle.net
"Bioshock Infinite_R.G. Mechanics_is1" = Bioshock Infinite
"CDisplay_is1" = CDisplay 1.8
"CoreAAC Audio Decoder" = CoreAAC Audio Decoder (remove only)
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dark Souls 2_is1" = Dark Souls 2
"Dead Space_is1" = Dead Space version 1.0.0.222
"DFO" = Dungeon Fighter Online
"Dont Starve_is1" = Dont Starve
"Dust: An Elysian Tail_is1" = Dust: An Elysian Tail
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Exact Audio Copy" = Exact Audio Copy 1.0beta3
"FEZ_is1" = FEZ
"ffdshow_is1" = ffdshow v1.3.4532 [2014-07-17]
"FileZilla Client" = FileZilla Client 3.6.0.2
"FLAC" = FLAC 1.2.1b (remove only)
"foobar2000" = foobar2000 v1.3.2
"GOGPACKKENTUCKYROUTEZERO_is1" = Kentucky Route Zero
"GOGPACKLONESURVIVORDC_is1" = Lone Survivor - The Director's Cut
"Google Chrome" = Google Chrome
"G-Senjou_no_Maou_Aegis" = G-Senjou no Maou English
"HaaliMkx" = Haali Media Splitter
"Half Minute Hero Super Mega Neo Climax Ultimate Boy_is1" = Half Minute Hero Super Mega Neo Climax Ultimate Boy
"Half-Life" = Half-Life
"Hearthstone" = Hearthstone
"ImgBurn" = ImgBurn
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"IrfanView" = IrfanView (remove only)
"lavfilters_is1" = LAV Filters 0.59.1
"League of Legends 3.0.1" = League of Legends
"LOLReplay" = LOLReplay
"Luftrausers 1.0.0.1" = Luftrausers 1.0.0.1
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.4.1028
"Mark of the Ninja Special Edition_is1" = Mark of the Ninja Special Edition
"Melty Blood Actress Again Current Code English" = Melty Blood Actress Again Current Code English v0.52
"Monaco What's Yours Is Mine_is1" = Monaco What's Yours Is Mine
"Mozilla Firefox 34.0.5 (x86 pt-BR)" = Mozilla Firefox 34.0.5 (x86 pt-BR)
"Mp3tag" = Mp3tag v2.65a
"Open Broadcaster Software" = Open Broadcaster Software
"OpenAL" = OpenAL
"PFPortChecker" = PFPortChecker 1.0.39
"Port Forward Network Utilities" = Port Forward Network Utilities 2.0.1
"Q2hpbGRvZkxpZ2h0_is1" = Child of Light
"qBittorrent" = qBittorrent 3.1.11
"QW5vdGhlciBXb3JsZA==_is1" = Another World 20th Anniversary Edition © Focus Home Interactive version 1
"Simple Port Tester2.1.5" = Simple Port Tester
"Sonic Generations_is1" = Sonic Generations
"SpeedFan" = SpeedFan (remove only)
"Steam App 107100" = Bastion
"Steam App 204360" = Castle Crashers
"Steam App 214560" = Mark of the Ninja
"Steam App 225080" = Brothers - A Tale of Two Sons
"Steam App 239350" = Spelunky
"Steam App 241600" = Rogue Legacy
"Steam App 245170" = Skullgirls
"Steam App 35700" = Trine
"Steam App 550" = Left 4 Dead 2
"Steam App 620" = Portal 2
"Steam App 65300" = Dustforce
"Steam App 8850" = BioShock 2
"StepMania 5" = StepMania v5.0 beta 1a (remove only)
"Super Jukebox" = Super Jukebox (Remove Only)
"The Binding of Isaac Rebirth 1.0" = The Binding of Isaac Rebirth 1.0
"The Swapper_is1" = The Swapper
"The Walking Dead Season 2 EP 2_is1" = The Walking Dead Season 2 EP 2
"The Wolf Among Us Episode 2_is1" = The Wolf Among Us Episode 2
"The Wolf Among Us Episode 3_is1" = The Wolf Among Us Episode 3
"Thief Gold_is1" = Thief Gold
"This War of Mine_is1" = This War of Mine
"Transistor_R.G. Mechanics_is1" = Transistor
"Trine 2_is1" = «Trine 2»  2.0
"UmF5bWFuTGVnZW5kcw==_is1" = Rayman Legends
"Uplay" = Uplay
"uTorrent" = µTorrent
"VGhlV29sZkFtb25nVXM=_is1" = The Wolf Among Us
"VGhlV2Fsa2luZ0RlYWRTZWFzb24y_is1" = The Walking Dead: Season 2
"Winamp" = Winamp
"WinPcapInst" = WinPcap 4.1.2
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Flux" = f.lux
"Sansa Updater" = Sansa Updater
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 2015/01/10 17:58:26 | Computer Name = win7-PC | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: DllHost.exe, versão: 6.1.7600.16385,
 carimbo de hora: 0x4a5bca54  Nome do módulo de falhas: ESENT.dll, versão: 6.1.7601.17577,
 carimbo de hora: 0x4d79bfba  Código de exceção: 0xc0000005  Deslocamento com falha:
 0x000000000010ca4c  Identificação do processo com falha: 0x1640  Hora de início do
aplicativo com falha: 0x01d02d208edd6d65  Caminho do aplicativo com falha: C:\Windows\system32\DllHost.exe
FCaminho
 do módulo de falhas: C:\Windows\system32\ESENT.dll  Identificação do Relatório: ccfe284f-9913-11e4-a096-000df08b7f53
 
