Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Blue screen error/sudden reboot - no virus found with MSE


  • Please log in to reply

#1
vermelho3

vermelho3

    Member

  • Member
  • PipPip
  • 16 posts
Dear Experts,

I would like to request your help, please. My computer has been having the blue screen error, sudden reboots and screen freezes for quite a long time.I've tried cleanig my hardware up, and I've also tried CCleaner but nothing seems to fix my problem and I am worried about malware. Microsoft Security Essentials, AVG and MBAM have not found any infections. Could you please have a look at my log?

Thank you in advance!


OTL logfile created on: 16/07/2013 20:15:57 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pedro\Downloads
Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

3,50 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 46,39% Memory free
7,00 Gb Paging File | 4,51 Gb Available in Paging File | 64,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 104,39 Gb Total Space | 47,51 Gb Free Space | 45,51% Space Free | Partition Type: NTFS
Drive D: | 361,27 Gb Total Space | 14,93 Gb Free Space | 4,13% Space Free | Partition Type: NTFS
Drive G: | 100,00 Mb Total Space | 70,29 Mb Free Space | 70,29% Space Free | Partition Type: NTFS

Computer Name: PEDRO-PC | User Name: Pedro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/16 20:15:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pedro\Downloads\OTL.exe
PRC - [2013/07/12 15:49:47 | 000,846,288 | ---- | M] (Google Inc.) -- C:\Arquivos de Programas\Google\Chrome\Application\chrome.exe
PRC - [2013/07/07 23:28:50 | 003,456,080 | ---- | M] (Electronic Arts) -- D:\Arquivos de Programas\Origin\Origin.exe
PRC - [2013/07/03 18:39:22 | 001,028,896 | ---- | M] (NVIDIA Corporation) -- C:\Arquivos de Programas\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/07/03 18:32:38 | 001,887,520 | ---- | M] (NVIDIA Corporation) -- C:\Arquivos de Programas\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/06/28 14:02:06 | 002,255,184 | ---- | M] (LogMeIn Inc.) -- D:\Arquivos de Programas\Hamachi\hamachi-2-ui.exe
PRC - [2013/06/28 14:02:04 | 001,440,080 | ---- | M] (LogMeIn Inc.) -- D:\Arquivos de Programas\Hamachi\hamachi-2.exe
PRC - [2013/06/21 06:52:52 | 000,875,296 | ---- | M] (NVIDIA Corporation) -- C:\Arquivos de Programas\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2013/06/21 06:52:51 | 001,821,984 | ---- | M] (NVIDIA Corporation) -- C:\Arquivos de Programas\NVIDIA Corporation\Display\nvtray.exe
PRC - [2013/06/21 05:15:56 | 000,413,472 | ---- | M] (NVIDIA Corporation) -- C:\Arquivos de Programas\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/05/01 22:20:40 | 000,882,520 | ---- | M] (BitTorrent Inc.) -- C:\Arquivos de Programas\BitTorrent\BitTorrent.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Arquivos de Programas\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Arquivos de Programas\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Arquivos de Programas\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/12 07:32:58 | 000,506,744 | ---- | M] (Oracle Corporation) -- C:\Arquivos de Programas\Common Files\Java\Java Update\jucheck.exe
PRC - [2013/01/27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- c:\Arquivos de Programas\Microsoft Security Client\NisSrv.exe
PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Arquivos de Programas\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 11:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Microsoft Security Client\msseces.exe
PRC - [2013/01/18 15:35:52 | 000,235,984 | ---- | M] (ParetoLogic, Inc.) -- C:\Users\Pedro\AppData\Local\Temp\~nsu.tmp\Au_.exe
PRC - [2012/11/22 23:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/10/02 11:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/07/04 23:49:04 | 000,077,824 | ---- | M] (Vicky's Cool Softwares) -- C:\Arquivos de Programas\ShutDown After\SA.exe
PRC - [2012/03/01 22:59:26 | 000,285,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Arquivos de Programas\Samsung\AllShare\AllShareAgent.exe
PRC - [2012/02/11 09:14:00 | 000,105,048 | ---- | M] (Microsoft Corporation) -- c:\Arquivos de Programas\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2011/02/25 02:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 09:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe
PRC - [2010/07/28 16:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) -- C:\Arquivos de Programas\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2010/07/28 16:33:58 | 006,995,864 | ---- | M] (Affinegy, Inc.) -- C:\Arquivos de Programas\Belkin\Router Setup and Monitor\BelkinSetup.exe
PRC - [2010/07/28 16:33:58 | 001,485,208 | ---- | M] (Affinegy, Inc.) -- C:\Arquivos de Programas\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2009/03/30 02:25:26 | 043,010,392 | ---- | M] (Microsoft Corporation) -- c:\Arquivos de Programas\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
PRC - [2007/06/29 14:03:08 | 000,036,864 | ---- | M] (IGN Entertainment Inc.) -- C:\Arquivos de Programas\GameSpy\Comrade\Comrade.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/12 15:49:44 | 000,396,240 | ---- | M] () -- C:\Arquivos de Programas\Google\Chrome\Application\28.0.1500.72\ppgooglenaclpluginchrome.dll
MOD - [2013/07/12 15:49:43 | 013,599,184 | ---- | M] () -- C:\Arquivos de Programas\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
MOD - [2013/07/12 15:49:42 | 004,052,944 | ---- | M] () -- C:\Arquivos de Programas\Google\Chrome\Application\28.0.1500.72\pdf.dll
MOD - [2013/07/12 15:48:52 | 000,601,552 | ---- | M] () -- C:\Arquivos de Programas\Google\Chrome\Application\28.0.1500.72\libglesv2.dll
MOD - [2013/07/12 15:48:51 | 000,123,344 | ---- | M] () -- C:\Arquivos de Programas\Google\Chrome\Application\28.0.1500.72\libegl.dll
MOD - [2013/07/12 15:48:49 | 001,597,392 | ---- | M] () -- C:\Arquivos de Programas\Google\Chrome\Application\28.0.1500.72\ffmpegsumo.dll
MOD - [2013/07/11 22:57:14 | 013,320,192 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\560d004ec873fb47a3e58cd5cf65d32d\System.Web.ni.dll
MOD - [2013/07/11 16:10:33 | 012,698,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\94fc97289ba0902a9237cdbfc19cdcc1\System.Windows.Forms.ni.dll
MOD - [2013/07/11 16:10:26 | 000,786,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\e42fcb372586d8b433cc3f5e23c5ab4e\System.Runtime.Remoting.ni.dll
MOD - [2013/07/11 16:10:26 | 000,220,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\1c2c7074f15ce2472a1dac64931cbfcc\System.ServiceProcess.ni.dll
MOD - [2013/07/11 16:10:21 | 010,926,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\06e9aae297c27bffef4ef184417ee6aa\PresentationCore.ni.dll
MOD - [2013/07/11 16:10:20 | 007,566,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\858e88af3a72319bdce4f6e1f9492f46\System.Xml.ni.dll
MOD - [2013/07/11 16:10:17 | 006,998,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\0e5a4b9b215047e0ef087a95683e4ece\System.Core.ni.dll
MOD - [2013/07/11 16:10:16 | 001,631,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9cab1291edbd51be678afdaf86c643c4\System.Drawing.ni.dll
MOD - [2013/07/11 16:10:14 | 003,910,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\14b83241d878b9068d265feef7fda381\WindowsBase.ni.dll
MOD - [2013/07/11 16:10:14 | 000,964,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\d87de4bbcefb0a67eaae225f35964a4f\System.Configuration.ni.dll
MOD - [2013/07/11 16:10:12 | 009,937,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\9c7c3cd390aa067130df3a89c0d3b6e4\System.ni.dll
MOD - [2013/07/11 16:10:07 | 016,547,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\bf2ecabcd96ec8238dc385b0a3ffa084\mscorlib.ni.dll
MOD - [2013/07/07 23:28:52 | 000,062,976 | ---- | M] () -- D:\Arquivos de Programas\Origin\tufao.dll
MOD - [2013/01/24 08:58:04 | 001,046,528 | ---- | M] () -- c:\Arquivos de Programas\MagniPic\sprotector.dll
MOD - [2013/01/15 23:24:03 | 002,076,672 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_3130c77f\system.xml.dll
MOD - [2013/01/15 23:24:01 | 002,994,176 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_d2bcc6ed\system.windows.forms.dll
MOD - [2013/01/15 23:23:59 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_23166473\system.drawing.dll
MOD - [2013/01/15 23:23:58 | 001,929,216 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_b34c0413\system.dll
MOD - [2013/01/15 23:23:57 | 001,462,272 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.design\1.0.5000.0__b03f5f7f11d50a3a_80013c6a\system.design.dll
MOD - [2013/01/15 23:23:56 | 003,289,088 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_cf3d0ed1\mscorlib.dll
MOD - [2013/01/15 23:23:32 | 002,039,808 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2013/01/15 23:23:32 | 001,335,296 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2013/01/15 23:23:32 | 000,569,344 | ---- | M] () -- c:\windows\assembly\gac\system.web.services\1.0.5000.0__b03f5f7f11d50a3a\system.web.services.dll
MOD - [2013/01/15 23:23:31 | 001,245,184 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2013/01/15 23:23:31 | 001,216,512 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2013/01/15 23:23:31 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2013/01/15 23:23:31 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2013/01/15 23:23:30 | 001,699,840 | ---- | M] () -- c:\windows\assembly\gac\system.design\1.0.5000.0__b03f5f7f11d50a3a\system.design.dll
MOD - [2013/01/15 23:23:30 | 000,007,680 | ---- | M] () -- c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll
MOD - [2012/08/27 20:33:32 | 000,087,912 | ---- | M] () -- C:\Arquivos de Programas\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 20:33:08 | 001,242,512 | ---- | M] () -- C:\Arquivos de Programas\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/07/28 16:34:04 | 000,022,424 | ---- | M] () -- C:\Arquivos de Programas\Belkin\Router Setup and Monitor\BelkinServicePS.dll
MOD - [2010/07/28 16:02:58 | 000,658,432 | ---- | M] () -- C:\Arquivos de Programas\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
MOD - [2010/06/23 17:12:28 | 007,187,456 | ---- | M] () -- C:\Arquivos de Programas\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2010/06/23 17:11:52 | 000,325,632 | ---- | M] () -- C:\Arquivos de Programas\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2010/06/23 17:11:48 | 001,954,304 | ---- | M] () -- C:\Arquivos de Programas\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2010/06/23 17:11:48 | 000,847,360 | ---- | M] () -- C:\Arquivos de Programas\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2010/06/23 16:38:18 | 000,119,808 | ---- | M] () -- C:\Arquivos de Programas\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
MOD - [2009/07/13 22:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2007/06/29 14:03:30 | 000,221,184 | ---- | M] () -- c:\Arquivos de Programas\GameSpy\Comrade\156\GPNET.dll
MOD - [2007/06/29 14:03:30 | 000,021,504 | ---- | M] () -- c:\Arquivos de Programas\GameSpy\Comrade\156\NetDetect.dll
MOD - [2007/06/29 14:03:28 | 000,434,176 | ---- | M] () -- c:\Arquivos de Programas\GameSpy\Comrade\156\GameSpy.VEngine.dll
MOD - [2007/06/29 14:02:42 | 000,057,344 | ---- | M] () -- c:\Arquivos de Programas\GameSpy\Comrade\156\DetectLib.dll


