Jump to content

Recommended Posts

It got into my computer, guess through other programs. I tried uninstalling using control panel but didn't work.. also tried Revo Uninstaller and it doesn't even locate the 'program'. Runned Malwarebytes but it won't locate any file either. My browser preferences all are messed up... if I try to search anything in web it'll use WhiteSmoke, I wouldn't be worried about it if it hadn't get into my computer without my consent, and so far I've read about it, it's sort of a trouble. Then I saw a topic in this forum, and decided to ask your help. Please, I need to get rid of it.

Link to post
Share on other sites

Hello Ank! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/paste in your next reply.

Malwarebytes' Anti-Malware successfully detects and removes WhiteSmoke. Well that's strange, so let's check this out.

  • Launch Malwarebytes' Anti-Malware
  • Go to Update" tab and select Check for Updates.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Link to post
Share on other sites

Ok, so if I did it right here are the logs:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8283

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8112.16421

01/12/2011 12:25:54

mbam-log-2011-12-01 (12-25-54).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|)

Objects scanned: 363109

Time elapsed: 50 minute(s), 41 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 4

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\program files (x86)\common files\Java\java update\jaureg.exe (Trojan.Dropper.pws) -> Quarantined and deleted successfully.

c:\program files (x86)\Java\jdk1.6.0_03\jre\bin\javacpl.cpl (Trojan.Dropper.pws) -> Quarantined and deleted successfully.

c:\program files (x86)\Java\jre1.6.0_03\bin\javacpl.cpl (Trojan.Dropper.pws) -> Quarantined and deleted successfully.

c:\program files (x86)\Java\jre6\bin\javacpl.exe (Trojan.Dropper.pws) -> Quarantined and deleted successfully.

Thing is that my browser search tool is still whitesmoke

Link to post
Share on other sites

ComboFix 11-12-01.03 - usuario 02/12/2011 0:25.1.4 - x64

Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.55.1046.18.8190.5576 [GMT -2:00]

Executando de: c:\users\usuario\Downloads\ComboFix.exe

AV: Kaspersky Anti-Virus *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}

SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\data

C:\Install.exe

c:\users\usuario\AppData\Local\Kosong.Bron.Tok.txt

c:\users\usuario\AppData\Local\Update.12.Bron.Tok.bin

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2011-11-02 to 2011-12-02 ))))))))))))))))))))))))))))

.

.

2011-12-02 02:45 . 2011-12-02 02:45 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{331E4924-1B0B-404F-B2C8-BC09C8D22DE6}\offreg.dll

2011-12-02 02:43 . 2011-12-02 02:43 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2011-12-02 02:43 . 2011-12-02 02:43 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-12-02 02:43 . 2011-12-02 02:43 -------- d-----w- c:\users\Convidado\AppData\Local\temp

2011-11-30 19:36 . 2011-11-30 23:50 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-11-30 19:36 . 2011-11-30 19:36 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2011-11-29 10:48 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{331E4924-1B0B-404F-B2C8-BC09C8D22DE6}\mpengine.dll

2011-11-25 04:06 . 2011-11-11 02:23 19123536 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programs\Razor 1911\The Elder Scrolls V Skyrim\TESV.exe

2011-11-25 04:06 . 2011-11-11 02:23 214016 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programs\Razor 1911\The Elder Scrolls V Skyrim\binkw32.dll

2011-11-25 04:06 . 2011-11-11 02:23 165304 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programs\Razor 1911\The Elder Scrolls V Skyrim\atimgpud.dll

2011-11-25 04:06 . 2011-11-10 17:06 1880400 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programs\Razor 1911\The Elder Scrolls V Skyrim\SkyrimLauncher.exe

2011-11-25 04:04 . 2011-11-25 04:04 -------- d-----w- c:\users\usuario\AppData\Local\Skyrim

2011-11-25 04:02 . 2008-10-15 08:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll

2011-11-25 04:02 . 2008-10-15 08:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll

2011-11-25 04:02 . 2008-10-15 08:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll

2011-11-25 04:02 . 2008-10-15 08:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll

2011-11-25 04:02 . 2008-10-15 08:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll

2011-11-25 04:02 . 2008-10-15 08:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll

2011-11-25 03:54 . 2011-11-25 04:33 -------- d-----w- c:\program files (x86)\The Elder Scrolls V Skyrim

2011-11-25 01:27 . 2011-11-28 14:10 -------- d-----w- c:\users\usuario\AppData\Local\Linkury

2011-11-25 01:27 . 2011-11-28 14:11 -------- d-----w- c:\program files (x86)\Linkury

2011-11-25 01:27 . 2011-11-28 14:10 -------- d-----w- c:\programdata\Linkury

2011-11-24 13:18 . 2011-11-24 13:18 -------- d-----w- c:\users\usuario\AppData\Roaming\OpenCandy

2011-11-24 13:17 . 2011-11-24 13:17 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite

2011-11-16 00:27 . 2011-11-16 00:27 -------- d-----w- c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}

2011-11-15 17:22 . 2011-11-15 17:22 -------- d-----w- c:\users\usuario\AppData\Local\PackageAware

2011-11-15 17:21 . 2011-11-15 17:21 -------- d-----w- c:\programdata\Uniblue

2011-11-15 17:20 . 2011-11-16 00:27 -------- d-----w- c:\program files (x86)\Uniblue

2011-11-12 22:30 . 2011-11-12 22:30 -------- d-----w- c:\windows\system32\Macromed

2011-11-09 02:11 . 2011-09-20 21:06 1426304 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-11-09 02:11 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2011-11-09 02:11 . 2011-10-17 11:41 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat

2011-11-09 02:11 . 2011-09-30 16:16 893440 ----a-w- c:\program files\Common Files\System\wab32.dll

2011-11-09 02:11 . 2011-09-30 16:16 50688 ----a-w- c:\program files\Windows Mail\wabimp.dll

2011-11-09 02:11 . 2011-09-30 15:57 707584 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll

2011-11-03 01:07 . 2011-11-18 01:21 -------- d-----w- c:\users\usuario\AppData\Local\Akamai

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-12 22:31 . 2011-06-04 11:17 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-15 08:53 . 2011-10-26 02:03 8791360 ----a-w- c:\windows\system32\nvwgf2umx.dll

2011-10-15 08:53 . 2011-10-26 02:03 68928 ----a-w- c:\windows\system32\OpenCL.dll

2011-10-15 08:53 . 2011-10-26 02:03 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll

2011-10-15 08:53 . 2011-10-26 02:03 24742720 ----a-w- c:\windows\system32\nvoglv64.dll

2011-10-15 08:53 . 2011-10-26 02:03 18871616 ----a-w- c:\windows\SysWow64\nvoglv32.dll

2011-10-15 08:53 . 2011-10-26 02:03 12971840 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2011-10-15 08:53 . 2011-10-26 02:03 2542912 ----a-w- c:\windows\system32\nvcuvid.dll

2011-10-15 08:53 . 2011-10-26 02:03 2401088 ----a-w- c:\windows\SysWow64\nvcuvid.dll

2011-10-15 08:53 . 2011-10-26 02:03 2232128 ----a-w- c:\windows\system32\nvcuvenc.dll

2011-10-15 08:53 . 2011-10-26 02:03 7581504 ----a-w- c:\windows\system32\nvcuda.dll

2011-10-15 08:53 . 2011-10-26 02:03 5578560 ----a-w- c:\windows\SysWow64\nvcuda.dll

2011-10-15 08:53 . 2011-10-26 02:03 24796992 ----a-w- c:\windows\system32\nvcompiler.dll

2011-10-15 08:53 . 2011-10-26 02:03 2458432 ----a-w- c:\windows\SysWow64\nvapi.dll

2011-10-15 08:53 . 2011-10-26 02:03 2099520 ----a-w- c:\windows\SysWow64\nvcuvenc.dll

2011-10-15 08:53 . 2011-10-26 02:03 17248576 ----a-w- c:\windows\SysWow64\nvcompiler.dll

2011-10-15 08:53 . 2011-09-20 14:01 837952 ----a-w- c:\windows\system32\easyupdatusapiu64.dll

2011-10-15 08:53 . 2011-09-20 13:58 1533248 ----a-w- c:\windows\system32\nvdispco64.dll

2011-10-15 08:53 . 2011-09-20 13:58 1454400 ----a-w- c:\windows\system32\nvgenco64.dll

2011-10-15 08:53 . 2010-07-10 08:38 7041856 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2011-10-15 08:53 . 2010-07-10 08:38 13205312 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2011-10-15 08:53 . 2010-07-09 19:27 5067584 ----a-w- c:\windows\system32\nvsvc64.dll

2011-10-15 08:53 . 2010-07-09 19:27 222528 ----a-w- c:\windows\system32\nvmctray.dll

2011-10-15 08:53 . 2010-07-09 19:27 1640768 ----a-w- c:\windows\system32\nvvsvc.exe

2011-10-15 08:53 . 2010-07-09 19:27 137536 ----a-w- c:\windows\system32\nvshext.dll

2011-10-15 08:53 . 2010-07-09 19:27 10406208 ----a-w- c:\windows\system32\nvcpl.dll

2011-10-15 08:53 . 2008-05-16 18:31 3074368 ----a-w- c:\windows\system32\nvsvcr.dll

2011-10-15 08:53 . 2008-05-16 18:31 2808128 ----a-w- c:\windows\system32\nvapi64.dll

2011-10-15 08:53 . 2008-05-16 18:31 15693120 ----a-w- c:\windows\system32\nvd3dumx.dll

2011-10-15 02:54 . 2011-10-15 02:54 321856 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2011-10-03 07:06 . 2010-09-09 16:38 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-09-13 05:11 . 2011-09-13 05:11 1941120 ----a-w- c:\windows\system32\GIMEJa.ime

2011-09-13 04:53 . 2011-09-13 04:53 1416832 ----a-w- c:\windows\SysWow64\GIMEJa.ime

2011-09-06 13:56 . 2011-10-12 17:20 2764288 ----a-w- c:\windows\system32\win32k.sys

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2011-02-01 22:17 1487240 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]

"igndlm.exe"="c:\program files (x86)\Download Manager\DLM.exe" [2009-10-27 1103216]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]

"Akamai NetSession Interface"="c:\users\usuario\AppData\Local\Akamai\netsession_win.exe" [2011-11-17 3303000]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]

"RemoteControl"="c:\program files (x86)\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]

"LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]

"Google Quick Search Box"="c:\program files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2010-09-10 126976]

"ANIWZCS2Service"="c:\program files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]

"D-Link D-Link Wireless 150 USB Adapter DWA-125"="c:\program files (x86)\D-Link\DWA-125 revA\AirGCFG.exe" [2009-04-22 1683456]

"NokiaMusic FastStart"="c:\program files (x86)\Nokia\Ovi Player\NokiaOviPlayer.exe" [2010-10-20 2192752]

"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" [2010-11-03 365336]

"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-02-28 273544]

"PlusService"="c:\program files (x86)\Yuna Software\Messenger Plus!\PlusService.exe" [2011-09-20 801792]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Serviço do Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-10 136176]

R3 ALLOW-IO;ALLOW-IO;D:\ALLOW-IO64.sys [x]

R3 dump_wmimmc;dump_wmimmc;c:\users\usuario\Saved Games\Lineage 2\system\GameGuard\dump_wmimmc.sys [x]

R3 Gun;Gun;c:\windows\system32\Gun64.sys [x]

R3 gupdatem;Serviço do Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-10 136176]

R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwfx.sys [x]

S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]

S1 UGURU;UGURU;c:\windows\system32\drivers\uGuru.sys [x]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 27648]

S2 GoogleIMEJaCacheService;Google Japanese Input Cache Service;c:\program files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe [2011-09-13 664192]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]

S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 netr28ux;D-Link USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2011-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-10 23:13]

.

2011-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-10 23:13]

.

2011-12-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3657250588-3613034624-2327374294-1000Core.job

- c:\users\usuario\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-11 23:13]

.

2011-12-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3657250588-3613034624-2327374294-1000UA.job

- c:\users\usuario\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-11 23:13]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RAVCpl64.exe" [2007-10-01 5426688]

"Skytel"="Skytel.exe" [2007-08-03 1826816]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Scan Suplementar -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://search.linkury.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uSearchAssistant = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com

TCP: DhcpNameServer = 189.6.0.136 189.6.0.131

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

.

- - - - ORFÃOS REMOVIDOS - - - -

.

Wow6432Node-HKCU-Run-Mega Manager - c:\program files (x86)\Megaupload\Mega Manager\MegaManager.exe

Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)

Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe

AddRemove-RealPlayer 12.0 - c:\program files (x86)\real\realplayer\Update\r1puninst.exe

AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]

"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_d768ebc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\SysWOW64\ANIWConnService.exe

c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe

.

**************************************************************************

.

Tempo para conclusão: 2011-12-02 01:08:55 - Máquina reiniciou

ComboFix-quarantined-files.txt 2011-12-02 03:08

.

Pré-execução: 263.263.686.656 bytes disponíveis

Pós execução: 261.997.342.720 bytes disponíveis

.

- - End Of File - - 004290FBF01F6C918EC8AE01A3EB327B

Link to post
Share on other sites

Well, I followed the steps of the link you put above. I'm not sure of what if did. But WhiteSmoke is still set as browser searching tool and I can't change it, so I guess it means it's still in my computer. The logs above were the ones you wanted?

Link to post
Share on other sites

Yes, it is okay. Thanks!

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Once OTL has completed its first scan it will save notepad copies of the scans in the folder that OTL was started from. Unless set to produce an Extras log it will only produce OTL.txt in subsequent scans.

A copy of an OTL fix log is saved in a text file at

  • :\_OTL\MovedFiles
    • in most cases this will be C:\_OTL\MovedFiles

Link to post
Share on other sites

OTL logfile created on: 06/12/2011 10:57:23 - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\usuario\Downloads

64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

8,00 Gb Total Physical Memory | 4,86 Gb Available Physical Memory | 60,81% Memory free

16,05 Gb Paging File | 12,97 Gb Available in Paging File | 80,84% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465,76 Gb Total Space | 255,24 Gb Free Space | 54,80% Space Free | Partition Type: NTFS

Computer Name: USUARIO-PC | User Name: usuario | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (All) ==========

PRC - C:\Users\usuario\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\ProgramData\Google\Google Toolbar\Update\GoogleToolbarInstaller_updater_signed.exe (Google Inc.)

PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)

PRC - C:\Users\usuario\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)

PRC - C:\Users\usuario\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)

PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)

PRC - C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)

PRC - C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe (Google Inc.)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)

PRC - C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)

PRC - C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe (D-Link Corp.)

PRC - C:\Windows\SysWOW64\ANIWConnService.exe ()

PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

PRC - C:\Windows\SysWOW64\svchost.exe [comLaunch] (Microsoft Corporation)

PRC - C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)

PRC - C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)

PRC - C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation)

========== Modules (All) ==========

MOD - C:\Users\usuario\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)

MOD - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)

MOD - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D2FF6916F564B6F7.dll (Google Inc.)

MOD - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_32_065C9F03A15A176F.dll (Google Inc.)

MOD - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

MOD - C:\Users\usuario\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)

MOD - C:\Users\usuario\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

MOD - C:\Users\usuario\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll ()

MOD - C:\Users\usuario\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll ()

MOD - C:\Program Files (x86)\Google\Chrome Frame\Application\15.0.874.121\npchrome_frame.dll (Google Inc.)

MOD - C:\Users\usuario\AppData\Local\Google\Chrome\Application\15.0.874.121\libglesv2.dll ()

MOD - C:\Users\usuario\AppData\Local\Google\Chrome\Application\15.0.874.121\libegl.dll ()

MOD - C:\Users\usuario\AppData\Local\Google\Chrome\Application\15.0.874.121\icudt.dll (The ICU Project)

MOD - C:\Users\usuario\AppData\Local\Google\Chrome\Application\15.0.874.121\chrome.dll (Google Inc.)

MOD - C:\Users\usuario\AppData\Local\Google\Chrome\Application\15.0.874.121\avutil-51.dll ()

MOD - C:\Users\usuario\AppData\Local\Google\Chrome\Application\15.0.874.121\avformat-53.dll ()

MOD - C:\Users\usuario\AppData\Local\Google\Chrome\Application\15.0.874.121\avcodec-53.dll ()

MOD - C:\Users\usuario\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll ()

MOD - C:\Users\usuario\AppData\Local\Google\Chrome\APPLIC~1\15.0.874.121\gcswf32.dll ()

MOD - C:\Windows\SysWOW64\Macromed\Flash\Flash11e.ocx (Adobe Systems, Inc.)

MOD - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.dll (Adobe Systems, Inc.)

MOD - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)

MOD - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

MOD - C:\Program Files (x86)\DAEMON Tools Lite\Engine.dll (DT Soft Ltd)

MOD - C:\Program Files (x86)\DAEMON Tools Lite\DTCommonRes.dll (DT Soft Ltd)

MOD - C:\Program Files (x86)\DAEMON Tools Lite\ImgEngine.dll (DT Soft Ltd.)

MOD - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

MOD - C:\Program Files (x86)\Google\Update\1.3.21.79\psmachine.dll (Google Inc.)

MOD - C:\Windows\SysWOW64\nvd3dum.dll (NVIDIA Corporation)

MOD - C:\Windows\SysWOW64\nvwgf2um.dll (NVIDIA Corporation)

MOD - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)

MOD - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

MOD - C:\Program Files (x86)\Skype\Toolbars\Shared\SkypePnr.dll (Skype Technologies S.A.)

MOD - C:\Program Files (x86)\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Yuna Software)

MOD - C:\Program Files (x86)\Windows Live\Messenger\MSIMG32.dll (Yuna Software)

MOD - C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)

MOD - C:\Program Files (x86)\Yuna Software\Messenger Plus!\MsgPlusRes.dll (Yuna Software)

MOD - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\jscript9.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\wininet.dll (Microsoft Corporation)

MOD - C:\Program Files (x86)\Internet Explorer\IEShims.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\jsproxy.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\iertutil.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\ieui.dll (Microsoft Corporation)

MOD - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamnet.dll (Malwarebytes Corporation)

MOD - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

MOD - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll (Malwarebytes Corporation)

MOD - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\agcore.dll (Microsoft Corporation)

MOD - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

MOD - C:\Windows\SysWOW64\oleaut32.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\oleacc.dll (Microsoft Corporation)

MOD - C:\Program Files (x86)\Yuna Software\Messenger Plus!\detour32.dll ()

MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\xmllite.dll (Microsoft Corporation)

MOD - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\scrchpg.dll (Kaspersky Lab ZAO)

MOD - C:\Program Files (x86)\Windows Live\Messenger\msgsres.dll (Microsoft Corporation)

MOD - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

MOD - C:\Program Files (x86)\Windows Live\Messenger\vvpltfrm.dll (Microsoft Corporation)

MOD - C:\Program Files (x86)\Windows Live\Messenger\msgslang.dll (Microsoft Corporation)

MOD - C:\Program Files (x86)\Windows Live\Messenger\shareanything.dll (Microsoft Corporation)

MOD - C:\Program Files (x86)\Windows Live\Contacts\PresenceIM.dll (Microsoft Corporation)

MOD - C:\Program Files (x86)\Windows Live\Contacts\LiveTransport.dll (Microsoft Corporation)

MOD - C:\Program Files (x86)\Windows Live\Contacts\ObjectStore.dll (Microsoft Corporation)

MOD - C:\Program Files (x86)\Windows Live\Contacts\LiveNatTrav.dll (Microsoft Corporation)

MOD - C:\Program Files (x86)\Windows Live\Installer\wlshim.dll (Microsoft Corporation)

MOD - C:\Program Files (x86)\Windows Live\Shared\WLBici.dll (Microsoft Corporation)

MOD - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

MOD - C:\Program Files (x86)\Windows Live\Shared\uxctl.dll (Microsoft Corporation)

MOD - C:\Program Files (x86)\Windows Live\Shared\wlidux.dll (Microsoft Corporation)

MOD - C:\Program Files (x86)\Windows Live\Shared\UXCore.dll (Microsoft Corporation)

MOD - C:\Program Files (x86)\Windows Live\Shared\uxcontacts.dll (Microsoft Corporation)

MOD - C:\Program Files (x86)\Windows Live\Shared\UXCalendar.dll (Microsoft Corporation)

MOD - C:\Program Files (x86)\Windows Live\Shared\WLDCore.dll (Microsoft Corporation)

MOD - C:\Program Files (x86)\Windows Live\Shared\wldlog.dll (Microsoft Corporation)

MOD - C:\Program Files (x86)\Windows Live\Contacts\conproxy.dll (Microsoft Corporation)

MOD - C:\Program Files (x86)\Windows Live\Contacts\abssm.dll (Microsoft Corporation)

MOD - C:\Program Files (x86)\Windows Live\Contacts\LivePlatform.dll (Microsoft Corporation)

MOD - C:\Program Files (x86)\Windows Live\Contacts\lmcdata.dll (Microsoft Corporation)

MOD - C:\Program Files (x86)\Windows Live\Contacts\consync.dll (Microsoft Corporation)

MOD - C:\Program Files (x86)\Windows Live\Contacts\condb.dll (Microsoft Corporation)

MOD - C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\msls31.dll (Microsoft Corporation)

MOD - C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\dxtmsft.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\dxtrans.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\ieapfltr.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\vbscript.dll (Microsoft Corporation)

MOD - C:\Program Files (x86)\Internet Explorer\ieproxy.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\imgutil.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\schannel.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\kernel32.dll (Microsoft Corporation)

MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\wlidcli.dll (Microsoft Corp.)

MOD - C:\Windows\SysWOW64\mfc42.dll (Microsoft Corporation)

MOD - C:\Windows\AppPatch\AcLayers.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\dnsapi.dll (Microsoft Corporation)

MOD - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\DumpWriter.dll (Kaspersky Lab ZAO)

MOD - C:\Windows\SysWOW64\DWrite.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\shell32.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\shlwapi.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\dxgi.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\d3d10.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\d3d10_1core.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\d3d10core.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\d3d10_1.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\winspool.drv (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\shdocvw.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\d3d10warp.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\d2d1.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\odbc32.dll (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\GdiPlus.dll (Microsoft Corporation)

MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)

MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avpgui.ppl (Kaspersky Lab ZAO)

MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\prloader.dll (Kaspersky Lab ZAO)

MOD - C:\Windows\SysWOW64\ntdll.dll (Microsoft Corporation)

MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\winreg.ppl (Kaspersky Lab ZAO)

MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\thpimpl.ppl (Kaspersky Lab ZAO)

MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\pxstub.ppl (Kaspersky Lab ZAO)

MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\params.ppl (Kaspersky Lab ZAO)

MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\nfio.ppl (Kaspersky Lab ZAO)

MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\fsdrvplg.ppl (Kaspersky Lab ZAO)

MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\basegui.ppl (Kaspersky Lab ZAO)

MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\Ushata.dll (Kaspersky Lab ZAO)

MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\service.dll (Kaspersky Lab ZAO)

MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\prremote.dll (Kaspersky Lab ZAO)

MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\memmng.dll (Kaspersky Lab ZAO)

MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)

MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtblc.dll (Kaspersky Lab ZAO)

MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\kltbar.dll (Kaspersky Lab ZAO)

MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbcl.dll (Kaspersky Lab ZAO)

MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\eka_meta.dll (Kaspersky Lab ZAO)

MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klscav.dll (Kaspersky Lab ZAO)

MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)

MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\fssync.dll (Kaspersky Lab ZAO)

MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\esmgr.dll (Kaspersky Lab ZAO)

MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\CLLDR.DLL (Kaspersky Lab ZAO)

MOD - C:\Program Files (x86)\Windows Live\Messenger\uccapi.dll (Microsoft Corporation)

MOD - C:\Program Files (x86)\Windows Live\Messenger\RTMPLTFM.dll (Microsoft Corporation)

MOD - C:\Program Files (x86)\Windows Live\Shared\sqmapi.dll (Microsoft Corporation)

MOD - C:\Program Files (x86)\Java\jre6\bin\MSVCR71.dll (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\comctl32.dll (Microsoft Corporation)

MOD - C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)

MOD - C:\Program Files (x86)\Common Files\Nokia\MPlatform\MThumbnailService.dll (Nokia)

MOD - C:\Program Files (x86)\Common Files\Nokia\MPlatform\MDataStore.dll (Nokia)

MOD - C:\Program Files (x86)\Common Files\Nokia\MPlatform\MItemPlugins.dll (Nokia)

MOD - C:\Program Files (x86)\Common Files\Nokia\MPlatform\MDatastorePH.dll (Nokia)

MOD - C:\Program Files (x86)\Common Files\Nokia\MPlatform\MEvent.dll (Nokia)

MOD - C:\Program Files (x86)\Common Files\Nokia\MPlatform\MItems.dll (Nokia)

MOD - C:\Program Files (x86)\Windows Live\Companion\sqmapi.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\ole32.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\rtutils.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\msxml3.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\D3DCompiler_43.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\D3DX9_43.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\usp10.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\asycfilt.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\wintrust.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\PortableDeviceApi.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\PortableDeviceTypes.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\WindowsCodecs.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\UIAnimation.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\msasn1.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\winhttp.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\msxml6.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\atl.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\wlanapi.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\secur32.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\dciman32.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\WMVCORE.DLL (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\rpcrt4.dll (Microsoft Corporation)

MOD - C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe (D-Link Corp.)

MOD - C:\Windows\SysWOW64\wnicapi.dll (Wireless Service)

MOD - C:\Windows\SysWOW64\ANIWZCS2.dll (Wireless Service)

MOD - C:\Windows\SysWOW64\lpk.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\setupapi.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\tquery.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\vssapi.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\wer.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\riched20.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\Wldap32.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\winmm.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\spp.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\WinSCard.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\userenv.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\samlib.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\wbem\wbemsvc.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\wbem\wbemprox.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\version.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\netshell.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\onex.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\Query.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\NaturalLanguage6.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\propsys.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\msvcrt.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\netapi32.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\rasapi32.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\pdh.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\SLC.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\ncrypt.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\ntmarta.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\powrprof.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\olepro32.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\mssprxy.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\msi.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\msctf.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\mscms.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\MMDevAPI.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\IPHLPAPI.DLL (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\mpr.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\msimtf.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\midimap.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\d3d9.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\esent.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\browseui.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\crypt32.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\cryptui.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\wbem\fastprox.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\dsound.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\AudioEng.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\es.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\dhcpcsvc.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\Faultrep.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\eappcfg.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\dhcpcsvc6.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\EhStorAPI.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\AudioSes.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\EhStorShell.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\authz.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\gpapi.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\davclnt.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\cscapi.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\advapi32.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\apphelp.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\rsaenh.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\wdmaud.drv (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\msacm32.drv (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\user32.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\gdi32.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\bcrypt.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\imm32.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\d3dx10_41.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\wlanapp.dll ()

MOD - C:\Program Files (x86)\D-Link\DWA-125 revA\ANIOApi.dll ()

MOD - C:\Program Files (x86)\ANI\ANIWZCS2 Service\ANIOApi.dll ()

MOD - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

MOD - C:\PROGRA~2\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

MOD - C:\Program Files (x86)\Spybot - Search & Destroy\advcheck.dll (Safer Networking Limited)

MOD - C:\Program Files (x86)\D-Link\DWA-125 revA\ANILang.dll (D-Link Corp.)

MOD - C:\Windows\SysWOW64\srclient.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\WMASF.DLL (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\msdmo.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\ntshrui.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\duser.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\cryptnet.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\uxtheme.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\ntdsapi.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\actxprxy.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\mlang.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\msacm32.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\cabinet.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\ntlanman.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\avrt.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\ws2_32.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\winsta.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\wtsapi32.dll (Microsoft Corporation)

MOD - C:\Windows\AppPatch\acwow64.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\ddraw.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\FirewallAPI.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\winnsi.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\nsi.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\eappprxy.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\oledlg.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\credssp.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\msoert2.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\dssenh.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\hnetcfg.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\vsstrace.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\clbcatq.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\hhctrl.ocx (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\netprofm.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\sxs.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\rasman.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\devenum.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\dwmapi.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\WSHTCPIP.DLL (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\wship6.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\upnp.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\imagehlp.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\dbghelp.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\wsock32.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\wbemcomn.dll (Microsoft Corporation)

MOD - C:\Program Files (x86)\Windows Defender\MpOav.dll (Microsoft Corporation)

MOD - C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)

MOD - C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)

MOD - C:\Windows\SysWOW64\wlanutil.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\tapi32.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\shimeng.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\ssdpapi.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\shfolder.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\perfos.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\npmproxy.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\psapi.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\rasadhlp.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\SensApi.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\msvcirt.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\msiltcfg.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\msimg32.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\mapi32.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\hid.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\ksuser.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\drprov.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\fltLib.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\ddrawex.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\d3d8thk.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\odbcint.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\INETRES.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\normaliz.dll (Microsoft Corporation)

MOD - C:\Program Files (x86)\CyberLink\PowerDVD\CLRCEngine3.dll (CyberLink Corp.)

MOD - C:\Program Files (x86)\CyberLink\PowerDVD\MSVCR71.dll (Microsoft Corporation)

========== Win32 Services (All) ==========

SRV:64bit: - (nvsvc) -- C:\Windows\SysNative\nvvsvc.exe (NVIDIA Corporation)

SRV:64bit: - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)

SRV:64bit: - (Dnscache) -- C:\Windows\SysNative\dnsrslvr.dll (Microsoft Corporation)

SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)

SRV:64bit: - (Schedule) -- C:\Windows\SysNative\schedsvc.dll (Microsoft Corporation)

SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)

SRV:64bit: - (LanmanServer) -- C:\Windows\SysNative\srvsvc.dll (Microsoft Corporation)

SRV:64bit: - (Spooler) -- C:\Windows\SysNative\spoolsv.exe (Microsoft Corporation)

SRV:64bit: - (WinRM) -- C:\Windows\SysNative\WsmSvc.dll (Microsoft Corporation)

SRV:64bit: - (Wecsvc) -- C:\Windows\SysNative\wecsvc.dll (Microsoft Corporation)

SRV:64bit: - (WPDBusEnum) -- C:\Windows\SysNative\wpdbusenum.dll (Microsoft Corporation)

SRV:64bit: - (WinHttpAutoProxySvc) -- C:\Windows\SysNative\winhttp.dll (Microsoft Corporation)

SRV:64bit: - (wuauserv) -- C:\Windows\SysNative\wuaueng.dll (Microsoft Corporation)

SRV:64bit: - (Wlansvc) -- C:\Windows\SysNative\wlansvc.dll (Microsoft Corporation)

SRV:64bit: - (Themes) -- C:\Windows\SysNative\shsvcs.dll (Microsoft Corporation)

SRV:64bit: - (ShellHWDetection) -- C:\Windows\SysNative\shsvcs.dll (Microsoft Corporation)

SRV:64bit: - (SamSs) -- C:\Windows\SysNative\lsass.exe (Microsoft Corporation)

SRV:64bit: - (ProtectedStorage) -- C:\Windows\SysNative\lsass.exe (Microsoft Corporation)

SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\lsass.exe (Microsoft Corporation)

SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\lsass.exe (Microsoft Corporation)

SRV:64bit: - (LanmanWorkstation) -- C:\Windows\SysNative\wkssvc.dll (Microsoft Corporation)

SRV:64bit: - (wscsvc) -- C:\Windows\SysNative\wscsvc.dll (Microsoft Corporation)

SRV:64bit: - (Eventlog) -- C:\Windows\SysNative\wevtsvc.dll (Microsoft Corporation)

SRV:64bit: - (wcncsvc) -- C:\Windows\SysNative\wcncsvc.dll (Microsoft Corporation)

SRV:64bit: - (stisvc) -- C:\Windows\SysNative\wiaservc.dll (Microsoft Corporation)

SRV:64bit: - (Winmgmt) -- C:\Windows\SysNative\wbem\WMIsvc.dll (Microsoft Corporation)

SRV:64bit: - (WebClient) -- C:\Windows\SysNative\webclnt.dll (Microsoft Corporation)

SRV:64bit: - (SysMain) -- C:\Windows\SysNative\sysmain.dll (Microsoft Corporation)

SRV:64bit: - (TermService) -- C:\Windows\SysNative\termsrv.dll (Microsoft Corporation)

SRV:64bit: - (swprv) -- C:\Windows\SysNative\swprv.dll (Microsoft Corporation)

SRV:64bit: - (W32Time) -- C:\Windows\SysNative\w32time.dll (Microsoft Corporation)

SRV:64bit: - (TapiSrv) -- C:\Windows\SysNative\tapisrv.dll (Microsoft Corporation)

SRV:64bit: - (PlugPlay) -- C:\Windows\SysNative\umpnpmgr.dll (Microsoft Corporation)

SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)

SRV:64bit: - (UxSms) -- C:\Windows\SysNative\uxsms.dll (Microsoft Corporation)

SRV:64bit: - (SLUINotify) -- C:\Windows\SysNative\SLUINotify.dll (Microsoft Corporation)

SRV:64bit: - (BITS) -- C:\Windows\SysNative\qmgr.dll (Microsoft Corporation)

SRV:64bit: - (RpcSs) -- C:\Windows\SysNative\rpcss.dll (Microsoft Corporation)

SRV:64bit: - (DcomLaunch) -- C:\Windows\SysNative\rpcss.dll (Microsoft Corporation)

SRV:64bit: - (napagent) -- C:\Windows\SysNative\qagentRT.dll (Microsoft Corporation)

SRV:64bit: - (RasMan) -- C:\Windows\SysNative\rasmans.dll (Microsoft Corporation)

SRV:64bit: - (RemoteRegistry) -- C:\Windows\SysNative\regsvc.dll (Microsoft Corporation)

SRV:64bit: - (ProfSvc) -- C:\Windows\SysNative\profsvc.dll (Microsoft Corporation)

SRV:64bit: - (SCardSvr) -- C:\Windows\SysNative\SCardSvr.dll (Microsoft Corporation)

SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\p2psvc.dll (Microsoft Corporation)

SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\p2psvc.dll (Microsoft Corporation)

SRV:64bit: - (p2psvc) -- C:\Windows\SysNative\p2psvc.dll (Microsoft Corporation)

SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\p2psvc.dll (Microsoft Corporation)

SRV:64bit: - (gpsvc) -- C:\Windows\SysNative\gpsvc.dll (Microsoft Corporation)

SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)

SRV:64bit: - (MpsSvc) -- C:\Windows\SysNative\mpssvc.dll (Microsoft Corporation)

SRV:64bit: - (PolicyAgent) -- C:\Windows\SysNative\ipsecsvc.dll (Microsoft Corporation)

SRV:64bit: - (IKEEXT) -- C:\Windows\SysNative\ikeext.dll (Microsoft Corporation)

SRV:64bit: - (EMDMgmt) -- C:\Windows\SysNative\emdmgmt.dll (Microsoft Corporation)

SRV:64bit: - (EventSystem) -- C:\Windows\SysNative\es.dll (Microsoft Corporation)

SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcsvc.dll (Microsoft Corporation)

SRV:64bit: - (iphlpsvc) -- C:\Windows\SysNative\iphlpsvc.dll (Microsoft Corporation)

SRV:64bit: - (dot3svc) -- C:\Windows\SysNative\dot3svc.dll (Microsoft Corporation)

SRV:64bit: - (CryptSvc) -- C:\Windows\SysNative\cryptsvc.dll (Microsoft Corporation)

SRV:64bit: - (hidserv) -- C:\Windows\SysNative\hidserv.dll (Microsoft Corporation)

SRV:64bit: - (BFE) -- C:\Windows\SysNative\bfe.dll (Microsoft Corporation)

SRV:64bit: - (AudioSrv) -- C:\Windows\SysNative\Audiosrv.dll (Microsoft Corporation)

SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\Audiosrv.dll (Microsoft Corporation)

SRV:64bit: - (SCPolicySvc) -- C:\Windows\SysNative\certprop.dll (Microsoft Corporation)

SRV:64bit: - (CertPropSvc) -- C:\Windows\SysNative\certprop.dll (Microsoft Corporation)

SRV:64bit: - (wmiApSrv) -- C:\Windows\SysNative\wbem\WmiApSrv.exe (Microsoft Corporation)

SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)

SRV:64bit: - (VSS) -- C:\Windows\SysNative\vssvc.exe (Microsoft Corporation)

SRV:64bit: - (vds) -- C:\Windows\SysNative\vds.exe (Microsoft Corporation)

SRV:64bit: - (WSearch) -- C:\Windows\SysNative\SearchIndexer.exe (Microsoft Corporation)

SRV:64bit: - (slsvc) -- C:\Windows\SysNative\SLsvc.exe (Microsoft Corporation)

SRV:64bit: - (msiserver) -- C:\Windows\SysNative\msiexec.exe (Microsoft Corporation)

SRV:64bit: - (DFSR) -- C:\Windows\SysNative\DFSR.exe (Microsoft Corporation)

SRV:64bit: - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

SRV:64bit: - (WPCSvc) -- C:\Windows\SysNative\wpcsvc.dll (Microsoft Corporation)

SRV:64bit: - (Mcx2Svc) -- C:\Windows\SysNative\Mcx2Svc.dll (Microsoft Corporation)

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SRV:64bit: - (SstpSvc) -- C:\Windows\SysNative\sstpsvc.dll (Microsoft Corporation)

SRV:64bit: - (UI0Detect) -- C:\Windows\SysNative\UI0Detect.exe (Microsoft Corporation)

SRV:64bit: - (TrkWks) -- C:\Windows\SysNative\trkwks.dll (Microsoft Corporation)

SRV:64bit: - (upnphost) -- C:\Windows\SysNative\upnphost.dll (Microsoft Corporation)

SRV:64bit: - (pla) -- C:\Windows\SysNative\pla.dll (Microsoft Corporation)

SRV:64bit: - (MSiSCSI) -- C:\Windows\SysNative\iscsiexe.dll (Microsoft Corporation)

SRV:64bit: - (NlaSvc) -- C:\Windows\SysNative\nlasvc.dll (Microsoft Corporation)

SRV:64bit: - (EapHost) -- C:\Windows\SysNative\eapsvc.dll (Microsoft Corporation)

SRV:64bit: - (lltdsvc) -- C:\Windows\SysNative\lltdsvc.dll (Microsoft Corporation)

SRV:64bit: - (wudfsvc) -- C:\Windows\SysNative\WUDFSvc.dll (Microsoft Corporation)

SRV:64bit: - (lmhosts) -- C:\Windows\SysNative\lmhsvc.dll (Microsoft Corporation)

SRV:64bit: - (SessionEnv) -- C:\Windows\SysNative\sessenv.dll (Microsoft Corporation)

SRV:64bit: - (THREADORDER) -- C:\Windows\SysNative\mmcss.dll (Microsoft Corporation)

SRV:64bit: - (MMCSS) -- C:\Windows\SysNative\mmcss.dll (Microsoft Corporation)

SRV:64bit: - (SSDPSRV) -- C:\Windows\SysNative\ssdpsrv.dll (Microsoft Corporation)

SRV:64bit: - (nsi) -- C:\Windows\SysNative\nsisvc.dll (Microsoft Corporation)

SRV:64bit: - (SENS) -- C:\Windows\SysNative\sens.dll (Microsoft Corporation)

SRV:64bit: - (WdiSystemHost) -- C:\Windows\SysNative\wdi.dll (Microsoft Corporation)

SRV:64bit: - (WdiServiceHost) -- C:\Windows\SysNative\wdi.dll (Microsoft Corporation)

SRV:64bit: - (Browser) -- C:\Windows\SysNative\browser.dll (Microsoft Corporation)

SRV:64bit: - (DPS) -- C:\Windows\SysNative\dps.dll (Microsoft Corporation)

SRV:64bit: - (seclogon) -- C:\Windows\SysNative\seclogon.dll (Microsoft Corporation)

SRV:64bit: - (hkmsvc) -- C:\Windows\SysNative\kmsvc.dll (Microsoft Corporation)

SRV:64bit: - (TBS) -- C:\Windows\SysNative\tbssvc.dll (Microsoft Corporation)

SRV:64bit: - (WerSvc) -- C:\Windows\SysNative\WerSvc.dll (Microsoft Corporation)

SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofm.dll (Microsoft Corporation)

SRV:64bit: - (fdPHost) -- C:\Windows\SysNative\fdPHost.dll (Microsoft Corporation)

SRV:64bit: - (RemoteAccess) -- C:\Windows\SysNative\mprdim.dll (Microsoft Corporation)

SRV:64bit: - (RasAuto) -- C:\Windows\SysNative\rasauto.dll (Microsoft Corporation)

SRV:64bit: - (IPBusEnum) -- C:\Windows\SysNative\ipbusenum.dll (Microsoft Corporation)

SRV:64bit: - (KtmRm) -- C:\Windows\SysNative\msdtckrm.dll (Microsoft Corporation)

SRV:64bit: - (MSDTC) -- C:\Windows\SysNative\msdtc.exe (Microsoft Corporation)

SRV:64bit: - (Appinfo) -- C:\Windows\SysNative\appinfo.dll (Microsoft Corporation)

SRV:64bit: - (ALG) -- C:\Windows\SysNative\alg.exe (Microsoft Corporation)

SRV:64bit: - (Netman) -- C:\Windows\SysNative\netman.dll (Microsoft Corporation)

SRV:64bit: - (SharedAccess) -- C:\Windows\SysNative\ipnathlp.dll (Microsoft Corporation)

SRV:64bit: - (Fax) -- C:\Windows\SysNative\fxssvc.exe (Microsoft Corporation)

SRV:64bit: - (PcaSvc) -- C:\Windows\SysNative\pcasvc.dll (Microsoft Corporation)

SRV:64bit: - (QWAVE) -- C:\Windows\SysNative\qwave.dll (Microsoft Corporation)

SRV:64bit: - (SDRSVC) -- C:\Windows\SysNative\SDRSVC.dll (Microsoft Corporation)

SRV:64bit: - (TabletInputService) -- C:\Windows\SysNative\TabSvc.dll (Microsoft Corporation)

SRV:64bit: - (wercplsupport) -- C:\Windows\SysNative\wercplsupport.dll (Microsoft Corporation)

SRV:64bit: - (WcsPlugInService) -- C:\Windows\SysNative\WcsPlugInService.dll (Microsoft Corporation)

SRV:64bit: - (FDResPub) -- C:\Windows\SysNative\fdrespub.dll (Microsoft Corporation)

SRV:64bit: - (AeLookupSvc) -- C:\Windows\SysNative\aelupsvc.dll (Microsoft Corporation)

SRV:64bit: - (SNMPTRAP) -- C:\Windows\SysNative\snmptrap.exe (Microsoft Corporation)

SRV:64bit: - (RpcLocator) -- C:\Windows\SysNative\locator.exe (Microsoft Corporation)

SRV:64bit: - (COMSysApp) -- C:\Windows\SysNative\dllhost.exe (Microsoft Corporation)

SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_d768ebc.dll ()

SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)

SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

SRV - (GoogleIMEJaCacheService) -- C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe (Google Inc.)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (gusvc) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)

SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)

SRV - (gupdatem) Serviço do Google Update (gupdatem) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc.)

SRV - (gupdate) Serviço do Google Update (gupdate) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc.)

SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.)

SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (WinRM) Windows Remote Management (WS-Management) -- C:\Windows\SysWOW64\WsmSvc.dll (Microsoft Corporation)

SRV - (WinHttpAutoProxySvc) -- C:\Windows\SysWow64\winhttp.dll (Microsoft Corporation)

SRV - (Themes) -- C:\Windows\SysWOW64\shsvcs.dll (Microsoft Corporation)

SRV - (ShellHWDetection) -- C:\Windows\SysWOW64\shsvcs.dll (Microsoft Corporation)

SRV - (TrustedInstaller) -- C:\Windows\servicing\TrustedInstaller.exe (Microsoft Corporation)

SRV - (wcncsvc) -- C:\Windows\SysWOW64\wcncsvc.dll (Microsoft Corporation)

SRV - (TapiSrv) -- C:\Windows\SysWOW64\tapisrv.dll (Microsoft Corporation)

SRV - (WebClient) -- C:\Windows\SysWOW64\WebClnt.dll (Microsoft Corporation)

SRV - (WPCSvc) -- C:\Windows\SysWOW64\wpcsvc.dll (Microsoft Corporation)

SRV - (SCardSvr) -- C:\Windows\SysWOW64\SCardSvr.dll (Microsoft Corporation)

SRV - (PNRPsvc) -- C:\Windows\SysWOW64\p2psvc.dll (Microsoft Corporation)

SRV - (PNRPAutoReg) -- C:\Windows\SysWOW64\p2psvc.dll (Microsoft Corporation)

SRV - (p2psvc) -- C:\Windows\SysWOW64\p2psvc.dll (Microsoft Corporation)

SRV - (p2pimsvc) -- C:\Windows\SysWOW64\p2psvc.dll (Microsoft Corporation)

SRV - (EventSystem) -- C:\Windows\SysWOW64\es.dll (Microsoft Corporation)

SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcsvc.dll (Microsoft Corporation)

SRV - (CryptSvc) -- C:\Windows\SysWOW64\cryptsvc.dll (Microsoft Corporation)

SRV - (hidserv) -- C:\Windows\SysWOW64\hidserv.dll (Microsoft Corporation)

SRV - (AppMgmt) -- C:\Windows\SysWOW64\appmgmts.dll (Microsoft Corporation)

SRV - (WSearch) -- C:\Windows\SysWow64\SearchIndexer.exe (Microsoft Corporation)

SRV - (msiserver) -- C:\Windows\SysWow64\msiexec.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (ANIWConnService) -- C:\Windows\SysWOW64\ANIWConnService.exe ()

SRV - (FontCache3.0.0.0) -- C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)

SRV - (idsvc) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)

SRV - (ehRecvr) -- C:\Windows\ehome\ehrecvr.exe (Microsoft Corporation)

SRV - (ehSched) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)

SRV - (PerfHost) -- C:\Windows\SysWOW64\perfhost.exe (Microsoft Corporation)

SRV - (SessionEnv) -- C:\Windows\SysWOW64\SessEnv.dll (Microsoft Corporation)

SRV - (SENS) -- C:\Windows\SysWOW64\Sens.dll (Microsoft Corporation)

SRV - (WdiSystemHost) -- C:\Windows\SysWOW64\wdi.dll (Microsoft Corporation)

SRV - (WdiServiceHost) -- C:\Windows\SysWOW64\wdi.dll (Microsoft Corporation)

SRV - (netprofm) -- C:\Windows\SysWOW64\netprofm.dll (Microsoft Corporation)

SRV - (RemoteAccess) -- C:\Windows\SysWOW64\mprdim.dll (Microsoft Corporation)

SRV - (upnphost) -- C:\Windows\SysWOW64\upnphost.dll (Microsoft Corporation)

SRV - (pla) -- C:\Windows\SysWOW64\pla.dll (Microsoft Corporation)

SRV - (QWAVE) -- C:\Windows\SysWOW64\qwave.dll (Microsoft Corporation)

SRV - (ehstart) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)

SRV - (WcsPlugInService) -- C:\Windows\SysWOW64\WcsPlugInService.dll (Microsoft Corporation)

SRV - (COMSysApp) -- C:\Windows\SysWow64\dllhost.exe (Microsoft Corporation)

Link to post
Share on other sites

========== Driver Services (All) ==========

DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()

DRV:64bit: - (nvlddmkm) -- C:\Windows\SysNative\DRIVERS\nvlddmkm.sys (NVIDIA Corporation)

DRV:64bit: - (Tcpip6) -- C:\Windows\SysNative\DRIVERS\tcpip.sys (Microsoft Corporation)

DRV:64bit: - (Tcpip) -- C:\Windows\SysNative\drivers\tcpip.sys (Microsoft Corporation)

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (mrxsmb10) -- C:\Windows\SysNative\DRIVERS\mrxsmb10.sys (Microsoft Corporation)

DRV:64bit: - (srv2) -- C:\Windows\SysNative\DRIVERS\srv2.sys (Microsoft Corporation)

DRV:64bit: - (srvnet) -- C:\Windows\SysNative\DRIVERS\srvnet.sys (Microsoft Corporation)

DRV:64bit: - (mrxsmb) -- C:\Windows\SysNative\DRIVERS\mrxsmb.sys (Microsoft Corporation)

DRV:64bit: - (mrxsmb20) -- C:\Windows\SysNative\DRIVERS\mrxsmb20.sys (Microsoft Corporation)

DRV:64bit: - (AFD) -- C:\Windows\SysNative\drivers\afd.sys (Microsoft Corporation)

DRV:64bit: - (Gun) -- C:\Windows\SysNative\Gun64.sys ()

DRV:64bit: - (DfsC) -- C:\Windows\SysNative\Drivers\dfsc.sys (Microsoft Corporation)

DRV:64bit: - (KLIF) -- C:\Windows\SysNative\DRIVERS\klif.sys (Kaspersky Lab)

DRV:64bit: - (srv) -- C:\Windows\SysNative\DRIVERS\srv.sys (Microsoft Corporation)

DRV:64bit: - (bowser) -- C:\Windows\SysNative\DRIVERS\bowser.sys (Microsoft Corporation)

DRV:64bit: - (DXGKrnl) -- C:\Windows\SysNative\drivers\dxgkrnl.sys (Microsoft Corporation)

DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\DRIVERS\fssfltr.sys (Microsoft Corporation)

DRV:64bit: - (kl2) -- C:\Windows\SysNative\DRIVERS\kl2.sys (Kaspersky Lab ZAO)

DRV:64bit: - (KL1) -- C:\Windows\SysNative\DRIVERS\kl1.sys (Kaspersky Lab ZAO)

DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\DRIVERS\klim6.sys (Kaspersky Lab ZAO)

DRV:64bit: - (HTTP) -- C:\Windows\SysNative\drivers\HTTP.sys (Microsoft Corporation)

DRV:64bit: - (Revoflt) -- C:\Windows\SysNative\DRIVERS\revoflt.sys (VS Revo Group)

DRV:64bit: - (tcpipreg) -- C:\Windows\SysNative\drivers\tcpipreg.sys (Microsoft Corporation)

DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\DRIVERS\klmouflt.sys (Kaspersky Lab)

DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)

DRV:64bit: - (Wdf01000) -- C:\Windows\SysNative\drivers\Wdf01000.sys (Microsoft Corporation)

DRV:64bit: - (KSecDD) -- C:\Windows\SysNative\Drivers\ksecdd.sys (Microsoft Corporation)

DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\DRIVERS\netr28ux.sys (Ralink Technology Corp.)

DRV:64bit: - (volmgrx) -- C:\Windows\SysNative\drivers\volmgrx.sys (Microsoft Corporation)

DRV:64bit: - (volmgr) -- C:\Windows\SysNative\drivers\volmgr.sys (Microsoft Corporation)

DRV:64bit: - (TermDD) -- C:\Windows\SysNative\DRIVERS\termdd.sys (Microsoft Corporation)

DRV:64bit: - (volsnap) -- C:\Windows\SysNative\drivers\volsnap.sys (Microsoft Corporation)

DRV:64bit: - (spldr) -- C:\Windows\SysNative\drivers\spldr.sys (Microsoft Corporation)

DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\drivers\ntfs.sys (Microsoft Corporation)

DRV:64bit: - (NDIS) -- C:\Windows\SysNative\drivers\ndis.sys (Microsoft Corporation)

DRV:64bit: - (CLFS) Common Log (CLFS) -- C:\Windows\SysNative\CLFS.sys (Microsoft Corporation)

DRV:64bit: - (ACPI) -- C:\Windows\SysNative\drivers\acpi.sys (Microsoft Corporation)

DRV:64bit: - (MsRPC) -- C:\Windows\SysNative\drivers\msrpc.sys (Microsoft Corporation)

DRV:64bit: - (FltMgr) -- C:\Windows\SysNative\drivers\fltmgr.sys (Microsoft Corporation)

DRV:64bit: - (iScsiPrt) -- C:\Windows\SysNative\DRIVERS\msiscsi.sys (Microsoft Corporation)

DRV:64bit: - (pci) -- C:\Windows\SysNative\drivers\pci.sys (Microsoft Corporation)

DRV:64bit: - (fvevol) -- C:\Windows\SysNative\DRIVERS\fvevol.sys (Microsoft Corporation)

DRV:64bit: - (Ecache) -- C:\Windows\SysNative\drivers\ecache.sys (Microsoft Corporation)

DRV:64bit: - (partmgr) -- C:\Windows\SysNative\drivers\partmgr.sys (Microsoft Corporation)

DRV:64bit: - (disk) -- C:\Windows\SysNative\drivers\disk.sys (Microsoft Corporation)

DRV:64bit: - (Mup) -- C:\Windows\SysNative\Drivers\mup.sys (Microsoft Corporation)

DRV:64bit: - (atapi) -- C:\Windows\SysNative\drivers\atapi.sys (Microsoft Corporation)

DRV:64bit: - (pciide) -- C:\Windows\SysNative\drivers\pciide.sys (Microsoft Corporation)

DRV:64bit: - (rdpdr) -- C:\Windows\SysNative\DRIVERS\rdpdr.sys (Microsoft Corporation)

DRV:64bit: - (RDPWD) -- C:\Windows\SysNative\drivers\rdpwd.sys (Microsoft Corporation)

DRV:64bit: - (RasSstp) Miniporta WAN (SSTP) -- C:\Windows\SysNative\DRIVERS\rassstp.sys (Microsoft Corporation)

DRV:64bit: - (NdisWan) -- C:\Windows\SysNative\DRIVERS\ndiswan.sys (Microsoft Corporation)

DRV:64bit: - (Rasl2tp) Miniporta WAN (L2TP) -- C:\Windows\SysNative\DRIVERS\rasl2tp.sys (Microsoft Corporation)

DRV:64bit: - (PptpMiniport) Miniporta WAN (PPTP) -- C:\Windows\SysNative\DRIVERS\raspptp.sys (Microsoft Corporation)

DRV:64bit: - (Wanarpv6) -- C:\Windows\SysNative\DRIVERS\wanarp.sys (Microsoft Corporation)

DRV:64bit: - (Wanarp) -- C:\Windows\SysNative\DRIVERS\wanarp.sys (Microsoft Corporation)

DRV:64bit: - (RasPppoe) -- C:\Windows\SysNative\DRIVERS\raspppoe.sys (Microsoft Corporation)

DRV:64bit: - (IpFilterDriver) -- C:\Windows\SysNative\DRIVERS\ipfltdrv.sys (Microsoft Corporation)

DRV:64bit: - (tdx) -- C:\Windows\SysNative\DRIVERS\tdx.sys (Microsoft Corporation)

DRV:64bit: - (PSched) -- C:\Windows\SysNative\DRIVERS\pacer.sys (Microsoft Corporation)

DRV:64bit: - (netbt) -- C:\Windows\SysNative\DRIVERS\netbt.sys (Microsoft Corporation)

DRV:64bit: - (Smb) Protocolos TCP/IP e TCP/IPv6 Orientados a Mensagens (sessão SMB) -- C:\Windows\SysNative\DRIVERS\smb.sys (Microsoft Corporation)

DRV:64bit: - (NativeWifiP) -- C:\Windows\SysNative\DRIVERS\nwifi.sys (Microsoft Corporation)

DRV:64bit: - (usbhub) -- C:\Windows\SysNative\DRIVERS\usbhub.sys (Microsoft Corporation)

DRV:64bit: - (ohci1394) -- C:\Windows\SysNative\DRIVERS\ohci1394.sys (Microsoft Corporation)

DRV:64bit: - (HDAudBus) -- C:\Windows\SysNative\DRIVERS\HDAudBus.sys (Microsoft Corporation)

DRV:64bit: - (USBSTOR) -- C:\Windows\SysNative\DRIVERS\USBSTOR.SYS (Microsoft Corporation)

DRV:64bit: - (usbehci) -- C:\Windows\SysNative\DRIVERS\usbehci.sys (Microsoft Corporation)

DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)

DRV:64bit: - (cdrom) -- C:\Windows\SysNative\DRIVERS\cdrom.sys (Microsoft Corporation)

DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)

DRV:64bit: - (MRxDAV) -- C:\Windows\SysNative\drivers\mrxdav.sys (Microsoft Corporation)

DRV:64bit: - (rdbss) -- C:\Windows\SysNative\DRIVERS\rdbss.sys (Microsoft Corporation)

DRV:64bit: - (Npfs) -- C:\Windows\SysNative\drivers\npfs.sys (Microsoft Corporation)

DRV:64bit: - (udfs) -- C:\Windows\SysNative\DRIVERS\udfs.sys (Microsoft Corporation)

DRV:64bit: - (fastfat) -- C:\Windows\SysNative\drivers\fastfat.sys (Microsoft Corporation)

DRV:64bit: - (exfat) -- C:\Windows\SysNative\drivers\exfat.sys (Microsoft Corporation)

DRV:64bit: - (anodlwf) -- C:\Windows\SysNative\DRIVERS\anodlwfx.sys ()

DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys (Nokia)

DRV:64bit: - (TDTCP) -- C:\Windows\SysNative\drivers\tdtcp.sys (Microsoft Corporation)

DRV:64bit: - (TDPIPE) -- C:\Windows\SysNative\drivers\tdpipe.sys (Microsoft Corporation)

DRV:64bit: - (RDPCDD) -- C:\Windows\SysNative\DRIVERS\RDPCDD.sys (Microsoft Corporation)

DRV:64bit: - (AsyncMac) -- C:\Windows\SysNative\DRIVERS\asyncmac.sys (Microsoft Corporation)

DRV:64bit: - (FileInfo) -- C:\Windows\SysNative\drivers\fileinfo.sys (Microsoft Corporation)

DRV:64bit: - (IRENUM) -- C:\Windows\SysNative\drivers\irenum.sys (Microsoft Corporation)

DRV:64bit: - (cdfs) -- C:\Windows\SysNative\DRIVERS\cdfs.sys (Microsoft Corporation)

DRV:64bit: - (Msfs) -- C:\Windows\SysNative\drivers\msfs.sys (Microsoft Corporation)

DRV:64bit: - (MountMgr) -- C:\Windows\SysNative\drivers\mountmgr.sys (Microsoft Corporation)

DRV:64bit: - (tssecsrv) -- C:\Windows\SysNative\DRIVERS\tssecsrv.sys (Microsoft Corporation)

DRV:64bit: - (WUDFRd) -- C:\Windows\SysNative\DRIVERS\WUDFRd.sys (Microsoft Corporation)

DRV:64bit: - (Modem) -- C:\Windows\SysNative\drivers\modem.sys (Microsoft Corporation)

DRV:64bit: - (Ndisuio) -- C:\Windows\SysNative\DRIVERS\ndisuio.sys (Microsoft Corporation)

DRV:64bit: - (VgaSave) -- C:\Windows\SysNative\drivers\vga.sys (Microsoft Corporation)

DRV:64bit: - (MSKSSRV) -- C:\Windows\SysNative\drivers\MSKSSRV.sys (Microsoft Corporation)

DRV:64bit: - (MSTEE) -- C:\Windows\SysNative\drivers\MSTEE.sys (Microsoft Corporation)

DRV:64bit: - (RDPENCDD) -- C:\Windows\SysNative\drivers\rdpencdd.sys (Microsoft Corporation)

DRV:64bit: - (mpsdrv) -- C:\Windows\SysNative\drivers\mpsdrv.sys (Microsoft Corporation)

DRV:64bit: - (nsiproxy) -- C:\Windows\SysNative\drivers\nsiproxy.sys (Microsoft Corporation)

DRV:64bit: - (ws2ifsl) -- C:\Windows\SysNative\drivers\ws2ifsl.sys (Microsoft Corporation)

DRV:64bit: - (luafv) -- C:\Windows\SysNative\drivers\luafv.sys (Microsoft Corporation)

DRV:64bit: - (rspndr) -- C:\Windows\SysNative\DRIVERS\rspndr.sys (Microsoft Corporation)

DRV:64bit: - (lltdio) -- C:\Windows\SysNative\DRIVERS\lltdio.sys (Microsoft Corporation)

DRV:64bit: - (ksthunk) -- C:\Windows\SysNative\drivers\ksthunk.sys (Microsoft Corporation)

DRV:64bit: - (IPNAT) -- C:\Windows\SysNative\DRIVERS\ipnat.sys (Microsoft Corporation)

DRV:64bit: - (tunnel) -- C:\Windows\SysNative\DRIVERS\tunnel.sys (Microsoft Corporation)

DRV:64bit: - (tunmp) -- C:\Windows\SysNative\DRIVERS\tunmp.sys (Microsoft Corporation)

DRV:64bit: - (NDProxy) -- C:\Windows\SysNative\drivers\ndproxy.sys (Microsoft Corporation)

DRV:64bit: - (NdisTapi) -- C:\Windows\SysNative\DRIVERS\ndistapi.sys (Microsoft Corporation)

DRV:64bit: - (Filetrace) -- C:\Windows\SysNative\drivers\filetrace.sys (Microsoft Corporation)

DRV:64bit: - (NetBIOS) -- C:\Windows\SysNative\DRIVERS\netbios.sys (Microsoft Corporation)

DRV:64bit: - (RasAcd) -- C:\Windows\SysNative\DRIVERS\rasacd.sys (Microsoft Corporation)

DRV:64bit: - (QWAVEdrv) -- C:\Windows\SysNative\drivers\qwavedrv.sys (Microsoft Corporation)

DRV:64bit: - (i2omp) -- C:\Windows\SysNative\drivers\i2omp.sys (Microsoft Corporation)

DRV:64bit: - (adpu320) -- C:\Windows\SysNative\drivers\adpu320.sys (Adaptec, Inc.)

DRV:64bit: - (IPMIDRV) -- C:\Windows\SysNative\drivers\ipmidrv.sys (Microsoft Corporation)

DRV:64bit: - (i8042prt) -- C:\Windows\SysNative\DRIVERS\i8042prt.sys (Microsoft Corporation)

DRV:64bit: - (kbdclass) -- C:\Windows\SysNative\DRIVERS\kbdclass.sys (Microsoft Corporation)

DRV:64bit: - (Wd) -- C:\Windows\SysNative\drivers\wd.sys (Microsoft Corporation)

DRV:64bit: - (kbdhid) -- C:\Windows\SysNative\drivers\kbdhid.sys (Microsoft Corporation)

DRV:64bit: - (mpio) -- C:\Windows\SysNative\drivers\mpio.sys (Microsoft Corporation)

DRV:64bit: - (SiSRaid4) -- C:\Windows\SysNative\drivers\sisraid4.sys (Silicon Integrated Systems)

DRV:64bit: - (vsmraid) -- C:\Windows\SysNative\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV:64bit: - (fdc) -- C:\Windows\SysNative\DRIVERS\fdc.sys (Microsoft Corporation)

DRV:64bit: - (usbuhci) -- C:\Windows\SysNative\DRIVERS\usbuhci.sys (Microsoft Corporation)

DRV:64bit: - (msdsm) -- C:\Windows\SysNative\drivers\msdsm.sys (Microsoft Corporation)

DRV:64bit: - (blbdrive) -- C:\Windows\SysNative\drivers\blbdrive.sys (Microsoft Corporation)

DRV:64bit: - (circlass) -- C:\Windows\SysNative\drivers\circlass.sys (Microsoft Corporation)

DRV:64bit: - (LSI_SCSI) -- C:\Windows\SysNative\drivers\lsi_scsi.sys (LSI Logic)

DRV:64bit: - (arcsas) -- C:\Windows\SysNative\drivers\arcsas.sys (Adaptec, Inc.)

DRV:64bit: - (sffdisk) -- C:\Windows\SysNative\drivers\sffdisk.sys (Microsoft Corporation)

DRV:64bit: - (sffp_mmc) -- C:\Windows\SysNative\drivers\sffp_mmc.sys (Microsoft Corporation)

DRV:64bit: - (sffp_sd) -- C:\Windows\SysNative\drivers\sffp_sd.sys (Microsoft Corporation)

DRV:64bit: - (elxstor) -- C:\Windows\SysNative\drivers\elxstor.sys (Emulex)

DRV:64bit: - (iaStorV) -- C:\Windows\SysNative\drivers\iastorv.sys (Intel Corporation)

DRV:64bit: - (gagp30kx) -- C:\Windows\SysNative\drivers\gagp30kx.sys (Microsoft Corporation)

DRV:64bit: - (uagp35) -- C:\Windows\SysNative\drivers\uagp35.sys (Microsoft Corporation)

DRV:64bit: - (monitor) -- C:\Windows\SysNative\DRIVERS\monitor.sys (Microsoft Corporation)

DRV:64bit: - (mouclass) -- C:\Windows\SysNative\DRIVERS\mouclass.sys (Microsoft Corporation)

DRV:64bit: - (megasas) -- C:\Windows\SysNative\drivers\megasas.sys (LSI Corporation)

DRV:64bit: - (vga) -- C:\Windows\SysNative\DRIVERS\vgapnp.sys (Microsoft Corporation)

DRV:64bit: - (sermouse) -- C:\Windows\SysNative\drivers\sermouse.sys (Microsoft Corporation)

DRV:64bit: - (mouhid) -- C:\Windows\SysNative\drivers\mouhid.sys (Microsoft Corporation)

DRV:64bit: - (HpCISSs) -- C:\Windows\SysNative\drivers\hpcisss.sys (Hewlett-Packard Company)

DRV:64bit: - (MegaSR) -- C:\Windows\SysNative\drivers\megasr.sys (LSI Corporation, Inc.)

DRV:64bit: - (uliahci) -- C:\Windows\SysNative\drivers\uliahci.sys (ULi Electronics Inc.)

DRV:64bit: - (LSI_SAS) -- C:\Windows\SysNative\drivers\lsi_sas.sys (LSI Logic)

DRV:64bit: - (SiSRaid2) -- C:\Windows\SysNative\drivers\sisraid2.sys (Microsoft Corporation)

DRV:64bit: - (E1G60) Intel® -- C:\Windows\SysNative\DRIVERS\E1G6032E.sys (Intel Corporation)

DRV:64bit: - (flpydisk) -- C:\Windows\SysNative\DRIVERS\flpydisk.sys (Microsoft Corporation)

DRV:64bit: - (adpahci) -- C:\Windows\SysNative\drivers\adpahci.sys (Adaptec, Inc.)

DRV:64bit: - (nvraid) -- C:\Windows\SysNative\drivers\nvraid.sys (NVIDIA Corporation)

DRV:64bit: - (adpu160m) -- C:\Windows\SysNative\drivers\adpu160m.sys (Adaptec, Inc.)

DRV:64bit: - (nvstor) -- C:\Windows\SysNative\drivers\nvstor.sys (NVIDIA Corporation)

DRV:64bit: - (umbus) -- C:\Windows\SysNative\DRIVERS\umbus.sys (Microsoft Corporation)

DRV:64bit: - (adp94xx) -- C:\Windows\SysNative\drivers\adp94xx.sys (Adaptec, Inc.)

DRV:64bit: - (ulsata2) -- C:\Windows\SysNative\drivers\ulsata2.sys (Promise Technology, Inc.)

DRV:64bit: - (arc) -- C:\Windows\SysNative\drivers\arc.sys (Adaptec, Inc.)

DRV:64bit: - (crcdisk) -- C:\Windows\SysNative\drivers\crcdisk.sys (Microsoft Corporation)

DRV:64bit: - (ql2300) -- C:\Windows\SysNative\drivers\ql2300.sys (QLogic Corporation)

DRV:64bit: - (LSI_FC) -- C:\Windows\SysNative\drivers\lsi_fc.sys (LSI Logic)

DRV:64bit: - (AmdK8) -- C:\Windows\SysNative\drivers\amdk8.sys (Microsoft Corporation)

DRV:64bit: - (intelppm) -- C:\Windows\SysNative\DRIVERS\intelppm.sys (Microsoft Corporation)

DRV:64bit: - (Processor) -- C:\Windows\SysNative\drivers\processr.sys (Microsoft Corporation)

DRV:64bit: - (isapnp) -- C:\Windows\SysNative\drivers\isapnp.sys (Microsoft Corporation)

DRV:64bit: - (drmkaud) -- C:\Windows\SysNative\drivers\drmkaud.sys (Microsoft Corporation)

DRV:64bit: - (nv_agp) -- C:\Windows\SysNative\drivers\nv_agp.sys (Microsoft Corporation)

DRV:64bit: - (uliagpkx) -- C:\Windows\SysNative\drivers\uliagpkx.sys (Microsoft Corporation)

DRV:64bit: - (agp440) -- C:\Windows\SysNative\drivers\agp440.sys (Microsoft Corporation)

DRV:64bit: - (mssmbios) -- C:\Windows\SysNative\DRIVERS\mssmbios.sys (Microsoft Corporation)

DRV:64bit: - (msahci) -- C:\Windows\SysNative\drivers\msahci.sys (Microsoft Corporation)

DRV:64bit: - (Compbatt) -- C:\Windows\SysNative\drivers\compbatt.sys (Microsoft Corporation)

DRV:64bit: - (intelide) -- C:\Windows\SysNative\drivers\intelide.sys (Microsoft Corporation)

DRV:64bit: - (viaide) -- C:\Windows\SysNative\drivers\viaide.sys (VIA Technologies, Inc.)

DRV:64bit: - (cmdide) -- C:\Windows\SysNative\drivers\cmdide.sys (CMD Technology, Inc.)

DRV:64bit: - (msisadrv) -- C:\Windows\SysNative\drivers\msisadrv.sys (Microsoft Corporation)

DRV:64bit: - (amdide) -- C:\Windows\SysNative\drivers\amdide.sys (Microsoft Corporation)

DRV:64bit: - (aliide) -- C:\Windows\SysNative\drivers\aliide.sys (Acer Laboratories Inc.)

DRV:64bit: - (WmiAcpi) -- C:\Windows\SysNative\drivers\wmiacpi.sys (Microsoft Corporation)

DRV:64bit: - (swenum) -- C:\Windows\SysNative\DRIVERS\swenum.sys (Microsoft Corporation)

DRV:64bit: - (ErrDev) -- C:\Windows\SysNative\drivers\errdev.sys (Microsoft Corporation)

DRV:64bit: - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\SysNative\drivers\RTKVHD64.sys (Realtek Semiconductor Corp.)

DRV:64bit: - (JRAID) -- C:\Windows\SysNative\DRIVERS\jraid.sys (JMicron Technology Corp.)

DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation)

DRV:64bit: - (nfrd960) -- C:\Windows\SysNative\drivers\nfrd960.sys (IBM Corporation)

DRV:64bit: - (Symc8xx) -- C:\Windows\SysNative\drivers\symc8xx.sys (LSI Logic)

DRV:64bit: - (Sym_u3) -- C:\Windows\SysNative\drivers\sym_u3.sys (LSI Logic)

DRV:64bit: - (iirsp) -- C:\Windows\SysNative\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV:64bit: - (Sym_hi) -- C:\Windows\SysNative\drivers\sym_hi.sys (LSI Logic)

DRV:64bit: - (Mraid35x) -- C:\Windows\SysNative\drivers\mraid35x.sys (LSI Logic Corporation)

DRV:64bit: - (iteraid) -- C:\Windows\SysNative\drivers\iteraid.sys (Integrated Technology Express, Inc.)

DRV:64bit: - (iteatapi) -- C:\Windows\SysNative\drivers\iteatapi.sys (Integrated Technology Express, Inc.)

DRV:64bit: - (pcmcia) -- C:\Windows\SysNative\drivers\pcmcia.sys (Microsoft Corporation)

DRV:64bit: - (UlSata) -- C:\Windows\SysNative\drivers\ulsata.sys (Promise Technology, Inc.)

DRV:64bit: - (ql40xx) -- C:\Windows\SysNative\drivers\ql40xx.sys (QLogic Corporation)

DRV:64bit: - (sbp2port) -- C:\Windows\SysNative\drivers\sbp2port.sys (Microsoft Corporation)

DRV:64bit: - (aic78xx) -- C:\Windows\SysNative\drivers\djsvs.sys (Adaptec, Inc.)

DRV:64bit: - (usbprint) -- C:\Windows\SysNative\drivers\usbprint.sys (Microsoft Corporation)

DRV:64bit: - (BTHMODEM) -- C:\Windows\SysNative\drivers\bthmodem.sys (Microsoft Corporation)

DRV:64bit: - (HidBth) -- C:\Windows\SysNative\drivers\hidbth.sys (Microsoft Corporation)

DRV:64bit: - (usbccgp) -- C:\Windows\SysNative\drivers\usbccgp.sys (Microsoft Corporation)

DRV:64bit: - (usbcir) eHome Infrared Receiver (USBCIR) -- C:\Windows\SysNative\drivers\usbcir.sys (Microsoft Corporation)

DRV:64bit: - (usbohci) -- C:\Windows\SysNative\drivers\usbohci.sys (Microsoft Corporation)

DRV:64bit: - (HidIr) -- C:\Windows\SysNative\drivers\hidir.sys (Microsoft Corporation)

DRV:64bit: - (HidUsb) -- C:\Windows\SysNative\drivers\hidusb.sys (Microsoft Corporation)

DRV:64bit: - (WacomPen) -- C:\Windows\SysNative\drivers\wacompen.sys (Microsoft Corporation)

DRV:64bit: - (sfloppy) -- C:\Windows\SysNative\drivers\sfloppy.sys (Microsoft Corporation)

DRV:64bit: - (Serial) -- C:\Windows\SysNative\drivers\serial.sys (Microsoft Corporation)

DRV:64bit: - (Serenum) -- C:\Windows\SysNative\drivers\serenum.sys (Microsoft Corporation)

DRV:64bit: - (Parport) -- C:\Windows\SysNative\drivers\parport.sys (Microsoft Corporation)

DRV:64bit: - (MSPCLOCK) -- C:\Windows\SysNative\drivers\MSPCLOCK.sys (Microsoft Corporation)

DRV:64bit: - (MSPQM) -- C:\Windows\SysNative\drivers\MSPQM.sys (Microsoft Corporation)

DRV:64bit: - (Null) -- C:\Windows\SysNative\drivers\null.sys (Microsoft Corporation)

DRV:64bit: - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\SysNative\drivers\brserid.sys (Brother Industries Ltd.)

DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)

DRV:64bit: - (PEAUTH) -- C:\Windows\SysNative\drivers\peauth.sys (Microsoft Corporation)

DRV:64bit: - (secdrv) -- C:\Windows\SysNative\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV:64bit: - (UGURU) -- C:\Windows\SysNative\drivers\uGuru.sys (ABIT)

DRV:64bit: - (BrUsbSer) -- C:\Windows\SysNative\drivers\brusbser.sys (Brother Industries Ltd.)

DRV:64bit: - (BrSerWdm) -- C:\Windows\SysNative\drivers\brserwdm.sys (Brother Industries Ltd.)

DRV:64bit: - (BrUsbMdm) -- C:\Windows\SysNative\drivers\brusbmdm.sys (Brother Industries Ltd.)

DRV:64bit: - (BrFiltLo) -- C:\Windows\SysNative\drivers\brfiltlo.sys (Brother Industries, Ltd.)

DRV:64bit: - (BrFiltUp) -- C:\Windows\SysNative\drivers\brfiltup.sys (Brother Industries, Ltd.)

DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.linkury.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 75 E4 9E C2 3B 50 CB 01 [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: linkuryfirefoxremoteplugin@linkury.com:1.0

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.9

FF - prefs.js..browser.startup.homepage: "http://search.linkury.com"

FF - prefs.js..browser.search.selectedEngine: "Linkury Smartbar Search"

FF - prefs.js..keyword.URL: "http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:7317400059&cof=FORID:11&sa=Search&siteurl=search.linkury.com&q="

FF - HKLM\Software\MozillaPlugins\4game.com/plugin: C:\Program Files (x86)\4game\4game\npplugin4game.dll File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files (x86)\Download Manager\npfpdlm.dll (IGN Entertainment)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\usuario\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\usuario\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/10/19 11:25:17 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2011/05/13 03:15:38 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru [2011/05/31 14:06:10 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru [2011/05/31 14:06:10 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/10/19 11:25:17 | 000,000,000 | ---D | M]

[2010/09/10 13:57:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\usuario\AppData\Roaming\mozilla\Extensions

[2010/09/10 13:57:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\usuario\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2011/11/28 12:10:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\usuario\AppData\Roaming\mozilla\Firefox\Profiles\w7synynk.default\extensions

[2010/09/10 14:55:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\usuario\AppData\Roaming\mozilla\Firefox\Profiles\w7synynk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/11/30 21:37:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\usuario\AppData\Roaming\mozilla\Firefox\Profiles\w7synynk.default\extensions\ffxtlbr@babylon.com

[2011/11/27 23:29:53 | 000,002,072 | ---- | M] () -- C:\Users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\w7synynk.default\searchplugins\Linkury Smartbar Search.xml

File not found (No name found) -- C:\USERS\USUARIO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W7SYNYNK.DEFAULT\EXTENSIONS\LINKURYFIREFOXREMOTEPLUGIN@LINKURY.COM

========== Chrome ==========

CHR - default_search_provider: Linkury Smartbar Search (Enabled)

CHR - default_search_provider: search_url = http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:5731629158&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com

CHR - default_search_provider: suggest_url =

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\usuario\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll

CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\PFiles\Plugins\np-mswmp.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\usuario\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\usuario\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll

CHR - plugin: IGN Download Manager Plug-in (Enabled) = C:\Program Files (x86)\Download Manager\npfpdlm.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Users\usuario\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: AT_JamesWhite = C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm\3_0\

CHR - Extension: Desprotetor de Links = C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\imcbnnnoghiihopefblgehihofbfbmei\1.2.7_0\

CHR - Extension: Skype Click to Call = C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\

CHR - Extension: Media Plugin = C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocphobfcfafpclibolpjdafgaffkaoci\2.0_0\

O1 HOSTS File: ([2011/12/02 00:45:45 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)

O2 - BHO: (Auxiliar de Conexão do Windows Live ID) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)

O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\15.0.874.121\npchrome_frame.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found

O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found

O3 - HKCU\..\Toolbar\WebBrowser: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)

O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)

O4 - HKLM..\Run: [D-Link D-Link Wireless 150 USB Adapter DWA-125] C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe (D-Link Corp.)

O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)

O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()

O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)

O4 - HKLM..\Run: [NokiaMusic FastStart] C:\Program Files (x86)\Nokia\Ovi Player\NokiaOviPlayer.exe (Nokia)

O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)

O4 - HKLM..\Run: [RemoteControl] C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)

O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\usuario\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)

O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKCU..\Run: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe (IGN Entertainment)

O4 - HKCU..\Run: [Mega Manager] C:\Program Files (x86)\Megaupload\Mega Manager\MegaManager.exe /Tray File not found

O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

O4 - HKCU..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)

O4 - HKCU..\Run: [skype] C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)

O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)

O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)

O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\NLAapi.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\napinsp.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 189.6.0.136 189.6.0.131

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{11CF7466-02FA-416B-B546-447C572C82F3}: DhcpNameServer = 189.6.0.136 189.6.0.131

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D451BBC-C99F-460A-BF15-E7145CED73F2}: DhcpNameServer = 189.6.0.136 189.6.0.131

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E2F0D15-2439-4C1C-9433-81848F538C8A}: DhcpNameServer = 189.6.0.136 189.6.0.131

O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\gcf - No CLSID value found

O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\15.0.874.121\npchrome_frame.dll (Google Inc.)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysNative\shell32.dll (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysNative\sysdm.cpl (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\Windows\SysWow64\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\Windows\SysWow64\sysdm.cpl (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)

O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysNative\browseui.dll (Microsoft Corporation)

O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWOW64\browseui.dll (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\usuario\AppData\Roaming\Microsoft\Windows Photo Gallery\Papel de Parede da Galeria de Fotos do Windows.jpg

O24 - Desktop BackupWallPaper: C:\Users\usuario\AppData\Roaming\Microsoft\Windows Photo Gallery\Papel de Parede da Galeria de Fotos do Windows.jpg

O29:64bit: - HKLM SecurityProviders - (credssp.dll) -C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (credssp.dll) -C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)

O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) -C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) -C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) -C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) -C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) -C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) -C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Link to post
Share on other sites

========== Files/Folders - Created Within 30 Days ==========

[2011/12/05 23:35:17 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{A442EED7-0119-4182-B93D-3F5E528598AB}

[2011/12/05 23:35:05 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{54C6D409-07C9-479D-9D0A-EA434BAF1366}

[2011/12/05 11:34:40 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{A86AF6E0-397D-43EE-86BC-4E36EC18FE4E}

[2011/12/05 11:34:27 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{3ACA861C-D359-4C9A-8AFF-97F907354FB2}

[2011/12/04 23:34:01 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{9345F5C4-C6A5-4066-8D04-75A80C73A623}

[2011/12/04 23:33:51 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{B1C236E4-7AB3-45C0-8B74-AFFFCF2913F7}

[2011/12/04 11:33:37 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{3D577F2B-2C13-485F-A0AB-17A0ADB4B6F7}

[2011/12/04 11:33:25 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{93C844FE-D601-4DE6-A5C9-82644756C36E}

[2011/12/03 12:06:48 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{4C5ED6C8-7E2E-4051-8586-109E732AF30F}

[2011/12/03 12:06:37 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{323E7048-FB20-4202-8AB5-317705FF119F}

[2011/12/03 00:06:12 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{E12397E1-C8A8-4AE6-A5A7-D329643AA59A}

[2011/12/03 00:06:01 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{F3613A3B-5D93-4DCE-BDC7-85AC6A94AA78}

[2011/12/02 12:05:36 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{184BDA65-60C4-454A-A0D1-160243A61051}

[2011/12/02 12:05:25 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{7CA5D651-D59C-438C-976E-49D18939B242}

[2011/12/02 00:45:49 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN

[2011/12/02 00:43:26 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2011/12/02 00:22:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2011/12/02 00:22:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2011/12/02 00:22:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2011/12/02 00:22:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2011/12/02 00:17:55 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/12/02 00:04:59 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{503DA56C-F5F5-4763-B889-36188536D838}

[2011/12/02 00:04:48 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{AA1A1BCA-09F8-4ABA-9A67-2C04C1335D90}

[2011/12/01 12:04:20 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{C978F996-7230-439B-939A-F1658AF94208}

[2011/12/01 12:04:09 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{26C2E519-B0AE-4B85-AA65-2FB78C61BB4C}

[2011/12/01 00:03:42 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{4DB57AC5-8420-46B9-A162-BB121C60B1D6}

[2011/12/01 00:03:31 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{CB1474CA-F2A6-4716-AECB-87CB8C33A680}

[2011/11/30 17:36:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy

[2011/11/30 17:36:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2011/11/30 17:36:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy

[2011/11/30 12:03:04 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{261852DD-4D4A-4C28-B180-E1F56E86DDF7}

[2011/11/30 12:02:52 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{7F8BA77D-2C67-4E07-BE35-0AEDB84D18BB}

[2011/11/30 00:02:24 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{7CCC0AE5-E39D-4D63-AE7E-E2948D3DF856}

[2011/11/30 00:02:14 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{8E73735A-CDB2-4F6F-96BF-B3CD8432B5DD}

[2011/11/29 12:01:48 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{1D838006-5885-4A39-A42B-9F3F75C699DF}

[2011/11/29 12:01:37 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{B28E20E5-97A0-41A4-8C5C-6EC5A2400E97}

[2011/11/29 00:01:12 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{BE664083-F270-4041-B17E-75C3134D5FEF}

[2011/11/29 00:01:01 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{C37214B5-0EE6-4C39-B740-8C8B516A0B3D}

[2011/11/28 12:00:34 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{3C308B4B-2D03-4363-BA17-E8DB61C9DCD9}

[2011/11/28 12:00:23 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{657761E7-159B-4949-AF7C-5154947DCEA1}

[2011/11/27 23:41:20 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{F465EBA1-4444-4169-A5DB-E87623B02429}

[2011/11/27 23:41:09 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{A642615A-61D8-4A12-8E6C-F26508A0800D}

[2011/11/27 11:40:56 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{4304B241-C29D-40A7-944F-F213890F8AB4}

[2011/11/27 11:40:44 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{8A6948C2-0422-4812-A322-B27868BEE185}

[2011/11/26 23:40:17 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{C7C03ACD-BAE2-4741-B696-1D2311CCB52F}

[2011/11/26 23:40:06 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{2D308F35-F9CC-4B72-B6C3-70356F35450C}

[2011/11/26 11:39:53 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{3BEDE6D6-FE01-46A2-A55A-5AA42002DF9F}

[2011/11/26 11:39:42 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{1556754E-A3C7-4772-9F0C-FEA073FD42F9}

[2011/11/25 23:39:16 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{00B63859-4AB8-4C3C-8F7F-7795C1AC05E5}

[2011/11/25 23:39:05 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{79AAA2BB-11FB-4CE7-AA50-221A930DC079}

[2011/11/25 11:38:52 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{E903D929-4C78-40BA-92AA-70354A9DBA5D}

[2011/11/25 11:38:40 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{565D3F94-6117-459B-9EDC-9BA52013B9B2}

[2011/11/25 02:04:30 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\Skyrim

[2011/11/25 02:04:30 | 000,000,000 | ---D | C] -- C:\Users\usuario\Documents\My Games

[2011/11/25 02:03:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razor 1911

[2011/11/25 02:02:46 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll

[2011/11/25 02:02:46 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll

[2011/11/25 02:02:46 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll

[2011/11/25 02:02:46 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll

[2011/11/25 02:02:42 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll

[2011/11/25 02:02:42 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll

[2011/11/25 01:54:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Elder Scrolls V Skyrim

[2011/11/24 23:38:14 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{3386E31E-16D5-42FF-9422-DEBE86545572}

[2011/11/24 23:38:04 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{FA31CBC4-A45B-4EBB-8D29-D34E262C0C61}

[2011/11/24 23:27:46 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\Linkury

[2011/11/24 23:27:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Linkury

[2011/11/24 23:27:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Linkury

[2011/11/24 11:37:37 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{573ACB95-D752-4042-A13E-289C2C5617EF}

[2011/11/24 11:37:26 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{072C97CF-EFD4-4D2C-BDCA-92202CB49CD6}

[2011/11/24 11:18:44 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Roaming\OpenCandy

[2011/11/24 11:17:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite

[2011/11/23 23:37:00 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{E01E9AA4-721E-4E46-9271-85D52CA6F6E4}

[2011/11/23 23:36:49 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{7A7B88A7-77D8-4B70-8F92-E8528118A31E}

[2011/11/23 13:07:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Caixa de pesquisa rápida do Google

[2011/11/23 11:36:23 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{C2DE2F01-559A-44A1-975E-CB036817E91B}

[2011/11/23 11:36:12 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{B5C8406E-104A-495A-92E8-24C906E2E859}

[2011/11/22 23:35:43 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{B67489D3-C9BE-4894-9C42-6B3D458869C9}

[2011/11/22 23:35:31 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{C8C9EE8C-390B-4BFB-8FF7-71F3C2A824DA}

[2011/11/22 10:08:26 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{F384510A-0311-486C-B92D-769DA8DDEDCA}

[2011/11/22 10:08:15 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{B3DB2E1A-C7CA-467B-8C35-C5450973B0B7}

[2011/11/21 22:07:42 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{74D5070D-01A9-4892-965E-CC98AC4D3FEA}

[2011/11/21 22:07:29 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{036AC4AF-249B-47FB-AC50-F1278DF88936}

[2011/11/21 09:14:14 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{B91A89B7-E8F3-4FC0-ACB2-8330FB5463F3}

[2011/11/21 09:14:02 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{D7D3D301-58FF-4E51-82EF-DA055BE370E4}

[2011/11/20 21:13:31 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{7CEC9B08-6987-4ED8-8F38-94CC19838A77}

[2011/11/20 21:13:17 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{FA440A13-935F-49D7-A3FB-B8C7AA7243A2}

[2011/11/20 09:12:46 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{9E5D186E-44E4-49F3-9FD1-3BCD5E494255}

[2011/11/20 09:12:35 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{DC8873D4-D2B2-40B3-85A0-898F407745A8}

[2011/11/19 20:26:35 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{5CC1C8B4-8A08-452E-8D4C-739FF83B3D9E}

[2011/11/19 20:26:22 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{10E64EE7-C636-4B29-8B07-472A7BDDCA5B}

[2011/11/18 23:22:16 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{45D42CAF-9A07-40D0-BC4A-60D9837ADA7E}

[2011/11/18 23:22:02 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{3037267C-1662-454B-A223-C04CCEC58C7A}

[2011/11/18 11:21:47 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{DA65CCDC-14E1-427F-A7EA-249821688C9A}

[2011/11/18 11:21:35 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{C8A973AE-6F5B-452B-9274-10FB161040D9}

[2011/11/17 23:21:00 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{D74C3C1A-130A-42E4-8326-455372FED204}

[2011/11/17 23:20:48 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{6D5D823E-FDF8-43BC-9B5B-B6984CEE3FF4}

[2011/11/17 12:56:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

[2011/11/17 10:27:38 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{8D83C48B-36BA-409F-9ADD-8A8B9022AEA7}

[2011/11/17 10:27:24 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{2CBFF048-5CB3-44CA-8571-68BEA74F89EC}

[2011/11/16 22:26:54 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{D4D9E7ED-C630-4F7F-96A6-475A4949D86D}

[2011/11/16 22:26:43 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{D213A5B3-5A9F-4986-9BAC-C19A7EC752C4}

[2011/11/16 10:26:15 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{37652A02-7F2D-4F89-AD1E-663AF4B43C2F}

[2011/11/16 10:26:03 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{409B4528-16D9-4044-92A7-0399CB66D1F4}

[2011/11/15 22:27:11 | 000,000,000 | ---D | C] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}

[2011/11/15 22:25:36 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{492F60C6-9A07-4E56-8898-AAC17C49E5E3}

[2011/11/15 22:25:25 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{F48C49A8-830E-4C89-9E1A-95BB47B88804}

[2011/11/15 15:22:33 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\PackageAware

[2011/11/15 15:21:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue

[2011/11/15 15:20:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue

[2011/11/15 15:20:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue

[2011/11/15 08:55:59 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{9ACC42DA-BB62-4486-A70E-8A891F426A6E}

[2011/11/15 08:55:28 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{DEECA759-9969-4253-8265-CD987937F411}

[2011/11/15 01:08:29 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe

[2011/11/15 01:08:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe

[2011/11/15 01:08:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe

[2011/11/14 19:54:19 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{AB7387D7-0E48-47C1-82CB-59EE2D9BE495}

[2011/11/14 19:54:08 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{09F6A3BA-3324-4C88-A9B8-EE3E82AF9204}

[2011/11/14 07:53:39 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{354CC8D4-063D-4D51-B1E8-A518B9878E54}

[2011/11/14 07:53:28 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{1DB6184C-3D76-4D5A-87C4-8EF861EAC478}

[2011/11/13 19:52:59 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{45F062A7-F8B6-4C38-90AD-B84C540675A0}

[2011/11/13 19:52:47 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{839DC0BE-DF5F-44F8-A1AA-492E289047BD}

[2011/11/13 07:52:33 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{BFC8993E-A270-4C2C-9BEF-D4A25E504C8A}

[2011/11/13 07:52:22 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{D2D088C6-46FE-4918-91A1-9F15D937B3FB}

[2011/11/12 20:30:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed

[2011/11/12 19:51:54 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{9D863B12-1ECF-48AB-8DD2-A64A3F901CC5}

[2011/11/12 19:51:41 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{AA76E5BF-7271-4BF5-A018-3522D96E07E8}

[2011/11/12 07:51:13 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{FF0A1CD4-6143-42DE-9F76-41A1745D3405}

[2011/11/12 07:50:54 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{A6137123-9511-4985-BF86-7787B55CEFF9}

[2011/11/11 19:14:32 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{31F9B95E-3923-479C-855A-C87F589FC797}

[2011/11/11 19:14:20 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{81304712-6A12-46AB-A2D6-8DB6465C180F}

[2011/11/11 07:14:04 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{86D357B1-3613-484F-8147-4F5EAF1B151F}

[2011/11/11 07:13:54 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{ADAE7D69-05D3-4736-B7DD-3DCBF28A7110}

[2011/11/10 11:49:30 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{D6D8650B-801E-4E15-8F7D-5C0DAAC5BF61}

[2011/11/10 11:49:19 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{BC7348A3-C36A-4C12-83FB-4D3FBB339998}

[2011/11/09 23:48:51 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{97E5AB5F-EDBB-4B6B-8F2C-6959002E39BD}

[2011/11/09 23:48:40 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{4BD1E037-14E6-4BAB-8D41-3978DF6C6643}

[2011/11/09 04:33:43 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{55F2E75F-01C1-4680-9D20-745D78C2D783}

[2011/11/09 04:33:31 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{DE3893A5-CEBC-4FF5-8E3A-C79A47FE4F85}

[2011/11/09 00:02:20 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{F15D6563-041C-4574-A061-ADC51B5F8EE4}

[2011/11/08 11:26:27 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{A53AE065-FEE9-4251-BA43-23CC1810E4F5}

[2011/11/08 11:26:16 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{7D8F9E69-78EF-4809-AC40-BD18609313ED}

[2011/11/07 23:25:49 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{32AEEE39-B2AA-4CCA-8418-D9C740C8CE1B}

[2011/11/07 23:25:37 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{01E3BBD7-E88D-4311-A680-B82760847E6C}

[2011/11/07 11:25:22 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{A0F59290-5EBF-49C1-B373-EAF9893292C7}

[2011/11/07 11:25:11 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{85F0913F-192B-46FC-806C-D2DD6FA92A23}

[2011/11/06 23:24:44 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{B22785DE-8C9B-4596-8187-63775151B8E8}

[2011/11/06 23:24:32 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{E533BA92-ED22-4370-8C86-05295F3BD518}

[2011/11/06 11:24:17 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{344377E6-2994-48C5-8A28-FD805A4BF2EC}

[2011/11/06 11:24:06 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{C882A847-B34D-4502-ACBC-9C24040CC262}

[2004/11/24 17:25:52 | 000,335,872 | ---- | C] ( ) -- C:\Windows\SysWow64\drvc.dll

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/06 11:02:03 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3657250588-3613034624-2327374294-1000UA.job

[2011/12/06 10:52:05 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/12/06 10:41:13 | 000,003,284 | ---- | M] () -- C:\Windows\SysWow64\ANIWZCS{11CF7466-02FA-416B-B546-447C572C82F3}

[2011/12/06 10:41:13 | 000,003,284 | ---- | M] () -- C:\Users\usuario\AppData\Roaming\ANIWZCS{11CF7466-02FA-416B-B546-447C572C82F3}

[2011/12/06 10:40:50 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/12/06 10:40:41 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/12/06 10:40:41 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/12/06 10:40:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/12/06 10:40:33 | 4293,386,239 | -HS- | M] () -- C:\hiberfil.sys

[2011/12/05 22:02:00 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3657250588-3613034624-2327374294-1000Core.job

[2011/12/03 19:54:49 | 000,118,784 | ---- | M] () -- C:\Users\usuario\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/12/02 00:45:45 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2011/11/28 13:13:10 | 001,493,914 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011/11/28 13:13:10 | 000,651,684 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat

[2011/11/28 13:13:10 | 000,604,124 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011/11/28 13:13:10 | 000,128,252 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat

[2011/11/28 13:13:10 | 000,107,262 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011/11/24 11:18:44 | 000,530,488 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys

[2011/11/24 00:23:52 | 000,016,199 | ---- | M] () -- C:\Users\usuario\Documents\Relatorio individual-LUIZ.odt

[2011/11/18 15:02:54 | 000,002,052 | ---- | M] () -- C:\Users\usuario\Desktop\Google Chrome.lnk

[2011/11/17 12:56:21 | 000,002,121 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk

[2011/11/15 13:37:46 | 543,520,321 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2011/11/12 20:31:09 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2011/11/07 04:54:51 | 000,000,680 | ---- | M] () -- C:\Users\usuario\AppData\Local\d3d9caps.dat

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/02 00:22:37 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2011/12/02 00:22:37 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2011/12/02 00:22:37 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2011/12/02 00:22:37 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2011/12/02 00:22:37 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2011/11/24 00:23:50 | 000,016,199 | ---- | C] () -- C:\Users\usuario\Documents\Relatorio individual-LUIZ.odt

[2011/11/17 12:56:21 | 000,002,121 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk

[2011/11/15 13:44:58 | 4293,386,239 | -HS- | C] () -- C:\hiberfil.sys

[2011/10/15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

[2011/08/09 21:11:16 | 000,008,907 | ---- | C] () -- C:\Program Files (x86)\my.ini

[2011/08/09 19:28:06 | 001,589,248 | ---- | C] () -- C:\Windows\SysWow64\libmysql_d.dll

[2011/03/13 22:36:15 | 000,059,759 | ---- | C] () -- C:\Windows\War3Unin.dat

[2011/02/23 00:13:28 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2011/01/04 10:14:48 | 000,023,888 | ---- | C] () -- C:\Users\usuario\AppData\Roaming\UserTile.png

[2010/12/28 17:31:31 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll

[2010/12/28 17:30:45 | 001,073,152 | ---- | C] () -- C:\Windows\SysWow64\libmysql_c.dll

[2010/12/05 22:44:36 | 000,000,680 | ---- | C] () -- C:\Users\usuario\AppData\Local\d3d9caps.dat

[2010/10/19 11:33:21 | 001,463,284 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010/10/05 10:08:13 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010/09/17 19:05:24 | 000,003,284 | ---- | C] () -- C:\Users\usuario\AppData\Roaming\ANIWZCS{11CF7466-02FA-416B-B546-447C572C82F3}

[2010/09/17 19:04:51 | 000,000,282 | ---- | C] () -- C:\Users\usuario\AppData\Roaming\ANICONFIG_{11CF7466-02FA-416B-B546-447C572C82F3}.ini

[2010/09/17 19:04:29 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\ANIWConnService.exe

[2010/09/17 19:04:22 | 000,315,392 | ---- | C] () -- C:\Windows\SysWow64\ANIOApi.dll

[2010/09/17 19:04:11 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\wlanapp.dll

[2010/09/17 19:04:11 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\aIPH.dll

[2010/09/17 19:04:11 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\JJAKEn.dll

[2010/09/17 19:04:11 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AQCKGen.dll

[2010/09/17 19:04:11 | 000,045,115 | ---- | C] () -- C:\Windows\SysWow64\ANICtl.dll

[2010/09/17 19:02:59 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\ANIWPS.exe

[2010/09/17 19:02:58 | 000,692,224 | ---- | C] () -- C:\Windows\SysWow64\ANIOWPS.dll

[2010/09/12 21:32:03 | 000,118,784 | ---- | C] () -- C:\Users\usuario\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/09/11 01:19:37 | 000,070,988 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat

[2010/09/10 13:28:50 | 000,003,284 | ---- | C] () -- C:\Users\usuario\AppData\Roaming\ANIWZCS{A2E94A87-48AD-4FED-98A8-8027228F7BC4}

[2010/09/10 13:28:18 | 000,000,280 | ---- | C] () -- C:\Users\usuario\AppData\Roaming\ANICONFIG_{A2E94A87-48AD-4FED-98A8-8027228F7BC4}.ini

[2010/09/09 15:11:26 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2010/09/09 15:11:19 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll

[2010/09/09 15:11:02 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin

[2010/09/09 13:21:45 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin

[2010/09/08 16:13:11 | 000,000,732 | ---- | C] () -- C:\Users\usuario\AppData\Local\d3d9caps64.dat

[2008/12/19 13:15:58 | 004,338,246 | ---- | C] () -- C:\Windows\SysWow64\libavcodec.dll

[2008/12/17 15:41:18 | 000,884,237 | ---- | C] () -- C:\Windows\SysWow64\ff_x264.dll

[2008/12/17 15:22:58 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll

[2008/12/17 15:22:48 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2008/12/17 15:17:34 | 000,239,247 | ---- | C] () -- C:\Windows\SysWow64\ff_theora.dll

[2008/12/17 14:59:54 | 000,560,802 | ---- | C] () -- C:\Windows\SysWow64\libmplayer.dll

[2008/01/21 00:49:10 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

[2006/11/02 14:10:16 | 000,080,912 | ---- | C] () -- C:\Windows\SysWow64\sherlock2.exe

[2006/11/02 13:35:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 10:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2006/11/02 10:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2006/11/02 10:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2006/11/02 07:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2004/10/03 15:50:54 | 000,129,024 | ---- | C] () -- C:\Windows\SysWow64\ff_mpeg2enc.dll

========== LOP Check ==========

[2011/01/22 19:05:17 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\AVG10

[2011/08/05 01:02:48 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\Babylon

[2010/10/08 19:25:16 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\BrOffice.org

[2011/11/25 01:53:32 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\DAEMON Tools Lite

[2010/09/11 11:09:19 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\Foxit

[2010/09/11 11:09:19 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\Foxit Software

[2011/10/12 19:30:30 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\FrostWire

[2010/09/11 16:55:20 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\LolClient

[2010/10/19 11:55:19 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\Nokia

[2011/11/24 11:18:51 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\OpenCandy

[2010/10/19 11:55:35 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\PC Suite

[2011/09/27 01:32:39 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\uTorrent

[2010/12/24 22:58:33 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\VistaCodecs

[2011/12/06 04:03:10 | 000,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

OTL Extras logfile created on: 06/12/2011 10:57:23 - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\usuario\Downloads

64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

8,00 Gb Total Physical Memory | 4,86 Gb Available Physical Memory | 60,81% Memory free

16,05 Gb Paging File | 12,97 Gb Available in Paging File | 80,84% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465,76 Gb Total Space | 255,24 Gb Free Space | 54,80% Space Free | Partition Type: NTFS

Computer Name: USUARIO-PC | User Name: usuario | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)

.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)

.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)

.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)

.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)

.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.bat [@ = batfile] -- "%1" %*

.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)

.cmd [@ = cmdfile] -- "%1" %*

.com [@ = ComFile] -- "%1" %*

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.exe [@ = exefile] -- "%1" %*

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)

.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)

.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)

.url [@ = InternetShortcut] -- C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation)

.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

.jse [@ = JSEFile] -- C:\Windows\SysWOW64\WScript.exe (Microsoft Corporation)

.pif [@ = piffile] -- "%1" %*

.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)

.scr [@ = scrfile] -- "%1" /S

.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)

.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- C:\Users\usuario\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)

batfile [open] -- "%1" %*

batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)

cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)

cmdfile [open] -- "%1" %*

cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)

inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)

inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)

inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)

jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)

jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)

jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)

jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)

jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)

regfile [open] -- regedit.exe "%1" (Microsoft Corporation)

regfile [merge] -- Reg Error: Key error.

regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)

txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)

vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)

vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)

vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)

vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)

vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)

vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)

wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)

wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)

wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)

wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)

batfile [open] -- "%1" %*

batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)

cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)

cmdfile [open] -- "%1" %*

cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)

inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)

inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)

inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

jsfile [edit] -- C:\Windows\SysWOW64\Notepad.exe %1 (Microsoft Corporation)

jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)

jsfile [print] -- C:\Windows\SysWOW64\Notepad.exe /p %1 (Microsoft Corporation)

jsefile [edit] -- C:\Windows\SysWOW64\Notepad.exe %1 (Microsoft Corporation)

jsefile [open] -- C:\Windows\SysWOW64\WScript.exe "%1" %* (Microsoft Corporation)

jsefile [print] -- C:\Windows\SysWOW64\Notepad.exe /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)

regfile [open] -- regedit.exe "%1" (Microsoft Corporation)

regfile [merge] -- Reg Error: Key error.

regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)

txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)

vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)

vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)

vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)

vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)

vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)

vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)

wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)

wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)

wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)

wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data]

"VistaSp2" = 68 AD 49 07 45 50 CB 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0B2734EF-00F4-4B85-8E7C-5A34F356B9BF}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |

"{164C5F8D-5858-4F02-88CA-F358BD34F9EC}" = lport=6950 | protocol=17 | dir=in | name=league of legends launcher |

"{17247F9E-8E35-410C-97BE-9191AC69C794}" = lport=138 | protocol=17 | dir=in | app=system |

"{2A6C6CC1-16D1-4536-B65A-A0F033726187}" = lport=6972 | protocol=17 | dir=in | name=league of legends launcher |

"{2B3AEDA4-7448-43BC-9162-2B2B595169B6}" = lport=3306 | protocol=6 | dir=in | name=mysql |

"{35962A43-8D4A-4C27-A393-4F9E2E25B6E7}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher |

"{3838B69C-DA79-4E5D-817E-2FF192C3BFDA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{4A5D44B4-360A-4FF8-B968-D4319B603FA3}" = lport=58750 | protocol=17 | dir=in | name=pando media booster |

"{4F5287E6-F02C-4E06-84ED-5B79A38AD66C}" = lport=2869 | protocol=6 | dir=in | app=system |

"{696479B4-051A-4483-A158-D738D4A34B02}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher |

"{6C4575FE-549D-49D4-B371-0236C4B433B1}" = rport=137 | protocol=17 | dir=out | app=system |

"{703A26DC-37BC-4309-AAB8-BF71426C9589}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{7482F582-1B76-474A-AF25-2351DDDD947F}" = lport=57268 | protocol=6 | dir=in | name=pando media booster |

"{7E5E3B74-9207-4CE3-8459-A83C49153941}" = lport=445 | protocol=6 | dir=in | app=system |

"{8112AC0A-D5DB-407E-B387-F3EA28EE8BC7}" = lport=137 | protocol=17 | dir=in | app=system |

"{9E0C5E5F-2207-4A29-AEC9-7ED81ECF146E}" = lport=6972 | protocol=6 | dir=in | name=league of legends launcher |

"{9EE3E53D-D40D-457C-9A84-9202CB142E20}" = lport=139 | protocol=6 | dir=in | app=system |

"{A025F12A-DEDB-42CA-BA4D-C8AD9080375E}" = lport=58750 | protocol=17 | dir=in | name=pando media booster |

"{A4200BD6-829F-4878-B6DE-A5CD6F2FE599}" = lport=6950 | protocol=6 | dir=in | name=league of legends launcher |

"{A6DB4C9C-2EDD-4855-96AC-41F52BAB0EBA}" = lport=57268 | protocol=17 | dir=in | name=pando media booster |

"{A996BAF9-F7EC-4248-9880-099F95BDF950}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |

"{AB4B3E1E-351A-4F8F-B514-08B5C079E037}" = rport=139 | protocol=6 | dir=out | app=system |

"{BBD3C784-FF87-4AEE-AF12-DEEE78A36EBA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{C15D0B15-4450-4089-865B-E473259044C7}" = rport=138 | protocol=17 | dir=out | app=system |

"{C5D6CC47-CE3D-4909-8561-4EFC31D99208}" = rport=445 | protocol=6 | dir=out | app=system |

"{C84AED94-A86D-4CC2-BB68-0AB9ADF02A4C}" = lport=58750 | protocol=6 | dir=in | name=pando media booster |

"{D3FAA55D-CFCF-4316-8695-8C960E42E53D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{E5714768-9594-407F-801C-01737E75B3CE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{EB3C2321-9386-4FF2-B116-37B62A07F6AB}" = lport=57268 | protocol=17 | dir=in | name=pando media booster |

"{F183E34A-9826-4C5E-A754-507ADED1DDFE}" = lport=57268 | protocol=6 | dir=in | name=pando media booster |

"{F51BC4AF-1D82-4E9E-B8CE-F6EE74D41C84}" = lport=58750 | protocol=6 | dir=in | name=pando media booster |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{1642284E-DB00-40FC-909A-8A593A485DBE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{1FF7CAF5-695C-438C-8A35-7DD9831BCF10}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{27DA8FAD-DF08-40A9-93CC-E2307CBD4035}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |

"{27DEA254-3138-4221-9C3C-41F5FE02D364}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{345941A9-27BC-453D-A193-F3C441A91DEE}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{39238C33-E1F3-4348-9FE4-7C7F64BC95BD}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |

"{3E455E9D-C5B6-4E89-AAA1-34A97FD23825}" = protocol=6 | dir=in | app=c:\users\usuario\saved games\league of legends\league of legends\game\league of legends.exe |

"{3F633AA0-C5BE-4064-814C-ACEEC9F1D1F0}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"{430D156D-E600-4D34-A73F-E17E3E24BC68}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"{4B217BED-0AC7-4874-B572-F0E79064CB4F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{50209E3E-7EDE-4850-A64C-9E494C795E56}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{5C70BCD6-56BF-4813-AB95-8BABDD642BC6}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |

"{61CD3435-60DE-45B2-935F-95943629D808}" = protocol=6 | dir=in | app=c:\users\usuario\saved games\league of legends\league of legends\air\lolclient.exe |

"{637B8504-030C-46EB-9082-971BCC3621C4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |

"{695375A9-2949-45E8-A6C2-010F1D578240}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.404\agent.exe |

"{75E48470-BE49-4730-AB25-3ECB1EB9D212}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{830AA13B-096A-48C7-BC07-7DAA7FF375AF}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{91A7B0A8-6F5D-4873-8F6A-79777F0608BC}" = protocol=17 | dir=in | app=c:\users\usuario\saved games\league of legends\league of legends\game\league of legends.exe |

"{928B8481-E614-4634-82FC-01F1962D7421}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |

"{989F7ED1-8337-492C-9947-4E312382E384}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |

"{9BD3B163-AF81-4971-AB85-71F2324BD196}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{9C82324B-6BCB-4512-90F6-A937D605B497}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{9E157973-DE48-4DA6-8DAE-01002745C61C}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |

"{A2754D9F-3DE9-46EC-B9DD-0C7750474D7E}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |

"{A4EACF7E-12E1-466B-921E-214AEDE4B91F}" = protocol=17 | dir=in | app=c:\users\usuario\saved games\league of legends\league of legends\air\lolclient.exe |

"{B5FD9B1B-9BE1-47A1-AA73-9D033B5CB3DA}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{B6E73C37-D25E-4AA0-9095-9112AD990B66}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |

"{BFC2FD42-1D5D-401C-9496-A511DE83D077}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |

"{C53E6533-8A3E-4DD5-A9B6-5C2950A70B2D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{D8262229-E534-4C41-9135-38CD9463D37A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.404\agent.exe |

"{E0BED162-C9DE-4407-B843-4FCCA6101885}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{E3AD5623-F848-4A7D-9E27-F2CB13CEF542}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{FD843279-96D1-4272-9907-A92DAC1E7DAC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"TCP Query User{05A9CA80-48FA-4EA7-AA35-542CD4E6B16F}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |

"TCP Query User{073C379D-ECCE-4B8B-99C5-2C8F133AB360}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |

"TCP Query User{29F4D95F-9CB8-4D91-851E-5D256D60AC15}C:\users\usuario\downloads\l][moral pack\diablo.iii.beta\diablo iii.exe" = protocol=6 | dir=in | app=c:\users\usuario\downloads\l][moral pack\diablo.iii.beta\diablo iii.exe |

"TCP Query User{2EA6E999-AEC8-48BA-A1CC-CCA326B9DECE}C:\users\usuario\documents\meus arquivos recebidos\tcptunnel\tcptunnel.exe" = protocol=6 | dir=in | app=c:\users\usuario\documents\meus arquivos recebidos\tcptunnel\tcptunnel.exe |

"TCP Query User{3806DE7D-4E31-4D3C-9302-26AF47B89340}C:\users\usuario\downloads\l2phx.3.5.33.167\l2ph.exe" = protocol=6 | dir=in | app=c:\users\usuario\downloads\l2phx.3.5.33.167\l2ph.exe |

"TCP Query User{38D97088-6CAA-41CF-9C9D-7801A7079774}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

"TCP Query User{39380610-5FD8-488A-838F-B80B6859028E}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe |

"TCP Query User{3BC292E7-987E-4B78-8C47-5305AAAA2C3D}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |

"TCP Query User{3F23FBF5-48B4-4687-A889-35B38E2151C5}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |

"TCP Query User{42E4AFAA-9648-47CD-BAFE-45BEDB5D2DDD}C:\users\usuario\saved games\league of legends\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\users\usuario\saved games\league of legends\league of legends\lol.launcher.exe |

"TCP Query User{5000C3DA-5C83-4A8E-A657-8783BDDD8B34}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |

"TCP Query User{65654145-1884-44E2-9A2C-90FED84D347E}C:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe |

"TCP Query User{6EE0AD3D-86FB-4C23-9A66-C4D191CE976D}C:\programdata\battle.net\agent\agent.403\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.403\agent.exe |

"TCP Query User{75DE77E3-9A24-403E-84AB-4FCED8A190BA}C:\game\softnyxgame\gunboundis\gunbound.gme" = protocol=6 | dir=in | app=c:\game\softnyxgame\gunboundis\gunbound.gme |

"TCP Query User{760D4E00-6C1C-4035-B015-E713099FD1F2}C:\users\usuario\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\usuario\appdata\local\google\chrome\application\chrome.exe |

"TCP Query User{77021F88-9B05-4424-AE49-E77B9C77B4D6}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |

"TCP Query User{9151FBCC-845E-44DE-8DC8-850494E54CC6}C:\users\usuario\saved games\l2\eohupdater (1).exe" = protocol=6 | dir=in | app=c:\users\usuario\saved games\l2\eohupdater (1).exe |

"TCP Query User{96CA5D6C-7489-4927-86ED-3BBEC59A4D0A}C:\users\usuario\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\usuario\appdata\local\akamai\netsession_win.exe |

"TCP Query User{B3913167-93CE-4C7A-86F2-E58C175235F9}C:\users\usuario\downloads\patch_l2_null_high_five\l2net\l2net.exe" = protocol=6 | dir=in | app=c:\users\usuario\downloads\patch_l2_null_high_five\l2net\l2net.exe |

"TCP Query User{B49B2030-FEAD-4173-A3BD-04FF0B2E5F89}C:\users\usuario\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\usuario\appdata\local\akamai\netsession_win.exe |

"TCP Query User{C159A6C6-5281-4DEF-8E2B-2C9882695802}C:\users\usuario\saved games\lineage 2\system\l2.bin" = protocol=6 | dir=in | app=c:\users\usuario\saved games\lineage 2\system\l2.bin |

"TCP Query User{C18D4C2F-331C-4B98-8F79-B6431F2220E7}C:\programdata\battle.net\agent\agent.404\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.404\agent.exe |

"TCP Query User{D4E9FEF2-6E81-457D-801A-EEB8486D7B37}C:\users\usuario\downloads\l2walker l2null by elton melo - teteodownloads.blogspot.com\l2walker l2null by elton melo - teteodownloads.blogspot.com\tcptunnel\tcptunnel.exe" = protocol=6 | dir=in | app=c:\users\usuario\downloads\l2walker l2null by elton melo - teteodownloads.blogspot.com\l2walker l2null by elton melo - teteodownloads.blogspot.com\tcptunnel\tcptunnel.exe |

"UDP Query User{023E4FB6-6834-49A8-ADFA-E3B48F08F5A6}C:\programdata\battle.net\agent\agent.404\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.404\agent.exe |

"UDP Query User{04FFF534-FA39-4726-80F8-32E7AA80D80F}C:\programdata\battle.net\agent\agent.403\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.403\agent.exe |

"UDP Query User{0B1532C5-F689-43F8-A007-36E72EC2334F}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |

"UDP Query User{2371449A-B1A0-4324-9AE3-213092D89AFF}C:\users\usuario\downloads\l][moral pack\diablo.iii.beta\diablo iii.exe" = protocol=17 | dir=in | app=c:\users\usuario\downloads\l][moral pack\diablo.iii.beta\diablo iii.exe |

"UDP Query User{27489EC7-FF35-4B32-9B2C-2D66F1FC1926}C:\users\usuario\saved games\league of legends\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\users\usuario\saved games\league of legends\league of legends\lol.launcher.exe |

"UDP Query User{2E458B0A-CD7F-4402-9B02-D2444F267331}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |

"UDP Query User{48A63B40-540F-4E79-8209-D147EA0382A8}C:\users\usuario\documents\meus arquivos recebidos\tcptunnel\tcptunnel.exe" = protocol=17 | dir=in | app=c:\users\usuario\documents\meus arquivos recebidos\tcptunnel\tcptunnel.exe |

"UDP Query User{5BD0EF24-C615-4392-BFA1-BC6F557C92B9}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |

"UDP Query User{5E83D282-9E7B-4CA0-BBA1-B42290703FF3}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |

"UDP Query User{7E14539C-D35C-4F9A-A538-CB91ECF91743}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |

"UDP Query User{9C3C1E53-A1C6-4C2F-AA3E-E9F59CEDE692}C:\users\usuario\downloads\l2walker l2null by elton melo - teteodownloads.blogspot.com\l2walker l2null by elton melo - teteodownloads.blogspot.com\tcptunnel\tcptunnel.exe" = protocol=17 | dir=in | app=c:\users\usuario\downloads\l2walker l2null by elton melo - teteodownloads.blogspot.com\l2walker l2null by elton melo - teteodownloads.blogspot.com\tcptunnel\tcptunnel.exe |

"UDP Query User{9DD3F27F-FDC6-4C3F-9ABB-356D3BCCE2F7}C:\users\usuario\downloads\l2phx.3.5.33.167\l2ph.exe" = protocol=17 | dir=in | app=c:\users\usuario\downloads\l2phx.3.5.33.167\l2ph.exe |

"UDP Query User{A080370E-AFA2-4077-A59C-942224F3A358}C:\users\usuario\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\usuario\appdata\local\google\chrome\application\chrome.exe |

"UDP Query User{A4950D50-1F76-48DA-A4ED-A576DBAE2996}C:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe |

"UDP Query User{A884BCCE-F226-46B8-B7EA-DEA937067AA6}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe |

"UDP Query User{AAA3BA34-F7B0-45AD-9167-28A2F1B6ACFD}C:\users\usuario\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\usuario\appdata\local\akamai\netsession_win.exe |

"UDP Query User{AFB9393B-FEF0-4078-8ECB-0FF588D9479F}C:\users\usuario\downloads\patch_l2_null_high_five\l2net\l2net.exe" = protocol=17 | dir=in | app=c:\users\usuario\downloads\patch_l2_null_high_five\l2net\l2net.exe |

"UDP Query User{B094174E-C64A-4997-8576-FCE01C1CA7CD}C:\users\usuario\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\usuario\appdata\local\akamai\netsession_win.exe |

"UDP Query User{BED88DD1-5410-4D06-B9D6-498792F6FE24}C:\users\usuario\saved games\lineage 2\system\l2.bin" = protocol=17 | dir=in | app=c:\users\usuario\saved games\lineage 2\system\l2.bin |

"UDP Query User{C84FA8FC-3595-44F8-9268-5424B471F1AA}C:\game\softnyxgame\gunboundis\gunbound.gme" = protocol=17 | dir=in | app=c:\game\softnyxgame\gunboundis\gunbound.gme |

"UDP Query User{DED0DDC7-699E-4A58-BA34-B076726A84BB}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |

"UDP Query User{DF89EFBB-9484-432B-A2F0-75A9D33A555E}C:\users\usuario\saved games\l2\eohupdater (1).exe" = protocol=17 | dir=in | app=c:\users\usuario\saved games\l2\eohupdater (1).exe |

"UDP Query User{F8B14ABA-28B0-4824-A4C7-71BBB1C5AC71}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{0E38EC8F-49B8-4C70-8DBF-E5837FCFB3C4}" = Windows Live Family Safety

"{1438B41C-658C-35B7-9253-780F2E0A0B8E}" = Microsoft .NET Framework 3.5 Language Pack SP1 - ptb

"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll

"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.5

"{7B0F3F60-2B11-48EE-BEBD-A70D88093F21}" = Google 日本語入力

"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources

"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Driver do 3D Vision 285.62

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Painel de controle da NVIDIA 285.62

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Driver de gráficos 285.62

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Driver de controle do 3D Vision 285.62

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Software do sistema PhysX 9.11.0621

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Atualizações da NVIDIA 1.5.20

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{B7693CDE-074B-301C-9584-FC4343696C8B}" = Microsoft .NET Framework 4 Client Profile PTB Language Pack

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety

"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit

"CCleaner" = CCleaner

"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Pacote de Driver do Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)

"Google Greek Input" = Google Greek Input

"Microsoft .NET Framework 3.5 Language Pack SP1 - ptb" = Pacote de Idiomas do Microsoft .NET Framework 3.5 SP1 - PTB

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile PTB Language Pack" = Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)

"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

"UltSounds" = Esquemas de Som do Windows

"UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™

"WinRAR archiver" = Arquivo do WinRAR

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0A9CEFAF-A83A-4473-87FA-E5BAF7CE8D5D}" = SlimDX SDK (March 2011)

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0EABFEF6-6D10-4C12-8667-3029C481D355}" = Nokia Photos

"{0ECB59D5-A3FC-4D61-AD3B-6CE679B3F852}" = Java DB 10.2.2.0

"{1226B9A5-FBFD-4120-9AED-08CABCDAF3AB}" = Nokia Ovi Player

"{1373559F-6DC6-44EA-9079-6ABDCCE8CDAD}" = OviMPlatform

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite

"{1FD5861E-57EE-49F2-9854-93B846D4E54F}" = BrOffice.org 3.2

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java 6 Update 29

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{2D10FC46-1D96-44C4-8855-85F21B9B011E}" = Ovi Desktop Sync Engine

"{2DF215E0-BD3C-4C98-8616-AFEF09747285}" = Windows Live Sync

"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3

"{32A3A4F4-B792-11D6-A78A-00B0D0160030}" = Java SE Development Kit 6 Update 3

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{3889988F-762B-4B85-AB17-71C9CC3AE445}" = Messenger Companion

"{39B3184E-0BFB-40FA-ADDC-E7E2D535CDA9}" = Controle ActiveX do Windows Live Mesh para Conexões Remotas

"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer

"{3AA75ADB-113C-4FA1-954E-DD3E76BC1524}" = D-Link Wireless 150 USB Adapter DWA-125

"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials

"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI

"{5EE83279-5FEA-4885-823A-B90C23A72DF0}" = D-Link Wireless 150 USB Adapter DWA-125

"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher

"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh

"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7239A06F-235B-43B1-970D-7A411FD95683}" = Nokia Software Updater

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX

"{8070452B-15D6-4169-B9B9-FCC3B54588AD}" = Nokia Ovi Suite

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8F651796-EC48-4A33-87D9-6866D3022052}" = Nokia Connectivity Cable Driver

"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9B4E6CB9-E54D-47F7-A414-E2D5740E1046}" = Nero 7 Essentials

"{9BBB19C0-1FE1-4A4E-B25F-C9E1B0497EC5}" = Shaiya(US)

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail

"{A0D65C73-F2C5-432F-8788-90F8A2E99B98}" = Nokia Ovi Suite Software Updater

"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86

"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR

"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common

"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer

"{C4B045DB-C2C0-4A05-8DA5-754B4733EE31}" = Nokia Ovi One Touch Access

"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0A858BE-A665-4C0D-BC5F-C37E534B7669}" = PC Connectivity Solution

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E4423F16-0E98-4855-BFF4-3EF016C55D67}" = Nokia_Multimedia_Common_Components_2_5

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos

"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables

"Adobe AIR" = Adobe AIR

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Akamai" = Akamai NetSession Interface Service

"DAEMON Tools Lite" = DAEMON Tools Lite

"Download Manager" = Download Manager 2.3.10

"Foxit Reader" = Foxit Reader

"FrostWire" = FrostWire 4.21.7

"GOM Player" = GOM Player

"Google Chrome Frame" = Frame do Google Chrome

"GunboundIS_is1" = GunboundIS

"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011

"Legend of Edda" = Legend of Edda USA_v1.0_101224

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware versão 1.51.2.1300

"Messenger Plus!" = Messenger Plus! 5

"Nokia Ovi One Touch Access" = Nokia Ovi One Touch Access 6.85.3019

"Nokia Ovi Suite" = Nokia Ovi Suite

"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"Quick Search Box" = Caixa de pesquisa rápida do Google

"RealPlayer 12.0" = RealPlayer

"Test My Hardware_is1" = Test My Hardware 3.0

"uTorrent" = µTorrent

"Wakan" = Wakan 1.67

"Warcraft III" = Warcraft III

"WinLiveSuite" = Windows Live Essentials

"XP Codec Pack" = XP Codec Pack

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Akamai" = Akamai NetSession Interface

"Google Chrome" = Google Chrome

"NCsoft-CityOfHeroes" = City of Heroes

"NCsoft-Lineage2" = Lineage II

"TeamSpeak 3 Client" = TeamSpeak 3 Client

"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 01/12/2011 10:34:40 | Computer Name = usuario-PC | Source = WinMgmt | ID = 10

Description =

Error - 01/12/2011 22:00:34 | Computer Name = usuario-PC | Source = WinMgmt | ID = 10

Description =

Error - 01/12/2011 22:46:46 | Computer Name = usuario-PC | Source = WinMgmt | ID = 10

Description =

Error - 02/12/2011 06:54:43 | Computer Name = usuario-PC | Source = WinMgmt | ID = 10

Description =

Error - 02/12/2011 17:42:49 | Computer Name = usuario-PC | Source = WinMgmt | ID = 10

Description =

Error - 03/12/2011 06:23:58 | Computer Name = usuario-PC | Source = WinMgmt | ID = 10

Description =

Error - 04/12/2011 09:31:02 | Computer Name = usuario-PC | Source = WinMgmt | ID = 10

Description =

Error - 05/12/2011 07:00:13 | Computer Name = usuario-PC | Source = WinMgmt | ID = 10

Description =

Error - 05/12/2011 19:01:18 | Computer Name = usuario-PC | Source = WinMgmt | ID = 10

Description =

Error - 06/12/2011 08:42:19 | Computer Name = usuario-PC | Source = WinMgmt | ID = 10

Description =

[ System Events ]

Error - 05/12/2011 09:08:05 | Computer Name = usuario-PC | Source = Application Popup | ID = 1060

Description = \??\C:\Users\usuario\Saved Games\Lineage 2\system\GameGuard\dum foi

impedido de carregar devido a uma incompatibilidade com este sistema. Contate o

fornecedor do software para obter uma versão compatível do driver.

Error - 05/12/2011 09:08:10 | Computer Name = usuario-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 05/12/2011 19:01:19 | Computer Name = usuario-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 05/12/2011 19:01:20 | Computer Name = usuario-PC | Source = Service Control Manager | ID = 7026

Description =

Error - 05/12/2011 19:21:53 | Computer Name = usuario-PC | Source = Application Popup | ID = 1060

Description = \??\C:\Users\usuario\Saved Games\Lineage 2\system\GameGuard\dum foi

impedido de carregar devido a uma incompatibilidade com este sistema. Contate o

fornecedor do software para obter uma versão compatível do driver.

Error - 05/12/2011 19:21:57 | Computer Name = usuario-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 06/12/2011 08:42:21 | Computer Name = usuario-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 06/12/2011 08:42:21 | Computer Name = usuario-PC | Source = Service Control Manager | ID = 7026

Description =

Error - 06/12/2011 08:45:22 | Computer Name = usuario-PC | Source = DCOM | ID = 10016

Description =

Error - 06/12/2011 08:45:22 | Computer Name = usuario-PC | Source = DCOM | ID = 10016

Description =

< End of report >

Link to post
Share on other sites

Before going further I need additional information.

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2


  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :dir
    C:\Users\usuario\AppData\Local\{54C6D409-07C9-479D-9D0A-EA434BAF1366}
    C:\Users\usuario\AppData\Local\{A86AF6E0-397D-43EE-86BC-4E36EC18FE4E}
    C:\Users\usuario\AppData\Local\{3ACA861C-D359-4C9A-8AFF-97F907354FB2}


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Link to post
Share on other sites

SystemLook 30.07.11 by jpshortstuff

Log created at 11:33 on 07/12/2011 by usuario

Administrator - Elevation successful

WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== dir ==========

C:\Users\usuario\AppData\Local\{54C6D409-07C9-479D-9D0A-EA434BAF1366} - Parameters: "(none)"

---Files---

None found.

---Folders---

None found.

C:\Users\usuario\AppData\Local\{A86AF6E0-397D-43EE-86BC-4E36EC18FE4E} - Parameters: "(none)"

---Files---

None found.

---Folders---

None found.

C:\Users\usuario\AppData\Local\{3ACA861C-D359-4C9A-8AFF-97F907354FB2} - Parameters: "(none)"

---Files---

None found.

---Folders---

None found.

-= EOF =-

Link to post
Share on other sites

SystemLook 30.07.11 by jpshortstuff

Log created at 16:28 on 08/12/2011 by usuario

Administrator - Elevation successful

========== dir ==========

C:\Users\usuario\AppData\Local\{54C6D409-07C9-479D-9D0A-EA434BAF1366} - Parameters: "(none)"

---Files---

None found.

---Folders---

None found.

C:\Users\usuario\AppData\Local\{A86AF6E0-397D-43EE-86BC-4E36EC18FE4E} - Parameters: "(none)"

---Files---

None found.

---Folders---

None found.

C:\Users\usuario\AppData\Local\{3ACA861C-D359-4C9A-8AFF-97F907354FB2} - Parameters: "(none)"

---Files---

None found.

---Folders---

None found.

-= EOF =-

Link to post
Share on other sites

Thank you!

Step 1

I see you are running Teatimer.

I suggest you to disable it because it can interfere with the changes you'll make on your system.

When everything is done and your log is clean again, you can enable it again.

If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

How to disable TeaTimer <== click me for instructions.

After you disabled Teatimer, download ResetTeaTimer.exe to your desktop.

Then run ResetTeaTimer.exe.

This will only take a few seconds.

Step 2

You have p2p software installed on your system, which is very dangerous and illegal. Please check our rules for piracy and uninstall µTorrent and FrostWire:

http://forums.malwarebytes.org/index.php?showtopic=97700

Step 3

I see the Ask Toolbar in your log.

I strongly recommend you remove Ask Toolbar from your computer because:

  • It promotes its toolbars on sites targeted at kids.
  • It promotes its toolbars through ads that appear to be part of other companies' sites.
  • It promotes its toolbars through other companies' spyware.
  • It is Installed without any disclosure whatsoever and without any consent from the user whatsoever.
  • It Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
  • It makes confusing changes to user's browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.

You can read more about Ask.com here

To remove it:

Click Start-->-Control Panel-->Programs and Features

Click on the program name AskBarDis to highlight it

From the menu at the top, select Uninstall or Remove.

Please reboot the computer.

Step 4

  • Run OTL.exe
  • Under Custom Scans/Fixes post the following script:

:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.linkury.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
FF - prefs.js..extensions.enabledItems: linkuryfirefoxremoteplugin@linkury.com:1.0
FF - prefs.js..browser.startup.homepage: "http://search.linkury.com"
FF - prefs.js..browser.search.selectedEngine: "Linkury Smartbar Search"
FF - prefs.js..keyword.URL: "http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:7317400059&cof=FORID:11&sa=Search&siteurl=search.linkury.com&q="
[2011/11/30 21:37:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\usuario\AppData\Roaming\mozilla\Firefox\Profiles\w7synynk.default\extensions\ffxtlbr@babylon.com
[2011/11/27 23:29:53 | 000,002,072 | ---- | M] () -- C:\Users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\w7synynk.default\searchplugins\Linkury Smartbar Search.xml
File not found (No name found) -- C:\USERS\USUARIO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W7SYNYNK.DEFAULT\EXTENSIONS\LINKURYFIREFOXREMOTEPLUGIN@LINKURY.COM
CHR - default_search_provider: Linkury Smartbar Search (Enabled)
CHR - default_search_provider: search_url = http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:5731629158&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
CHR - default_search_provider: suggest_url =
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
[2011/11/24 23:27:46 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\Linkury
[2011/11/24 23:27:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Linkury
[2011/11/24 23:27:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Linkury
[2011/01/22 19:05:17 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\AVG10
[2011/08/05 01:02:48 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\Babylon
[2011/10/12 19:30:30 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\FrostWire
[2011/09/27 01:32:39 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\uTorrent

:files
c:\program files (x86)\avg

:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3F633AA0-C5BE-4064-814C-ACEEC9F1D1F0}" =-
"{430D156D-E600-4D34-A73F-E17E3E24BC68}" =-
"{5C70BCD6-56BF-4813-AB95-8BABDD642BC6}" =-
"{637B8504-030C-46EB-9082-971BCC3621C4}" =-
"{989F7ED1-8337-492C-9947-4E312382E384}" =-
"{B6E73C37-D25E-4AA0-9095-9112AD990B66}" =-

:Commands
[emptytemp]
[clearallrestorepoints]

  • Then click the Run Fix button at the top
  • Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log".
  • Please post that log in your next reply.

Link to post
Share on other sites

All processes killed

========== OTL ==========

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!

Prefs.js: linkuryfirefoxremoteplugin@linkury.com:1.0 removed from extensions.enabledItems

Prefs.js: "http://search.linkury.com" removed from browser.startup.homepage

Prefs.js: "Linkury Smartbar Search" removed from browser.search.selectedEngine

Prefs.js: "http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:7317400059&cof=FORID:11&sa=Search&siteurl=search.linkury.com&q=" removed from keyword.URL

C:\Users\usuario\AppData\Roaming\mozilla\Firefox\Profiles\w7synynk.default\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully.

C:\Users\usuario\AppData\Roaming\mozilla\Firefox\Profiles\w7synynk.default\extensions\ffxtlbr@babylon.com\defaults folder moved successfully.

C:\Users\usuario\AppData\Roaming\mozilla\Firefox\Profiles\w7synynk.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio folder moved successfully.

C:\Users\usuario\AppData\Roaming\mozilla\Firefox\Profiles\w7synynk.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully.

C:\Users\usuario\AppData\Roaming\mozilla\Firefox\Profiles\w7synynk.default\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully.

C:\Users\usuario\AppData\Roaming\mozilla\Firefox\Profiles\w7synynk.default\extensions\ffxtlbr@babylon.com\content folder moved successfully.

C:\Users\usuario\AppData\Roaming\mozilla\Firefox\Profiles\w7synynk.default\extensions\ffxtlbr@babylon.com\components folder moved successfully.

C:\Users\usuario\AppData\Roaming\mozilla\Firefox\Profiles\w7synynk.default\extensions\ffxtlbr@babylon.com folder moved successfully.

C:\Users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\w7synynk.default\searchplugins\Linkury Smartbar Search.xml moved successfully.

Unable to fix default_search_provider items.

Unable to fix default_search_provider items.

Unable to fix default_search_provider items.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}\ deleted successfully.

C:\Users\usuario\AppData\Local\Linkury\Linkury.exe_StrongName_tzjzhmg4vlfuwvdko02izhzxvvayq34v\1.2.0.0 folder moved successfully.

C:\Users\usuario\AppData\Local\Linkury\Linkury.exe_StrongName_tzjzhmg4vlfuwvdko02izhzxvvayq34v folder moved successfully.

C:\Users\usuario\AppData\Local\Linkury folder moved successfully.

C:\ProgramData\Linkury\iconsWide folder moved successfully.

C:\ProgramData\Linkury folder moved successfully.

C:\Program Files (x86)\Linkury folder moved successfully.

C:\Users\usuario\AppData\Roaming\AVG10\cfgall folder moved successfully.

C:\Users\usuario\AppData\Roaming\AVG10 folder moved successfully.

C:\Users\usuario\AppData\Roaming\Babylon folder moved successfully.

C:\Users\usuario\AppData\Roaming\FrostWire folder moved successfully.

Folder C:\Users\usuario\AppData\Roaming\uTorrent\ not found.

========== FILES ==========

c:\program files (x86)\AVG\AVG10\Notification folder moved successfully.

c:\program files (x86)\AVG\AVG10 folder moved successfully.

c:\program files (x86)\AVG folder moved successfully.

========== REGISTRY ==========

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3F633AA0-C5BE-4064-814C-ACEEC9F1D1F0} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F633AA0-C5BE-4064-814C-ACEEC9F1D1F0}\ not found.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{430D156D-E600-4D34-A73F-E17E3E24BC68} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{430D156D-E600-4D34-A73F-E17E3E24BC68}\ not found.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5C70BCD6-56BF-4813-AB95-8BABDD642BC6} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C70BCD6-56BF-4813-AB95-8BABDD642BC6}\ not found.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{637B8504-030C-46EB-9082-971BCC3621C4} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{637B8504-030C-46EB-9082-971BCC3621C4}\ not found.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{989F7ED1-8337-492C-9947-4E312382E384} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{989F7ED1-8337-492C-9947-4E312382E384}\ not found.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B6E73C37-D25E-4AA0-9095-9112AD990B66} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B6E73C37-D25E-4AA0-9095-9112AD990B66}\ not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Convidado

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 1827699 bytes

->Flash cache emptied: 56960 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 56504 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Public

->Temp folder emptied: 0 bytes

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 56504 bytes

User: usuario

->Temp folder emptied: 12895301 bytes

->Temporary Internet Files folder emptied: 41432125 bytes

->Java cache emptied: 308590 bytes

->FireFox cache emptied: 42766587 bytes

->Google Chrome cache emptied: 386901029 bytes

->Flash cache emptied: 68404 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 270818 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 2552449270 bytes

Total Files Cleaned = 2.898,00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.31.0 log created on 12092011_120850

Files\Folders moved on Reboot...

C:\Users\usuario\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File\Folder C:\Windows\temp\kls92E1.tmp not found!

Registry entries deleted on Reboot...

Thank you for your help. All is done as recommended, though I was unsure about ResetTeaTimer. It's supposed to be used after all proccesses were made right? Internet Explorer seems to be free from whitesmoke now, but chrome still has it as default search page. Waiting for further instructions

Link to post
Share on other sites

ResetTeaTimer should be user before any action with Windows Registry, because TeaTimer is protection module, part of SpyBot - Search & Destroy whick goal is to protect Windows Registry, do not allow any registry changes to some keys and other protections too. More information could be found here:

http://www.safer-networking.org/bg/faq/33.html

Please generate a new fresh OTL log file.

Link to post
Share on other sites

OTL logfile created on: 13/12/2011 08:47:51 - Run 2

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\usuario\Downloads

64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

8,00 Gb Total Physical Memory | 5,54 Gb Available Physical Memory | 69,27% Memory free

16,18 Gb Paging File | 12,76 Gb Available in Paging File | 78,84% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465,76 Gb Total Space | 254,67 Gb Free Space | 54,68% Space Free | Partition Type: NTFS

Computer Name: USUARIO-PC | User Name: usuario | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\usuario\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)

PRC - C:\Users\usuario\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe (NCSoft)

PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)

PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)

PRC - C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)

PRC - C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe (D-Link Corp.)

PRC - C:\Windows\SysWOW64\ANIWConnService.exe ()

PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

PRC - C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\NCSoft\Launcher\UnRar.Net.dll ()

MOD - C:\Program Files (x86)\NCSoft\Launcher\NC.Logging.dll ()

MOD - C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll ()

MOD - C:\Users\usuario\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll ()

MOD - C:\Users\usuario\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll ()

MOD - C:\Users\usuario\AppData\Local\Google\Chrome\Application\15.0.874.121\avutil-51.dll ()

MOD - C:\Users\usuario\AppData\Local\Google\Chrome\Application\15.0.874.121\avformat-53.dll ()

MOD - C:\Users\usuario\AppData\Local\Google\Chrome\Application\15.0.874.121\avcodec-53.dll ()

MOD - C:\Users\usuario\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll ()

MOD - C:\Users\usuario\AppData\Local\Google\Chrome\APPLIC~1\15.0.874.121\gcswf32.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\cbfa4bf002c1abaf94ba8634139727eb\System.Security.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Design\0e8e3007e61a2ba9454600dce8193b65\System.Design.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()

MOD - C:\Program Files (x86)\Yuna Software\Messenger Plus!\detour32.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.resources.dll ()

MOD - C:\Windows\SysWOW64\wlanapp.dll ()

MOD - C:\Program Files (x86)\D-Link\DWA-125 revA\ANIOApi.dll ()

MOD - C:\Program Files (x86)\ANI\ANIWZCS2 Service\ANIOApi.dll ()

========== Win32 Services (SafeList) ==========

SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_d768ebc.dll ()

SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)

SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)

SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (ANIWConnService) -- C:\Windows\SysWOW64\ANIWConnService.exe ()

========== Driver Services (SafeList) ==========

DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\DRIVERS\fssfltr.sys (Microsoft Corporation)

DRV:64bit: - (Gun) -- C:\Windows\SysNative\Gun64.sys ()

DRV:64bit: - (KLIF) -- C:\Windows\SysNative\DRIVERS\klif.sys (Kaspersky Lab)

DRV:64bit: - (kl2) -- C:\Windows\SysNative\DRIVERS\kl2.sys (Kaspersky Lab ZAO)

DRV:64bit: - (KL1) -- C:\Windows\SysNative\DRIVERS\kl1.sys (Kaspersky Lab ZAO)

DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\DRIVERS\klim6.sys (Kaspersky Lab ZAO)

DRV:64bit: - (Revoflt) -- C:\Windows\SysNative\DRIVERS\revoflt.sys (VS Revo Group)

DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\DRIVERS\klmouflt.sys (Kaspersky Lab)

DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)

DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\DRIVERS\netr28ux.sys (Ralink Technology Corp.)

DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)

DRV:64bit: - (anodlwf) -- C:\Windows\SysNative\DRIVERS\anodlwfx.sys ()

DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys (Nokia)

DRV:64bit: - (JRAID) -- C:\Windows\SysNative\DRIVERS\jraid.sys (JMicron Technology Corp.)

DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation)

DRV:64bit: - (UGURU) -- C:\Windows\SysNative\drivers\uGuru.sys (ABIT)

DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://sn130w.snt130.mail.live.com/default.aspx?id=64855&mkt=pt-BR&form=MWGELB&publ=MSNTOOL&crea=TEXT_CIMS015888_Hotmail_PT-BR_0x0_33485#!/mail/InboxLight.aspx?n=470777935

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FA 93 17 B3 3F B7 CC 01 [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems:

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.9

FF - prefs.js..browser.startup.homepage: ""

FF - prefs.js..browser.search.selectedEngine: ""

FF - HKLM\Software\MozillaPlugins\4game.com/plugin: C:\Program Files (x86)\4game\4game\npplugin4game.dll File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\usuario\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\usuario\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/10/19 11:25:17 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2011/05/13 03:15:38 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru [2011/05/31 14:06:10 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru [2011/05/31 14:06:10 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/10/19 11:25:17 | 000,000,000 | ---D | M]

[2010/09/10 13:57:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\usuario\AppData\Roaming\mozilla\Extensions

[2010/09/10 13:57:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\usuario\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2011/12/09 12:08:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\usuario\AppData\Roaming\mozilla\Firefox\Profiles\w7synynk.default\extensions

[2010/09/10 14:55:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\usuario\AppData\Roaming\mozilla\Firefox\Profiles\w7synynk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

========== Chrome ==========

CHR - default_search_provider: Linkury Smartbar Search (Enabled)

CHR - default_search_provider: search_url = http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:5731629158&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com

CHR - default_search_provider: suggest_url =

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\usuario\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll

CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\PFiles\Plugins\np-mswmp.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\usuario\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\usuario\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll

CHR - plugin: IGN Download Manager Plug-in (Enabled) = C:\Program Files (x86)\Download Manager\npfpdlm.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Users\usuario\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: AT_JamesWhite = C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm\3_0\

CHR - Extension: Desprotetor de Links = C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\imcbnnnoghiihopefblgehihofbfbmei\1.2.7_0\

CHR - Extension: Skype Click to Call = C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\

CHR - Extension: Media Plugin = C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocphobfcfafpclibolpjdafgaffkaoci\2.0_0\

O1 HOSTS File: ([2011/12/02 00:45:45 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)

O2 - BHO: (Auxiliar de Conexão do Windows Live ID) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)

O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\15.0.874.121\npchrome_frame.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)

O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)

O4 - HKLM..\Run: [D-Link D-Link Wireless 150 USB Adapter DWA-125] C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe (D-Link Corp.)

O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)

O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()

O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)

O4 - HKLM..\Run: [NokiaMusic FastStart] C:\Program Files (x86)\Nokia\Ovi Player\NokiaOviPlayer.exe (Nokia)

O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)

O4 - HKLM..\Run: [RemoteControl] C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)

O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\usuario\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)

O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKCU..\Run: [Mega Manager] C:\Program Files (x86)\Megaupload\Mega Manager\MegaManager.exe /Tray File not found

O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

O4 - HKCU..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)

O4 - HKCU..\Run: [skype] C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)

O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)

O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)

O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\NLAapi.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\napinsp.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 189.6.0.136 189.6.0.131

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{11CF7466-02FA-416B-B546-447C572C82F3}: DhcpNameServer = 189.6.0.136 189.6.0.131

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D451BBC-C99F-460A-BF15-E7145CED73F2}: DhcpNameServer = 189.6.0.136 189.6.0.131

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E2F0D15-2439-4C1C-9433-81848F538C8A}: DhcpNameServer = 189.6.0.136 189.6.0.131

O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\gcf - No CLSID value found

O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\15.0.874.121\npchrome_frame.dll (Google Inc.)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysNative\shell32.dll (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysNative\sysdm.cpl (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\Windows\SysWow64\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\Windows\SysWow64\sysdm.cpl (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)

O20 - Winlogon\Notify\klogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)

O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysNative\browseui.dll (Microsoft Corporation)

O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWOW64\browseui.dll (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\usuario\AppData\Roaming\Microsoft\Windows Photo Gallery\Papel de Parede da Galeria de Fotos do Windows.jpg

O24 - Desktop BackupWallPaper: C:\Users\usuario\AppData\Roaming\Microsoft\Windows Photo Gallery\Papel de Parede da Galeria de Fotos do Windows.jpg

O29:64bit: - HKLM SecurityProviders - (credssp.dll) -C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (credssp.dll) -C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)

O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) -C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) -C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) -C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) -C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) -C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) -C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/12 23:43:16 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{E6A388FA-E575-4E6E-9D47-E7C91056E766}

[2011/12/12 23:43:05 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{3FA680B9-C9DB-484D-B197-98109F5FF39A}

[2011/12/12 11:42:39 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{DEA3E5D0-800D-406B-9F18-7468BD5C83CC}

[2011/12/12 11:42:28 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{EBB490ED-81C1-4105-97E5-7C28C304B86F}

[2011/12/11 23:42:02 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{8F7FE156-2E9C-4069-A821-557168960D2A}

[2011/12/11 23:41:51 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{B5F02F47-54FC-4F6D-A189-4D23448C74FF}

[2011/12/11 11:41:36 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{EAA02961-14DA-4279-A845-6DBF5E6E01C8}

[2011/12/11 11:41:25 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{0EF98FB2-328B-445E-BD92-EC61F1CC8E49}

[2011/12/10 23:41:00 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{1145F92C-3426-49D9-BE1F-7D1446B27859}

[2011/12/10 23:40:50 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{588A26C3-17CB-4BD2-ADC4-8FE3D18AC464}

[2011/12/10 11:40:35 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{0344791C-9DCE-49AF-8FC5-502D0D4D7E1D}

[2011/12/10 11:40:24 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{672E2D7E-8E09-4194-B604-05BA7EAA3DCE}

[2011/12/09 23:39:56 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{35C544BE-A555-4B6C-A69E-DEED102133C5}

[2011/12/09 23:39:45 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{F33EC677-E710-4403-8FC6-3B313ACBE8E1}

[2011/12/09 12:08:50 | 000,000,000 | ---D | C] -- C:\_OTL

[2011/12/09 11:39:21 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{7F59450E-A9A2-4057-8DC0-0C31C25AAFBC}

[2011/12/09 11:39:11 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{0F2A0306-2F48-42E3-B0F2-3452FE884C58}

[2011/12/08 23:38:46 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{58338E77-D5AA-4729-9079-5B3CE9EDF71C}

[2011/12/08 23:38:35 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{960EDE64-00D0-43D4-813C-10C2D83858E6}

[2011/12/08 11:38:09 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{679E3055-71DB-42E6-8BF4-D8C520D5CD23}

[2011/12/08 11:37:58 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{6EBA6120-7A68-46DE-8B44-BBEC34F773B1}

[2011/12/07 23:37:45 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{D70522F0-FD19-4B72-A64D-5DD2CD038387}

[2011/12/07 23:37:34 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{9A2F71C1-54E0-4B48-B902-04CF07E809B9}

[2011/12/07 11:37:08 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{1F47BB62-3203-4C8F-A07D-6ECC9D773447}

[2011/12/07 11:36:57 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{70F69BDD-6CEF-4642-A418-FE4135AA8719}

[2011/12/06 23:36:31 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{74D29222-834F-40C9-B63F-6BE4D175FB61}

[2011/12/06 23:36:20 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{8FC7039E-F4B5-4743-B2FD-B25F2EDA2E53}

[2011/12/06 11:35:54 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{7EB798C0-5F11-43D6-9A21-4C942CE20B56}

[2011/12/06 11:35:43 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{AB4FEF81-AFA6-4B11-9661-123F9AD1A141}

[2011/12/05 23:35:17 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{A442EED7-0119-4182-B93D-3F5E528598AB}

[2011/12/05 23:35:05 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{54C6D409-07C9-479D-9D0A-EA434BAF1366}

[2011/12/05 11:34:40 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{A86AF6E0-397D-43EE-86BC-4E36EC18FE4E}

[2011/12/05 11:34:27 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{3ACA861C-D359-4C9A-8AFF-97F907354FB2}

[2011/12/04 23:34:01 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{9345F5C4-C6A5-4066-8D04-75A80C73A623}

[2011/12/04 23:33:51 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{B1C236E4-7AB3-45C0-8B74-AFFFCF2913F7}

[2011/12/04 11:33:37 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{3D577F2B-2C13-485F-A0AB-17A0ADB4B6F7}

[2011/12/04 11:33:25 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{93C844FE-D601-4DE6-A5C9-82644756C36E}

[2011/12/03 12:06:48 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{4C5ED6C8-7E2E-4051-8586-109E732AF30F}

[2011/12/03 12:06:37 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{323E7048-FB20-4202-8AB5-317705FF119F}

[2011/12/03 00:06:12 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{E12397E1-C8A8-4AE6-A5A7-D329643AA59A}

[2011/12/03 00:06:01 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{F3613A3B-5D93-4DCE-BDC7-85AC6A94AA78}

[2011/12/02 12:05:36 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{184BDA65-60C4-454A-A0D1-160243A61051}

[2011/12/02 12:05:25 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{7CA5D651-D59C-438C-976E-49D18939B242}

[2011/12/02 00:45:49 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN

[2011/12/02 00:43:26 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2011/12/02 00:22:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2011/12/02 00:22:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2011/12/02 00:22:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2011/12/02 00:22:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2011/12/02 00:17:55 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/12/02 00:04:59 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{503DA56C-F5F5-4763-B889-36188536D838}

[2011/12/02 00:04:48 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{AA1A1BCA-09F8-4ABA-9A67-2C04C1335D90}

[2011/12/01 12:04:20 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{C978F996-7230-439B-939A-F1658AF94208}

[2011/12/01 12:04:09 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{26C2E519-B0AE-4B85-AA65-2FB78C61BB4C}

[2011/12/01 00:03:42 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{4DB57AC5-8420-46B9-A162-BB121C60B1D6}

[2011/12/01 00:03:31 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{CB1474CA-F2A6-4716-AECB-87CB8C33A680}

[2011/11/30 17:36:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy

[2011/11/30 17:36:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2011/11/30 17:36:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy

[2011/11/30 12:03:04 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{261852DD-4D4A-4C28-B180-E1F56E86DDF7}

[2011/11/30 12:02:52 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{7F8BA77D-2C67-4E07-BE35-0AEDB84D18BB}

[2011/11/30 00:02:24 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{7CCC0AE5-E39D-4D63-AE7E-E2948D3DF856}

[2011/11/30 00:02:14 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{8E73735A-CDB2-4F6F-96BF-B3CD8432B5DD}

[2011/11/29 12:01:48 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{1D838006-5885-4A39-A42B-9F3F75C699DF}

[2011/11/29 12:01:37 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{B28E20E5-97A0-41A4-8C5C-6EC5A2400E97}

[2011/11/29 00:01:12 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{BE664083-F270-4041-B17E-75C3134D5FEF}

[2011/11/29 00:01:01 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{C37214B5-0EE6-4C39-B740-8C8B516A0B3D}

[2011/11/28 12:00:34 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{3C308B4B-2D03-4363-BA17-E8DB61C9DCD9}

[2011/11/28 12:00:23 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{657761E7-159B-4949-AF7C-5154947DCEA1}

[2011/11/27 23:41:20 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{F465EBA1-4444-4169-A5DB-E87623B02429}

[2011/11/27 23:41:09 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{A642615A-61D8-4A12-8E6C-F26508A0800D}

[2011/11/27 11:40:56 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{4304B241-C29D-40A7-944F-F213890F8AB4}

[2011/11/27 11:40:44 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{8A6948C2-0422-4812-A322-B27868BEE185}

[2011/11/26 23:40:17 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{C7C03ACD-BAE2-4741-B696-1D2311CCB52F}

[2011/11/26 23:40:06 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{2D308F35-F9CC-4B72-B6C3-70356F35450C}

[2011/11/26 11:39:53 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{3BEDE6D6-FE01-46A2-A55A-5AA42002DF9F}

[2011/11/26 11:39:42 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{1556754E-A3C7-4772-9F0C-FEA073FD42F9}

[2011/11/25 23:39:16 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{00B63859-4AB8-4C3C-8F7F-7795C1AC05E5}

[2011/11/25 23:39:05 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{79AAA2BB-11FB-4CE7-AA50-221A930DC079}

[2011/11/25 11:38:52 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{E903D929-4C78-40BA-92AA-70354A9DBA5D}

[2011/11/25 11:38:40 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{565D3F94-6117-459B-9EDC-9BA52013B9B2}

[2011/11/25 02:04:30 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\Skyrim

[2011/11/25 02:04:30 | 000,000,000 | ---D | C] -- C:\Users\usuario\Documents\My Games

[2011/11/25 02:03:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razor 1911

[2011/11/25 02:02:46 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll

[2011/11/25 02:02:46 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll

[2011/11/25 02:02:46 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll

[2011/11/25 02:02:46 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll

[2011/11/25 02:02:42 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll

[2011/11/25 02:02:42 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll

[2011/11/25 01:54:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Elder Scrolls V Skyrim

[2011/11/24 23:38:14 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{3386E31E-16D5-42FF-9422-DEBE86545572}

[2011/11/24 23:38:04 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{FA31CBC4-A45B-4EBB-8D29-D34E262C0C61}

[2011/11/24 11:37:37 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{573ACB95-D752-4042-A13E-289C2C5617EF}

[2011/11/24 11:37:26 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{072C97CF-EFD4-4D2C-BDCA-92202CB49CD6}

[2011/11/24 11:18:44 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Roaming\OpenCandy

[2011/11/24 11:17:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite

[2011/11/23 23:37:00 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{E01E9AA4-721E-4E46-9271-85D52CA6F6E4}

[2011/11/23 23:36:49 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{7A7B88A7-77D8-4B70-8F92-E8528118A31E}

[2011/11/23 13:07:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Caixa de pesquisa rápida do Google

[2011/11/23 11:36:23 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{C2DE2F01-559A-44A1-975E-CB036817E91B}

[2011/11/23 11:36:12 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{B5C8406E-104A-495A-92E8-24C906E2E859}

[2011/11/22 23:35:43 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{B67489D3-C9BE-4894-9C42-6B3D458869C9}

[2011/11/22 23:35:31 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{C8C9EE8C-390B-4BFB-8FF7-71F3C2A824DA}

[2011/11/22 10:08:26 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{F384510A-0311-486C-B92D-769DA8DDEDCA}

[2011/11/22 10:08:15 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{B3DB2E1A-C7CA-467B-8C35-C5450973B0B7}

[2011/11/21 22:07:42 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{74D5070D-01A9-4892-965E-CC98AC4D3FEA}

[2011/11/21 22:07:29 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{036AC4AF-249B-47FB-AC50-F1278DF88936}

[2011/11/21 09:14:14 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{B91A89B7-E8F3-4FC0-ACB2-8330FB5463F3}

[2011/11/21 09:14:02 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{D7D3D301-58FF-4E51-82EF-DA055BE370E4}

[2011/11/20 21:13:31 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{7CEC9B08-6987-4ED8-8F38-94CC19838A77}

[2011/11/20 21:13:17 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{FA440A13-935F-49D7-A3FB-B8C7AA7243A2}

[2011/11/20 09:12:46 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{9E5D186E-44E4-49F3-9FD1-3BCD5E494255}

[2011/11/20 09:12:35 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{DC8873D4-D2B2-40B3-85A0-898F407745A8}

[2011/11/19 20:26:35 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{5CC1C8B4-8A08-452E-8D4C-739FF83B3D9E}

[2011/11/19 20:26:22 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{10E64EE7-C636-4B29-8B07-472A7BDDCA5B}

[2011/11/18 23:22:16 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{45D42CAF-9A07-40D0-BC4A-60D9837ADA7E}

[2011/11/18 23:22:02 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{3037267C-1662-454B-A223-C04CCEC58C7A}

[2011/11/18 11:21:47 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{DA65CCDC-14E1-427F-A7EA-249821688C9A}

[2011/11/18 11:21:35 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{C8A973AE-6F5B-452B-9274-10FB161040D9}

[2011/11/17 23:21:00 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{D74C3C1A-130A-42E4-8326-455372FED204}

[2011/11/17 23:20:48 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{6D5D823E-FDF8-43BC-9B5B-B6984CEE3FF4}

[2011/11/17 12:56:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

[2011/11/17 10:27:38 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{8D83C48B-36BA-409F-9ADD-8A8B9022AEA7}

[2011/11/17 10:27:24 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{2CBFF048-5CB3-44CA-8571-68BEA74F89EC}

[2011/11/16 22:26:54 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{D4D9E7ED-C630-4F7F-96A6-475A4949D86D}

[2011/11/16 22:26:43 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{D213A5B3-5A9F-4986-9BAC-C19A7EC752C4}

[2011/11/16 10:26:15 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{37652A02-7F2D-4F89-AD1E-663AF4B43C2F}

[2011/11/16 10:26:03 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{409B4528-16D9-4044-92A7-0399CB66D1F4}

[2011/11/15 22:27:11 | 000,000,000 | ---D | C] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}

[2011/11/15 22:25:36 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{492F60C6-9A07-4E56-8898-AAC17C49E5E3}

[2011/11/15 22:25:25 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{F48C49A8-830E-4C89-9E1A-95BB47B88804}

[2011/11/15 15:22:33 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\PackageAware

[2011/11/15 15:21:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue

[2011/11/15 15:20:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue

[2011/11/15 15:20:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue

[2011/11/15 08:55:59 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{9ACC42DA-BB62-4486-A70E-8A891F426A6E}

[2011/11/15 08:55:28 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{DEECA759-9969-4253-8265-CD987937F411}

[2011/11/15 01:08:29 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe

[2011/11/15 01:08:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe

[2011/11/15 01:08:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe

[2011/11/14 19:54:19 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{AB7387D7-0E48-47C1-82CB-59EE2D9BE495}

[2011/11/14 19:54:08 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{09F6A3BA-3324-4C88-A9B8-EE3E82AF9204}

[2011/11/14 07:53:39 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{354CC8D4-063D-4D51-B1E8-A518B9878E54}

[2011/11/14 07:53:28 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{1DB6184C-3D76-4D5A-87C4-8EF861EAC478}

[2011/11/13 19:52:59 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{45F062A7-F8B6-4C38-90AD-B84C540675A0}

[2011/11/13 19:52:47 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\{839DC0BE-DF5F-44F8-A1AA-492E289047BD}

[2004/11/24 17:25:52 | 000,335,872 | ---- | C] ( ) -- C:\Windows\SysWow64\drvc.dll

========== Files - Modified Within 30 Days ==========

[2011/12/13 08:52:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/12/13 08:48:44 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/12/13 08:36:53 | 000,000,680 | ---- | M] () -- C:\Users\usuario\AppData\Local\d3d9caps.dat

[2011/12/13 08:36:46 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3657250588-3613034624-2327374294-1000UA.job

[2011/12/13 08:36:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/12/13 00:20:02 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/12/13 00:20:02 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/12/12 22:20:31 | 000,003,284 | ---- | M] () -- C:\Windows\SysWow64\ANIWZCS{11CF7466-02FA-416B-B546-447C572C82F3}

[2011/12/12 22:20:31 | 000,003,284 | ---- | M] () -- C:\Users\usuario\AppData\Roaming\ANIWZCS{11CF7466-02FA-416B-B546-447C572C82F3}

[2011/12/12 22:19:58 | 4293,386,239 | -HS- | M] () -- C:\hiberfil.sys

[2011/12/11 14:35:51 | 000,118,784 | ---- | M] () -- C:\Users\usuario\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/12/10 22:02:00 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3657250588-3613034624-2327374294-1000Core.job

[2011/12/10 17:35:33 | 000,001,270 | ---- | M] () -- C:\clan13.bmp

[2011/12/07 09:49:10 | 001,493,914 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011/12/07 09:49:10 | 000,651,684 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat

[2011/12/07 09:49:10 | 000,604,124 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011/12/07 09:49:10 | 000,128,252 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat

[2011/12/07 09:49:10 | 000,107,262 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011/12/07 09:20:21 | 000,000,287 | ---- | M] () -- C:\Users\usuario\AppData\Roaming\ANICONFIG_{11CF7466-02FA-416B-B546-447C572C82F3}.ini

[2011/12/02 00:45:45 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2011/11/24 11:18:44 | 000,530,488 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys

[2011/11/24 00:23:52 | 000,016,199 | ---- | M] () -- C:\Users\usuario\Documents\Relatorio individual-LUIZ.odt

[2011/11/18 15:02:54 | 000,002,052 | ---- | M] () -- C:\Users\usuario\Desktop\Google Chrome.lnk

[2011/11/17 12:56:21 | 000,002,121 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk

[2011/11/15 13:37:46 | 543,520,321 | ---- | M] () -- C:\Windows\MEMORY.DMP

========== Files Created - No Company Name ==========

[2011/12/10 17:35:30 | 000,001,270 | ---- | C] () -- C:\clan13.bmp

[2011/12/02 00:22:37 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2011/12/02 00:22:37 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2011/12/02 00:22:37 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2011/12/02 00:22:37 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2011/12/02 00:22:37 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2011/11/24 00:23:50 | 000,016,199 | ---- | C] () -- C:\Users\usuario\Documents\Relatorio individual-LUIZ.odt

[2011/11/17 12:56:21 | 000,002,121 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk

[2011/11/15 13:44:58 | 4293,386,239 | -HS- | C] () -- C:\hiberfil.sys

[2011/10/15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

[2011/08/09 21:11:16 | 000,008,907 | ---- | C] () -- C:\Program Files (x86)\my.ini

[2011/08/09 19:28:06 | 001,589,248 | ---- | C] () -- C:\Windows\SysWow64\libmysql_d.dll

[2011/03/13 22:36:15 | 000,059,759 | ---- | C] () -- C:\Windows\War3Unin.dat

[2011/02/23 00:13:28 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2011/01/04 10:14:48 | 000,023,888 | ---- | C] () -- C:\Users\usuario\AppData\Roaming\UserTile.png

[2010/12/28 17:31:31 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll

[2010/12/28 17:30:45 | 001,073,152 | ---- | C] () -- C:\Windows\SysWow64\libmysql_c.dll

[2010/12/05 22:44:36 | 000,000,680 | ---- | C] () -- C:\Users\usuario\AppData\Local\d3d9caps.dat

[2010/10/19 11:33:21 | 001,463,284 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010/10/05 10:08:13 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010/09/17 19:05:24 | 000,003,284 | ---- | C] () -- C:\Users\usuario\AppData\Roaming\ANIWZCS{11CF7466-02FA-416B-B546-447C572C82F3}

[2010/09/17 19:04:51 | 000,000,287 | ---- | C] () -- C:\Users\usuario\AppData\Roaming\ANICONFIG_{11CF7466-02FA-416B-B546-447C572C82F3}.ini

[2010/09/17 19:04:29 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\ANIWConnService.exe

[2010/09/17 19:04:22 | 000,315,392 | ---- | C] () -- C:\Windows\SysWow64\ANIOApi.dll

[2010/09/17 19:04:11 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\wlanapp.dll

[2010/09/17 19:04:11 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\aIPH.dll

[2010/09/17 19:04:11 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\JJAKEn.dll

[2010/09/17 19:04:11 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AQCKGen.dll

[2010/09/17 19:04:11 | 000,045,115 | ---- | C] () -- C:\Windows\SysWow64\ANICtl.dll

[2010/09/17 19:02:59 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\ANIWPS.exe

[2010/09/17 19:02:58 | 000,692,224 | ---- | C] () -- C:\Windows\SysWow64\ANIOWPS.dll

[2010/09/12 21:32:03 | 000,118,784 | ---- | C] () -- C:\Users\usuario\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/09/11 01:19:37 | 000,070,988 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat

[2010/09/10 13:28:50 | 000,003,284 | ---- | C] () -- C:\Users\usuario\AppData\Roaming\ANIWZCS{A2E94A87-48AD-4FED-98A8-8027228F7BC4}

[2010/09/10 13:28:18 | 000,000,280 | ---- | C] () -- C:\Users\usuario\AppData\Roaming\ANICONFIG_{A2E94A87-48AD-4FED-98A8-8027228F7BC4}.ini

[2010/09/09 15:11:26 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2010/09/09 15:11:19 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll

[2010/09/09 15:11:02 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin

[2010/09/09 13:21:45 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin

[2010/09/08 16:13:11 | 000,000,732 | ---- | C] () -- C:\Users\usuario\AppData\Local\d3d9caps64.dat

[2008/12/19 13:15:58 | 004,338,246 | ---- | C] () -- C:\Windows\SysWow64\libavcodec.dll

[2008/12/17 15:41:18 | 000,884,237 | ---- | C] () -- C:\Windows\SysWow64\ff_x264.dll

[2008/12/17 15:22:58 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll

[2008/12/17 15:22:48 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2008/12/17 15:17:34 | 000,239,247 | ---- | C] () -- C:\Windows\SysWow64\ff_theora.dll

[2008/12/17 14:59:54 | 000,560,802 | ---- | C] () -- C:\Windows\SysWow64\libmplayer.dll

[2008/01/21 00:49:10 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

[2006/11/02 14:10:16 | 000,080,912 | ---- | C] () -- C:\Windows\SysWow64\sherlock2.exe

[2006/11/02 13:35:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 10:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2006/11/02 10:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2006/11/02 10:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2006/11/02 07:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2004/10/03 15:50:54 | 000,129,024 | ---- | C] () -- C:\Windows\SysWow64\ff_mpeg2enc.dll

========== LOP Check ==========

[2010/10/08 19:25:16 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\BrOffice.org

[2011/11/25 01:53:32 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\DAEMON Tools Lite

[2010/09/11 11:09:19 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\Foxit

[2010/09/11 11:09:19 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\Foxit Software

[2010/09/11 16:55:20 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\LolClient

[2010/10/19 11:55:19 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\Nokia

[2011/11/24 11:18:51 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\OpenCandy

[2010/10/19 11:55:35 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\PC Suite

[2010/12/24 22:58:33 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\VistaCodecs

[2011/12/12 15:14:48 | 000,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

  • Run OTL.exe
  • Under Custom Scans/Fixes post the following script:

:OTL
CHR - default_search_provider: Linkury Smartbar Search (Enabled)
CHR - default_search_provider: search_url = http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:5731629158&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
CHR - default_search_provider: suggest_url =

:Commands
[emptytemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log".
  • Please post that log in your next reply.

Link to post
Share on other sites

All processes killed

========== OTL ==========

Unable to fix default_search_provider items.

Unable to fix default_search_provider items.

Unable to fix default_search_provider items.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Convidado

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Public

->Temp folder emptied: 0 bytes

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: usuario

->Temp folder emptied: 24914522 bytes

->Temporary Internet Files folder emptied: 26339026 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Google Chrome cache emptied: 383823883 bytes

->Flash cache emptied: 3363 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 273558 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes

RecycleBin emptied: 1346901784 bytes

Total Files Cleaned = 1.700,00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 12152011_134210

Files\Folders moved on Reboot...

C:\Users\usuario\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\usuario\AppData\Local\Temp\np3EAA.tmp moved successfully.

C:\Users\usuario\AppData\Local\Temp\np3EE9.tmp moved successfully.

File\Folder C:\Users\usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IZ6Z71TM\ADSAdClient31[1].htm not found!

File\Folder C:\Windows\temp\kls1836.tmp not found!

Registry entries deleted on Reboot...

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Hi,

My apologies for the delay.

Maniac is away and I will be helping you instead.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Describe what issues you are currently experiencing.

-screen317

Link to post
Share on other sites

  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.