# D3D10Warp.dll is either not designed...



## LukeLennon (Jul 14, 2013)

*Hello.
I'm getting this error:*

"C:\Windows\system32\D3D10Warp.dll is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support."

I usually get this error when trying to update something. I got it, for example, when updating Flash Player and DivX Plus Player.

I'd rather not format the computer, that's why I didn't call a technician.

*Thanks to anyone who tries to help.*

Following the "Everyone MUST read this BEFORE posting for help in this forum" post.

*Here is my hijackthis log:*

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:28:24, on 14/07/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16635)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\ZSSnp211.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Users\Fellipe\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=0422902B3432C30E
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll" (file missing)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Increase performance and video formats for your HTML5 - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Ask Toolbar BHO - {4D594333-0076-A76A-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Passport.dll" (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Auxiliar de Conexão de Conta da Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Ask Toolbar - {4D594333-0076-A76A-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Passport.dll" (file missing)
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\Windows\ZSSnp211.exe
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\lgfw.exe" blrun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Fellipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Serviço de atualização Ask (APNMCP) - APN LLC. - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BitRaider Mini-Support Service (BRSptSvc) - BitRaider, LLC - C:\ProgramData\BitRaider\BRSptSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 16072 bytes

*And my dds.txt:*

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635 BrowserJavaVersion: 10.25.2
Run by Fellipe at 10:37:51 on 2013-07-14
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.16345.11776 [GMT -3:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Windows\SysWOW64\srvany.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\KMService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Windows\system32\viakaraokesrv.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\ZSSnp211.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\Explorer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www2.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=0422902B3432C30E
uURLSearchHooks: SearchHook Class: {D8278076-BC68-4484-9233-6E7F1628B56C} -
dURLSearchHooks: SearchHook Class: {D8278076-BC68-4484-9233-6E7F1628B56C} -
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: DivX Plus Web Player HTML5 : {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Ask Toolbar: {4D594333-0076-A76A-76A7-7A786E7484D7} -
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Auxiliar de Conexão de Conta da Microsoft: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Ask Toolbar: {4D594333-0076-A76A-76A7-7A786E7484D7} -
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Ask Toolbar: {4D594333-0076-A76A-76A7-7A786E7484D7} -
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BigDogPath] C:\Windows\ZSSnp211.exe
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\lgfw.exe" blrun
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
mRun: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
StartupFolder: C:\Users\Fellipe\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: &Enviar para o OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xportar para o Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Fellipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
TCP: NameServer = 187.122.188.53 192.168.0.1
TCP: Interfaces\{F2DCFA76-F61B-4805-9563-CEA5FEF18E39} : DHCPNameServer = 187.122.188.53 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Fellipe\AppData\Roaming\Mozilla\Firefox\Profiles\iyi735zd.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.com.br/
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll
FF - plugin: C:\Users\Fellipe\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll
FF - plugin: C:\Users\Fellipe\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-06-16 18:40; [email protected]; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - ExtSQL: 2013-06-23 01:36; [email protected]; C:\Users\Fellipe\AppData\Roaming\Mozilla\Firefox\Profiles\iyi735zd.default\extensions\[email protected]
FF - ExtSQL: !HIDDEN! 2013-06-16 18:40; [email protected]; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 04226287000000000000902b3432c30e
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15823
FF - user.js: extensions.delta.vrsn - 1.8.16.16
FF - user.js: extensions.delta.vrsni - 1.8.16.16
FF - user.js: extensions.delta.vrsnTs - 1.8.16.161:33:48
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-5 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-5 189936]
R0 iusb3hcs;Driver de comutação do controlador host Intel(R) USB 3.0;C:\Windows\System32\drivers\iusb3hcs.sys [2012-11-17 16152]
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2012-11-17 21616]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-11-17 1030952]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-11-17 378944]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-3-17 283200]
R2 APNMCP;Serviço de atualização Ask;C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [2013-6-17 169632]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-11-17 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-11-17 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-19 46808]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-6-28 2470736]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-11-17 13592]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-8 607456]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-11-17 161560]
R2 KMService;KMService;C:\Windows\System32\srvany.exe --> C:\Windows\System32\srvany.exe [?]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-5-12 413472]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-17 3463080]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-11-17 363800]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2012-11-17 27760]
R3 iusb3hub;Driver para hub Intel(R) USB 3.0;C:\Windows\System32\drivers\iusb3hub.sys [2012-11-17 356120]
R3 iusb3xhc;Driver de controlador host eXtensível Intel(R) USB 3.0;C:\Windows\System32\drivers\iusb3xhc.sys [2012-11-17 787736]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-11-17 104560]
R3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\drivers\mcvidrv_x64.sys [2012-10-11 44928]
R3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\drivers\mcaudrv_x64.sys [2012-10-11 28160]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2012-12-16 202632]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2012-11-17 2184816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 BRSptSvc;BitRaider Mini-Support Service;C:\ProgramData\BitRaider\BRSptSvc.exe [2013-5-10 938776]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2012-11-17 30528]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-11-17 160256]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-6-20 19456]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-6-20 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-17 1255736]
.
=============== Created Last 30 ================
.
2013-07-14 11:51:28 -------- d-sh--w- C:\$RECYCLE.BIN
2013-07-14 05:56:05 -------- d-----w- C:\Windows\System32\MRT
2013-07-14 02:34:45 98816 ----a-w- C:\Windows\sed.exe
2013-07-14 02:34:45 256000 ----a-w- C:\Windows\PEV.exe
2013-07-14 02:34:45 208896 ----a-w- C:\Windows\MBR.exe
2013-07-13 04:51:46 524288 ----a-w- C:\Windows\System32\home box office.scr
2013-07-13 04:51:46 524288 ------w- C:\Windows\SysWow64\home box office.scr
2013-07-13 04:51:46 -------- d-----w- C:\ProgramData\Screentime
2013-07-13 04:51:43 -------- d-----w- C:\Users\Fellipe\AppData\Local\Screentime
2013-07-13 04:32:45 -------- d-----w- C:\BOSS
2013-07-12 20:44:52 -------- d-sh--w- C:\Windows\Installer
2013-07-12 16:20:59 9552976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6476A7EA-3F51-4223-B4EB-125BE5957566}\mpengine.dll
2013-07-12 16:16:49 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2013-07-10 12:23:22 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-07-10 12:22:44 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-07-10 12:22:44 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-07-04 18:58:26 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-07-04 00:24:59 74136 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2013-07-04 00:24:59 19352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll
2013-07-02 15:44:13 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2013-06-29 23:18:35 -------- d-----w- C:\ProgramData\Kaspersky Lab
2013-06-29 02:07:20 -------- d-----w- C:\Program Files (x86)\MTA San Andreas 1.3
2013-06-29 02:07:19 -------- d-----w- C:\ProgramData\MTA San Andreas All
2013-06-27 03:04:35 -------- d-----w- C:\Users\Fellipe\AppData\Roaming\Unity
2013-06-27 02:20:11 -------- d-----w- C:\Users\Fellipe\AppData\Local\Unity
2013-06-26 19:15:40 -------- d-----w- C:\Users\Fellipe\AppData\Roaming\Arrowhead
2013-06-26 19:15:36 -------- d-----w- C:\Windows\9530AE42DAE146199594B23487285D17.TMP
2013-06-26 17:17:17 -------- d-----w- C:\Users\Fellipe\AppData\Roaming\Zeal Game Studio
2013-06-25 02:27:39 -------- d-----w- C:\Users\Fellipe\AppData\Local\Skyrim NPC Editor
2013-06-25 02:26:26 -------- d-----w- C:\Program Files (x86)\Skyrim NPC Editor
2013-06-24 15:07:26 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2013-06-24 15:07:26 -------- d-----w- C:\Program Files (x86)\World of Warcraft
2013-06-24 15:07:26 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2013-06-24 15:00:08 -------- d-----w- C:\ProgramData\Battle.net
2013-06-23 23:49:59 -------- d-----w- C:\Program Files (x86)\Cheat Engine 6.3
2013-06-23 16:21:51 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-20 16:11:55 -------- d-----w- C:\Program Files\Microsoft Mouse and Keyboard Center
2013-06-20 16:11:01 3072 ----a-w- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
2013-06-20 16:11:01 15360 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2013-06-20 16:11:01 13312 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2013-06-20 16:11:01 13312 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2013-06-20 16:08:45 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
2013-06-20 16:08:45 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-06-20 16:08:45 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-06-20 16:08:45 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-06-20 16:08:45 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
2013-06-20 16:08:44 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-06-20 16:08:44 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-06-20 16:08:41 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2013-06-20 16:08:41 366592 ----a-w- C:\Windows\System32\qdvd.dll
2013-06-19 23:20:28 51496 ----a-w- C:\Windows\System32\drivers\stflt.sys
2013-06-18 20:24:59 -------- d-----w- C:\system32
2013-06-18 20:24:59 -------- d-----w- C:\Kernel
2013-06-18 19:50:12 -------- d-----w- C:\Users\Fellipe\AppData\Local\GOG.com
2013-06-18 19:42:12 -------- d-----w- C:\Program Files (x86)\GOG.com
2013-06-16 21:39:28 -------- d-----w- C:\Program Files (x86)\Common Files\HP
2013-06-14 17:33:25 -------- d-----w- C:\Windows\System32\SkyProcDebug
2013-06-14 17:30:43 -------- d-----w- C:\Windows\System32\Files
.
==================== Find3M ====================
.
2013-07-09 01:18:33 291128 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-07-09 01:18:33 291128 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-07-04 18:58:23 972712 ----a-w- C:\Windows\System32\deployJava1.dll
2013-07-04 18:58:23 1093032 ----a-w- C:\Windows\System32\npDeployJava1.dll
2013-06-27 19:12:50 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-06-27 19:12:50 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-06-23 16:21:48 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-06-23 16:21:48 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-06-12 21:59:11 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 21:59:11 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-09 02:18:37 291128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-06-09 02:17:34 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-05-13 18:36:06 50864 ----a-w- C:\Windows\System32\drivers\point64.sys
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-12 20:34:14 6491936 ----a-w- C:\Windows\System32\nvcpl.dll
2013-05-12 20:34:14 3514656 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-05-12 20:34:12 884512 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-05-12 20:34:12 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-05-12 20:34:12 2555680 ----a-w- C:\Windows\System32\nvsvcr.dll
2013-05-12 20:34:11 237856 ----a-w- C:\Windows\System32\nvmctray.dll
2013-05-12 18:43:36 566048 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-05-09 08:59:07 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-05-09 08:59:07 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-05-09 08:59:06 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-05-09 08:58:37 41664 ----a-w- C:\Windows\avastSS.scr
2013-05-08 14:13:10 3165737 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-05-06 06:03:49 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-05-06 04:56:35 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-05-02 13:22:04 2274480 ----a-w- C:\Windows\System32\coin94.dll
2013-05-02 05:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-05-01 06:59:12 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2013-05-01 06:59:12 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-04-17 07:02:06 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-04-17 06:24:46 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
.
============= FINISH: 10:38:09,44 ===============

*My attach.txt:*

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 17/11/2012 12:49:58
System Uptime: 14/07/2013 08:50:07 (2 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | Z77M-D3H
Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz | Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz | 3901/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1863 GiB total, 684,895 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 0 GiB total, 0,068 GiB free.
F: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP253: 13/07/2013 23:34:46 - ComboFix created restore point
RP254: 14/07/2013 02:55:51 - Windows Update
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
7-Zip 9.20 (x64 edition)
A Game of Dwarves
Ace of Spades
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Photoshop CS6
Adobe Reader XI (11.0.03) - Português
Adobe Shockwave Player 12.0
AIO_CDA_ProductContext
AIO_CDA_Software
AIO_Scan
Alan Wake
Alan Wake's American Nightmare
Alice: Madness Returns
Apple Mobile Device Support
Apple Software Update
Archeblade
Ask Shopping Toolbar
Ask Toolbar
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
µTorrent
Atualizações da NVIDIA 4.11.9
aTube Catcher
avast! Free Antivirus
Batman: Arkham City GOTY
Batman: Arkham City
BIT.TRIP Presents... Runner2: Future Legend of Rhythm Alien
BIT.TRIP RUNNER
BitRaider Web Client
Bonjour
BOSS
BufferChm
Bulletstorm
Bully Scholarship Edition
C3100
c3100_Help
CCleaner
CDisplay 1.8
Central de Mouse e Teclado da Microsoft
Cheat Engine 6.3
Chivalry: Medieval Warfare
Command & Conquer Red Alert 3
Copy
Counter-Strike: Global Offensive
CPUID HWMonitor 1.21
Creation Kit
D3DX10
DAEMON Tools Lite
DC Universe Online
Dead Space
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Destinations
DeviceDiscovery
DirectVobSub 2.41.6609 (64-bit)
DocProc
Don't Starve
Dota 2
Dual-Core Optimizer
DVD Suite
Easy Tune 6 B12.0309.1
Electric Sheep 2.7b34
Facebook Messenger 2.1.4814.0
Facebook Video Calling 1.2.0.287
Fallout Mod Manager 0.13.21
Fallout New Vegas
Fax
Ferramenta Criar um Mundo The Sims 3 Beta
Firestorm-Release (remove only)
Forsaken World
FreeStar YouTube MP3 Converter 2.0.8
Galeria de Fotos
GameRanger
GOG.com Downloader version 3.5.2
Google Chrome
Google Update Helper
Gotham City Impostors: Free To Play
GPBaseService2
Grand Theft Auto
Grand Theft Auto 2
Grand Theft Auto III
Grand Theft Auto IV
Grand Theft Auto: Episodes from Liberty City
Grand Theft Auto: San Andreas
Grand Theft Auto: Vice City
Gunz Ultra
Half-Life 2
Half-Life 2: Deathmatch
Half-Life 2: Lost Coast
Happy Cloud Client
home box office Screen Saver
HP Customer Participation Program 13.0
HP Imaging Device Functions 13.0
HP Photosmart All-In-One Driver Software 13.0 Rel. A
HP Photosmart Essential 3.5
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Update
HPDiagnosticAlert
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
ID3 Tag Editor 1.0
IMVU Avatar Chat Software
Instalação do DivX
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Intel(R) USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
iTunes
Java 7 Update 25
Java 7 Update 25 (64-bit)
Java Auto Updater
Just Cause 2
Kingdoms of Amalur: Reckoning
League of Legends
Left 4 Dead
Left 4 Dead 2
LG ODD Auto Firmware Update
LogMeIn Hamachi
Magicka
ManyCam 3.1.57
MarketResearch
Marvel Heroes
Mass Effect
Max Payne 3
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile PTB Language Pack
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended PTB Language Pack
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (Portuguese (Brazil)) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (Portuguese (Brazil)) 2010
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010
Microsoft Office Shared 32-bit MUI (Portuguese (Brazil)) 2010
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010
Microsoft Office Word MUI (Portuguese (Brazil)) 2010
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Microsoft Xbox 360 Accessories 1.2
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Movie Maker
Mozilla Firefox 22.0 (x86 pt-BR)
Mozilla Maintenance Service
MSVCRT
MSVCRT Redists
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MTA:SA v1.3.2
Nero 7 Essentials
neroxml
Network64
Nexus Mod Manager
NVIDIA Driver de controle do 3D Vision 320.18
NVIDIA Driver de gráficos 320.18
NVIDIA Driver de áudio HD 1.3.24.2
NVIDIA Driver do 3D Vision 320.18
NVIDIA GeForce Experience 1.5
NVIDIA Install Application
NVIDIA PhysX
NVIDIA Software do sistema PhysX 9.12.1031
NVIDIA Stereoscopic 3D Driver
NVIDIA Update Components
Oblivion
Oblivion - Horse Armor Pack
Oblivion - Knights of the Nine
Oblivion - Mehrunes Razor
Oblivion - Orrery
Oblivion - Spell Tomes
Oblivion - Thieves Den
Oblivion - Vile Lair
Oblivion - Wizard's Tower
OCR Software by I.R.I.S. 13.0
ON_OFF Charge B11.1102.1
OpenAL
Orcs Must Die! 2
Origin
Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)
Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Português (Brasil)
Painel de controle da NVIDIA 320.18
Pando Media Booster
PCSX2 - Playstation 2 Emulator
PDF Settings CS6
Photo Common
Photo Gallery
Plants vs. Zombies: Game of the Year
Platform
Portal
PowerDVD
PowerProducer
QuickTime
RegCure Pro
Rockstar Games Social Club
Roller Coaster Tycoon 3 Platinum - CarlesNeo !
RPG 2ic
RRPG Firecast
s3pe - Sims3 Package Editor
Sandboxie 3.76 (64-bit)
Scan
Scribblenauts Unlimited
SecondLifeViewer (remove only)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 64-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687422) 64-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687276) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 64-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 64-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 64-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 64-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 64-Bit Edition
Shop for HP Supplies
Sid Meier's Civilization V
SimCity 4 Deluxe
Skype 6.3
Skyrim NPC Editor
SmartWebPrinting
Sniper Elite V2
SolutionCenter
Sonic Generations
Spiral Knights
SPORE
SPORE Aventuras Galácticas
SPORE Coleção de Partes Medonhas & Fofinhas
Star Trek Online
Star Wars - Jedi Knight II: Jedi Outcast
Star Wars - Jedi Knight: Mysteries of the Sith
Star Wars Empire at War
Star Wars Empire at War Forces of Corruption
Star Wars Jedi Knight: Dark Forces II
Star Wars Jedi Knight: Jedi Academy
Star Wars: Dark Forces
Star Wars: The Old Republic
Status
Steam
Super Street Fighter IV: Arcade Edition
Suporte para Aplicativos Apple
swMSM
System Requirements Lab CYRI
Team Fortress 2
TeamViewer 8
TERA
Terraria
The Elder Scrolls V: Skyrim
The Hobbit(TM)
The Lord of the Rings Online
The Showdown Effect
The Sims Medieval
The Sims Medieval Pirates and Nobles
The Sims 3
The Sims 3 Acelerando Coleção de Objetos
The Sims 3 Ambições
The Sims 3 Anos 70, 80, e 90 Coleção de Objetos
The Sims 3 Caindo na Noite
The Sims 3 Diesel Coleção de Objetos
The Sims 3 Estações
The Sims 3 Gerações
The Sims 3 Ilha Paradisíaca
The Sims 3 Katy Perry Mundo Doce
The Sims 3 Pets
The Sims 3 Showtime
The Sims 3 Sobrenatural
The Sims 3 Suíte de Luxo Coleção de Objetos
The Sims 3 Vida ao Ar Livre Coleção de Objetos
The Sims 3 Vida em Alto Estilo Coleção de Objetos
The Sims 3 Vida Universitária
The Sims 3 Vida Urbana Coleção de Objetos
The Sims 3 Volta ao Mundo
The Walking Dead
The War Z
The Witcher 2: Assassins of Kings Enhanced Edition
The Witcher 2: Bonus Content
Toolbox
Torchlight
TrayApp
Unity Web Player
UnloadSupport
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
USB PC Camera(ZS0211)
VC80CRTRedist - 8.0.50727.6195
Vegas Pro 11.0 (64-bit)
VIA Gerenciador de dispositivo de plataforma
VLC media player 2.0.7
VoiceOver Kit
Warframe
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR 4.20 (64-bit)
World of Warcraft
Worms Ultimate Mayhem
Zoo Tycoon 2 - Dino Danger Pack
.
==== End Of File ===========================

*Again, thanks for helping.
*


----------



## LukeLennon (Jul 14, 2013)

Could someone help me?


----------



## LukeLennon (Jul 14, 2013)

Please?


----------



## LukeLennon (Jul 14, 2013)

Anyone?


----------



## LukeLennon (Jul 14, 2013)

Seriously?


----------



## wannabeageek (Nov 12, 2009)

Hi LukeLennon,

Do you still have combofix install?


> RP253: 13/07/2013 23:34:46 - ComboFix created restore point


I need you to post any and all logs created by ComboFix. If you deleted this information, I may not be able to help you.



> ComboFix is not a tool that is intended to be used without the direct supervision of a qualified expert. To use ComboFix on your own, especially without the* Recovery Console* installed for XP or access to the *Recovery Environment* for Vista or Windows 7, is to court disaster for your computer.* Please stop all attempts at self-fixes* for your system's issues as that may only confuse the issue further and cause additional problems as well.


----------



## LukeLennon (Jul 14, 2013)

Thanks for helping. I have it.



> ComboFix 13-07-13.01 - Fellipe 13/07/2013 23:38:00.1.8 - x64
> Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.16345.13050 [GMT -3:00]
> Executando de: c:\users\Fellipe\Desktop\Gotcha.exe
> AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
> ...


Thanks again.


----------



## wannabeageek (Nov 12, 2009)

Hi LukeLennon,

I notice you have a *torrent P2P* program installed.


> µTorrent


*Please do not download and install OR remove any programs* while I assist you. This will only make the process more difficult.
Thank you,
wbg

P.S. Looking over the logs you provided. I will get back to you.


----------



## wannabeageek (Nov 12, 2009)

Hi LukeLennon,

Sorry for the delay. I work full time including Saturdays.

Please keep in mind; By using any form of *P2P networking* to *download files* you can *anticipate* infestations of malware to occur. The P2P program 
itself, may be safe but the files may not... use P2P at your own risk! Keep in mind that this practice _may be the source _of your current malware infestation.
*Reference... siting risk factors, using P2P programs:* How to Prevent the Online Invasion of Spyware and Adware

*Step 1.*
*Online Multi Antivirus file scan*
Please go to *Virus Total* and upload -only one file per scan- the following file(s) for scanning:

*c:\windows\system32\srvany.exe *


Press the *Browse* button and navigate to -one- of the files in the list.
*Double click* the located file name... The file name should now appear in the online scanner's text entry box.
Click on *Send File*...button.
The file will be queued, uploaded and scanned by various antivirus scanners..this may take a few minutes.
If you receive the message: _File has already been analyzed:_
Please press the *Reanalyze file now* button, so your file will be scanned.

When all scans have completed... the results page is displayed
Please highlight and copy the page web address link from your browser window.
Example of web address :








Please repeat this procedure *for each file *listed above.
Paste the Web address link(s) for the scan results in your next reply.

*RegCure Pro * "Registry Cleaners" are a complete waste of time and can cause more harm than good. The Registry is extremely tolerant of orphans, and will happily run with thousands of them without any noticeable loss of performance. However, remove the wrong key or value, and you can easily turn your computer into an expensive paperweight/doorstop.

*Step 2.*
*Uninstall Programs *
I need you to uninstall some program(s).


Click on *Start*...then... Click the *Start Search* box on the *Start Menu.*
Copy and paste the value below, into the open text entry box:
* appwiz.cpl*
then press enter.
Locate the following program(s):
* Ask Shopping Toolbar
Ask Toolbar
RegCure Pro
*
Select the program and click on *Uninstall* to uninstall it.
*Carefully read any prompts...* 
_Some uninstallers prompt in a way to trick you into keeping the program, sometimes, preventing them from being uninstalled again!_
*Repeat steps 3 - 4 *for *each program *in the list. When finished... *Close* the *Control Panel *window.


*Step 3.*
*Junkware Removal Tool*


Please download and run the following program: JRT.exe
Right-click *JRT.exe* and select * " Run as administrator " *to run it.
When the program is finished running, post the log *JRT.txt* in your next reply.

*Step 4.*
*OTL*
Please download *OTL* ... by Old Timer . *Save it to your Desktop*.


Right click on *OTL.exe* select "*Run As Administrator*" to run it. If prompted by UAC, please allow it.
Click the *Scan All Users* checkbox.
Check the Extra Registry block to make sure the "Use SafeList" button is highlighted.
_Leave the remaining selections to the default settings._
Click on *Run Scan* at the top left hand corner.
When done, two Notepad files will open.
*OTL.txt* <-- _Will be opened, maximized_
*Extras.txt* <-- _Will be minimized on task bar._

Please post the contents of both *OTL.txt* and *Extras.txt* files in your next reply.

*Please include in your next reply:*


Contents of virustotal results
Verify programs are uninstalled
Contents of JRT.txt
Contents of OTL.txt
Contents of Extras.txt
*Any problem executing the instructions?*

Thanks, 
wbg


----------



## LukeLennon (Jul 14, 2013)

Hey, seriously, thanks for your help.

*1.* So, virustotal results.

*2.* I uninstalled RegCure Pro and Ask Shopping Tooblar. (RgCure I didn't use and Ask Toolbar I think my mother installed.)

But When I try to uninstall Ask Tooblar, Windows Installer says:



> The feature you are trying to use is on a network resource that is unavailable.


And it asks me to find the AskToolbarInstaller-11.10.0_MYC3.msi file, but I can't find it.

*3.* JRT.txt :


> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Junkware Removal Tool (JRT) by Thisisu
> Version: 5.3.2 (08.03.2013:1)
> OS: Windows 7 Ultimate x64
> ...


*4.5.* OTL is still scanning, but when it finishes, I'll include the files on reply.


----------



## wannabeageek (Nov 12, 2009)

Hi LukeLennon,



> But When I try to uninstall Ask Tooblar, Windows Installer says:
> 
> Quote:
> The feature you are trying to use is on a network resource that is unavailable.
> And it asks me to find the AskToolbarInstaller-11.10.0_MYC3.msi file, but I can't find it.


Not to worry. We can remove it manually.


----------



## LukeLennon (Jul 14, 2013)

It finished scanning.

*OTL:*



> OTL logfile created on: 04/08/2013 15:32:48 - Run 1
> OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Fellipe\Downloads
> 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
> Internet Explorer (Version = 9.10.9200.16635)
> ...


*Extras:*



> OTL Extras logfile created on: 04/08/2013 15:32:48 - Run 1
> OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Fellipe\Downloads
> 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
> Internet Explorer (Version = 9.10.9200.16635)
> ...


Thanks.


----------



## LukeLennon (Jul 14, 2013)

It finished scanning.

*OTL:*



> OTL logfile created on: 04/08/2013 15:32:48 - Run 1
> OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Fellipe\Downloads
> 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
> Internet Explorer (Version = 9.10.9200.16635)
> ...


*Extras:*



> OTL Extras logfile created on: 04/08/2013 15:32:48 - Run 1
> OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Fellipe\Downloads
> 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
> Internet Explorer (Version = 9.10.9200.16635)
> ...


Thanks.


----------



## wannabeageek (Nov 12, 2009)

Hi LukeLennon,

Please move these tools to use to your desktop. The desktop is where they were designed to operate from.


> OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Fellipe\Downloads
> C:\Users\Fellipe\Downloads\HijackThis.exe


Please do not post your log replies in "quote" boxes.


> quote


You should not allow any sites except Microsoft and your Internet Provider into the browser "Trusted Zone".

*Step 1.*
*Run OTL Script*
*We need to run an OTL Fix*


Right-click *OTL.exe* and select * " Run as administrator " *to run it.
*Copy* and *Paste* the following code into the







textbox. Do not include the word *Code*

```
:commands
[createrestorepoint]

:OTL
FF - prefs.js..browser.search.defaultengine: "Ask Search"
FF - prefs.js..browser.search.defaultenginename: "Ask Search"
FF - prefs.js..browser.search.order.1: "Ask Search"
[2013/06/08 10:50:52 | 000,447,083 | ---- | M] () (No name found) -- C:\Users\Fellipe\AppData\Roaming\Mozilla\Firefox\Profiles\iyi735zd.default\ extensions\[email protected]
[2013/06/06 13:23:06 | 000,002,511 | ---- | M] () -- C:\Users\Fellipe\AppData\Roaming\Mozilla\Firefox\Profiles\iyi735zd.default\ searchplugins\ask-search.xml
O2 - BHO: (Ask Toolbar) - {4D594333-0076-A76A-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Passport.dll" File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {4D594333-0076-A76A-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Passport.dll" File not found
O3 - HKU\S-1-5-21-806275852-2541110638-1820081957-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {4D594333-0076-A76A-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Passport.dll" File not found
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-806275852-2541110638-1820081957-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-806275852-2541110638-1820081957-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-806275852-2541110638-1820081957-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-806275852-2541110638-1820081957-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
@Alternate Data Stream - 40 bytes -> C:\Users\Fellipe\Dados de aplicativos:NT

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{4D594333-0076-A76A-76A7-A758B70B0A00}"=-

:Commands
[EMPTYTEMP]
```

 Click under the *Custom Scan/Fixes* box and paste the copied text.
 Click the *Run Fix* button. If prompted... click *OK*.
 When the scan completes, Notepad will open with the scan results. The report is saved in this location: C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
Please post the contents of report in your next reply.

C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.

*Step 2.*
Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*


Double-click *SystemLook.exe* to run it.
Copy and paste the content of the following codebox into the main textfield:

```
:filefind
*Bandoo*
*Community*
*Conduit*
*datamngr*
*Fun4IM*
*iLivid*
*IObit*
*Iminent*
*Searchqu*
*Searchnu*
*Tarma*
*trolltech*
*vshare*
*whitesmoke*
*Yontoo*

:folderfind
*Bandoo*
*Community*
*Conduit*
*datamngr*
*Fun4IM*
*iLivid*
*IObit*
*Iminent*
*Searchqu*
*Searchnu*
*Tarma*
*trolltech*
*vshare*
*whitesmoke*
*Yontoo*

:Regfind
Bandoo
Community
Conduit
datamngr
Fun4IM
iLivid
IObit
Iminent
Searchqu
Searchnu
Tarma
trolltech
vshare
whitesmoke
Yontoo
4D594333-0076-A76A-76A7-A758B70B0A00
```

Click the *Look* button to start the scan.
Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*

*Please include in your next reply:*


Contents of C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
Contents of SystemLook.txt
*Any problem executing the instructions?*

Thanks, 
wbg


----------



## LukeLennon (Jul 14, 2013)

*1. 08052013_181706.log :*

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Prefs.js: "Ask Search" removed from browser.search.defaultengine
Prefs.js: "Ask Search" removed from browser.search.defaultenginename
Prefs.js: "Ask Search" removed from browser.search.order.1
File C:\Users\Fellipe\AppData\Roaming\Mozilla\Firefox\Profiles\iyi735zd.default\ extensions\[email protected] not found.
File C:\Users\Fellipe\AppData\Roaming\Mozilla\Firefox\Profiles\iyi735zd.default\ searchplugins\ask-search.xml not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D594333-0076-A76A-76A7-7A786E7484D7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D594333-0076-A76A-76A7-7A786E7484D7}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{4D594333-0076-A76A-76A7-7A786E7484D7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D594333-0076-A76A-76A7-7A786E7484D7}\ not found.
Registry value HKEY_USERS\S-1-5-21-806275852-2541110638-1820081957-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4D594333-0076-A76A-76A7-7A786E7484D7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D594333-0076-A76A-76A7-7A786E7484D7}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ not found.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-806275852-2541110638-1820081957-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-806275852-2541110638-1820081957-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-806275852-2541110638-1820081957-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-806275852-2541110638-1820081957-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Unable to delete ADS C:\Users\Fellipe\Dados de aplicativos:NT .
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{4D594333-0076-A76A-76A7-A758B70B0A00} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D594333-0076-A76A-76A7-A758B70B0A00}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Beaup
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 294871 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 89328461 bytes
->Google Chrome cache emptied: 10705104 bytes
->Flash cache emptied: 155405 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 57472 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Fellipe
->Temp folder emptied: 1083909640 bytes
->Temporary Internet Files folder emptied: 557263106 bytes
->Java cache emptied: 790155 bytes
->FireFox cache emptied: 472068511 bytes
->Google Chrome cache emptied: 384354545 bytes
->Flash cache emptied: 64252 bytes

User: hedev
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Sara
->Temp folder emptied: 68664 bytes
->Temporary Internet Files folder emptied: 195 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 120748400 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 58866 bytes

User: Todos os Usuários

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 57472 bytes

User: Usuário Padrão
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 602112 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 831271 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50783 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2.595,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 08052013_181706

Files\Folders moved on Reboot...
C:\Users\Fellipe\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Fellipe\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

*2. It's still scanning, it's been scanning for three and a half hours! Is it normal?*


----------



## wannabeageek (Nov 12, 2009)

Hi,



> 2. It's still scanning, it's been scanning for three and a half hours! Is it normal?


Seeing that you have a 2 terabyte drive, some scans could some time.

Did the scan ever finish? Which scan?

wbg


----------



## LukeLennon (Jul 14, 2013)

I had to stop, to go sleep, then I decided to wait for your response. In the SystemLook.txt file, related to the unfinished scan it says:

SystemLook 30.07.11 by jpshortstuff
Log created at 21:34 on 05/08/2013 by Fellipe
Administrator - Elevation successful

========== filefind ==========

Searching for "*Bandoo*"


----------



## wannabeageek (Nov 12, 2009)

Hi LukeLennon,

It appears that your computer has locked up by the partial log you have posted. 
If it has not finished scanning by now, shut it down, reboot and run the program below. Then re-run the systemlook scan.

*Step 1.*
*RogueKiller*
Please download *RogueKiller.exe* ... by Tigzy and save it to your *desktop*.
An alternate download can be found *here*.
*Note:* If malware prevents execution, you may try executing the program several times. If unsuccessful, rename the program to *winlogon.exe*.


Close all open windows, quit all running programs.
Right click on *RogueKiller.exe* and select *"Run As Administrator"* to run. If UAC prompts, allow it.
When the pre-scan finishes... press the *Scan* button.
When the scan is finished, a file named *RKreport.txt* should appear on your desktop.
Please copy and paste the contents of the *RKreport.txt* file in your next reply.

*Step 2.*
Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*


Double-click *SystemLook.exe* to run it.
Copy and paste the content of the following codebox into the main textfield:

```
:filefind
*Bandoo*
*Community*
*Conduit*
*datamngr*
*Fun4IM*
*iLivid*
*IObit*
*Iminent*
*Searchqu*
*Searchnu*
*Tarma*
*trolltech*
*vshare*
*whitesmoke*
*Yontoo*

:folderfind
*Bandoo*
*Community*
*Conduit*
*datamngr*
*Fun4IM*
*iLivid*
*IObit*
*Iminent*
*Searchqu*
*Searchnu*
*Tarma*
*trolltech*
*vshare*
*whitesmoke*
*Yontoo*

:Regfind
Bandoo
Community
Conduit
datamngr
Fun4IM
iLivid
IObit
Iminent
Searchqu
Searchnu
Tarma
trolltech
vshare
whitesmoke
Yontoo
4D594333-0076-A76A-76A7-A758B70B0A00
```

Click the *Look* button to start the scan.
Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*

*Please include in your next reply:*


Contents of RKreport.txt
Contents of SystemLook.txt
*Any problem executing the instructions?*

Thanks, 
wbg


----------



## LukeLennon (Jul 14, 2013)

Sorry for the delay.

I did step 1. Started step 2 one hour ago, it's still looking. (Maybe this long time lookin has something to do with my Windows being in Brazilian Portuguese? I don't know.)

And here is the 
*RKreport[0]_S_08092013_181951.txt:*

RogueKiller V8.6.5 [Aug 5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Fellipe [Admin rights]
Mode : Scan -- Date : 08/09/2013 18:19:51
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 9 ¤¤¤
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[SCREENSVR][SUSP PATH] HKCU\[...]\Desktop : SCRNSAVE.EXE (C:\Windows\es.scr [-]) -> FOUND

¤¤¤ Scheduled tasks : 2 ¤¤¤
[V2][SUSP PATH] DealPly : C:\Users\Sara\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE - /Check [7] -> FOUND
[V2][SUSP PATH] Funmoods : C:\Users\Sara\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.EXE - /Check [x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD20EARX-00ZUDB0 +++++
--- User ---
[MBR] 54bf35fc14b0c27cd8216a512f0aa440
[BSP] a39e49e9484ff725a9a42349eea10e6e : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1907627 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD20EARX-00ZUDB0 +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_S_08092013_181951.txt >>

*Thanks again.*


----------



## wannabeageek (Nov 12, 2009)

Hi LukeLennon,

Please run this scan again. I think something did not work correctly on the last fix.

*OTL* should still be on your Desktop.


Right click on *OTL.exe* select "*Run As Administrator*" to run it. If prompted by UAC, please allow it.
Click the *Scan All Users* checkbox.
*Check the Extra Registry block to make sure the "Use SafeList" button is highlighted.*
_Leave the remaining selections to the default settings._
Click on *Run Scan* at the top left hand corner.
When done, two Notepad files will open.
*OTL.txt* <-- _Will be opened, maximized_
*Extras.txt* <-- _Will be minimized on task bar._

Please post the contents of both *OTL.txt* and *Extras.txt* files in your next reply.

*Do not post them in quote blocks. Do not translate any of the results from Portuguese to English.*


----------



## LukeLennon (Jul 14, 2013)

Right, sorry for the delay, I wasn't home.
PS: I didn't translate anything from Portuguese to English in my other replies.

*OTL.txt*

OTL logfile created on: 11/08/2013 19:39:34 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Fellipe\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

15,96 Gb Total Physical Memory | 12,27 Gb Available Physical Memory | 76,89% Memory free
31,92 Gb Paging File | 28,20 Gb Available in Paging File | 88,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862,92 Gb Total Space | 517,66 Gb Free Space | 27,79% Space Free | Partition Type: NTFS
Drive E: | 100,00 Mb Total Space | 69,99 Mb Free Space | 69,99% Space Free | Partition Type: NTFS
Drive F: | 4,37 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 1,88 Gb Total Space | 0,07 Gb Free Space | 3,49% Space Free | Partition Type: FAT32

Computer Name: FELLIPE-PC | User Name: Fellipe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/04 15:17:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Fellipe\Desktop\OTL.exe
PRC - [2013/07/30 19:47:36 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/07/26 19:46:22 | 001,807,272 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2013/07/18 20:18:04 | 000,065,600 | ---- | M] (Raptr, Inc) -- C:\PROGRA~2\Raptr\raptr.exe
PRC - [2013/07/18 20:18:04 | 000,046,144 | ---- | M] (Raptr, Inc) -- C:\PROGRA~2\Raptr\raptr_im.exe
PRC - [2013/07/14 23:53:14 | 001,861,512 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
PRC - [2013/06/28 14:02:06 | 002,255,184 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2013/06/08 23:17:34 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013/05/16 11:43:15 | 001,012,000 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/05/12 15:43:32 | 000,413,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/05/11 07:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/09 05:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Arquivos de Programas\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 05:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Arquivos de Programas\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/02/12 23:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2012/11/29 10:50:25 | 003,463,080 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2012/11/17 17:01:44 | 000,077,824 | ---- | M] () -- C:\Windows\KMService.exe
PRC - [2012/11/17 17:01:44 | 000,008,192 | ---- | M] () -- C:\Windows\SysWOW64\srvany.exe
PRC - [2012/11/17 14:37:23 | 000,871,536 | ---- | M] (BitLeader) -- C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
PRC - [2012/01/27 06:40:44 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2011/12/16 11:30:40 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011/12/16 11:30:38 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011/12/16 10:02:56 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2011/11/29 19:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/11/29 19:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2007/04/06 10:06:58 | 000,057,344 | ---- | M] (ZSMCSNAP) -- C:\Windows\ZSSnp211.exe

========== Modules (No Company Name) ==========

MOD - [2013/07/30 19:47:53 | 003,534,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/07/26 19:46:24 | 001,122,216 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL
MOD - [2013/07/15 19:32:40 | 020,625,832 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2013/07/14 23:53:14 | 016,166,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
MOD - [2013/07/10 14:47:59 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\5ff75dafe0bda546dc6c71d2cb2d5257\IAStorUtil.ni.dll
MOD - [2013/07/10 14:47:59 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\6e3778958a8bfd03bf0f2f60c4e25623\IAStorCommon.ni.dll
MOD - [2013/07/10 11:44:12 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\89fe719039385377f6b5ad8d0070aa6b\System.Runtime.Remoting.ni.dll
MOD - [2013/07/10 11:43:57 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll
MOD - [2013/07/10 11:43:53 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll
MOD - [2013/07/10 11:43:46 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c25666b99761bc42322bae2e59968df8\WindowsBase.ni.dll
MOD - [2013/07/10 11:43:43 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll
MOD - [2013/07/10 11:43:41 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll
MOD - [2013/07/10 11:43:41 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll
MOD - [2013/07/10 11:43:36 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/07/01 13:20:48 | 000,652,800 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2013/06/14 20:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2013/06/14 20:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2013/06/14 20:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2013/06/10 06:55:08 | 002,010,624 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\opencv_core220.dll
MOD - [2013/06/10 06:55:08 | 001,241,088 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\opencv_imgproc220.dll
MOD - [2013/05/09 20:52:58 | 001,183,699 | ---- | M] () -- C:\PROGRA~2\Raptr\liboscar.dll
MOD - [2013/05/09 20:52:58 | 000,483,306 | ---- | M] () -- C:\PROGRA~2\Raptr\plugins\libicq.dll
MOD - [2013/05/09 20:52:56 | 000,495,680 | ---- | M] () -- C:\PROGRA~2\Raptr\plugins\libaim.dll
MOD - [2013/05/03 15:57:16 | 001,640,221 | ---- | M] () -- C:\PROGRA~2\Raptr\libjabber.dll
MOD - [2013/05/03 15:57:14 | 001,053,730 | ---- | M] () -- C:\PROGRA~2\Raptr\libymsg.dll
MOD - [2013/05/03 15:57:06 | 000,655,356 | ---- | M] () -- C:\PROGRA~2\Raptr\plugins\libirc.dll
MOD - [2013/05/03 15:57:04 | 000,603,326 | ---- | M] () -- C:\PROGRA~2\Raptr\plugins\ssl-nss.dll
MOD - [2013/05/03 15:57:02 | 000,474,199 | ---- | M] () -- C:\PROGRA~2\Raptr\plugins\ssl.dll
MOD - [2013/05/03 15:57:00 | 000,497,782 | ---- | M] () -- C:\PROGRA~2\Raptr\plugins\libyahoojp.dll
MOD - [2013/05/03 15:56:50 | 001,306,387 | ---- | M] () -- C:\PROGRA~2\Raptr\plugins\libmsn.dll
MOD - [2013/05/03 15:56:46 | 000,565,461 | ---- | M] () -- C:\PROGRA~2\Raptr\plugins\libxmpp.dll
MOD - [2013/05/03 15:56:44 | 000,506,276 | ---- | M] () -- C:\PROGRA~2\Raptr\plugins\libyahoo.dll
MOD - [2013/02/12 23:38:06 | 000,100,688 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2013/02/12 23:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2012/10/27 04:53:18 | 002,717,595 | ---- | M] () -- C:\PROGRA~2\Raptr\heliotrope._purple.pyd
MOD - [2012/08/27 20:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 20:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/06/22 18:59:52 | 000,313,856 | ---- | M] () -- C:\PROGRA~2\Raptr\PyQt4.QtWebKit.pyd
MOD - [2012/06/22 18:55:58 | 000,494,592 | ---- | M] () -- C:\PROGRA~2\Raptr\PyQt4.QtNetwork.pyd
MOD - [2012/06/22 18:53:22 | 005,812,736 | ---- | M] () -- C:\PROGRA~2\Raptr\PyQt4.QtGui.pyd
MOD - [2012/06/22 18:39:06 | 001,662,464 | ---- | M] () -- C:\PROGRA~2\Raptr\PyQt4.QtCore.pyd
MOD - [2012/06/22 18:24:28 | 000,067,584 | ---- | M] () -- C:\PROGRA~2\Raptr\sip.pyd
MOD - [2012/02/06 17:28:48 | 000,011,264 | ---- | M] () -- C:\PROGRA~2\Raptr\Crypto.Util._counter.pyd
MOD - [2012/02/06 17:28:42 | 000,031,744 | ---- | M] () -- C:\PROGRA~2\Raptr\Crypto.Cipher.AES.pyd
MOD - [2012/02/06 17:28:34 | 000,010,752 | ---- | M] () -- C:\PROGRA~2\Raptr\Crypto.Random.OSRNG.winrandom.pyd
MOD - [2011/05/10 16:01:42 | 000,030,208 | ---- | M] () -- C:\PROGRA~2\Raptr\simplejson._speedups.pyd
MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2011/02/15 15:17:28 | 001,213,633 | ---- | M] () -- C:\PROGRA~2\Raptr\libxml2-2.dll
MOD - [2011/02/15 15:17:28 | 000,417,501 | ---- | M] () -- C:\PROGRA~2\Raptr\sqlite3.dll
MOD - [2010/11/22 20:06:22 | 000,055,808 | ---- | M] () -- C:\PROGRA~2\Raptr\zlib1.dll
MOD - [2010/11/22 19:57:34 | 000,167,936 | ---- | M] () -- C:\PROGRA~2\Raptr\win32gui.pyd
MOD - [2010/11/22 19:57:34 | 000,111,104 | ---- | M] () -- C:\PROGRA~2\Raptr\win32file.pyd
MOD - [2010/11/22 19:57:34 | 000,096,256 | ---- | M] () -- C:\PROGRA~2\Raptr\win32api.pyd
MOD - [2010/11/22 19:57:34 | 000,036,352 | ---- | M] () -- C:\PROGRA~2\Raptr\win32process.pyd
MOD - [2010/11/22 19:57:34 | 000,016,384 | ---- | M] () -- C:\PROGRA~2\Raptr\win32trace.pyd
MOD - [2010/11/22 19:57:18 | 000,141,312 | ---- | M] () -- C:\PROGRA~2\Raptr\gobject._gobject.pyd
MOD - [2010/11/22 19:56:56 | 000,354,304 | ---- | M] () -- C:\PROGRA~2\Raptr\pythoncom26.dll
MOD - [2010/11/22 19:56:56 | 000,110,592 | ---- | M] () -- C:\PROGRA~2\Raptr\pywintypes26.dll
MOD - [2010/11/22 19:56:26 | 000,324,608 | ---- | M] () -- C:\PROGRA~2\Raptr\PIL._imaging.pyd
MOD - [2010/11/22 19:56:02 | 000,805,376 | ---- | M] () -- C:\PROGRA~2\Raptr\_ssl.pyd
MOD - [2010/11/22 19:56:02 | 000,583,680 | ---- | M] () -- C:\PROGRA~2\Raptr\unicodedata.pyd
MOD - [2010/11/22 19:56:02 | 000,356,864 | ---- | M] () -- C:\PROGRA~2\Raptr\_hashlib.pyd
MOD - [2010/11/22 19:56:02 | 000,127,488 | ---- | M] () -- C:\PROGRA~2\Raptr\pyexpat.pyd
MOD - [2010/11/22 19:56:02 | 000,124,928 | ---- | M] () -- C:\PROGRA~2\Raptr\_elementtree.pyd
MOD - [2010/11/22 19:56:02 | 000,087,040 | ---- | M] () -- C:\PROGRA~2\Raptr\_ctypes.pyd
MOD - [2010/11/22 19:56:02 | 000,044,544 | ---- | M] () -- C:\PROGRA~2\Raptr\_sqlite3.pyd
MOD - [2010/11/22 19:56:02 | 000,043,008 | ---- | M] () -- C:\PROGRA~2\Raptr\_socket.pyd
MOD - [2010/11/22 19:56:02 | 000,010,240 | ---- | M] () -- C:\PROGRA~2\Raptr\select.pyd
MOD - [2010/11/22 19:56:02 | 000,009,216 | ---- | M] () -- C:\PROGRA~2\Raptr\winsound.pyd
MOD - [2010/11/12 21:33:11 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009/07/14 14:55:08 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Runtime.Remoting.resources.dll

========== Services (SafeList) ==========

SRV:*64bit:* - [2012/01/10 11:09:50 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV:*64bit:* - [2010/04/06 15:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:*64bit:* - [2009/07/13 22:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/07/30 19:47:45 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/07/26 19:46:24 | 000,563,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/07/14 23:53:14 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/28 14:02:04 | 002,470,736 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013/06/08 23:17:34 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/05/17 13:45:32 | 000,938,776 | ---- | M] (BitRaider, LLC) [On_Demand | Stopped] -- C:\ProgramData\BitRaider\BRSptSvc.exe -- (BRSptSvc)
SRV - [2013/05/16 11:37:50 | 001,826,592 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/05/12 15:43:32 | 000,413,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/05/11 07:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/05/09 05:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Arquivos de Programas\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/16 08:25:38 | 000,123,664 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Arquivos de Programas\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2012/11/29 10:50:25 | 003,463,080 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012/11/17 17:01:44 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2012/07/17 14:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011/12/16 11:30:40 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/12/16 11:30:38 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/12/16 10:02:56 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2011/12/08 15:38:24 | 000,607,456 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Arquivos de Programas\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2011/11/29 19:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/08/30 14:55:54 | 000,160,256 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010/01/09 20:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)
SRV - [2009/09/20 11:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2013/06/27 16:12:50 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:*64bit:* - [2013/06/27 16:12:50 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:*64bit:* - [2013/06/27 16:12:50 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:*64bit:* - [2013/05/13 15:36:06 | 000,050,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:*64bit:* - [2013/05/09 05:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:*64bit:* - [2013/05/09 05:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:*64bit:* - [2013/05/09 05:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:*64bit:* - [2013/05/09 05:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:*64bit:* - [2013/05/09 05:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:*64bit:* - [2013/03/17 23:50:22 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:*64bit:* - [2013/02/25 02:27:45 | 000,194,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:*64bit:* - [2013/01/31 06:50:58 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:*64bit:* - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:*64bit:* - [2012/11/17 16:40:46 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:*64bit:* - [2012/10/11 00:08:10 | 000,044,928 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:*64bit:* - [2012/08/23 11:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:*64bit:* - [2012/08/23 11:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:*64bit:* - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:*64bit:* - [2012/07/17 17:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:*64bit:* - [2012/03/01 03:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:*64bit:* - [2012/01/27 06:39:33 | 000,787,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:*64bit:* - [2012/01/27 06:39:33 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:*64bit:* - [2012/01/27 06:39:33 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:*64bit:* - [2012/01/10 11:09:44 | 002,184,816 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:*64bit:* - [2011/11/29 18:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:*64bit:* - [2011/11/02 09:48:26 | 000,021,616 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:*64bit:* - [2011/08/11 19:54:16 | 000,104,560 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:*64bit:* - [2011/03/11 03:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:*64bit:* - [2011/03/11 03:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:*64bit:* - [2010/11/20 10:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:*64bit:* - [2009/08/21 05:52:09 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:*64bit:* - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:*64bit:* - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:*64bit:* - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:*64bit:* - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:*64bit:* - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:*64bit:* - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:*64bit:* - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:*64bit:* - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:*64bit:* - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:*64bit:* - [2007/06/08 14:53:28 | 001,553,920 | ---- | M] (ZSMC.Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ZS211.sys -- (ZSMC211)
DRV - [2012/12/16 08:25:34 | 000,202,632 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Arquivos de Programas\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2012/11/17 12:12:57 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2012/11/17 12:12:51 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:*64bit:* - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\.DEFAULT\..\URLSearchHook: {D8278076-BC68-4484-9233-6E7F1628B56C} - SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}\InprocServer32 File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-18\..\URLSearchHook: {D8278076-BC68-4484-9233-6E7F1628B56C} - SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}\InprocServer32 File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-21-806275852-2541110638-1820081957-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-806275852-2541110638-1820081957-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
IE - HKU\S-1-5-21-806275852-2541110638-1820081957-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5E 9C E8 AE D6 C4 CD 01 [binary data]
IE - HKU\S-1-5-21-806275852-2541110638-1820081957-1000\..\URLSearchHook: {D8278076-BC68-4484-9233-6E7F1628B56C} - SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}\InprocServer32 File not found
IE - HKU\S-1-5-21-806275852-2541110638-1820081957-1000\..\SearchScopes,DefaultScope = {D3E75AD9-7013-4878-9E9E-D862CFC5AAB9}
IE - HKU\S-1-5-21-806275852-2541110638-1820081957-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-806275852-2541110638-1820081957-1000\..\SearchScopes\{3842C9C0-3CE9-4869-849C-EB15DC68EB8A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH
IE - HKU\S-1-5-21-806275852-2541110638-1820081957-1000\..\SearchScopes\{4AAC5A9A-0B66-4f41-83B6-465CAA7820A3}: "URL" = http://br.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
IE - HKU\S-1-5-21-806275852-2541110638-1820081957-1000\..\SearchScopes\{D3E75AD9-7013-4878-9E9E-D862CFC5AAB9}: "URL" = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms}
IE - HKU\S-1-5-21-806275852-2541110638-1820081957-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-806275852-2541110638-1820081957-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://google.com.br/"
FF - prefs.js..extensions.enabledAddons: %7BB17C1C5A-04B1-11DB-9804-B622A1EF5492%7D:1.2.1
FF - prefs.js..extensions.enabledAddons: firefox%40mega.co.nz:1.0.3
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.172
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1489
FF - prefs.js..extensions.enabledAddons: pt-BR%40dellalibera.sf.net:2.2-3.0
FF - prefs.js..extensions.enabledAddons: foxmarks%40kei.com:4.2.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0
FF - user.js - File not found

FF:*64bit:* - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Fellipe\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Fellipe\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Fellipe\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\thehappycloud.com/HappyCloudPlugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected].com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/05/19 21:18:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/05/14 10:50:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/06/16 18:40:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/07/03 21:25:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/07/03 21:25:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/06/16 18:40:46 | 000,000,000 | ---D | M]

[2012/11/17 16:07:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fellipe\AppData\Roaming\Mozilla\Extensions
[2013/08/04 14:59:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fellipe\AppData\Roaming\Mozilla\Firefox\Profiles\iyi735zd.default\extensions
[2013/05/22 12:59:50 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Fellipe\AppData\Roaming\Mozilla\Firefox\Profiles\iyi735zd.default\extensions\[email protected]
[2013/05/20 21:50:59 | 000,000,000 | ---D | M] (Verificador OrtogrÃ¡fico para PortuguÃªs do Brasil.) -- C:\Users\Fellipe\AppData\Roaming\Mozilla\Firefox\Profiles\iyi735zd.default\extensions\[email protected]
[2013/03/30 20:57:11 | 000,004,366 | ---- | M] () (No name found) -- C:\Users\Fellipe\AppData\Roaming\Mozilla\Firefox\Profiles\iyi735zd.default\extensions\[email protected]
[2013/06/08 10:50:52 | 000,447,083 | ---- | M] () (No name found) -- C:\Users\Fellipe\AppData\Roaming\Mozilla\Firefox\Profiles\iyi735zd.default\extensions\[email protected]
[2012/11/17 16:09:49 | 000,089,442 | ---- | M] () (No name found) -- C:\Users\Fellipe\AppData\Roaming\Mozilla\Firefox\Profiles\iyi735zd.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi
[2013/06/06 13:23:06 | 000,002,511 | ---- | M] () -- C:\Users\Fellipe\AppData\Roaming\Mozilla\Firefox\Profiles\iyi735zd.default\searchplugins\ask-search.xml
[2013/08/07 17:05:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013/08/07 17:05:56 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/05/14 10:50:32 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2013/05/19 21:18:20 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com.br/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Fellipe\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

O1 HOSTS File: ([2013/07/14 00:32:18 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:*64bit:* - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Arquivos de Programas\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:*64bit:* - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:*64bit:* - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de Programas\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:*64bit:* - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:*64bit:* - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Arquivos de Programas\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:*64bit:* - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de Programas\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 ) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de Programas\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:*64bit:* - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Arquivos de Programas\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de Programas\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:*64bit:* - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BigDogPath] C:\Windows\ZSSnp211.exe (ZSMCSNAP)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LGODDFU] C:\Program Files (x86)\lg_fwupdate\lgfw.exe (Bitleader)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-21-806275852-2541110638-1820081957-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKU\S-1-5-21-806275852-2541110638-1820081957-1000..\Run: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup File not found
O4 - HKU\S-1-5-21-806275852-2541110638-1820081957-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\system32\StikyNot.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\sdate: sdate = 33
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-806275852-2541110638-1820081957-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-806275852-2541110638-1820081957-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:*64bit:* - Extra context menu item: &Enviar para o OneNote - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:*64bit:* - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: &Enviar para o OneNote - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:*64bit:* - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:*64bit:* - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:*64bit:* - Extra Button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:*64bit:* - Extra 'Tools' menuitem : &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Fellipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Arquivos de Programas\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F2DCFA76-F61B-4805-9563-CEA5FEF18E39}: DhcpNameServer = 192.168.0.1
O18:*64bit:* - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de Programas\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\skype4com - No CLSID value found
O18:*64bit:* - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:*64bit:* - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:*64bit:* - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:*64bit:* - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/05/30 04:23:46 | 000,055,616 | R--- | M] () - F:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2013/05/30 04:20:48 | 000,000,049 | R--- | M] () - F:\Autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = ComFile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/05 18:17:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/08/04 15:18:06 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/08/04 15:17:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Fellipe\Desktop\OTL.exe
[2013/08/01 12:31:02 | 000,000,000 | ---D | C] -- C:\Users\Fellipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MAXIS
[2013/07/29 16:39:55 | 000,000,000 | ---D | C] -- C:\Users\Fellipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Raptr
[2013/07/29 16:39:53 | 000,000,000 | ---D | C] -- C:\Users\Fellipe\AppData\Roaming\library_dir
[2013/07/29 16:39:48 | 000,000,000 | ---D | C] -- C:\Users\Fellipe\AppData\Roaming\Raptr
[2013/07/29 16:39:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Raptr
[2013/07/24 00:14:16 | 000,000,000 | ---D | C] -- C:\Users\Fellipe\AppData\Local\Ubisoft Game Launcher
[2013/07/24 00:14:10 | 000,000,000 | ---D | C] -- C:\Users\Fellipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2013/07/24 00:14:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2013/07/20 14:37:11 | 000,000,000 | ---D | C] -- C:\Gotcha
[2013/07/19 20:30:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/07/17 19:08:25 | 000,000,000 | ---D | C] -- C:\Users\Fellipe\Documents\Reus
[2013/07/17 15:34:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher
[2013/07/14 10:51:45 | 000,000,000 | ---D | C] -- C:\Users\Fellipe\Desktop\ERROR
[2013/07/14 09:01:12 | 000,000,000 | ---D | C] -- C:\Users\Fellipe\Documents\Blocos de Anotações do OneNote
[2013/07/14 08:51:28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/07/14 02:56:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/07/13 23:34:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/07/13 23:34:34 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/07/13 01:51:46 | 000,524,288 | ---- | C] (ScreenTime Media) -- C:\Windows\SysWow64\home box office.scr
[2013/07/13 01:51:46 | 000,524,288 | ---- | C] (ScreenTime Media) -- C:\Windows\SysNative\home box office.scr
[2013/07/13 01:51:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Screentime
[2013/07/13 01:51:43 | 000,000,000 | ---D | C] -- C:\Users\Fellipe\AppData\Local\Screentime
[2013/07/13 01:32:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BOSS
[2013/07/13 01:32:45 | 000,000,000 | ---D | C] -- C:\BOSS

========== Files - Modified Within 30 Days ==========

[2013/08/11 19:13:08 | 000,056,397 | ---- | M] () -- C:\Users\Fellipe\Desktop\boleto.png
[2013/08/11 18:52:01 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-806275852-2541110638-1820081957-1000UA.job
[2013/08/11 18:50:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/11 18:50:00 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/11 18:47:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/11 17:57:58 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/11 17:57:58 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/11 17:51:05 | 000,000,368 | ---- | M] () -- C:\Windows\lgfwup.ini
[2013/08/11 17:49:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/11 17:49:20 | 4264,452,094 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/08 21:52:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-806275852-2541110638-1820081957-1000Core.job
[2013/08/05 21:44:31 | 000,000,000 | ---- | M] () -- C:\END
[2013/08/04 15:17:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Fellipe\Desktop\OTL.exe
[2013/08/01 18:03:10 | 000,001,774 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2013/07/28 16:47:01 | 001,666,654 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/28 16:47:01 | 000,716,414 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2013/07/28 16:47:01 | 000,664,244 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/28 16:47:01 | 000,152,666 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2013/07/28 16:47:01 | 000,126,270 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/24 18:49:19 | 000,145,828 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2013/07/17 01:23:24 | 000,000,132 | ---- | M] () -- C:\Users\Fellipe\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2013/07/14 23:53:14 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/07/14 23:53:14 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/07/14 00:32:18 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/07/13 01:51:46 | 000,524,288 | ---- | M] (ScreenTime Media) -- C:\Windows\SysWow64\home box office.scr
[2013/07/13 01:51:46 | 000,524,288 | ---- | M] (ScreenTime Media) -- C:\Windows\SysNative\home box office.scr

========== Files Created - No Company Name ==========

[2013/08/11 19:13:08 | 000,056,397 | ---- | C] () -- C:\Users\Fellipe\Desktop\boleto.png
[2013/08/04 15:34:02 | 000,000,000 | ---- | C] () -- C:\END
[2013/06/19 18:47:03 | 000,001,036 | RHS- | C] () -- C:\Users\Fellipe\ntuser.pol
[2013/06/16 21:20:18 | 000,000,132 | ---- | C] () -- C:\Users\Fellipe\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2013/06/16 18:38:08 | 000,210,862 | ---- | C] () -- C:\Windows\hpoins18.dat
[2013/06/16 18:38:08 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2013/06/08 23:17:35 | 000,291,128 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/06/08 23:17:34 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/06/01 17:48:45 | 000,001,774 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2013/04/12 21:51:39 | 000,000,530 | ---- | C] () -- C:\Windows\eReg.dat
[2013/04/10 17:31:32 | 000,145,828 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2013/03/31 01:51:16 | 000,000,931 | ---- | C] () -- C:\Users\Fellipe\systemlog
[2013/03/31 01:47:55 | 023,838,544 | ---- | C] () -- C:\Users\Fellipe\output.dat
[2013/03/18 19:34:24 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
[2013/02/27 23:07:42 | 001,988,096 | ---- | C] () -- C:\Windows\SysWow64\d3d10warp.dll
[2013/02/27 23:07:37 | 000,207,872 | ---- | C] () -- C:\Windows\SysWow64\WindowsCodecsExt.dll
[2013/01/23 19:05:18 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2013/01/23 02:42:03 | 000,000,095 | ---- | C] () -- C:\Users\Fellipe\AppData\Local\fusioncache.dat
[2013/01/19 01:15:56 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2012/11/17 17:06:52 | 000,000,135 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2012/11/17 17:02:40 | 000,077,824 | ---- | C] () -- C:\Windows\KMService.exe
[2012/11/17 17:02:40 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2012/11/17 15:01:31 | 001,626,418 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/11/17 14:36:26 | 000,000,368 | ---- | C] () -- C:\Windows\lgfwup.ini
[2012/11/17 14:14:39 | 000,049,152 | ---- | C] () -- C:\Windows\Domino.exe
[2012/11/17 12:12:57 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2012/11/17 12:04:09 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011/12/08 15:14:58 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2011/09/28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

========== ZeroAccess Check ==========

[2009/07/14 01:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 02:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 01:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 22:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 09:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 22:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 40 bytes -> C:\Users\Fellipe\Dados de aplicativos:NT

< End of report >

*Extras.txt*

OTL Extras logfile created on: 11/08/2013 19:39:34 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Fellipe\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

15,96 Gb Total Physical Memory | 12,27 Gb Available Physical Memory | 76,89% Memory free
31,92 Gb Paging File | 28,20 Gb Available in Paging File | 88,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862,92 Gb Total Space | 517,66 Gb Free Space | 27,79% Space Free | Partition Type: NTFS
Drive E: | 100,00 Mb Total Space | 69,99 Mb Free Space | 69,99% Space Free | Partition Type: NTFS
Drive F: | 4,37 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 1,88 Gb Total Space | 0,07 Gb Free Space | 3,49% Space Free | Partition Type: FAT32

Computer Name: FELLIPE-PC | User Name: Fellipe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-806275852-2541110638-1820081957-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{002CF0D5-0638-4761-A616-212BBCD42705}" = lport=56680 | protocol=17 | dir=in | name=pando media booster | 
"{104AE291-405C-4454-957A-43ED0E3BABA3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{6828AD11-CBCF-4E28-BF69-FD9E058337B5}" = lport=3389 | protocol=6 | dir=in | app=system | 
"{7DB815AB-86AA-4673-98EB-4D54D8E73388}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{8AE458CE-95C0-45F8-8991-2DE64E231D47}" = lport=56680 | protocol=6 | dir=in | name=pando media booster | 
"{93A6C7F1-E6D1-4D86-9FA6-C5ACC00D66B1}" = lport=56680 | protocol=17 | dir=in | name=pando media booster | 
"{9E6272FA-974C-46C2-8714-8DF26C25CEF2}" = lport=3389 | protocol=6 | dir=in | app=system | 
"{BB056E3E-9DEA-47DA-ACD5-55BF47B18AAB}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{CEE5D4E9-FFC4-45AE-A03C-1704D7744068}" = lport=56680 | protocol=6 | dir=in | name=pando media booster |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{010797B1-03B5-476E-BCF8-F56A44DD9B6B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic generations\sonicgenerations.exe | 
"{02B15991-B71E-4B95-B882-4D1A19B90061}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{03FC2D62-9BA4-454D-8EB1-C3ECE1A3DE5E}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{04DB2A23-4321-4C6C-A96F-AE2868915089}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic generations\sonicgenerations.exe | 
"{0589066A-BCD8-435F-A9D3-F7C0AB9809D7}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{05C31A3D-3CF1-41E6-A6DE-223827417FA0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jedi outcast\gamedata\jk2mp.exe | 
"{072BCD9E-9FC2-44E5-8E5D-D8AD045BA635}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\zoo tycoon 2\zt.exe | 
"{072FB997-DBAA-4202-8BB4-8B7C5668F667}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\super street fighter iv - arcade edition\ssfiv.exe | 
"{0814283D-B587-4D9F-ADB5-7E1A42023FB3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{09E0D22E-0BB1-43F5-9110-ABE2BF8784C9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{0A7E0F2F-269F-4DA6-89E0-E37193F750C6}" = dir=in | app=c:\users\fellipe\appdata\local\microsoft\skydrive\skydrive.exe | 
"{0AA6A27C-F618-47C7-A995-2EEEFCE2C846}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\launchpad.exe | 
"{0CB9EBAB-82F8-4037-8B02-7E1E9A7C69AD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\launch.bat | 
"{0D14F353-5E5B-4312-91FA-4848B801F1CE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto 2\gta2.exe | 
"{0D9ACF71-45AD-47AE-BAA5-3FDA637A0E7B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alan wakes american nightmare\alan_wakes_american_nightmare.exe | 
"{0EA99613-975B-4560-9992-456706F274B3}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{0F026DBF-DD1E-4520-88F4-7B4A08A71778}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{0F5CED63-E677-4B8B-92BF-8E086B6538C6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jedi outcast\gamedata\jk2sp.exe | 
"{0F9DA8B9-1F2F-4448-BCD9-91B047E80B5E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trialspc\datapack\trialsfmx.exe | 
"{1056F5CD-092E-439F-9CD2-AA9DAD7B77A4}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{105E6856-A6BF-46D6-BCBA-18F934A066AF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\a game of dwarves\a game of dwarves.exe | 
"{10E1EC93-B887-4AF6-9648-603215BC3794}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{111420A2-C831-49BF-B277-B8BE44599270}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{1131FCD3-FBF5-4FA0-946C-32DCD92CE798}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sniper elite v2\bin\sniperelitev2.exe | 
"{1244F392-BFF1-4AD9-992B-4A5395AF0104}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman sniper challenge\hmsc.exe | 
"{12EF008D-7456-421A-A453-FBD59963ECC5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{134C05E6-B75E-45BA-96D5-46A85653C45E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{1498F0AA-BD03-4B46-A29D-74322738D01F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\max payne 3\max payne 3\maxpayne3.exe | 
"{174E3D4C-8001-41D0-8E27-BB74F4A9F1ED}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trialspc\datapack\trialsfmx.exe | 
"{18633A88-915E-4820-BCD3-96F23DAB9290}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham city goty\runlauncher.bat | 
"{1911E6F2-7C33-4EB8-9D8F-F28673DF88DC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto san andreas\gta-sa.exe | 
"{19241229-AACD-46FA-A75B-8559D38FA92A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe | 
"{198121AE-6FAE-4FE5-B61B-C371193E5F8D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe | 
"{19E5F1F7-347A-481E-8B11-C30FFB0F6764}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{1A1F89B7-6086-4CF3-8568-1BC4B842BEAC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{1A3E4EF7-7551-4AD0-9F05-65C604C3563C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto 2\gta2.exe | 
"{1BA55E5C-ADB0-40D6-BB41-B972A410D70B}" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war forces of corruption\swfoc.exe | 
"{1F7C372B-57CB-4678-91DD-EA3A0DE350D9}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{202D26CA-78CB-448A-B99E-16EC8FB6DBB7}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{213460B3-5D86-4EEA-9AD9-75EAAF9CCAC4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life 2\hl2.exe | 
"{219B3E03-FB20-4040-B09B-C9F04EE0B2ED}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{21A99B7B-A66F-4C1A-A40A-CED923FF3FAE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{21D12065-EEA7-4111-930E-33DEAAEF4288}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\max payne 3\max payne 3\maxpayne3.exe | 
"{22DC4C02-A7C9-4922-8008-4020C170FBB3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe | 
"{23AE32F9-4CBD-42B9-935D-1079A1012235}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\launcher.exe | 
"{23FE8BA9-EB74-4E1E-A339-5C93FB6A8964}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online.exe | 
"{242241F7-0080-4970-82C6-38FFAFD40649}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\aceofspades\aos.exe | 
"{246B3E5D-7823-47E9-BA90-C8E1E4BA8796}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\scribblenauts\scribble.exe | 
"{25352407-4FCE-459D-8C8A-7D05DB284702}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe | 
"{270A922C-9465-4339-AD6A-D521CFE6A740}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | 
"{292A2A0E-CA08-44DE-940A-B88D19E403A2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | 
"{29891FC4-5116-44CF-995F-229BC6AD3097}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\max payne 3\max payne 3\maxpayne3.exe | 
"{29C95340-FEB1-4DB6-AC31-151DCF0226E7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{2B91DB9B-3C58-4C71-BD70-23A955F11E71}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jedi knight mysteries of the sith\jkm.exe | 
"{2C9341BC-2A34-4DE6-926C-EED83691EB2C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\koareckoning\reckoning.exe | 
"{2D259FE9-3435-4921-A2B7-8FA0276D744A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sniper elite v2\bin\sniperelitev2.exe | 
"{2E1A7765-800C-47E3-B515-EF12E201EE3A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\archeblade\binaries\win32\archeblade.exe | 
"{2E28A551-EC49-4175-AAE0-E33230F13D5A}" = protocol=58 | dir=out | [email protected],-503 | 
"{2ED81FB5-19D0-4A28-898D-53869337C8E3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe | 
"{3247A514-A570-4823-A0F2-8279F7E6FCFE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{34F84BA1-5BF6-445C-8A1C-E6DD41140292}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\aceofspades\aos.exe | 
"{3525D746-2516-4472-8382-3507A1FFCF17}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alan wake\alanwake.exe | 
"{359A9368-45E4-4BDA-8ABF-4B276344B37C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bulletstorm\binaries\win32\shippingpc-stormgame.exe | 
"{366014AD-260C-4E7C-BE05-F96A09B97D31}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe | 
"{3686E93B-5780-4A6C-9FF2-1F8780B7AA21}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto vice city\gta-vc.exe | 
"{39DA488B-423B-421D-9201-519A2C1061D8}" = protocol=6 | dir=in | app=c:\programdata\happycloud\cache\tera\client\binaries\tera.exe | 
"{39F2EC08-B675-4066-B198-D8B024C44B28}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\archeblade\binaries\win32\archeblade.exe | 
"{3A40110E-2EFF-40DF-B7D2-975332E5F353}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{3B1D4F65-0628-49C6-A861-6B1C06DF6D8B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{3C11B8E3-E9EF-4307-8199-FA4B10D5BF46}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe | 
"{3CAD05D2-83BD-4650-B7FF-845AB47B7994}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jedi academy\gamedata\jamp.exe | 
"{3CB6B8A9-D97D-4F29-8A0D-407C29FC17FC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{3FA05BAC-F01F-4691-AA9F-22CE25D6DB21}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"{405A72F1-A06A-4957-9086-014666F893ED}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | 
"{42287711-DE64-4C97-813C-4A491E0E859E}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{42F2A943-86A0-449B-BA28-F4563673A810}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life 2 deathmatch\hl2.exe | 
"{43438F02-4C5D-4486-BACD-9F02B6F45AB4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bittriprunner2\runner2.exe | 
"{435FC5DD-DDBC-4BA0-B1BC-ABFA1158AF4D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe | 
"{45741691-E8FE-438B-A853-7367D48DAF34}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alan wakes american nightmare\alan_wakes_american_nightmare.exe | 
"{45A3E3E0-432E-477E-800F-F4DE5D72B4A9}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe | 
"{46459220-FBE4-4FD0-B340-68B8142FAEBB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe | 
"{47D86782-BA46-42E0-BA9C-B36CBBE36C84}" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war\gamedata\sweaw.exe | 
"{48A653F4-475F-42BE-A4C6-285356955A36}" = protocol=6 | dir=in | app=c:\programdata\turbine\the lord of the rings online\turbinelauncher.exe | 
"{48C6ADA7-E75B-40F0-BAF5-01EA8AAB76A2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bit.trip runner\runner.exe | 
"{48CC6F97-9A44-42D3-A821-46FFCB6E3286}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life 2\hl2.exe | 
"{4BA41764-DA73-4C08-83A5-8E6B3D51AFBC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{4D9205B8-CEA7-4F2C-94D7-9AD38EFC71BD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic generations\configurationtool.exe | 
"{501748E9-1D3C-49B6-A6E2-9C35B13042CF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe | 
"{514CE269-0020-4197-A9E9-10D0C3DF2501}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{5170C99D-35B2-4B4B-A724-A70ADCDF4E68}" = protocol=17 | dir=in | app=c:\programdata\happycloud\cache\tera\client\binaries\tera.exe | 
"{5185B2B3-0736-4F5B-B3F4-F95DC8C22B78}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gotham city impostors f2p\engine.exe | 
"{52050C21-FA03-49AE-A6CA-3E37389208F3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe | 
"{52297A11-C5D2-49DE-A191-E0C2BA32B419}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{523AC18F-C666-41DE-ACC9-C7527C4831EC}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{534D7437-4E83-46DC-983E-D1F02552AFFF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe | 
"{53903B0E-8B00-47E1-986F-13654C74C72E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\zoo tycoon 2\zt.exe | 
"{53934CC9-362B-4784-967E-0465E2E9F51F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe | 
"{5400ADE7-D901-4C6D-A1DB-1F7131C80425}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman absolution\hma.exe | 
"{552C9325-41DC-4B0A-B888-664D45B2F621}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{557F5E58-03CA-436E-B8FA-E1BC5D7656F0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\reus\reus.exe | 
"{55EC5AE6-E540-4E2B-86F9-3C6F9EC07482}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | 
"{55F9F91A-C970-4D87-8DE5-99C40BD52BC1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sleepingdogs\hkship.exe | 
"{56601BF1-2393-47E9-B325-72762BBCB9F6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe | 
"{56657692-1F2A-4EFB-BB76-96EACC5B2253}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gotham city impostors f2p\engine.exe | 
"{5696E120-D4CE-4730-BF57-C0AE4D7DA8DB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jedi outcast\gamedata\jk2mp.exe | 
"{589702E6-26BB-4B0C-8FF2-9B481E2EC11B}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{597901B6-0BD2-470F-80AA-5AD2D427ED76}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{5BAA3D81-64C1-4CEB-99EB-74D4DC2A87DF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe | 
"{5F6CB187-E78F-4BBB-8962-EC891E8265C8}" = protocol=17 | dir=in | app=c:\programdata\turbine\the lord of the rings online\lotroclient.exe | 
"{5FC9EBE5-FB63-4DA9-863D-469A20E350D0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\showdown\binaries\showdown.exe | 
"{615CB9C6-1D39-41A4-AA23-ED27E3F9F765}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alan wake\alanwake.exe | 
"{62E02947-9FCE-4981-8E6C-3E692C35A836}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto\wino\grand theft auto.exe | 
"{67000018-5D86-44D8-A67C-CD3870358D69}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto san andreas\gta-sa.exe | 
"{67B6C673-665A-4B20-8426-A24214FA38F9}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe | 
"{6900EE73-7628-4070-8F09-27E1CC65B2E6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\max payne 3\max payne 3\maxpayne3.exe | 
"{69838E0B-251E-4CD6-A0A3-1625BAEB91BA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\aceofspades\aos.exe | 
"{69F49219-5F25-4E53-A2EB-9EAECB71D7DC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{6A29FF9C-09BA-4E59-AD2D-865F115B4452}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{6A7041EB-69D0-43E5-A187-5900282D2529}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the war z\warzlauncher.exe | 
"{6B27F093-9920-4F96-90DA-271D044C328E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gotham city impostors f2p\engine.exe | 
"{6CEB2C1C-0214-42DD-9BE7-3F46964E3D79}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{6D58DDCA-D956-4DFC-91DF-449565183BEF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{6DCD2FAC-41D9-4999-A9C6-47469405674A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{6E70CF6D-AE6F-4C4E-8C8D-6E6D2FCF6258}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe | 
"{70225B7E-FEB1-4E12-A364-F85DA4DB63A4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\marvel heroes\unrealengine3\binaries\win32\marvelgame.exe | 
"{71B8460F-624D-4370-9DE5-F1C76AFF6494}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham city goty\binaries\win32\batmanac.exe | 
"{7483888B-C16E-4F2C-A070-861B0A5693C4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | 
"{753D6C68-A936-46F4-A1C6-0039AAA72193}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{760F160E-07EC-4EF5-BD81-4B5C8BC007BD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{7616C5C7-5533-4AA5-A327-C66AC2B5E3AB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{76314D5F-B497-4354-BC3A-B7B11AE5946E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bittriprunner2\runner2.exe | 
"{778232A1-C0E1-4FA8-92AB-4A94A81B5B2C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{77A6EB48-BB51-46F4-B7CC-350F7862630E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\marvel heroes\unrealengine3\binaries\win32\marvelgame.exe | 
"{77B5F09A-63EB-411D-8F23-9A5E9E18D741}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\godmode\bin\godmode.exe | 
"{79E3AFFE-7EF9-4328-AA50-C1D8AA1ECC65}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gotham city impostors f2p\impostors.exe | 
"{7A3488FB-732D-4200-BF50-8BDE664CBE79}" = protocol=17 | dir=in | app=c:\programdata\happycloud\cache\tera\client\tl.exe | 
"{7C31CDF3-23D7-4880-B7AA-C04D1AB0AC57}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jedi knight mysteries of the sith\jkm.exe | 
"{7C9759B0-7E59-407D-9C77-7916CFEBB7B9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sniper elite v2\bin\sniperelitev2.exe | 
"{7CE374E8-F77C-4F79-87AD-13450AC85735}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe | 
"{7D3CD029-24B8-44B5-BDF5-51983C1E41D5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe | 
"{7E000A94-832E-4A4E-B5C4-A05F2CB442D0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe | 
"{7F32215D-5366-4B26-B3DF-7CB00FC8D53B}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{8061B1B7-50E7-448D-BB3A-D96204661107}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bit.trip runner\runner.exe | 
"{814BAA3F-ADAB-47BC-8B34-CBB8BD2DABD8}" = protocol=6 | dir=in | app=c:\programdata\happycloud\cache\tera\tera-launcher.exe | 
"{82E44909-8F3C-4C30-9BD3-FBD75CAC0A2F}" = protocol=17 | dir=in | app=c:\programdata\turbine\the lord of the rings online\turbinelauncher.exe | 
"{832A876B-D016-4417-95A0-1D1C9FF248FB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{83EB324B-71D3-4276-953D-CF813D399C4D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe | 
"{83F6CA22-255F-4392-80BD-7385DAABAA6F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe | 
"{84C6DB1D-B2B7-4E5D-9A5C-EA94F41045AA}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe | 
"{8568A65C-CF1F-41C6-B864-17D3F8A473B6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bulletstorm\binaries\win32\shippingpc-stormgame.exe | 
"{8861A5C2-27AC-446F-8F57-1164D06E9601}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\surgeon simulator 2013\ss2013.exe | 
"{88B9E5AA-50DD-43EE-9DAF-412131570FE2}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{89DD784A-35C4-4E7F-99BF-E246D4B68952}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | 
"{8A26801F-6B2B-420A-B41E-5F5816BBA2B8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{8CC413E1-ADBE-4FA5-B755-D264BA7F01ED}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{8DEC9B77-5B46-4BE7-B7A1-356EFF2EE21D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sniper elite v2\bin\sniperelitev2.exe | 
"{8F531B14-058F-4A10-A54D-DE781759AD9A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\koareckoning\reckoning.exe | 
"{9052CA08-D806-4A4B-8E81-7E94CFEF6A33}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the war z\warzlauncher.exe | 
"{917BF0D9-9086-4DE5-866F-EAC2A296395C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{91A22A2B-C563-425C-84BC-EB718D53808C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{92094F1C-A2A3-43A6-81C7-6A1C4CBE1C1E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gotham city impostors f2p\impostors.exe | 
"{933CAA4C-97BF-4734-9052-7E57B8A1449C}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{98EA8C9E-49DB-40A0-92AE-8CC2BA2E6B42}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\launcher.exe | 
"{9A647F53-CD8D-4A34-BAA7-8AA2E2CF992D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto 3\gta3.exe | 
"{9B586853-83F5-496E-8C79-3AAC477C4218}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\scribblenauts\scribble.exe | 
"{9B9A2C2D-E925-466B-A974-5CC837330600}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe | 
"{9C11D24D-013E-4C41-B764-7F8BFC0CA7AE}" = protocol=6 | dir=in | app=c:\games\mass effect\binaries\masseffect.exe | 
"{9C1FABFF-A75D-49DB-84E1-CADFBB232B10}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe | 
"{9D4BFFA1-130A-4940-A689-69675089F8FF}" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war forces of corruption\swfoc.exe | 
"{9EDF7203-FDC7-4870-827C-04866F5E1393}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{9F3CCC39-B9CA-4767-A961-2B2177D63945}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{A0922696-209F-4F6C-A4E1-01F0B9A7902A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto 3\gta3.exe | 
"{A2065451-954E-4A5F-AD45-9517AEC29906}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the walking dead\walkingdead101.exe | 
"{A2179AE8-B5E1-483C-BE4A-C83D986BFD05}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sleepingdogs\hkship.exe | 
"{A2717463-2D86-4DB6-8285-6F594B80FDE5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\a game of dwarves\a game of dwarves.exe | 
"{A39CB008-BA0E-4B9A-B826-3BB27B10B22D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | 
"{A3D7252E-781B-4DBE-956E-458FD3FE5ABA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | 
"{A4673A8F-544F-4A03-BEF0-5ED7CAA0DD3F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star wars jedi knight\jk.exe | 
"{A4DFA15D-58B4-4DEC-8B61-FFAD895520F0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{A574279A-BB24-44AA-BDF0-54AB5727000B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{A68A4F04-7A8B-4B1F-9071-00A8C6918108}" = protocol=17 | dir=in | app=c:\games\mass effect\masseffectlauncher.exe | 
"{A6EA1851-AAFC-44B7-96E0-0DA63B4D3051}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{A774B421-F056-4159-B301-BF1A4EFEAA41}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\aceofspades\aos.exe | 
"{AA4A1BE4-44FD-45F0-A56C-E208647B8ED7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{AC59CF6E-EC08-4792-B1DD-096A92B9EA94}" = dir=in | app=c:\program files (x86)\steam\steamapps\common\the war z\infestation.exe | 
"{AD2D15C2-EADB-47A9-9049-4606999617E1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe | 
"{AE6728CC-E98E-4AF1-A946-946B3597C0EA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{AE9EF2E1-9804-4BCF-BAEE-3B5B974587F7}" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war\gamedata\sweaw.exe | 
"{AF8C138A-AF26-497F-8803-85D11DE6455D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{B0497503-65A3-4731-93A2-24250B4D48FA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe | 
"{B06CAC2B-3E5F-42D5-B041-299BDC3E0111}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe | 
"{B1C5F58A-E4C2-4119-82A3-D1C89278AA4F}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{B31316A6-FDFB-459F-B9B8-940AA78367C5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe | 
"{B38196E4-F3D6-41B1-BA8F-091BCB52A419}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{B685AB11-F432-4CB9-8870-A63EA8C01E29}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | 
"{B776A2FC-63F9-40BE-A161-E8200BF84847}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{B9D6E89D-3712-4868-B24F-636A19756D61}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"{BA9F33D4-1AE2-42F9-8496-1C23E7D4350C}" = protocol=17 | dir=in | app=c:\programdata\happycloud\cache\tera\tera-launcher.exe | 
"{BAABCBE4-D5D8-42F2-99B8-BCC8DB45A9D3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe | 
"{BCEFEE22-00B9-4B64-ABD3-ED7D508968F2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alice madness returns\binaries\win32\alicemadnessreturns.exe | 
"{BD82C038-D8C0-4B43-867C-1EB347A38751}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{BE5C54E8-395E-40A7-8C82-3C8666E11B2D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life 2 deathmatch\hl2.exe | 
"{BEC81DA3-A37C-4CD1-AEE9-BF8F45C3FCDF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fable 3\fablelauncher.exe | 
"{C121B77D-05E9-47F0-A983-7E84FE0E73E4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\reus\reus.exe | 
"{C20AC48B-B719-4E51-B57C-43C2E1255230}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman absolution\hma.exe | 
"{C25C80A0-6F71-40F6-9FC1-822FA6A482A7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\surgeon simulator 2013\ss2013.exe | 
"{C2B340BD-D299-490C-88CB-221ADF0C4BE7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe | 
"{C593AE56-A1D6-498B-A5C7-FF01C94DF289}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\launcher.exe | 
"{C92535BE-FEE2-40F1-B236-E2C7848552DD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe | 
"{C93135A3-5889-4B7A-99CC-50D0652796F6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dark forces\dosbox\dosbox.exe | 
"{CA523844-AC78-49DB-8B9B-7550FE8AD1E4}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{CA672CED-2052-46E6-97DD-F8AB44DC29C1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jedi outcast\gamedata\jk2sp.exe | 
"{CA8CCFE6-742C-4EFD-81FC-9662A944DB01}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe | 
"{CADD0F10-8917-447A-ADF3-20B4C292F2F9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\launcher.exe | 
"{CB6F1801-FC83-442B-B01A-88D84803517C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe | 
"{CC9831F1-D89C-4172-9200-4FF68F39F74F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto san andreas\gta-sa.exe | 
"{CC9B773E-8CBC-404C-8529-3F9FAF800C5A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\showdown\binaries\showdown.exe | 
"{CE5A972C-088E-4259-AE35-A72526747511}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe | 
"{CF3ABC7F-EDF0-46D3-A18F-A7CC636E1892}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto vice city\gta-vc.exe | 
"{D0C9434A-1CAD-4E05-B0AC-DD64094681DC}" = protocol=6 | dir=in | app=c:\programdata\happycloud\cache\tera\client\tl.exe | 
"{D1198728-FF4F-476C-ADEA-BBBE34B58824}" = protocol=6 | dir=in | app=c:\games\mass effect\masseffectlauncher.exe | 
"{D4A1E071-9082-4D8E-93E5-3A5F668AD213}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{D692E921-A271-4EDA-B0F9-8E7929738599}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{D709042B-625B-4AD1-B182-90C579E7D3DE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\forsaken world\patcher.exe | 
"{D7F71511-0246-4958-B40A-B092BF65B8C9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jedi academy\gamedata\jasp.exe | 
"{D8491B30-C64D-408B-93BF-8A3029182290}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\launchpad.exe | 
"{D9E1F0D9-8511-4D29-B694-E36CE3C25826}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{DAC67723-C866-42BE-A9B0-D653B01CD98C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the walking dead\walkingdead101.exe | 
"{DAF7612D-39F7-4CD9-A1BE-FBC607067FDB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | 
"{DB99D5A5-7450-4373-9B37-68CF705C6D16}" = protocol=6 | dir=in | app=c:\programdata\turbine\the lord of the rings online\lotroclient.exe | 
"{DC17FF23-1C9C-4DF9-A2DE-F1F468AEDEA2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gotham city impostors f2p\engine.exe | 
"{DD5BC4D7-17FA-45EF-A379-209E2B2150D0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman sniper challenge\hmsc.exe | 
"{DDD8D1A4-0457-49DB-A6D0-0EEA1949E98C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jedi academy\gamedata\jasp.exe | 
"{DE33A9F1-08F5-431F-A6CD-37823CB400D1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe | 
"{E049C17B-1BCC-4318-87D3-160D4601AA29}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe | 
"{E08A52A0-B691-48FE-AC6D-E330D37D0102}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\forsaken world\patcher.exe | 
"{E0C5D931-D496-4BD7-8959-3A80F0330AE5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe | 
"{E101F5EE-881B-4996-81FA-AB9DCB5DDFDB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe | 
"{E20301F3-4729-4433-AD9F-65FD562731A7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe | 
"{E790EB93-7991-4CF6-89E5-802DF6EA38EB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{E82ADBA4-7676-4D10-BF0A-A6D8FE781F3C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star wars jedi knight\jk.exe | 
"{E8A4414B-E7AA-4F91-953D-CB98514EE60A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dark forces\dosbox\dosbox.exe | 
"{E8F3C1C2-E5F2-4DB4-81E2-9B8362DCBEAA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{E97F0973-8967-4601-90EB-1DFE42F22AD3}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{EB1DE2B9-839F-4F38-A804-7362C83E6B68}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alice madness returns\binaries\win32\alicemadnessreturns.exe | 
"{EC46E4CF-92F8-4655-8207-BB1BD18F9786}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham city goty\runlauncher.bat | 
"{EC4C5FCB-AC2F-4C7E-BBC5-0EA2ED4A046C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jedi academy\gamedata\jamp.exe | 
"{EF177765-9B55-4278-AA4D-F2B7F3B77554}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sonic generations\configurationtool.exe | 
"{EFEB3044-D102-497D-96D6-66C86C94A086}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{F0726401-F384-4921-8CAD-BA9C9A37F586}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{F07C566E-E03F-4E2D-952A-B706E130A7FB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{F1D5CCED-5862-4FD3-A040-6B6C8F040274}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\super street fighter iv - arcade edition\ssfiv.exe | 
"{F6D89051-9CCA-44F5-8EE5-8E6F55CBEC91}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fable 3\fablelauncher.exe | 
"{F81DD8E2-2D4F-4D50-A185-9CEC0B64AE5C}" = protocol=17 | dir=in | app=c:\games\mass effect\binaries\masseffect.exe | 
"{F82553CD-DE31-4A20-A732-1F34CDADE7EC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto san andreas\gta-sa.exe | 
"{F8DB520B-69B1-40FD-84C5-3C4367F83031}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham city goty\binaries\win32\batmanac.exe | 
"{F93E6C60-BAF0-444F-AEBA-2D18E3BC306A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\godmode\bin\godmode.exe | 
"{F9B8CBC3-93EF-4AD5-AECF-5C2CCE5E7550}" = protocol=58 | dir=in | app=system | 
"{FB74E2C4-30FF-4243-8461-3EE973453B58}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{FD640C77-8731-4D89-8330-4575036FFEFD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto\wino\grand theft auto.exe | 
"{FD7D098B-D1EE-4309-A328-B93350102627}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online.exe | 
"{FF27A492-84A8-4DBE-A6E6-F510BFE817FB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\launch.bat | 
"{FF563D85-3CE8-4B48-AC2F-97EFE9D6B83F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | 
"TCP Query User{49CE1684-BF49-4C5F-9039-3DF96ABCB37E}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe | 
"TCP Query User{4D79B2C7-F7A9-4C9F-AB59-BB7076CB3612}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 
"TCP Query User{58183C34-8053-43E2-BD4A-FBF641EFF0DE}C:\users\fellipe\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=6 | dir=in | app=c:\users\fellipe\appdata\roaming\gameranger\gameranger\gameranger.exe | 
"TCP Query User{72A2FFCC-56F0-49A7-95A6-0C05A4781092}C:\program files (x86)\lucasarts\star wars empire at war\gamedata\fpupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war\gamedata\fpupdate.exe | 
"TCP Query User{87471EBD-CACB-4BCA-A91F-A2342BAD91FD}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe | 
"TCP Query User{9CEA7595-B13A-44A4-B681-81F3B34772E9}C:\kaybo\gunz ultra\gunzrun.exe" = protocol=6 | dir=in | app=c:\kaybo\gunz ultra\gunzrun.exe | 
"TCP Query User{AC74BB11-B3E3-4AAA-80C7-A61171A22ABF}C:\program files (x86)\steam\steamapps\common\skyrim\creationkit.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\creationkit.exe | 
"TCP Query User{BCA21E91-1516-4865-9941-FC5902372D6C}C:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe | 
"TCP Query User{C9F998ED-9341-4238-991F-383C72AE8AE1}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | 
"TCP Query User{DDD5012A-87A4-431F-B0BF-1BFB66341291}C:\program files (x86)\secondlifeviewer\slvoice.exe" = protocol=6 | dir=in | app=c:\program files (x86)\secondlifeviewer\slvoice.exe | 
"TCP Query User{EA887471-21E4-4726-88E4-DBCDABA88B7B}C:\program files (x86)\steam\steamapps\common\grand theft auto san andreas\gta_sa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto san andreas\gta_sa.exe | 
"TCP Query User{EAB0E6D4-DE26-4124-96C2-65B507591A23}C:\program files (x86)\electronic arts\dead space\dead space.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\dead space\dead space.exe | 
"TCP Query User{F226544B-5C39-49DE-B5A4-08403D6CA619}C:\program files (x86)\firestorm-release\slvoice.exe" = protocol=6 | dir=in | app=c:\program files (x86)\firestorm-release\slvoice.exe | 
"TCP Query User{F78AEB4C-99E2-4D13-B659-9A917BB7F3EF}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"TCP Query User{FD9F3BF7-5373-4394-8C75-F1AEAA6BD5F3}C:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe | 
"UDP Query User{0A4D43E7-F627-460D-BA9E-E7839572B861}C:\program files (x86)\firestorm-release\slvoice.exe" = protocol=17 | dir=in | app=c:\program files (x86)\firestorm-release\slvoice.exe | 
"UDP Query User{1C6B1239-7B4C-460C-B4DF-93E8BFF025CB}C:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe | 
"UDP Query User{1EC20740-0540-447D-BBA5-FBC385CFDFC4}C:\program files (x86)\steam\steamapps\common\skyrim\creationkit.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\creationkit.exe | 
"UDP Query User{3DE2862F-4ED4-4B93-80E9-A1683154EC55}C:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe | 
"UDP Query User{48D33AB9-B5D6-4E92-A452-03FEB1E19F2A}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe | 
"UDP Query User{6E21ADB6-9E2E-47E0-BA5D-222402A4CB43}C:\program files (x86)\steam\steamapps\common\grand theft auto san andreas\gta_sa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto san andreas\gta_sa.exe | 
"UDP Query User{70161D64-EC13-4E24-A9C4-31FC9214E954}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | 
"UDP Query User{831383D1-7EC9-42F1-A842-58F0F0CA142A}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe | 
"UDP Query User{84A2B917-A550-4969-8611-BD6764EC10FA}C:\program files (x86)\secondlifeviewer\slvoice.exe" = protocol=17 | dir=in | app=c:\program files (x86)\secondlifeviewer\slvoice.exe | 
"UDP Query User{B635D7E4-2609-4810-AF4B-40571BFEA2E3}C:\kaybo\gunz ultra\gunzrun.exe" = protocol=17 | dir=in | app=c:\kaybo\gunz ultra\gunzrun.exe | 
"UDP Query User{C51E3C39-0138-455A-A39D-912BB0D6FB68}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 
"UDP Query User{CB426CFE-F185-4DA3-94C7-1EFC095A1B17}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"UDP Query User{EA4DD20F-FD69-43FC-99E4-050BB72CC24F}C:\program files (x86)\electronic arts\dead space\dead space.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\dead space\dead space.exe | 
"UDP Query User{F3C597C7-586A-4E2A-AB42-941C23AA6638}C:\users\fellipe\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=17 | dir=in | app=c:\users\fellipe\appdata\roaming\gameranger\gameranger\gameranger.exe | 
"UDP Query User{FFC8DB57-CD0B-4EB8-83E0-2C9F407E78B3}C:\program files (x86)\lucasarts\star wars empire at war\gamedata\fpupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war\gamedata\fpupdate.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{070C55FA-FB9D-46DD-B30B-4B520A83A66A}" = Microsoft Xbox 360 Accessories 1.2
"{17016DA1-F040-4032-BD36-34DD317BC9D5}" = HP Photosmart All-In-One Driver Software 13.0 Rel. A
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417025FF}" = Java 7 Update 25 (64-bit)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{314DDDC0-E935-11E0-8F9F-F04DA23A5C58}" = Vegas Pro 11.0 (64-bit)
"{33C19CDE-E935-11E0-A0DA-F04DA23A5C58}" = MSVCRT Redists
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6199B534-A1B6-46ED-873B-97B0ECF8F81E}" = Intel® Trusted Connect Service Client
"{6C8EEF0B-C4BE-35A7-BF08-7C3C667EB62A}" = Microsoft .NET Framework 4 Extended PTB Language Pack
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0416-1000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2010
"{90140000-0015-0416-1000-0000000FF1CE}_Office14.PROPLUS_{E7D06FCA-190E-41AC-BED3-CD41B0E383DC}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0416-1000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2010
"{90140000-0016-0416-1000-0000000FF1CE}_Office14.PROPLUS_{E7D06FCA-190E-41AC-BED3-CD41B0E383DC}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0416-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010
"{90140000-0018-0416-1000-0000000FF1CE}_Office14.PROPLUS_{E7D06FCA-190E-41AC-BED3-CD41B0E383DC}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0416-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010
"{90140000-0019-0416-1000-0000000FF1CE}_Office14.PROPLUS_{E7D06FCA-190E-41AC-BED3-CD41B0E383DC}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0416-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010
"{90140000-001A-0416-1000-0000000FF1CE}_Office14.PROPLUS_{E7D06FCA-190E-41AC-BED3-CD41B0E383DC}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0416-1000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2010
"{90140000-001B-0416-1000-0000000FF1CE}_Office14.PROPLUS_{E7D06FCA-190E-41AC-BED3-CD41B0E383DC}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0416-1000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2010
"{90140000-001F-0416-1000-0000000FF1CE}_Office14.PROPLUS_{5A876683-AEAB-45E2-BA33-A767B54DB7E2}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUS_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0416-1000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2010
"{90140000-002C-0416-1000-0000000FF1CE}_Office14.PROPLUS_{0FDF2566-665E-4F8A-B1AD-A0FE52B4224E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0416-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (Portuguese (Brazil)) 2010
"{90140000-0043-0416-1000-0000000FF1CE}_Office14.PROPLUS_{0C40F8A4-7695-48F7-8CAE-634D3882009B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0416-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010
"{90140000-0044-0416-1000-0000000FF1CE}_Office14.PROPLUS_{E7D06FCA-190E-41AC-BED3-CD41B0E383DC}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0416-1000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2010
"{90140000-006E-0416-1000-0000000FF1CE}_Office14.PROPLUS_{8F2AC896-0A49-4054-83BF-3B03E6FBE7CD}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0416-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010
"{90140000-00A1-0416-1000-0000000FF1CE}_Office14.PROPLUS_{E7D06FCA-190E-41AC-BED3-CD41B0E383DC}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0416-1000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2010
"{90140000-00BA-0416-1000-0000000FF1CE}_Office14.PROPLUS_{E7D06FCA-190E-41AC-BED3-CD41B0E383DC}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Driver do 3D Vision 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Painel de controle da NVIDIA 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Driver de gráficos 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Driver de controle do 3D Vision 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Software do sistema PhysX 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Atualizações da NVIDIA 4.11.9
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Driver de áudio HD 1.3.24.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B7693CDE-074B-301C-9584-FC4343696C8B}" = Microsoft .NET Framework 4 Client Profile PTB Language Pack
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{E3047FA0-2D6B-4BD6-8CD4-599955F1CE9D}" = Central de Mouse e Teclado da Microsoft
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"CCleaner" = CCleaner
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.21
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PTB Language Pack" = Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended PTB Language Pack" = Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Português (Brasil)
"Microsoft Mouse and Keyboard Center" = Central de Mouse e Teclado da Microsoft
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Shop for HP Supplies" = Shop for HP Supplies
"vsfilter64_is1" = DirectVobSub 2.41.6609 (64-bit)
"WinRAR archiver" = WinRAR 4.20 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{023FFB0A-C5DB-4930-B3E4-D48266C21738}" = The Hobbit(TM)
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08A25478-C5DD-4EA7-B168-3D687CA987FF}" = The Sims 3 Suíte de Luxo Coleção de Objetos
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09B0AFFD-9D1D-1C7F-7C4A-2ED9DB578730}" = RPG 2ic
"{0ACC2993-2058-4BE7-9A92-9DCDAA9B3412}" = LogMeIn Hamachi
"{0CC21836-A5D6-4641-B4AE-6FA01D021E41}" = The Sims Medieval Pirates and Nobles
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{117B6BF6-82C3-420C-B284-9247C8568E53}" = The Sims 3 Vida ao Ar Livre Coleção de Objetos
"{14C87AA7-08E6-419F-A165-998EBE5023D7}" = Oblivion - Knights of the Nine
"{16D919E6-F019-4E15-BFBE-4A85EF19DA57}" = Oblivion - Spell Tomes
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1AE3E621-E0C0-4aa1-B10B-B3E353A8D110}" = c3100_Help
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}" = The Sims 3 Diesel Coleção de Objetos
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{219ED5A0-9CBF-4F3A-B927-37C9E5C5F14F}_is1" = Fallout New Vegas
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer Red Alert 3
"{2A7EF808-14F3-4E93-BE3A-1675EE5332A4}" = AIO_CDA_ProductContext
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2F2E3D62-8B8C-448F-8900-451325E50948}" = Oblivion - Wizard's Tower
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{354038F6-0A35-4C55-A80B-F86C4C1A6D38}" = C3100
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3ABEBD00-299D-4DCA-967F-B912163AB5EA}" = Oblivion - Horse Armor Pack
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3BBFD444-5FAB-49F6-98B1-A1954E831399}" = The Sims 3 Showtime
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3DE92282-CB49-434F-81BF-94E5B380E889}" = The Sims 3 Estações
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.1102.1
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{44D02D8B-FFB3-4245-8D26-68D10B4C4023}" = USB PC Camera(ZS0211)
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims 3 Caindo na Noite
"{456A5815-604D-4D72-94DF-346D2B978A59}_is1" = GOG.com Downloader version 3.5.2
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B12.0309.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4D594333-0076-A76A-76A7-A758B70B0A00}" = Ask Toolbar
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype 6.3
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}" = Oblivion - Vile Lair
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57520FA0-A73E-4165-BCA2-D71000038301}" = Batman: Arkham City
"{5BA9357B-E876-4FB2-8F1B-C7E63AC90E6F}" = Skyrim NPC Editor
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Suporte para Aplicativos Apple
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{63CEA2E4-4FE7-4F2C-B388-C1313D24157C}" = SPORE Aventuras Galácticas
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65761BAE-11E8-48FE-B30F-1F01011AB906}" = Ferramenta Criar um Mundo The Sims 3 Beta
"{6592FDEC-2C1A-413A-9985-25FEC2F0848D}" = Star Wars Empire at War Forces of Corruption
"{671DC096-9262-4943-A3D8-ED8A757B60D5}_is1" = ID3 Tag Editor 1.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{69D48C91-CCC2-4305-89DE-D1F8122EDBF4}" = Photo Common
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims 3 Vida em Alto Estilo Coleção de Objetos
"{7204BDEE-1A48-4D95-A964-44A9250B439E}" = Facebook Messenger 2.1.4814.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B11296A-F894-449C-8DF6-6AAAA7D4D118}" = The Sims 3 Vida Urbana Coleção de Objetos
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = The Sims Medieval
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims 3 Ambições
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99AA6730-54CD-4B9E-B05B-0A5196743923}" = Windows Live UX Platform Language Pack
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2506E3-9A3F-45B5-96BF-509CAD584650}" = The Sims 3 Katy Perry Mundo Doce
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9B4E6CB9-E54D-47F7-A414-E2D5740E1046}" = Nero 7 Essentials
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A724605D-B399-4304-B8C7-33B3EF7D4677}" = Bully Scholarship Edition
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
"{A7AEE29F-839E-46B5-B347-6D430618129F}" = AIO_CDA_Software
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1046-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Português
"{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}" = The Sims 3 Sobrenatural
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims 3 Volta ao Mundo
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims 3
"{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}" = SPORE Coleção de Partes Medonhas & Fofinhas
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = The Sims 3 Pets
"{C32D87E1-6310-4CD5-8D6D-865AFE0E9B4E}" = Movie Maker
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{D9D4D271-609F-440D-A9EC-A66B0815CFE2}" = Windows Live Essentials
"{DB21639E-FE55-432C-BCA2-0C5249E3F79E}" = The Sims 3 Ilha Paradisíaca
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1868CAE-E3B9-4099-8C18-AA8944D336FD}" = The Sims 3 Anos 70, 80, e 90 Coleção de Objetos
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5F05232-96B6-4552-A480-785A60A94B21}" = System Requirements Lab CYRI
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = The Sims 3 Gerações
"{EB4C3686-A52C-4F40-9D53-F8571CC5FD5D}_is1" = RRPG Firecast
"{EC425CFC-EE78-4A91-AA25-3BFA65B75364}" = Oblivion - Orrery
"{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = The Sims 3 Acelerando Coleção de Objetos
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EF295F5C-7B57-47AA-8889-6B3E8E214E89}" = Oblivion - Mehrunes Razor
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F2527115-B8BF-4FDB-B5DA-5AADFB7C13E1}" = The Sims Coleção Completa
"{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}" = The Sims 3 Vida Universitária
"{F5248B7E-779A-4FA4-8134-D1933D8680FA}" = Galeria de Fotos
"{F568B133-170C-4818-B06A-712C6D91B9F7}" = Zoo Tycoon 2 - Dino Danger Pack
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FFFFFD17-B460-41EB-93F1-C48ABAD63828}" = Oblivion - Thieves Den
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"aTube Catcher" = aTube Catcher
"avast" = avast! Free Antivirus
"BitRaider Web Client" = BitRaider Web Client
"BOSS" = BOSS
"CDisplay_is1" = CDisplay 1.8
"Cheat Engine 6.3_is1" = Cheat Engine 6.3
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.rpgonline.rpg2ic" = RPG 2ic
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = Instalação do DivX
"Electric Sheep" = Electric Sheep 2.7b34
"Fallout New Vegas_is1" = Fallout New Vegas
"Firestorm-Release" = Firestorm-Release (remove only)
"FreeStar YouTube MP3 Converter" = FreeStar YouTube MP3 Converter 2.0.8
"Generic Mod Manager_is1" = Fallout Mod Manager 0.13.21
"Google Chrome" = Google Chrome
"home box office" = home box office Screen Saver
"InstallShield_{023FFB0A-C5DB-4930-B3E4-D48266C21738}" = The Hobbit(TM)
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Gerenciador de dispositivo de plataforma
"InstallShield_{F568B133-170C-4818-B06A-712C6D91B9F7}" = Zoo Tycoon 2 - Dino Danger Pack
"LogMeIn Hamachi" = LogMeIn Hamachi
"ManyCam" = ManyCam 3.1.57
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 23.0 (x86 pt-BR)" = Mozilla Firefox 23.0 (x86 pt-BR)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MTA:SA 1.3" = MTA:SA v1.3.2
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Origin" = Origin
"pcsx2-r5350" = PCSX2 - Playstation 2 Emulator
"Raptr" = Raptr
"Rockstar Games Social Club" = Rockstar Games Social Club
"Roller Coaster Tycoon 3 Platinum - CarlesNeo !" = Roller Coaster Tycoon 3 Platinum - CarlesNeo !
"s3pe" = s3pe - Sims3 Package Editor
"SecondLifeViewer" = SecondLifeViewer (remove only)
"Steam App 102500" = Kingdoms of Amalur: Reckoning
"Steam App 105400" = Fable III
"Steam App 105600" = Terraria
"Steam App 108710" = Alan Wake
"Steam App 12100" = Grand Theft Auto III
"Steam App 12110" = Grand Theft Auto: Vice City
"Steam App 12120" = Grand Theft Auto: San Andreas
"Steam App 12170" = Grand Theft Auto
"Steam App 12180" = Grand Theft Auto 2
"Steam App 12210" = Grand Theft Auto IV
"Steam App 12220" = Grand Theft Auto: Episodes from Liberty City
"Steam App 19680" = Alice: Madness Returns
"Steam App 200260" = Batman: Arkham City GOTY
"Steam App 200370" = A Game of Dwarves
"Steam App 201790" = Orcs Must Die! 2
"Steam App 202170" = Sleeping Dogs
"Steam App 202480" = Creation Kit
"Steam App 202750" = Alan Wake's American Nightmare
"Steam App 203140" = Hitman: Absolution
"Steam App 204080" = The Showdown Effect
"Steam App 204100" = Max Payne 3
"Steam App 205100" = Dishonored
"Steam App 205930" = Hitman: Sniper Challenge
"Steam App 206210" = Gotham City Impostors: Free To Play
"Steam App 207230" = Archeblade
"Steam App 207610" = The Walking Dead
"Steam App 20920" = The Witcher 2: Assassins of Kings Enhanced Edition
"Steam App 20930" = The Witcher 2: Bonus Content
"Steam App 218060" = BIT.TRIP Presents... Runner2: Future Legend of Rhythm Alien
"Steam App 218680" = Scribblenauts Unlimited
"Steam App 219640" = Chivalry: Medieval Warfare
"Steam App 219740" = Don't Starve
"Steam App 220" = Half-Life 2
"Steam App 220160" = Trials Evolution Gold Edition
"Steam App 222730" = Reus
"Steam App 22380" = Fallout: New Vegas
"Steam App 224540" = Ace of Spades
"Steam App 226320" = Marvel Heroes
"Steam App 226700" = The War Z
"Steam App 227480" = God Mode
"Steam App 230410" = Warframe
"Steam App 233720" = Surgeon Simulator 2013
"Steam App 24200" = DC Universe Online
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 32380" = Star Wars Jedi Knight: Dark Forces II
"Steam App 32390" = Star Wars - Jedi Knight: Mysteries of the Sith
"Steam App 32400" = Star Wars: Dark Forces
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 3590" = Plants vs. Zombies: Game of the Year
"Steam App 36620" = Forsaken World 
"Steam App 400" = Portal
"Steam App 4000" = Garry's Mod
"Steam App 42910" = Magicka
"Steam App 440" = Team Fortress 2
"Steam App 45760" = Super Street Fighter IV: Arcade Edition
"Steam App 500" = Left 4 Dead
"Steam App 550" = Left 4 Dead 2
"Steam App 570" = Dota 2
"Steam App 6020" = Star Wars Jedi Knight: Jedi Academy
"Steam App 6030" = Star Wars - Jedi Knight II: Jedi Outcast
"Steam App 63380" = Sniper Elite V2
"Steam App 63710" = BIT.TRIP RUNNER
"Steam App 65800" = Dungeon Defenders
"Steam App 71340" = Sonic Generations
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 730" = Counter-Strike: Global Offensive
"Steam App 8190" = Just Cause 2
"Steam App 8930" = Sid Meier's Civilization V
"Steam App 9900" = Star Trek Online
"Steam App 99810" = Bulletstorm
"Steam App 99900" = Spiral Knights
"TeamViewer 8" = TeamViewer 8
"Torchlight_is1" = Torchlight
"Uplay" = Uplay
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.7
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"Worms Ultimate Mayhem_is1" = Worms Ultimate Mayhem

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-806275852-2541110638-1820081957-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GameRanger" = GameRanger
"Gunz Ultra" = Gunz Ultra
"HappyCloud" = Happy Cloud Client
"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software
"InstallShield_{A724605D-B399-4304-B8C7-33B3EF7D4677}" = Bully Scholarship Edition
"lotro_highres_en" = The Lord of the Rings Online
"SkyDriveSetup.exe" = Microsoft SkyDrive
"teraenmasse" = TERA
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.

< End of report >

*Thanks.*


----------



## wannabeageek (Nov 12, 2009)

Hi LukeLennon,

For some reason these entries did not delete during the last OTL fix. Please run this again.

*Run OTL Fix*
*We need to run an OTL Fix*


Right-click *OTL.exe* and select * " Run as administrator " *to run it.
*Copy* and *Paste* the following code into the







textbox. Do not include the word *Code*

```
:commands
[createrestorepoint]

:Files
C:\Users\Fellipe\AppData\Roaming\Mozilla\Firefox\Profiles\iyi735zd.default\ extensions\[email protected]
C:\Users\Fellipe\AppData\Roaming\Mozilla\Firefox\Profiles\iyi735zd.default\ searchplugins\ask-search.xml
@C:\Users\Fellipe\Dados de aplicativos:NT

:commands
[EMPTYTEMP]
```

 Click under the *Custom Scan/Fixes* box and paste the copied text.
 Click the *Run Fix* button. If prompted... click *OK*.
 When the scan completes, Notepad will open with the scan results. The report is saved in this location: C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
Please post the contents of report in your next reply.

C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.


----------



## LukeLennon (Jul 14, 2013)

Ok, I did it.
*Here is the log:*

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
File\Folder C:\Users\Fellipe\AppData\Roaming\Mozilla\Firefox\Profiles\iyi735zd.default\ extensions\[email protected] not found.
File\Folder C:\Users\Fellipe\AppData\Roaming\Mozilla\Firefox\Profiles\iyi735zd.default\ searchplugins\ask-search.xml not found.
Unable to delete ADS C:\Users\Fellipe\Dados de aplicativos:NT .
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Beaup
->Temp folder emptied: 3349 bytes
->Temporary Internet Files folder emptied: 128 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Fellipe
->Temp folder emptied: 17749951 bytes
->Temporary Internet Files folder emptied: 3921437 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 378974922 bytes
->Google Chrome cache emptied: 6893689 bytes
->Flash cache emptied: 4240 bytes

User: hedev
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Sara
->Temp folder emptied: 68596 bytes
->Temporary Internet Files folder emptied: 128 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 70421919 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 492 bytes

User: Todos os Usuários

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Usuário Padrão
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 139166 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 456,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 08122013_185342

Files\Folders moved on Reboot...
C:\Users\Fellipe\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Fellipe\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

*Thank you very much. Seriously.*


----------



## wannabeageek (Nov 12, 2009)

Hi lukelennon,

I need you to run ComboFix again. Please follow the instructions below:

* Download and Run ComboFix*


Please download *ComboFix* from one of the following links.
*Link 1.*
*Link 2.*
***IMPORTANT !!! Save ComboFix.exe to your Desktop***
Please *disable* any *Antivirus* and *Firewall* you have active, as shown in *this topic*. Please *close all* open application windows.
Double click on *ComboFix.exe* and follow the prompts.
When finished, it shall produce a log for you. Please include the contents of *C:\ComboFix.txt* in your next reply

*A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use!
ComboFix SHOULD NOT be used unless requested by a forum helper.*


----------



## LukeLennon (Jul 14, 2013)

*Here it goes:*

ComboFix 13-08-14.02 - Fellipe 14/08/2013 13:37:21.2.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.16343.13905 [GMT -3:00]
Executando de: c:\users\Fellipe\Desktop\Gotcha.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2013-07-14 to 2013-08-14 ))))))))))))))))))))))))))))
.
.
2013-08-14 17:29 . 2013-08-14 17:29 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-08-14 17:29 . 2013-08-14 17:29 -------- d-----w- c:\users\Sara\AppData\Local\temp
2013-08-14 17:29 . 2013-08-14 17:29 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-08-14 17:29 . 2013-08-14 17:29 -------- d-----w- c:\users\hedev\AppData\Local\temp
2013-08-14 17:29 . 2013-08-14 17:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-14 17:29 . 2013-08-14 17:29 -------- d-----w- c:\users\Beaup\AppData\Local\temp
2013-08-13 21:53 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F51FFF9A-E06E-49D6-BC6F-5A868E0973E6}\mpengine.dll
2013-08-12 18:26 . 2013-08-12 18:28 -------- d-----w- c:\users\Fellipe\minecraft
2013-08-07 20:05 . 2013-07-30 22:48 262552 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-08-05 21:17 . 2013-08-05 21:17 -------- d-----w- C:\_OTL
2013-08-04 18:18 . 2013-08-04 18:18 -------- d-----w- c:\windows\ERUNT
2013-07-29 19:39 . 2013-07-29 19:39 -------- d-----w- c:\users\Fellipe\AppData\Roaming\library_dir
2013-07-29 19:39 . 2013-08-14 16:00 -------- d-----w- c:\users\Fellipe\AppData\Roaming\Raptr
2013-07-29 19:39 . 2013-07-29 19:39 -------- d-----w- c:\program files (x86)\Raptr
2013-07-24 03:14 . 2013-07-24 03:25 -------- d-----w- c:\users\Fellipe\AppData\Local\Ubisoft Game Launcher
2013-07-24 03:14 . 2013-07-24 03:14 -------- d-----w- c:\program files (x86)\Ubisoft
2013-07-20 17:37 . 2013-07-20 18:28 -------- d-----w- C:\Gotcha
2013-07-19 23:30 . 2013-07-20 18:28 -------- d-----w- c:\program files (x86)\ESET
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-15 02:53 . 2012-11-17 17:52 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-15 02:53 . 2012-11-17 17:52 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-13 04:51 . 2013-07-13 04:51 524288 ----a-w- c:\windows\system32\home box office.scr
2013-07-13 04:51 . 2013-07-13 04:51 524288 ------w- c:\windows\SysWow64\home box office.scr
2013-07-09 01:18 . 2013-06-09 02:18 291128 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-07-09 01:18 . 2013-06-09 02:17 291128 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-07-04 18:58 . 2013-07-04 18:58 312232 ----a-w- c:\windows\system32\javaws.exe
2013-07-04 18:58 . 2013-07-04 18:58 189352 ----a-w- c:\windows\system32\javaw.exe
2013-07-04 18:58 . 2013-07-04 18:58 188840 ----a-w- c:\windows\system32\java.exe
2013-07-04 18:58 . 2013-07-04 18:58 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-07-04 18:58 . 2013-06-02 20:37 972712 ----a-w- c:\windows\system32\deployJava1.dll
2013-07-04 18:58 . 2013-06-02 20:37 1093032 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-27 19:12 . 2013-03-06 02:11 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-27 19:12 . 2012-11-17 19:30 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-06-27 19:12 . 2012-11-17 19:29 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-24 03:57 . 2012-11-17 17:48 78277128 ----a-w- c:\windows\system32\MRT.exe
2013-06-23 16:21 . 2013-06-23 16:21 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-23 16:21 . 2012-11-17 19:25 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-23 16:21 . 2012-11-17 19:25 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-19 23:20 . 2013-06-19 23:20 51496 ----a-w- c:\windows\system32\drivers\stflt.sys
2013-06-19 17:37 . 2013-06-19 17:37 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-06-19 17:37 . 2013-06-19 17:37 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-06-19 17:37 . 2013-06-19 17:37 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-06-19 17:37 . 2013-06-19 17:37 81408 ----a-w- c:\windows\system32\icardie.dll
2013-06-19 17:37 . 2013-06-19 17:37 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-06-19 17:37 . 2013-06-19 17:37 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-06-19 17:37 . 2013-06-19 17:37 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-06-19 17:37 . 2013-06-19 17:37 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-06-19 17:37 . 2013-06-19 17:37 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-06-19 17:37 . 2013-06-19 17:37 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-06-19 17:37 . 2013-06-19 17:37 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-06-19 17:37 . 2013-06-19 17:37 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-06-19 17:37 . 2013-06-19 17:37 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-06-19 17:37 . 2013-06-19 17:37 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-06-19 17:37 . 2013-06-19 17:37 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-06-19 17:37 . 2013-06-19 17:37 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-06-19 17:37 . 2013-06-19 17:37 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-06-19 17:37 . 2013-06-19 17:37 441856 ----a-w- c:\windows\system32\html.iec
2013-06-19 17:37 . 2013-06-19 17:37 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-06-19 17:37 . 2013-06-19 17:37  361984 ----a-w- c:\windows\SysWow64\html.iec
2013-06-19 17:37 . 2013-06-19 17:37 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-06-19 17:37 . 2013-06-19 17:37 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-19 17:37 . 2013-06-19 17:37 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-06-19 17:37 . 2013-06-19 17:37 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-06-19 17:37 . 2013-06-19 17:37 235008 ----a-w- c:\windows\system32\url.dll
2013-06-19 17:37 . 2013-06-19 17:37 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-06-19 17:37 . 2013-06-19 17:37 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-06-19 17:37 . 2013-06-19 17:37 216064 ----a-w- c:\windows\system32\msls31.dll
2013-06-19 17:37 . 2013-06-19 17:37 197120 ----a-w- c:\windows\system32\msrating.dll
2013-06-19 17:37 . 2013-06-19 17:37 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-06-19 17:37 . 2013-06-19 17:37 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-06-19 17:37 . 2013-06-19 17:37 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-06-19 17:37 . 2013-06-19 17:37 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-06-19 17:37 . 2013-06-19 17:37 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-06-19 17:37 . 2013-06-19 17:37 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-06-19 17:37 . 2013-06-19 17:37 149504 ----a-w- c:\windows\system32\occache.dll
2013-06-19 17:37 . 2013-06-19 17:37 144896 ----a-w- c:\windows\system32\wextract.exe
2013-06-19 17:37 . 2013-06-19 17:37 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-06-19 17:37 . 2013-06-19 17:37 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-06-19 17:37 . 2013-06-19 17:37 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-06-19 17:37 . 2013-06-19 17:37 13824 ----a-w- c:\windows\system32\mshta.exe
2013-06-19 17:37 . 2013-06-19 17:37 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-06-19 17:37 . 2013-06-19 17:37 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-06-19 17:37 . 2013-06-19 17:37 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-06-19 17:37 . 2013-06-19 17:37 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-06-19 17:37 . 2013-06-19 17:37 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-06-19 17:37 . 2013-06-19 17:37 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-06-19 17:37 . 2013-06-19 17:37 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-19 17:37 . 2013-06-19 17:37 102912 ----a-w- c:\windows\system32\inseng.dll
2013-06-11 23:43 . 2013-07-10 12:31 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-06-11 23:43 . 2013-07-10 12:31 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-06-11 23:42 . 2013-07-10 12:31 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-06-11 23:42 . 2013-07-10 12:31 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-06-11 23:26 . 2013-07-10 12:31 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-06-11 23:26 . 2013-07-10 12:31 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-06-11 23:26 . 2013-07-10 12:31 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-06-11 23:25 . 2013-07-10 12:31 19238912 ----a-w- c:\windows\system32\mshtml.dll
2013-06-11 23:25 . 2013-07-10 12:31 603136 ----a-w- c:\windows\system32\msfeeds.dll
2013-06-11 23:25 . 2013-07-10 12:31 855552 ----a-w- c:\windows\system32\jscript.dll
2013-06-11 23:25 . 2013-07-10 12:31 3958784 ----a-w- c:\windows\system32\jscript9.dll
2013-06-11 23:25 . 2013-07-10 12:31 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-06-11 23:25 . 2013-07-10 12:31 67072 ----a-w- c:\windows\system32\iesetup.dll
2013-06-11 23:25 . 2013-07-10 12:31 526336 ----a-w- c:\windows\system32\ieui.dll
2013-06-11 23:25 . 2013-07-10 12:31 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-06-11 23:25 . 2013-07-10 12:31 136704 ----a-w- c:\windows\system32\iesysprep.dll
2013-06-11 23:25 . 2013-07-10 12:31 2648576 ----a-w- c:\windows\system32\iertutil.dll
2013-06-11 23:25 . 2013-07-10 12:31 15404032 ----a-w- c:\windows\system32\ieframe.dll
2013-06-11 22:51 . 2013-07-10 12:31 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50 . 2013-07-10 12:31 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-06-09 02:18 . 2013-06-09 02:17 291128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-06-09 02:17 . 2013-06-09 02:17 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-06-07 03:22 . 2013-07-10 12:31 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-07 02:37 . 2013-07-10 12:31 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-06-05 03:34 . 2013-07-10 12:23 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 06:00 . 2013-07-10 12:23 624128 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-10 12:23 509440 ----a-w- c:\windows\SysWow64\qedit.dll
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-27 23:07 220632 ----a-w- c:\users\Fellipe\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-27 23:07 220632 ----a-w- c:\users\Fellipe\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-27 23:07 220632 ----a-w- c:\users\Fellipe\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
"Raptr"="c:\progra~2\Raptr\raptrstub.exe" [2013-07-18 55360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"BigDogPath"="c:\windows\ZSSnp211.exe" [2007-04-06 57344]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-04-15 450560]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-01-12 5028464]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]
"LGODDFU"="c:\program files (x86)\lg_fwupdate\lgfw.exe" [2012-11-17 27760]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-27 291608]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"RemoteControl"="c:\program files (x86)\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 APNMCP;Serviço de atualização Ask;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 gupdate;Serviço do Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 BRDriver64;BRDriver64;c:\programdata\bitraider\BRDriver64.sys;c:\programdata\bitraider\BRDriver64.sys [x]
R3 BRSptSvc;BitRaider Mini-Support Service;c:\programdata\BitRaider\BRSptSvc.exe;c:\programdata\BitRaider\BRSptSvc.exe [x]
R3 FairplayKD;FairplayKD;c:\programdata\MTA San Andreas All\Common\temp\FairplayKD.sys;c:\programdata\MTA San Andreas All\Common\temp\FairplayKD.sys [x]
R3 gupdatem;Serviço do Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]
R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 iusb3hcs;Driver de comutação do controlador host Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S3 iusb3hub;Driver para hub Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Driver de controlador host eXtensível Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv_x64.sys [x]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-31 20:50 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2013-08-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-17 02:53]
.
2013-08-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-806275852-2541110638-1820081957-1000Core.job
- c:\users\Fellipe\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-21 00:47]
.
2013-08-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-806275852-2541110638-1820081957-1000UA.job
- c:\users\Fellipe\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-21 00:47]
.
2013-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-05 16:25]
.
2013-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-05 16:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-27 23:07 244696 ----a-w- c:\users\Fellipe\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-27 23:07 244696 ----a-w- c:\users\Fellipe\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-27 23:07 244696 ----a-w- c:\users\Fellipe\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000]
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Enviar para o OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Fellipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\users\Fellipe\AppData\Roaming\Mozilla\Firefox\Profiles\iyi735zd.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.com.br/
FF - ExtSQL: 2013-06-16 18:40; [email protected]; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - ExtSQL: !HIDDEN! 2013-06-16 18:40; [email protected]; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORFÃOS REMOVIDOS - - - -
.
URLSearchHooks-{D8278076-BC68-4484-9233-6E7F1628B56C} - c:\program files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll
AddRemove-Fallout New Vegas_is1 - c:\program files (x86)\Bethesda Softworks\Fallout New Vegas\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va011]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va012]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\S-1-5-21-806275852-2541110638-1820081957-1000\Software\SecuROM\License information*]
"datasecu"=hex:20,c6,ac,a5,5f,ac,22,2b,47,09,44,8d,07,48,09,4c,99,54,a0,74,fc,
02,82,d1,81,02,3e,c6,2c,29,d9,62,35,ce,2e,65,ac,23,2f,2a,b2,a0,aa,5f,dd,0b,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2013-08-14 14:31:26
ComboFix-quarantined-files.txt 2013-08-14 17:31
.
Pré-execução: 554.717.532.160 bytes disponíveis
Pós execução: 554.649.976.832 bytes disponíveis
.
- - End Of File - - E6FCCD378904690B215291B9E4D3EE48
D41D8CD98F00B204E9800998ECF8427E

*Thanks.*


----------



## wannabeageek (Nov 12, 2009)

Hi LukeLennon.

*Step 1.*
*Create a System Restore Point (Vista - W7) *


 Right-click on *Computer* ... select *Properties.*
 In the _*left*_ pane under *Tasks* ... click *System protection.* 
If *UAC* prompts for an administrator password or approval, type the password or give your "permission to continue".
 Select *System Protection* ...then choose *Create.*
 In the System Restore dialog box, *type a description* for the restore point ... click *Create*, again. 
A window will pop up with _*"The Restore Point was created successfully"*_ confirmation message.
 Click *OK* ...then close the System Restore dialog.

_Unless you use some other method to create system restore points..._
*Please leave the System Restore function "turned on" until we are finished and I give you the 'all clean' sign.*

If you have successfully created a System Restore Point...we can proceed.
*If you have NOT successfully created a System Restore Point...do not go any further! 
Please post back so we can determine why it was unsuccessful.*

*Step 2.*
*ComboFix - CFScript*
* WARNING ! 
This script is for THIS user and computer ONLY! 
Using this tool incorrectly could damage your Operating System... preventing it from starting again! *

*You will not have Internet access when you execute ComboFix. All open windows will need to be closed!*


Please open *Notepad* and copy/paste all the text below... into the window:

```
ADS::
C:\Users\Fellipe\Dados de aplicativos

File::
C:\Users\Fellipe\AppData\Roaming\Mozilla\Firefox\Profiles\iyi735zd.default\ extensions\[email protected]
C:\Users\Fellipe\AppData\Roaming\Mozilla\Firefox\Profiles\iyi735zd.default\ searchplugins\ask-search.xml
```

*Save* it to your *desktop* as *CFScript.txt*
Please *disable* any* Antivirus *or *Firewall* you have active, as shown in *this topic*. Please *close all* open application windows.
Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:










This will cause *ComboFix* to run again.
*Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash. 
Do Not touch your computer when ComboFix is running!*
When finished... Notepad will open ... ComboFix will produce a log file called "*ComboFix.txt*".
Please copy/paste the contents of *ComboFix.txt*... in your next reply.

*** Enable your Antivirus and Firewall, before connecting to the Internet again! ***


----------



## LukeLennon (Jul 14, 2013)

*Here:*

ComboFix 13-08-15.03 - Fellipe 16/08/2013 13:00:30.3.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.16343.13515 [GMT -3:00]
Executando de: c:\users\Fellipe\Desktop\Gotcha.exe
Comandos utilizados :: c:\users\Fellipe\Desktop\CFScript.txt.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Fellipe\AppData\Roaming\Mozilla\Firefox\Profiles\iyi735zd.default\ extensions\[email protected]"
"c:\users\Fellipe\AppData\Roaming\Mozilla\Firefox\Profiles\iyi735zd.default\ searchplugins\ask-search.xml"
.
_ ADS - Dados de aplicativos: deleted 40 bytes in 1 streams. _
.
(((((((((((((((( Arquivos/Ficheiros criados de 2013-07-16 to 2013-08-16 ))))))))))))))))))))))))))))
.
.
2013-08-16 16:58 . 2013-08-16 16:58 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-08-16 16:58 . 2013-08-16 16:58 -------- d-----w- c:\users\Sara\AppData\Local\temp
2013-08-16 16:58 . 2013-08-16 16:58 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-08-16 16:58 . 2013-08-16 16:58 -------- d-----w- c:\users\hedev\AppData\Local\temp
2013-08-16 16:58 . 2013-08-16 16:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-16 16:58 . 2013-08-16 16:58 -------- d-----w- c:\users\Beaup\AppData\Local\temp
2013-08-16 10:39 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F48B286B-ACE6-4FD6-AE14-98F3C374751F}\mpengine.dll
2013-08-16 05:57 . 2013-08-16 05:57 -------- d-----w- c:\users\Fellipe\AppData\Local\ESN
2013-08-16 05:57 . 2013-08-16 05:57 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins
2013-08-16 05:43 . 2013-08-16 06:12 -------- d-----w- c:\programdata\EA Logs
2013-08-16 01:59 . 2013-08-16 05:42 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2013-08-15 15:56 . 2013-07-25 09:25 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-15 15:56 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-08-15 15:56 . 2013-07-09 05:46 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-08-15 15:56 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-08-15 15:56 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-08-15 15:56 . 2013-07-09 05:46 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-15 15:56 . 2013-07-09 05:46 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-15 15:56 . 2013-07-09 04:52 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-08-15 15:56 . 2013-07-09 04:46 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-08-15 15:56 . 2013-07-09 04:46 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-08-15 15:54 . 2013-07-06 06:03 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-12 18:26 . 2013-08-12 18:28 -------- d-----w- c:\users\Fellipe\minecraft
2013-08-07 20:05 . 2013-07-30 22:48 262552 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-08-05 21:17 . 2013-08-05 21:17 -------- d-----w- C:\_OTL
2013-08-04 18:18 . 2013-08-04 18:18 -------- d-----w- c:\windows\ERUNT
2013-07-29 19:39 . 2013-07-29 19:39 -------- d-----w- c:\users\Fellipe\AppData\Roaming\library_dir
2013-07-29 19:39 . 2013-08-16 15:24 -------- d-----w- c:\users\Fellipe\AppData\Roaming\Raptr
2013-07-29 19:39 . 2013-07-29 19:39 -------- d-----w- c:\program files (x86)\Raptr
2013-07-24 03:14 . 2013-07-24 03:25 -------- d-----w- c:\users\Fellipe\AppData\Local\Ubisoft Game Launcher
2013-07-24 03:14 . 2013-07-24 03:14 -------- d-----w- c:\program files (x86)\Ubisoft
2013-07-20 17:37 . 2013-07-20 18:28 -------- d-----w- C:\Gotcha
2013-07-19 23:30 . 2013-07-20 18:28 -------- d-----w- c:\program files (x86)\ESET
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-16 06:32 . 2013-06-09 02:18 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-08-16 06:32 . 2013-06-09 02:17 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-08-16 06:32 . 2013-06-09 02:17 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-08-16 06:27 . 2013-06-09 02:17 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-08-16 06:02 . 2012-11-17 17:48 78161360 ----a-w- c:\windows\system32\MRT.exe
2013-07-15 02:53 . 2012-11-17 17:52 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-15 02:53 . 2012-11-17 17:52 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-13 04:51 . 2013-07-13 04:51 524288 ----a-w- c:\windows\system32\home box office.scr
2013-07-13 04:51 . 2013-07-13 04:51 524288 ------w- c:\windows\SysWow64\home box office.scr
2013-07-09 04:45 . 2013-08-15 15:55 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-07-04 18:58 . 2013-07-04 18:58 312232 ----a-w- c:\windows\system32\javaws.exe
2013-07-04 18:58 . 2013-07-04 18:58 189352 ----a-w- c:\windows\system32\javaw.exe
2013-07-04 18:58 . 2013-07-04 18:58 188840 ----a-w- c:\windows\system32\java.exe
2013-07-04 18:58 . 2013-07-04 18:58 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-07-04 18:58 . 2013-06-02 20:37 972712 ----a-w- c:\windows\system32\deployJava1.dll
2013-07-04 18:58 . 2013-06-02 20:37 1093032 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-27 19:12 . 2013-03-06 02:11 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-27 19:12 . 2012-11-17 19:30 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-06-27 19:12 . 2012-11-17 19:29 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-23 16:21 . 2013-06-23 16:21 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-23 16:21 . 2012-11-17 19:25 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-23 16:21 . 2012-11-17 19:25 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-19 23:20 . 2013-06-19 23:20 51496 ----a-w- c:\windows\system32\drivers\stflt.sys
2013-06-19 17:37 . 2013-06-19 17:37 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-06-19 17:37 . 2013-06-19 17:37 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-06-19 17:37 . 2013-06-19 17:37 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-06-19 17:37 . 2013-06-19 17:37 81408 ----a-w- c:\windows\system32\icardie.dll
2013-06-19 17:37 . 2013-06-19 17:37 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-06-19 17:37 . 2013-06-19 17:37 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-06-19 17:37 . 2013-06-19 17:37 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-06-19 17:37 . 2013-06-19 17:37 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-06-19 17:37 . 2013-06-19 17:37 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-06-19 17:37 . 2013-06-19 17:37 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-06-19 17:37 . 2013-06-19 17:37 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-06-19 17:37 . 2013-06-19 17:37 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-06-19 17:37 . 2013-06-19 17:37 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-06-19 17:37 . 2013-06-19 17:37 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-06-19 17:37 . 2013-06-19 17:37 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-06-19 17:37 . 2013-06-19 17:37 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-06-19 17:37 . 2013-06-19 17:37 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-06-19 17:37 . 2013-06-19 17:37 441856 ----a-w- c:\windows\system32\html.iec
2013-06-19 17:37 . 2013-06-19 17:37 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-06-19 17:37 . 2013-06-19 17:37 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-06-19 17:37 . 2013-06-19 17:37 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-06-19 17:37 . 2013-06-19 17:37 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-19 17:37 . 2013-06-19 17:37 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-06-19 17:37 . 2013-06-19 17:37 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-06-19 17:37 . 2013-06-19 17:37 235008 ----a-w- c:\windows\system32\url.dll
2013-06-19 17:37 . 2013-06-19 17:37 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-06-19 17:37 . 2013-06-19 17:37 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-06-19 17:37 . 2013-06-19 17:37 216064 ----a-w- c:\windows\system32\msls31.dll
2013-06-19 17:37 . 2013-06-19 17:37 197120 ----a-w- c:\windows\system32\msrating.dll
2013-06-19 17:37 . 2013-06-19 17:37 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-06-19 17:37 . 2013-06-19 17:37 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-06-19 17:37 . 2013-06-19 17:37 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-06-19 17:37 . 2013-06-19 17:37 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-06-19 17:37 . 2013-06-19 17:37 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-06-19 17:37 . 2013-06-19 17:37 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-06-19 17:37 . 2013-06-19 17:37 149504 ----a-w- c:\windows\system32\occache.dll
2013-06-19 17:37 . 2013-06-19 17:37 144896 ----a-w- c:\windows\system32\wextract.exe
2013-06-19 17:37 . 2013-06-19 17:37 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-06-19 17:37 . 2013-06-19 17:37 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-06-19 17:37 . 2013-06-19 17:37 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-06-19 17:37 . 2013-06-19 17:37 13824 ----a-w- c:\windows\system32\mshta.exe
2013-06-19 17:37 . 2013-06-19 17:37 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-06-19 17:37 . 2013-06-19 17:37 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-06-19 17:37 . 2013-06-19 17:37 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-06-19 17:37 . 2013-06-19 17:37 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-06-19 17:37 . 2013-06-19 17:37 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-06-19 17:37 . 2013-06-19 17:37 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-06-19 17:37 . 2013-06-19 17:37 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-19 17:37 . 2013-06-19 17:37 102912 ----a-w- c:\windows\system32\inseng.dll
2013-06-05 03:34 . 2013-07-10 12:23 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 06:00 . 2013-07-10 12:23 624128 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-10 12:23 509440 ----a-w- c:\windows\SysWow64\qedit.dll
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-27 23:07 220632 ----a-w- c:\users\Fellipe\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-27 23:07 220632 ----a-w- c:\users\Fellipe\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-27 23:07 220632 ----a-w- c:\users\Fellipe\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
"Raptr"="c:\progra~2\Raptr\raptrstub.exe" [2013-07-18 55360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"BigDogPath"="c:\windows\ZSSnp211.exe" [2007-04-06 57344]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-04-15 450560]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-01-12 5028464]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]
"LGODDFU"="c:\program files (x86)\lg_fwupdate\lgfw.exe" [2012-11-17 27760]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-27 291608]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"RemoteControl"="c:\program files (x86)\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 APNMCP;Serviço de atualização Ask;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 BRDriver64;BRDriver64;c:\programdata\bitraider\BRDriver64.sys;c:\programdata\bitraider\BRDriver64.sys [x]
R3 BRSptSvc;BitRaider Mini-Support Service;c:\programdata\BitRaider\BRSptSvc.exe;c:\programdata\BitRaider\BRSptSvc.exe [x]
R3 FairplayKD;FairplayKD;c:\programdata\MTA San Andreas All\Common\temp\FairplayKD.sys;c:\programdata\MTA San Andreas All\Common\temp\FairplayKD.sys [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]
R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 iusb3hcs;Driver de comutação do controlador host Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S3 iusb3hub;Driver para hub Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Driver de controlador host eXtensível Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv_x64.sys [x]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-31 20:50 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2013-08-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-17 02:53]
.
2013-08-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-806275852-2541110638-1820081957-1000Core.job
- c:\users\Fellipe\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-21 00:47]
.
2013-08-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-806275852-2541110638-1820081957-1000UA.job
- c:\users\Fellipe\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-21 00:47]
.
2013-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-05 16:25]
.
2013-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-05 16:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-27 23:07 244696 ----a-w- c:\users\Fellipe\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-27 23:07 244696 ----a-w- c:\users\Fellipe\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-27 23:07 244696 ----a-w- c:\users\Fellipe\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000]
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Enviar para o OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Fellipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: DhcpNameServer = 187.122.188.53 192.168.0.1
FF - ProfilePath - c:\users\Fellipe\AppData\Roaming\Mozilla\Firefox\Profiles\iyi735zd.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.com.br/
FF - ExtSQL: 2013-06-16 18:40; [email protected]; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - ExtSQL: !HIDDEN! 2013-06-16 18:40; [email protected]; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORFÃOS REMOVIDOS - - - -
.
AddRemove-Fallout New Vegas_is1 - c:\program files (x86)\Bethesda Softworks\Fallout New Vegas\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va011]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va012]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\S-1-5-21-806275852-2541110638-1820081957-1000\Software\SecuROM\License information*]
"datasecu"=hex:20,c6,ac,a5,5f,ac,22,2b,47,09,44,8d,07,48,09,4c,99,54,a0,74,fc,
02,82,d1,81,02,3e,c6,2c,29,d9,62,35,ce,2e,65,ac,23,2f,2a,b2,a0,aa,5f,dd,0b,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2013-08-16 14:00:16
ComboFix-quarantined-files.txt 2013-08-16 17:00
ComboFix2.txt 2013-08-14 17:31
.
Pré-execução: 513.212.108.800 bytes disponíveis
Pós execução: 512.775.061.504 bytes disponíveis
.
- - End Of File - - A7EB13FD94A5BC24B8287F49FBE64703
D41D8CD98F00B204E9800998ECF8427E


----------



## wannabeageek (Nov 12, 2009)

Hi LukeLennon,

Please locate and post this log.


```
C:\Program Files (x86)\ESET\EsetOnlineScanner\log.txt
```
It is from this date/time when you last executed ESET.


> 2013-07-19 23:30 . 2013-07-20 18:28 -------- d-----w- c:\program files (x86)\ESET


----------



## LukeLennon (Jul 14, 2013)

The only file I have from ESET scan says this:

C:\Documents and Settings\Fellipe\Meus documentos\Jogos & Misc\Instalações\PokeFun_Beta.exe probably a variant of Win32/Agent.EGBWMXA trojan 
C:\Documents and Settings\Fellipe\Meus documentos\Jogos & Misc\Instalações\Limbo\LIMBO TDE ENG.exe a variant of Win32/Kryptik.EIF trojan 
C:\Users\Fellipe\Documents\Jogos & Misc\Instalações\PokeFun_Beta.exe probably a variant of Win32/Agent.EGBWMXA trojan 
C:\Users\Fellipe\Documents\Jogos & Misc\Instalações\Limbo\LIMBO TDE ENG.exe a variant of Win32/Kryptik.EIF trojan 
C:\Users\Fellipe\Meus documentos\Jogos & Misc\Instalações\PokeFun_Beta.exe probably a variant of Win32/Agent.EGBWMXA trojan 
C:\Users\Fellipe\Meus documentos\Jogos & Misc\Instalações\Limbo\LIMBO TDE ENG.exe a variant of Win32/Kryptik.EIF trojan 
C:\Documents and Settings\Fellipe\Documents\Jogos & Misc\Instalações\PokeFun_Beta.exe probably a variant of Win32/Agent.EGBWMXA trojan cleaned by deleting - quarantined
C:\Documents and Settings\Fellipe\Documents\Jogos & Misc\Instalações\Limbo\LIMBO TDE ENG.exe a variant of Win32/Kryptik.EIF trojan cleaned by deleting - quarantined


----------



## wannabeageek (Nov 12, 2009)

Hi LukeLennon,

I apologize for being late on my reply.

I am having trouble identifying these trojans listed in the scan report you provided. If these are variants of what is listed with Microsoft, these were remote access trojans. 
If you do any online banking or purchasing, you may want to read up about them here: Remote Access Infections
µTorrent and other P2P peer to peer software bypass you firewall and antivirus programs. you may read up about them here: P2P (Person to Person) File Sharing Programmes.

Please run the following and post the results:

*ESET online scanner*

*Note: You can use either Internet Explorer or Mozilla FireFox for this scan.*

_Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select *'Run as administrator' *to perform this scan._


First please *Disable* any* Antivirus * you have active, as shown in *This topic*. Scroll down to find your product.
*Note: Don't forget to re-enable it after the scan.*
Next hold down Control then click on the following link to open a new window to *ESET online scanner*
Press the Blue *Run ESET Online Scanner* button on the left side of the page.
A popup box will open.
Select the option *YES, I accept the Terms of Use* then click on *Start*.


> *Note:* If using Mozilla Firefox you will need to download *esetsmartinstaller_enu.exe* when prompted then double click on it to install.
> _All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox._



When prompted allow the *Add-On/Active X* to install.
Make sure that the option *Remove found threats* is *NOT* checked, and the option *Scan archives* is checked.
Now click on *Advanced Settings* and select the following:



*Scan for potentially unwanted applications*
*Scan for potentially unsafe applications*
*Enable Anti-Stealth Technology*

Now click on *Start*.
The *virus signature database... *will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the* Online Scan* will begin automatically.
When the scan is completed and you would like the program removed, select *Uninstall application on close. Be sure you have copied the log file first!*
Now click on *Finish*.
Use notepad to open the logfile located at *C:\Program Files\ESET\EsetOnlineScanner\log.txt*.
Copy and paste that log as a reply to this topic.

*Note:* Do not forget to re-enable your Anti-Virus application after running the above scan!


----------



## LukeLennon (Jul 14, 2013)

Sorry for the delay, it took some time to finish.

Anyway, here's the .txt :

C:\Documents and Settings\Fellipe\Documents\Jogos & Misc\Instalações\aTubeCatcher.exe multiple threats
C:\Documents and Settings\Fellipe\Documents\Jogos & Misc\Instalações\Camtasia Studio 6.0.3 Build 928 - www.tudofull.com.rar probably a variant of Win32/Keygen.BJ application
C:\Documents and Settings\Fellipe\Documents\Jogos & Misc\Instalações\CheatEngine63.exe multiple threats
C:\Documents and Settings\Fellipe\Documents\Jogos & Misc\Instalações\cpu-z_1.58-setup-en.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Documents and Settings\Fellipe\Documents\Jogos & Misc\Instalações\DTLite4461-0327.exe Win32/OpenCandy application
C:\Documents and Settings\Fellipe\Documents\Jogos & Misc\Instalações\hwmonitor_1.21-setup.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Documents and Settings\Fellipe\Documents\Jogos & Misc\Instalações\ManyCamSetup.exe a variant of Win32/Bundled.Toolbar.Ask.D application
C:\Documents and Settings\Fellipe\Documents\Jogos & Misc\Instalações\MsgPlusLive-485.exe a variant of Win32/MessengerPlus application
C:\Documents and Settings\Fellipe\Documents\Jogos & Misc\Instalações\OrbitSetup4.0.4.exe Win32/OpenCandy application
C:\Documents and Settings\Fellipe\Documents\Jogos & Misc\Instalações\SCAR.rar.rar a variant of Win32/GameHack.BA application
C:\Documents and Settings\Fellipe\Documents\Jogos & Misc\Instalações\Setup-MsgPlus-510.exe a variant of Win32/MessengerPlus.A application
C:\Documents and Settings\Fellipe\Documents\Jogos & Misc\Instalações\VDownloaderSetup.exe multiple threats
C:\Documents and Settings\Fellipe\Documents\Jogos & Misc\Instalações\Corel Draw X5 with Keygen\Keygen.exe a variant of Win32/Keygen.AF application
C:\Documents and Settings\Fellipe\Documents\Jogos & Misc\Instalações\Fireworks CS3\Crack\keygen.exe a variant of Win32/Keygen.AH application
C:\Documents and Settings\Fellipe\Documents\Jogos & Misc\Instalações\Little Big Adventure 1 and 2 (LBAHQ ed.)\Little Big Adventure 1 LBAHQ Custom Version 2 Nero\Ultimate_LBA_Trainer_W0MB13.zip a variant of Win32/HackTool.CheatEngine.AB application
C:\Documents and Settings\Fellipe\Documents\Jogos & Misc\Instalações\Mass Effect 1 - ViTALiTY 2008 + DLC's All Info-Fixes-Extras\Z-Cheats-Walkthrough-Trouble Shooting-Extras\Mass Effect Trainer +12\Mass Effect Trainer +12.exe a variant of Win32/GameHack.F application
C:\Documents and Settings\Fellipe\Documents\Jogos & Misc\Instalações\Mass Effect 1 - ViTALiTY 2008 + DLC's All Info-Fixes-Extras\Z-Cheats-Walkthrough-Trouble Shooting-Extras\Mass Effect Trainer +12\Mass Effect Trainer +12.rar a variant of Win32/GameHack.F application
C:\Documents and Settings\Fellipe\Documents\Jogos & Misc\Instalações\The Sims\The Sims 2\The Sims 2 All Stuff Packs\The Sims 2 Glamour Life Stuff.iso Win32/Keygen.FC application
C:\Documents and Settings\Fellipe\Documents\Jogos & Misc\Instalações\Windows XP\WXPVOL_EN.iso multiple threats
C:\Documents and Settings\Fellipe\Documents\Jogos & Misc\Jogos\GTA\GTA Vice City\Trainers\pzdgtavc.exe a variant of Win32/GameHack.S application
C:\Documents and Settings\Fellipe\Documents\Jogos & Misc\Jogos\GTA\GTA Vice City\Trainers\pzdgtavc.rar a variant of Win32/GameHack.S application
C:\Documents and Settings\Fellipe\Documents\Jogos & Misc\Textos\Brinks\****inFormat.exe a variant of Win32/Joke.Format.E application
C:\Documents and Settings\Fellipe\Meus documentos\Jogos & Misc\Instalações\aTubeCatcher.exe multiple threats
C:\Documents and Settings\Fellipe\Meus documentos\Jogos & Misc\Instalações\Camtasia Studio 6.0.3 Build 928 - www.tudofull.com.rar probably a variant of Win32/Keygen.BJ application
C:\Documents and Settings\Fellipe\Meus documentos\Jogos & Misc\Instalações\CheatEngine63.exe multiple threats
C:\Documents and Settings\Fellipe\Meus documentos\Jogos & Misc\Instalações\cpu-z_1.58-setup-en.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Documents and Settings\Fellipe\Meus documentos\Jogos & Misc\Instalações\DTLite4461-0327.exe Win32/OpenCandy application
C:\Documents and Settings\Fellipe\Meus documentos\Jogos & Misc\Instalações\hwmonitor_1.21-setup.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Documents and Settings\Fellipe\Meus documentos\Jogos & Misc\Instalações\ManyCamSetup.exe a variant of Win32/Bundled.Toolbar.Ask.D application
C:\Documents and Settings\Fellipe\Meus documentos\Jogos & Misc\Instalações\MsgPlusLive-485.exe a variant of Win32/MessengerPlus application
C:\Documents and Settings\Fellipe\Meus documentos\Jogos & Misc\Instalações\OrbitSetup4.0.4.exe Win32/OpenCandy application
C:\Documents and Settings\Fellipe\Meus documentos\Jogos & Misc\Instalações\SCAR.rar.rar a variant of Win32/GameHack.BA application
C:\Documents and Settings\Fellipe\Meus documentos\Jogos & Misc\Instalações\Setup-MsgPlus-510.exe a variant of Win32/MessengerPlus.A application
C:\Documents and Settings\Fellipe\Meus documentos\Jogos & Misc\Instalações\VDownloaderSetup.exe multiple threats
C:\Documents and Settings\Fellipe\Meus documentos\Jogos & Misc\Instalações\Corel Draw X5 with Keygen\Keygen.exe a variant of Win32/Keygen.AF application
C:\Documents and Settings\Fellipe\Meus documentos\Jogos & Misc\Instalações\Fireworks CS3\Crack\keygen.exe a variant of Win32/Keygen.AH application
C:\Documents and Settings\Fellipe\Meus documentos\Jogos & Misc\Instalações\Little Big Adventure 1 and 2 (LBAHQ ed.)\Little Big Adventure 1 LBAHQ Custom Version 2 Nero\Ultimate_LBA_Trainer_W0MB13.zip a variant of Win32/HackTool.CheatEngine.AB application
C:\Documents and Settings\Fellipe\Meus documentos\Jogos & Misc\Instalações\Mass Effect 1 - ViTALiTY 2008 + DLC's All Info-Fixes-Extras\Z-Cheats-Walkthrough-Trouble Shooting-Extras\Mass Effect Trainer +12\Mass Effect Trainer +12.exe a variant of Win32/GameHack.F application
C:\Documents and Settings\Fellipe\Meus documentos\Jogos & Misc\Instalações\Mass Effect 1 - ViTALiTY 2008 + DLC's All Info-Fixes-Extras\Z-Cheats-Walkthrough-Trouble Shooting-Extras\Mass Effect Trainer +12\Mass Effect Trainer +12.rar a variant of Win32/GameHack.F application
C:\Documents and Settings\Fellipe\Meus documentos\Jogos & Misc\Instalações\The Sims\The Sims 2\The Sims 2 All Stuff Packs\The Sims 2 Glamour Life Stuff.iso Win32/Keygen.FC application
C:\Documents and Settings\Fellipe\Meus documentos\Jogos & Misc\Instalações\Windows XP\WXPVOL_EN.iso multiple threats
C:\Documents and Settings\Fellipe\Meus documentos\Jogos & Misc\Jogos\GTA\GTA Vice City\Trainers\pzdgtavc.exe a variant of Win32/GameHack.S application
C:\Documents and Settings\Fellipe\Meus documentos\Jogos & Misc\Jogos\GTA\GTA Vice City\Trainers\pzdgtavc.rar a variant of Win32/GameHack.S application
C:\Documents and Settings\Fellipe\Meus documentos\Jogos & Misc\Textos\Brinks\****inFormat.exe a variant of Win32/Joke.Format.E application
C:\Documents and Settings\Sara\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe a variant of Win32/DealPly.B application
C:\Documents and Settings\Sara\Dados de aplicativos\DealPly\UpdateProc\UpdateTask.exe a variant of Win32/DealPly.B application
C:\Program Files (x86)\Cheat Engine 6.3\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB application
C:\Program Files (x86)\Cheat Engine 6.3\standalonephase1.dat a variant of Win32/HackTool.CheatEngine.AF application
C:\Users\Fellipe\Documents\Jogos & Misc\Instalações\aTubeCatcher.exe multiple threats
C:\Users\Fellipe\Documents\Jogos & Misc\Instalações\Camtasia Studio 6.0.3 Build 928 - www.tudofull.com.rar probably a variant of Win32/Keygen.BJ application
C:\Users\Fellipe\Documents\Jogos & Misc\Instalações\CheatEngine63.exe multiple threats
C:\Users\Fellipe\Documents\Jogos & Misc\Instalações\cpu-z_1.58-setup-en.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\Fellipe\Documents\Jogos & Misc\Instalações\DTLite4461-0327.exe Win32/OpenCandy application
C:\Users\Fellipe\Documents\Jogos & Misc\Instalações\hwmonitor_1.21-setup.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\Fellipe\Documents\Jogos & Misc\Instalações\ManyCamSetup.exe a variant of Win32/Bundled.Toolbar.Ask.D application
C:\Users\Fellipe\Documents\Jogos & Misc\Instalações\MsgPlusLive-485.exe a variant of Win32/MessengerPlus application
C:\Users\Fellipe\Documents\Jogos & Misc\Instalações\OrbitSetup4.0.4.exe Win32/OpenCandy application
C:\Users\Fellipe\Documents\Jogos & Misc\Instalações\SCAR.rar.rar a variant of Win32/GameHack.BA application
C:\Users\Fellipe\Documents\Jogos & Misc\Instalações\Setup-MsgPlus-510.exe a variant of Win32/MessengerPlus.A application
C:\Users\Fellipe\Documents\Jogos & Misc\Instalações\VDownloaderSetup.exe multiple threats
C:\Users\Fellipe\Documents\Jogos & Misc\Instalações\Corel Draw X5 with Keygen\Keygen.exe a variant of Win32/Keygen.AF application
C:\Users\Fellipe\Documents\Jogos & Misc\Instalações\Fireworks CS3\Crack\keygen.exe a variant of Win32/Keygen.AH application
C:\Users\Fellipe\Documents\Jogos & Misc\Instalações\Little Big Adventure 1 and 2 (LBAHQ ed.)\Little Big Adventure 1 LBAHQ Custom Version 2 Nero\Ultimate_LBA_Trainer_W0MB13.zip a variant of Win32/HackTool.CheatEngine.AB application
C:\Users\Fellipe\Documents\Jogos & Misc\Instalações\Mass Effect 1 - ViTALiTY 2008 + DLC's All Info-Fixes-Extras\Z-Cheats-Walkthrough-Trouble Shooting-Extras\Mass Effect Trainer +12\Mass Effect Trainer +12.exe a variant of Win32/GameHack.F application
C:\Users\Fellipe\Documents\Jogos & Misc\Instalações\Mass Effect 1 - ViTALiTY 2008 + DLC's All Info-Fixes-Extras\Z-Cheats-Walkthrough-Trouble Shooting-Extras\Mass Effect Trainer +12\Mass Effect Trainer +12.rar a variant of Win32/GameHack.F application
C:\Users\Fellipe\Documents\Jogos & Misc\Instalações\The Sims\The Sims 2\The Sims 2 All Stuff Packs\The Sims 2 Glamour Life Stuff.iso Win32/Keygen.FC application
C:\Users\Fellipe\Documents\Jogos & Misc\Instalações\Windows XP\WXPVOL_EN.iso multiple threats
C:\Users\Fellipe\Documents\Jogos & Misc\Jogos\GTA\GTA Vice City\Trainers\pzdgtavc.exe a variant of Win32/GameHack.S application
C:\Users\Fellipe\Documents\Jogos & Misc\Jogos\GTA\GTA Vice City\Trainers\pzdgtavc.rar a variant of Win32/GameHack.S application
C:\Users\Fellipe\Documents\Jogos & Misc\Textos\Brinks\****inFormat.exe a variant of Win32/Joke.Format.E application
C:\Users\Fellipe\Meus documentos\Jogos & Misc\Instalações\aTubeCatcher.exe multiple threats
C:\Users\Fellipe\Meus documentos\Jogos & Misc\Instalações\Camtasia Studio 6.0.3 Build 928 - www.tudofull.com.rar probably a variant of Win32/Keygen.BJ application
C:\Users\Fellipe\Meus documentos\Jogos & Misc\Instalações\CheatEngine63.exe multiple threats
C:\Users\Fellipe\Meus documentos\Jogos & Misc\Instalações\cpu-z_1.58-setup-en.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\Fellipe\Meus documentos\Jogos & Misc\Instalações\DTLite4461-0327.exe Win32/OpenCandy application
C:\Users\Fellipe\Meus documentos\Jogos & Misc\Instalações\hwmonitor_1.21-setup.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\Fellipe\Meus documentos\Jogos & Misc\Instalações\ManyCamSetup.exe a variant of Win32/Bundled.Toolbar.Ask.D application
C:\Users\Fellipe\Meus documentos\Jogos & Misc\Instalações\MsgPlusLive-485.exe a variant of Win32/MessengerPlus application
C:\Users\Fellipe\Meus documentos\Jogos & Misc\Instalações\OrbitSetup4.0.4.exe Win32/OpenCandy application
C:\Users\Fellipe\Meus documentos\Jogos & Misc\Instalações\SCAR.rar.rar a variant of Win32/GameHack.BA application
C:\Users\Fellipe\Meus documentos\Jogos & Misc\Instalações\Setup-MsgPlus-510.exe a variant of Win32/MessengerPlus.A application
C:\Users\Fellipe\Meus documentos\Jogos & Misc\Instalações\VDownloaderSetup.exe multiple threats
C:\Users\Fellipe\Meus documentos\Jogos & Misc\Instalações\Corel Draw X5 with Keygen\Keygen.exe a variant of Win32/Keygen.AF application
C:\Users\Fellipe\Meus documentos\Jogos & Misc\Instalações\Fireworks CS3\Crack\keygen.exe a variant of Win32/Keygen.AH application
C:\Users\Fellipe\Meus documentos\Jogos & Misc\Instalações\Little Big Adventure 1 and 2 (LBAHQ ed.)\Little Big Adventure 1 LBAHQ Custom Version 2 Nero\Ultimate_LBA_Trainer_W0MB13.zip a variant of Win32/HackTool.CheatEngine.AB application
C:\Users\Fellipe\Meus documentos\Jogos & Misc\Instalações\Mass Effect 1 - ViTALiTY 2008 + DLC's All Info-Fixes-Extras\Z-Cheats-Walkthrough-Trouble Shooting-Extras\Mass Effect Trainer +12\Mass Effect Trainer +12.exe a variant of Win32/GameHack.F application
C:\Users\Fellipe\Meus documentos\Jogos & Misc\Instalações\Mass Effect 1 - ViTALiTY 2008 + DLC's All Info-Fixes-Extras\Z-Cheats-Walkthrough-Trouble Shooting-Extras\Mass Effect Trainer +12\Mass Effect Trainer +12.rar a variant of Win32/GameHack.F application
C:\Users\Fellipe\Meus documentos\Jogos & Misc\Instalações\The Sims\The Sims 2\The Sims 2 All Stuff Packs\The Sims 2 Glamour Life Stuff.iso Win32/Keygen.FC application
C:\Users\Fellipe\Meus documentos\Jogos & Misc\Instalações\Windows XP\WXPVOL_EN.iso multiple threats
C:\Users\Fellipe\Meus documentos\Jogos & Misc\Jogos\GTA\GTA Vice City\Trainers\pzdgtavc.exe a variant of Win32/GameHack.S application
C:\Users\Fellipe\Meus documentos\Jogos & Misc\Jogos\GTA\GTA Vice City\Trainers\pzdgtavc.rar a variant of Win32/GameHack.S application
C:\Users\Fellipe\Meus documentos\Jogos & Misc\Textos\Brinks\****inFormat.exe a variant of Win32/Joke.Format.E application
C:\Users\Sara\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe a variant of Win32/DealPly.B application
C:\Users\Sara\Dados de aplicativos\DealPly\UpdateProc\UpdateTask.exe a variant of Win32/DealPly.B application
C:\Windows\KMService.exe Win32/HackKMS.A application

*Thanks again, and again, again...*


----------



## wannabeageek (Nov 12, 2009)

Hi LukeLennon,

Please run the following:

*Step 1.*
*Download and run MGA Diagnostic Tool*
This tool will aid us in determining what additional steps will need to be performed.*

Click* *here* to download the *MGA Diagnostics Tool* from Microsoft and *save* it to your *Desktop*. The *MGADiag.exe* icon will appear on your Desktop.

*Right-click* the *MGADiag.exe* icon on your Desktop and then *select* *Run As Administrator* from the popup menu.. The tools' window will be displayed.
*Click* the *Continue* button. The scan will be performed. Once the scan is complete the report information will be displayed and a *Copy* button will be provided.
*Click* the *Copy* button.
*Open* *Notepad* and *paste* the contents of the report into the Notepad window.
*Save* the report and *paste* the contents into your reply.

*Step 2.*
*Run CKScanner*


Please download *CKScanner* from *Here*
*Important:* - Save it to your* desktop.*
Right-click *CKScanner.exe* > select * " Run as administrator " *then click *Search For Files*.
After a very short time, when the cursor hourglass disappears, click *Save List To File*.
A message box will verify the file saved. *Please Run the program only once.*
Double-click the *CKFiles.txt* icon on your desktop and copy/paste the contents in your next reply.


----------



## LukeLennon (Jul 14, 2013)

When I try to copy at MGADiag it gives me this error:

Failed to create output files, hr = 0x800706b5. Please contact support.

So, I took a screenshot of the most important things.










And the CKScanner, when I click on Search for Files, it stops working.


----------



## Cookiegal (Aug 27, 2003)

The error you got when running the MGA Diagnostic utility only means it failed to create support files which are not needed for posting the report. You should still be able to click the Copy button and paste the report into this thread so please do so.


----------



## LukeLennon (Jul 14, 2013)

Oh, sorry. Here it is.

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-PJW6W-9GK29-TMPWP
Windows Product Key Hash: s96ZjOX/L18svs5JSfzs8eCl/m0=
Windows Product ID: 00426-OEM-8992662-00537
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.001
ID: {231CC376-FFF4-445C-8675-8FFFD7CBFFF4}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.130708-1532
TTS Error: 
Validation Diagnostic: 
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{231CC376-FFF4-445C-8675-8FFFD7CBFFF4}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-TMPWP</PKey><PID>00426-OEM-8992662-00537</PID><PIDType>2</PIDType><SID>S-1-5-21-806275852-2541110638-1820081957</SID><SYSTEM><Manufacturer>Gigabyte Technology Co., Ltd.</Manufacturer><Model>To be filled by O.E.M.</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>F12</Version><SMBIOSVersion major="2" minor="7"/><Date>20120821000000.000000+000</Date></BIOS><HWID>DA153607018400FE</HWID><UserLCID>0416</UserLCID><SystemLCID>0416</SystemLCID><TimeZone>Hora oficial do Brasil(GMT-03:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>LENOVO</OEMID><OEMTableID>TC-90 </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Versão do serviço de licença do software: 6.1.7601.17514

Nome: Windows(R) 7, Ultimate edition
Descrição: Windows Operating System - Windows(R) 7, OEM_SLP channel
Identificação da Ativação: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
Identificação da Aplicação: 55c92734-d682-4d71-983e-d6ec3f16059f
PID estendido: 00426-00178-926-600537-02-1046-7600.0000-3222012
Identificação da Instalação: 011233805065489851841095754306601573019154448390906691
URL do Certificado do Processador: http://go.microsoft.com/fwlink/?LinkID=88338
URL do Certificado da Máquina: http://go.microsoft.com/fwlink/?LinkID=88339
URL da Licença de Uso: http://go.microsoft.com/fwlink/?LinkID=88341
URL do Certificado da Chave do Produto (Product Key): http://go.microsoft.com/fwlink/?LinkID=88340
Chave do Produto (Product Key) Parcial: TMPWP
Status da Licença: Licenciado
Contagem de rearmação restante do Windows: 4
Hora confiável: 23/08/2013 20:15:27

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:

HWID Data-->
HWID Hash Current: NAAAAAIAAQABAAEAAQADAAAAAgABAAEAHKIuKEj/dxZy7rZStpJPp9h9freYVLY6xDaWYw==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information: 
ACPI Table Name OEMID Value OEMTableID Value
APIC ALASKA A M I
FACP ALASKA A M I
HPET ALASKA A M I
MCFG 
SSDT SataRe SataTabl
SSDT SataRe SataTabl
SSDT SataRe SataTabl
DMAR INTEL SNB 
SLIC LENOVO TC-90

Thanks for the help. And what should I do abaout the CKScanner?


----------



## Cookiegal (Aug 27, 2003)

I don't think we'll need CKScanner.

What's the make and model of this computer and what was the original operating system it shipped with?


----------



## LukeLennon (Jul 14, 2013)

It was shipped with Windows 7 Home Baisc Demo.

I don't think it has a make or model, because I choosed every component.

But i'll write everything I know:

CPU: * Intel Sandy Bridge-E Core I7 3820 3.60GHz Quad Box *
With *Corsair WaterCooler Corsair Hydro H6.
*Motherboard: * Gigabyte (Ivy Bridge) | GA-Z77M-D3H
*RAM: *2x Corsair 8GB DDR3 1600MHz Corsair Vengeance
*Hard Drive: * SATA 3.0 HDD 2TB 7200RPM
*Video Card: *Nvidia GeForce GTX 660 TI 2GB GDDR5 192-bit
** Corsair 850W | TX 850 *
Thanks.


----------



## Cookiegal (Aug 27, 2003)

OK, thanks for the information.

Then how did you get Windows 7 Ultimate installed? Where did you obtain it?


----------