========== Services (SafeList) ==========

SRV - [2013/07/09 22:56:22 | 000,559,016 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/07/08 01:59:26 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2013/07/03 18:32:38 | 001,887,520 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Arquivos de Programas\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/06/28 14:02:04 | 001,440,080 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- D:\Arquivos de Programas\Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013/06/21 05:15:56 | 000,413,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Arquivos de Programas\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/06/15 18:24:28 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Arquivos de Programas\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/27 01:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Arquivos de Programas\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Arquivos de Programas\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/01/27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Arquivos de Programas\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Arquivos de Programas\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/10/02 11:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/03/02 16:00:26 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Stopped] -- C:\Arquivos de Programas\Samsung\AllShare\AllShareDMS\AllShareDMS.exe -- (SamsungAllShareV2.0)
SRV - [2012/03/02 16:00:20 | 000,027,584 | ---- | M] (Samsung Electronics Co., Ltd.) [On_Demand | Stopped] -- C:\Arquivos de Programas\Samsung\AllShare\AllShareSlideShowService.exe -- (SimpleSlideShowServer)
SRV - [2012/02/11 09:14:00 | 000,105,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Arquivos de Programas\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010/11/20 09:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010/07/28 16:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Arquivos de Programas\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/23 00:08:48 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Arquivos de Programas\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100)
SRV - [2009/07/13 22:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/03/30 02:25:26 | 043,010,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Arquivos de Programas\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS)
SRV - [2009/03/30 02:23:32 | 000,254,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Arquivos de Programas\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2009/03/30 02:23:24 | 000,366,936 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Arquivos de Programas\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{06B4C656-3ADE-46CA-B30A-16392086B6BC}\MpKslae3b1baa.sys -- (MpKslae3b1baa)
DRV - [2013/06/21 09:02:43 | 009,069,344 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/02/25 02:27:46 | 000,154,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2013/01/20 15:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/05/12 11:31:00 | 000,099,400 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV - [2010/11/20 07:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 06:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/07/04 16:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- D:\Arquivos de Programas\unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2009/03/30 02:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2009/03/18 15:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2849856
IE - HKLM\..\SearchScopes\{B589D909-8A4C-4687-9669-2F0E02DE3BDB}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchab.com/...61-0025111e0747
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8A 4D 5F A5 5D B1 CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {29acf17c-1713-4286-8f40-bfd05f1e70c8} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://searchab.com/...q={searchTerms}
IE - HKCU\..\SearchScopes\{480B6AF9-9C3E-477E-98B8-4739C313275E}: "URL" = http://websearch.ask...30-DD1644BF7DE2
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2849856
IE - HKCU\..\SearchScopes\{B589D909-8A4C-4687-9669-2F0E02DE3BDB}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Arquivos de Programas\Itunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.140.0: C:\Program Files\Battlelog Web Plugins\1.140.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.7: C:\Program Files\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Pedro\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)


[2012/10/23 18:31:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pedro\AppData\Roaming\mozilla\Firefox\extensions
[2012/10/23 18:31:13 | 000,000,000 | ---D | M] (BittorrentBar_PT) -- C:\Users\Pedro\AppData\Roaming\mozilla\Firefox\extensions\{29acf17c-1713-4286-8f40-bfd05f1e70c8}

========== Chrome ==========

CHR - homepage:
CHR - Extension: No name found = C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\bommelfnddjcbmbcfhmhjikpfphlebjh\1.0.0.1_0\
CHR - Extension: No name found = C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.2_0\
CHR - Extension: No name found = C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejpcolehiecjkanilhmblkbndaomhpc\2.3.19.11_0\
CHR - Extension: No name found = C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\
CHR - Extension: No name found = C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp\8.0_0\

O1 HOSTS File: ([2009/06/10 18:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de Programas\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de Programas\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AllShareAgent] C:\Arquivos de Programas\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] D:\Arquivos de Programas\Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Nvtmru] C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PrivitizeVPN] C:\Program Files\PrivitizeVPN\PrivitizeVPN.exe (OOO Industry)
O4 - HKLM..\Run: [SwitchBoard] C:\Arquivos de Programas\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
O4 - HKCU..\Run: [Comrade.exe] C:\Arquivos de Programas\GameSpy\Comrade\Comrade.exe (IGN Entertainment Inc.)
O4 - HKCU..\Run: [EADM] D:\Arquivos de Programas\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED File not found
O4 - Startup: C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShutDown After.lnk = C:\Arquivos de Programas\ShutDown After\SA.exe (Vicky's Cool Softwares)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Arquivos de Programas\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1B515056-FD66-40FF-AFF2-7AEF127B7746}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de Programas\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\progra~1\magnipic\sprote~1.dll) - c:\Arquivos de Programas\MagniPic\sprotector.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/12/05 01:14:14 | 000,003,072 | -H-- | M] () - C:\Auto.dll -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/16 19:46:20 | 000,000,000 | ---D | C] -- C:\Users\Pedro\AppData\Roaming\ParetoLogic
[2013/07/16 19:46:20 | 000,000,000 | ---D | C] -- C:\Users\Pedro\AppData\Roaming\DriverCure
[2013/07/16 19:46:10 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2013/07/16 00:39:02 | 000,000,000 | ---D | C] -- C:\Users\Pedro\AppData\Roaming\Malwarebytes
[2013/07/16 00:37:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/16 00:37:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/07/16 00:37:44 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/07/16 00:37:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/07/16 00:37:32 | 000,000,000 | ---D | C] -- C:\Users\Pedro\AppData\Local\Programs
[2013/07/11 22:42:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
[2013/07/11 22:42:15 | 000,000,000 | ---D | C] -- C:\Users\Pedro\Documents\Guild Wars 2
[2013/07/08 01:59:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BattlEye
[2013/07/08 01:56:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Bohemia Interactive Studio
[2013/07/08 01:27:37 | 000,000,000 | ---D | C] -- C:\Users\Pedro\AppData\Local\DayZCommander
[2013/07/08 01:26:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dotjosh Studios
[2013/07/08 01:26:35 | 000,000,000 | ---D | C] -- C:\Program Files\Dotjosh Studios
[2013/07/06 15:46:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013/07/06 02:52:07 | 000,000,000 | ---D | C] -- C:\Users\Pedro\AppData\Local\NVIDIA
[2013/07/06 02:01:43 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/07/16 20:05:00 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/16 19:48:14 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/16 19:48:14 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/16 19:40:46 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/16 19:40:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/16 19:40:06 | 312,069,829 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/07/16 19:40:06 | 2818,023,424 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/16 19:24:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/16 00:37:54 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/15 18:29:09 | 000,001,305 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2013/07/13 20:44:48 | 000,139,032 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2013/07/13 20:44:37 | 000,290,184 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2013/07/13 20:44:08 | 000,280,904 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2013/07/11 22:42:46 | 000,000,645 | ---- | M] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk
[2013/07/11 21:23:38 | 003,661,776 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/07/08 01:26:42 | 000,001,294 | ---- | M] () -- C:\Users\Public\Desktop\DayZ Commander.lnk
[2013/06/21 09:02:43 | 000,016,437 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2013/06/19 13:14:17 | 003,253,909 | ---- | M] () -- C:\Windows\System32\nvcoproc.bin
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/07/16 00:37:54 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/11 22:42:46 | 000,000,645 | ---- | C] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk
[2013/07/08 01:26:42 | 000,001,294 | ---- | C] () -- C:\Users\Public\Desktop\DayZ Commander.lnk
[2013/07/06 02:51:23 | 000,001,305 | ---- | C] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2013/03/08 15:28:20 | 000,009,216 | ---- | C] () -- C:\Users\Pedro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/15 23:25:14 | 000,000,093 | ---- | C] () -- C:\Users\Pedro\AppData\Local\fusioncache.dat
[2013/01/15 22:15:19 | 000,669,184 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2013/01/15 22:07:37 | 003,253,909 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2012/10/24 04:30:10 | 000,139,032 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012/10/24 04:30:10 | 000,022,328 | ---- | C] () -- C:\Users\Pedro\AppData\Roaming\PnkBstrK.sys
[2012/10/24 04:29:43 | 000,290,184 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012/10/24 04:29:42 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe

========== ZeroAccess Check ==========

[2009/07/14 01:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 01:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 09:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 22:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/01/21 20:23:17 | 000,000,000 | ---D | M] -- C:\Users\Pedro\AppData\Roaming\.minecraft
[2013/07/16 20:17:08 | 000,000,000 | ---D | M] -- C:\Users\Pedro\AppData\Roaming\BitTorrent
[2013/07/16 19:46:20 | 000,000,000 | ---D | M] -- C:\Users\Pedro\AppData\Roaming\DriverCure
[2013/03/29 22:31:22 | 000,000,000 | ---D | M] -- C:\Users\Pedro\AppData\Roaming\FreeIPODConverter
[2013/01/15 22:57:58 | 000,000,000 | ---D | M] -- C:\Users\Pedro\AppData\Roaming\MotioninJoy
[2013/07/10 23:09:12 | 000,000,000 | ---D | M] -- C:\Users\Pedro\AppData\Roaming\Origin
[2013/07/16 19:46:20 | 000,000,000 | ---D | M] -- C:\Users\Pedro\AppData\Roaming\ParetoLogic
[2012/11/15 13:08:27 | 000,000,000 | ---D | M] -- C:\Users\Pedro\AppData\Roaming\Play withSIX
[2012/11/15 19:46:55 | 000,000,000 | ---D | M] -- C:\Users\Pedro\AppData\Roaming\Publish Providers
[2013/01/09 21:58:59 | 000,000,000 | ---D | M] -- C:\Users\Pedro\AppData\Roaming\Samsung
[2012/11/15 19:46:51 | 000,000,000 | ---D | M] -- C:\Users\Pedro\AppData\Roaming\Sony
[2013/07/08 01:13:08 | 000,000,000 | ---D | M] -- C:\Users\Pedro\AppData\Roaming\SPlayer
[2013/02/15 14:17:59 | 000,000,000 | ---D | M] -- C:\Users\Pedro\AppData\Roaming\Unity

========== Purity Check ==========



< End of report >

Edited by vermelho3, 16 July 2013 - 07:41 PM.

  • 0

Advertisements


#2
nathdep

nathdep

    Member

  • Member
  • PipPipPip
  • 587 posts
Hello vermelho3 and :welcome:

I am nathdep and I will be helping you with your malware problems.

Note: Just to let you know, I am still in the process of training to become a malware expert. I want you to know that I have a teacher who will be reviewing all the fixes that I post here. Thank you for being part of my learning process! :)


Here are some general steps to follow during the clean up procedure:


  • Please print these instructions as well as future instructions as you may have to boot in safe mode and will not be able to access this site via the internet. Another solution is saving these instructions by copying and pasting them into notebook and saving the file in a convenient location.
  • Please be patient as the malware removal process could be lengthy, complex, and at times frustrating. Your cooperation throughout the entire process will benefit you as it will expedite your removal time. Please keep this issue in this post and do not post this same issue on a different site. Doing so can be compared to a patient seeing two different doctors. If the two different doctors are not aware of what medication the other doctor is prescribing, the patient could be risking his life. This is synonymous to a computer's health.
  • Please read (and re-read) the instructions entirely as not following the instructions carefully can produce damaging results.
  • Please tell me how your computer is running in the beginning of each post. Tell me both recurring and new
    issues
    as this added information can shed even more light to the problems you are experiencing.

  • 1

#3
vermelho3

vermelho3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I'm sorry for my ignorance, but i can't seem to find your instructions for the cleanup?
  • 0

#4
nathdep

nathdep

    Member

  • Member
  • PipPipPip
  • 587 posts
I'm sorry about that!

That line should have read:

Here are some general steps to follow during the malware removal process:


I have to get my first set of instructions approved by my teacher so I will be back ASAP!
  • 1

#5
nathdep

nathdep

    Member

  • Member
  • PipPipPip
  • 587 posts
Hello again vermelho3!

First, I would strongly urge you to stop downloading illegal material by using P2P programs such as utorrent and BitTorrent. This can be fatal as malware is very easily passed on through the files that are downloaded through sites that provide illegal material. It is against our Terms of Use and we hold the right to stop helping you if you continue to post about problems related to downloading illegal material. Therefore, I implore you to consider the consequences - both federal and malware related - before you download any other illegal material.

Next, Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2849856
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchab.com/...61-0025111e0747
    IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2849856
    
    :Commands
    [emptytemp]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done. A resulting Fix log should appear.
  • Open OTL again. Under the Extra Registry heading, check Use SafeList and click the Run Scan button. Two more logs should appear.
  • These three logs will be needed in your next post.

Next,
  • Download aswMBR to your Desktop by clicking here
  • Double click aswMBR.exe to run it.
  • Click Scan:


    Posted Image

  • On completion of the scan click Save log, save it to your desktop and post in your next reply:


    Posted Image

Next, I have a question. Do these problems occur during specific times such as playing games or do they happen at random times?

In your next post, be sure to include the following
  • The Fix log from OTL
  • OTL.txt
  • Extras.txt
  • The aswMBR log
  • A report on if you had any difficulties following the above instructions.

  • 1

#6
vermelho3

vermelho3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Sorry about the illegal programs, I assure you i wont be downloading any of it again!
These problems can occur at any time, but it is more likely that they happen while I'm playing a game.
And no, I had no difficulties following your instructions :)

The fix log:
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Pedro
->Temp folder emptied: 453031357 bytes
->Temporary Internet Files folder emptied: 251987778 bytes
->Java cache emptied: 401630 bytes
->Google Chrome cache emptied: 361266625 bytes
->Flash cache emptied: 1413 bytes

User: Public

User: Todos os Usuários

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Usuário Padrão
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 158534364 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.168,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 07172013_145547

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



OTL.txt:


OTL logfile created on: 17/07/2013 15:01:20 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pedro\Downloads
Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

3,50 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 56,15% Memory free
7,00 Gb Paging File | 5,20 Gb Available in Paging File | 74,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 104,39 Gb Total Space | 48,69 Gb Free Space | 46,64% Space Free | Partition Type: NTFS
Drive D: | 361,27 Gb Total Space | 14,93 Gb Free Space | 4,13% Space Free | Partition Type: NTFS
Drive G: | 100,00 Mb Total Space | 70,29 Mb Free Space | 70,29% Space Free | Partition Type: NTFS

Computer Name: PEDRO-PC | User Name: Pedro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/16 20:15:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pedro\Downloads\OTL.exe
PRC - [2013/07/12 15:49:47 | 000,846,288 | ---- | M] (Google Inc.) -- C:\Arquivos de Programas\Google\Chrome\Application\chrome.exe
PRC - [2013/07/07 23:28:50 | 003,456,080 | ---- | M] (Electronic Arts) -- D:\Arquivos de Programas\Origin\Origin.exe
PRC - [2013/07/03 18:39:22 | 001,028,896 | ---- | M] (NVIDIA Corporation) -- C:\Arquivos de Programas\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/07/03 18:32:38 | 001,887,520 | ---- | M] (NVIDIA Corporation) -- C:\Arquivos de Programas\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/06/28 14:02:06 | 002,255,184 | ---- | M] (LogMeIn Inc.) -- D:\Arquivos de Programas\Hamachi\hamachi-2-ui.exe
PRC - [2013/06/28 14:02:04 | 001,440,080 | ---- | M] (LogMeIn Inc.) -- D:\Arquivos de Programas\Hamachi\hamachi-2.exe
PRC - [2013/06/21 06:52:52 | 000,875,296 | ---- | M] (NVIDIA Corporation) -- C:\Arquivos de Programas\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2013/06/21 06:52:51 | 001,821,984 | ---- | M] (NVIDIA Corporation) -- C:\Arquivos de Programas\NVIDIA Corporation\Display\nvtray.exe
PRC - [2013/06/21 05:15:56 | 000,413,472 | ---- | M] (NVIDIA Corporation) -- C:\Arquivos de Programas\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/05/01 22:20:40 | 000,882,520 | ---- | M] (BitTorrent Inc.) -- C:\Arquivos de Programas\BitTorrent\BitTorrent.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Arquivos de Programas\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Arquivos de Programas\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Arquivos de Programas\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/01/27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- c:\Arquivos de Programas\Microsoft Security Client\NisSrv.exe
PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Arquivos de Programas\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 11:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Microsoft Security Client\msseces.exe
PRC - [2012/11/22 23:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/10/02 11:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/07/04 23:49:04 | 000,077,824 | ---- | M] (Vicky's Cool Softwares) -- C:\Arquivos de Programas\ShutDown After\SA.exe
PRC - [2012/03/01 22:59:26 | 000,285,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Arquivos de Programas\Samsung\AllShare\AllShareAgent.exe
PRC - [2012/02/11 09:14:00 | 000,105,048 | ---- | M] (Microsoft Corporation) -- c:\Arquivos de Programas\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2011/02/25 02:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 09:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe
PRC - [2010/07/28 16:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) -- C:\Arquivos de Programas\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2010/07/28 16:33:58 | 006,995,864 | ---- | M] (Affinegy, Inc.) -- C:\Arquivos de Programas\Belkin\Router Setup and Monitor\BelkinSetup.exe
PRC - [2010/07/28 16:33:58 | 001,485,208 | ---- | M] (Affinegy, Inc.) -- C:\Arquivos de Programas\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2009/03/30 02:25:26 | 043,010,392 | ---- | M] (Microsoft Corporation) -- c:\Arquivos de Programas\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
PRC - [2007/06/29 14:03:08 | 000,036,864 | ---- | M] (IGN Entertainment Inc.) -- C:\Arquivos de Programas\GameSpy\Comrade\Comrade.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/12 15:49:44 | 000,396,240 | ---- | M] () -- C:\Arquivos de Programas\Google\Chrome\Application\28.0.1500.72\ppgooglenaclpluginchrome.dll
MOD - [2013/07/12 15:49:42 | 004,052,944 | ---- | M] () -- C:\Arquivos de Programas\Google\Chrome\Application\28.0.1500.72\pdf.dll
MOD - [2013/07/12 15:48:52 | 000,601,552 | ---- | M] () -- C:\Arquivos de Programas\Google\Chrome\Application\28.0.1500.72\libglesv2.dll
MOD - [2013/07/12 15:48:51 | 000,123,344 | ---- | M] () -- C:\Arquivos de Programas\Google\Chrome\Application\28.0.1500.72\libegl.dll
MOD - [2013/07/12 15:48:49 | 001,597,392 | ---- | M] () -- C:\Arquivos de Programas\Google\Chrome\Application\28.0.1500.72\ffmpegsumo.dll
MOD - [2013/07/11 22:57:14 | 013,320,192 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\560d004ec873fb47a3e58cd5cf65d32d\System.Web.ni.dll
MOD - [2013/07/11 16:10:33 | 012,698,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\94fc97289ba0902a9237cdbfc19cdcc1\System.Windows.Forms.ni.dll
MOD - [2013/07/11 16:10:26 | 000,786,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\e42fcb372586d8b433cc3f5e23c5ab4e\System.Runtime.Remoting.ni.dll
MOD - [2013/07/11 16:10:26 | 000,220,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\1c2c7074f15ce2472a1dac64931cbfcc\System.ServiceProcess.ni.dll
MOD - [2013/07/11 16:10:21 | 010,926,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\06e9aae297c27bffef4ef184417ee6aa\PresentationCore.ni.dll
MOD - [2013/07/11 16:10:20 | 007,566,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\858e88af3a72319bdce4f6e1f9492f46\System.Xml.ni.dll
MOD - [2013/07/11 16:10:17 | 006,998,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\0e5a4b9b215047e0ef087a95683e4ece\System.Core.ni.dll
MOD - [2013/07/11 16:10:16 | 001,631,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9cab1291edbd51be678afdaf86c643c4\System.Drawing.ni.dll
MOD - [2013/07/11 16:10:14 | 003,910,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\14b83241d878b9068d265feef7fda381\WindowsBase.ni.dll
MOD - [2013/07/11 16:10:14 | 000,964,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\d87de4bbcefb0a67eaae225f35964a4f\System.Configuration.ni.dll
MOD - [2013/07/11 16:10:12 | 009,937,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\9c7c3cd390aa067130df3a89c0d3b6e4\System.ni.dll
MOD - [2013/07/11 16:10:07 | 016,547,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\bf2ecabcd96ec8238dc385b0a3ffa084\mscorlib.ni.dll
MOD - [2013/07/07 23:28:52 | 000,062,976 | ---- | M] () -- D:\Arquivos de Programas\Origin\tufao.dll
MOD - [2013/01/24 08:58:04 | 001,046,528 | ---- | M] () -- c:\Arquivos de Programas\MagniPic\sprotector.dll
MOD - [2013/01/15 23:24:03 | 002,076,672 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_3130c77f\system.xml.dll
MOD - [2013/01/15 23:24:01 | 002,994,176 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_d2bcc6ed\system.windows.forms.dll
MOD - [2013/01/15 23:23:59 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_23166473\system.drawing.dll
MOD - [2013/01/15 23:23:58 | 001,929,216 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_b34c0413\system.dll
MOD - [2013/01/15 23:23:57 | 001,462,272 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.design\1.0.5000.0__b03f5f7f11d50a3a_80013c6a\system.design.dll
MOD - [2013/01/15 23:23:56 | 003,289,088 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_cf3d0ed1\mscorlib.dll
MOD - [2013/01/15 23:23:32 | 002,039,808 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2013/01/15 23:23:32 | 001,335,296 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2013/01/15 23:23:32 | 000,569,344 | ---- | M] () -- c:\windows\assembly\gac\system.web.services\1.0.5000.0__b03f5f7f11d50a3a\system.web.services.dll
MOD - [2013/01/15 23:23:31 | 001,245,184 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2013/01/15 23:23:31 | 001,216,512 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2013/01/15 23:23:31 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2013/01/15 23:23:31 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2013/01/15 23:23:30 | 001,699,840 | ---- | M] () -- c:\windows\assembly\gac\system.design\1.0.5000.0__b03f5f7f11d50a3a\system.design.dll
MOD - [2013/01/15 23:23:30 | 000,007,680 | ---- | M] () -- c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll
MOD - [2012/08/27 20:33:32 | 000,087,912 | ---- | M] () -- C:\Arquivos de Programas\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 20:33:08 | 001,242,512 | ---- | M] () -- C:\Arquivos de Programas\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/07/28 16:34:04 | 000,022,424 | ---- | M] () -- C:\Arquivos de Programas\Belkin\Router Setup and Monitor\BelkinServicePS.dll
MOD - [2010/07/28 16:02:58 | 000,658,432 | ---- | M] () -- C:\Arquivos de Programas\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
MOD - [2010/06/23 17:12:28 | 007,187,456 | ---- | M] () -- C:\Arquivos de Programas\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2010/06/23 17:11:52 | 000,325,632 | ---- | M] () -- C:\Arquivos de Programas\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2010/06/23 17:11:48 | 001,954,304 | ---- | M] () -- C:\Arquivos de Programas\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2010/06/23 17:11:48 | 000,847,360 | ---- | M] () -- C:\Arquivos de Programas\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2010/06/23 16:38:18 | 000,119,808 | ---- | M] () -- C:\Arquivos de Programas\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
MOD - [2009/07/13 22:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2007/06/29 14:03:30 | 000,221,184 | ---- | M] () -- c:\Arquivos de Programas\GameSpy\Comrade\156\GPNET.dll
MOD - [2007/06/29 14:03:30 | 000,021,504 | ---- | M] () -- c:\Arquivos de Programas\GameSpy\Comrade\156\NetDetect.dll
MOD - [2007/06/29 14:03:28 | 000,434,176 | ---- | M] () -- c:\Arquivos de Programas\GameSpy\Comrade\156\GameSpy.VEngine.dll
MOD - [2007/06/29 14:02:42 | 000,057,344 | ---- | M] () -- c:\Arquivos de Programas\GameSpy\Comrade\156\DetectLib.dll


========== Services (SafeList) ==========

SRV - [2013/07/09 22:56:22 | 000,559,016 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/07/08 01:59:26 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2013/07/03 18:32:38 | 001,887,520 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Arquivos de Programas\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/06/28 14:02:04 | 001,440,080 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- D:\Arquivos de Programas\Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013/06/21 05:15:56 | 000,413,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Arquivos de Programas\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/06/15 18:24:28 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Arquivos de Programas\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/27 01:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Arquivos de Programas\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Arquivos de Programas\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/01/27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Arquivos de Programas\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Arquivos de Programas\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/10/02 11:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/03/02 16:00:26 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Stopped] -- C:\Arquivos de Programas\Samsung\AllShare\AllShareDMS\AllShareDMS.exe -- (SamsungAllShareV2.0)
SRV - [2012/03/02 16:00:20 | 000,027,584 | ---- | M] (Samsung Electronics Co., Ltd.) [On_Demand | Stopped] -- C:\Arquivos de Programas\Samsung\AllShare\AllShareSlideShowService.exe -- (SimpleSlideShowServer)
SRV - [2012/02/11 09:14:00 | 000,105,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Arquivos de Programas\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010/11/20 09:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010/07/28 16:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Arquivos de Programas\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/23 00:08:48 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Arquivos de Programas\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100)
SRV - [2009/07/13 22:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/03/30 02:25:26 | 043,010,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Arquivos de Programas\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS)
SRV - [2009/03/30 02:23:32 | 000,254,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Arquivos de Programas\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2009/03/30 02:23:24 | 000,366,936 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Arquivos de Programas\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{06B4C656-3ADE-46CA-B30A-16392086B6BC}\MpKslae3b1baa.sys -- (MpKslae3b1baa)
DRV - [2013/06/21 09:02:43 | 009,069,344 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/02/25 02:27:46 | 000,154,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2013/01/20 15:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/05/12 11:31:00 | 000,099,400 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV - [2010/11/20 07:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 06:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/07/04 16:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- D:\Arquivos de Programas\unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2009/03/30 02:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2009/03/18 15:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{B589D909-8A4C-4687-9669-2F0E02DE3BDB}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8A 4D 5F A5 5D B1 CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {29acf17c-1713-4286-8f40-bfd05f1e70c8} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://searchab.com/...q={searchTerms}
IE - HKCU\..\SearchScopes\{480B6AF9-9C3E-477E-98B8-4739C313275E}: "URL" = http://websearch.ask...30-DD1644BF7DE2
IE - HKCU\..\SearchScopes\{B589D909-8A4C-4687-9669-2F0E02DE3BDB}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Arquivos de Programas\Itunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.140.0: C:\Program Files\Battlelog Web Plugins\1.140.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.7: C:\Program Files\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Pedro\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)


[2012/10/23 18:31:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pedro\AppData\Roaming\mozilla\Firefox\extensions
[2012/10/23 18:31:13 | 000,000,000 | ---D | M] (BittorrentBar_PT) -- C:\Users\Pedro\AppData\Roaming\mozilla\Firefox\extensions\{29acf17c-1713-4286-8f40-bfd05f1e70c8}

========== Chrome ==========

CHR - homepage:
CHR - Extension: No name found = C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\bommelfnddjcbmbcfhmhjikpfphlebjh\1.0.0.1_0\
CHR - Extension: No name found = C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.2_0\
CHR - Extension: No name found = C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejpcolehiecjkanilhmblkbndaomhpc\2.3.19.11_0\
CHR - Extension: No name found = C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\
CHR - Extension: No name found = C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp\8.0_0\

O1 HOSTS File: ([2009/06/10 18:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de Programas\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de Programas\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AllShareAgent] C:\Arquivos de Programas\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] D:\Arquivos de Programas\Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Nvtmru] C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PrivitizeVPN] C:\Program Files\PrivitizeVPN\PrivitizeVPN.exe (OOO Industry)
O4 - HKLM..\Run: [SwitchBoard] C:\Arquivos de Programas\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
O4 - HKCU..\Run: [Comrade.exe] C:\Arquivos de Programas\GameSpy\Comrade\Comrade.exe (IGN Entertainment Inc.)
O4 - HKCU..\Run: [EADM] D:\Arquivos de Programas\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED File not found
O4 - Startup: C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShutDown After.lnk = C:\Arquivos de Programas\ShutDown After\SA.exe (Vicky's Cool Softwares)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Arquivos de Programas\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1B515056-FD66-40FF-AFF2-7AEF127B7746}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de Programas\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\progra~1\magnipic\sprote~1.dll) - c:\Arquivos de Programas\MagniPic\sprotector.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/12/05 01:14:14 | 000,003,072 | -H-- | M] () - C:\Auto.dll -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/17 14:55:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/07/16 19:46:20 | 000,000,000 | ---D | C] -- C:\Users\Pedro\AppData\Roaming\ParetoLogic
[2013/07/16 19:46:20 | 000,000,000 | ---D | C] -- C:\Users\Pedro\AppData\Roaming\DriverCure
[2013/07/16 19:46:10 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2013/07/16 00:39:02 | 000,000,000 | ---D | C] -- C:\Users\Pedro\AppData\Roaming\Malwarebytes
[2013/07/16 00:37:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/16 00:37:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/07/16 00:37:44 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/07/16 00:37:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/07/16 00:37:32 | 000,000,000 | ---D | C] -- C:\Users\Pedro\AppData\Local\Programs
[2013/07/11 22:42:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
[2013/07/11 22:42:15 | 000,000,000 | ---D | C] -- C:\Users\Pedro\Documents\Guild Wars 2
[2013/07/11 16:09:23 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/07/11 16:09:22 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/07/11 16:09:22 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/07/11 16:09:22 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/07/11 16:09:21 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/07/11 16:09:21 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/07/11 16:09:21 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/07/11 16:09:21 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/07/11 16:09:21 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/07/11 16:09:21 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/07/11 14:51:18 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2013/07/11 14:51:17 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013/07/11 14:51:16 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2013/07/11 14:51:15 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/07/08 01:59:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BattlEye
[2013/07/08 01:56:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Bohemia Interactive Studio
[2013/07/08 01:27:37 | 000,000,000 | ---D | C] -- C:\Users\Pedro\AppData\Local\DayZCommander
[2013/07/08 01:26:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dotjosh Studios
[2013/07/08 01:26:35 | 000,000,000 | ---D | C] -- C:\Program Files\Dotjosh Studios
[2013/07/06 15:46:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013/07/06 02:52:07 | 000,000,000 | ---D | C] -- C:\Users\Pedro\AppData\Local\NVIDIA
[2013/07/06 02:01:43 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2013/07/06 01:58:38 | 000,154,400 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvhda32v.sys
[2013/07/06 01:58:38 | 000,028,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdap32.dll
[2013/07/06 01:58:36 | 021,102,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2013/07/06 01:58:36 | 006,324,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvopencl.dll
[2013/07/06 01:58:35 | 009,069,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2013/07/06 01:58:35 | 007,687,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2013/07/06 01:58:35 | 002,777,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2013/07/06 01:58:35 | 002,002,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2013/07/06 01:58:35 | 001,024,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3232049.dll
[2013/07/06 01:58:35 | 000,893,728 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco3232049.dll
[2013/07/06 01:58:35 | 000,467,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvIFR.dll
[2013/07/06 01:58:35 | 000,465,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvFBC.dll
[2013/07/06 01:58:35 | 000,214,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvinit.dll
[2013/07/06 01:58:35 | 000,181,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglshim32.dll
[2013/07/06 01:58:32 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2013/06/21 05:16:02 | 000,566,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvStreaming.exe

========== Files - Modified Within 30 Days ==========

[2013/07/17 14:58:00 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/17 14:57:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/17 14:57:36 | 2818,023,424 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/17 14:45:06 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/17 14:45:06 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/17 04:24:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/17 04:05:01 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/16 19:40:06 | 312,069,829 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/07/16 00:37:54 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/15 18:29:09 | 000,001,305 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2013/07/13 20:44:48 | 000,139,032 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2013/07/13 20:44:37 | 000,290,184 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2013/07/13 20:44:08 | 000,280,904 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2013/07/11 22:42:46 | 000,000,645 | ---- | M] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk
[2013/07/11 21:23:38 | 003,661,776 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/07/08 01:26:42 | 000,001,294 | ---- | M] () -- C:\Users\Public\Desktop\DayZ Commander.lnk
[2013/06/21 09:02:43 | 021,102,368 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2013/06/21 09:02:43 | 017,560,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2013/06/21 09:02:43 | 013,411,896 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2013/06/21 09:02:43 | 012,427,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2013/06/21 09:02:43 | 009,069,344 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2013/06/21 09:02:43 | 007,687,592 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2013/06/21 09:02:43 | 006,324,360 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvopencl.dll
[2013/06/21 09:02:43 | 002,777,888 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2013/06/21 09:02:43 | 002,597,856 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2013/06/21 09:02:43 | 002,002,720 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2013/06/21 09:02:43 | 001,024,288 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3232049.dll
[2013/06/21 09:02:43 | 000,925,648 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvumdshim.dll
[2013/06/21 09:02:43 | 000,893,728 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco3232049.dll
[2013/06/21 09:02:43 | 000,467,232 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\NvIFR.dll
[2013/06/21 09:02:43 | 000,465,184 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\NvFBC.dll
[2013/06/21 09:02:43 | 000,214,448 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvinit.dll
[2013/06/21 09:02:43 | 000,181,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvoglshim32.dll
[2013/06/21 09:02:43 | 000,016,437 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2013/06/21 06:52:51 | 004,192,544 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll
[2013/06/21 06:52:51 | 003,045,664 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll
[2013/06/21 06:52:48 | 002,555,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvcr.dll
[2013/06/21 06:52:48 | 000,062,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll
[2013/06/21 06:52:47 | 000,223,008 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll
[2013/06/21 05:16:02 | 000,566,048 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvStreaming.exe
[2013/06/19 13:14:17 | 003,253,909 | ---- | M] () -- C:\Windows\System32\nvcoproc.bin

========== Files Created - No Company Name ==========

[2013/07/16 00:37:54 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/11 22:42:46 | 000,000,645 | ---- | C] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk
[2013/07/08 01:26:42 | 000,001,294 | ---- | C] () -- C:\Users\Public\Desktop\DayZ Commander.lnk
[2013/07/06 02:51:23 | 000,001,305 | ---- | C] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2013/03/08 15:28:20 | 000,009,216 | ---- | C] () -- C:\Users\Pedro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/15 23:25:14 | 000,000,093 | ---- | C] () -- C:\Users\Pedro\AppData\Local\fusioncache.dat
[2013/01/15 22:15:19 | 000,669,184 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2013/01/15 22:07:37 | 003,253,909 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2012/10/24 04:30:10 | 000,139,032 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012/10/24 04:30:10 | 000,022,328 | ---- | C] () -- C:\Users\Pedro\AppData\Roaming\PnkBstrK.sys
[2012/10/24 04:29:43 | 000,290,184 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012/10/24 04:29:42 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe

========== ZeroAccess Check ==========

[2009/07/14 01:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 01:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 09:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 22:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >


Extras.txt

OTL Extras logfile created on: 17/07/2013 15:01:20 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pedro\Downloads
Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

3,50 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 56,15% Memory free
7,00 Gb Paging File | 5,20 Gb Available in Paging File | 74,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 104,39 Gb Total Space | 48,69 Gb Free Space | 46,64% Space Free | Partition Type: NTFS
Drive D: | 361,27 Gb Total Space | 14,93 Gb Free Space | 4,13% Space Free | Partition Type: NTFS
Drive G: | 100,00 Mb Total Space | 70,29 Mb Free Space | 70,29% Space Free | Partition Type: NTFS

Computer Name: PEDRO-PC | User Name: Pedro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- D:\Arquivos de Programas\photoshop\Adobe Photoshop CS6 Extended\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00736D67-3BD1-4810-9590-4692959726F6}" = lport=3702 | protocol=17 | dir=in | app=c:\program files\microsoft visual studio 11.0\common7\ide\wdexpress.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0063CED2-AB05-4498-B38E-03CDB68EC313}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{03C4EC75-566C-4FA0-9C4E-FC6CE728D688}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{076608D9-50BD-410E-A47A-14B85132ED79}" = protocol=17 | dir=in | app=d:\arquivos de programas\steam\steamapps\danirox95\source sdk base 2007\hl2.exe |
"{08A1E7C2-F506-4588-A361-111938EF193D}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{08C5A692-0281-47EB-BB53-9D682FB79636}" = protocol=17 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{0A616F2D-E9DB-4258-BD0D-ED469826C8B9}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{0F1E8697-D34C-465B-A24B-D351FCDA5694}" = protocol=6 | dir=in | app=d:\arquivos de programas\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{109DD450-029F-40E3-81EC-D76EE6A58BF3}" = protocol=17 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{127EFC46-53A8-4406-BF7C-B9D1EA0FF389}" = dir=in | app=c:\program files\samsung\allshare\allshareagent.exe |
"{172E1661-9B0F-4C9F-9E40-065F3525A3B6}" = protocol=6 | dir=in | app=d:\arquivos de programas\cracked games\half-life\hl.exe |
"{1865EAF8-527B-43A3-959B-5EDC54125A44}" = protocol=6 | dir=in | app=d:\arquivos de programas\steam\steamapps\common\crysis warhead\bin32\crysis.exe |
"{18E109E6-CD2D-463F-9A1B-2C54333ADCBE}" = protocol=6 | dir=in | app=d:\arquivos de programas\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{1AC86832-4EA0-4B67-A46A-990DC9E2DFC7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{1E4E5006-C2B4-4EAC-9119-24B234B9D6CD}" = protocol=17 | dir=in | app=d:\arquivos de programas\steam\steamapps\common\arma 2\arma2.exe |
"{1EEEEFC4-4F8F-45F8-A3A9-B342FE7E20BF}" = protocol=17 | dir=in | app=d:\arquivos de programas\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe |
"{214E522E-5EC5-45FA-8C52-24DE53587396}" = protocol=17 | dir=in | app=d:\arquivos de programas\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{222E2455-CAD8-4C45-A874-B95B3447AE2E}" = protocol=17 | dir=in | app=d:\arquivos de programas\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe |
"{225FA0C6-53E5-48E8-98B1-64A1AD293B32}" = protocol=17 | dir=in | app=d:\arquivos de programas\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe |
"{28605FBA-0C24-40D1-A4E2-4C7184349AE6}" = protocol=6 | dir=in | app=d:\arquivos de programas\guild wars 2\gw2.exe |
"{293D1089-32D1-497C-BCF9-1DFB9C5927F2}" = protocol=17 | dir=in | app=c:\users\pedro\appdata\local\temp\gw2.exe |
"{2A72C73D-8B08-4AA2-8035-E7823AE4841C}" = protocol=6 | dir=in | app=d:\arquivos de programas\cracked games\torchlight.ii-reloaded\torchlight ii\torchlight2.exe |
"{2DABDC62-CB51-4FED-BD4B-96027E0518F8}" = protocol=6 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{355C44D4-0CE9-4CD9-8FF3-35C687C0C39D}" = protocol=17 | dir=in | app=d:\arquivos de programas\steam\steamapps\common\crysis\bin32\crysis.exe |
"{36F666E0-C785-4D90-AFB7-2971A13CCA63}" = protocol=17 | dir=in | app=d:\arquivos de programas\origin games\battlefield 3\bf3.exe |
"{37B1D453-374F-44DA-8425-CCB1F81D7B90}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{41527A2E-8218-4DEC-B6AD-2A35AF2B51DD}" = protocol=17 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{41907F2E-3AE1-4A38-AABF-0374D956E1C9}" = protocol=17 | dir=in | app=d:\arquivos de programas\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe |
"{456DF198-AD63-4827-8A09-F68ECCCE6DD7}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{49AC433D-3AB3-4296-9181-E8F1583A8C0F}" = dir=in | app=d:\arquivos de programas\itunes\itunes.exe |
"{4E342053-3B1B-44C7-AF42-B9EA1A4A5D5F}" = protocol=17 | dir=in | app=d:\arquivos de programas\steam\steamapps\common\the witcher 2\launcher.exe |
"{4EFDB2A1-EB4B-4B7B-8C79-CF8A15E60403}" = protocol=6 | dir=in | app=c:\users\pedro\appdata\local\temp\gw2.exe |
"{50A568CA-9064-4D7A-BA0E-C83807441966}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{55732554-4684-471F-AA67-7B722B490D74}" = protocol=17 | dir=in | app=d:\arquivos de programas\steam\steamapps\danirox95\counter-strike source\hl2.exe |
"{5CA19292-52CA-4575-9BB2-21B5580C497E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5D56442E-9255-4C10-B80B-F3FE514EE6A7}" = protocol=6 | dir=in | app=d:\arquivos de programas\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe |
"{60454189-F950-4CB3-86E6-11C2DD8BB0F3}" = protocol=6 | dir=in | app=d:\arquivos de programas\steam\steam.exe |
"{615ED410-8D87-4769-AFE2-12F709EE58C1}" = dir=in | app=c:\program files\samsung\allshare\allsharedms\allsharedms.exe |
"{62637DD1-3629-4A7B-A423-2A2085BA9675}" = protocol=6 | dir=in | app=d:\arquivos de programas\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe |
"{62656B81-F218-4C39-B2D9-6D7EDE1A24DE}" = protocol=6 | dir=in | app=d:\arquivos de programas\steam\steamapps\common\magicka\magicka.exe |
"{642E0E87-5C18-4003-AFAB-BFDFC1FCE2DC}" = protocol=6 | dir=in | app=d:\arquivos de programas\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{64664AEB-559E-41D5-A7DA-01FB2C45F581}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{652AA84C-3DDF-45F1-918D-C82AA4090D5F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{664F07F8-9E67-4314-B019-3E96B4C7AAD9}" = protocol=6 | dir=in | app=d:\arquivos de programas\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{6697CC43-F92A-4136-A744-DC73448CCE40}" = protocol=17 | dir=in | app=d:\arquivos de programas\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe |
"{673298F7-9A21-46F8-93CD-8F68F5309327}" = protocol=6 | dir=in | app=d:\arquivos de programas\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe |
"{6778FD4C-8D08-4AEC-AB63-293CDA0FAEBD}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{6A563CFF-049D-4FF9-A6C6-052A6F398834}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{6FE59EF8-D9A4-4C86-8CD9-56AC08DAFAD5}" = protocol=6 | dir=in | app=d:\arquivos de programas\steam\steamapps\common\the witcher 2\launcher.exe |
"{71975E73-E4EA-47D3-874F-7FC0820C22B7}" = protocol=17 | dir=in | app=d:\arquivos de programas\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe |
"{75132AAD-8313-4198-8643-37470FE58CD4}" = protocol=6 | dir=in | app=d:\arquivos de programas\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe |
"{7CCB5835-AF77-4FD7-8785-BE17BE6D0441}" = protocol=17 | dir=in | app=d:\arquivos de programas\steam\steamapps\common\magicka\magicka.exe |
"{7D7C7526-2C59-4A6F-9604-A9ECC82F0E4C}" = protocol=17 | dir=in | app=d:\arquivos de programas\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe |
"{84704BED-1612-46E1-B35D-468FBDBB8D33}" = protocol=6 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{8BA6B697-D516-47D4-8FE1-AB31C6D150D9}" = protocol=6 | dir=in | app=d:\arquivos de programas\steam\steamapps\common\arma 2\arma2.exe |
"{8D7915C0-146B-47D2-8764-37273E90689D}" = protocol=17 | dir=in | app=d:\arquivos de programas\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{93C86B7B-908C-4A43-9DB4-859BD47416FC}" = protocol=17 | dir=in | app=d:\arquivos de programas\cracked games\torchlight.ii-reloaded\torchlight ii\torchlight2.exe |
"{97923394-648B-4201-88F5-6E2B53FC7574}" = protocol=6 | dir=in | app=d:\arquivos de programas\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe |
"{97D6ADBE-B5ED-44B6-94C5-F4A3126C0023}" = protocol=17 | dir=in | app=d:\arquivos de programas\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{9C1CBFA3-0D54-4A66-A949-AAA876A5F06F}" = protocol=17 | dir=in | app=d:\arquivos de programas\steam\steamapps\common\counter-strike source\hl2.exe |
"{A0D427EE-A8A0-43EB-B612-CA2DF04CD7E7}" = dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{A1047E3D-C0BB-4772-A0A4-E70EFF047492}" = dir=in | app=c:\program files\samsung\allshare\allshare.exe |
"{A716B7E8-99A7-4227-9826-54FDB1018D6D}" = protocol=6 | dir=in | app=d:\arquivos de programas\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe |
"{A73434B4-E9D3-4319-A131-CB9DD4CC8D51}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{AE046DAD-D070-4CD1-912C-153F866EB393}" = protocol=6 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{B0731089-6CBE-4A9E-A5FB-43BA7215EF70}" = protocol=6 | dir=in | app=d:\arquivos de programas\steam\steamapps\danirox95\source sdk base 2007\hl2.exe |
"{B8B831AB-B8B1-4AE7-BA8E-C83F16A34B73}" = protocol=17 | dir=in | app=d:\arquivos de programas\cracked games\half-life\hl.exe |
"{B97AACE7-F324-4330-B60E-F92BE60B668A}" = protocol=6 | dir=in | app=d:\arquivos de programas\steam\steamapps\danirox95\counter-strike source\hl2.exe |
"{B99A01CD-CF5B-4090-9EA0-87FC84C0CDCD}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{BC641A20-7643-4329-90EB-395D9D5B0F20}" = protocol=17 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{BE0A1A57-A7CD-4352-91ED-47BFF7BBD441}" = protocol=6 | dir=in | app=d:\arquivos de programas\steam\steamapps\common\arma 2\arma2.exe |
"{BE457E44-D4D5-41BB-9EE1-D6759D3BF886}" = protocol=58 | dir=in | app=system |
"{BEA69882-2022-4E9D-9C05-54E6B2701FF0}" = protocol=6 | dir=in | app=d:\arquivos de programas\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe |
"{C3F16F21-E600-4195-8F4F-F0AA5D2851D7}" = protocol=17 | dir=in | app=d:\arquivos de programas\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe |
"{C56157B9-95E0-49A8-8B98-F09CD5E85ECA}" = protocol=17 | dir=in | app=d:\arquivos de programas\steam\steam.exe |
"{CAF0EFD9-1580-4409-B19D-F61DDF8DCCE9}" = protocol=17 | dir=in | app=d:\arquivos de programas\steam\steamapps\common\arma 2\arma2.exe |
"{CC2F3F7D-25C9-4C3E-B6D2-C391F0CDE276}" = protocol=17 | dir=in | app=d:\arquivos de programas\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{D0BC0809-D4C3-4423-A306-92D7CD0A049D}" = protocol=17 | dir=in | app=d:\arquivos de programas\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"{D77920BB-FB61-425A-B4B4-15FFFF03D4CE}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{DBCDA1C4-F842-48C4-A808-518979B65885}" = protocol=6 | dir=in | app=d:\arquivos de programas\steam\steamapps\common\counter-strike source\hl2.exe |
"{DED61E49-4748-413C-AE20-34B2E470843B}" = protocol=6 | dir=in | app=d:\arquivos de programas\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe |
"{E370388B-A9B7-4741-A3C7-80792564C151}" = protocol=6 | dir=in | app=d:\arquivos de programas\origin games\battlefield 3\bf3.exe |
"{E5765AC6-30FC-4A53-9928-C30011168C64}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{E6701C6D-3F05-4674-8320-979098F47889}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EA7BB3FC-0F95-4DBB-A6BF-E88FC64E22B7}" = protocol=6 | dir=in | app=d:\arquivos de programas\steam\steamapps\common\crysis\bin32\crysis.exe |
"{F90C0DE6-0878-4D3A-8F38-20F71DE520AA}" = protocol=17 | dir=in | app=d:\arquivos de programas\guild wars 2\gw2.exe |
"{FBF6EE9C-B786-4A3A-B463-9511611C1643}" = protocol=6 | dir=in | app=d:\arquivos de programas\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"{FC907EA0-9AB4-4851-ABAE-05744964299C}" = protocol=58 | dir=out | [email protected],-503 |
"{FD9DBA9B-5E19-45DD-A402-22D243031818}" = protocol=6 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{FE5BCBAF-C58C-496E-BB92-026DC9416E27}" = protocol=17 | dir=in | app=d:\arquivos de programas\steam\steamapps\common\crysis warhead\bin32\crysis.exe |
"TCP Query User{4064670F-7667-4D71-AC3D-09F6BC2612B5}C:\users\pedro\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\pedro\appdata\local\temp\gw2.exe |
"TCP Query User{44D4DB6B-2CD4-4598-B78F-A87D222ABA53}D:\arquivos de programas\steam\steamapps\danirox95\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=d:\arquivos de programas\steam\steamapps\danirox95\counter-strike source\hl2.exe |
"TCP Query User{47428205-11EF-481B-BEA1-C481036887BF}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{49904E86-0565-4FC4-95DA-09A23D931DB5}D:\arquivos de programas\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=d:\arquivos de programas\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"TCP Query User{A716A9D9-3FFF-4DA7-B611-6A64323F913E}D:\arquivos de programas\cracked games\half-life\hl.exe" = protocol=6 | dir=in | app=d:\arquivos de programas\cracked games\half-life\hl.exe |
"TCP Query User{CA5A4683-AB40-4D50-9CD6-68DD99E2C030}D:\arquivos de programas\cracked games\slender - survival\survivers_beta_3.exe" = protocol=6 | dir=in | app=d:\arquivos de programas\cracked games\slender - survival\survivers_beta_3.exe |
"TCP Query User{D23030ED-0A49-4FC1-A2AA-E5DE7644CFEB}D:\arquivos de programas\cracked games\torchlight.ii-reloaded\torchlight ii\torchlight2.exe" = protocol=6 | dir=in | app=d:\arquivos de programas\cracked games\torchlight.ii-reloaded\torchlight ii\torchlight2.exe |
"TCP Query User{EEAC89A9-0F0D-433E-B5CC-9D5245507CC2}D:\arquivos de programas\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=d:\arquivos de programas\guild wars 2\gw2.exe |
"TCP Query User{F2D3833D-AF96-4B2B-8765-92B798AF1D8B}D:\arquivos de programas\dayz updater\tools\bin\rsync.exe" = protocol=6 | dir=in | app=d:\arquivos de programas\dayz updater\tools\bin\rsync.exe |
"UDP Query User{0FE4E565-9276-4F19-AC70-87109C76027E}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{15FED930-A367-479B-A9F9-0C9D83A1D4CE}D:\arquivos de programas\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=d:\arquivos de programas\guild wars 2\gw2.exe |
"UDP Query User{459929F1-2F2F-40B2-B4BF-1748C9A7B9D4}D:\arquivos de programas\dayz updater\tools\bin\rsync.exe" = protocol=17 | dir=in | app=d:\arquivos de programas\dayz updater\tools\bin\rsync.exe |
"UDP Query User{76FE396B-B6D5-4079-8ADB-B7EEA025D9D8}D:\arquivos de programas\cracked games\half-life\hl.exe" = protocol=17 | dir=in | app=d:\arquivos de programas\cracked games\half-life\hl.exe |
"UDP Query User{9CA795D0-D95F-4223-B05A-3C065426BFAE}D:\arquivos de programas\steam\steamapps\danirox95\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=d:\arquivos de programas\steam\steamapps\danirox95\counter-strike source\hl2.exe |
"UDP Query User{BDB35906-507A-431B-80CE-6F326E6C02A2}D:\arquivos de programas\cracked games\torchlight.ii-reloaded\torchlight ii\torchlight2.exe" = protocol=17 | dir=in | app=d:\arquivos de programas\cracked games\torchlight.ii-reloaded\torchlight ii\torchlight2.exe |
"UDP Query User{E82E67BB-052D-41FD-B21D-F494CDEFE608}D:\arquivos de programas\cracked games\slender - survival\survivers_beta_3.exe" = protocol=17 | dir=in | app=d:\arquivos de programas\cracked games\slender - survival\survivers_beta_3.exe |
"UDP Query User{E8CF7406-3D64-454B-A4B3-B6714FF62BDD}C:\users\pedro\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\pedro\appdata\local\temp\gw2.exe |
"UDP Query User{F0653CED-75A4-4BF7-A481-6E34ED0837F0}D:\arquivos de programas\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=d:\arquivos de programas\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09412B73-6159-40D6-B0B9-C11B30A7531E}" = Microsoft Visual Studio 2012 Preparation
"{0ACC2993-2058-4BE7-9A92-9DCDAA9B3412}" = LogMeIn Hamachi
"{0B74EC0B-2A85-4542-A167-3DE2132E7DAA}" = DayZ Commander
"{1410622D-CB02-412C-B55A-735CB77D40A3}" = Microsoft Visual C++ 2012 32bit Compilers - ENU Resources
"{1948E039-EC79-4591-951D-9867A8C14C90}" = Microsoft .NET Framework 4.5 SDK
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1B9BBB23-65CB-3AEE-BFC6-633E7CA299FD}" = Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU
"{1BE2AFE6-209E-3862-AE45-DA9D3D21BD65}" = Microsoft Visual Studio Express 2012 for Windows Desktop
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20A15757-4AE4-3C82-9711-863C84AFE6AA}" = Microsoft .NET Framework 4 Client Profile PTB Language Pack
"{222C5507-AC43-388F-808E-2266EC57E043}" = Microsoft Visual Studio Express 2012 for Windows Desktop - ENU
"{23176E97-26CB-C72A-19EB-BFB21AC1D15A}" = Windows Software Development Kit DirectX x86 Remote
"{2C0CC01A-DDBC-3AED-AF18-E741242FD727}" = Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{30C27CAE-9266-3B47-837D-193C16EDB811}" = Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.51106
"{3282FBE1-35FC-48D8-98CA-115A5EF1F9B4}" = NVIDIA PhysX
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy Gamepad tool 0.7.1001
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{38FC6E9A-F719-431A-A83D-4C86D5FD6555}" = Microsoft Visual Studio 2012 Shell (Minimum) Resources
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{413DEAF3-BDDA-4BFF-AFFF-8CDF52B40316}" = Play withSIX
"{42F61556-29ED-8122-F39E-6F04EA5FF279}" = Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
"{45A8F8FF-ED9B-40B2-B923-94F46FCF6135}" = Microsoft SQL Server 2012 Command Line Utilities
"{46F8CF66-AB83-38A7-99B2-A5BE507EE472}" = Microsoft Visual C++ 2010 Express - ENU
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{49402ED1-A795-4435-A745-1B781BE621A6}" = Microsoft NuGet - Visual Studio Express 2012 for Windows Desktop
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
"{4F2B8233-35EE-4197-8C3B-EACCBF712029}" = Microsoft SQL Server Data Tools - enu (11.1.20828.01)
"{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
"{526b1417-92c1-3737-8247-4abc49ccc8e4}" = Python 3.3.0
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}" = Microsoft .NET Framework 4.5 Multi-Targeting Pack
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Suporte para Aplicativos Apple
"{5E591A43-4424-417D-946D-C0A7559989A1}" = Microsoft Visual C++ 2012 x86-x64 Compilers
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{60D5EF2A-4E0C-2C30-38F6-59C26E134F4A}" = Windows Software Development Kit
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{6D6D43E5-218C-4B05-92D3-2240810F4760}" = Microsoft SQL Server 2012 T-SQL Language Service
"{6DAB46E3-D017-3E2B-85D8-F57A230384C0}" = Microsoft Visual Studio Team Foundation Server 2012 Team Explorer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{76D41CE5-95B9-47E4-A50F-DD9BAD373E13}" = MagniPic
"{773AC1E4-5F27-4DF6-A932-7FDDE35C069D}" = Microsoft SQL Server Compact 4.0 SP1 ENU
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79B49428-E9B0-4479-A0FA-3EFF8AFA9F07}" = Microsoft SQL Server 2012 Transact-SQL Compiler Service
"{800F484E-9D69-492D-B656-7BAA32586142}" = Microsoft Visual Studio 2012 Shell (Minimum)
"{820C677A-41B2-48C3-8136-FEE35A052E73}" = Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies
"{83C7F964-AC58-4104-B613-B4D0F61DA8CD}" = Microsoft SQL Server 2012 Native Client
"{84F3F00F-CCA9-43B3-A493-1E2757649848}_is1" = Lucius 1.01.3173
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{9169C939-ED01-446A-BD0C-29873BAF4E48}" = Prerequisites for SSDT
"{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}" = iTunes
"{925F1DB6-E86E-4378-9091-D1F68B0583C9}" = iCloud
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{942E5137-7517-3B37-9FC0-CC7519125446}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F612429-4A00-3D44-88CF-146DA2EE1F92}" = Microsoft .NET Framework 4.5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.3
"{AFA4B0BF-3289-495A-B949-BA91F39B1A44}" = Entity Framework Designer for Visual Studio 2012 - enu
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Driver do 3D Vision 320.49
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Painel de controle da NVIDIA 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Driver de gráficos 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.5.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Driver de controle do 3D Vision 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Software do sistema PhysX 9.13.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Atualizações da NVIDIA 6.4.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Driver de áudio HD 1.3.24.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C1BE4600-7D15-3D1E-8AA2-B3241DB1D063}" = Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD920828-2B95-49A4-8BFD-1D34BCBF5A27}" = Microsoft SQL Server 2012 Transact-SQL ScriptDom
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D11F66FF-82B3-DDB8-1146-525370552BE1}" = Windows Software Development Kit for Windows Store Apps
"{D29C7866-E142-3557-95F3-B76F8E655481}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model
"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files
"{D9DA2981-3298-4F1A-9192-F2CF5BD91145}" = Microsoft SQL Server 2012 Express LocalDB
"{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}" = Microsoft SQL Server 2012 Management Objects
"{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"{e0efdce9-a486-4676-8aa5-65bb08cbf34c}" = Microsoft Visual Studio Express 2012 for Windows Desktop - ENU
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E1C13D5C-2907-454D-A7A6-61253A221FAA}" =
"{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}" = Microsoft System CLR Types for SQL Server 2012
"{E6F012B0-E930-11E0-A67A-F04DA23A5C58}" = Vegas Pro 11.0
"{E818AE7C-244B-4A50-9C86-C0E4A8B69159}" = Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{E9627240-E930-11E0-8690-F04DA23A5C58}" = MSVCRT Redists
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F361FE04-789E-42F3-BBAB-E7B380AA5E06}" = Windows XP Targeting with C++
"{FAE0523E-08A4-4717-8E8E-6EC6F32CBE88}" = Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20828.01)
"{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}" = Microsoft SQL Server 2012 Data-Tier App Framework
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"{FEB375AB-6EEC-3929-8FAF-188ED81DD8B5}" = Microsoft Help Viewer 2.0
"{FFC6E93A-B9AD-3F20-9B06-EE20E24AAEAF}" = Microsoft Visual C++ 2012 Core Libraries
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Battlelog Web Plugins" = Battlelog Web Plugins
"BattlEye for A2" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
"BitTorrent" = BitTorrent
"ESN Sonar-0.70.4" = ESN Sonar
"Free iPod Video Converter_is1" = Free iPod Video Converter V 3.0
"Google Chrome" = Google Chrome
"Guild Wars 2" = Guild Wars 2
"InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"LogMeIn Hamachi" = LogMeIn Hamachi
"MagniPic" =
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versão 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile PTB Language Pack" = Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 2.0" = Microsoft Help Viewer 2.0
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual C++ 2010 Express - ENU" = Microsoft Visual C++ 2010 Express - ENU
"Minecraft 1.4.5" = Minecraft 1.4.5
"Minecraft1.4.7" = Minecraft1.4.7
"No Time To Explain1.0" = No Time To Explain
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"PrivitizeVPN" = PrivitizeVPN
"PunkBusterSvc" = PunkBuster Services
"ShutDown After_is1" = ShutDown After 3.0
"Sniper Elite V2_is1" = Sniper Elite V2
"SP_d8283021" =
"SPlayer" = SPlayer
"Steam App 17300" = Crysis
"Steam App 17330" = Crysis Warhead
"Steam App 218" = Source SDK Base 2007
"Steam App 219640" = Chivalry: Medieval Warfare
"Steam App 33910" = Arma 2
"Steam App 33930" = Arma 2: Operation Arrowhead
"Torchlight II © Runic Games_is1" = Torchlight II © Runic Games version 1
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"World of Warcraft" = World of Warcraft

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 16/07/2013 20:07:30 | Computer Name = Pedro-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15086

Error - 16/07/2013 20:07:30 | Computer Name = Pedro-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15086

Error - 16/07/2013 22:08:45 | Computer Name = Pedro-PC | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: Gw2.exe, versão: 1.0.0.1, carimbo de
hora: 0x51e4921e Nome do módulo de falhas: ntdll.dll, versão: 6.1.7601.17725, carimbo
de hora: 0x4ec49b60 Código de exceção: 0xc0000374 Deslocamento com falha: 0x000c380b
Identificação
do processo com falha: 0x3d0 Hora de início do aplicativo com falha: 0x01ce828e5179d511
Caminho
do aplicativo com falha: D:\Arquivos de Programas\Guild Wars 2\Gw2.exe FCaminho
do módulo de falhas: C:\Windows\SYSTEM32\ntdll.dll Identificação do Relatório: cf240a70-ee85-11e2-8858-0025111e0747

Error - 17/07/2013 00:05:11 | Computer Name = Pedro-PC | Source = Application Hang | ID = 1002
Description = O programa Gw2.exe versão 1.0.0.1 parou de interagir com o Windows
e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique
o histórico de problemas no painel de controle da Central de Ações. ID de Processo:
758 Hora de Início: 01ce829c7152b83f Hora de Término: 154 Caminho do Aplicativo: D:\Arquivos
de Programas\Guild Wars 2\Gw2.exe Id do Relatório:

Error - 17/07/2013 01:55:03 | Computer Name = Pedro-PC | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: Gw2.exe, versão: 1.0.0.1, carimbo de
hora: 0x51e4921e Nome do módulo de falhas: ntdll.dll, versão: 6.1.7601.17725, carimbo
de hora: 0x4ec49b60 Código de exceção: 0xc0000374 Deslocamento com falha: 0x000c380b
Identificação
do processo com falha: 0x3f4 Hora de início do aplicativo com falha: 0x01ce82a72a3276b1
Caminho
do aplicativo com falha: D:\Arquivos de Programas\Guild Wars 2\Gw2.exe FCaminho
do módulo de falhas: C:\Windows\SYSTEM32\ntdll.dll Identificação do Relatório: 6c199e33-eea5-11e2-8858-0025111e0747

Error - 17/07/2013 02:51:56 | Computer Name = Pedro-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 17/07/2013 13:40:05 | Computer Name = Pedro-PC | Source = .NET Runtime | ID = 1026
Description =

Error - 17/07/2013 13:40:08 | Computer Name = Pedro-PC | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: AllShareDMS.exe, versão: 2.1.1.0, carimbo
de hora: 0x4f507dcf Nome do módulo de falhas: ContentDirectoryPresenter.dll, versão:
0.0.0.0, carimbo de hora: 0x4f44965d Código de exceção: 0xc0000005 Deslocamento com
falha: 0x0006c7ef Identificação do processo com falha: 0x150c Hora de início do aplicativo
com falha: 0x01ce8314a617bcde Caminho do aplicativo com falha: C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
FCaminho
do módulo de falhas: C:\Program Files\Samsung\AllShare\AllShareDMS\ContentDirectoryPresenter.dll
Identificação
do Relatório: ebae0fc1-ef07-11e2-af48-0025111e0747

Error - 17/07/2013 14:00:12 | Computer Name = Pedro-PC | Source = .NET Runtime | ID = 1026
Description =

Error - 17/07/2013 14:00:14 | Computer Name = Pedro-PC | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: AllShareDMS.exe, versão: 2.1.1.0, carimbo
de hora: 0x4f507dcf Nome do módulo de falhas: ContentDirectoryPresenter.dll, versão:
0.0.0.0, carimbo de hora: 0x4f44965d Código de exceção: 0xc0000005 Deslocamento com
falha: 0x0006c7ef Identificação do processo com falha: 0x6e0 Hora de início do aplicativo
com falha: 0x01ce831775403553 Caminho do aplicativo com falha: C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
FCaminho
do módulo de falhas: C:\Program Files\Samsung\AllShare\AllShareDMS\ContentDirectoryPresenter.dll
Identificação
do Relatório: ba9fe709-ef0a-11e2-861b-0025111e0747

[ System Events ]
Error - 15/07/2013 22:52:45 | Computer Name = Pedro-PC | Source = Disk | ID = 262151
Description = O dispositivo, \Device\Harddisk0\DR0, possui um bloco defeituoso.

Error - 16/07/2013 00:04:13 | Computer Name = Pedro-PC | Source = Service Control Manager | ID = 7034
Description = O serviço Samsung AllShare PC foi encerrado inesperadamente. Isso
aconteceu 1 vez(es).

Error - 16/07/2013 16:25:32 | Computer Name = Pedro-PC | Source = Service Control Manager | ID = 7034
Description = O serviço Samsung AllShare PC foi encerrado inesperadamente. Isso
aconteceu 1 vez(es).

Error - 16/07/2013 18:13:16 | Computer Name = Pedro-PC | Source = Service Control Manager | ID = 7034
Description = O serviço Samsung AllShare PC foi encerrado inesperadamente. Isso
aconteceu 1 vez(es).

Error - 16/07/2013 18:40:13 | Computer Name = Pedro-PC | Source = EventLog | ID = 6008
Description = O desligamento anterior do sistema em 19:38:33 às ?16/?07/?2013 não
era esperado.

Error - 16/07/2013 18:40:18 | Computer Name = PEDRO-PC | Source = BugCheck | ID = 1001
Description =

Error - 16/07/2013 18:43:24 | Computer Name = Pedro-PC | Source = Service Control Manager | ID = 7034
Description = O serviço Samsung AllShare PC foi encerrado inesperadamente. Isso
aconteceu 1 vez(es).

Error - 17/07/2013 13:40:13 | Computer Name = Pedro-PC | Source = Service Control Manager | ID = 7034
Description = O serviço Samsung AllShare PC foi encerrado inesperadamente. Isso
aconteceu 1 vez(es).

Error - 17/07/2013 13:55:47 | Computer Name = Pedro-PC | Source = Service Control Manager | ID = 7034
Description = O serviço NVIDIA Display Driver Service foi encerrado inesperadamente.
Isso aconteceu 1 vez(es).

Error - 17/07/2013 14:00:20 | Computer Name = Pedro-PC | Source = Service Control Manager | ID = 7034
Description = O serviço Samsung AllShare PC foi encerrado inesperadamente. Isso
aconteceu 1 vez(es).


< End of report >


aswMBR log:

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-07-17 15:10:33
-----------------------------
15:10:33.487 OS Version: Windows 6.1.7601 Service Pack 1
15:10:33.487 Number of processors: 3 586 0x402
15:10:33.488 ComputerName: PEDRO-PC UserName: Pedro
15:10:36.983 Initialize success
15:27:54.073 AVAST engine defs: 13071701
15:29:41.524 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:29:41.530 Disk 0 Vendor: ST3500418AS CC34 Size: 476940MB BusType: 3
15:29:41.612 Disk 0 MBR read successfully
15:29:41.619 Disk 0 MBR scan
15:29:41.709 Disk 0 Windows 7 default MBR code
15:29:41.726 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
15:29:41.766 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 106900 MB offset 206848
15:29:41.809 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 369938 MB offset 219138048
15:29:41.844 Disk 0 scanning sectors +976771072
15:29:41.973 Disk 0 scanning C:\Windows\system32\drivers
15:29:58.407 Service scanning
15:30:09.774 Service MpKsl92eaef50 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ADE2BAD2-0233-4EAD-B17A-6469612E317B}\MpKsl92eaef50.sys **LOCKED** 32
15:30:32.032 Modules scanning
15:30:40.955 Disk 0 trace - called modules:
15:30:40.981 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
15:30:40.985 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86529030]
15:30:40.990 3 CLASSPNP.SYS[8c98c59e] -> nt!IofCallDriver -> [0x8603d918]
15:30:40.995 5 ACPI.sys[8c4463d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85734908]
15:30:41.856 AVAST engine scan C:\Windows
15:30:43.871 AVAST engine scan C:\Windows\system32
15:35:41.924 AVAST engine scan C:\Windows\system32\drivers
15:36:00.262 AVAST engine scan C:\Users\Pedro
15:37:49.030 Disk 0 MBR has been saved successfully to "C:\Users\Pedro\Downloads\MBR.dat"
15:37:49.097 The log file has been saved successfully to "C:\Users\Pedro\Downloads\aswMBR.txt"

Edited by vermelho3, 17 July 2013 - 02:22 PM.

  • 0

#7
nathdep

nathdep

    Member

  • Member
  • PipPipPip
  • 587 posts
Hello again!

Please follow these instructions very carefully:

First, Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://searchab.com/...q={searchTerms}
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done. A resulting log should appear. Post this in your next reply.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Next, you need to perform a clean startup:

Step 1: Start MSConfig

Click Start, type msconfig in the Start Search box, and then press ENTER.
If you are prompted for an administrator password or for a confirmation, type the password, or provide confirmation.

Step 2: Configure Selective Startup options

1.In the System Configuration Utility dialog box, click Selective Startup on the General tab.

Posted Image

2.Click to clear the Load Startup Items check box.
Note The Use Original Boot.ini check box is unavailable.

3.Click the Services tab.

Posted Image

4.Click to select the Hide All Microsoft Services check box.
5.Click Disable All, and then click OK.
6. When you are prompted, click Restart.

Does the problem still occur after you restart?

In your next post, be sure to include:
  • The OTL fix log
  • OTL.txt
  • A report on if you had any difficulty following the above instructions
  • A report on if following the above instructions resolved your problem

  • 1

#8
vermelho3

vermelho3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I managed to follow everything you told me to correctly, but the fix that you provided me ran instantly and it did not ask to reboot, even though i did it anyway I don't think that it worked correctly in my PC for some reason.
And i don't know which OTL.txt you are talking about, if it is the one from the previous scan or a new one?(I'm posting a new one)
But i think you managed to solve my problem :happy: as it didn't happen again so far!

OTL fix log

========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

OTL by OldTimer - Version 3.2.69.0 log created on 07192013_183725


OTL.txt

OTL logfile created on: 19/07/2013 18:42:45 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pedro\Downloads
Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

3,50 Gb Total Physical Memory | 2,33 Gb Available Physical Memory | 66,64% Memory free
7,00 Gb Paging File | 5,58 Gb Available in Paging File | 79,81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 104,39 Gb Total Space | 46,63 Gb Free Space | 44,66% Space Free | Partition Type: NTFS
Drive D: | 361,27 Gb Total Space | 11,81 Gb Free Space | 3,27% Space Free | Partition Type: NTFS
Drive G: | 100,00 Mb Total Space | 70,29 Mb Free Space | 70,29% Space Free | Partition Type: NTFS

Computer Name: PEDRO-PC | User Name: Pedro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/16 20:15:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pedro\Downloads\OTL.exe
PRC - [2013/07/12 15:49:47 | 000,846,288 | ---- | M] (Google Inc.) -- C:\Arquivos de Programas\Google\Chrome\Application\chrome.exe
PRC - [2013/07/09 22:56:20 | 001,672,616 | ---- | M] (Valve Corporation) -- D:\Arquivos de Programas\Steam\Steam.exe
PRC - [2013/01/27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- c:\Arquivos de Programas\Microsoft Security Client\NisSrv.exe
PRC - [2013/01/27 11:11:46 | 000,284,304 | ---- | M] (Microsoft Corporation) -- c:\Arquivos de Programas\Microsoft Security Client\MpCmdRun.exe
PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Arquivos de Programas\Microsoft Security Client\MsMpEng.exe
PRC - [2012/11/22 23:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/02/11 09:14:00 | 000,105,048 | ---- | M] (Microsoft Corporation) -- c:\Arquivos de Programas\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2011/02/25 02:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 09:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe
PRC - [2009/03/30 02:25:26 | 043,010,392 | ---- | M] (Microsoft Corporation) -- c:\Arquivos de Programas\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/12 15:49:44 | 000,396,240 | ---- | M] () -- C:\Arquivos de Programas\Google\Chrome\Application\28.0.1500.72\ppgooglenaclpluginchrome.dll
MOD - [2013/07/12 15:49:42 | 004,052,944 | ---- | M] () -- C:\Arquivos de Programas\Google\Chrome\Application\28.0.1500.72\pdf.dll
MOD - [2013/07/12 15:48:52 | 000,601,552 | ---- | M] () -- C:\Arquivos de Programas\Google\Chrome\Application\28.0.1500.72\libglesv2.dll
MOD - [2013/07/12 15:48:51 | 000,123,344 | ---- | M] () -- C:\Arquivos de Programas\Google\Chrome\Application\28.0.1500.72\libegl.dll
MOD - [2013/07/12 15:48:49 | 001,597,392 | ---- | M] () -- C:\Arquivos de Programas\Google\Chrome\Application\28.0.1500.72\ffmpegsumo.dll
MOD - [2013/07/09 22:56:22 | 001,121,704 | ---- | M] () -- D:\Arquivos de Programas\Steam\bin\chromehtml.dll
MOD - [2013/07/09 18:45:48 | 020,625,832 | ---- | M] () -- D:\Arquivos de Programas\Steam\bin\libcef.dll
MOD - [2013/07/01 13:20:48 | 000,652,800 | ---- | M] () -- D:\Arquivos de Programas\Steam\SDL2.dll
MOD - [2013/06/14 20:49:12 | 001,100,800 | ---- | M] () -- D:\Arquivos de Programas\Steam\bin\avcodec-53.dll
MOD - [2013/06/14 20:49:12 | 000,192,000 | ---- | M] () -- D:\Arquivos de Programas\Steam\bin\avformat-53.dll
MOD - [2013/06/14 20:49:12 | 000,124,416 | ---- | M] () -- D:\Arquivos de Programas\Steam\bin\avutil-51.dll
MOD - [2013/01/24 08:58:04 | 001,046,528 | ---- | M] () -- c:\Arquivos de Programas\MagniPic\sprotector.dll


========== Services (SafeList) ==========

SRV - [2013/07/09 22:56:22 | 000,559,016 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/07/08 01:59:26 | 000,049,152 | ---- | M] () [Disabled | Stopped] -- C:\Arquivos de Programas\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2013/07/03 18:32:38 | 001,887,520 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Arquivos de Programas\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/06/28 14:02:04 | 001,440,080 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- D:\Arquivos de Programas\Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013/06/21 05:15:56 | 000,413,472 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Arquivos de Programas\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/06/15 18:24:28 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Arquivos de Programas\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/27 01:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Arquivos de Programas\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Arquivos de Programas\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/01/27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Arquivos de Programas\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Arquivos de Programas\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/10/02 11:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/03/02 16:00:26 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) [Disabled | Stopped] -- C:\Arquivos de Programas\Samsung\AllShare\AllShareDMS\AllShareDMS.exe -- (SamsungAllShareV2.0)
SRV - [2012/03/02 16:00:20 | 000,027,584 | ---- | M] (Samsung Electronics Co., Ltd.) [Disabled | Stopped] -- C:\Arquivos de Programas\Samsung\AllShare\AllShareSlideShowService.exe -- (SimpleSlideShowServer)
SRV - [2012/02/11 09:14:00 | 000,105,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Arquivos de Programas\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010/11/20 09:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010/07/28 16:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) [Disabled | Stopped] -- C:\Arquivos de Programas\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Arquivos de Programas\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/23 00:08:48 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Arquivos de Programas\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100)
SRV - [2009/07/13 22:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/03/30 02:25:26 | 043,010,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Arquivos de Programas\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS)
SRV - [2009/03/30 02:23:32 | 000,254,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Arquivos de Programas\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2009/03/30 02:23:24 | 000,366,936 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Arquivos de Programas\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS)


========== Driver Services (SafeList) ==========

DRV - [2013/06/21 09:02:43 | 009,069,344 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/02/25 02:27:46 | 000,154,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2013/01/20 15:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/05/12 11:31:00 | 000,099,400 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV - [2010/11/20 07:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 06:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/07/04 16:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- D:\Arquivos de Programas\unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2009/03/30 02:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2009/03/18 15:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{B589D909-8A4C-4687-9669-2F0E02DE3BDB}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8A 4D 5F A5 5D B1 CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {29acf17c-1713-4286-8f40-bfd05f1e70c8} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{480B6AF9-9C3E-477E-98B8-4739C313275E}: "URL" = http://websearch.ask...30-DD1644BF7DE2
IE - HKCU\..\SearchScopes\{B589D909-8A4C-4687-9669-2F0E02DE3BDB}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Arquivos de Programas\Itunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.140.0: C:\Program Files\Battlelog Web Plugins\1.140.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.7: C:\Program Files\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Pedro\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)


[2012/10/23 18:31:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pedro\AppData\Roaming\mozilla\Firefox\extensions
[2012/10/23 18:31:13 | 000,000,000 | ---D | M] (BittorrentBar_PT) -- C:\Users\Pedro\AppData\Roaming\mozilla\Firefox\extensions\{29acf17c-1713-4286-8f40-bfd05f1e70c8}

========== Chrome ==========

CHR - homepage:
CHR - Extension: No name found = C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\bommelfnddjcbmbcfhmhjikpfphlebjh\1.0.0.1_0\
CHR - Extension: No name found = C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.2_0\
CHR - Extension: No name found = C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejpcolehiecjkanilhmblkbndaomhpc\2.3.19.11_0\
CHR - Extension: No name found = C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\
CHR - Extension: No name found = C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp\8.0_0\

O1 HOSTS File: ([2009/06/10 18:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de Programas\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de Programas\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKCU..\Run: [AdobeBridge] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Arquivos de Programas\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1B515056-FD66-40FF-AFF2-7AEF127B7746}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de Programas\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\progra~1\magnipic\sprote~1.dll) - c:\Arquivos de Programas\MagniPic\sprotector.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/12/05 01:14:14 | 000,003,072 | -H-- | M] () - C:\Auto.dll -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/19 18:31:35 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/07/17 15:06:46 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/07/17 15:06:41 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/07/17 15:06:41 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/07/17 15:06:41 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/07/17 14:55:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/07/16 19:46:20 | 000,000,000 | ---D | C] -- C:\Users\Pedro\AppData\Roaming\ParetoLogic
[2013/07/16 19:46:20 | 000,000,000 | ---D | C] -- C:\Users\Pedro\AppData\Roaming\DriverCure
[2013/07/16 19:46:10 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2013/07/16 00:39:02 | 000,000,000 | ---D | C] -- C:\Users\Pedro\AppData\Roaming\Malwarebytes
[2013/07/16 00:37:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/16 00:37:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/07/16 00:37:44 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/07/16 00:37:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/07/16 00:37:32 | 000,000,000 | ---D | C] -- C:\Users\Pedro\AppData\Local\Programs
[2013/07/11 22:42:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
[2013/07/11 22:42:15 | 000,000,000 | ---D | C] -- C:\Users\Pedro\Documents\Guild Wars 2
[2013/07/11 16:09:23 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/07/11 16:09:22 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/07/11 16:09:22 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/07/11 16:09:22 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/07/11 16:09:21 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/07/11 16:09:21 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/07/11 16:09:21 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/07/11 16:09:21 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/07/11 16:09:21 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/07/11 16:09:21 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/07/11 14:51:18 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2013/07/11 14:51:17 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013/07/11 14:51:16 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2013/07/11 14:51:15 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/07/08 01:59:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BattlEye
[2013/07/08 01:56:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Bohemia Interactive Studio
[2013/07/08 01:27:37 | 000,000,000 | ---D | C] -- C:\Users\Pedro\AppData\Local\DayZCommander
[2013/07/08 01:26:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dotjosh Studios
[2013/07/08 01:26:35 | 000,000,000 | ---D | C] -- C:\Program Files\Dotjosh Studios
[2013/07/06 15:46:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013/07/06 02:52:07 | 000,000,000 | ---D | C] -- C:\Users\Pedro\AppData\Local\NVIDIA
[2013/07/06 02:01:43 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2013/07/06 01:58:38 | 000,154,400 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvhda32v.sys
[2013/07/06 01:58:38 | 000,028,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdap32.dll
[2013/07/06 01:58:36 | 021,102,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2013/07/06 01:58:36 | 006,324,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvopencl.dll
[2013/07/06 01:58:35 | 009,069,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2013/07/06 01:58:35 | 007,687,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2013/07/06 01:58:35 | 002,777,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2013/07/06 01:58:35 | 002,002,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2013/07/06 01:58:35 | 001,024,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3232049.dll
[2013/07/06 01:58:35 | 000,893,728 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco3232049.dll
[2013/07/06 01:58:35 | 000,467,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvIFR.dll
[2013/07/06 01:58:35 | 000,465,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvFBC.dll
[2013/07/06 01:58:35 | 000,214,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvinit.dll
[2013/07/06 01:58:35 | 000,181,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglshim32.dll
[2013/07/06 01:58:32 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2013/06/21 05:16:02 | 000,566,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvStreaming.exe

========== Files - Modified Within 30 Days ==========

[2013/07/19 18:41:29 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/19 18:41:29 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/19 18:34:30 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/19 18:34:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/19 18:34:11 | 2818,023,424 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/19 18:24:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/19 18:05:00 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/17 15:06:38 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/07/17 15:06:36 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/07/17 15:06:35 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013/07/17 15:06:35 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/07/17 15:06:35 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/07/17 15:06:34 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013/07/16 19:40:06 | 312,069,829 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/07/16 00:37:54 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/15 18:29:09 | 000,001,305 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2013/07/13 20:44:48 | 000,139,032 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2013/07/13 20:44:37 | 000,290,184 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2013/07/13 20:44:08 | 000,280,904 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2013/07/11 22:42:46 | 000,000,645 | ---- | M] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk
[2013/07/11 21:23:38 | 003,661,776 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/07/08 01:26:42 | 000,001,294 | ---- | M] () -- C:\Users\Public\Desktop\DayZ Commander.lnk
[2013/06/21 09:02:43 | 021,102,368 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2013/06/21 09:02:43 | 017,560,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2013/06/21 09:02:43 | 013,411,896 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2013/06/21 09:02:43 | 012,427,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2013/06/21 09:02:43 | 009,069,344 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2013/06/21 09:02:43 | 007,687,592 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2013/06/21 09:02:43 | 006,324,360 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvopencl.dll
[2013/06/21 09:02:43 | 002,777,888 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2013/06/21 09:02:43 | 002,597,856 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2013/06/21 09:02:43 | 002,002,720 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2013/06/21 09:02:43 | 001,024,288 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3232049.dll
[2013/06/21 09:02:43 | 000,925,648 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvumdshim.dll
[2013/06/21 09:02:43 | 000,893,728 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco3232049.dll
[2013/06/21 09:02:43 | 000,467,232 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\NvIFR.dll
[2013/06/21 09:02:43 | 000,465,184 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\NvFBC.dll
[2013/06/21 09:02:43 | 000,214,448 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvinit.dll
[2013/06/21 09:02:43 | 000,181,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvoglshim32.dll
[2013/06/21 09:02:43 | 000,016,437 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2013/06/21 06:52:51 | 004,192,544 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll
[2013/06/21 06:52:51 | 003,045,664 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll
[2013/06/21 06:52:48 | 002,555,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvcr.dll
[2013/06/21 06:52:48 | 000,062,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll
[2013/06/21 06:52:47 | 000,223,008 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll
[2013/06/21 05:16:02 | 000,566,048 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvStreaming.exe

========== Files Created - No Company Name ==========

[2013/07/16 00:37:54 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/11 22:42:46 | 000,000,645 | ---- | C] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk
[2013/07/08 01:26:42 | 000,001,294 | ---- | C] () -- C:\Users\Public\Desktop\DayZ Commander.lnk
[2013/07/06 02:51:23 | 000,001,305 | ---- | C] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2013/03/08 15:28:20 | 000,009,216 | ---- | C] () -- C:\Users\Pedro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/15 23:25:14 | 000,000,093 | ---- | C] () -- C:\Users\Pedro\AppData\Local\fusioncache.dat
[2013/01/15 22:15:19 | 000,669,184 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2013/01/15 22:07:37 | 003,253,909 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2012/10/24 04:30:10 | 000,139,032 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012/10/24 04:30:10 | 000,022,328 | ---- | C] () -- C:\Users\Pedro\AppData\Roaming\PnkBstrK.sys
[2012/10/24 04:29:43 | 000,290,184 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012/10/24 04:29:42 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe

========== ZeroAccess Check ==========

[2009/07/14 01:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 01:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 09:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 22:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
  • 0

#9
nathdep

nathdep

    Member

  • Member
  • PipPipPip
  • 587 posts

But i think you managed to solve my problem :happy: as it didn't happen again so far!


That's good! :thumbsup:

There is still a little more work to be done however.

Now, follow the instructions for a clean boot once again. This time, instead of disabling all of the services, make sure that only half are disabled. So, make sure that only half of the services on that list are checked.

Click OK and then restart your computer when prompted.

Did the problem reappear after logging back on?
  • 1

#10
vermelho3

vermelho3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
No, the problem did not appear! :thumbsup:
Thank you so much for your help, I really appreciate it! I've had this problem for such a long time but you managed to fix it. Thank you
  • 0

Advertisements


#11
nathdep

nathdep

    Member

  • Member
  • PipPipPip
  • 587 posts

No, the problem did not appear! :thumbsup:


Good! :)

I still need you to follow the instructions for the clean boot again. This time, check the boxes that you left empty the last time. Also, uncheck the boxes you checked the last time. Basically, we're going to test the other half of the services.

We need to do this so that we can target the service that is causing all of these problems.

Does the problem reappear after this?
  • 0

#12
vermelho3

vermelho3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Yes, the problem did appear :ranting: :(
  • 0

#13
nathdep

nathdep

    Member

  • Member
  • PipPipPip
  • 587 posts
Hello again! :)

Could you please give the list of the services that were not checked when you restarted your computer the second time?
  • 0

#14
vermelho3

vermelho3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Sure, here it is http://imgur.com/WDRVNRv http://imgur.com/yfBr1Ju
oh, and by the way, "Parado" means stopped in my language!

Edited by vermelho3, 23 July 2013 - 08:35 PM.

  • 0

#15
nathdep

nathdep

    Member

  • Member
  • PipPipPip
  • 587 posts
Hello again vermelho3! :)

First, download ADWcleaner by clicking here. Download it to your Desktop.
  • Open ADWcleaner and click the Delete button.
    Posted Image
  • When prompted to reboot, please allow it to do so.
  • A resulting log will open after reboot. Please post it here in your next response.

Next, please follow the instructions for the clean boot again. This time, please check only the services that have NVIDIA in the name.

Click OK and restart your computer when prompted.

In your next response, be sure to include:
  • The AdwCleaner log
  • A report on if you had any difficulties while following the above instructions
  • A report on if following the above instructions solved your problem.

Hopefully this will narrow down the services even more so we can get to the bottom of this! Those NVIDIA services may hold the key to taking care of this problem.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP