Jump to content

Help with Trojan Bitminer


Recommended Posts

Hello
I am having trouble removing a trojan (Trojan bitminer) on my pc, when I turn on my pc it opens a process called "Calculator.exe nslookup" and this process takes all my memory and the pc is VERY slow. If I close the process after a while he comes back, I managed to locate the folder and delete the virus, but I just restart the pc again he appears ... The folder is located in C: \ users \ W7 \ AppData \ Roaming \ data within that folder (so says the malware bytes) has several trojans, already tried to remove them via various programs and even safe mode, but it seems that the virus always comes back after a reboot.
Here is the hijack it log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:19:28, on 04/11/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16464)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\W7\AppData\Local\Google\Chrome\Applicatio n\chrome.exe
C:\Users\W7\AppData\Local\Google\Chrome\Applicatio n\chrome.exe
C:\Users\W7\AppData\Local\Google\Chrome\Applicatio n\chrome.exe
C:\Users\W7\AppData\Local\Google\Chrome\Applicatio n\chrome.exe
C:\Users\W7\AppData\Local\Google\Chrome\Applicatio n\chrome.exe
C:\Users\W7\AppData\Local\Google\Chrome\Applicatio n\chrome.exe
C:\Users\W7\AppData\Local\Google\Chrome\Applicatio n\chrome.exe
C:\Users\W7\AppData\Local\Google\Chrome\Applicatio n\chrome.exe
C:\Users\W7\AppData\Local\Google\Chrome\Applicatio n\chrome.exe
C:\Users\W7\AppData\Local\Google\Chrome\Applicatio n\chrome.exe
C:\Users\W7\AppData\Local\Google\Chrome\Applicatio n\chrome.exe
C:\Users\W7\AppData\Local\Google\Chrome\Applicatio n\chrome.exe
C:\Users\W7\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdom...LGEL&bmod=LGEL
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com/?tn=bbl_pay_hp_02_hao123_br
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.searchiseasy.info/?...cc=BR&unqvl=33
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {1c68c940-1b2f-46eb-bd8c-2e1612ff6a58} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: TrueSuite WebStore - {5cb2b77d-c8ca-44db-af20-a7a4df462a12} - mscoree.dll (file missing)
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: TSBHO Class - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\TrueSuite\x86\TrueSuite.IEBHO.dll
O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)
O4 - HKLM\..\Run: [LG Media FUNtasia] "C:\Program Files (x86)\LG Software\LG Media FUNtasia\MediaFuntasiaStart.exe" tray
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NCUpdateHelper] C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Memory Improve Master] C:\Program Files (x86)\Memory Improve Master\MemoryImproveMaster.exe /autorun
O4 - HKCU\..\Run: [Google Update] "C:\Users\W7\AppData\Local\Google\Update\GoogleUpd ate.exe" /c
O4 - HKCU\..\Run: [uTorrent] "C:\Users\W7\AppData\Roaming\uTorrent\uTorrent.exe " /MINIMIZED
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - Startup: Adobe.lnk = W7\AppData\Roaming\data\Adobe.vbe
O4 - Startup: PC App Store Uninstall 3.8.8.1435.lnk = C:\Windows\System32\rundll32.exe
O4 - Startup: Svchost.exe.lnk = C:\Users\W7\AppData\Local\Temp\RarSFX3\Svchost.exe
O4 - Startup: Usbsupply.exe


O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxernsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: http://*.cga.com.cn
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: http://*.ogdev.net
O15 - Trusted Zone: http://*.sdo.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\ATService.exe
O23 - Service: Bluetooth Device Manager - Motorola Solutions, Inc. - C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
O23 - Service: Bluetooth Media Service - Motorola Solutions, Inc. - C:\Program Files\Motorola\Bluetooth\audiosrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola Solutions, Inc. - C:\Program Files\Motorola\Bluetooth\obexsrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: TrueSuiteService (FPLService) - AuthenTec, Inc - C:\Program Files\TrueSuite\TrueSuite.Service.exe
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13117 bytes
Link to post
Share on other sites

Welcome to the forum, please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes and use the default font)

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 9.0.8112.16464  BrowserJavaVersion: 10.45.2

Run by W7 at 22:52:27 on 2013-11-04

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.55.1046.18.6078.2997 [GMT -2:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files\TrueSuite\TrueSuite.Service.exe

C:\Program Files\Fingerprint Sensor\ATService.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe

C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

C:\Windows\system32\rundll32.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Motorola\Bluetooth\obexsrv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\TrueSuite\TrueSuite.TouchControl.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Microsoft LifeChat\LifeChat.exe

C:\Program Files\LG Software\LG OSD\HotKey.exe

C:\Program Files\Microsoft Device Center\itype.exe

C:\Program Files\Microsoft Device Center\ipoint.exe

C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe

C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe

C:\Program Files\Fingerprint Sensor\ATSwpNav.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files (x86)\CyberLink\Shared files\brs.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Windows\System32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Users\W7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Usbsupply.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\iPod\bin\iPodService.exe

"C:\Users\W7\AppData\Local\Temp\RarSFX0\Svchost.exe" 

C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe

C:\Windows\SysWOW64\cmd.exe

C:\Users\W7\AppData\Roaming\data\mstsc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Users\W7\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\W7\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\W7\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\W7\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\W7\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\W7\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\W7\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\W7\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\W7\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\W7\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\W7\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Windows\system32\sppsvc.exe

C:\Users\W7\Downloads\mbar-1.07.0.1007.exe

C:\Windows\SysWOW64\cmd.exe

C:\Users\W7\Desktop\mbar\mbar.exe

C:\Users\W7\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\taskmgr.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\W7\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

c:\Program Files\Microsoft Security Client\MpCmdRun.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.



BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: TrueSuite WebStore: {5cb2b77d-c8ca-44db-af20-a7a4df462a12} - 

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\TrueSuite\x86\TrueSuite.IEBHO.dll

BHO: Auxiliar de Conexão do Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

uRun: [Memory Improve Master] C:\Program Files (x86)\Memory Improve Master\MemoryImproveMaster.exe /autorun

uRun: [NVIDIA nTune] "C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" clear

mRun: [LG Media FUNtasia] "C:\Program Files (x86)\LG Software\LG Media FUNtasia\MediaFuntasiaStart.exe" tray

mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [NCUpdateHelper] C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe

mRun: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot

StartupFolder: C:\Users\W7\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Adobe.lnk - C:\Users\W7\AppData\Roaming\data\Adobe.vbe

StartupFolder: C:\Users\W7\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PCAPPS~1.LNK - C:\Windows\System32\rundll32.exe

StartupFolder: C:\Users\W7\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SVCHOS~1.LNK - C:\Users\W7\AppData\Local\Temp\RarSFX0\Svchost.exe

StartupFolder: C:\Users\W7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Usbsupply.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDriveTypeAutoRun = dword:189

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: &Enviar para o OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: E&xportar para o Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

LSP: %SystemRoot%\system32\PrxerDrv.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: ogdev.net

Trusted Zone: sdo.com

Trusted Zone: soe.com

Trusted Zone: sony.com




TCP: NameServer = 192.168.1.2

TCP: Interfaces\{6B990466-4D42-4DEE-91B0-55CE2BE2B28A} : DHCPNameServer = 192.168.1.2

TCP: Interfaces\{6B990466-4D42-4DEE-91B0-55CE2BE2B28A}\4505D2C494E4B4F5642373233314 : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{6B990466-4D42-4DEE-91B0-55CE2BE2B28A}\455435455402742514459435 : DHCPNameServer = 192.168.10.254 8.8.8.8

TCP: Interfaces\{6B990466-4D42-4DEE-91B0-55CE2BE2B28A}\A4F6C61637B696570243 : DHCPNameServer = 192.168.1.2

TCP: Interfaces\{CB2510C7-E5A3-45EA-A38C-A492D7B7275E} : DHCPNameServer = 187.21.64.15 187.21.64.16

TCP: Interfaces\{E8B8E3DA-5E0F-4A80-A0CD-BDA47FCAF6CA} : DHCPNameServer = 7.254.254.254

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>


x64-BHO: TrueSuite WebStore: {5cb2b77d-c8ca-44db-af20-a7a4df462a12} - 

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\TrueSuite\TrueSuite.IEBHO.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-BHO: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - <orphaned>

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe"

x64-Run: [KeybdUtility] C:\Program Files\LG Software\LG OSD\HotKey.exe

x64-Run: [intelliType Pro] "C:\Program Files\Microsoft Device Center\itype.exe"

x64-Run: [intelliPoint] "C:\Program Files\Microsoft Device Center\ipoint.exe"

x64-Run: [ClientAppLogon32] C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe

x64-Run: [ClientAppLogon] C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe

x64-Run: [ATSwpNav.exe] C:\Program Files\Fingerprint Sensor\ATSwpNav.exe

x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"

x64-Run: [shadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart

x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-IE: {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm




x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]

R1 CLBStor;InstantBurn Storage Helper Driver;C:\Windows\System32\drivers\CLBStor.sys [2012-4-1 24560]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-3-15 283200]

R2 ATService;AuthenTec Fingerprint Service;C:\Program Files\Fingerprint Sensor\ATService.exe [2010-6-25 2734912]

R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files\Motorola\Bluetooth\obexsrv.exe [2011-8-17 680016]

R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;C:\Windows\System32\drivers\CLBUDF.sys [2012-4-1 376304]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

R2 FPLService;TrueSuiteService;C:\Program Files\TrueSuite\TrueSuite.Service.exe [2010-7-21 288064]

R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-4-23 9216]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-8-17 13336]

R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 139616]

R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-10-28 15122208]

R3 ATSwpWDF;AuthenTec TruePrint USB Driver;C:\Windows\System32\drivers\ATSwpWDF.sys [2010-6-30 770152]

R3 Bluetooth Device Manager;Bluetooth Device Manager;C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe [2011-8-17 4151376]

R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-9-9 31088]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-8-17 1028096]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]

R3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2013-11-4 91352]

R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2013-11-4 116440]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2011-8-17 1180736]

R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;C:\Windows\System32\drivers\nvoclk64.sys [2009-9-15 42088]

R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-10-28 39200]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-8-17 344680]

R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\System32\drivers\tap0901t.sys [2013-4-24 31232]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-7-25 162672]

S3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files\Motorola\Bluetooth\audiosrv.exe [2011-8-17 1189968]

S3 BTMCOM;Bluetooth Serial Port;C:\Windows\System32\drivers\btmcom.sys [2011-8-17 52736]

S3 BTMUSB;Motorola Bluetooth Radio Service;C:\Windows\System32\drivers\btmusb.sys [2011-8-17 486144]

S3 NisSrv;Inspeção de Rede da Microsoft;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-8-12 366600]

S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-8-17 250984]

S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-1-10 42184]

S3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;C:\Windows\System32\drivers\gtkdrv.sys [2013-10-11 16640]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-4-21 59392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]

S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-1 1255736]

S3 wsvd;wsvd;C:\Windows\System32\drivers\wsvd.sys [2009-6-4 121840]

S4 CLKMSVC10_9EC60124;CyberLink Product - 2012/03/31 23:13:02;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-7-6 246256]

S4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-6-28 2470736]

S4 OverwolfUpdaterService;Overwolf Updater Service;C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2013-2-3 18360]

S4 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-7-5 2673064]

S4 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2013-4-24 746392]

.

=============== Created Last 30 ================

.

2013-11-05 00:31:52 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-11-05 00:31:49 116440 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys

2013-11-05 00:27:38 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys

2013-11-05 00:27:21 -------- d-----w- C:\FRST

2013-11-05 00:21:10 10280728 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B79F8619-8E4E-4E43-A5F3-7A86086B2F24}\mpengine.dll

2013-11-05 00:20:35 -------- d-----w- C:\Users\W7\AppData\Roaming\data

2013-11-05 00:06:56 -------- d-sh--w- C:\$RECYCLE.BIN

2013-11-04 22:53:14 -------- d-----w- C:\Users\W7\AppData\Local\ElevatedDiagnostics

2013-11-04 17:47:42 -------- d-----w- C:\Windows\System32\MRT

2013-11-04 17:30:28 256000 ----a-w- C:\Windows\PEV.exe

2013-11-04 17:30:28 208896 ----a-w- C:\Windows\MBR.exe

2013-11-04 17:30:27 98816 ----a-w- C:\Windows\sed.exe

2013-11-04 17:27:33 -------- d-----w- C:\ProgramData\Licenses

2013-11-04 17:21:54 -------- d-----w- C:\Users\W7\AppData\Roaming\Simply Super Software

2013-11-04 17:20:42 -------- d-----w- C:\ProgramData\Simply Super Software

2013-11-04 17:20:42 -------- d-----w- C:\Program Files (x86)\Trojan Remover

2013-11-04 16:57:54 -------- d-----w- C:\Program Files\GridinSoft Trojan Killer

2013-11-04 15:25:26 1643520 ----a-w- C:\Windows\System32\DWrite.dll

2013-11-04 15:25:26 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll

2013-11-04 15:03:01 -------- d-----w- C:\Users\W7\AppData\Roaming\Malwarebytes

2013-11-04 15:02:46 -------- d-----w- C:\ProgramData\Malwarebytes

2013-11-04 15:02:44 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-11-04 15:02:44 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-11-04 15:00:49 461312 ----a-w- C:\Windows\System32\scavengeui.dll

2013-11-04 01:45:00 -------- d-----w- C:\AdwCleaner

2013-11-04 01:41:03 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{209606EB-F292-4D2C-8E9B-2B543E1FB8BD}\gapaengine.dll

2013-11-04 01:40:59 10280728 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-11-04 01:34:04 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2013-11-04 01:34:02 -------- d-----w- C:\Program Files\Microsoft Security Client

2013-11-04 01:32:55 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DEE916AC-AB41-4C8B-8DD7-331CDCFA5ADD}\mpengine.dll

2013-11-04 01:31:09 -------- d-----w- C:\Windows\TempEEF6705C-55FF-B850-1078-C5F9C07523FB-Signatures

2013-11-03 21:34:05 -------- d-----w- C:\Program Files (x86)\WinDirStat

2013-11-03 15:01:24 -------- d-----w- C:\Program Files (x86)\NCWest

2013-11-03 14:48:07 -------- d-----w- C:\Program Files (x86)\NCSOFT

2013-11-03 13:22:46 -------- d-----w- C:\Program Files (x86)\Blade and Soul

2013-11-03 05:52:41 -------- d-----w- C:\Program Files (x86)\Snail Games USA

2013-11-02 21:35:09 -------- d-----w- C:\Program Files (x86)\Common Files\WuShu_0.0.1.065

2013-11-02 21:35:08 -------- d-----w- C:\Program Files (x86)\Common Files\AgeofWushu_download

2013-11-01 17:38:12 -------- d-----w- C:\Program Files (x86)\Grinding Gear Games

2013-10-31 19:08:32 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2013-10-31 19:08:32 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2013-10-31 19:08:32 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2013-10-31 19:08:32 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2013-10-31 19:08:32 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2013-10-29 19:50:04 -------- d-----w- C:\Program Files (x86)\baidu

2013-10-28 16:48:18 -------- d-----w- C:\Users\W7\AppData\Roaming\Guitar Pro 6

2013-10-28 16:48:18 -------- d-----w- C:\ProgramData\Guitar Pro 6

2013-10-28 16:41:31 955168 ----a-w- C:\Windows\SysWow64\nvspcap.dll

2013-10-28 16:41:31 1063200 ----a-w- C:\Windows\System32\nvspcap64.dll

2013-10-28 16:23:14 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-10-25 14:52:26 -------- d-----w- C:\Program Files (x86)\Batman Arkham Origins

2013-10-18 22:32:01 -------- d-----w- C:\Program Files (x86)\AP Tuner

2013-10-11 11:06:34 16640 ----a-w- C:\Windows\System32\drivers\gtkdrv.sys

2013-10-09 02:38:11 -------- d-----w- C:\ProgramData\Baidu

2013-10-08 20:15:58 -------- d-----w- C:\Program Files\iPod

2013-10-08 20:15:57 -------- d-----w- C:\Program Files\iTunes

2013-10-08 20:15:57 -------- d-----w- C:\Program Files (x86)\iTunes

.

==================== Find3M  ====================

.

2013-10-23 08:20:08 6669600 ----a-w- C:\Windows\System32\nvcpl.dll

2013-10-23 08:20:07 3489568 ----a-w- C:\Windows\System32\nvsvc64.dll

2013-10-23 08:20:05 922912 ----a-w- C:\Windows\System32\nvvsvc.exe

2013-10-23 08:20:05 63776 ----a-w- C:\Windows\System32\nvshext.dll

2013-10-23 08:20:05 2559776 ----a-w- C:\Windows\System32\nvsvcr.dll

2013-10-23 08:20:05 219424 ----a-w- C:\Windows\System32\nvmctray.dll

2013-10-20 00:52:09 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2013-10-08 18:04:34 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-10-08 18:04:34 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-09-27 23:01:44 39200 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys

2013-09-27 23:01:38 29984 ----a-w- C:\Windows\System32\nvaudcap64v.dll

2013-09-27 23:01:38 28960 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll

2013-09-22 04:33:25 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2013-09-12 08:58:10 1884448 ----a-w- C:\Windows\System32\nvdispco6432723.dll

2013-09-12 08:58:10 1511712 ----a-w- C:\Windows\System32\nvdispgenco6432723.dll

2013-08-21 16:46:43 4554640 ----a-w- C:\Windows\SysWow64\GameMon.des

2013-04-28 17:56:06 396800 ----a-w- C:\Program Files (x86)\ISSkinExW.dll

2012-05-24 03:15:32 721920 ----a-w- C:\Program Files (x86)\revolt.cjstyles

.

============= FINISH: 22:55:13,07 ===============


.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium 

Boot Device: \Device\HarddiskVolume2

Install Date: 10/02/2012 11:16:32

System Uptime: 04/11/2013 22:18:16 (0 hours ago)

.

Motherboard: Intel Corp. |  | Base Board Product Name

Processor: Intel® Core i7 CPU       Q 740  @ 1.73GHz | CPU | 1716/1066mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 297 GiB total, 59,49 GiB free.

D: is FIXED (NTFS) - 298 GiB total, 53,259 GiB free.

E: is CDROM (CDFS)

F: is CDROM ()

G: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart D110 series

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Photosmart D110 series

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service: 

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Hamachi Network Interface

Device ID: ROOT\NET\0000

Manufacturer: LogMeIn, Inc.

Name: Hamachi Network Interface

PNP Device ID: ROOT\NET\0000

Service: hamachi

.

Class GUID: {a173b237-6a34-4bb5-aa63-2561160fa200}

Description: Bluetooth Module

Device ID: USB\VID_13D3&PID_3314\6&10FFC980&0&2

Manufacturer: Motorola Solutions, Inc.

Name: Bluetooth Module

PNP Device ID: USB\VID_13D3&PID_3314\6&10FFC980&0&2

Service: BTMUSB

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

64 Bit HP CIO Components Installer

7-Zip 9.21 (x64 edition)

7-Zip 9.21beta

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader XI (11.0.05) - Português

Adobe Shockwave Player 11.6

Age of Wushu

Aion

AP Tuner 3.08

Apple Mobile Device Support

Apple Software Update

Atualizações da NVIDIA 9.3.16

aTube Catcher

AuthenTec TrueSuite

Batman Arkham Origins v.1.0.0.0

Bonjour

BufferChm

CCleaner

Core Temp 1.0 RC4

CPUID CPU-Z 1.61.5

CyberLink Blu-ray Disc Suite

CyberLink InstantBurn

CyberLink Power2Go

CyberLink PowerDVD 9

CyberLink PowerProducer

CyberLink YouCam

D110

D3DX10

DAEMON Tools Lite

DC Universe Online

DC Universe Online Live

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Destinations

DeviceDiscovery

EzManual

Fallout 3

Fallout New Vegas

Far Cry 3 Blood Dragon

FEZ

ffdshow [rev 3154] [2009-12-09]

Fraps (remove only)

GameBox Console

GeForce Experience NvStream Client Components

Gerenciador de Downloads

Google Chrome

GPBaseService2

Hi-Rez Studios Authenticate and Update Service

HP Customer Participation Program 14.0

HP Imaging Device Functions 14.0

HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7

HP Product Detection

HP Smart Web Printing 4.60

HP Solution Center 14.0

HP Update

HPAppStudio

HPPhotoGadget

HPProductAssistant

HPSSupply

Intel® Control Center

Intel® Management Engine Components

Intel® Rapid Storage Technology

iTunes

Java 7 Update 45

Java Auto Updater

Java 6 Update 31

Java 6 Update 31 (64-bit)

Java 7 Update 5 (64-bit)

JavaFX 2.1.1

Junk Mail filter update

League of Legends

LG Intelligent Update

LG Magnifier

LG Media FUNtasia

LG OSD

LG Smart Care

LG Smart Indicator

LG Smart Recovery

Logitech Unifying Software 2.10

LogMeIn Hamachi

LOLReplay

Malwarebytes Anti-Malware versão 1.75.0.1300

MarketResearch

Memory Improve Master Free Version v6.1.2.369

Microsoft .NET Framework 1.1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile PTB Language Pack

Microsoft .NET Framework 4 Extended

Microsoft .NET Framework 4 Extended PTB Language Pack

Microsoft Antimalware Service PT-BR Language Pack

Microsoft Application Error Reporting

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft LifeChat

Microsoft Mouse and Keyboard Center

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (Portuguese (Brazil)) 2010

Microsoft Office Excel MUI (Portuguese (Brazil)) 2010

Microsoft Office Home and Student 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (Portuguese (Brazil)) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (Portuguese (Brazil)) 2010

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010

Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2010

Microsoft Office Shared MUI (Portuguese (Brazil)) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (Portuguese (Brazil)) 2010

Microsoft Security Client

Microsoft Security Client PT-BR Language Pack

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

Microsoft Visual C++ 8.0 Support DLLs

Microsoft WSE 3.0 Runtime

Microsoft XNA Framework Redistributable 4.0 Refresh

Minecraft1.4.7

MKLOL

Motorola Bluetooth

MSVCRT

MSVCRT_amd64

NC Launcher (GameForge)

NCSOFT Game Launcher

Network64

Neverwinter

Nexon Game Manager

Nexus Mod Manager

NVIDIA Display Control Panel

NVIDIA Driver de gráficos 331.65

NVIDIA Driver de áudio HD 1.3.26.4

NVIDIA Drivers

NVIDIA GeForce Experience 1.7

NVIDIA Install Application

NVIDIA LED Visualizer 1.0

NVIDIA nTune

NVIDIA PhysX

NVIDIA ShadowPlay 9.3.16

NVIDIA Software do sistema PhysX 9.13.0725

NVIDIA System Monitor

NVIDIA Update Components

NVIDIA Virtual Audio 1.2.9

Orcs Must Die 2

Origin

Overwolf

Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)

Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Português (Brasil)

Painel de controle da NVIDIA 331.65

Pando Media Booster

Papers, Please

Project64 1.6

Proxifier version 3.21

PS_AIO_07_D110_SW_Min

QuickTime

QuickTransfer

Ralink RT2860 Wireless LAN Card

REACTOR

Realtek Ethernet Controller Driver For Windows 7

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Reus

Revo Uninstaller 1.94

Rhinoceros 4.0 SR2

savenshaRe

Scan

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)

Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition

Security Update for Microsoft Outlook 2010 (KB2794707) 32-Bit Edition

Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition

Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition

SHIELD Streaming

Shop for HP Supplies

Skype™ 6.6

SmartWebPrinting

Smite

SolutionCenter

Status

Steam

Subway Surfers 1.0

Super Meat Boy v1.5

Suporte para Aplicativos Apple

swMSM

System Requirements Lab Detection

TeamSpeak 3 Client

TeamViewer 7

The Elder Scrolls V Skyrim Dragonborn © Bethesda Softworks version 1

Toolbox

TrayApp

TriDef 3D (LG) 1.1.6

TriDef 3D Content (LG) 1.0.1

Trojan Killer

Trojan Remover 6.8.8

Tunngle beta

Unity Web Player

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2836939v3)

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition

Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition

Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition

Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition

VLC media player 2.0.4

WebReg

WinDirStat 1.1.2

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinRAR 4.11 (64-bit)

WinRAR 5.00 (32-bit)

.

==== End Of File ===========================

 

Link to post
Share on other sites

Rogue Killer report 

RogueKiller V8.7.6 _x64_ [Oct 28 2013] Por Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Iniciado em : Modo Normal
Usuario : W7 [Privilegios de Admnistrador]
Modo : Verificar -- Data : 11/04/2013 23:05:39
| ARK || FAK || MBR |
 
¤¤¤ Entradas ruins : 5 ¤¤¤
[sUSP PATH][DLL] rundll32.exe -- C:\Users\W7\AppData\Roaming\Baidu Security\PC App Store\3.8.8.1435\Uninstall\PC App Store Uninstall\0\InstallUtility.dll [-] -> rundll32.exe FINALIZADO [TermProc]
[sUSP PATH][DLL] rundll32.exe -- C:\Users\W7\AppData\Roaming\Baidu Security\PC App Store\3.8.8.1435\Uninstall\PC App Store Uninstall\0\InstallUtility.dll [-] -> rundll32.exe FINALIZADO [TermProc]
[sUSP PATH] Usbsupply.exe -- C:\Users\W7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Usbsupply.exe [-] -> FINALIZADO [TermProc]
[sVCHOST] Svchost.exe -- C:\Users\W7\AppData\Local\Temp\RarSFX0\Svchost.exe [-] -> FINALIZADO [TermProc]
[sUSP PATH] mstsc.exe -- C:\Users\W7\AppData\Roaming\data\mstsc.exe [-] -> FINALIZADO [TermProc]
 
¤¤¤ Entradas do Registro : 8 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> ENCONTRADO
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> ENCONTRADO
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> ENCONTRADO
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> ENCONTRADO
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> ENCONTRADO
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowVideos (0) -> ENCONTRADO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> ENCONTRADO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ENCONTRADO
 
¤¤¤ As tarefas agendadas : 3 ¤¤¤
[V2][sUSP PATH] EPUpdater : C:\Users\W7\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [x] -> ENCONTRADO
[V2][sUSP PATH] Funmoods : C:\Users\W7\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.EXE - /Check [x] -> ENCONTRADO
[V2][sUSP PATH] RunAsStdUser Task : "C:\Users\W7\AppData\Local\RavenBleuSA\bin\1.0.11.0\RavenBleuSA.exe" [x] -> ENCONTRADO
 
¤¤¤ entradas de inicialização : 3 ¤¤¤
[W7][sUSP PATH] Adobe.lnk : C:\Users\W7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe.lnk @C:\Users\W7\AppData\Roaming\data\Adobe.vbe [-][-] -> ENCONTRADO
[W7][sUSP PATH] PC App Store Uninstall 3.8.8.1435.lnk : C:\Users\W7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PC App Store Uninstall 3.8.8.1435.lnk @C:\Windows\System32\rundll32.exe "C:\Users\W7\AppData\Roaming\Baidu Security\PC App Store\3.8.8.1435\Uninstall\PC App Store Uninstall\0\InstallUtility.dll", _OpenUrl -run "PC App Store Uninstall" -ini "OpenUrl.ini" [-][7][-][x][x][x] -> ENCONTRADO
[W7][HJNAME] Svchost.exe.lnk : C:\Users\W7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Svchost.exe.lnk @C:\Users\W7\AppData\Local\Temp\RarSFX0\Svchost.exe [-][-] -> ENCONTRADO
 
¤¤¤ Os navegadores da Web : 0 ¤¤¤
 
¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤
 
¤¤¤ Driver : [Não Carregado 0x0] ¤¤¤
 
¤¤¤ Hives externas: ¤¤¤
 
¤¤¤ Infecção :  ¤¤¤
 
¤¤¤ Arquivo de Hosts: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
 
 
¤¤¤ Verificaçao do MBR: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK6465GSX +++++
--- User ---
[MBR] 9e0ca052cb6f8e60861faf2589c79fca
[bSP] 5d5b938334614db931649a7b8fa8b043 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 2048 | Size: 1536 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3147776 | Size: 304128 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 626001920 | Size: 304814 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Concluido : << RKreport[0]_S_11042013_230539.txt >>
Link to post
Share on other sites

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system.....Which system am I using?)

Please make sure you click download buttons that look like this, not "sponsored ad links":

bleep-crop.jpg

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
MrC
Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-10-2013

Ran by W7 at 2013-11-04 23:20:02

Running from C:\Users\W7\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

 

==================== Installed Programs ======================

 

64 Bit HP CIO Components Installer (Version: 6.2.2)

7-Zip 9.21 (x64 edition) (Version: 9.21.00.0)

7-Zip 9.21beta (x32)

Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)

Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)

Adobe Reader XI (11.0.05) - Português (x32 Version: 11.0.05)

Adobe Shockwave Player 11.6 (x32 Version: 11.6.8.638)

Age of Wushu (x32 Version: 0.0.1.065)

Aion (x32 Version: 4.0.0.3)

AP Tuner 3.08 (x32)

Apple Mobile Device Support (Version: 7.0.0.117)

Apple Software Update (x32 Version: 2.1.3.127)

Atualizações da NVIDIA 9.3.16 (Version: 9.3.16)

aTube Catcher (x32 Version: 2.9.1347)

AuthenTec TrueSuite (Version: 4.0.1.3)

Batman Arkham Origins v.1.0.0.0 (x32)

Bonjour (Version: 3.0.0.10)

BufferChm (x32 Version: 140.0.212.000)

CCleaner (Version: 4.07)

Core Temp 1.0 RC4 (Version: 1.0)

CPUID CPU-Z 1.61.5

CyberLink Blu-ray Disc Suite (x32 Version: 7.0.2407)

CyberLink InstantBurn (x32 Version: 5.0.5509b)

CyberLink Power2Go (x32 Version: 6.1.3602c)

CyberLink PowerDVD 9 (x32 Version: 9.0.4412.52)

CyberLink PowerProducer (x32 Version: 5.0.2.2415)

CyberLink YouCam (x32 Version: 3.1.3308)

D110 (x32 Version: 140.0.142.000)

D3DX10 (x32 Version: 15.4.2368.0902)

DAEMON Tools Lite (x32 Version: 4.47.1.0333)

DC Universe Online (HKCU Version: 1.0.3.183)

DC Universe Online Live (HKCU)

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)

Destinations (x32 Version: 140.0.77.000)

DeviceDiscovery (x32 Version: 140.0.212.000)

EzManual (x32)

Fallout 3 (x32 Version: 1.00.0000)

Fallout New Vegas (x32 Version: 1.4.0.525)

Fallout New Vegas (x32)

Far Cry 3 Blood Dragon (x32 Version: 1.00)

FEZ (x32 Version: 2.0.0.0)

ffdshow [rev 3154] [2009-12-09] (x32 Version: 1.0)

Fraps (remove only) (x32)

GameBox Console (x32 Version: 5.4.0.3)

GeForce Experience NvStream Client Components (Version: 1.6.28)

Gerenciador de Downloads (HKCU Version: 0.9.3.89)

Google Chrome (HKCU Version: 30.0.1599.101)

GPBaseService2 (x32 Version: 140.0.211.000)

Hi-Rez Studios Authenticate and Update Service (x32 Version: 3.0.0.0)

HP Customer Participation Program 14.0 (Version: 14.0)

HP Imaging Device Functions 14.0 (Version: 14.0)

HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7 (Version: 14.0)

HP Product Detection (x32 Version: 11.15.0007)

HP Smart Web Printing 4.60 (Version: 4.60)

HP Solution Center 14.0 (Version: 14.0)

HP Update (x32 Version: 5.002.002.002)

HPAppStudio (x32 Version: 140.0.95.000)

HPPhotoGadget (x32 Version: 140.0.524.000)

HPProductAssistant (x32 Version: 140.0.212.000)

HPSSupply (x32 Version: 140.0.211.000)

Intel® Control Center (x32 Version: 1.2.1.1007)

Intel® Management Engine Components (x32 Version: 6.0.0.1179)

Intel® Rapid Storage Technology (x32 Version: 9.6.0.1014)

iTunes (Version: 11.1.1.11)

Java 7 Update 45 (x32 Version: 7.0.450)

Java Auto Updater (x32 Version: 2.1.9.8)

Java 6 Update 31 (64-bit) (Version: 6.0.310)

Java 6 Update 31 (x32 Version: 6.0.310)

Java 7 Update 5 (64-bit) (Version: 7.0.50)

JavaFX 2.1.1 (x32 Version: 2.1.1)

Junk Mail filter update (x32 Version: 15.4.3502.0922)

League of Legends (x32 Version: 1.3)

LG Intelligent Update (x32 Version: 4.04.0403.99)

LG Magnifier (Version: 10.03.2201)

LG Media FUNtasia (x32 Version: 1.0.1102.0801)

LG OSD (Version: 11.04.1801)

LG Smart Care (x32 Version: 1.0.1107.1801)

LG Smart Indicator (x32 Version: 11.03.2501)

LG Smart Recovery (x32 Version: 5.5.3221)

Logitech Unifying Software 2.10 (Version: 2.10.37)

LogMeIn Hamachi (x32 Version: 2.1.0.374)

LOLReplay (x32 Version: 0.8.2.1)

Malwarebytes Anti-Malware versão 1.75.0.1300 (x32 Version: 1.75.0.1300)

MarketResearch (x32 Version: 140.0.212.000)

Memory Improve Master Free Version v6.1.2.369 (x32)

Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft .NET Framework 4 Client Profile PTB Language Pack (Version: 4.0.30319)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319)

Microsoft .NET Framework 4 Extended PTB Language Pack (Version: 4.0.30319)

Microsoft Antimalware Service PT-BR Language Pack (Version: 3.0.8402.2)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0)

Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)

Microsoft LifeChat (Version: 1.40.224.0)

Microsoft Mouse and Keyboard Center (Version: 1.1.500.0)

Microsoft Office 2010 Service Pack 1 (SP1) (x32)

Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Proof (Portuguese (Brazil)) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Proofing (Portuguese (Brazil)) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Security Client (Version: 4.3.0219.0)

Microsoft Security Client PT-BR Language Pack (Version: 2.1.1116.0)

Microsoft Security Essentials (Version: 4.3.219.0)

Microsoft Silverlight (Version: 5.1.20913.0)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)

Microsoft Visual C++ 8.0 Support DLLs (x32 Version: 1.0.0)

Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)

Microsoft XNA Framework Redistributable 4.0 Refresh (x32 Version: 4.0.30901.0)

Minecraft1.4.7 (x32)

MKLOL (HKCU)

Motorola Bluetooth (Version: 3.0.02.298)

MSVCRT (x32 Version: 15.4.2862.0708)

MSVCRT_amd64 (x32 Version: 15.4.2862.0708)

NC Launcher (GameForge) (x32)

NCSOFT Game Launcher (x32)

Network64 (Version: 140.0.212.000)

Neverwinter (x32)

Nexon Game Manager (x32)

Nexus Mod Manager (Version: 0.45.4)

NVIDIA Display Control Panel (Version: 6.14.12.6136)

NVIDIA Driver de áudio HD 1.3.26.4 (Version: 1.3.26.4)

NVIDIA Driver de gráficos 331.65 (Version: 331.65)

NVIDIA Drivers (Version: 1.10)

NVIDIA GeForce Experience 1.7 (Version: 1.7)

NVIDIA Install Application (Version: 2.1002.140.952)

NVIDIA LED Visualizer 1.0 (Version: 1.0)

NVIDIA nTune (x32 Version: 1.00.0000)

NVIDIA PhysX (x32 Version: 9.13.0725)

NVIDIA ShadowPlay 9.3.16 (Version: 9.3.16)

NVIDIA Software do sistema PhysX 9.13.0725 (Version: 9.13.0725)

NVIDIA System Monitor (x32 Version: 6.5)

NVIDIA Update Components (Version: 9.3.16)

NVIDIA Virtual Audio 1.2.9 (Version: 1.2.9)

Orcs Must Die 2 (x32)

Origin (x32 Version: 9.1.15.109)

Overwolf (x32 Version: 0.40.228)

Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (Version: 4.0.30319)

Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Português (Brasil) (Version: 4.0.30319)

Painel de controle da NVIDIA 331.65 (Version: 331.65)

Pando Media Booster (x32 Version: 2.6.0.8)

Papers, Please (x32 Version: 2.0.0.4)

Project64 1.6 (x32 Version: 1.6)

Proxifier version 3.21 (x32 Version: 3.21)

PS_AIO_07_D110_SW_Min (x32 Version: 140.0.142.000)

QuickTime (x32 Version: 7.74.80.86)

QuickTransfer (x32 Version: 140.0.98.000)

Ralink RT2860 Wireless LAN Card (x32 Version: 1.5.9.0)

REACTOR (x32 Version: 1.00.0000)

Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.23.623.2010)

Realtek High Definition Audio Driver (x32 Version: 6.0.1.6273)

Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30127)

Reus (x32 Version: 2.0.0.10)

Revo Uninstaller 1.94 (x32 Version: 1.94)

Rhinoceros 4.0 SR2 (x32 Version: 4.0.21017)

savenshaRe (x32 Version: 3.0.0.1391)

Scan (x32 Version: 140.0.77.000)

SHIELD Streaming (Version: 1.6.34)

Shop for HP Supplies (Version: 14.0)

Skype™ 6.6 (x32 Version: 6.6.106)

SmartWebPrinting (x32 Version: 140.0.186.000)

Smite (x32 Version: 0.1.1740.1)

SolutionCenter (x32 Version: 140.0.211.000)

Status (x32 Version: 140.0.212.000)

Steam (x32 Version: 1.0.0.0)

Subway Surfers 1.0 (x32 Version: 1.0)

Super Meat Boy v1.5 (x32)

Suporte para Aplicativos Apple (x32 Version: 2.3.6)

swMSM (x32 Version: 12.0.0.1)

System Requirements Lab Detection (x32 Version: 1.0.5.0)

TeamSpeak 3 Client (Version: 3.0.10)

TeamViewer 7 (x32 Version: 7.0.13852)

The Elder Scrolls V Skyrim Dragonborn © Bethesda Softworks version 1 (x32 Version: 1)

Toolbox (x32 Version: 140.0.424.000)

TrayApp (x32 Version: 140.0.212.000)

TriDef 3D (LG) 1.1.6 (x32 Version: 1.1.6)

TriDef 3D Content (LG) 1.0.1 (x32 Version: 1.0.1)

Trojan Killer (x32 Version: 2.1.9.4)

Trojan Remover 6.8.8 (x32 Version: 6.8.8)

Tunngle beta (x32)

Unity Web Player (HKCU Version: )

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)

Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)

Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2553065) (x32)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2566458) (x32)

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32)

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)

Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)

Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)

Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)

Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition (x32)

VLC media player 2.0.4 (x32 Version: 2.0.4)

WebReg (x32 Version: 140.0.212.017)

WinDirStat 1.1.2 (HKCU)

Windows Live Communications Platform (x32 Version: 15.4.3502.0922)

Windows Live Essentials (x32 Version: 15.4.3502.0922)

Windows Live Essentials (x32 Version: 15.4.3555.0308)

Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)

Windows Live Installer (x32 Version: 15.4.3502.0922)

Windows Live Language Selector (Version: 15.4.3555.0308)

Windows Live Mail (x32 Version: 15.4.3502.0922)

Windows Live Messenger (x32 Version: 15.4.3538.0513)

Windows Live MIME IFilter (Version: 15.4.3502.0922)

Windows Live Photo Common (x32 Version: 15.4.3502.0922)

Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)

Windows Live SOXE (x32 Version: 15.4.3502.0922)

Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)

Windows Live UX Platform (x32 Version: 15.4.3502.0922)

Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)

Windows Live Writer (x32 Version: 15.4.3502.0922)

Windows Live Writer Resources (x32 Version: 15.4.3502.0922)

WinRAR 4.11 (64-bit) (Version: 4.11.0)

WinRAR 5.00 (32-bit) (x32 Version: 5.00.0)

 

==================== Restore Points  =========================

 

 

==================== Hosts content: ==========================

 

2009-07-14 00:34 - 2013-11-04 22:05 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {137431AC-9C55-4016-BF42-76D0A6942E14} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)

Task: {15C577A4-1808-411B-BDD4-A5E30485CDFD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)

Task: {183CB842-22DD-4782-A429-F9F8C7D5012C} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Device Center\ipoint.exe [2012-06-26] (Microsoft Corporation)

Task: {24C4E2CA-5833-4769-9841-B04881AE3868} - System32\Tasks\Funmoods => C:\Users\W7\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.EXE

Task: {2FC88D9F-7D08-4025-AF9B-2F48A891573B} - System32\Tasks\LifeChatTask => C:\Program Files\Microsoft LifeChat\LifeChat.exe [2009-09-24] (Microsoft Corporation)

Task: {3FB74724-FA01-406E-A5BE-E14620B6DE1E} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe

Task: {4BB5556D-2783-4AA2-8656-2C28BA9A5092} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1169240536-2603080374-1045579868-1004Core => C:\Users\W7\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-21] (Google Inc.)

Task: {4D9CB66C-2D93-44C0-B5BC-61C7C2225969} - System32\Tasks\LG Intelligent Update => C:\Program Files (x86)\lg_swupdate\GiljabiStart.exe [2012-04-01] (LG Electronics Inc.)

Task: {62BAF1BC-B92E-455B-B9F5-3CC6C5E0838E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {7916F32A-58CF-45EF-8835-5226C1B5F57F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1169240536-2603080374-1045579868-1004UA => C:\Users\W7\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-21] (Google Inc.)

Task: {7B484B05-9700-47F7-849E-2AC41B69851E} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

Task: {839FB1FC-5D6F-41E9-ADFF-0CBD7CD0B439} - System32\Tasks\Baidu PC Faster Update => $szInstallingDir\Updater.exe

Task: {84EB74F3-5C8A-4A2D-A31E-C9C7A7EF5EE7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-22] (Piriform Ltd)

Task: {857F3F80-9167-4E3F-80B6-CB200A8EE7EB} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => C:\Program Files\Microsoft Device Center\DeviceCenter.exe [2012-06-26] (Microsoft)

Task: {9CCC7B28-8778-41AE-AB4E-C9D651783CD0} - System32\Tasks\Google Updater and Installer => C:\Users\W7\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-21] (Google Inc.)

Task: {AECC3C8D-3F22-450F-93DF-35C4995731DC} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Device Center\itype.exe [2012-06-26] (Microsoft Corporation)

Task: {CC8B27F1-162B-411A-9DA1-C467E7191388} - System32\Tasks\DealPlyUpdate => C:\Program Files (x86)\DealPly\DealPlyUpdate.exe

Task: {D2898CB0-C55A-4C5B-B51F-45F993F1F4D3} - System32\Tasks\EPUpdater => C:\Users\W7\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe

Task: {F6B520A7-7792-4D05-964D-7FF677D2C01E} - System32\Tasks\RunAsStdUser Task => C:\Users\W7\AppData\Local\RavenBleuSA\bin\1.0.11.0\RavenBleuSA.exe

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1169240536-2603080374-1045579868-1004Core.job => C:\Users\W7\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1169240536-2603080374-1045579868-1004UA.job => C:\Users\W7\AppData\Local\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2013-01-28 18:40 - 2012-11-22 18:57 - 00057448 _____ () C:\Windows\system32\PrxerNsp.dll

2012-02-20 22:29 - 2012-02-20 22:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2012-02-20 22:28 - 2012-02-20 22:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2009-11-02 15:20 - 2009-11-02 15:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll

2009-11-02 15:23 - 2009-11-02 15:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll

2013-10-16 19:22 - 2013-10-08 22:01 - 00698832 _____ () C:\Users\W7\AppData\Local\Google\Chrome\Application\30.0.1599.101\libglesv2.dll

2013-10-16 19:22 - 2013-10-08 22:01 - 00099792 _____ () C:\Users\W7\AppData\Local\Google\Chrome\Application\30.0.1599.101\libegl.dll

2013-10-16 19:22 - 2013-10-08 22:02 - 04055504 _____ () C:\Users\W7\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll

2013-10-16 19:22 - 2013-10-08 22:02 - 00415184 _____ () C:\Users\W7\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll

2013-10-16 19:22 - 2013-10-08 22:01 - 01604560 _____ () C:\Users\W7\AppData\Local\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll

2011-08-17 11:53 - 2010-03-03 21:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

2013-10-16 19:22 - 2013-10-08 22:02 - 13584336 _____ () C:\Users\W7\AppData\Local\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

 

==================== Safe Mode (whitelisted) ===================

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

 

==================== Faulty Device Manager Devices =============

 

Name: Photosmart D110 series

Description: Photosmart D110 series

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Hamachi Network Interface

Description: Hamachi Network Interface

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: LogMeIn, Inc.

Service: hamachi

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Bluetooth Module

Description: Bluetooth Module

Class Guid: {a173b237-6a34-4bb5-aa63-2561160fa200}

Manufacturer: Motorola Solutions, Inc.

Service: BTMUSB

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (11/04/2013 10:19:42 PM) (Source: NvStreamSvc) (User: )

Description: NvStreamSvcNvVAD initialization failed [6]

 

Error: (11/04/2013 10:19:42 PM) (Source: NvStreamSvc) (User: )

Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

 

Error: (11/04/2013 10:18:56 PM) (Source: Microsoft-Windows-EapHost) (User: AUTORIDADE NT)

Description: Ignorando: ocorreu uma falha na validação de Eap method DLL path name. Erro: typeId=43, authorId=9, vendorId=0, vendorType=0

 

Error: (11/04/2013 10:18:56 PM) (Source: Microsoft-Windows-EapHost) (User: AUTORIDADE NT)

Description: Ignorando: ocorreu uma falha na validação de Eap method DLL path name. Erro: typeId=25, authorId=9, vendorId=0, vendorType=0

 

Error: (11/04/2013 10:18:56 PM) (Source: Microsoft-Windows-EapHost) (User: AUTORIDADE NT)

Description: Ignorando: ocorreu uma falha na validação de Eap method DLL path name. Erro: typeId=17, authorId=9, vendorId=0, vendorType=0

 

Error: (11/04/2013 09:54:38 PM) (Source: VSS) (User: )

Description: Erro do serviço de cópias de sombra de volume: erro inesperado ao chamar a rotina CoCreateInstance.  hr = 0x8007043c, Não é possível compartilhar este serviço no modo de segurança

.

 

 

Operação:

   Instanciando servidor VSS

 

Error: (11/04/2013 09:54:38 PM) (Source: VSS) (User: )

Description: Erro no Serviço de Cópias de Sombra de Volume: não é possível iniciar o Servidor COM com a CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} e o nome IVssCoordinatorEx2 durante o Modo de Segurança.

O Serviço de Cópias de Sombra de Volume não pode ser iniciado no modo de segurança. [0x8007043c, Não é possível compartilhar este serviço no modo de segurança

]

 

 

Operação:

   Instanciando servidor VSS

 

Error: (11/04/2013 07:51:38 PM) (Source: NvStreamSvc) (User: )

Description: NvStreamSvcNvVAD initialization failed [6]

 

Error: (11/04/2013 07:51:38 PM) (Source: NvStreamSvc) (User: )

Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

 

Error: (11/04/2013 07:50:36 PM) (Source: Microsoft-Windows-EapHost) (User: AUTORIDADE NT)

Description: Ignorando: ocorreu uma falha na validação de Eap method DLL path name. Erro: typeId=43, authorId=9, vendorId=0, vendorType=0

 

 

System errors:

=============

Error: (11/04/2013 11:10:52 PM) (Source: DCOM) (User: AUTORIDADE NT)

Description: Específico do aplicativoLocalIniciar{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}AUTORIDADE NTSISTEMAS-1-5-18LocalHost (Usando LRPC)

 

Error: (11/04/2013 11:00:52 PM) (Source: DCOM) (User: AUTORIDADE NT)

Description: Específico do aplicativoLocalIniciar{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}AUTORIDADE NTSISTEMAS-1-5-18LocalHost (Usando LRPC)

 

Error: (11/04/2013 10:54:25 PM) (Source: mbamchameleon) (User: )

Description: \Device\HarddiskVolume2\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MPCMDRUN.EXE

 

Error: (11/04/2013 10:54:25 PM) (Source: mbamchameleon) (User: )

Description: \Device\HarddiskVolume2\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSSECES.EXE

 

Error: (11/04/2013 10:54:23 PM) (Source: mbamchameleon) (User: )

Description: \Device\HarddiskVolume2\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE

 

Error: (11/04/2013 10:52:16 PM) (Source: mbamchameleon) (User: )

Description: \Device\HarddiskVolume2\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MPCMDRUN.EXE

 

Error: (11/04/2013 10:52:16 PM) (Source: mbamchameleon) (User: )

Description: \??\c:\Program Files\Microsoft Security Client\MpCmdRun.exe

 

Error: (11/04/2013 10:52:16 PM) (Source: mbamchameleon) (User: )

Description: \Device\HarddiskVolume2\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MPCMDRUN.EXE

 

Error: (11/04/2013 10:52:16 PM) (Source: mbamchameleon) (User: )

Description: \??\c:\Program Files\Microsoft Security Client\MpCmdRun.exe

 

Error: (11/04/2013 10:50:52 PM) (Source: DCOM) (User: AUTORIDADE NT)

Description: Específico do aplicativoLocalIniciar{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}AUTORIDADE NTSISTEMAS-1-5-18LocalHost (Usando LRPC)

 

 

Microsoft Office Sessions:

=========================

Error: (11/04/2013 10:19:42 PM) (Source: NvStreamSvc)(User: )

Description: NvStreamSvcNvVAD initialization failed [6]

 

Error: (11/04/2013 10:19:42 PM) (Source: NvStreamSvc)(User: )

Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

 

Error: (11/04/2013 10:18:56 PM) (Source: Microsoft-Windows-EapHost)(User: AUTORIDADE NT)

Description: Eap method DLL path name43900

 

Error: (11/04/2013 10:18:56 PM) (Source: Microsoft-Windows-EapHost)(User: AUTORIDADE NT)

Description: Eap method DLL path name25900

 

Error: (11/04/2013 10:18:56 PM) (Source: Microsoft-Windows-EapHost)(User: AUTORIDADE NT)

Description: Eap method DLL path name17900

 

Error: (11/04/2013 09:54:38 PM) (Source: VSS)(User: )

Description: CoCreateInstance0x8007043c, Não é possível compartilhar este serviço no modo de segurança

 

 

Operação:

   Instanciando servidor VSS

 

Error: (11/04/2013 09:54:38 PM) (Source: VSS)(User: )

Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, Não é possível compartilhar este serviço no modo de segurança

 

 

Operação:

   Instanciando servidor VSS

 

Error: (11/04/2013 07:51:38 PM) (Source: NvStreamSvc)(User: )

Description: NvStreamSvcNvVAD initialization failed [6]

 

Error: (11/04/2013 07:51:38 PM) (Source: NvStreamSvc)(User: )

Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

 

Error: (11/04/2013 07:50:36 PM) (Source: Microsoft-Windows-EapHost)(User: AUTORIDADE NT)

Description: Eap method DLL path name43900

 

 

CodeIntegrity Errors:

===================================

  Date: 2013-11-04 22:04:50.133

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-11-04 22:04:50.063

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-05-19 22:21:51.226

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\LG Software\LG Smart Care\UserIO.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-05-19 22:21:51.179

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\LG Software\LG Smart Care\UserIO.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-05-19 22:21:50.602

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\LG Software\LG Smart Care\UserIO.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-05-19 22:21:50.571

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\LG Software\LG Smart Care\UserIO.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-05-19 22:21:49.963

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\LG Software\LG Smart Care\UserIO.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-05-19 22:21:49.931

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\LG Software\LG Smart Care\UserIO.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-05-19 22:21:49.323

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\LG Software\LG Smart Care\UserIO.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-05-19 22:21:49.292

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\LG Software\LG Smart Care\UserIO.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 43%

Total physical RAM: 6077.86 MB

Available physical RAM: 3404.33 MB

Total Pagefile: 115076.04 MB

Available Pagefile: 111990.98 MB

Total Virtual: 8192 MB

Available Virtual: 8191.83 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:297 GB) (Free:59.8 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: () (Fixed) (Total:297.67 GB) (Free:53.26 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 596 GB) (Disk ID: AF8D52F9)

Partition 1: (Not Active) - (Size=2 GB) - (Type=12)

Partition 2: (Active) - (Size=297 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

Addition.txt

Link to post
Share on other sites

Sorry XD

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013
Ran by W7 (administrator) on COM-PC on 04-11-2013 23:17:51
Running from C:\Users\W7\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Portuguese Brazilian
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(AuthenTec, Inc) C:\Program Files\TrueSuite\TrueSuite.Service.exe
(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\ATService.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Motorola Solutions, Inc.) C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Motorola Solutions, Inc.) C:\Program Files\Motorola\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(AuthenTec Inc.) C:\Program Files\TrueSuite\TrueSuite.TouchControl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeChat\LifeChat.exe
(LG Electronics Inc.) C:\Program Files\LG Software\LG OSD\HotKey.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\ipoint.exe
(AuthenTec, Inc.) C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe
(AuthenTec, Inc.) C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe
(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Google Inc.) C:\Users\W7\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\W7\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\W7\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\W7\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\W7\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\W7\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\W7\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\W7\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\W7\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Users\W7\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe
() C:\Users\W7\Downloads\RogueKillerX64.exe
(Google Inc.) C:\Users\W7\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\W7\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\W7\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\W7\AppData\Local\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
(Farbar) C:\Users\W7\Downloads\FRST64 (1).exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11725928 2010-12-23] (Realtek Semiconductor)
HKLM\...\Run: [LifeChat] - C:\Program Files\Microsoft LifeChat\LifeChat.exe [371712 2009-09-24] (Microsoft Corporation)
HKLM\...\Run: [KeybdUtility] - C:\Program Files\LG Software\LG OSD\HotKey.exe [3556352 2011-04-18] (LG Electronics Inc.)
HKLM\...\Run: [intelliType Pro] - C:\Program Files\Microsoft Device Center\itype.exe [1464928 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [intelliPoint] - C:\Program Files\Microsoft Device Center\ipoint.exe [2004584 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [ClientAppLogon32] - C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe [307520 2010-07-21] (AuthenTec, Inc.)
HKLM\...\Run: [ClientAppLogon] - C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe [420672 2010-07-21] (AuthenTec, Inc.)
HKLM\...\Run: [ATSwpNav.exe] - C:\Program Files\Fingerprint Sensor\ATSwpNav.exe [172864 2010-06-25] (AuthenTec, Inc.)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-10-17] (NVIDIA Corporation)
HKLM\...\Run: [shadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation)
HKCU\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2012-12-24] ()
HKCU\...\Run: [Memory Improve Master] - C:\Program Files (x86)\Memory Improve Master\MemoryImproveMaster.exe [5095424 2009-03-16] (Memory Improve Master Studio)
HKCU\...\Run: [NVIDIA nTune] - "C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [LG Media FUNtasia] - C:\Program Files (x86)\LG Software\LG Media FUNtasia\MediaFuntasiaStart.exe [220616 2010-11-23] ()
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM-x32\...\Run: [bDRegion] - C:\Program Files (x86)\CyberLink\Shared files\brs.exe [75048 2010-07-06] (cyberlink)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [NCUpdateHelper] - C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe [528360 2013-11-03] (NCSOFT Corporation)
HKLM-x32\...\Run: [TrojanScanner] - C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1655568 2013-07-19] (Simply Super Software)
HKU\admin\...\Policies\system: [LogonHoursAction] 2
HKU\admin\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Administrador\...\Policies\system: [LogonHoursAction] 2
HKU\Administrador\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Marcelo P\...\Policies\system: [LogonHoursAction] 2
HKU\Marcelo P\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\W7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe.lnk
ShortcutTarget: Adobe.lnk -> C:\Users\W7\AppData\Roaming\data\Adobe.vbe ()
Startup: C:\Users\W7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PC App Store Uninstall 3.8.8.1435.lnk
ShortcutTarget: PC App Store Uninstall 3.8.8.1435.lnk -> C:\Users\W7\AppData\Roaming\Baidu Security\PC App Store\3.8.8.1435\Uninstall\PC App Store Uninstall\0\InstallUtility.dll", _OpenUrl -run "PC App Store Uninstall" -ini "OpenUrl.ini (No File)
Startup: C:\Users\W7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Svchost.exe.lnk
ShortcutTarget: Svchost.exe.lnk -> C:\Users\W7\AppData\Local\Temp\RarSFX0\Svchost.exe ()
Startup: C:\Users\W7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Usbsupply.exe ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com/?tn=bbl_pay_hp_02_hao123_br
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com/?tn=incore_pay_hp_01_hao123_br
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.searchiseasy.info/?pid=625&r=2013/09/01&hid=5734058029627842397&lg=EN&cc=BR&unqvl=33
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzuyB0AyBzytDyDtDyEtC0F0B0AtAzytBtCtN0D0Tzu0StByDtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=593889077
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzuyB0AyBzytDyDtDyEtC0F0B0AtAzytBtCtN0D0Tzu0StByDtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=593889077
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzuyB0AyBzytDyDtDyEtC0F0B0AtAzytBtCtN0D0Tzu0StByDtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=593889077
SearchScopes: HKLM-x32 - Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzuyB0AyBzytDyDtDyEtC0F0B0AtAzytBtCtN0D0Tzu0StByDtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=593889077
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchiseasy.info/?l=1&q={searchTerms}&pid=625&r=2013/09/01&hid=5734058029627842397&lg=EN&cc=BR&unqvl=33
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=C2C600FFE8B8E3DA&affID=121565&tsp=5014
SearchScopes: HKCU - Backup.Old.DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=C2C600FFE8B8E3DA&affID=121565&tsp=5014
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzuyB0AyBzytDyDtDyEtC0F0B0AtAzytBtCtN0D0Tzu0StByDtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=593889077
SearchScopes: HKCU - {59571355-E6BF-3756-86C8-1F912A7C5F43} URL = http://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=082411CBF8E37197ED8884504810F025&q={searchTerms}
SearchScopes: HKCU - {B02EE1FB-1C87-49B4-B667-F420108A0448} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=ct3067892
SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://mp3tubetoolbarsearch.com/?tmp=nemo_results_removelink2&keywords={searchTerms}
SearchScopes: HKCU - {ED2F04DE-8D56-41BE-9DEB-CAE5A5D684B7} URL = http://mp3tubetoolbar.com/?tmp=toolbar_sb_results&prt=pinballtbfour01ie&Keywords={searchTerms}&clid=dd7d41b811fd4d8c9b6b3d3260537805
BHO: TrueSuite WebStore - {5cb2b77d-c8ca-44db-af20-a7a4df462a12} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\TrueSuite\TrueSuite.IEBHO.dll (AuthenTec Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: No Name - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -  No File
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: TrueSuite WebStore - {5cb2b77d-c8ca-44db-af20-a7a4df462a12} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\TrueSuite\x86\TrueSuite.IEBHO.dll (AuthenTec Inc.)
BHO-x32: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 11 C:\Windows\SysWOW64\PrxerNsp.dll [56424] ()
Winsock: Catalog9 01 C:\Windows\SysWOW64\PrxerDrv.dll [70248] (Initex)
Winsock: Catalog9 02 C:\Windows\SysWOW64\PrxerDrv.dll [70248] (Initex)
Winsock: Catalog9 03 C:\Windows\SysWOW64\PrxerDrv.dll [70248] (Initex)
Winsock: Catalog9 04 C:\Windows\SysWOW64\PrxerDrv.dll [70248] (Initex)
Winsock: Catalog9 16 C:\Windows\SysWOW64\PrxerDrv.dll [70248] (Initex)
Winsock: Catalog5-x64 11 %SystemRoot%\system32\PrxerNsp.dll [57448] ()
Winsock: Catalog9-x64 01 %SystemRoot%\system32\PrxerDrv.dll [76392] (Initex)
Winsock: Catalog9-x64 02 %SystemRoot%\system32\PrxerDrv.dll [76392] (Initex)
Winsock: Catalog9-x64 03 %SystemRoot%\system32\PrxerDrv.dll [76392] (Initex)
Winsock: Catalog9-x64 04 %SystemRoot%\system32\PrxerDrv.dll [76392] (Initex)
Winsock: Catalog9-x64 16 %SystemRoot%\system32\PrxerDrv.dll [76392] (Initex)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.2
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Users\W7\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\W7\AppData\Local\Google\Chrome\Application\30.0.1599.101\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\W7\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\W7\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Babylon ToolBar) - C:\Users\W7\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\BabylonChromeToolBar.dll No File
CHR Plugin: (Skype Click to Call) - C:\Users\W7\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll No File
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll No File
CHR Plugin: (Java Platform SE 7 U5) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.50.255) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Happy Cloud Plugin) - C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll No File
CHR Plugin: (Google Update) - C:\Users\W7\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (HP Product Detection Plugin) - C:\Users\W7\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp\2.0.5.6_0
CHR Extension: (AdBlock) - C:\Users\W7\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.11_0
CHR Extension: (IDM Integration Module) - C:\Users\W7\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn\6.18.2_0
CHR Extension: (Google Wallet) - C:\Users\W7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\W7\AppData\Local\funmoods.crx
CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\W7\AppData\Local\funmoods-speeddial.crx
CHR HKLM-x32\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - C:\Program Files (x86)\DealPly\DealPly.crx
CHR HKLM-x32\...\Chrome\Extension: [gnlaniokgfckpjblpafbfchhghecmifi] - C:\Users\W7\AppData\Local\CRE\gnlaniokgfckpjblpafbfchhghecmifi.crx
CHR HKLM-x32\...\Chrome\Extension: [jbpkiefagocgkmemidfngdkamloieekf] - C:\Program Files (x86)\TornTV.com\torn11.crx
CHR StartMenuInternet: Google Chrome - C:\Users\W7\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
S4 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [246256 2010-07-06] (CyberLink)
R2 FPLService; C:\Program Files\TrueSuite\TrueSuite.Service.exe [288064 2010-07-21] (AuthenTec, Inc)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [4554640 2013-08-21] (INCA Internet Co., Ltd.)
S4 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [180224 2007-09-04] (NVIDIA)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15122208 2013-10-17] (NVIDIA Corporation)
S4 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [18360 2013-01-02] (Overwolf Ltd)
S4 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [746392 2013-03-20] (Tunngle.net GmbH)
 
==================== Drivers (Whitelisted) ====================
 
S3 1394hub; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 1394hub; C:\Windows\SysWow64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R1 CLBStor; C:\Windows\System32\DRIVERS\CLBStor.sys [24560 2009-10-07] (Cyberlink Co.,Ltd.)
R2 CLBUDF; C:\Windows\System32\Drivers\CLBUDF.sys [376304 2009-10-07] (CyberLink Corporation.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-15] (DT Soft Ltd)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2005-01-04] (INCA Internet Co., Ltd.)
R3 nvoclk64; C:\Windows\System32\DRIVERS\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.)
S3 NVR0Dev; C:\Windows\nvoclk64.sys [39968 2007-09-04] (NVidia Corp.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-27] (NVIDIA Corporation)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-01-10] (Anchorfree Inc.)
S3 TrojanKillerDriver; C:\Windows\System32\DRIVERS\gtkdrv.sys [16640 2013-10-11] (Windows ® Win 7 DDK provider)
S3 ALSysIO; \??\C:\Users\W7\AppData\Local\Temp\ALSysIO64.sys [x]
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 dk; \??\C:\AeriaGames\DKOnline\avital\dkol64.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\3.7.0.0\PCFApiUtil64.sys [x]
S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-11-04 23:17 - 2013-11-04 23:17 - 01957098 _____ (Farbar) C:\Users\W7\Downloads\FRST64 (1).exe
2013-11-04 23:05 - 2013-11-04 23:05 - 00004088 _____ C:\Users\W7\Desktop\RKreport[0]_S_11042013_230539.txt
2013-11-04 22:55 - 2013-11-04 22:55 - 00025191 _____ C:\Users\W7\Desktop\dds.txt
2013-11-04 22:55 - 2013-11-04 22:55 - 00012347 _____ C:\Users\W7\Desktop\attach.txt
2013-11-04 22:54 - 2013-11-04 22:54 - 04012032 _____ C:\Users\W7\Downloads\RogueKillerX64.exe
2013-11-04 22:52 - 2013-11-04 22:52 - 00688992 ____R (Swearware) C:\Users\W7\Downloads\dds.scr
2013-11-04 22:31 - 2013-11-04 22:54 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes' Anti-Malware (portable)
2013-11-04 22:31 - 2013-11-04 22:54 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-04 22:31 - 2013-11-04 22:31 - 00116440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-11-04 22:28 - 2013-11-04 22:28 - 00000204 _____ C:\Users\W7\Downloads\Search.txt
2013-11-04 22:27 - 2013-11-04 22:54 - 00000000 ____D C:\Users\W7\Desktop\mbar
2013-11-04 22:27 - 2013-11-04 22:27 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-04 22:27 - 2013-11-04 22:27 - 00000000 ____D C:\FRST
2013-11-04 22:26 - 2013-11-04 22:27 - 12576792 _____ (Malwarebytes Corp.) C:\Users\W7\Downloads\mbar-1.07.0.1007.exe
2013-11-04 22:24 - 2013-11-04 22:24 - 01957098 _____ (Farbar) C:\Users\W7\Downloads\FRST64.exe
2013-11-04 22:20 - 2013-11-04 22:20 - 00000000 ____D C:\Users\W7\AppData\Roaming\data
2013-11-04 22:16 - 2013-11-04 23:05 - 00000000 ____D C:\Users\W7\Desktop\RK_Quarantine
2013-11-04 22:16 - 2013-11-04 22:17 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\W7\Desktop\tdsskiller.exe
2013-11-04 22:15 - 2013-11-04 22:16 - 03538944 _____ C:\Users\W7\Downloads\RogueKiller.exe
2013-11-04 22:14 - 2013-11-04 22:14 - 00891184 _____ C:\Users\W7\Downloads\SecurityCheck.exe
2013-11-04 22:08 - 2013-11-04 22:08 - 00036348 _____ C:\ComboFix.txt
2013-11-04 20:19 - 2013-11-04 20:19 - 00013119 _____ C:\Users\W7\Downloads\hijackthis.log
2013-11-04 20:18 - 2013-11-04 20:18 - 00388608 _____ (Trend Micro Inc.) C:\Users\W7\Downloads\HijackThis.exe
2013-11-04 19:51 - 2013-11-04 19:51 - 00095248 _____ C:\Users\W7\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-04 16:14 - 2013-11-04 16:21 - 00010362 _____ C:\Windows\IE10_main.log
2013-11-04 16:06 - 2013-11-04 16:06 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-11-04 16:06 - 2013-11-04 16:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-11-04 15:47 - 2013-11-04 15:50 - 00000000 ____D C:\Windows\system32\MRT
2013-11-04 15:30 - 2011-06-26 04:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-04 15:30 - 2010-11-07 15:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-04 15:30 - 2009-04-20 02:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-11-04 15:30 - 2000-08-30 22:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-04 15:30 - 2000-08-30 22:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-04 15:30 - 2000-08-30 22:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-04 15:30 - 2000-08-30 22:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-04 15:30 - 2000-08-30 22:00 - 00068096 _____ C:\Windows\zip.exe
2013-11-04 15:29 - 2013-11-04 22:08 - 00000000 ____D C:\Qoobox
2013-11-04 15:29 - 2013-11-04 22:06 - 00000000 ____D C:\Windows\erdnt
2013-11-04 15:28 - 2013-11-04 21:51 - 05143677 ____R (Swearware) C:\Users\W7\Downloads\ComboFix.exe
2013-11-04 15:27 - 2013-11-04 15:27 - 00000000 ____D C:\Users\Todos os Usuários\Licenses
2013-11-04 15:27 - 2013-11-04 15:27 - 00000000 ____D C:\ProgramData\Licenses
2013-11-04 15:21 - 2013-11-04 15:21 - 00000000 ____D C:\Users\W7\Documents\Simply Super Software
2013-11-04 15:21 - 2013-11-04 15:21 - 00000000 ____D C:\Users\W7\AppData\Roaming\Simply Super Software
2013-11-04 15:20 - 2013-11-04 15:21 - 00000000 ____D C:\Program Files (x86)\Trojan Remover
2013-11-04 15:20 - 2013-11-04 15:20 - 00000000 ____D C:\Users\Todos os Usuários\Simply Super Software
2013-11-04 15:20 - 2013-11-04 15:20 - 00000000 ____D C:\ProgramData\Simply Super Software
2013-11-04 15:17 - 2013-11-04 15:20 - 27084152 _____ (Simply Super Software                                       ) C:\Users\W7\Downloads\trjsetup688.exe
2013-11-04 14:58 - 2013-11-04 14:58 - 00000944 _____ C:\Users\Public\Desktop\Trojan Killer.lnk
2013-11-04 14:57 - 2013-11-04 15:12 - 00000000 ____D C:\Program Files\GridinSoft Trojan Killer
2013-11-04 14:40 - 2013-11-04 14:54 - 55954968 _____ (GridinSoft LLC) C:\Users\W7\Downloads\gtk-2.1.9.4-setup.exe
2013-11-04 14:06 - 2013-11-04 14:06 - 00078353 _____ C:\Users\W7\Downloads\[kickass.to]18onlygirls.erotic.splash.guerlain.1080p.wmv (2).torrent
2013-11-04 14:06 - 2013-11-04 14:06 - 00034127 _____ C:\Users\W7\Downloads\[kickass.to]18onlygirls.erotic.splash.guerlain.720p.mp4 (3).torrent
2013-11-04 13:30 - 2013-11-04 22:18 - 00025432 _____ C:\Windows\PFRO.log
2013-11-04 13:25 - 2013-04-09 21:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-11-04 13:25 - 2013-04-02 20:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-11-04 13:03 - 2013-11-04 13:03 - 00000000 ____D C:\Users\W7\AppData\Roaming\Malwarebytes
2013-11-04 13:02 - 2013-11-04 13:02 - 00001073 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-04 13:02 - 2013-11-04 13:02 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes
2013-11-04 13:02 - 2013-11-04 13:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-04 13:02 - 2013-11-04 13:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-04 13:02 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-04 13:01 - 2013-11-04 13:02 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\W7\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-04 13:00 - 2013-08-27 23:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-11-04 12:47 - 2013-11-04 12:47 - 00095248 _____ C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2013-11-04 12:44 - 2013-11-04 22:19 - 00001400 _____ C:\Windows\setupact.log
2013-11-04 12:44 - 2013-11-04 12:44 - 00370544 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-04 12:44 - 2013-11-04 12:44 - 00000000 _____ C:\Windows\setuperr.log
2013-11-03 23:45 - 2013-11-03 23:45 - 00000000 ____D C:\AdwCleaner
2013-11-03 23:41 - 2013-11-03 23:41 - 01073258 _____ C:\Users\W7\Downloads\adwcleaner.exe
2013-11-03 23:34 - 2013-11-03 23:34 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-11-03 23:34 - 2013-11-03 23:34 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-11-03 23:33 - 2013-11-03 23:33 - 13833400 _____ (Microsoft Corporation) C:\Users\W7\Downloads\mseinstall (2).exe
2013-11-03 23:33 - 2013-11-03 23:33 - 11255120 _____ (Microsoft Corporation) C:\Users\W7\Downloads\mseinstall (1).exe
2013-11-03 23:31 - 2013-11-04 22:48 - 01385579 _____ C:\Windows\WindowsUpdate.log
2013-11-03 23:31 - 2013-11-03 23:31 - 00000000 ____D C:\Windows\TempEEF6705C-55FF-B850-1078-C5F9C07523FB-Signatures
2013-11-03 23:30 - 2013-11-03 23:30 - 13833400 _____ (Microsoft Corporation) C:\Users\W7\Downloads\mseinstall.exe
2013-11-03 23:16 - 2013-11-03 23:16 - 04379048 _____ (Piriform Ltd) C:\Users\W7\Downloads\ccsetup407.exe
2013-11-03 19:41 - 2013-11-03 19:41 - 00645729 _____ (WDS Team) C:\Users\W7\Downloads\windirstat1_1_2_setup (1).exe
2013-11-03 19:34 - 2013-11-03 19:42 - 00000000 ____D C:\Program Files (x86)\WinDirStat
2013-11-03 19:34 - 2013-11-03 19:34 - 00000995 _____ C:\Users\W7\Desktop\WinDirStat.lnk
2013-11-03 19:34 - 2013-11-03 19:34 - 00000995 _____ C:\Users\UpdatusUser\Desktop\WinDirStat.lnk
2013-11-03 19:34 - 2013-11-03 19:34 - 00000995 _____ C:\Users\Marcelo P\Desktop\WinDirStat.lnk
2013-11-03 19:34 - 2013-11-03 19:34 - 00000995 _____ C:\Users\Administrador\Desktop\WinDirStat.lnk
2013-11-03 19:34 - 2013-11-03 19:34 - 00000995 _____ C:\Users\admin\Desktop\WinDirStat.lnk
2013-11-03 19:34 - 2013-11-03 19:34 - 00000000 ____D C:\Users\W7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat
2013-11-03 19:33 - 2013-11-03 19:33 - 00645729 _____ (WDS Team) C:\Users\W7\Downloads\windirstat1_1_2_setup.exe
2013-11-03 13:01 - 2013-11-03 13:01 - 00000000 ____D C:\Program Files (x86)\NCWest
2013-11-03 12:48 - 2013-11-03 13:02 - 00002180 _____ C:\Users\Public\Desktop\Aion.lnk
2013-11-03 12:48 - 2013-11-03 12:48 - 00000000 ____D C:\Program Files (x86)\NCSOFT
2013-11-03 12:47 - 2013-11-03 12:47 - 05003264 _____ (NC Interactive, LLC) C:\Users\W7\Downloads\AionInstaller.exe
2013-11-03 11:22 - 2013-11-03 11:22 - 00000000 ____D C:\Program Files (x86)\Blade and Soul
2013-11-03 05:35 - 2013-11-03 05:35 - 00013825 _____ C:\Users\W7\Downloads\Blade__amp__Soul_(Atomix)_[Dec-4_Update].6920870.TPB (1).torrent
2013-11-03 04:56 - 2013-11-03 11:09 - 00000000 ____D C:\Users\W7\Downloads\Blade & Soul (Atomix) [Dec-4 Update]
2013-11-03 04:56 - 2013-11-03 04:56 - 02191154 _____ C:\Users\W7\Downloads\Atomix_Blade_and_Soul_Launcher.rar
2013-11-03 04:55 - 2013-11-03 04:55 - 00013825 _____ C:\Users\W7\Downloads\Blade__amp__Soul_(Atomix)_[Dec-4_Update].6920870.TPB.torrent
2013-11-03 03:52 - 2013-11-03 03:52 - 00000994 _____ C:\Users\Public\Desktop\Age of Wushu.lnk
2013-11-03 03:52 - 2013-11-03 03:52 - 00000000 ____D C:\Program Files (x86)\Snail Games USA
2013-11-02 19:35 - 2013-11-02 19:35 - 00001301 _____ C:\Users\W7\Desktop\AgeofWushu_downloader.lnk
2013-11-02 18:55 - 2013-11-02 19:00 - 91662048 _____ C:\Users\W7\Downloads\sexx..rar
2013-11-01 21:33 - 2013-11-01 21:33 - 00002571 _____ C:\Users\W7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DC Universe Online.lnk
2013-11-01 21:33 - 2013-11-01 21:33 - 00002541 _____ C:\Users\W7\Desktop\DC Universe Online.lnk
2013-11-01 15:38 - 2013-11-01 15:38 - 00000000 ____D C:\Program Files (x86)\Grinding Gear Games
2013-10-31 17:08 - 2013-10-31 17:08 - 00001845 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-10-31 17:08 - 2013-10-31 17:08 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-10-31 17:06 - 2013-10-31 17:06 - 00000000 ____D C:\Program Files (x86)\WinRAR
2013-10-30 00:19 - 2013-10-30 00:19 - 00002152 _____ C:\Users\W7\Downloads\[kickass.to]the.red.hot.chilli.peppers.snow.hey.oh.torrent
2013-10-30 00:13 - 2013-10-30 00:13 - 00016462 _____ C:\Users\W7\Downloads\[kickass.to]red.hot.chili.peppers.greatest.hits (3).torrent
2013-10-30 00:13 - 2013-10-30 00:13 - 00016462 _____ C:\Users\W7\Downloads\[kickass.to]red.hot.chili.peppers.greatest.hits (2).torrent
2013-10-29 17:51 - 2013-10-29 17:51 - 00000398 _____ C:\fraglist.luar
2013-10-29 17:50 - 2013-10-29 17:52 - 00000000 ____D C:\Program Files (x86)\baidu
2013-10-29 17:50 - 2013-10-29 17:51 - 00000047 _____ C:\Archive.ini
2013-10-28 14:53 - 2013-10-28 14:53 - 00060371 _____ C:\Users\W7\Downloads\pink-floyd-comfortably_numb_ver2.gp3
2013-10-28 14:52 - 2013-10-28 14:52 - 00047034 _____ C:\Users\W7\Downloads\pink-floyd-comfortably-numb (2).gp3
2013-10-28 14:51 - 2013-10-28 14:51 - 00047034 _____ C:\Users\W7\Downloads\pink-floyd-comfortably-numb (1).gp3
2013-10-28 14:48 - 2013-10-30 00:21 - 00000000 ____D C:\Users\W7\AppData\Roaming\Guitar Pro 6
2013-10-28 14:48 - 2013-10-28 14:48 - 00000000 ____D C:\Users\Todos os Usuários\Guitar Pro 6
2013-10-28 14:48 - 2013-10-28 14:48 - 00000000 ____D C:\ProgramData\Guitar Pro 6
2013-10-28 14:41 - 2013-10-28 14:41 - 00001351 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2013-10-28 14:41 - 2013-10-17 23:36 - 01063200 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2013-10-28 14:41 - 2013-10-17 23:36 - 00955168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2013-10-28 14:40 - 2013-10-28 14:40 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2013-10-28 14:40 - 2013-10-28 14:40 - 00000000 _SHDL C:\Users\UpdatusUser\Modelos
2013-10-28 14:40 - 2013-10-28 14:40 - 00000000 _SHDL C:\Users\UpdatusUser\Meus documentos
2013-10-28 14:40 - 2013-10-28 14:40 - 00000000 _SHDL C:\Users\UpdatusUser\Menu Iniciar
2013-10-28 14:40 - 2013-10-28 14:40 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Minhas músicas
2013-10-28 14:40 - 2013-10-28 14:40 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Minhas imagens
2013-10-28 14:40 - 2013-10-28 14:40 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Meus vídeos
2013-10-28 14:40 - 2013-10-28 14:40 - 00000000 _SHDL C:\Users\UpdatusUser\Dados de aplicativos
2013-10-28 14:40 - 2013-10-28 14:40 - 00000000 _SHDL C:\Users\UpdatusUser\Configurações locais
2013-10-28 14:40 - 2013-10-28 14:40 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2013-10-28 14:40 - 2013-10-28 14:40 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Histórico
2013-10-28 14:40 - 2013-10-28 14:40 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Dados de aplicativos
2013-10-28 14:40 - 2013-10-28 14:40 - 00000000 _SHDL C:\Users\UpdatusUser\Ambiente de rede
2013-10-28 14:40 - 2013-10-28 14:40 - 00000000 _SHDL C:\Users\UpdatusUser\Ambiente de impressão
2013-10-28 14:40 - 2013-03-04 14:49 - 00000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LG Smart Recovery
2013-10-28 14:40 - 2013-03-04 14:49 - 00000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2013-10-28 14:40 - 2012-04-22 04:11 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\Microsoft Help
2013-10-28 14:40 - 2009-07-14 02:54 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-10-28 14:40 - 2009-07-14 02:49 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-10-28 14:36 - 2013-10-28 14:36 - 00047034 _____ C:\Users\W7\Downloads\pink-floyd-comfortably-numb.gp3
2013-10-28 14:36 - 2013-10-23 08:30 - 30344480 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-10-28 14:36 - 2013-10-23 08:30 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-10-28 14:36 - 2013-10-23 08:30 - 22933792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-10-28 14:36 - 2013-10-23 08:30 - 18199872 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-10-28 14:36 - 2013-10-23 08:30 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-10-28 14:36 - 2013-10-23 08:30 - 15855568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-10-28 14:36 - 2013-10-23 08:30 - 12572960 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-10-28 14:36 - 2013-10-23 08:30 - 11426568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-10-28 14:36 - 2013-10-23 08:30 - 11374520 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-10-28 14:36 - 2013-10-23 08:30 - 09524088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-10-28 14:36 - 2013-10-23 08:30 - 09480328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-10-28 14:36 - 2013-10-23 08:30 - 03131680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-10-28 14:36 - 2013-10-23 08:30 - 03124512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-10-28 14:36 - 2013-10-23 08:30 - 03067560 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2013-10-28 14:36 - 2013-10-23 08:30 - 02946848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-10-28 14:36 - 2013-10-23 08:30 - 02747168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-10-28 14:36 - 2013-10-23 08:30 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433165.dll
2013-10-28 14:36 - 2013-10-23 08:30 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433165.dll
2013-10-28 14:36 - 2013-10-23 08:30 - 00696096 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-10-28 14:36 - 2013-10-23 08:30 - 00655136 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-10-28 14:36 - 2013-10-23 08:30 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-10-28 14:36 - 2013-10-23 08:30 - 00560416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-10-28 14:36 - 2013-09-27 21:01 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-10-28 14:36 - 2013-09-27 21:01 - 00029984 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2013-10-28 14:36 - 2013-09-27 21:01 - 00028960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-10-28 14:36 - 2013-01-29 06:35 - 01510176 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco64.dll
2013-10-28 14:23 - 2013-10-08 07:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-28 14:23 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-28 14:23 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-28 14:23 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-28 14:22 - 2013-10-28 14:23 - 00004269 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-10-26 03:10 - 2013-10-26 03:10 - 00028255 _____ C:\Users\W7\Downloads\[kickass.to]bang.bus.43.xxx.dvdrip.x264.pr0nstars.torrent
2013-10-25 13:19 - 2013-10-25 13:19 - 00001533 _____ C:\Users\W7\Desktop\Batman Arkham Origins.lnk
2013-10-25 12:52 - 2013-10-25 13:19 - 00000000 ____D C:\Program Files (x86)\Batman Arkham Origins
2013-10-25 01:07 - 2013-10-25 01:07 - 00044966 _____ C:\Users\W7\Downloads\[kickass.to]batman.arkham.origins.2013.pc.rip.от.xatab (1).torrent
2013-10-25 00:49 - 2013-10-25 00:50 - 00078353 _____ C:\Users\W7\Downloads\[kickass.to]18onlygirls.erotic.splash.guerlain.1080p.wmv (1).torrent
2013-10-25 00:48 - 2013-10-25 00:48 - 00000846 _____ C:\Users\W7\Desktop\µTorrent.lnk
2013-10-25 00:48 - 2013-10-25 00:48 - 00000826 _____ C:\Users\W7\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2013-10-25 00:19 - 2013-10-25 00:20 - 00095157 _____ C:\Users\W7\Downloads\[kickass.to]batman.arkham.origins.reloaded.torrent
2013-10-25 00:19 - 2013-10-25 00:19 - 00044966 _____ C:\Users\W7\Downloads\[kickass.to]batman.arkham.origins.2013.pc.rip.от.xatab.torrent
2013-10-25 00:19 - 2013-10-25 00:19 - 00034127 _____ C:\Users\W7\Downloads\[kickass.to]18onlygirls.erotic.splash.guerlain.720p.mp4 (2).torrent
2013-10-25 00:19 - 2013-10-25 00:19 - 00017629 _____ C:\Users\W7\Downloads\[kickass.to]wowgirls.guerlain.erotic.splash (1).torrent
2013-10-25 00:16 - 2013-10-25 00:16 - 00078353 _____ C:\Users\W7\Downloads\[kickass.to]18onlygirls.erotic.splash.guerlain.1080p.wmv.torrent
2013-10-25 00:14 - 2013-10-25 00:14 - 00034127 _____ C:\Users\W7\Downloads\[kickass.to]18onlygirls.erotic.splash.guerlain.720p.mp4 (1).torrent
2013-10-24 18:38 - 2013-10-24 18:38 - 00034127 _____ C:\Users\W7\Downloads\[kickass.to]18onlygirls.erotic.splash.guerlain.720p.mp4.torrent
2013-10-24 18:33 - 2013-10-24 18:33 - 00017629 _____ C:\Users\W7\Downloads\[kickass.to]wowgirls.guerlain.erotic.splash.torrent
2013-10-24 13:03 - 2013-10-24 13:03 - 00018522 _____ C:\Users\W7\Downloads\[kickass.to]megadeth.rust.in.peace.remastered.mp3.256.torrent
2013-10-24 12:55 - 2013-10-24 12:55 - 00016462 _____ C:\Users\W7\Downloads\[kickass.to]red.hot.chili.peppers.greatest.hits (1).torrent
2013-10-24 12:46 - 2013-10-24 12:46 - 00019623 _____ C:\Users\W7\Downloads\[kickass.to]nirvana.greatest.hits.2002.320.vtwin88cube.torrent
2013-10-24 12:45 - 2013-10-24 12:45 - 00016462 _____ C:\Users\W7\Downloads\[kickass.to]red.hot.chili.peppers.greatest.hits.torrent
2013-10-18 20:32 - 2013-10-18 20:32 - 00000000 ____D C:\Users\W7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AP Tuner 3.08
2013-10-18 20:32 - 2013-10-18 20:32 - 00000000 ____D C:\Program Files (x86)\AP Tuner
2013-10-18 00:17 - 2013-10-18 00:17 - 00034150 _____ C:\Users\W7\Downloads\[kickass.to]anthrax.discography.torrent
2013-10-18 00:16 - 2013-10-18 00:16 - 00044029 _____ C:\Users\W7\Downloads\[kickass.to]slayer.discography.torrent
2013-10-17 20:17 - 2013-10-17 20:17 - 00015353 _____ C:\Users\W7\Downloads\[kickass.to]motorhead.the.best.of.2000.2.discs.torrent
2013-10-17 20:17 - 2013-10-17 20:17 - 00013546 _____ C:\Users\W7\Downloads\[kickass.to]deep.purple.greatest.hits.1990.torrent
2013-10-17 19:04 - 2013-10-17 19:04 - 00010499 _____ C:\Users\W7\Downloads\[kickass.to]lexi.belle.mia.malkova.pretty.babies.x.art.2013.hd.torrent
2013-10-17 18:58 - 2013-10-17 18:58 - 00013068 _____ C:\Users\W7\Downloads\[kickass.to]2chickssametime.lexi.belle.mia.malkova.15905.03.22.2013.torrent
2013-10-17 18:53 - 2013-10-17 18:53 - 00015206 _____ C:\Users\W7\Downloads\[kickass.to]pawg.mia.malkova.torrent
2013-10-17 18:52 - 2013-10-17 18:52 - 00023146 _____ C:\Users\W7\Downloads\[kickass.to]miamalkovapornstar.mia.malkova.get.wet.poolside.with.mia.and.torrent
2013-10-17 18:51 - 2013-10-17 18:51 - 00021219 _____ C:\Users\W7\Downloads\[kickass.to]hollyrandall.mia.malkova.nighttime.desires.10.11.2013.torrent
2013-10-17 18:50 - 2013-10-17 18:50 - 00053996 _____ C:\Users\W7\Downloads\[kickass.to]pornstarspa.mia.malkova.massaging.a.goddess.10.03.2013.torrent
2013-10-17 18:18 - 2013-10-17 18:18 - 00025529 _____ C:\Users\W7\Downloads\[kickass.to]dont.you.wish.your.girlfriend.was.hot.like.me.abella.anderson.wmv.torrent
2013-10-17 18:16 - 2013-10-17 18:16 - 00086794 _____ C:\Users\W7\Downloads\[kickass.to]bangbus.ashton.pierce.shy.amateur.brunette.gets.censoreded.on.the.new.september.18.2013.torrent
2013-10-17 18:11 - 2013-10-17 18:11 - 00044655 _____ C:\Users\W7\Downloads\[kickass.to]assparade.abella.anderson.bella.reese.ridin.dirty.torrent
2013-10-17 15:52 - 2013-10-17 15:52 - 00018427 _____ C:\Users\W7\Downloads\[kickass.to]mother.daughter.lesbian.lessions.xxx.dvdrip.x264.swe6rus.torrent
2013-10-17 15:52 - 2013-10-17 15:52 - 00014701 _____ C:\Users\W7\Downloads\[kickass.to]real.wife.stories.christy.mack.one.night.stand.october.14.2013.sd.torrent
2013-10-17 15:51 - 2013-10-17 15:51 - 00014358 _____ C:\Users\W7\Downloads\[kickass.to]i.kiss.girls.3.lesbian.confidential.new.2013.girlfriends.films.torrent
2013-10-17 15:50 - 2013-10-17 15:50 - 00125163 _____ C:\Users\W7\Downloads\[kickass.to]hot.lesbian.love.xxx.new.2013.split.scenes.torrent
2013-10-17 15:48 - 2013-10-17 15:48 - 00042806 _____ C:\Users\W7\Downloads\[kickass.to]bangbus.daisy.summers.brick.falls.in.love.with.daisy.summers.new.october.16.2013.torrent
2013-10-17 15:25 - 2013-10-17 15:25 - 00107444 _____ C:\Users\W7\Downloads\[kickass.to]mother.daughter.lesbian.lessons.forbidden.fruits.films.web.dl.2013.torrent
2013-10-17 15:03 - 2013-10-17 15:03 - 00013983 _____ C:\Users\W7\Downloads\[kickass.to]sexoenpublico.naomi.torrent
2013-10-16 21:41 - 2013-10-16 21:41 - 00003150 _____ C:\Windows\System32\Tasks\{3AEEA17C-DCD2-459A-8D68-24E8E2816083}
2013-10-14 16:26 - 2013-10-14 16:26 - 00019883 _____ C:\Users\W7\Downloads\[kickass.to]anthrax.madhouse.greatest.hits.bubanee.torrent
2013-10-14 16:24 - 2013-10-14 16:24 - 00029631 _____ C:\Users\W7\Downloads\[kickass.to]metallica.discography.1983.2011.itunes.rip.theleak.torrent
2013-10-14 16:24 - 2013-10-14 16:24 - 00020516 _____ C:\Users\W7\Downloads\[kickass.to]metallica.through.the.never.2013.2cd.metal.320kbps.cbr.mp3.vx.p2pdl.torrent
2013-10-13 23:05 - 2013-10-13 23:05 - 00000000 _____ C:\Windows\system32\RAIHVDump.dmp
2013-10-13 22:33 - 2013-11-02 19:58 - 00000022 _____ C:\Windows\SysWOW64\.zip
2013-10-11 09:06 - 2013-10-11 09:06 - 00016640 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\gtkdrv.sys
2013-10-09 01:20 - 2013-03-03 02:20 - 00002053 _____ C:\Users\Public\Desktop\Darksiders II.lnk
2013-10-09 01:20 - 2013-02-27 19:31 - 00001675 _____ C:\Users\Public\Desktop\skse_loader - Atalho.lnk
2013-10-09 00:38 - 2013-10-09 00:38 - 00000000 ____D C:\Users\Todos os Usuários\Baidu
2013-10-09 00:38 - 2013-10-09 00:38 - 00000000 ____D C:\ProgramData\Baidu
2013-10-08 18:16 - 2013-10-08 18:16 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-08 18:15 - 2013-10-08 18:16 - 00000000 ____D C:\Program Files\iTunes
2013-10-08 18:15 - 2013-10-08 18:16 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-08 18:15 - 2013-10-08 18:15 - 00000000 ____D C:\Program Files\iPod
 
==================== One Month Modified Files and Folders =======
 
2013-11-04 23:17 - 2013-11-04 23:17 - 01957098 _____ (Farbar) C:\Users\W7\Downloads\FRST64 (1).exe
2013-11-04 23:17 - 2012-04-21 15:20 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1169240536-2603080374-1045579868-1004UA.job
2013-11-04 23:05 - 2013-11-04 23:05 - 00004088 _____ C:\Users\W7\Desktop\RKreport[0]_S_11042013_230539.txt
2013-11-04 23:05 - 2013-11-04 22:16 - 00000000 ____D C:\Users\W7\Desktop\RK_Quarantine
2013-11-04 23:04 - 2012-04-21 16:01 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-04 23:00 - 2009-07-14 02:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-04 23:00 - 2009-07-14 02:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-04 22:55 - 2013-11-04 22:55 - 00025191 _____ C:\Users\W7\Desktop\dds.txt
2013-11-04 22:55 - 2013-11-04 22:55 - 00012347 _____ C:\Users\W7\Desktop\attach.txt
2013-11-04 22:54 - 2013-11-04 22:54 - 04012032 _____ C:\Users\W7\Downloads\RogueKillerX64.exe
2013-11-04 22:54 - 2013-11-04 22:31 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes' Anti-Malware (portable)
2013-11-04 22:54 - 2013-11-04 22:31 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-04 22:54 - 2013-11-04 22:27 - 00000000 ____D C:\Users\W7\Desktop\mbar
2013-11-04 22:52 - 2013-11-04 22:52 - 00688992 ____R (Swearware) C:\Users\W7\Downloads\dds.scr
2013-11-04 22:48 - 2013-11-03 23:31 - 01385579 _____ C:\Windows\WindowsUpdate.log
2013-11-04 22:31 - 2013-11-04 22:31 - 00116440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-11-04 22:28 - 2013-11-04 22:28 - 00000204 _____ C:\Users\W7\Downloads\Search.txt
2013-11-04 22:27 - 2013-11-04 22:27 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-04 22:27 - 2013-11-04 22:27 - 00000000 ____D C:\FRST
2013-11-04 22:27 - 2013-11-04 22:26 - 12576792 _____ (Malwarebytes Corp.) C:\Users\W7\Downloads\mbar-1.07.0.1007.exe
2013-11-04 22:24 - 2013-11-04 22:24 - 01957098 _____ (Farbar) C:\Users\W7\Downloads\FRST64.exe
2013-11-04 22:20 - 2013-11-04 22:20 - 00000000 ____D C:\Users\W7\AppData\Roaming\data
2013-11-04 22:20 - 2012-04-14 22:17 - 00000000 ___RD C:\Users\W7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-04 22:19 - 2013-11-04 12:44 - 00001400 _____ C:\Windows\setupact.log
2013-11-04 22:19 - 2009-07-14 03:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-04 22:18 - 2013-11-04 13:30 - 00025432 _____ C:\Windows\PFRO.log
2013-11-04 22:17 - 2013-11-04 22:16 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\W7\Desktop\tdsskiller.exe
2013-11-04 22:16 - 2013-11-04 22:15 - 03538944 _____ C:\Users\W7\Downloads\RogueKiller.exe
2013-11-04 22:14 - 2013-11-04 22:14 - 00891184 _____ C:\Users\W7\Downloads\SecurityCheck.exe
2013-11-04 22:08 - 2013-11-04 22:08 - 00036348 _____ C:\ComboFix.txt
2013-11-04 22:08 - 2013-11-04 15:29 - 00000000 ____D C:\Qoobox
2013-11-04 22:08 - 2009-07-14 01:20 - 00000000 __RHD C:\Users\Default
2013-11-04 22:06 - 2013-11-04 15:29 - 00000000 ____D C:\Windows\erdnt
2013-11-04 22:05 - 2009-07-14 00:34 - 00000215 _____ C:\Windows\system.ini
2013-11-04 21:51 - 2013-11-04 15:28 - 05143677 ____R (Swearware) C:\Users\W7\Downloads\ComboFix.exe
2013-11-04 20:19 - 2013-11-04 20:19 - 00013119 _____ C:\Users\W7\Downloads\hijackthis.log
2013-11-04 20:18 - 2013-11-04 20:18 - 00388608 _____ (Trend Micro Inc.) C:\Users\W7\Downloads\HijackThis.exe
2013-11-04 19:53 - 2012-04-21 16:13 - 00000000 ____D C:\Users\W7\AppData\Local\PMB Files
2013-11-04 19:51 - 2013-11-04 19:51 - 00095248 _____ C:\Users\W7\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-04 16:46 - 2012-02-10 11:49 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help
2013-11-04 16:46 - 2012-02-10 11:49 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-04 16:45 - 2012-04-21 15:20 - 01626494 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-11-04 16:45 - 2009-07-14 15:55 - 00713448 _____ C:\Windows\system32\prfh0416.dat
2013-11-04 16:45 - 2009-07-14 15:55 - 00151780 _____ C:\Windows\system32\prfc0416.dat
2013-11-04 16:44 - 2009-07-14 03:13 - 01626494 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-04 16:21 - 2013-11-04 16:14 - 00010362 _____ C:\Windows\IE10_main.log
2013-11-04 16:06 - 2013-11-04 16:06 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-11-04 16:06 - 2013-11-04 16:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-11-04 15:50 - 2013-11-04 15:47 - 00000000 ____D C:\Windows\system32\MRT
2013-11-04 15:27 - 2013-11-04 15:27 - 00000000 ____D C:\Users\Todos os Usuários\Licenses
2013-11-04 15:27 - 2013-11-04 15:27 - 00000000 ____D C:\ProgramData\Licenses
2013-11-04 15:21 - 2013-11-04 15:21 - 00000000 ____D C:\Users\W7\Documents\Simply Super Software
2013-11-04 15:21 - 2013-11-04 15:21 - 00000000 ____D C:\Users\W7\AppData\Roaming\Simply Super Software
2013-11-04 15:21 - 2013-11-04 15:20 - 00000000 ____D C:\Program Files (x86)\Trojan Remover
2013-11-04 15:20 - 2013-11-04 15:20 - 00000000 ____D C:\Users\Todos os Usuários\Simply Super Software
2013-11-04 15:20 - 2013-11-04 15:20 - 00000000 ____D C:\ProgramData\Simply Super Software
2013-11-04 15:20 - 2013-11-04 15:17 - 27084152 _____ (Simply Super Software                                       ) C:\Users\W7\Downloads\trjsetup688.exe
2013-11-04 15:12 - 2013-11-04 14:57 - 00000000 ____D C:\Program Files\GridinSoft Trojan Killer
2013-11-04 14:58 - 2013-11-04 14:58 - 00000944 _____ C:\Users\Public\Desktop\Trojan Killer.lnk
2013-11-04 14:54 - 2013-11-04 14:40 - 55954968 _____ (GridinSoft LLC) C:\Users\W7\Downloads\gtk-2.1.9.4-setup.exe
2013-11-04 14:29 - 2009-07-14 03:08 - 00032602 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-04 14:06 - 2013-11-04 14:06 - 00078353 _____ C:\Users\W7\Downloads\[kickass.to]18onlygirls.erotic.splash.guerlain.1080p.wmv (2).torrent
2013-11-04 14:06 - 2013-11-04 14:06 - 00034127 _____ C:\Users\W7\Downloads\[kickass.to]18onlygirls.erotic.splash.guerlain.720p.mp4 (3).torrent
2013-11-04 13:29 - 2012-08-17 23:37 - 00000000 ____D C:\Users\W7\AppData\Roaming\Skype
2013-11-04 13:03 - 2013-11-04 13:03 - 00000000 ____D C:\Users\W7\AppData\Roaming\Malwarebytes
2013-11-04 13:02 - 2013-11-04 13:02 - 00001073 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-04 13:02 - 2013-11-04 13:02 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes
2013-11-04 13:02 - 2013-11-04 13:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-04 13:02 - 2013-11-04 13:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-04 13:02 - 2013-11-04 13:01 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\W7\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-04 12:47 - 2013-11-04 12:47 - 00095248 _____ C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2013-11-04 12:44 - 2013-11-04 12:44 - 00370544 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-04 12:44 - 2013-11-04 12:44 - 00000000 _____ C:\Windows\setuperr.log
2013-11-03 23:45 - 2013-11-03 23:45 - 00000000 ____D C:\AdwCleaner
2013-11-03 23:41 - 2013-11-03 23:41 - 01073258 _____ C:\Users\W7\Downloads\adwcleaner.exe
2013-11-03 23:34 - 2013-11-03 23:34 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-11-03 23:34 - 2013-11-03 23:34 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-11-03 23:34 - 2012-04-21 15:23 - 00001912 _____ C:\Windows\epplauncher.mif
2013-11-03 23:33 - 2013-11-03 23:33 - 13833400 _____ (Microsoft Corporation) C:\Users\W7\Downloads\mseinstall (2).exe
2013-11-03 23:33 - 2013-11-03 23:33 - 11255120 _____ (Microsoft Corporation) C:\Users\W7\Downloads\mseinstall (1).exe
2013-11-03 23:31 - 2013-11-03 23:31 - 00000000 ____D C:\Windows\TempEEF6705C-55FF-B850-1078-C5F9C07523FB-Signatures
2013-11-03 23:30 - 2013-11-03 23:30 - 13833400 _____ (Microsoft Corporation) C:\Users\W7\Downloads\mseinstall.exe
2013-11-03 23:29 - 2012-09-26 19:28 - 00095248 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT
2013-11-03 23:26 - 2013-03-29 20:05 - 00000000 ____D C:\Users\W7\AppData\Roaming\BitTorrent
2013-11-03 23:26 - 2013-03-07 15:23 - 00000000 ____D C:\Users\Todos os Usuários\Electronic Arts
2013-11-03 23:26 - 2013-03-07 15:23 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-11-03 23:25 - 2013-09-21 19:25 - 00000000 ____D C:\Program Files (x86)\dont_starve
2013-11-03 23:25 - 2013-01-15 00:56 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-11-03 23:20 - 2013-02-22 14:16 - 00000000 ____D C:\Program Files (x86)\Steam
2013-11-03 23:18 - 2012-09-05 01:25 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-11-03 23:18 - 2012-09-05 01:25 - 00000000 ____D C:\Program Files\CCleaner
2013-11-03 23:16 - 2013-11-03 23:16 - 04379048 _____ (Piriform Ltd) C:\Users\W7\Downloads\ccsetup407.exe
2013-11-03 23:10 - 2013-01-19 05:08 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2013-11-03 22:56 - 2012-06-03 09:17 - 00000123 _____ C:\Users\W7\Documents\aionmemo_c452b1f6.dat
2013-11-03 21:09 - 2012-04-21 15:33 - 00000000 ____D C:\Users\W7\Desktop\XXX
2013-11-03 19:47 - 2013-01-09 23:44 - 00000000 ____D C:\Games
2013-11-03 19:47 - 2012-04-21 21:17 - 00000000 ____D C:\Level Up! Games
2013-11-03 19:45 - 2013-02-26 18:33 - 00000000 ____D C:\Program Files (x86)\Bethesda Softworks
2013-11-03 19:42 - 2013-11-03 19:34 - 00000000 ____D C:\Program Files (x86)\WinDirStat
2013-11-03 19:41 - 2013-11-03 19:41 - 00645729 _____ (WDS Team) C:\Users\W7\Downloads\windirstat1_1_2_setup (1).exe
2013-11-03 19:36 - 2012-04-23 22:20 - 00000000 ____D C:\Users\W7\Documents\My Games
2013-11-03 19:34 - 2013-11-03 19:34 - 00000995 _____ C:\Users\W7\Desktop\WinDirStat.lnk
2013-11-03 19:34 - 2013-11-03 19:34 - 00000995 _____ C:\Users\UpdatusUser\Desktop\WinDirStat.lnk
2013-11-03 19:34 - 2013-11-03 19:34 - 00000995 _____ C:\Users\Marcelo P\Desktop\WinDirStat.lnk
2013-11-03 19:34 - 2013-11-03 19:34 - 00000995 _____ C:\Users\Administrador\Desktop\WinDirStat.lnk
2013-11-03 19:34 - 2013-11-03 19:34 - 00000995 _____ C:\Users\admin\Desktop\WinDirStat.lnk
2013-11-03 19:34 - 2013-11-03 19:34 - 00000000 ____D C:\Users\W7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat
2013-11-03 19:33 - 2013-11-03 19:33 - 00645729 _____ (WDS Team) C:\Users\W7\Downloads\windirstat1_1_2_setup.exe
2013-11-03 19:33 - 2011-08-17 11:24 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-11-03 18:17 - 2012-04-21 15:20 - 00001014 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1169240536-2603080374-1045579868-1004Core.job
2013-11-03 13:02 - 2013-11-03 12:48 - 00002180 _____ C:\Users\Public\Desktop\Aion.lnk
2013-11-03 13:01 - 2013-11-03 13:01 - 00000000 ____D C:\Program Files (x86)\NCWest
2013-11-03 12:59 - 2013-05-05 01:34 - 00000000 ____D C:\Users\W7\Desktop\Games
2013-11-03 12:48 - 2013-11-03 12:48 - 00000000 ____D C:\Program Files (x86)\NCSOFT
2013-11-03 12:47 - 2013-11-03 12:47 - 05003264 _____ (NC Interactive, LLC) C:\Users\W7\Downloads\AionInstaller.exe
2013-11-03 11:22 - 2013-11-03 11:22 - 00000000 ____D C:\Program Files (x86)\Blade and Soul
2013-11-03 11:09 - 2013-11-03 04:56 - 00000000 ____D C:\Users\W7\Downloads\Blade & Soul (Atomix) [Dec-4 Update]
2013-11-03 05:35 - 2013-11-03 05:35 - 00013825 _____ C:\Users\W7\Downloads\Blade__amp__Soul_(Atomix)_[Dec-4_Update].6920870.TPB (1).torrent
2013-11-03 05:21 - 2013-02-22 14:25 - 00000000 ____D C:\Users\W7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-11-03 04:56 - 2013-11-03 04:56 - 02191154 _____ C:\Users\W7\Downloads\Atomix_Blade_and_Soul_Launcher.rar
2013-11-03 04:55 - 2013-11-03 04:55 - 00013825 _____ C:\Users\W7\Downloads\Blade__amp__Soul_(Atomix)_[Dec-4_Update].6920870.TPB.torrent
2013-11-03 03:52 - 2013-11-03 03:52 - 00000994 _____ C:\Users\Public\Desktop\Age of Wushu.lnk
2013-11-03 03:52 - 2013-11-03 03:52 - 00000000 ____D C:\Program Files (x86)\Snail Games USA
2013-11-03 01:30 - 2012-04-21 16:13 - 00000000 ____D C:\Users\Todos os Usuários\PMB Files
2013-11-03 01:30 - 2012-04-21 16:13 - 00000000 ____D C:\ProgramData\PMB Files
2013-11-02 19:58 - 2013-10-13 22:33 - 00000022 _____ C:\Windows\SysWOW64\.zip
2013-11-02 19:47 - 2013-01-29 06:08 - 00000000 ____D C:\Users\W7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-11-02 19:35 - 2013-11-02 19:35 - 00001301 _____ C:\Users\W7\Desktop\AgeofWushu_downloader.lnk
2013-11-02 19:00 - 2013-11-02 18:55 - 91662048 _____ C:\Users\W7\Downloads\sexx..rar
2013-11-01 21:33 - 2013-11-01 21:33 - 00002571 _____ C:\Users\W7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DC Universe Online.lnk
2013-11-01 21:33 - 2013-11-01 21:33 - 00002541 _____ C:\Users\W7\Desktop\DC Universe Online.lnk
2013-11-01 21:33 - 2012-07-07 06:52 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-11-01 15:38 - 2013-11-01 15:38 - 00000000 ____D C:\Program Files (x86)\Grinding Gear Games
2013-10-31 17:08 - 2013-10-31 17:08 - 00001845 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-10-31 17:08 - 2013-10-31 17:08 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-10-31 17:06 - 2013-10-31 17:06 - 00000000 ____D C:\Program Files (x86)\WinRAR
2013-10-31 17:06 - 2012-04-21 15:45 - 00000000 ____D C:\Users\W7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-10-31 15:02 - 2012-04-21 15:21 - 00000000 ____D C:\Users\W7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-10-31 13:09 - 2012-06-08 19:47 - 00000000 ____D C:\Users\W7\AppData\Local\Apple Computer
2013-10-30 00:21 - 2013-10-28 14:48 - 00000000 ____D C:\Users\W7\AppData\Roaming\Guitar Pro 6
2013-10-30 00:21 - 2013-09-22 13:43 - 00000000 ____D C:\Program Files (x86)\Saints Row IV
2013-10-30 00:19 - 2013-10-30 00:19 - 00002152 _____ C:\Users\W7\Downloads\[kickass.to]the.red.hot.chilli.peppers.snow.hey.oh.torrent
2013-10-30 00:13 - 2013-10-30 00:13 - 00016462 _____ C:\Users\W7\Downloads\[kickass.to]red.hot.chili.peppers.greatest.hits (3).torrent
2013-10-30 00:13 - 2013-10-30 00:13 - 00016462 _____ C:\Users\W7\Downloads\[kickass.to]red.hot.chili.peppers.greatest.hits (2).torrent
2013-10-29 17:52 - 2013-10-29 17:50 - 00000000 ____D C:\Program Files (x86)\baidu
2013-10-29 17:51 - 2013-10-29 17:51 - 00000398 _____ C:\fraglist.luar
2013-10-29 17:51 - 2013-10-29 17:50 - 00000047 _____ C:\Archive.ini
2013-10-29 13:44 - 2012-09-17 13:55 - 00000000 ____D C:\Users\W7\Documents\Youcam
2013-10-28 14:53 - 2013-10-28 14:53 - 00060371 _____ C:\Users\W7\Downloads\pink-floyd-comfortably_numb_ver2.gp3
2013-10-28 14:52 - 2013-10-28 14:52 - 00047034 _____ C:\Users\W7\Downloads\pink-floyd-comfortably-numb (2).gp3
2013-10-28 14:51 - 2013-10-28 14:51 - 00047034 _____ C:\Users\W7\Downloads\pink-floyd-comfortably-numb (1).gp3
2013-10-28 14:48 - 2013-10-28 14:48 - 00000000 ____D C:\Users\Todos os Usuários\Guitar Pro 6
2013-10-28 14:48 - 2013-10-28 14:48 - 00000000 ____D C:\ProgramData\Guitar Pro 6
2013-10-28 14:43 - 2013-02-27 21:33 - 00000000 ____D C:\Users\W7\AppData\Local\NVIDIA
2013-10-28 14:41 - 2013-10-28 14:41 - 00001351 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2013-10-28 14:41 - 2011-08-17 13:08 - 00000000 ____D C:\Users\Todos os Usuários\NVIDIA Corporation
2013-10-28 14:41 - 2011-08-17 13:08 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-10-28 14:41 - 2011-08-17 13:08 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-10-28 14:41 - 2011-08-17 13:08 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-10-28 14:40 - 2013-10-28 14:40 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2013-10-28 14:40 - 2013-10-28 14:40 - 00000000 _SHDL C:\Users\UpdatusUser\Modelos
2013-10-28 14:40 - 2013-10-28 14:40 - 00000000 _SHDL C:\Users\UpdatusUser\Meus documentos
2013-10-28 14:40 - 2013-10-28 14:40 - 00000000 _SHDL C:\Users\UpdatusUser\Menu Iniciar
2013-10-28 14:40 - 2013-10-28 14:40 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Minhas músicas
2013-10-28 14:40 - 2013-10-28 14:40 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Minhas imagens
2013-10-28 14:40 - 2013-10-28 14:40 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Meus vídeos
2013-10-28 14:40 - 2013-10-28 14:40 - 00000000 _SHDL C:\Users\UpdatusUser\Dados de aplicativos
2013-10-28 14:40 - 2013-10-28 14:40 - 00000000 _SHDL C:\Users\UpdatusUser\Configurações locais
2013-10-28 14:40 - 2013-10-28 14:40 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2013-10-28 14:40 - 2013-10-28 14:40 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Histórico
2013-10-28 14:40 - 2013-10-28 14:40 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Dados de aplicativos
2013-10-28 14:40 - 2013-10-28 14:40 - 00000000 _SHDL C:\Users\UpdatusUser\Ambiente de rede
2013-10-28 14:40 - 2013-10-28 14:40 - 00000000 _SHDL C:\Users\UpdatusUser\Ambiente de impressão
2013-10-28 14:40 - 2011-08-17 13:08 - 00000000 ____D C:\Users\Todos os Usuários\NVIDIA
2013-10-28 14:40 - 2011-08-17 13:08 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-28 14:36 - 2013-10-28 14:36 - 00047034 _____ C:\Users\W7\Downloads\pink-floyd-comfortably-numb.gp3
2013-10-28 14:23 - 2013-10-28 14:22 - 00004269 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-10-28 14:23 - 2013-09-22 21:37 - 00000000 ____D C:\Users\Todos os Usuários\Oracle
2013-10-28 14:23 - 2013-09-22 21:37 - 00000000 ____D C:\ProgramData\Oracle
2013-10-28 14:23 - 2012-04-21 15:38 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-26 03:10 - 2013-10-26 03:10 - 00028255 _____ C:\Users\W7\Downloads\[kickass.to]bang.bus.43.xxx.dvdrip.x264.pr0nstars.torrent
2013-10-25 13:33 - 2013-03-11 14:32 - 00000000 ____D C:\Users\W7\Documents\WB Games
2013-10-25 13:19 - 2013-10-25 13:19 - 00001533 _____ C:\Users\W7\Desktop\Batman Arkham Origins.lnk
2013-10-25 13:19 - 2013-10-25 12:52 - 00000000 ____D C:\Program Files (x86)\Batman Arkham Origins
2013-10-25 01:07 - 2013-10-25 01:07 - 00044966 _____ C:\Users\W7\Downloads\[kickass.to]batman.arkham.origins.2013.pc.rip.от.xatab (1).torrent
2013-10-25 00:50 - 2013-10-25 00:49 - 00078353 _____ C:\Users\W7\Downloads\[kickass.to]18onlygirls.erotic.splash.guerlain.1080p.wmv (1).torrent
2013-10-25 00:48 - 2013-10-25 00:48 - 00000846 _____ C:\Users\W7\Desktop\µTorrent.lnk
2013-10-25 00:48 - 2013-10-25 00:48 - 00000826 _____ C:\Users\W7\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2013-10-25 00:47 - 2013-09-21 23:43 - 00000000 ____D C:\Users\W7\AppData\Roaming\DMCache
2013-10-25 00:20 - 2013-10-25 00:19 - 00095157 _____ C:\Users\W7\Downloads\[kickass.to]batman.arkham.origins.reloaded.torrent
2013-10-25 00:19 - 2013-10-25 00:19 - 00044966 _____ C:\Users\W7\Downloads\[kickass.to]batman.arkham.origins.2013.pc.rip.от.xatab.torrent
2013-10-25 00:19 - 2013-10-25 00:19 - 00034127 _____ C:\Users\W7\Downloads\[kickass.to]18onlygirls.erotic.splash.guerlain.720p.mp4 (2).torrent
2013-10-25 00:19 - 2013-10-25 00:19 - 00017629 _____ C:\Users\W7\Downloads\[kickass.to]wowgirls.guerlain.erotic.splash (1).torrent
2013-10-25 00:16 - 2013-10-25 00:16 - 00078353 _____ C:\Users\W7\Downloads\[kickass.to]18onlygirls.erotic.splash.guerlain.1080p.wmv.torrent
2013-10-25 00:14 - 2013-10-25 00:14 - 00034127 _____ C:\Users\W7\Downloads\[kickass.to]18onlygirls.erotic.splash.guerlain.720p.mp4 (1).torrent
2013-10-24 18:38 - 2013-10-24 18:38 - 00034127 _____ C:\Users\W7\Downloads\[kickass.to]18onlygirls.erotic.splash.guerlain.720p.mp4.torrent
2013-10-24 18:33 - 2013-10-24 18:33 - 00017629 _____ C:\Users\W7\Downloads\[kickass.to]wowgirls.guerlain.erotic.splash.torrent
2013-10-24 13:37 - 2012-06-08 19:47 - 00000000 ____D C:\Users\W7\AppData\Roaming\Apple Computer
2013-10-24 13:03 - 2013-10-24 13:03 - 00018522 _____ C:\Users\W7\Downloads\[kickass.to]megadeth.rust.in.peace.remastered.mp3.256.torrent
2013-10-24 12:55 - 2013-10-24 12:55 - 00016462 _____ C:\Users\W7\Downloads\[kickass.to]red.hot.chili.peppers.greatest.hits (1).torrent
2013-10-24 12:46 - 2013-10-24 12:46 - 00019623 _____ C:\Users\W7\Downloads\[kickass.to]nirvana.greatest.hits.2002.320.vtwin88cube.torrent
2013-10-24 12:45 - 2013-10-24 12:45 - 00016462 _____ C:\Users\W7\Downloads\[kickass.to]red.hot.chili.peppers.greatest.hits.torrent
2013-10-23 08:30 - 2013-10-28 14:36 - 30344480 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-10-23 08:30 - 2013-10-28 14:36 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-10-23 08:30 - 2013-10-28 14:36 - 22933792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-10-23 08:30 - 2013-10-28 14:36 - 18199872 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-10-23 08:30 - 2013-10-28 14:36 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-10-23 08:30 - 2013-10-28 14:36 - 15855568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-10-23 08:30 - 2013-10-28 14:36 - 12572960 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-10-23 08:30 - 2013-10-28 14:36 - 11426568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-10-23 08:30 - 2013-10-28 14:36 - 11374520 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-10-23 08:30 - 2013-10-28 14:36 - 09524088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-10-23 08:30 - 2013-10-28 14:36 - 09480328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-10-23 08:30 - 2013-10-28 14:36 - 03131680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-10-23 08:30 - 2013-10-28 14:36 - 03124512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-10-23 08:30 - 2013-10-28 14:36 - 03067560 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2013-10-23 08:30 - 2013-10-28 14:36 - 02946848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-10-23 08:30 - 2013-10-28 14:36 - 02747168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-10-23 08:30 - 2013-10-28 14:36 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433165.dll
2013-10-23 08:30 - 2013-10-28 14:36 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433165.dll
2013-10-23 08:30 - 2013-10-28 14:36 - 00696096 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-10-23 08:30 - 2013-10-28 14:36 - 00655136 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-10-23 08:30 - 2013-10-28 14:36 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-10-23 08:30 - 2013-10-28 14:36 - 00560416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-10-23 08:30 - 2013-09-22 22:00 - 15212336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-10-23 08:30 - 2013-09-22 22:00 - 02695200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-10-23 08:30 - 2013-06-22 23:18 - 00023287 _____ C:\Windows\system32\nvinfo.pb
2013-10-23 08:30 - 2011-01-04 08:42 - 18286416 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2013-10-23 06:20 - 2011-01-04 10:16 - 06669600 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2013-10-23 06:20 - 2011-01-04 10:16 - 03489568 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2013-10-23 06:20 - 2011-01-04 10:16 - 02559776 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2013-10-23 06:20 - 2011-01-04 10:16 - 00922912 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2013-10-23 06:20 - 2011-01-04 10:16 - 00219424 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2013-10-23 06:20 - 2011-01-04 10:16 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2013-10-21 00:44 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-19 22:52 - 2012-05-06 01:12 - 00281688 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-10-19 03:16 - 2012-04-01 00:07 - 00000000 ____D C:\Users\Todos os Usuários\CyberLink
2013-10-19 03:16 - 2012-04-01 00:07 - 00000000 ____D C:\ProgramData\CyberLink
2013-10-18 22:01 - 2013-09-21 23:43 - 00000000 ____D C:\Users\W7\Downloads\Compressed
2013-10-18 20:32 - 2013-10-18 20:32 - 00000000 ____D C:\Users\W7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AP Tuner 3.08
2013-10-18 20:32 - 2013-10-18 20:32 - 00000000 ____D C:\Program Files (x86)\AP Tuner
2013-10-18 00:17 - 2013-10-18 00:17 - 00034150 _____ C:\Users\W7\Downloads\[kickass.to]anthrax.discography.torrent
2013-10-18 00:16 - 2013-10-18 00:16 - 00044029 _____ C:\Users\W7\Downloads\[kickass.to]slayer.discography.torrent
2013-10-17 23:36 - 2013-10-28 14:41 - 01063200 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2013-10-17 23:36 - 2013-10-28 14:41 - 00955168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2013-10-17 20:17 - 2013-10-17 20:17 - 00015353 _____ C:\Users\W7\Downloads\[kickass.to]motorhead.the.best.of.2000.2.discs.torrent
2013-10-17 20:17 - 2013-10-17 20:17 - 00013546 _____ C:\Users\W7\Downloads\[kickass.to]deep.purple.greatest.hits.1990.torrent
2013-10-17 19:04 - 2013-10-17 19:04 - 00010499 _____ C:\Users\W7\Downloads\[kickass.to]lexi.belle.mia.malkova.pretty.babies.x.art.2013.hd.torrent
2013-10-17 18:58 - 2013-10-17 18:58 - 00013068 _____ C:\Users\W7\Downloads\[kickass.to]2chickssametime.lexi.belle.mia.malkova.15905.03.22.2013.torrent
2013-10-17 18:53 - 2013-10-17 18:53 - 00015206 _____ C:\Users\W7\Downloads\[kickass.to]pawg.mia.malkova.torrent
2013-10-17 18:52 - 2013-10-17 18:52 - 00023146 _____ C:\Users\W7\Downloads\[kickass.to]miamalkovapornstar.mia.malkova.get.wet.poolside.with.mia.and.torrent
2013-10-17 18:51 - 2013-10-17 18:51 - 00021219 _____ C:\Users\W7\Downloads\[kickass.to]hollyrandall.mia.malkova.nighttime.desires.10.11.2013.torrent
2013-10-17 18:50 - 2013-10-17 18:50 - 00053996 _____ C:\Users\W7\Downloads\[kickass.to]pornstarspa.mia.malkova.massaging.a.goddess.10.03.2013.torrent
2013-10-17 18:18 - 2013-10-17 18:18 - 00025529 _____ C:\Users\W7\Downloads\[kickass.to]dont.you.wish.your.girlfriend.was.hot.like.me.abella.anderson.wmv.torrent
2013-10-17 18:16 - 2013-10-17 18:16 - 00086794 _____ C:\Users\W7\Downloads\[kickass.to]bangbus.ashton.pierce.shy.amateur.brunette.gets.censoreded.on.the.new.september.18.2013.torrent
2013-10-17 18:11 - 2013-10-17 18:11 - 00044655 _____ C:\Users\W7\Downloads\[kickass.to]assparade.abella.anderson.bella.reese.ridin.dirty.torrent
2013-10-17 18:01 - 2013-09-21 23:43 - 00000000 ____D C:\Users\W7\Downloads\Video
2013-10-17 18:01 - 2013-03-04 14:08 - 00000000 ____D C:\Users\W7\AppData\Roaming\vlc
2013-10-17 15:52 - 2013-10-17 15:52 - 00018427 _____ C:\Users\W7\Downloads\[kickass.to]mother.daughter.lesbian.lessions.xxx.dvdrip.x264.swe6rus.torrent
2013-10-17 15:52 - 2013-10-17 15:52 - 00014701 _____ C:\Users\W7\Downloads\[kickass.to]real.wife.stories.christy.mack.one.night.stand.october.14.2013.sd.torrent
2013-10-17 15:51 - 2013-10-17 15:51 - 00014358 _____ C:\Users\W7\Downloads\[kickass.to]i.kiss.girls.3.lesbian.confidential.new.2013.girlfriends.films.torrent
2013-10-17 15:50 - 2013-10-17 15:50 - 00125163 _____ C:\Users\W7\Downloads\[kickass.to]hot.lesbian.love.xxx.new.2013.split.scenes.torrent
2013-10-17 15:48 - 2013-10-17 15:48 - 00042806 _____ C:\Users\W7\Downloads\[kickass.to]bangbus.daisy.summers.brick.falls.in.love.with.daisy.summers.new.october.16.2013.torrent
2013-10-17 15:25 - 2013-10-17 15:25 - 00107444 _____ C:\Users\W7\Downloads\[kickass.to]mother.daughter.lesbian.lessons.forbidden.fruits.films.web.dl.2013.torrent
2013-10-17 15:03 - 2013-10-17 15:03 - 00013983 _____ C:\Users\W7\Downloads\[kickass.to]sexoenpublico.naomi.torrent
2013-10-16 21:41 - 2013-10-16 21:41 - 00003150 _____ C:\Windows\System32\Tasks\{3AEEA17C-DCD2-459A-8D68-24E8E2816083}
2013-10-16 19:22 - 2012-04-21 15:21 - 00002382 _____ C:\Users\W7\Desktop\Google Chrome.lnk
2013-10-14 19:12 - 2012-04-21 15:20 - 00004034 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1169240536-2603080374-1045579868-1004UA
2013-10-14 19:12 - 2012-04-21 15:20 - 00003638 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1169240536-2603080374-1045579868-1004Core
2013-10-14 16:26 - 2013-10-14 16:26 - 00019883 _____ C:\Users\W7\Downloads\[kickass.to]anthrax.madhouse.greatest.hits.bubanee.torrent
2013-10-14 16:24 - 2013-10-14 16:24 - 00029631 _____ C:\Users\W7\Downloads\[kickass.to]metallica.discography.1983.2011.itunes.rip.theleak.torrent
2013-10-14 16:24 - 2013-10-14 16:24 - 00020516 _____ C:\Users\W7\Downloads\[kickass.to]metallica.through.the.never.2013.2cd.metal.320kbps.cbr.mp3.vx.p2pdl.torrent
2013-10-13 23:05 - 2013-10-13 23:05 - 00000000 _____ C:\Windows\system32\RAIHVDump.dmp
2013-10-11 09:06 - 2013-10-11 09:06 - 00016640 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\gtkdrv.sys
2013-10-09 01:25 - 2013-02-27 22:05 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2013-10-09 01:24 - 2013-04-22 19:43 - 00000000 ____D C:\Program Files (x86)\God Mode
2013-10-09 01:24 - 2012-07-10 14:44 - 00000000 ____D C:\Users\Todos os Usuários\HappyCloud
2013-10-09 01:24 - 2012-07-10 14:44 - 00000000 ____D C:\ProgramData\HappyCloud
2013-10-09 01:20 - 2012-07-07 07:15 - 00000000 ____D C:\Users\W7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Joymax
2013-10-09 01:20 - 2012-07-07 07:11 - 00000000 ____D C:\Joymax
2013-10-09 01:19 - 2013-05-12 17:31 - 00000000 ____D C:\Program Files (x86)\Dead Island Riptide
2013-10-09 01:17 - 2009-07-14 16:11 - 00000000 ____D C:\Windows\ShellNew
2013-10-09 01:11 - 2012-06-29 11:30 - 00000000 ____D C:\Users\W7\AppData\Local\LogMeIn Hamachi
2013-10-09 00:38 - 2013-10-09 00:38 - 00000000 ____D C:\Users\Todos os Usuários\Baidu
2013-10-09 00:38 - 2013-10-09 00:38 - 00000000 ____D C:\ProgramData\Baidu
2013-10-09 00:30 - 2013-03-15 19:33 - 00000000 ____D C:\Users\W7\AppData\Roaming\DAEMON Tools Lite
2013-10-09 00:30 - 2012-08-20 21:11 - 00001278 __RSH C:\Users\W7\ntuser.pol
2013-10-09 00:30 - 2012-04-14 22:17 - 00000000 ____D C:\Users\W7
2013-10-09 00:28 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2013-10-08 18:42 - 2012-08-17 23:37 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-10-08 18:42 - 2012-08-17 23:36 - 00000000 ____D C:\Users\Todos os Usuários\Skype
2013-10-08 18:42 - 2012-08-17 23:36 - 00000000 ____D C:\ProgramData\Skype
2013-10-08 18:41 - 2013-09-23 14:00 - 00000000 ____D C:\Users\W7\AppData\Roaming\Baidu Security
2013-10-08 18:41 - 2013-09-23 14:00 - 00000000 ____D C:\Users\Public\Documents\Baidu Security
2013-10-08 18:41 - 2013-09-23 14:00 - 00000000 ____D C:\Program Files (x86)\Baidu Security
2013-10-08 18:16 - 2013-10-08 18:16 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-08 18:16 - 2013-10-08 18:15 - 00000000 ____D C:\Program Files\iTunes
2013-10-08 18:16 - 2013-10-08 18:15 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-08 18:16 - 2012-10-25 23:03 - 00000000 ____D C:\Users\Todos os Usuários\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-08 18:16 - 2012-10-25 23:03 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-08 18:15 - 2013-10-08 18:15 - 00000000 ____D C:\Program Files\iPod
2013-10-08 16:04 - 2012-04-21 16:01 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-08 16:04 - 2012-04-21 16:01 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-08 16:04 - 2012-04-21 16:01 - 00003840 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-08 15:00 - 2012-04-21 15:29 - 00000000 ____D C:\Users\W7\Desktop\My Shared Folder
2013-10-08 14:56 - 2013-01-21 09:09 - 00000000 ____D C:\Users\Todos os Usuários\IObit
2013-10-08 14:56 - 2013-01-21 09:09 - 00000000 ____D C:\ProgramData\IObit
2013-10-08 07:50 - 2013-10-28 14:23 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-08 07:46 - 2013-10-28 14:23 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-08 07:46 - 2013-10-28 14:23 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-08 07:46 - 2013-10-28 14:23 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
 
Files to move or delete:
====================
C:\Windows\System32\mctadmin.exe
 
 
Some content of TEMP:
====================
C:\Users\W7\AppData\Local\Temp\ntdll_dump.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-11-02 04:56
 
==================== End Of Log ============================
Link to post
Share on other sites

Download the attached fixlist.txt to the same folder as FRST.
Run FRST and click Fix only once and wait
The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Then......

Update and run a scan with your Microsoft Security Essentials.

Let me know how it is.....MrC

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-10-2013

Ran by W7 at 2013-11-04 23:55:49 Run:1

Running from C:\Users\W7\Downloads

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

ShortcutTarget: Adobe.lnk -> C:\Users\W7\AppData\Roaming\data\Adobe.vbe ()

Startup: C:\Users\W7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Svchost.exe.lnk

ShortcutTarget: Svchost.exe.lnk -> C:\Users\W7\AppData\Local\Temp\RarSFX0\Svchost.exe ()

Startup: C:\Users\W7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Usbsupply.exe ()

Task: {D2898CB0-C55A-4C5B-B51F-45F993F1F4D3} - System32\Tasks\EPUpdater => C:\Users\W7\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe

Task: {24C4E2CA-5833-4769-9841-B04881AE3868} - System32\Tasks\Funmoods => C:\Users\W7\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.EXE

C:\Users\W7\AppData\Roaming\data\Adobe.vbe 

C:\Users\W7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Svchost.exe.lnk

C:\Users\W7\AppData\Local\Temp\RarSFX0\Svchost.exe 

C:\Users\W7\AppData\Local\Temp\RarSFX0

C:\Users\W7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Usbsupply.exe 

C:\Users\W7\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe

C:\Users\W7\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.EXE

 

*****************

 

C:\Users\W7\AppData\Roaming\data\Adobe.vbe => Moved successfully.

C:\Users\W7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Svchost.exe.lnk => Moved successfully.

C:\Users\W7\AppData\Local\Temp\RarSFX0\Svchost.exe => Moved successfully.

C:\Users\W7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Usbsupply.exe => Moved successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D2898CB0-C55A-4C5B-B51F-45F993F1F4D3} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D2898CB0-C55A-4C5B-B51F-45F993F1F4D3} => Key deleted successfully.

C:\Windows\System32\Tasks\EPUpdater => Moved successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{24C4E2CA-5833-4769-9841-B04881AE3868} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{24C4E2CA-5833-4769-9841-B04881AE3868} => Key deleted successfully.

C:\Windows\System32\Tasks\Funmoods => Moved successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Funmoods => Key deleted successfully.

"C:\Users\W7\AppData\Roaming\data\Adobe.vbe " => File/Directory not found.

"C:\Users\W7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Svchost.exe.lnk" => File/Directory not found.

"C:\Users\W7\AppData\Local\Temp\RarSFX0\Svchost.exe " => File/Directory not found.

C:\Users\W7\AppData\Local\Temp\RarSFX0 => Moved successfully.

"C:\Users\W7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Usbsupply.exe " => File/Directory not found.

"C:\Users\W7\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe" => File/Directory not found.

"C:\Users\W7\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.EXE" => File/Directory not found.

 

==== End of Fixlog ====

Link to post
Share on other sites

The log looks OK, nothing there would have caused this problem.

It's been suggested that installing IconPackager and changing the icons and then changing them back will fix the problem.

So install the program, change the desktop icons to something else and then change them back to default and see if that fixes it.

http://www.stardock.com/products/iconpackager/

MrC

Link to post
Share on other sites

Good......

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.76  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 10  

``````````````Antivirus/Firewall Check:`````````````` 

Microsoft Security Essentials   

 Antivirus up to date!  

`````````Anti-malware/Other Utilities Check:````````` 

 JavaFX 2.1.1    

 Java 6 Update 31  

 Java 7 Update 45  

 Adobe Flash Player 11.9.900.117  

 Adobe Reader XI  

 Google Chrome 30.0.1599.101  

 Google Chrome 30.0.1599.69  

````````Process Check: objlist.exe by Laurent````````  

 Microsoft Security Essentials MSMpEng.exe 

 Microsoft Security Essentials msseces.exe 

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: = 

````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

Looks good, just uninstall this from your add/remove programs:

Java™ 6 Update 31 <-------uninstall

---------------------------------------------------------

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

Please download OTC to your desktop.
http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

Note:
If you used FRST and can't delete the quarantine folder:
Download the fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again. (also HERE)

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.