Error - 2015/01/10 17:58:27 | Computer Name = win7-PC | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: DllHost.exe, versão: 6.1.7600.16385,
 carimbo de hora: 0x4a5bca54  Nome do módulo de falhas: ESENT.dll, versão: 6.1.7601.17577,
 carimbo de hora: 0x4d79bfba  Código de exceção: 0xc0000005  Deslocamento com falha:
 0x000000000010ca4c  Identificação do processo com falha: 0x5d8  Hora de início do aplicativo
 com falha: 0x01d02d208fe9d861  Caminho do aplicativo com falha: C:\Windows\system32\DllHost.exe
FCaminho
 do módulo de falhas: C:\Windows\system32\ESENT.dll  Identificação do Relatório: cdc34ff2-9913-11e4-a096-000df08b7f53
 
Error - 2015/01/10 17:58:29 | Computer Name = win7-PC | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: DllHost.exe, versão: 6.1.7600.16385,
 carimbo de hora: 0x4a5bca54  Nome do módulo de falhas: ESENT.dll, versão: 6.1.7601.17577,
 carimbo de hora: 0x4d79bfba  Código de exceção: 0xc0000005  Deslocamento com falha:
 0x000000000010ca4c  Identificação do processo com falha: 0x15f4  Hora de início do
aplicativo com falha: 0x01d02d2090e5c841  Caminho do aplicativo com falha: C:\Windows\system32\DllHost.exe
FCaminho
 do módulo de falhas: C:\Windows\system32\ESENT.dll  Identificação do Relatório: ceee18b2-9913-11e4-a096-000df08b7f53
 
Error - 2015/01/10 17:58:31 | Computer Name = win7-PC | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: DllHost.exe, versão: 6.1.7600.16385,
 carimbo de hora: 0x4a5bca54  Nome do módulo de falhas: ESENT.dll, versão: 6.1.7601.17577,
 carimbo de hora: 0x4d79bfba  Código de exceção: 0xc0000005  Deslocamento com falha:
 0x000000000010ca4c  Identificação do processo com falha: 0x143c  Hora de início do
aplicativo com falha: 0x01d02d20920f316c  Caminho do aplicativo com falha: C:\Windows\system32\DllHost.exe
FCaminho
 do módulo de falhas: C:\Windows\system32\ESENT.dll  Identificação do Relatório: d0169779-9913-11e4-a096-000df08b7f53
 
Error - 2015/01/10 17:58:33 | Computer Name = win7-PC | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: DllHost.exe, versão: 6.1.7600.16385,
 carimbo de hora: 0x4a5bca54  Nome do módulo de falhas: ESENT.dll, versão: 6.1.7601.17577,
 carimbo de hora: 0x4d79bfba  Código de exceção: 0xc0000005  Deslocamento com falha:
 0x000000000010ca4c  Identificação do processo com falha: 0x1130  Hora de início do
aplicativo com falha: 0x01d02d209345e138  Caminho do aplicativo com falha: C:\Windows\system32\DllHost.exe
FCaminho
 do módulo de falhas: C:\Windows\system32\ESENT.dll  Identificação do Relatório: d1424aab-9913-11e4-a096-000df08b7f53
 
Error - 2015/01/10 17:58:35 | Computer Name = win7-PC | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: DllHost.exe, versão: 6.1.7600.16385,
 carimbo de hora: 0x4a5bca54  Nome do módulo de falhas: ESENT.dll, versão: 6.1.7601.17577,
 carimbo de hora: 0x4d79bfba  Código de exceção: 0xc0000005  Deslocamento com falha:
 0x000000000010ca4c  Identificação do processo com falha: 0x1688  Hora de início do
aplicativo com falha: 0x01d02d2094b729fe  Caminho do aplicativo com falha: C:\Windows\system32\DllHost.exe
FCaminho
 do módulo de falhas: C:\Windows\system32\ESENT.dll  Identificação do Relatório: d287047b-9913-11e4-a096-000df08b7f53
 
Error - 2015/01/10 17:58:38 | Computer Name = win7-PC | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: DllHost.exe, versão: 6.1.7600.16385,
 carimbo de hora: 0x4a5bca54  Nome do módulo de falhas: ESENT.dll, versão: 6.1.7601.17577,
 carimbo de hora: 0x4d79bfba  Código de exceção: 0xc0000005  Deslocamento com falha:
 0x000000000010ca4c  Identificação do processo com falha: 0x1080  Hora de início do
aplicativo com falha: 0x01d02d2095a3b055  Caminho do aplicativo com falha: C:\Windows\system32\DllHost.exe
FCaminho
 do módulo de falhas: C:\Windows\system32\ESENT.dll  Identificação do Relatório: d46d30c8-9913-11e4-a096-000df08b7f53
 
Error - 2015/01/10 17:58:40 | Computer Name = win7-PC | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: DllHost.exe, versão: 6.1.7600.16385,
 carimbo de hora: 0x4a5bca54  Nome do módulo de falhas: ESENT.dll, versão: 6.1.7601.17577,
 carimbo de hora: 0x4d79bfba  Código de exceção: 0xc0000005  Deslocamento com falha:
 0x000000000010ca4c  Identificação do processo com falha: 0x15fc  Hora de início do
aplicativo com falha: 0x01d02d2097aa5d88  Caminho do aplicativo com falha: C:\Windows\system32\DllHost.exe
FCaminho
 do módulo de falhas: C:\Windows\system32\ESENT.dll  Identificação do Relatório: d5844a4b-9913-11e4-a096-000df08b7f53
 
Error - 2015/01/10 18:07:24 | Computer Name = win7-PC | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: DllHost.exe, versão: 6.1.7600.16385,
 carimbo de hora: 0x4a5bca54  Nome do módulo de falhas: ESENT.dll, versão: 6.1.7601.17577,
 carimbo de hora: 0x4d79bfba  Código de exceção: 0xc0000005  Deslocamento com falha:
 0x000000000010ca4c  Identificação do processo com falha: 0x12c8  Hora de início do
aplicativo com falha: 0x01d02d20990c63b7  Caminho do aplicativo com falha: C:\Windows\system32\DllHost.exe
FCaminho
 do módulo de falhas: C:\Windows\system32\ESENT.dll  Identificação do Relatório: 0dce9197-9915-11e4-a096-000df08b7f53
 
Error - 2015/01/10 18:07:26 | Computer Name = win7-PC | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: DllHost.exe, versão: 6.1.7600.16385,
 carimbo de hora: 0x4a5bca54  Nome do módulo de falhas: ESENT.dll, versão: 6.1.7601.17577,
 carimbo de hora: 0x4d79bfba  Código de exceção: 0xc0000005  Deslocamento com falha:
 0x000000000010ca4c  Identificação do processo com falha: 0x155c  Hora de início do
aplicativo com falha: 0x01d02d21d0f37aef  Caminho do aplicativo com falha: C:\Windows\system32\DllHost.exe
FCaminho
 do módulo de falhas: C:\Windows\system32\ESENT.dll  Identificação do Relatório: 0ef49f9b-9915-11e4-a096-000df08b7f53
 
[ System Events ]
Error - 2015/01/08 09:25:44 | Computer Name = win7-PC | Source = DCOM | ID = 10010
Description =
 
Error - 2015/01/09 07:22:16 | Computer Name = win7-PC | Source = Service Control Manager | ID = 7009
Description = Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão
do serviço Windows Search.
 
Error - 2015/01/09 07:22:16 | Computer Name = win7-PC | Source = Service Control Manager | ID = 7000
Description = Não foi possível iniciar o serviço Windows Search devido ao seguinte
 erro:   %%1053
 
Error - 2015/01/09 07:28:48 | Computer Name = win7-PC | Source = Service Control Manager | ID = 7009
Description = Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão
do serviço Windows Search.
 
Error - 2015/01/09 07:28:48 | Computer Name = win7-PC | Source = Service Control Manager | ID = 7000
Description = Não foi possível iniciar o serviço Windows Search devido ao seguinte
 erro:   %%1053
 
Error - 2015/01/09 07:30:40 | Computer Name = win7-PC | Source = Service Control Manager | ID = 7009
Description = Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão
do serviço Windows Search.
 
Error - 2015/01/09 07:30:40 | Computer Name = win7-PC | Source = Service Control Manager | ID = 7000
Description = Não foi possível iniciar o serviço Windows Search devido ao seguinte
 erro:   %%1053
 
Error - 2015/01/09 07:33:48 | Computer Name = win7-PC | Source = Service Control Manager | ID = 7009
Description = Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão
do serviço Windows Search.
 
Error - 2015/01/09 07:33:48 | Computer Name = win7-PC | Source = Service Control Manager | ID = 7000
Description = Não foi possível iniciar o serviço Windows Search devido ao seguinte
 erro:   %%1053
 
Error - 2015/01/10 07:33:39 | Computer Name = win7-PC | Source = BTHUSB | ID = 327697
Description = Falha indeterminada do adaptador Bluetooth local; ele não será usado.
 O driver foi descarregado.
 
 
< End of report >
 


  • 0

#23
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,016 posts
  • MVP
I think we need to try 
Windows Repair all in one
 
 
Download it and save it then run it.
 
You can skip to step 4 or 5 where it gives you the same picture as in the above link.
 
Make sure all of these are checked before hitting Start:
 
Reset Registry Permissions
Reset File Permissions
Register System Files
Repair WMI
Repair Windows Firewall
Repair Internet Explorer
Repair MDAC & MS Jet
Repair Hosts File
Remove Policies Set By Infections
Repair Icons
Repair Winsock & DNS Cache
Remove Temp Files
Repair Proxy Settings
Unhide Non System Files
Repair Windows Updates
Repair CD/DVD Missing/Not Working
 
 
Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
 
Reboot and run VEW again as before.

  • 0

#24
Vicdd

Vicdd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

I did that and the problem is still here

Also, i said vew doesn't work so i just used the  "list last 10 event viewer errors" for minitollbox

 

MiniToolBox by Farbar  Version: 30-11-2014
Ran by Victor (administrator) on 14-01-2015 at 11:15:15
Running from "C:\Users\Victor\Downloads"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/14/2015 11:13:45 AM) (Source: Application Error) (User: )
Description: Nome de aplicativo com falha: DllHost.exe, versão: 6.1.7600.16385, carimbo de hora: 0x4a5bca54
Nome do módulo de falhas: ESENT.dll, versão: 6.1.7601.17577, carimbo de hora: 0x4d79bfba
Código de exceção: 0xc0000005
Deslocamento com falha: 0x000000000010ca4c
Identificação do processo com falha: 0xb50
Hora de início do aplicativo com falha: 0xDllHost.exe0
Caminho do aplicativo com falha: DllHost.exe1
FCaminho do módulo de falhas: DllHost.exe2
Identificação do Relatório: DllHost.exe3

Error: (01/14/2015 11:13:43 AM) (Source: Application Error) (User: )
Description: Nome de aplicativo com falha: DllHost.exe, versão: 6.1.7600.16385, carimbo de hora: 0x4a5bca54
Nome do módulo de falhas: ESENT.dll, versão: 6.1.7601.17577, carimbo de hora: 0x4d79bfba
Código de exceção: 0xc0000005
Deslocamento com falha: 0x000000000010ca4c
Identificação do processo com falha: 0xfe4
Hora de início do aplicativo com falha: 0xDllHost.exe0
Caminho do aplicativo com falha: DllHost.exe1
FCaminho do módulo de falhas: DllHost.exe2
Identificação do Relatório: DllHost.exe3

Error: (01/14/2015 11:13:41 AM) (Source: Application Error) (User: )
Description: Nome de aplicativo com falha: DllHost.exe, versão: 6.1.7600.16385, carimbo de hora: 0x4a5bca54
Nome do módulo de falhas: ESENT.dll, versão: 6.1.7601.17577, carimbo de hora: 0x4d79bfba
Código de exceção: 0xc0000005
Deslocamento com falha: 0x000000000010ca4c
Identificação do processo com falha: 0xb34
Hora de início do aplicativo com falha: 0xDllHost.exe0
Caminho do aplicativo com falha: DllHost.exe1
FCaminho do módulo de falhas: DllHost.exe2
Identificação do Relatório: DllHost.exe3

Error: (01/14/2015 11:13:39 AM) (Source: Application Error) (User: )
Description: Nome de aplicativo com falha: DllHost.exe, versão: 6.1.7600.16385, carimbo de hora: 0x4a5bca54
Nome do módulo de falhas: ESENT.dll, versão: 6.1.7601.17577, carimbo de hora: 0x4d79bfba
Código de exceção: 0xc0000005
Deslocamento com falha: 0x000000000010ca4c
Identificação do processo com falha: 0xe60
Hora de início do aplicativo com falha: 0xDllHost.exe0
Caminho do aplicativo com falha: DllHost.exe1
FCaminho do módulo de falhas: DllHost.exe2
Identificação do Relatório: DllHost.exe3

Error: (01/14/2015 11:13:31 AM) (Source: Application Error) (User: )
Description: Nome de aplicativo com falha: DllHost.exe, versão: 6.1.7600.16385, carimbo de hora: 0x4a5bca54
Nome do módulo de falhas: ESENT.dll, versão: 6.1.7601.17577, carimbo de hora: 0x4d79bfba
Código de exceção: 0xc0000005
Deslocamento com falha: 0x000000000010ca4c
Identificação do processo com falha: 0xeb4
Hora de início do aplicativo com falha: 0xDllHost.exe0
Caminho do aplicativo com falha: DllHost.exe1
FCaminho do módulo de falhas: DllHost.exe2
Identificação do Relatório: DllHost.exe3

Error: (01/14/2015 11:13:30 AM) (Source: Application Error) (User: )
Description: Nome de aplicativo com falha: DllHost.exe, versão: 6.1.7600.16385, carimbo de hora: 0x4a5bca54
Nome do módulo de falhas: ESENT.dll, versão: 6.1.7601.17577, carimbo de hora: 0x4d79bfba
Código de exceção: 0xc0000005
Deslocamento com falha: 0x000000000010ca4c
Identificação do processo com falha: 0x6cc
Hora de início do aplicativo com falha: 0xDllHost.exe0
Caminho do aplicativo com falha: DllHost.exe1
FCaminho do módulo de falhas: DllHost.exe2
Identificação do Relatório: DllHost.exe3

Error: (01/14/2015 11:13:28 AM) (Source: Application Error) (User: )
Description: Nome de aplicativo com falha: DllHost.exe, versão: 6.1.7600.16385, carimbo de hora: 0x4a5bca54
Nome do módulo de falhas: ESENT.dll, versão: 6.1.7601.17577, carimbo de hora: 0x4d79bfba
Código de exceção: 0xc0000005
Deslocamento com falha: 0x000000000010ca4c
Identificação do processo com falha: 0xd84
Hora de início do aplicativo com falha: 0xDllHost.exe0
Caminho do aplicativo com falha: DllHost.exe1
FCaminho do módulo de falhas: DllHost.exe2
Identificação do Relatório: DllHost.exe3

Error: (01/14/2015 11:13:25 AM) (Source: Application Error) (User: )
Description: Nome de aplicativo com falha: DllHost.exe, versão: 6.1.7600.16385, carimbo de hora: 0x4a5bca54
Nome do módulo de falhas: ESENT.dll, versão: 6.1.7601.17577, carimbo de hora: 0x4d79bfba
Código de exceção: 0xc0000005
Deslocamento com falha: 0x000000000010ca4c
Identificação do processo com falha: 0xfe8
Hora de início do aplicativo com falha: 0xDllHost.exe0
Caminho do aplicativo com falha: DllHost.exe1
FCaminho do módulo de falhas: DllHost.exe2
Identificação do Relatório: DllHost.exe3

Error: (01/14/2015 11:13:15 AM) (Source: Application Error) (User: )
Description: Nome de aplicativo com falha: DllHost.exe, versão: 6.1.7600.16385, carimbo de hora: 0x4a5bca54
Nome do módulo de falhas: ESENT.dll, versão: 6.1.7601.17577, carimbo de hora: 0x4d79bfba
Código de exceção: 0xc0000005
Deslocamento com falha: 0x000000000010ca4c
Identificação do processo com falha: 0xf94
Hora de início do aplicativo com falha: 0xDllHost.exe0
Caminho do aplicativo com falha: DllHost.exe1
FCaminho do módulo de falhas: DllHost.exe2
Identificação do Relatório: DllHost.exe3

Error: (01/14/2015 11:13:04 AM) (Source: Application Error) (User: )
Description: Nome de aplicativo com falha: taskhost.exe, versão: 6.1.7601.18010, carimbo de hora: 0x50aee9f3
Nome do módulo de falhas: ESENT.dll, versão: 6.1.7601.17577, carimbo de hora: 0x4d79bfba
Código de exceção: 0xc0000005
Deslocamento com falha: 0x000000000010ca4c
Identificação do processo com falha: 0x8bc
Hora de início do aplicativo com falha: 0xtaskhost.exe0
Caminho do aplicativo com falha: taskhost.exe1
FCaminho do módulo de falhas: taskhost.exe2
Identificação do Relatório: taskhost.exe3


System errors:
=============
Error: (01/14/2015 11:09:56 AM) (Source: DCOM) (User: )
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-02-10 17:22:48.350
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PeerGuardian2\pgfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-02-10 17:22:48.250
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PeerGuardian2\pgfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


**** End of log ****
 


  • 0

#25
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,016 posts
  • MVP

Let's try NirSoft's MyEventViewer.  

 

http://www.nirsoft.n...ent_viewer.html

 

You want: Download MyEventViewer for x64

 

Download, Save and Right click and Extract All.  Then right click on MyEventViewer.exe and Run As Admin

 

once it loads, go into Options, Event Type Filter and uncheck Information then repeat for Audit Success

 

Do Ctrl + A to select all logs then File, Save Selected Items, (change it to your desktop) call it logs and Save

 

Then Copy and Paste or Attach the file logs.txt


  • 0

Advertisements


#26
Vicdd

Vicdd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

Here, it's attached.

Attached Files

  • Attached File  logs.txt   589.51KB   80 downloads

  • 0

#27
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,016 posts
  • MVP

I can fix one of the errors:

 

==================================================
Record Number     : 298814
Log Type          : System
Event Type        : Warning
Time              : 2015/01/14 11:11:45
Source            : Microsoft-Windows-Wininit
Category          : 0
Event ID          : 11
User Name         : SISTEMA
Computer          : win7-PC
Event Data Length : 0
Record Length     : 152
Event Description : Bibliotecas de vínculos dinâmicos personalizadas estão sendo carregadas para todos os aplicativos. O administrador do sistema deve analisar a lista de bibliotecas para verificar se elas estão relacionadas a aplicativos confiáveis.  
 
 

 

download the attached wininit.zip file.  Save it and right click and Extract all which should give you a wininit.reg file.  Right click on the reg file and Merge.

 

I wonder if we can update the C:\Windows\system32\ESENT.dll file.  You do have a newer one.  I think we will have to use Combofix to do it.

 

Let's first install and run Combofix:

 

ComboFix
 
:!: It must be saved to your desktop, do not run it from your browser:!:
 
:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well.  See: http://www.bleepingc...opic114351.html
 
:!: Turn off your screen saver so you can see what is going on
 
Download and Save this file --  to your Desktop -- from either of these two sources:
 
Rightclick on ComboFix and select Run As Administrator to start the program.  
 
 
 
    * :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
    
    
    * A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.  
 
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
You should get a log when it finishes.  If not this may mean you have the new version of Zero Access malware so run Combofix a second time.
If you still don't get a log search for Combofix.txt.  It is usually at => C:\Combofix\Combofix.txt. I'll need to see that in your reply.
If you get an error about a registry value when you try to run a program, then just reboot to clear it.
 
 
Once I see the log I will give you a file which will tell Combofix to replace the Esent file and perhaps if Combofix finds anything  a few other things.
 
 

  • 0

#28
Vicdd

Vicdd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

I thought this scan would take hours lol

I named it combofixlog.txt

Attached Files


  • 0

#29
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,016 posts
  • MVP
Download the attached cfscript.txt and save it to your desktop.
 
 
Pause your anti-virus.
 
Drag CFScript.txt over to Combofix and let go Combofix should start on its own.
 
Post the new log.

  • 0

#30
Vicdd

Vicdd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

Here:

Attached Files


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP