Jump to content

Sudden performance drop (i think i'm infected)


JLA
 Share

Recommended Posts

Hi!

A few days ago i started experiencing a sudden performance drop, namely while gaming. My fps went from a smooth 60 to a crawling 10-20, without changing ANY settings.

This happens with all games i have installed.

 

I have scanned with MBAM to no avail. MB Anti-Rootkit says system volume is inaccessible or encrypted.

I also can't post my dds.scr results, cause it is recognized as an Autocad script file, and only opens in notepad, i don't have "open with" option.

 

 

Can someone tell me what to do? I's driving me mad.

Thanks in advance, guys.

Link to post
Share on other sites

Hello JLA and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
Link to post
Share on other sites

Hey Borislav! Thanks for the help!

 

Here is the OTL log:

 

 

OTL logfile created on: 12/19/2013 4:13:34 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\João\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.25 Gb Total Physical Memory | 2.05 Gb Available Physical Memory | 62.96% Memory free
7.97 Gb Paging File | 6.87 Gb Available in Paging File | 86.16% Paging File free
Paging file location(s): D:\pagefile.sys 5000 10000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 205.81 Gb Free Space | 44.19% Space Free | Partition Type: NTFS
Drive D: | 465.75 Gb Total Space | 247.03 Gb Free Space | 53.04% Space Free | Partition Type: NTFS
Drive E: | 5.72 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 654.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: SOPRANO | User Name: João | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/12/19 16:03:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\João\Desktop\OTL.exe
PRC - [2013/12/18 01:02:36 | 030,714,312 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\João\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2013/12/10 02:22:32 | 002,279,712 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2013/12/10 02:21:14 | 001,494,304 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2013/12/04 02:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/11/05 03:30:13 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/10/15 12:27:38 | 003,921,880 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/10/08 12:05:13 | 000,264,360 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\21.1.0.18\N360.exe
PRC - [2013/09/20 10:57:26 | 001,042,272 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/07/25 11:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/28 16:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/12/18 01:01:12 | 003,558,400 | ---- | M] () -- C:\Documents and Settings\João\Application Data\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/12/04 02:48:04 | 000,399,312 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll
MOD - [2013/12/04 02:48:02 | 004,055,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013/12/04 02:47:11 | 000,702,416 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
MOD - [2013/12/04 02:47:11 | 000,099,792 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\libegl.dll
MOD - [2013/12/04 02:47:08 | 001,619,408 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
MOD - [2013/08/23 19:01:44 | 025,100,288 | ---- | M] () -- C:\Documents and Settings\João\Application Data\Dropbox\bin\libcef.dll
MOD - [2013/05/16 10:55:28 | 000,161,112 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2012/08/23 10:38:24 | 000,574,840 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
MOD - [2012/04/03 17:06:14 | 000,565,640 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
MOD - [2011/05/19 20:34:22 | 000,056,224 | ---- | M] () -- \\?\C:\Program Files\Spybot - Search & Destroy 2\av\avxdisk.dll
MOD - [2009/08/13 15:25:30 | 000,180,224 | ---- | M] () -- C:\Program Files\WinMount\ShlExt\BrowserExt.dll
MOD - [2009/06/12 13:52:22 | 000,074,240 | ---- | M] () -- C:\Program Files\WinMount\ShlExt\MountExt.dll
MOD - [2008/09/16 19:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - [2013/12/18 09:16:12 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/11 19:40:36 | 000,569,768 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/12/10 02:21:14 | 001,494,304 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2013/11/05 03:30:13 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/10/08 12:05:13 | 000,264,360 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\21.1.0.18\N360.exe -- (N360)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/01/23 01:39:01 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/05/28 16:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007/01/11 04:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\JOO~1\LOCALS~1\Temp\GPU-Z.sys -- (GPU-Z)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\TEMP\cpuz136\cpuz136_x32.sys -- (cpuz136)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\TEMP\cpuz135\cpuz135_x32.sys -- (cpuz135)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\JOO~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (auaut1un)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (ar1b1a79)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (a2dgnnsf)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (a1ah3d2q)
DRV - [2013/12/13 06:57:23 | 000,382,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20131218.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2013/12/03 18:27:33 | 001,098,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20131203.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/12/03 10:59:33 | 001,612,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20131218.023\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/12/03 10:59:33 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20131218.023\NAVENG.SYS -- (NAVENG)
DRV - [2013/11/21 16:44:27 | 000,376,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/11/21 16:44:27 | 000,108,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/11/16 23:20:11 | 000,142,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/11/05 19:47:54 | 005,589,720 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2013/09/27 03:18:30 | 000,935,512 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\1501000.012\SymEFA.sys -- (SymEFA)
DRV - [2013/09/27 02:45:56 | 000,206,936 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1501000.012\Ironx86.sys -- (SymIRON)
DRV - [2013/09/27 02:26:03 | 000,651,352 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\N360\1501000.012\srtsp.sys -- (SRTSP)
DRV - [2013/09/26 03:28:00 | 000,421,592 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1501000.012\symtdi.sys -- (SYMTDI)
DRV - [2013/09/26 02:50:25 | 000,127,064 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1501000.012\ccSetx86.sys -- (ccSet_N360)
DRV - [2013/09/10 02:47:26 | 000,367,704 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\1501000.012\SymDS.sys -- (SymDS)
DRV - [2013/09/10 01:49:48 | 000,032,344 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1501000.012\srtspx.sys -- (SRTSPX)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/03/04 21:35:15 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2013/01/20 05:02:07 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2010/12/13 14:37:46 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2010/03/19 09:15:50 | 000,046,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2004/08/13 02:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/08/09 11:33:26 | 000,114,016 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004/08/09 11:29:28 | 000,053,920 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2004/07/19 14:49:54 | 000,007,040 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\prosync1.sys -- (prosync1)
DRV - [2003/12/01 15:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2002/02/11 12:13:36 | 000,119,536 | ---- | M] (STMicroelectronics                                          ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\stv680.sys -- (STV680)
DRV - [2002/02/11 12:13:36 | 000,009,024 | ---- | M] (STMicroelectronics                                          ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\stv680m.sys -- (STV680m)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {D784524B-429F-49EC-BBF0-D63E7FC02D95}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{D784524B-429F-49EC-BBF0-D63E7FC02D95}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
 
IE - HKU\S-1-5-21-1645522239-412668190-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://mail.google.com/mail/?shva=1#inbox [binary data]
IE - HKU\S-1-5-21-1645522239-412668190-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
IE - HKU\S-1-5-21-1645522239-412668190-725345543-1003\..\SearchScopes,DefaultScope = {D784524B-429F-49EC-BBF0-D63E7FC02D95}
IE - HKU\S-1-5-21-1645522239-412668190-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1645522239-412668190-725345543-1003\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms}
IE - HKU\S-1-5-21-1645522239-412668190-725345543-1003\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=20&locale=en_US&gct=sb&qsrc=2869
IE - HKU\S-1-5-21-1645522239-412668190-725345543-1003\..\SearchScopes\{D784524B-429F-49EC-BBF0-D63E7FC02D95}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_pt-BR
IE - HKU\S-1-5-21-1645522239-412668190-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1645522239-412668190-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader:  File not found
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\João\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Documents and Settings\João\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\João\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\João\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\João\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [2013/12/19 06:58:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013/11/18 21:11:27 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\gcswf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Jo\u00E3o\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Jo\u00E3o\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Disabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Disabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Zylom Plugin (Disabled) = C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Jo\u00E3o\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Disabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Disabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Documents and Settings\Jo\u00E3o\Application Data\Mozilla\plugins\npo1d.dll
CHR - plugin: DivX VOD Helper Plug-in (Disabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - Extension: wareztuga.tv streamer = C:\Documents and Settings\João\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ajnommifabkikkfaponcacapkfaghkcj\4.1_0\
CHR - Extension: AdBlock = C:\Documents and Settings\João\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\João\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
 
O1 HOSTS File: ([2011/04/11 00:54:14 | 000,000,770 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {326E768D-4182-46FD-9C16-1449A49795F4} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\21.1.0.18\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1645522239-412668190-725345543-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1645522239-412668190-725345543-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [NvBackend] C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [sDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1645522239-412668190-725345543-1003..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe File not found
O4 - HKU\.DEFAULT..\RunOnce: []  File not found
O4 - HKU\.DEFAULT..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 File not found
O4 - HKU\S-1-5-18..\RunOnce: []  File not found
O4 - HKU\S-1-5-18..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 File not found
O4 - HKU\S-1-5-19..\RunOnce: []  File not found
O4 - HKU\S-1-5-20..\RunOnce: []  File not found
O4 - Startup: C:\Documents and Settings\João\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\João\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run:  = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-1645522239-412668190-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1645522239-412668190-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-1645522239-412668190-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-1645522239-412668190-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab (DLM Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab (Java Plug-in 1.7.0_45)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab (Java Plug-in 1.7.0_45)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76E5232D-78DA-4303-B7C5-44ECAF0EDAD1}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/23 01:05:11 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009/02/05 17:17:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/10/29 02:17:12 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/10/29 02:17:12 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2001/06/19 16:39:08 | 000,000,047 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2002/08/25 14:15:08 | 000,098,304 | R--- | M] () - F:\autoplay.exe -- [ CDFS ]
O33 - MountPoints2\{2961dade-105c-11df-b177-002354358080}\Shell - "" = Autorun
O33 - MountPoints2\{2961dade-105c-11df-b177-002354358080}\Shell\AutoRun\command - "" = L:\intro.exe
O33 - MountPoints2\{2961dade-105c-11df-b177-002354358080}\Shell\open\command - "" = L:\intro.exe
O33 - MountPoints2\{5fc3ec0e-03a8-11df-b169-002354358080}\Shell - "" = Autorun
O33 - MountPoints2\{5fc3ec0e-03a8-11df-b169-002354358080}\Shell\AutoRun\command - "" = L:\intro.exe
O33 - MountPoints2\{5fc3ec0e-03a8-11df-b169-002354358080}\Shell\open\command - "" = L:\intro.exe
O33 - MountPoints2\{67f7f526-030e-11e0-b23d-002354358080}\Shell\AutoRun\command - "" = L:\setupSNK.exe
O33 - MountPoints2\{740a87ae-d301-11de-b138-002354358080}\Shell\Autoplay\command - "" = L:\autorun.exe
O33 - MountPoints2\{740a87ae-d301-11de-b138-002354358080}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{740a87ae-d301-11de-b138-002354358080}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL BuEbUD.exe
O33 - MountPoints2\{740a87ae-d301-11de-b138-002354358080}\Shell\explore\Command - "" = L:\autorun.exe
O33 - MountPoints2\{740a87ae-d301-11de-b138-002354358080}\Shell\Open\Command - "" = L:\autorun.exe
O33 - MountPoints2\{8f56ce80-0da5-11df-b175-002354358080}\Shell - "" = Autorun
O33 - MountPoints2\{8f56ce80-0da5-11df-b175-002354358080}\Shell\AutoRun\command - "" = L:\intro.exe
O33 - MountPoints2\{8f56ce80-0da5-11df-b175-002354358080}\Shell\open\command - "" = L:\intro.exe
O33 - MountPoints2\Y\Shell - "" = AutoRun
O33 - MountPoints2\Y\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\Y\Shell\AutoRun\command - "" = Y:\autorun.exe
O33 - MountPoints2\Z\Shell - "" = AutoRun
O33 - MountPoints2\Z\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\Z\Shell\AutoRun\command - "" = Z:\autorun.exe
O33 - MountPoints2\Z\Shell\configure\command - "" = Z:\SETUP.EXE
O33 - MountPoints2\Z\Shell\install\command - "" = Z:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/12/19 16:03:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\João\Desktop\OTL.exe
[2013/12/19 04:22:50 | 000,688,992 | ---- | C] (Swearware) -- C:\Documents and Settings\João\Desktop\dds.scr
[2013/12/19 04:19:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
[2013/12/19 04:17:35 | 000,051,416 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/12/19 04:17:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\João\Desktop\mbar
[2013/12/18 04:41:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logs
[2013/12/18 01:33:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2013/12/17 23:48:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\João\Local Settings\Application Data\SlimWare Utilities Inc
[2013/12/17 23:44:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SlimWare Utilities Inc
[2013/12/17 23:44:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Downloaded Installers
[2013/12/17 22:55:29 | 000,000,000 | ---D | C] -- C:\N360_BACKUP
[2013/12/17 22:15:55 | 000,000,000 | ---D | C] -- C:\Program Files\GPU-Z
[2013/12/17 21:16:32 | 000,359,016 | ---- | C] (Realtek Semiconductor Crop.) -- C:\WINDOWS\vncutil.exe
[2013/12/17 21:16:32 | 000,129,640 | ---- | C] (Realtek Semiconductor) -- C:\WINDOWS\RtkAudioService.exe
[2013/12/17 21:16:25 | 001,691,480 | ---- | C] (Creative) -- C:\WINDOWS\System32\drivers\Ambfilt.sys
[2013/12/17 21:00:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\eSupport.com
[2013/12/17 21:00:34 | 000,000,000 | ---D | C] -- C:\Program Files\eSupport.com
[2013/12/17 20:04:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/12/17 20:04:45 | 000,018,968 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe
[2013/12/17 20:04:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2013/12/17 20:04:36 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013/12/17 20:00:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/12/17 20:00:42 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/12/17 20:00:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/12/17 18:13:17 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2013/12/17 18:11:52 | 000,057,344 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2013/12/17 18:01:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\João\Local Settings\Application Data\NVIDIA
[2013/12/17 17:31:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NVIDIA Corporation
[2013/12/14 06:21:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2013/12/14 02:50:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2013/12/14 02:49:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2013/12/14 02:39:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2013/12/14 02:20:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\João\Desktop\Catalog
[2013/12/10 12:34:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2013/12/09 07:44:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\João\Recent
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/12/19 16:16:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/12/19 16:12:57 | 000,003,334 | ---- | M] () -- C:\WINDOWS\System32\nvAppTimestamps
[2013/12/19 16:03:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\João\Desktop\OTL.exe
[2013/12/19 15:40:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-412668190-725345543-1003UA.job
[2013/12/19 15:32:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/19 13:42:10 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2013/12/19 12:10:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\SlimCleaner Plus (Scheduled Scan - João).job
[2013/12/19 07:00:50 | 000,444,794 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/12/19 07:00:50 | 000,072,544 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/12/19 06:56:48 | 000,000,644 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/12/19 06:56:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/12/19 06:56:17 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/19 06:56:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/12/19 04:35:02 | 000,688,992 | ---- | M] (Swearware) -- C:\Documents and Settings\João\Desktop\dds.scr
[2013/12/19 04:18:40 | 000,051,416 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/12/19 04:13:34 | 000,139,048 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2013/12/19 04:13:29 | 000,282,296 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2013/12/19 04:12:53 | 000,001,021 | ---- | M] () -- C:\Documents and Settings\João\Start Menu\Programs\Startup\Dropbox.lnk
[2013/12/19 04:12:27 | 000,001,003 | ---- | M] () -- C:\Documents and Settings\João\Desktop\Dropbox.lnk
[2013/12/19 03:59:48 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{9BEF9909-15B3-458A-A529-28AA5EB328C3}.job
[2013/12/19 03:22:06 | 000,000,290 | RHS- | M] () -- C:\boot.ini
[2013/12/19 00:45:23 | 001,129,256 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013/12/19 00:45:23 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013/12/18 23:40:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-412668190-725345543-1003Core.job
[2013/12/18 04:52:39 | 000,002,396 | ---- | M] () -- C:\WINDOWS\System32\ASOROSet.bin
[2013/12/18 04:41:52 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dll-Files Fixer.lnk
[2013/12/18 04:08:43 | 000,000,262 | ---- | M] () -- C:\WINDOWS\tasks\DLL-Files Fixer.job
[2013/12/18 04:04:56 | 000,456,622 | ---- | M] () -- C:\Documents and Settings\João\Desktop\cc_20131218_040450.reg
[2013/12/18 00:32:56 | 000,282,296 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.ex0
[2013/12/18 00:30:10 | 000,000,616 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/12/17 23:29:33 | 002,220,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/12/17 21:00:36 | 000,000,891 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Find Drivers with BIOSAgentPlus.lnk
[2013/12/17 20:05:44 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2013/12/17 20:04:52 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2013/12/17 20:00:45 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/17 19:44:26 | 001,129,256 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013/12/17 18:11:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2013/12/17 18:01:22 | 000,001,000 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GeForce Experience.lnk
[2013/12/17 05:08:25 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/12/16 05:54:46 | 000,197,120 | ---- | M] () -- C:\Documents and Settings\João\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/12/14 23:05:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/12/14 21:45:25 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\DLL-Files.Com Fixer_Updates.job
[2013/12/14 04:46:40 | 000,000,504 | ---- | M] () -- C:\Documents and Settings\João\Desktop\Shortcut to TESE.lnk
[2013/12/10 12:34:48 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2013/12/10 05:07:57 | 000,001,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AutoCAD 2011 - English.lnk
[2013/12/05 22:34:22 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/12/04 23:05:37 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/12/18 04:44:21 | 000,002,396 | ---- | C] () -- C:\WINDOWS\System32\ASOROSet.bin
[2013/12/18 04:08:43 | 000,000,262 | ---- | C] () -- C:\WINDOWS\tasks\DLL-Files Fixer.job
[2013/12/18 04:04:54 | 000,456,622 | ---- | C] () -- C:\Documents and Settings\João\Desktop\cc_20131218_040450.reg
[2013/12/18 00:02:56 | 000,394,166 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1645522239-412668190-725345543-1003-0.dat
[2013/12/17 23:48:30 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\SlimCleaner Plus (Scheduled Scan - João).job
[2013/12/17 21:16:28 | 000,026,084 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2013/12/17 21:00:35 | 000,000,891 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Find Drivers with BIOSAgentPlus.lnk
[2013/12/17 20:05:42 | 000,000,446 | ---- | C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2013/12/17 20:05:40 | 000,000,616 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/12/17 20:05:38 | 000,000,644 | ---- | C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/12/17 20:04:52 | 000,001,842 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/12/17 20:04:51 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2013/12/17 20:00:44 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/17 18:19:44 | 000,003,334 | ---- | C] () -- C:\WINDOWS\System32\nvAppTimestamps
[2013/12/17 18:17:14 | 000,394,166 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/12/17 18:11:47 | 001,129,256 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013/12/17 18:11:47 | 001,129,256 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013/12/17 18:11:47 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013/12/17 18:11:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2013/12/17 18:08:32 | 003,556,824 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2013/12/17 18:08:32 | 000,018,657 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2013/12/17 18:01:21 | 000,001,000 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GeForce Experience.lnk
[2013/12/10 12:34:47 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2013/11/11 05:44:18 | 004,179,960 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/01/21 20:01:48 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2013/01/21 20:01:47 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2013/01/21 19:54:51 | 000,033,019 | ---- | C] () -- C:\WINDOWS\System32\CoreAAC-uninstall.exe
[2012/11/03 17:32:42 | 000,000,193 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2011/01/06 19:20:00 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\João\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/01/06 19:14:57 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/04/16 18:24:51 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\João\Application Data\PnkBstrK.sys
[2010/03/13 18:46:02 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\João\Local Settings\Application Data\fusioncache.dat
[2009/09/13 03:42:41 | 000,000,222 | ---- | C] () -- C:\Documents and Settings\João\default.pls
[2009/03/25 19:51:45 | 000,197,120 | ---- | C] () -- C:\Documents and Settings\João\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/05 18:41:39 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\João\.rnd
 
========== ZeroAccess Check ==========
 
[2009/02/05 17:45:43 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/11/05 19:00:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2011/01/23 01:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2013/03/04 21:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/05/26 16:58:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2009/07/01 17:46:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2013/01/14 19:17:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hi-Rez Studios
[2013/12/18 04:41:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Logs
[2009/11/01 04:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2010/12/12 12:54:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2013/12/17 23:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlimWare Utilities Inc
[2009/06/23 21:52:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Smith Micro
[2013/12/19 02:47:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soluto
[2010/12/20 20:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/11/26 04:36:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinMount
[2010/02/03 19:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009/04/02 18:42:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/11/04 04:01:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/21 00:31:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/22 16:23:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/01/23 01:37:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\Autodesk
[2009/10/26 11:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\com.adobe.ExMan
[2009/04/14 15:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\DAEMON Tools
[2013/03/04 21:37:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\DAEMON Tools Lite
[2009/05/21 19:26:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\DAEMON Tools Pro
[2009/08/19 12:03:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\dBpoweramp
[2013/03/04 21:45:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\dll-files.com
[2009/10/29 02:24:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\João\Application Data\drivers
[2013/12/19 06:58:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\Dropbox
[2010/05/29 00:09:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\eMule
[2009/11/30 15:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\EPSON
[2010/03/30 23:40:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\Leadertech
[2010/05/12 00:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\LolClient
[2009/09/25 14:59:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2010/03/11 00:21:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\MSNInstaller
[2011/04/13 22:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\My Battle for Middle-earth II Files
[2009/09/29 18:05:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\Notepad++
[2010/12/12 12:54:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\PlayFirst
[2011/05/14 19:53:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\Rovio
[2013/11/11 18:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\Soluto
[2011/04/11 00:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\Tific
[2013/12/19 01:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\TS3Client
[2013/12/19 04:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\uTorrent
[2010/06/17 13:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\WinMount
[2010/03/09 21:28:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\YouSendIt
[2010/02/12 18:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\Zylom
[2013/12/18 04:55:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\TightVNC
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\João\Desktop\dds.scr:SummaryInformation
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3790BACD
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A966CC2
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3815BC84
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2EB79F01
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:91486201
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:22741C1F
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
 
< End of report >
Link to post
Share on other sites

And here is the Extras log:

 

 

OTL Extras logfile created on: 12/19/2013 4:13:34 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\João\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.25 Gb Total Physical Memory | 2.05 Gb Available Physical Memory | 62.96% Memory free
7.97 Gb Paging File | 6.87 Gb Available in Paging File | 86.16% Paging File free
Paging file location(s): D:\pagefile.sys 5000 10000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 205.81 Gb Free Space | 44.19% Space Free | Partition Type: NTFS
Drive D: | 465.75 Gb Total Space | 247.03 Gb Free Space | 53.04% Space Free | Partition Type: NTFS
Drive E: | 5.72 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 654.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: SOPRANO | User Name: João | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.scr [@ = AutoCADScriptFile] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-1645522239-412668190-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableConfig" = 0
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"8370:TCP" = 8370:TCP:*:Enabled:League of Legends Launcher
"8370:UDP" = 8370:UDP:*:Enabled:League of Legends Launcher
"8371:TCP" = 8371:TCP:*:Enabled:League of Legends Launcher
"8371:UDP" = 8371:UDP:*:Enabled:League of Legends Launcher
"8372:TCP" = 8372:TCP:*:Enabled:League of Legends Launcher
"8372:UDP" = 8372:UDP:*:Enabled:League of Legends Launcher
"8373:TCP" = 8373:TCP:*:Enabled:League of Legends Launcher
"8373:UDP" = 8373:UDP:*:Enabled:League of Legends Launcher
"8374:TCP" = 8374:TCP:*:Enabled:League of Legends Launcher
"8374:UDP" = 8374:UDP:*:Enabled:League of Legends Launcher
"8375:TCP" = 8375:TCP:*:Enabled:League of Legends Launcher
"8375:UDP" = 8375:UDP:*:Enabled:League of Legends Launcher
"8376:TCP" = 8376:TCP:*:Enabled:League of Legends Launcher
"8376:UDP" = 8376:UDP:*:Enabled:League of Legends Launcher
"8377:TCP" = 8377:TCP:*:Enabled:League of Legends Launcher
"8377:UDP" = 8377:UDP:*:Enabled:League of Legends Launcher
"8378:TCP" = 8378:TCP:*:Enabled:League of Legends Launcher
"8378:UDP" = 8378:UDP:*:Enabled:League of Legends Launcher
"6989:TCP" = 6989:TCP:*:Enabled:League of Legends Launcher
"6989:UDP" = 6989:UDP:*:Enabled:League of Legends Launcher
"6922:TCP" = 6922:TCP:*:Enabled:League of Legends Launcher
"6922:UDP" = 6922:UDP:*:Enabled:League of Legends Launcher
"8379:TCP" = 8379:TCP:*:Enabled:League of Legends Launcher
"8379:UDP" = 8379:UDP:*:Enabled:League of Legends Launcher
"8380:TCP" = 8380:TCP:*:Enabled:League of Legends Launcher
"8380:UDP" = 8380:UDP:*:Enabled:League of Legends Launcher
"8381:TCP" = 8381:TCP:*:Enabled:League of Legends Launcher
"8381:UDP" = 8381:UDP:*:Enabled:League of Legends Launcher
"6931:TCP" = 6931:TCP:*:Enabled:League of Legends Launcher
"6931:UDP" = 6931:UDP:*:Enabled:League of Legends Launcher
"6976:TCP" = 6976:TCP:*:Enabled:League of Legends Launcher
"6976:UDP" = 6976:UDP:*:Enabled:League of Legends Launcher
"6920:TCP" = 6920:TCP:*:Enabled:League of Legends Launcher
"6920:UDP" = 6920:UDP:*:Enabled:League of Legends Launcher
"6923:TCP" = 6923:TCP:*:Enabled:League of Legends Launcher
"6923:UDP" = 6923:UDP:*:Enabled:League of Legends Launcher
"8382:TCP" = 8382:TCP:*:Enabled:League of Legends Launcher
"8382:UDP" = 8382:UDP:*:Enabled:League of Legends Launcher
"6930:TCP" = 6930:TCP:*:Enabled:League of Legends Launcher
"6930:UDP" = 6930:UDP:*:Enabled:League of Legends Launcher
"6907:TCP" = 6907:TCP:*:Enabled:League of Legends Launcher
"6907:UDP" = 6907:UDP:*:Enabled:League of Legends Launcher
"6996:TCP" = 6996:TCP:*:Enabled:League of Legends Launcher
"6996:UDP" = 6996:UDP:*:Enabled:League of Legends Launcher
"6913:TCP" = 6913:TCP:*:Enabled:League of Legends Launcher
"6913:UDP" = 6913:UDP:*:Enabled:League of Legends Launcher
"8383:TCP" = 8383:TCP:*:Enabled:League of Legends Launcher
"8383:UDP" = 8383:UDP:*:Enabled:League of Legends Launcher
"8393:TCP" = 8393:TCP:*:Enabled:League of Legends Lobby
"8393:UDP" = 8393:UDP:*:Enabled:League of Legends Lobby
"8390:TCP" = 8390:TCP:*:Enabled:League of Legends Game Client
"8390:UDP" = 8390:UDP:*:Enabled:League of Legends Game Client
"6916:TCP" = 6916:TCP:*:Enabled:League of Legends Launcher
"6916:UDP" = 6916:UDP:*:Enabled:League of Legends Launcher
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"D:\Battle For Middle Earth\game.dat" = D:\Battle For Middle Earth\game.dat:*:Enabled:The Battle for Middle-earth II -- (Electronic Arts Inc.)
"C:\Riot Games\League of Legends\air\LolClient.exe" = C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby
"C:\Riot Games\League of Legends\game\League of Legends.exe" = C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
"D:\Games\BF2142.exe" = D:\Games\BF2142.exe:*:Enabled:Battlefield 2 -- ()
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe" = C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead
"C:\Documents and Settings\João\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\João\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe" = C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2 -- (EA Digital Illusions CE AB)
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"C:\Program Files\Steam\steamapps\common\unreal tournament 3\Binaries\UT3.exe" = C:\Program Files\Steam\steamapps\common\unreal tournament 3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3: Black Edition
"C:\Program Files\Steam\steamapps\common\the witcher enhanced edition\System\witcher.exe" = C:\Program Files\Steam\steamapps\common\the witcher enhanced edition\System\witcher.exe:*:Enabled:The Witcher: Enhanced Edition
"C:\Program Files\Steam\steamapps\common\the witcher enhanced edition\System\djinni!.exe" = C:\Program Files\Steam\steamapps\common\the witcher enhanced edition\System\djinni!.exe:*:Enabled:The Witcher: Enhanced Edition
"C:\Riot Games\League of Legends\lol.launcher.exe" = C:\Riot Games\League of Legends\lol.launcher.exe:*:Enabled:League of Legends Launcher -- ()
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Documents and Settings\João\Local Settings\Application Data\Akamai\netsession_win.exe" = C:\Documents and Settings\João\Local Settings\Application Data\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Interface
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Documents and Settings\All Users\Documents\Meus Documentos\Downloads\solutoinstaller-b7C3GcKf0i_u97055935.exe" = C:\Documents and Settings\All Users\Documents\Meus Documentos\Downloads\solutoinstaller-b7C3GcKf0i_u97055935.exe:*:Enabled:SolutoInstaller
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe" = C:\Program Files\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe:*:Enabled:Stronghold Crusader -- ( )
"C:\Program Files\Firefly Studios\Stronghold Crusader\Stronghold_Crusader_Extreme.exe" = C:\Program Files\Firefly Studios\Stronghold Crusader\Stronghold_Crusader_Extreme.exe:*:Enabled:Stronghold Crusader Extreme -- ( )
"C:\Documents and Settings\All Users\Documents\Meus Documentos\Downloads\solutoinstaller-w74gy98ao26d.exe" = C:\Documents and Settings\All Users\Documents\Meus Documentos\Downloads\solutoinstaller-w74gy98ao26d.exe:*:Enabled:SolutoInstaller -- (Soluto Inc)
"C:\Program Files\Soluto\SolutoRemoteDirect.exe" = C:\Program Files\Soluto\SolutoRemoteDirect.exe:*:Enabled:Soluto Direct Remote Access
"C:\Documents and Settings\João\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\João\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Steam\steamapps\common\Tower Wars\TW.exe" = C:\Program Files\Steam\steamapps\common\Tower Wars\TW.exe:*:Enabled:Tower Wars -- ()
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
"C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Game.exe" = C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Game.exe:*:Enabled:Battlefield: Bad Company™ 2 -- (EA Digital Illusions CE AB)
"C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe" = C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe:*:Enabled:NVIDIA Network Service TCP Exception (HTTPS) -- (NVIDIA Corporation)
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}" = Apple Mobile Device Support
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217011FF}" = Java 7 Update 11
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{2A83AD05-56E6-3FBD-8752-B4143162EF59}" = Google Talk Plugin
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth II
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{370CA4B0-A1D8-4863-A3C5-6879AEE1663A}" = Angry Birds
"{37491A3D-B2A6-402D-898E-5C4EF3984C29}" = Adobe Flash Media Live Encoder 3.1
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5783F2D7-8001-0409-0002-0060B0CE6BBA}" = AutoCAD 2010 - English
"{5783F2D7-8001-0409-1002-0060B0CE6BBA}" = AutoCAD 2010 Language Pack - English
"{5783F2D7-9001-0409-0002-0060B0CE6BBA}" = AutoCAD 2011 - English
"{5783F2D7-9001-0409-1002-0060B0CE6BBA}" = AutoCAD 2011 Language Pack - English
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5BEBD7F0-5544-3B4C-8D15-7154AA35BEA2}" = Google Talk Plugin
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{7057ABC2-EFF3-4E43-9806-8BCB6EEA9FE6}" = Microsoft IntelliPoint 7.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{868EC22E-7E82-4760-9265-3F2E705BF24B}" = League of Legends
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{870815CA-6B60-47B6-88DD-A67F42D2F03E}" = GPL MPEG-1/2 DirectShow Decoder Filter
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme HD
"{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 12
"{90120000-0010-0816-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (Portuguese (Portugal)) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0816-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Portugal)) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0816-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Portugal)) 2007
"{90120000-0017-0816-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Portuguese (Portugal)) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0816-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0816-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Portugal)) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0816-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Portugal)) 2007
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0816-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Portugal)) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_WORD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_WORD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0816-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Portugal)) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_WORD_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-0816-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Portugal)) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0816-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Portugal)) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0816-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Portugal)) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0816-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Portugal)) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0816-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Portugal)) 2007
"{90120000-0100-0816-0000-0000000FF1CE}" = Microsoft Office O MUI (Portuguese (Portugal)) 2007
"{90120000-0101-0816-0000-0000000FF1CE}" = Microsoft Office X MUI (Portuguese (Portugal)) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.8.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.53
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C309F22B-19ED-4667-950C-2188A4B26E34}" = Google SketchUp Pro 7
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C8EBB0DE-5655-4D32-99E1-9447E702A89F}" = iTunes
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E7391464-6939-413C-B427-32F33FE13484}" = GameSpy Comrade
"{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}" = Battlefield 2142
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F296739D-AF5C-4426-972A-0DC916D11033}" = Nero 8
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AutoCAD 2010 - English" = AutoCAD 2010 - English
"AutoCAD 2010 - English Version 2" = AutoCAD 2010 - English Version 2
"AutoCAD 2011 - English" = AutoCAD 2011 - English
"AviSynth" = AviSynth 2.5
"BIOSAgentPlus_is1" = BIOSAgentPlus by eSupport.com
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CoreAAC Audio Decoder" = CoreAAC Audio Decoder (remove only)
"Disciples 2 Collector's Edition" = Disciples 2 Collector's Edition
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX Setup
"DIVXAudioCompressor4.02" = DivX ;-) Audio Compressor 4.02
"Dll-Files Fixer_is1" = Dll-Files Fixer
"DriverAgent.exe" = DriverAgent by eSupport.com
"DVD-lab PRO 2.51_is1" = DVD-lab PRO 2.51
"EADM" = EA Download Manager
"eMule" = eMule
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"EVEREST Corporate Edition_is1" = EVEREST Corporate Edition v4.50
"Google Updater" = Google Updater
"HaaliMkx" = Haali Media Splitter
"ie8" = Windows Internet Explorer 8
"InstallShield_{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MSNINST" = MSN
"N360" = Norton 360
"Notepad++" = Notepad++
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OMUI.pt-pt" = Microsoft Office Language Pack 2007 - Portuguese/Português
"OpenAL" = OpenAL
"PANZERS - Phase1" = PANZERS - Phase1
"Pharaoh" = Pharaoh
"PunkBusterSvc" = PunkBuster Services
"ScreenCam_is1" = ScreenCam
"Steam App 214360" = Tower Wars
"Steam App 440" = Team Fortress 2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TechPowerUp GPU-Z" = TechPowerUp GPU-Z
"VLC media player" = VLC media player 1.0.2
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinMount3_is1" = WinMount V3.2.0902
"WinRAR archiver" = WinRAR archiver
"WORD" = Microsoft Office Word 2007
"Xvid_is1" = Xvid 1.2.2 final uninstall
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1645522239-412668190-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11/8/2013 7:10:05 PM | Computer Name = SOPRANO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1954
 
Error - 11/8/2013 7:10:05 PM | Computer Name = SOPRANO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1954
 
Error - 11/21/2013 2:17:34 PM | Computer Name = SOPRANO | Source = Application Error | ID = 1000
Description = Faulting application league of legends.exe, version 3.14.0.700, faulting
 module league of legends.exe, version 3.14.0.700, fault address 0x0042c7b0.
 
Error - 11/26/2013 12:23:27 PM | Computer Name = SOPRANO | Source = Application Error | ID = 1000
Description = Faulting application league of legends.exe, version 3.14.0.700, faulting
 module league of legends.exe, version 3.14.0.700, fault address 0x0042c7b0.
 
Error - 12/3/2013 7:23:00 PM | Computer Name = SOPRANO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 12/3/2013 7:23:00 PM | Computer Name = SOPRANO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1937
 
Error - 12/3/2013 7:23:00 PM | Computer Name = SOPRANO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1937
 
Error - 12/12/2013 7:50:15 PM | Computer Name = SOPRANO | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 with error: The server name or address could not be resolved  
 
Error - 12/13/2013 11:32:53 PM | Computer Name = SOPRANO | Source = Application Error | ID = 1000
Description = Faulting application league of legends.exe, version 3.15.0.244, faulting
 module league of legends.exe, version 3.15.0.244, fault address 0x0042c6b0.
 
Error - 12/15/2013 12:23:46 PM | Computer Name = SOPRANO | Source = Application Error | ID = 1000
Description = Faulting application league of legends.exe, version 3.15.0.255, faulting
 module league of legends.exe, version 3.15.0.255, fault address 0x0042c6b0.
 
[ System Events ]
Error - 12/18/2013 11:09:00 PM | Computer Name = SOPRANO | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security
 Center Service service to connect.
 
Error - 12/18/2013 11:09:00 PM | Computer Name = SOPRANO | Source = Service Control Manager | ID = 7000
Description = The Spybot-S&D 2 Security Center Service service failed to start due
 to the following error:   %%1053
 
Error - 12/18/2013 11:14:58 PM | Computer Name = SOPRANO | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Update Service
 (gupdate1c9bd5ae33f73a4) service to connect.
 
Error - 12/18/2013 11:14:58 PM | Computer Name = SOPRANO | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate1c9bd5ae33f73a4) service failed 
to start due to the following error:   %%1053
 
Error - 12/18/2013 11:14:58 PM | Computer Name = SOPRANO | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security
 Center Service service to connect.
 
Error - 12/18/2013 11:14:58 PM | Computer Name = SOPRANO | Source = Service Control Manager | ID = 7000
Description = The Spybot-S&D 2 Security Center Service service failed to start due
 to the following error:   %%1053
 
Error - 12/19/2013 1:24:46 AM | Computer Name = SOPRANO | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service iPod Service
 with arguments ""  in order to run the server:  {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
 
Error - 12/19/2013 2:54:53 AM | Computer Name = SOPRANO | Source = DCOM | ID = 10010
Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register
 with DCOM within the required timeout.
 
Error - 12/19/2013 2:56:42 AM | Computer Name = SOPRANO | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security
 Center Service service to connect.
 
Error - 12/19/2013 2:56:42 AM | Computer Name = SOPRANO | Source = Service Control Manager | ID = 7000
Description = The Spybot-S&D 2 Security Center Service service failed to start due
 to the following error:   %%1053
 
 
< End of report >
Link to post
Share on other sites

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as eMule or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Please generate a new fresh OTL log files when you are ready.

Link to post
Share on other sites

Hi! Thanks for the heads up.

I read the peer to peer policy, and i uninstalled utorrent, but i completely forgot eMule was still here! Sorry, hadn't used it since 2009!

Here are the new logs:

 

This time OTL didn't create an Extras.txt file, 

 

OTL log:

 

OTL logfile created on: 12/19/2013 6:08:02 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\João\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.25 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 47.58% Memory free
7.97 Gb Paging File | 6.26 Gb Available in Paging File | 78.54% Paging File free
Paging file location(s): D:\pagefile.sys 5000 10000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 205.77 Gb Free Space | 44.18% Space Free | Partition Type: NTFS
Drive D: | 465.75 Gb Total Space | 247.03 Gb Free Space | 53.04% Space Free | Partition Type: NTFS
Drive E: | 5.72 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 654.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: SOPRANO | User Name: João | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/12/19 16:03:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\João\Desktop\OTL.exe
PRC - [2013/12/18 01:02:36 | 030,714,312 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\João\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2013/12/10 02:22:32 | 002,279,712 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2013/12/10 02:21:14 | 001,494,304 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2013/12/04 02:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/11/05 03:30:13 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/10/29 10:46:44 | 000,064,008 | ---- | M] (Google) -- C:\Documents and Settings\João\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2013/10/15 12:27:38 | 003,921,880 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/10/08 12:05:13 | 000,264,360 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\21.1.0.18\N360.exe
PRC - [2013/09/20 10:57:26 | 001,042,272 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/07/25 11:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/28 16:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/12/18 01:01:12 | 003,558,400 | ---- | M] () -- C:\Documents and Settings\João\Application Data\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/12/04 02:48:04 | 000,399,312 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll
MOD - [2013/12/04 02:48:03 | 013,586,896 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
MOD - [2013/12/04 02:48:02 | 004,055,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013/12/04 02:47:11 | 000,702,416 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
MOD - [2013/12/04 02:47:11 | 000,099,792 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\libegl.dll
MOD - [2013/12/04 02:47:08 | 001,619,408 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
MOD - [2013/08/23 19:01:44 | 025,100,288 | ---- | M] () -- C:\Documents and Settings\João\Application Data\Dropbox\bin\libcef.dll
MOD - [2013/05/16 10:55:28 | 000,161,112 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2012/08/23 10:38:24 | 000,574,840 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
MOD - [2012/04/03 17:06:14 | 000,565,640 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
MOD - [2011/05/19 20:34:22 | 000,056,224 | ---- | M] () -- \\?\C:\Program Files\Spybot - Search & Destroy 2\av\avxdisk.dll
MOD - [2009/08/13 15:25:30 | 000,180,224 | ---- | M] () -- C:\Program Files\WinMount\ShlExt\BrowserExt.dll
MOD - [2009/06/12 13:52:22 | 000,074,240 | ---- | M] () -- C:\Program Files\WinMount\ShlExt\MountExt.dll
MOD - [2008/09/16 19:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - [2013/12/18 09:16:12 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/11 19:40:36 | 000,569,768 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/12/10 02:21:14 | 001,494,304 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2013/11/05 03:30:13 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/10/08 12:05:13 | 000,264,360 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\21.1.0.18\N360.exe -- (N360)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/01/23 01:39:01 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/05/28 16:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007/01/11 04:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\JOO~1\LOCALS~1\Temp\GPU-Z.sys -- (GPU-Z)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\TEMP\cpuz136\cpuz136_x32.sys -- (cpuz136)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\TEMP\cpuz135\cpuz135_x32.sys -- (cpuz135)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\JOO~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (auaut1un)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (ar1b1a79)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (a2dgnnsf)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (a1ah3d2q)
DRV - [2013/12/13 06:57:23 | 000,382,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20131218.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2013/12/03 18:27:33 | 001,098,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20131203.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/12/03 10:59:33 | 001,612,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20131218.023\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/12/03 10:59:33 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20131218.023\NAVENG.SYS -- (NAVENG)
DRV - [2013/11/21 16:44:27 | 000,376,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/11/21 16:44:27 | 000,108,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/11/16 23:20:11 | 000,142,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/11/05 19:47:54 | 005,589,720 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2013/09/27 03:18:30 | 000,935,512 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\1501000.012\SymEFA.sys -- (SymEFA)
DRV - [2013/09/27 02:45:56 | 000,206,936 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1501000.012\Ironx86.sys -- (SymIRON)
DRV - [2013/09/27 02:26:03 | 000,651,352 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\N360\1501000.012\srtsp.sys -- (SRTSP)
DRV - [2013/09/26 03:28:00 | 000,421,592 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1501000.012\symtdi.sys -- (SYMTDI)
DRV - [2013/09/26 02:50:25 | 000,127,064 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1501000.012\ccSetx86.sys -- (ccSet_N360)
DRV - [2013/09/10 02:47:26 | 000,367,704 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\1501000.012\SymDS.sys -- (SymDS)
DRV - [2013/09/10 01:49:48 | 000,032,344 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1501000.012\srtspx.sys -- (SRTSPX)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/03/04 21:35:15 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2013/01/20 05:02:07 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2010/12/13 14:37:46 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2010/03/19 09:15:50 | 000,046,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2004/08/13 02:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/08/09 11:33:26 | 000,114,016 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004/08/09 11:29:28 | 000,053,920 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2004/07/19 14:49:54 | 000,007,040 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\prosync1.sys -- (prosync1)
DRV - [2003/12/01 15:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2002/02/11 12:13:36 | 000,119,536 | ---- | M] (STMicroelectronics                                          ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\stv680.sys -- (STV680)
DRV - [2002/02/11 12:13:36 | 000,009,024 | ---- | M] (STMicroelectronics                                          ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\stv680m.sys -- (STV680m)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {D784524B-429F-49EC-BBF0-D63E7FC02D95}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{D784524B-429F-49EC-BBF0-D63E7FC02D95}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
 
IE - HKU\S-1-5-21-1645522239-412668190-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://mail.google.com/mail/?shva=1#inbox [binary data]
IE - HKU\S-1-5-21-1645522239-412668190-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
IE - HKU\S-1-5-21-1645522239-412668190-725345543-1003\..\SearchScopes,DefaultScope = {D784524B-429F-49EC-BBF0-D63E7FC02D95}
IE - HKU\S-1-5-21-1645522239-412668190-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1645522239-412668190-725345543-1003\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms}
IE - HKU\S-1-5-21-1645522239-412668190-725345543-1003\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=20&locale=en_US&gct=sb&qsrc=2869
IE - HKU\S-1-5-21-1645522239-412668190-725345543-1003\..\SearchScopes\{D784524B-429F-49EC-BBF0-D63E7FC02D95}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_pt-BR
IE - HKU\S-1-5-21-1645522239-412668190-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1645522239-412668190-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader:  File not found
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\João\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Documents and Settings\João\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\João\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\João\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\João\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [2013/12/19 06:58:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013/11/18 21:11:27 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\gcswf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Jo\u00E3o\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Jo\u00E3o\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Disabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Disabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Zylom Plugin (Disabled) = C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Jo\u00E3o\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Disabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Disabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Documents and Settings\Jo\u00E3o\Application Data\Mozilla\plugins\npo1d.dll
CHR - plugin: DivX VOD Helper Plug-in (Disabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - Extension: wareztuga.tv streamer = C:\Documents and Settings\João\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ajnommifabkikkfaponcacapkfaghkcj\4.1_0\
CHR - Extension: AdBlock = C:\Documents and Settings\João\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\João\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
 
O1 HOSTS File: ([2011/04/11 00:54:14 | 000,000,770 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {326E768D-4182-46FD-9C16-1449A49795F4} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\21.1.0.18\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1645522239-412668190-725345543-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1645522239-412668190-725345543-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [NvBackend] C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [sDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1645522239-412668190-725345543-1003..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe File not found
O4 - HKU\.DEFAULT..\RunOnce: []  File not found
O4 - HKU\.DEFAULT..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 File not found
O4 - HKU\S-1-5-18..\RunOnce: []  File not found
O4 - HKU\S-1-5-18..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 File not found
O4 - HKU\S-1-5-19..\RunOnce: []  File not found
O4 - HKU\S-1-5-20..\RunOnce: []  File not found
O4 - Startup: C:\Documents and Settings\João\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\João\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run:  = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-1645522239-412668190-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1645522239-412668190-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-1645522239-412668190-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-1645522239-412668190-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab (DLM Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab (Java Plug-in 1.7.0_45)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab (Java Plug-in 1.7.0_45)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76E5232D-78DA-4303-B7C5-44ECAF0EDAD1}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/23 01:05:11 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009/02/05 17:17:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/10/29 02:17:12 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/10/29 02:17:12 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2001/06/19 16:39:08 | 000,000,047 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2002/08/25 14:15:08 | 000,098,304 | R--- | M] () - F:\autoplay.exe -- [ CDFS ]
O33 - MountPoints2\{2961dade-105c-11df-b177-002354358080}\Shell - "" = Autorun
O33 - MountPoints2\{2961dade-105c-11df-b177-002354358080}\Shell\AutoRun\command - "" = L:\intro.exe
O33 - MountPoints2\{2961dade-105c-11df-b177-002354358080}\Shell\open\command - "" = L:\intro.exe
O33 - MountPoints2\{565ce743-f3a7-11dd-b009-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{565ce743-f3a7-11dd-b009-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{565ce743-f3a7-11dd-b009-806d6172696f}\Shell\AutoRun\command - "" = F:\autoplay.exe -- [2002/08/25 14:15:08 | 000,098,304 | R--- | M] ()
O33 - MountPoints2\{5fc3ec0e-03a8-11df-b169-002354358080}\Shell - "" = Autorun
O33 - MountPoints2\{5fc3ec0e-03a8-11df-b169-002354358080}\Shell\AutoRun\command - "" = L:\intro.exe
O33 - MountPoints2\{5fc3ec0e-03a8-11df-b169-002354358080}\Shell\open\command - "" = L:\intro.exe
O33 - MountPoints2\{67f7f526-030e-11e0-b23d-002354358080}\Shell\AutoRun\command - "" = L:\setupSNK.exe
O33 - MountPoints2\{740a87ae-d301-11de-b138-002354358080}\Shell\Autoplay\command - "" = L:\autorun.exe
O33 - MountPoints2\{740a87ae-d301-11de-b138-002354358080}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{740a87ae-d301-11de-b138-002354358080}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL BuEbUD.exe
O33 - MountPoints2\{740a87ae-d301-11de-b138-002354358080}\Shell\explore\Command - "" = L:\autorun.exe
O33 - MountPoints2\{740a87ae-d301-11de-b138-002354358080}\Shell\Open\Command - "" = L:\autorun.exe
O33 - MountPoints2\{8f56ce80-0da5-11df-b175-002354358080}\Shell - "" = Autorun
O33 - MountPoints2\{8f56ce80-0da5-11df-b175-002354358080}\Shell\AutoRun\command - "" = L:\intro.exe
O33 - MountPoints2\{8f56ce80-0da5-11df-b175-002354358080}\Shell\open\command - "" = L:\intro.exe
O33 - MountPoints2\Y\Shell - "" = AutoRun
O33 - MountPoints2\Y\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\Y\Shell\AutoRun\command - "" = Y:\autorun.exe
O33 - MountPoints2\Z\Shell - "" = AutoRun
O33 - MountPoints2\Z\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\Z\Shell\AutoRun\command - "" = Z:\autorun.exe
O33 - MountPoints2\Z\Shell\configure\command - "" = Z:\SETUP.EXE
O33 - MountPoints2\Z\Shell\install\command - "" = Z:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/12/19 16:03:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\João\Desktop\OTL.exe
[2013/12/19 04:22:50 | 000,688,992 | ---- | C] (Swearware) -- C:\Documents and Settings\João\Desktop\dds.scr
[2013/12/19 04:19:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
[2013/12/19 04:17:35 | 000,051,416 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/12/19 04:17:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\João\Desktop\mbar
[2013/12/18 04:41:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logs
[2013/12/18 01:33:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2013/12/17 23:48:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\João\Local Settings\Application Data\SlimWare Utilities Inc
[2013/12/17 23:44:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SlimWare Utilities Inc
[2013/12/17 23:44:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Downloaded Installers
[2013/12/17 22:55:29 | 000,000,000 | ---D | C] -- C:\N360_BACKUP
[2013/12/17 22:15:55 | 000,000,000 | ---D | C] -- C:\Program Files\GPU-Z
[2013/12/17 21:16:32 | 000,359,016 | ---- | C] (Realtek Semiconductor Crop.) -- C:\WINDOWS\vncutil.exe
[2013/12/17 21:16:32 | 000,129,640 | ---- | C] (Realtek Semiconductor) -- C:\WINDOWS\RtkAudioService.exe
[2013/12/17 21:16:25 | 001,691,480 | ---- | C] (Creative) -- C:\WINDOWS\System32\drivers\Ambfilt.sys
[2013/12/17 21:00:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\eSupport.com
[2013/12/17 21:00:34 | 000,000,000 | ---D | C] -- C:\Program Files\eSupport.com
[2013/12/17 20:04:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/12/17 20:04:45 | 000,018,968 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe
[2013/12/17 20:04:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2013/12/17 20:04:36 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013/12/17 20:00:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/12/17 20:00:42 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/12/17 20:00:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/12/17 18:13:17 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2013/12/17 18:11:52 | 000,057,344 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2013/12/17 18:01:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\João\Local Settings\Application Data\NVIDIA
[2013/12/17 17:31:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NVIDIA Corporation
[2013/12/14 06:21:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2013/12/14 02:50:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2013/12/14 02:49:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2013/12/14 02:39:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2013/12/14 02:20:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\João\Desktop\Catalog
[2013/12/10 12:34:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2013/12/09 07:44:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\João\Recent
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/12/19 17:40:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-412668190-725345543-1003UA.job
[2013/12/19 17:32:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/19 17:17:30 | 000,003,334 | ---- | M] () -- C:\WINDOWS\System32\nvAppTimestamps
[2013/12/19 17:16:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/12/19 16:03:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\João\Desktop\OTL.exe
[2013/12/19 13:42:10 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2013/12/19 12:10:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\SlimCleaner Plus (Scheduled Scan - João).job
[2013/12/19 07:00:50 | 000,444,794 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/12/19 07:00:50 | 000,072,544 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/12/19 06:56:48 | 000,000,644 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/12/19 06:56:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/12/19 06:56:17 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/19 06:56:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/12/19 04:35:02 | 000,688,992 | ---- | M] (Swearware) -- C:\Documents and Settings\João\Desktop\dds.scr
[2013/12/19 04:18:40 | 000,051,416 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/12/19 04:13:34 | 000,139,048 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2013/12/19 04:13:29 | 000,282,296 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2013/12/19 04:12:53 | 000,001,021 | ---- | M] () -- C:\Documents and Settings\João\Start Menu\Programs\Startup\Dropbox.lnk
[2013/12/19 04:12:27 | 000,001,003 | ---- | M] () -- C:\Documents and Settings\João\Desktop\Dropbox.lnk
[2013/12/19 03:59:48 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{9BEF9909-15B3-458A-A529-28AA5EB328C3}.job
[2013/12/19 03:22:06 | 000,000,290 | RHS- | M] () -- C:\boot.ini
[2013/12/19 00:45:23 | 001,129,256 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013/12/19 00:45:23 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013/12/18 23:40:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-412668190-725345543-1003Core.job
[2013/12/18 04:52:39 | 000,002,396 | ---- | M] () -- C:\WINDOWS\System32\ASOROSet.bin
[2013/12/18 04:41:52 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dll-Files Fixer.lnk
[2013/12/18 04:08:43 | 000,000,262 | ---- | M] () -- C:\WINDOWS\tasks\DLL-Files Fixer.job
[2013/12/18 04:04:56 | 000,456,622 | ---- | M] () -- C:\Documents and Settings\João\Desktop\cc_20131218_040450.reg
[2013/12/18 00:32:56 | 000,282,296 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.ex0
[2013/12/18 00:30:10 | 000,000,616 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/12/17 23:29:33 | 002,220,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/12/17 21:00:36 | 000,000,891 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Find Drivers with BIOSAgentPlus.lnk
[2013/12/17 20:05:44 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2013/12/17 20:04:52 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2013/12/17 20:00:45 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/17 19:44:26 | 001,129,256 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013/12/17 18:11:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2013/12/17 18:01:22 | 000,001,000 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GeForce Experience.lnk
[2013/12/17 05:08:25 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/12/16 05:54:46 | 000,197,120 | ---- | M] () -- C:\Documents and Settings\João\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/12/14 23:05:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/12/14 21:45:25 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\DLL-Files.Com Fixer_Updates.job
[2013/12/14 04:46:40 | 000,000,504 | ---- | M] () -- C:\Documents and Settings\João\Desktop\Shortcut to TESE.lnk
[2013/12/10 12:34:48 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2013/12/10 05:07:57 | 000,001,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AutoCAD 2011 - English.lnk
[2013/12/05 22:34:22 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/12/04 23:05:37 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/12/18 04:44:21 | 000,002,396 | ---- | C] () -- C:\WINDOWS\System32\ASOROSet.bin
[2013/12/18 04:08:43 | 000,000,262 | ---- | C] () -- C:\WINDOWS\tasks\DLL-Files Fixer.job
[2013/12/18 04:04:54 | 000,456,622 | ---- | C] () -- C:\Documents and Settings\João\Desktop\cc_20131218_040450.reg
[2013/12/18 00:02:56 | 000,394,166 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1645522239-412668190-725345543-1003-0.dat
[2013/12/17 23:48:30 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\SlimCleaner Plus (Scheduled Scan - João).job
[2013/12/17 21:16:28 | 000,026,084 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2013/12/17 21:00:35 | 000,000,891 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Find Drivers with BIOSAgentPlus.lnk
[2013/12/17 20:05:42 | 000,000,446 | ---- | C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2013/12/17 20:05:40 | 000,000,616 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/12/17 20:05:38 | 000,000,644 | ---- | C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/12/17 20:04:52 | 000,001,842 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/12/17 20:04:51 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2013/12/17 20:00:44 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/17 18:19:44 | 000,003,334 | ---- | C] () -- C:\WINDOWS\System32\nvAppTimestamps
[2013/12/17 18:17:14 | 000,394,166 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/12/17 18:11:47 | 001,129,256 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013/12/17 18:11:47 | 001,129,256 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013/12/17 18:11:47 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013/12/17 18:11:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2013/12/17 18:08:32 | 003,556,824 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2013/12/17 18:08:32 | 000,018,657 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2013/12/17 18:01:21 | 000,001,000 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GeForce Experience.lnk
[2013/12/10 12:34:47 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2013/11/11 05:44:18 | 004,179,960 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/01/21 20:01:48 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2013/01/21 20:01:47 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2013/01/21 19:54:51 | 000,033,019 | ---- | C] () -- C:\WINDOWS\System32\CoreAAC-uninstall.exe
[2012/11/03 17:32:42 | 000,000,193 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2011/01/06 19:20:00 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\João\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/01/06 19:14:57 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/04/16 18:24:51 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\João\Application Data\PnkBstrK.sys
[2010/03/13 18:46:02 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\João\Local Settings\Application Data\fusioncache.dat
[2009/09/13 03:42:41 | 000,000,222 | ---- | C] () -- C:\Documents and Settings\João\default.pls
[2009/03/25 19:51:45 | 000,197,120 | ---- | C] () -- C:\Documents and Settings\João\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/05 18:41:39 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\João\.rnd
 
========== ZeroAccess Check ==========
 
[2009/02/05 17:45:43 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/11/05 19:00:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2011/01/23 01:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2013/03/04 21:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/05/26 16:58:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2009/07/01 17:46:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2013/01/14 19:17:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hi-Rez Studios
[2013/12/18 04:41:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Logs
[2009/11/01 04:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2010/12/12 12:54:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2013/12/17 23:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlimWare Utilities Inc
[2009/06/23 21:52:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Smith Micro
[2013/12/19 02:47:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soluto
[2010/12/20 20:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/11/26 04:36:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinMount
[2010/02/03 19:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009/04/02 18:42:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/11/04 04:01:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/21 00:31:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/22 16:23:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/01/23 01:37:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\Autodesk
[2009/10/26 11:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\com.adobe.ExMan
[2009/04/14 15:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\DAEMON Tools
[2013/03/04 21:37:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\DAEMON Tools Lite
[2009/05/21 19:26:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\DAEMON Tools Pro
[2009/08/19 12:03:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\dBpoweramp
[2013/03/04 21:45:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\dll-files.com
[2009/10/29 02:24:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\João\Application Data\drivers
[2013/12/19 18:02:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\Dropbox
[2013/12/19 18:06:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\eMule
[2009/11/30 15:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\EPSON
[2010/03/30 23:40:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\Leadertech
[2010/05/12 00:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\LolClient
[2009/09/25 14:59:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2010/03/11 00:21:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\MSNInstaller
[2011/04/13 22:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\My Battle for Middle-earth II Files
[2009/09/29 18:05:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\Notepad++
[2010/12/12 12:54:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\PlayFirst
[2011/05/14 19:53:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\Rovio
[2013/11/11 18:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\Soluto
[2011/04/11 00:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\Tific
[2013/12/19 01:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\TS3Client
[2013/12/19 04:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\uTorrent
[2010/06/17 13:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\WinMount
[2010/03/09 21:28:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\YouSendIt
[2010/02/12 18:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\Zylom
[2013/12/18 04:55:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\TightVNC
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\João\Desktop\dds.scr:SummaryInformation
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3790BACD
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A966CC2
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3815BC84
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2EB79F01
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:91486201
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:22741C1F
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
 
< End of report >
Link to post
Share on other sites

No problem.

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please copy/paste the contents or attach that log file to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites

Here is the ComboFix log:

 

ComboFix 13-12-18.01 - João 12/19/2013  18:51:24.1.4 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3327.2188 [GMT 0:00]
Running from: c:\documents and settings\João\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-19 to 2013-12-19  )))))))))))))))))))))))))))))))
.
.
2013-12-19 04:19 . 2013-12-19 04:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-12-19 04:17 . 2013-12-19 04:18 51416 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-12-18 04:44 . 2013-12-18 04:52 2396 ----a-w- c:\windows\system32\ASOROSet.bin
2013-12-18 04:41 . 2013-12-18 04:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Logs
2013-12-17 23:48 . 2013-12-17 23:51 -------- d-----w- c:\documents and settings\João\Local Settings\Application Data\SlimWare Utilities Inc
2013-12-17 23:44 . 2013-12-17 23:44 -------- d-----w- c:\documents and settings\All Users\Application Data\SlimWare Utilities Inc
2013-12-17 22:55 . 2013-12-17 22:55 -------- d-----w- C:\N360_BACKUP
2013-12-17 22:15 . 2013-12-17 22:15 -------- d-----w- c:\program files\GPU-Z
2013-12-17 21:16 . 2013-09-24 18:59 86232 ----a-w- c:\windows\system32\RtkCoInstIIXP.dll
2013-12-17 21:16 . 2011-11-22 16:28 11368 ----a-w- c:\windows\system32\RtkCoLDRXP.dll
2013-12-17 21:16 . 2010-11-03 18:15 359016 ----a-w- c:\windows\vncutil.exe
2013-12-17 21:16 . 2010-11-03 18:14 129640 ----a-w- c:\windows\RtkAudioService.exe
2013-12-17 21:16 . 2013-10-25 11:38 26084 ----a-w- c:\windows\system32\drivers\RTAIODAT.DAT
2013-12-17 21:16 . 2009-11-18 07:17 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2013-12-17 21:16 . 2009-11-18 07:16 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2013-12-17 21:00 . 2013-12-17 21:00 -------- d-----w- c:\program files\eSupport.com
2013-12-17 20:04 . 2013-09-20 10:49 18968 ----a-w- c:\windows\system32\sdnclean.exe
2013-12-17 20:04 . 2013-12-18 00:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2013-12-17 20:04 . 2013-12-17 20:05 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-12-17 20:00 . 2013-12-17 20:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-12-17 20:00 . 2013-04-04 14:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-17 18:13 . 2013-12-17 18:13 -------- d-----w- c:\program files\AGEIA Technologies
2013-12-17 18:12 . 2013-11-11 14:31 156960 ----a-w- c:\windows\system32\nvsvc32.exe
2013-12-17 18:12 . 2013-11-11 14:31 144160 ----a-w- c:\windows\system32\nvcolor.exe
2013-12-17 18:12 . 2013-11-11 14:31 54272 ----a-w- c:\windows\system32\nvwddi.dll
2013-12-17 18:12 . 2013-11-11 14:31 209184 ----a-w- c:\windows\system32\nvmctray.dll
2013-12-17 18:12 . 2013-11-11 14:31 15711008 ----a-w- c:\windows\system32\nvcpl.dll
2013-12-17 18:11 . 2013-11-11 16:38 57344 ----a-w- c:\windows\system32\OpenCL.dll
2013-12-17 18:11 . 2013-12-19 00:45 1129256 ----a-w- c:\windows\system32\nvdrsdb1.bin
2013-12-17 18:11 . 2013-12-19 00:45 1 ----a-w- c:\windows\system32\nvdrssel.bin
2013-12-17 18:11 . 2013-12-17 19:44 1129256 ----a-w- c:\windows\system32\nvdrsdb0.bin
2013-12-17 18:08 . 2013-11-11 16:38 893728 ----a-w- c:\windows\system32\nvdispgenco3233182.dll
2013-12-17 18:08 . 2013-11-11 16:38 2633728 ----a-w- c:\windows\system32\nvapi.dll
2013-12-17 18:08 . 2013-11-11 16:38 22183936 ----a-w- c:\windows\system32\nvoglnt.dll
2013-12-17 18:08 . 2013-11-11 16:38 1049888 ----a-w- c:\windows\system32\nvdispco3233182.dll
2013-12-17 18:08 . 2013-11-11 16:38 9646080 ----a-w- c:\windows\system32\nvcuda.dll
2013-12-17 18:08 . 2013-11-11 16:38 9605120 ----a-w- c:\windows\system32\nvopencl.dll
2013-12-17 18:08 . 2013-11-11 16:38 2952992 ----a-w- c:\windows\system32\nvcuvid.dll
2013-12-17 18:08 . 2013-11-11 16:38 2747680 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-12-17 18:08 . 2013-11-11 16:38 17551360 ----a-w- c:\windows\system32\nvcompiler.dll
2013-12-17 18:01 . 2013-12-17 18:02 -------- d-----w- c:\documents and settings\João\Local Settings\Application Data\NVIDIA
2013-12-14 06:21 . 2013-12-14 06:21 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2013-12-14 02:39 . 2013-12-17 17:24 -------- d-----w- c:\program files\Microsoft.NET
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-19 04:13 . 2009-02-07 18:28 139048 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-12-19 04:13 . 2009-07-08 17:12 282296 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-12-19 04:13 . 2009-02-07 18:28 282296 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-12-18 09:16 . 2012-09-10 01:38 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-18 09:16 . 2011-07-04 13:10 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-18 00:32 . 2009-02-07 18:28 282296 ----a-w- c:\windows\system32\PnkBstrB.ex0
2013-11-16 23:20 . 2013-02-08 00:10 142936 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2013-11-11 16:38 . 2009-02-05 17:37 4083584 ----a-w- c:\windows\system32\nv4_disp.dll
2013-11-11 16:38 . 2009-02-05 17:35 12684992 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2013-11-05 19:47 . 2009-02-05 17:56 5589720 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2013-11-05 03:30 . 2013-11-05 03:30 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-11-05 03:30 . 2009-10-26 10:10 145408 ----a-w- c:\windows\system32\javacpl.cpl
2013-10-04 12:29 . 2009-02-05 17:56 20145368 ----a-w- c:\windows\RTHDCPL.EXE
2013-09-27 03:18 . 2013-11-16 23:19 935512 ----a-r- c:\windows\system32\drivers\N360\1501000.012\SymEFA.sys
2013-09-27 02:45 . 2013-11-16 23:19 206936 ----a-r- c:\windows\system32\drivers\N360\1501000.012\Ironx86.sys
2013-09-27 02:26 . 2013-11-16 23:19 651352 ----a-r- c:\windows\system32\drivers\N360\1501000.012\srtsp.sys
2013-09-26 03:28 . 2013-11-16 23:19 446552 ----a-r- c:\windows\system32\drivers\N360\1501000.012\symnets.sys
2013-09-26 03:28 . 2013-11-16 23:19 421592 ----a-r- c:\windows\system32\drivers\N360\1501000.012\symtdi.sys
2013-09-26 03:27 . 2013-11-16 23:19 383576 ----a-r- c:\windows\system32\drivers\N360\1501000.012\symtdiv.sys
2013-09-26 02:50 . 2013-11-16 23:19 127064 ----a-r- c:\windows\system32\drivers\N360\1501000.012\ccSetx86.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\documents and settings\João\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\documents and settings\João\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\documents and settings\João\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\documents and settings\João\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-14 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"RTHDCPL"="RTHDCPL.EXE" [2013-10-04 20145368]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2013-11-11 2602784]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
"NvMediaCenter"="NvMCTray.dll" [2013-11-11 209184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-11-11 15711008]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-05 1468256]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"IE7-11"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\João\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\João\Application Data\Dropbox\bin\Dropbox.exe /systemstartup [2013-12-18 30714312]
.
[HKLM\~\startupfolder\C:^Documents and Settings^João^Start Menu^Programs^Startup^PMB Media Check Tool.lnk]
path=c:\documents and settings\João\Start Menu\Programs\Startup\PMB Media Check Tool.lnk
backup=c:\windows\pss\PMB Media Check Tool.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-05-11 10:37 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-04-24 03:16 203928 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-09-13 19:51 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 05:42 15360 ------w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2013-02-13 02:37 1263952 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4400 Series]
2007-03-01 06:01 180736 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATICAE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-03-19 12:39 136176 ----atw- c:\documents and settings\João\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 11:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-02-28 17:07 1828136 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-10-23 17:31 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2013-04-04 14:50 887432 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 16:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-02-18 16:29 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-02-28 09:59 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 11:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RDReminder]
2013-11-25 14:44 10272704 ----a-w- c:\program files\Dll-Files.com Fixer\DLLFixer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2013-10-04 12:29 20145368 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2013-12-11 19:40 1823656 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"Steam Client Service"=3 (0x3)
"SolutoService"=2 (0x2)
"SolutoRemoteService"=3 (0x3)
"SolutoLauncherService"=2 (0x2)
"SkypeUpdate"=2 (0x2)
"EPSON_PM_RPCV4_01"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"NMIndexingService"=3 (0x3)
"Nero BackItUp Scheduler 3"=2 (0x2)
"iPod Service"=3 (0x3)
"gusvc"=2 (0x2)
"gupdatem"=3 (0x3)
"gupdate1c9bd5ae33f73a4"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Battle For Middle Earth\\game.dat"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"d:\\Games\\BF2142.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\João\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Riot Games\\League of Legends\\lol.launcher.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold_Crusader_Extreme.exe"=
"c:\\Documents and Settings\\All Users\\Documents\\Meus Documentos\\Downloads\\solutoinstaller-w74gy98ao26d.exe"=
"c:\\Documents and Settings\\João\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\Tower Wars\\TW.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Game.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetService\\NvNetworkService.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"8370:TCP"= 8370:TCP:League of Legends Launcher
"8370:UDP"= 8370:UDP:League of Legends Launcher
"8371:TCP"= 8371:TCP:League of Legends Launcher
"8371:UDP"= 8371:UDP:League of Legends Launcher
"8372:TCP"= 8372:TCP:League of Legends Launcher
"8372:UDP"= 8372:UDP:League of Legends Launcher
"8373:TCP"= 8373:TCP:League of Legends Launcher
"8373:UDP"= 8373:UDP:League of Legends Launcher
"8374:TCP"= 8374:TCP:League of Legends Launcher
"8374:UDP"= 8374:UDP:League of Legends Launcher
"8375:TCP"= 8375:TCP:League of Legends Launcher
"8375:UDP"= 8375:UDP:League of Legends Launcher
"8376:TCP"= 8376:TCP:League of Legends Launcher
"8376:UDP"= 8376:UDP:League of Legends Launcher
"8377:TCP"= 8377:TCP:League of Legends Launcher
"8377:UDP"= 8377:UDP:League of Legends Launcher
"8378:TCP"= 8378:TCP:League of Legends Launcher
"8378:UDP"= 8378:UDP:League of Legends Launcher
"6989:TCP"= 6989:TCP:League of Legends Launcher
"6989:UDP"= 6989:UDP:League of Legends Launcher
"6922:TCP"= 6922:TCP:League of Legends Launcher
"6922:UDP"= 6922:UDP:League of Legends Launcher
"8379:TCP"= 8379:TCP:League of Legends Launcher
"8379:UDP"= 8379:UDP:League of Legends Launcher
"8380:TCP"= 8380:TCP:League of Legends Launcher
"8380:UDP"= 8380:UDP:League of Legends Launcher
"8381:TCP"= 8381:TCP:League of Legends Launcher
"8381:UDP"= 8381:UDP:League of Legends Launcher
"6931:TCP"= 6931:TCP:League of Legends Launcher
"6931:UDP"= 6931:UDP:League of Legends Launcher
"6976:TCP"= 6976:TCP:League of Legends Launcher
"6976:UDP"= 6976:UDP:League of Legends Launcher
"6920:TCP"= 6920:TCP:League of Legends Launcher
"6920:UDP"= 6920:UDP:League of Legends Launcher
"6923:TCP"= 6923:TCP:League of Legends Launcher
"6923:UDP"= 6923:UDP:League of Legends Launcher
"8382:TCP"= 8382:TCP:League of Legends Launcher
"8382:UDP"= 8382:UDP:League of Legends Launcher
"6930:TCP"= 6930:TCP:League of Legends Launcher
"6930:UDP"= 6930:UDP:League of Legends Launcher
"6907:TCP"= 6907:TCP:League of Legends Launcher
"6907:UDP"= 6907:UDP:League of Legends Launcher
"6996:TCP"= 6996:TCP:League of Legends Launcher
"6996:UDP"= 6996:UDP:League of Legends Launcher
"6913:TCP"= 6913:TCP:League of Legends Launcher
"6913:UDP"= 6913:UDP:League of Legends Launcher
"8383:TCP"= 8383:TCP:League of Legends Launcher
"8383:UDP"= 8383:UDP:League of Legends Launcher
"8393:TCP"= 8393:TCP:League of Legends Lobby
"8393:UDP"= 8393:UDP:League of Legends Lobby
"8390:TCP"= 8390:TCP:League of Legends Game Client
"8390:UDP"= 8390:UDP:League of Legends Game Client
"6916:TCP"= 6916:TCP:League of Legends Launcher
"6916:UDP"= 6916:UDP:League of Legends Launcher
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/14/2009 3:17 PM 691696]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\1501000.012\SymDS.sys [11/16/2013 11:19 PM 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\1501000.012\SymEFA.sys [11/16/2013 11:19 PM 935512]
R1 BHDrvx86;BHDrvx86;c:\program files\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20131203.001\BHDrvx86.sys [12/3/2013 6:27 PM 1098968]
R1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360\1501000.012\ccSetx86.sys [11/16/2013 11:19 PM 127064]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\1501000.012\Ironx86.sys [11/16/2013 11:19 PM 206936]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [12/17/2013 8:00 PM 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/17/2013 8:00 PM 701512]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\21.1.0.18\N360.exe [11/16/2013 11:19 PM 264360]
R2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [12/17/2013 5:22 PM 1494304]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [12/17/2013 8:04 PM 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [12/17/2013 8:04 PM 1042272]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/21/2013 4:44 PM 108120]
R3 IDSxpx86;IDSxpx86;c:\program files\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20131218.001\IDSXpx86.sys [12/18/2013 11:04 PM 382608]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/17/2013 8:00 PM 22856]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [12/17/2013 8:04 PM 171416]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12/17/2013 9:16 PM 1691480]
S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]
S3 cpuz136;cpuz136;\??\c:\windows\TEMP\cpuz136\cpuz136_x32.sys --> c:\windows\TEMP\cpuz136\cpuz136_x32.sys [?]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [1/20/2013 5:02 AM 23456]
S3 GPU-Z;GPU-Z;\??\c:\docume~1\JOO~1\LOCALS~1\Temp\GPU-Z.sys --> c:\docume~1\JOO~1\LOCALS~1\Temp\GPU-Z.sys [?]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [1/20/2013 3:33 AM 30576]
S4 gupdate1c9bd5ae33f73a4;Google Update Service (gupdate1c9bd5ae33f73a4);c:\program files\Google\Update\GoogleUpdate.exe [4/14/2009 11:43 PM 133104]
S4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 12:28 PM 160944]
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-10 09:16]
.
2013-12-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 12:34]
.
2013-12-19 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2013-12-17 10:57]
.
2013-12-18 c:\windows\Tasks\DLL-Files Fixer.job
- c:\program files\Dll-Files.com Fixer\DLLFixer.exe [2013-03-04 14:44]
.
2013-11-13 c:\windows\Tasks\DLL-Files.Com Fixer_MONTHLY.job
- c:\program files\Dll-Files.com Fixer\DLLFixer.exe [2013-03-04 14:44]
.
2013-12-14 c:\windows\Tasks\DLL-Files.Com Fixer_Updates.job
- c:\program files\Dll-Files.com Fixer\DLLFixer.exe [2013-03-04 14:44]
.
2013-12-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-14 13:11]
.
2013-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-14 23:43]
.
2013-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-14 23:43]
.
2011-04-09 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-11-05 20:35]
.
2013-12-18 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-12-17 10:49]
.
2013-12-17 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2013-12-17 10:51]
.
2013-12-19 c:\windows\Tasks\User_Feed_Synchronization-{9BEF9909-15B3-458A-A529-28AA5EB328C3}.job
- c:\windows\system32\msfeedssync.exe [2009-02-05 03:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>;*.local
TCP: DhcpNameServer = 192.168.1.1
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Notify-SDWinLogon - SDWinLogon.dll
MSConfigStartUp-LanguageShortcut - c:\program files\CyberLink\PowerDVD\Language\Language.exe
MSConfigStartUp-RemoteControl - c:\program files\CyberLink\PowerDVD\PDVDServ.exe
HKLM_ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - c:\program files\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe
AddRemove-N360 - c:\program files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\562C4DD5\20.2.1.22\InstStub.exe
AddRemove-Pharaoh - c:\sierra\Pharaoh\Uninst.isu
AddRemove-{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver - c:\program files\NVIDIA Corporation\Installer2\installer.{57A7AB9E-BA5F-45B5-8015-C1821FE3B25C}\NVI2.DLL
AddRemove-{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView - c:\program files\NVIDIA Corporation\Installer2\installer.{57A7AB9E-BA5F-45B5-8015-C1821FE3B25C}\NVI2.DLL
AddRemove-{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX - c:\program files\NVIDIA Corporation\Installer2\installer.{57A7AB9E-BA5F-45B5-8015-C1821FE3B25C}\NVI2.DLL
AddRemove-{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update - c:\program files\NVIDIA Corporation\Installer2\installer.{57A7AB9E-BA5F-45B5-8015-C1821FE3B25C}\NVI2.DLL
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-19 18:57
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\21.1.0.18\N360.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\21.1.0.18\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\N360\1501000.012\SYMTDI.SYS"
"TrustedImagePaths"="c:\program files\Norton 360\Engine\21.1.0.18"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1645522239-412668190-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1645522239-412668190-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:75,04,5d,72,02,f0,14,86,18,81,79,79,02,d3,68,85,02,41,97,2b,cf,
   37,9d,17,b0,6c,85,8e,97,38,a7,0a,56,31,e3,b4,74,ee,4a,7f,8c,21,e7,a2,57,1c,\
"rkeysecu"=hex:6d,f1,7c,05,99,44,3f,cc,5d,ee,98,f5,7d,f9,7e,74
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(812)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'explorer.exe'(4968)
c:\windows\system32\WININET.dll
c:\windows\system32\AcSignIcon.dll
c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll
c:\documents and settings\João\Application Data\Dropbox\bin\DropboxExt.22.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\Common Files\Autodesk Shared\AcSignCore16.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\hnetcfg.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2013-12-19  18:59:56
ComboFix-quarantined-files.txt  2013-12-19 18:59
.
Pre-Run: 221,761,290,240 bytes free
Post-Run: 221,888,446,464 bytes free
.
- - End Of File - - 0C3A9C696E511559AB09E726889C1A9B
8F558EB6672622401DA993E1E865C861
Link to post
Share on other sites

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites

Please download the Kaspersky Virus Removal Tool from here to your Desktop.

Double-click the Removal Tool.

Click the cog in the upper right corner:

AVPfront.gif

Select down to and including your main drive.

Once done please select the Automatic Scan tab and press Start Scan.

avpsettings.gif

Allow AVP to delete all infections found.

Once it has finished select the Report tab.

Select the Detected threats report from the left and press the Save button.

Save it to your Desktop and post the contents in your next reply.

Link to post
Share on other sites

hey, the scan just finished.

Here is the log:

 

Status: Deleted   (events: 1)
12/21/2013 9:51:09 PM Deleted Trojan program Trojan.Win32.Autoit.bhx C:\Documents and Settings\João\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-10-29 (02-24-55).txt High
Link to post
Share on other sites

Hey! I just rebooted and tested Battlefield Bad Company 2, which ran perfectly fine before this all started, and it still has a major fps drop.

By the way, I got a pop up from MBAM, here is the log, don't know if it has anything to do with my problem.

 

2013/12/22 04:35:48 GMT SOPRANO MESSAGE Starting protection

2013/12/22 04:35:48 GMT SOPRANO MESSAGE Protection started successfully
2013/12/22 04:35:48 GMT SOPRANO MESSAGE Starting IP protection
2013/12/22 04:36:05 GMT SOPRANO João MESSAGE IP Protection started successfully
2013/12/22 06:00:09 GMT SOPRANO João MESSAGE Executing scheduled update:  Daily
2013/12/22 06:00:23 GMT SOPRANO João MESSAGE Scheduled update executed successfully:  database updated from version v2013.12.21.01 to version v2013.12.22.01
2013/12/22 06:00:23 GMT SOPRANO João MESSAGE Starting database refresh
2013/12/22 06:00:23 GMT SOPRANO João MESSAGE Stopping IP protection
2013/12/22 06:00:23 GMT SOPRANO João MESSAGE IP Protection stopped successfully
2013/12/22 06:00:27 GMT SOPRANO João MESSAGE Database refreshed successfully
2013/12/22 06:00:27 GMT SOPRANO João MESSAGE Starting IP protection
2013/12/22 06:00:30 GMT SOPRANO João MESSAGE IP Protection started successfully
2013/12/22 12:40:07 GMT SOPRANO João IP-BLOCK 83.222.109.53 (Type: outgoing)
Link to post
Share on other sites

here it is:

 

OTL logfile created on: 12/22/2013 4:28:09 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\João\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.25 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 61.84% Memory free
7.97 Gb Paging File | 6.83 Gb Available in Paging File | 85.78% Paging File free
Paging file location(s): D:\pagefile.sys 5000 10000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 206.15 Gb Free Space | 44.26% Space Free | Partition Type: NTFS
Drive D: | 465.75 Gb Total Space | 247.03 Gb Free Space | 53.04% Space Free | Partition Type: NTFS
Drive E: | 5.72 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 654.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: SOPRANO | User Name: João | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/12/19 16:03:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\João\Desktop\OTL.exe
PRC - [2013/12/18 01:02:36 | 030,714,312 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\João\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2013/12/10 02:22:32 | 002,279,712 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2013/12/10 02:21:14 | 001,494,304 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2013/12/04 02:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/11/05 03:30:13 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/10/15 12:27:38 | 003,921,880 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/10/08 12:05:13 | 000,264,360 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\21.1.0.18\N360.exe
PRC - [2013/09/20 10:57:26 | 001,042,272 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/07/25 11:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/28 16:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/12/18 01:01:12 | 003,558,400 | ---- | M] () -- C:\Documents and Settings\João\Application Data\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/12/04 02:48:04 | 000,399,312 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll
MOD - [2013/12/04 02:48:03 | 013,586,896 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
MOD - [2013/12/04 02:48:02 | 004,055,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013/12/04 02:47:08 | 001,619,408 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
MOD - [2013/11/13 20:41:56 | 004,591,616 | ---- | M] () -- C:\Documents and Settings\João\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.5.0\libGLESv2.dll
MOD - [2013/11/13 20:41:56 | 000,112,128 | ---- | M] () -- C:\Documents and Settings\João\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.5.0\libEGL.dll
MOD - [2013/08/23 19:01:44 | 025,100,288 | ---- | M] () -- C:\Documents and Settings\João\Application Data\Dropbox\bin\libcef.dll
MOD - [2013/05/16 10:55:28 | 000,161,112 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2012/08/23 10:38:24 | 000,574,840 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
MOD - [2012/04/03 17:06:14 | 000,565,640 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
MOD - [2011/05/19 20:34:22 | 000,056,224 | ---- | M] () -- \\?\C:\Program Files\Spybot - Search & Destroy 2\av\avxdisk.dll
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - [2013/12/18 09:16:12 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/11 19:40:36 | 000,569,768 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/12/10 02:21:14 | 001,494,304 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2013/11/05 03:30:13 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/10/08 12:05:13 | 000,264,360 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\21.1.0.18\N360.exe -- (N360)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/01/23 01:39:01 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/05/28 16:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007/01/11 04:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\JOO~1\LOCALS~1\Temp\GPU-Z.sys -- (GPU-Z)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\TEMP\cpuz136\cpuz136_x32.sys -- (cpuz136)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\TEMP\cpuz135\cpuz135_x32.sys -- (cpuz135)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\JOO~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (auaut1un)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (ahllcgt3)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (a6535707)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (a2dgnnsf)
DRV - [2013/12/22 12:39:35 | 000,139,048 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2013/12/19 12:05:32 | 001,612,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20131221.006\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/12/19 12:05:32 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20131221.006\NAVENG.SYS -- (NAVENG)
DRV - [2013/12/13 06:57:23 | 000,382,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20131220.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2013/12/03 18:27:33 | 001,098,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20131203.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/11/21 16:44:27 | 000,376,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/11/21 16:44:27 | 000,108,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/11/16 23:20:11 | 000,142,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/11/05 19:47:54 | 005,589,720 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2013/09/27 03:18:30 | 000,935,512 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\1501000.012\SymEFA.sys -- (SymEFA)
DRV - [2013/09/27 02:45:56 | 000,206,936 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1501000.012\Ironx86.sys -- (SymIRON)
DRV - [2013/09/27 02:26:03 | 000,651,352 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\N360\1501000.012\srtsp.sys -- (SRTSP)
DRV - [2013/09/26 03:28:00 | 000,421,592 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1501000.012\symtdi.sys -- (SYMTDI)
DRV - [2013/09/26 02:50:25 | 000,127,064 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1501000.012\ccSetx86.sys -- (ccSet_N360)
DRV - [2013/09/10 02:47:26 | 000,367,704 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\1501000.012\SymDS.sys -- (SymDS)
DRV - [2013/09/10 01:49:48 | 000,032,344 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1501000.012\srtspx.sys -- (SRTSPX)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/03/04 21:35:15 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2013/01/20 05:02:07 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2010/12/13 14:37:46 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2010/03/19 09:15:50 | 000,046,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2004/08/13 02:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/08/09 11:33:26 | 000,114,016 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004/08/09 11:29:28 | 000,053,920 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2004/07/19 14:49:54 | 000,007,040 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\prosync1.sys -- (prosync1)
DRV - [2003/12/01 15:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2002/02/11 12:13:36 | 000,119,536 | ---- | M] (STMicroelectronics                                          ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\stv680.sys -- (STV680)
DRV - [2002/02/11 12:13:36 | 000,009,024 | ---- | M] (STMicroelectronics                                          ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\stv680m.sys -- (STV680m)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {D784524B-429F-49EC-BBF0-D63E7FC02D95}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{D784524B-429F-49EC-BBF0-D63E7FC02D95}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
 
IE - HKU\S-1-5-21-1645522239-412668190-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
IE - HKU\S-1-5-21-1645522239-412668190-725345543-1003\..\SearchScopes,DefaultScope = {D784524B-429F-49EC-BBF0-D63E7FC02D95}
IE - HKU\S-1-5-21-1645522239-412668190-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1645522239-412668190-725345543-1003\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms}
IE - HKU\S-1-5-21-1645522239-412668190-725345543-1003\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=20&locale=en_US&gct=sb&qsrc=2869
IE - HKU\S-1-5-21-1645522239-412668190-725345543-1003\..\SearchScopes\{D784524B-429F-49EC-BBF0-D63E7FC02D95}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_pt-BR
IE - HKU\S-1-5-21-1645522239-412668190-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1645522239-412668190-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader:  File not found
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\João\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Documents and Settings\João\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\João\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\João\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\João\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [2013/12/22 04:38:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013/11/18 21:11:27 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\gcswf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Jo\u00E3o\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Jo\u00E3o\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Disabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Disabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Zylom Plugin (Disabled) = C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Jo\u00E3o\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Disabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Disabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Documents and Settings\Jo\u00E3o\Application Data\Mozilla\plugins\npo1d.dll
CHR - plugin: DivX VOD Helper Plug-in (Disabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - Extension: wareztuga.tv streamer = C:\Documents and Settings\João\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ajnommifabkikkfaponcacapkfaghkcj\4.1_0\
CHR - Extension: AdBlock = C:\Documents and Settings\João\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\João\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
 
O1 HOSTS File: ([2011/04/11 00:54:14 | 000,000,770 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {326E768D-4182-46FD-9C16-1449A49795F4} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\21.1.0.18\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1645522239-412668190-725345543-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1645522239-412668190-725345543-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [NvBackend] C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [sDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKU\.DEFAULT..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 File not found
O4 - HKU\S-1-5-18..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 File not found
O4 - Startup: C:\Documents and Settings\João\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\João\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-1645522239-412668190-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1645522239-412668190-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1645522239-412668190-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1645522239-412668190-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab (DLM Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab (Java Plug-in 1.7.0_45)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab (Java Plug-in 1.7.0_45)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76E5232D-78DA-4303-B7C5-44ECAF0EDAD1}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/23 01:05:11 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009/02/05 17:17:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/10/29 02:17:12 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/10/29 02:17:12 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2001/06/19 16:39:08 | 000,000,047 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2002/08/25 14:15:08 | 000,098,304 | R--- | M] () - F:\autoplay.exe -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/12/20 00:14:25 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/12/20 00:13:11 | 002,347,384 | ---- | C] (ESET) -- C:\Documents and Settings\João\Desktop\esetsmartinstaller_enu.exe
[2013/12/19 18:49:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/12/19 18:49:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/12/19 18:49:41 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/12/19 18:49:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/12/19 18:49:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/12/19 18:49:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2013/12/19 18:49:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2013/12/19 18:47:51 | 005,154,906 | R--- | C] (Swearware) -- C:\Documents and Settings\João\Desktop\ComboFix.exe
[2013/12/19 16:03:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\João\Desktop\OTL.exe
[2013/12/19 04:22:50 | 000,688,992 | ---- | C] (Swearware) -- C:\Documents and Settings\João\Desktop\dds.scr
[2013/12/19 04:19:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
[2013/12/19 04:17:35 | 000,051,416 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/12/19 04:17:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\João\Desktop\mbar
[2013/12/18 04:41:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logs
[2013/12/18 01:33:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2013/12/17 23:48:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\João\Local Settings\Application Data\SlimWare Utilities Inc
[2013/12/17 23:44:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SlimWare Utilities Inc
[2013/12/17 23:44:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Downloaded Installers
[2013/12/17 22:55:29 | 000,000,000 | ---D | C] -- C:\N360_BACKUP
[2013/12/17 22:15:55 | 000,000,000 | ---D | C] -- C:\Program Files\GPU-Z
[2013/12/17 21:16:32 | 000,359,016 | ---- | C] (Realtek Semiconductor Crop.) -- C:\WINDOWS\vncutil.exe
[2013/12/17 21:16:32 | 000,129,640 | ---- | C] (Realtek Semiconductor) -- C:\WINDOWS\RtkAudioService.exe
[2013/12/17 21:16:25 | 001,691,480 | ---- | C] (Creative) -- C:\WINDOWS\System32\drivers\Ambfilt.sys
[2013/12/17 21:00:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\eSupport.com
[2013/12/17 21:00:34 | 000,000,000 | ---D | C] -- C:\Program Files\eSupport.com
[2013/12/17 20:04:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/12/17 20:04:45 | 000,018,968 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe
[2013/12/17 20:04:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2013/12/17 20:04:36 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013/12/17 20:00:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/12/17 20:00:42 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/12/17 20:00:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/12/17 18:13:17 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2013/12/17 18:11:52 | 000,057,344 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2013/12/17 18:01:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\João\Local Settings\Application Data\NVIDIA
[2013/12/17 17:31:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NVIDIA Corporation
[2013/12/14 06:21:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2013/12/14 02:50:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2013/12/14 02:49:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2013/12/14 02:39:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2013/12/14 02:20:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\João\Desktop\Catalog
[2013/12/10 12:34:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2013/12/09 07:44:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\João\Recent
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/12/22 16:32:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/22 16:16:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/12/22 14:41:10 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2013/12/22 13:16:28 | 000,004,264 | ---- | M] () -- C:\WINDOWS\System32\nvAppTimestamps
[2013/12/22 12:39:35 | 000,139,048 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2013/12/22 12:39:28 | 000,282,296 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2013/12/22 06:11:45 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{9BEF9909-15B3-458A-A529-28AA5EB328C3}.job
[2013/12/22 04:40:17 | 000,444,794 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/12/22 04:40:16 | 000,072,544 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/12/22 04:36:08 | 000,000,644 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/12/22 04:36:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/12/22 04:35:38 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/22 04:35:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/12/22 00:21:08 | 000,000,262 | ---- | M] () -- C:\WINDOWS\tasks\DLL-Files Fixer.job
[2013/12/21 23:05:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/12/21 21:45:29 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\DLL-Files.Com Fixer_Updates.job
[2013/12/20 12:41:42 | 000,282,296 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.ex0
[2013/12/20 00:25:27 | 000,174,634 | ---- | M] () -- C:\Documents and Settings\João\Desktop\cpu_usage2.JPG
[2013/12/20 00:13:16 | 002,347,384 | ---- | M] (ESET) -- C:\Documents and Settings\João\Desktop\esetsmartinstaller_enu.exe
[2013/12/19 19:56:38 | 000,236,289 | ---- | M] () -- C:\Documents and Settings\João\Desktop\cpu_usage.JPG
[2013/12/19 18:48:08 | 005,154,906 | R--- | M] (Swearware) -- C:\Documents and Settings\João\Desktop\ComboFix.exe
[2013/12/19 16:03:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\João\Desktop\OTL.exe
[2013/12/19 04:35:02 | 000,688,992 | ---- | M] (Swearware) -- C:\Documents and Settings\João\Desktop\dds.scr
[2013/12/19 04:18:40 | 000,051,416 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/12/19 04:12:53 | 000,001,021 | ---- | M] () -- C:\Documents and Settings\João\Start Menu\Programs\Startup\Dropbox.lnk
[2013/12/19 04:12:27 | 000,001,003 | ---- | M] () -- C:\Documents and Settings\João\Desktop\Dropbox.lnk
[2013/12/19 03:22:06 | 000,000,290 | RHS- | M] () -- C:\boot.ini
[2013/12/19 00:45:23 | 001,129,256 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013/12/19 00:45:23 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013/12/18 04:52:39 | 000,002,396 | ---- | M] () -- C:\WINDOWS\System32\ASOROSet.bin
[2013/12/18 04:41:52 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dll-Files Fixer.lnk
[2013/12/18 04:04:56 | 000,456,622 | ---- | M] () -- C:\Documents and Settings\João\Desktop\cc_20131218_040450.reg
[2013/12/18 00:30:10 | 000,000,616 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/12/17 23:29:33 | 002,220,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/12/17 21:00:36 | 000,000,891 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Find Drivers with BIOSAgentPlus.lnk
[2013/12/17 20:05:44 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2013/12/17 20:04:52 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2013/12/17 20:00:45 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/17 19:44:26 | 001,129,256 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013/12/17 18:11:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2013/12/17 18:01:22 | 000,001,000 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GeForce Experience.lnk
[2013/12/17 05:08:25 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/12/16 05:54:46 | 000,197,120 | ---- | M] () -- C:\Documents and Settings\João\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/12/14 04:46:40 | 000,000,504 | ---- | M] () -- C:\Documents and Settings\João\Desktop\Shortcut to TESE.lnk
[2013/12/10 12:34:48 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2013/12/10 05:07:57 | 000,001,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AutoCAD 2011 - English.lnk
[2013/12/05 22:34:22 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/12/04 23:05:37 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/12/20 00:25:27 | 000,174,634 | ---- | C] () -- C:\Documents and Settings\João\Desktop\cpu_usage2.JPG
[2013/12/19 19:56:38 | 000,236,289 | ---- | C] () -- C:\Documents and Settings\João\Desktop\cpu_usage.JPG
[2013/12/19 18:49:41 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/12/19 18:49:41 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/12/19 18:49:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/12/19 18:49:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/12/19 18:49:41 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/12/18 04:44:21 | 000,002,396 | ---- | C] () -- C:\WINDOWS\System32\ASOROSet.bin
[2013/12/18 04:08:43 | 000,000,262 | ---- | C] () -- C:\WINDOWS\tasks\DLL-Files Fixer.job
[2013/12/18 04:04:54 | 000,456,622 | ---- | C] () -- C:\Documents and Settings\João\Desktop\cc_20131218_040450.reg
[2013/12/18 00:02:56 | 000,394,166 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1645522239-412668190-725345543-1003-0.dat
[2013/12/17 21:16:28 | 000,026,084 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2013/12/17 21:00:35 | 000,000,891 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Find Drivers with BIOSAgentPlus.lnk
[2013/12/17 20:05:42 | 000,000,446 | ---- | C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2013/12/17 20:05:40 | 000,000,616 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/12/17 20:05:38 | 000,000,644 | ---- | C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/12/17 20:04:52 | 000,001,842 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/12/17 20:04:51 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2013/12/17 20:00:44 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/17 18:19:44 | 000,004,264 | ---- | C] () -- C:\WINDOWS\System32\nvAppTimestamps
[2013/12/17 18:17:14 | 000,394,166 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/12/17 18:11:47 | 001,129,256 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013/12/17 18:11:47 | 001,129,256 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013/12/17 18:11:47 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013/12/17 18:11:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2013/12/17 18:08:32 | 003,556,824 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2013/12/17 18:08:32 | 000,018,657 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2013/12/17 18:01:21 | 000,001,000 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GeForce Experience.lnk
[2013/12/10 12:34:47 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2013/11/11 05:44:18 | 004,179,960 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/01/21 20:01:48 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2013/01/21 20:01:47 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2013/01/21 19:54:51 | 000,033,019 | ---- | C] () -- C:\WINDOWS\System32\CoreAAC-uninstall.exe
[2012/11/03 17:32:42 | 000,000,193 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2011/01/06 19:20:00 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\João\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/01/06 19:14:57 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/04/16 18:24:51 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\João\Application Data\PnkBstrK.sys
[2010/03/13 18:46:02 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\João\Local Settings\Application Data\fusioncache.dat
[2009/09/13 03:42:41 | 000,000,222 | ---- | C] () -- C:\Documents and Settings\João\default.pls
[2009/03/25 19:51:45 | 000,197,120 | ---- | C] () -- C:\Documents and Settings\João\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/05 18:41:39 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\João\.rnd
 
========== ZeroAccess Check ==========
 
[2009/02/05 17:45:43 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/11/05 19:00:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2011/01/23 01:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2013/03/04 21:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/05/26 16:58:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2009/07/01 17:46:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2013/01/14 19:17:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hi-Rez Studios
[2013/12/18 04:41:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Logs
[2009/11/01 04:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2010/12/12 12:54:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2013/12/17 23:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlimWare Utilities Inc
[2009/06/23 21:52:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Smith Micro
[2013/12/19 02:47:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soluto
[2009/11/26 04:36:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinMount
[2010/02/03 19:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009/04/02 18:42:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/11/04 04:01:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/21 00:31:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/22 16:23:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/01/23 01:37:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\Autodesk
[2009/10/26 11:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\com.adobe.ExMan
[2009/04/14 15:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\DAEMON Tools
[2013/03/04 21:37:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\DAEMON Tools Lite
[2009/05/21 19:26:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\DAEMON Tools Pro
[2009/08/19 12:03:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\dBpoweramp
[2013/03/04 21:45:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\dll-files.com
[2009/10/29 02:24:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\João\Application Data\drivers
[2013/12/22 04:37:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\Dropbox
[2013/12/19 18:06:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\eMule
[2009/11/30 15:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\EPSON
[2010/03/30 23:40:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\Leadertech
[2010/05/12 00:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\LolClient
[2009/09/25 14:59:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2010/03/11 00:21:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\MSNInstaller
[2011/04/13 22:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\My Battle for Middle-earth II Files
[2009/09/29 18:05:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\Notepad++
[2010/12/12 12:54:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\PlayFirst
[2011/05/14 19:53:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\Rovio
[2013/11/11 18:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\Soluto
[2011/04/11 00:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\Tific
[2013/12/19 01:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\TS3Client
[2013/12/19 04:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\uTorrent
[2010/06/17 13:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\WinMount
[2010/03/09 21:28:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\YouSendIt
[2010/02/12 18:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João\Application Data\Zylom
[2013/12/18 04:55:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\TightVNC
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\João\Desktop\dds.scr:SummaryInformation
 
< End of report >
Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    O4 - Startup: C:\Documents and Settings\João\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\João\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

    :files

    ipconfig /flushdns /c

    :Commands

    [emptytemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.
Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles
Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Thanks for reopening this thread, i was away for XMas.

I ran the OTL custom fix before i left though, and left it running, as it froze on the "killing processes...DO NOT INTERRUPT" part. 3 days later when i came back, it was still stuck  on exactly the same thing, so i hit the power button and rebooted the pc.

I figured something had gone wrong cause i had chrome with this window open when i started OTL, so i ran it again with everything closed, but i got the same result. Gave it about 8 hours before i manually reset the pc again. 

Anyway, this is where i'm at now. What can i do next?

Thanks guys!

Link to post
Share on other sites

It worked now, here is the log:

 

All processes killed
========== OTL ==========
File move failed. C:\Documents and Settings\João\Start Menu\Programs\Startup\Dropbox.lnk scheduled to be moved on reboot.
C:\Documents and Settings\João\Application Data\Dropbox\bin\Dropbox.exe moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
No captured output from command...
C:\Documents and Settings\João\Desktop\cmd.bat deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41661 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41661 bytes
 
User: Joao
->Temporary Internet Files folder emptied: 33170 bytes
->Google Chrome cache emptied: 6294512 bytes
 
User: Joo
 
User: João
->Temp folder emptied: 25458271 bytes
->Temporary Internet Files folder emptied: 792900 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 360811292 bytes
->Flash cache emptied: 1933627 bytes
 
User: Joπo
->Temporary Internet Files folder emptied: 33170 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 65670 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49286 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 379.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 12302013_163933
 
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\João\Start Menu\Programs\Startup\Dropbox.lnk not found!
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.