Solved Cannot open Windows 7 Firewall

[rnnbe]

Hi Broni!

I'm sorry for delay!

Only AV Free Edition appeared on Revo. I uninstalled it.
AV Premium Security seems to be gone since last uninstall (some weeks ago).

==== OTL LOG ====

OTL logfile created on: 25/02/2013 17:33:53 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

2,93 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 67,82% Memory free
5,86 Gb Paging File | 4,76 Gb Available in Paging File | 81,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 150,00 Gb Total Space | 10,17 Gb Free Space | 6,78% Space Free | Partition Type: NTFS
Drive E: | 135,09 Gb Total Space | 81,36 Gb Free Space | 60,23% Space Free | Partition Type: NTFS

Computer Name: RENAN-PC | User Name: Renan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/18 14:04:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\downloads\OTL(3).exe
PRC - [2013/01/27 10:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 10:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/11/22 23:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/10/04 13:06:52 | 000,281,448 | ---- | M] ( ) -- C:\PROGRA~1\GbPlugin\GbpSv.exe
PRC - [2012/09/24 18:59:32 | 000,802,304 | ---- | M] (Yuna Software) -- C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2011/02/25 02:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/19 15:10:34 | 003,670,016 | ---- | M] (LG Electronics) -- C:\Program Files\LG Software\LG OSD\HotKey.exe
PRC - [2009/07/01 18:03:12 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/07/01 18:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV - [2013/02/12 19:26:29 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/27 10:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 10:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/01/12 12:10:57 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/08 11:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/21 17:10:49 | 001,528,424 | ---- | M] (Echobit LLC) [On_Demand | Stopped] -- C:\Program Files\Echobit\Evolve\EvoSvc.exe -- (EvoSvc)
SRV - [2012/10/04 13:06:52 | 000,281,448 | ---- | M] ( ) [Auto | Running] -- C:\PROGRA~1\GbPlugin\GbpSv.exe -- (GbpSv)
SRV - [2012/04/26 15:03:36 | 000,135,584 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2011/07/31 16:49:10 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2009/07/13 22:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 22:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009/07/01 18:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)


========== Driver Services (SafeList) ==========

DRV - [2013/01/20 14:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/12/21 17:10:55 | 000,018,584 | ---- | M] (Echobit, LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\evolve.sys -- (EvolveVirtualAdapter)
DRV - [2012/10/04 13:07:24 | 000,047,720 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gbpkm.sys -- (GbpKm)
DRV - [2012/09/20 01:35:36 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012/09/20 01:35:36 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2012/08/23 11:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 11:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/06/27 05:37:56 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2012/06/27 05:37:56 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2012/06/27 05:37:56 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2012/06/27 05:37:56 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2012/06/27 05:37:56 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2012/06/27 05:37:56 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2012/06/27 05:37:56 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2011/08/25 01:33:06 | 000,076,328 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwdpan.sys -- (BTWDPAN)
DRV - [2011/07/29 12:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2011/07/29 12:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2011/07/20 04:45:58 | 000,139,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssaeunic.sys -- (ssaeunic)
DRV - [2011/07/20 04:45:58 | 000,132,296 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssaemdm.sys -- (ssaemdm)
DRV - [2011/07/20 04:45:58 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssaebus.sys -- (ssaebus)
DRV - [2011/07/20 04:45:58 | 000,025,544 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssaend5.sys -- (ssaend5)
DRV - [2011/07/20 04:45:58 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssaemdfl.sys -- (ssaemdfl)
DRV - [2011/06/15 05:23:56 | 000,060,156 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/11/20 06:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/09 14:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010/03/15 07:44:48 | 000,127,488 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2009/07/30 17:45:22 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 21:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 20:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 19:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/13 19:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/13 19:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009/06/04 15:03:28 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wsvd.sys -- (wsvd)
DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2007/09/25 11:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2003/01/20 10:50:36 | 000,020,648 | ---- | M] (Thomson Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netrcacm.sys -- (netrcacm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/redirectdomain?brand=LGEL&bmod=LGEL
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1533688341-1081067476-2286044317-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1533688341-1081067476-2286044317-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-1533688341-1081067476-2286044317-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-1533688341-1081067476-2286044317-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1533688341-1081067476-2286044317-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1533688341-1081067476-2286044317-1001\..\SearchScopes\{2DD09257-7147-4C85-AD17-E703944AD506}: "URL" = http://websearch.ask.com/redirect?c...pn_sauid=65CFC850-FF57-4DB0-91E6-BFA74B0BC900
IE - HKU\S-1-5-21-1533688341-1081067476-2286044317-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1533688341-1081067476-2286044317-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://oglobo.globo.com/"
FF - prefs.js..extensions.enabledAddons: qrlinkmaker@bogdan.wrbel:1.04.4
FF - prefs.js..extensions.enabledAddons: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:4.1.3.1
FF - prefs.js..extensions.enabledAddons: {30E08C68-889E-11E0-95EF-DA7E4824019B}:0.8
FF - prefs.js..extensions.enabledAddons: {87F8774F-B485-47E2-A755-A40A8A5E8874}:2.12.0.15.120
FF - prefs.js..extensions.enabledAddons: {87F8774F-B485-47E2-A755-A40A8A5E886D}:2.12.0.19.120
FF - prefs.js..extensions.enabledAddons: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.4.8.5
FF - prefs.js..extensions.enabledAddons: firefox@ghostery.com:2.8.3
FF - prefs.js..extensions.enabledAddons: {37fa1426-b82d-11db-8314-0800200c9a66}:3.0
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 81
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 81
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 81
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 81
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Renan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Renan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Renan\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Renan\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Renan\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Renan\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/14 17:44:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/12 12:10:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/12 12:10:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/12 12:10:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/12 12:10:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/12 12:10:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/12 12:10:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/12 12:10:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/12 12:10:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/12 12:10:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/12 12:10:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/12 12:10:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/12 12:10:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/12 12:10:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/12 12:10:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/12 12:10:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/12 12:10:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/12 12:10:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/12 12:10:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/12 12:10:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/12 12:10:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/12 12:10:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/12 12:10:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/12 12:10:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Renan\AppData\Roaming\IDM\idmmzcc5

[2012/03/04 00:28:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Renan\AppData\Roaming\Mozilla\Extensions
[2013/02/10 02:07:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Renan\AppData\Roaming\Mozilla\Firefox\Profiles\2drn8jlj.default\extensions
[2012/05/15 02:37:24 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Renan\AppData\Roaming\Mozilla\Firefox\Profiles\2drn8jlj.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2012/12/08 13:45:07 | 000,000,000 | ---D | M] (Modulo Adicional de Seguranca CAIXA) -- C:\Users\Renan\AppData\Roaming\Mozilla\Firefox\Profiles\2drn8jlj.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886D}
[2012/05/29 18:47:29 | 000,000,000 | ---D | M] (Modulo de Protecao) -- C:\Users\Renan\AppData\Roaming\Mozilla\Firefox\Profiles\2drn8jlj.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8874}
[2012/12/08 13:45:07 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Renan\AppData\Roaming\Mozilla\Firefox\Profiles\2drn8jlj.default\extensions\firefox@ghostery.com
[2013/02/10 02:07:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Renan\AppData\Roaming\Mozilla\Firefox\Profiles\s58rn86o.Teste\extensions
[2012/12/08 13:44:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Renan\AppData\Roaming\Mozilla\Firefox\Profiles\s58rn86o.Teste\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886D}
[2012/05/29 19:27:28 | 000,000,000 | ---D | M] (Guardiao Itau 30 horas) -- C:\Users\Renan\AppData\Roaming\Mozilla\Firefox\Profiles\s58rn86o.Teste\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8873}
[2012/05/29 19:27:28 | 000,000,000 | ---D | M] (Modulo de Protecao) -- C:\Users\Renan\AppData\Roaming\Mozilla\Firefox\Profiles\s58rn86o.Teste\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8874}
[2012/11/01 21:12:08 | 000,091,555 | ---- | M] () (No name found) -- C:\Users\Renan\AppData\Roaming\Mozilla\Firefox\Profiles\2drn8jlj.default\extensions\printedit@DW-dev.xpi
[2012/06/19 15:39:37 | 000,010,618 | ---- | M] () (No name found) -- C:\Users\Renan\AppData\Roaming\Mozilla\Firefox\Profiles\2drn8jlj.default\extensions\qrlinkmaker@bogdan.wrbel.xpi
[2012/12/08 13:45:07 | 000,340,272 | ---- | M] () (No name found) -- C:\Users\Renan\AppData\Roaming\Mozilla\Firefox\Profiles\2drn8jlj.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2012/06/05 22:46:37 | 000,076,798 | ---- | M] () (No name found) -- C:\Users\Renan\AppData\Roaming\Mozilla\Firefox\Profiles\2drn8jlj.default\extensions\{30E08C68-889E-11E0-95EF-DA7E4824019B}.xpi
[2012/12/08 13:45:07 | 000,194,530 | ---- | M] () (No name found) -- C:\Users\Renan\AppData\Roaming\Mozilla\Firefox\Profiles\2drn8jlj.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi
[2013/01/20 20:47:54 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Renan\AppData\Roaming\Mozilla\Firefox\Profiles\2drn8jlj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/10/10 10:22:28 | 000,014,053 | ---- | M] () (No name found) -- C:\Users\Renan\AppData\Roaming\Mozilla\Firefox\Profiles\s58rn86o.Teste\extensions\qrlinkmaker@bogdan.wrbel.xpi
[2012/05/29 19:27:27 | 000,193,744 | ---- | M] () (No name found) -- C:\Users\Renan\AppData\Roaming\Mozilla\Firefox\Profiles\s58rn86o.Teste\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi
[2012/01/13 11:02:03 | 000,634,964 | ---- | M] () (No name found) -- C:\Users\Renan\AppData\Roaming\Mozilla\Firefox\Profiles\s58rn86o.Teste\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/02/28 15:23:25 | 000,000,471 | ---- | M] () -- C:\Users\Renan\AppData\Roaming\Mozilla\Firefox\Profiles\2drn8jlj.default\searchplugins\tv-magazine.xml
[2012/05/14 17:44:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012/04/20 22:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/20 23:26:25 | 000,001,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\buscape.xml
[2012/04/20 23:26:25 | 000,001,212 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mercadolivre.xml
[2012/04/20 23:26:24 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/04/20 23:26:25 | 000,001,168 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-br.xml
[2012/04/20 23:26:24 | 000,000,952 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-br.xml

========== Chrome ==========

CHR - homepage: http://protopage.com/renanag
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://protopage.com/renanag
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Renan\AppData\Local\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Renan\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Renan\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Downloaders plugin (Enabled) = C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\lfjamigppmepikjlacjdpgjaiojdjhoj\1.4.4.4_0\npdmb.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Disabled) = C:\Users\Renan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Disabled) = C:\Users\Renan\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Disabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Earth Plugin (Disabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Harmony Firefox Plugin (Disabled) = C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Disabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Renan\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Renan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: Save the trees (print & screenshot) = C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjlcapbgbcnfkifgclinapfbkielnmdi\1.0.1.0_0\
CHR - Extension: YouTube = C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: History 2 = C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahejgbbfgmlmjgdjlibphdjeldhagkp\0.6.0_0\
CHR - Extension: X-notifier (for Gmail\u2122,Hotmail,Yahoo,AOL...) = C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdfjbkbddpfnoplfhceolpopfoepleco\3.0.9_0\
CHR - Extension: Adblock Plus = C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\
CHR - Extension: Tinybirds-\u2019s Music Profile \u2013 Users at Last.fm = C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcaelkbfopkjmdoncnedfggfmdmgcfeo\2012.5.31.10606_0\
CHR - Extension: Bloxorz = C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfkaiemjhgblkkcanmhciiopcehlhnhi\2.0.0_0\
CHR - Extension: Pixlr-o-matic = C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehcibdjmpjlekgjhepbfmenfppliikcj\1.2_0\
CHR - Extension: NETVASCO - Not\u00EDcias do Vasco = C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdeebmnahhjonjbeaklhldgmlmfidfpp\2012.5.31.10670_0\
CHR - Extension: Forecastfox = C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihffmkcfkejomlfnilnmkokcpgclhfeg\2.0.10_0\
CHR - Extension: View Image Info (properties) = C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jldjjifbpipdmligefcogandjojpdagn\0.0.1.1_0\
CHR - Extension: QR Link = C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Extensions\khhdemclfbfonflnbbgnklfkjnnbnhfc\0.1_0\
CHR - Extension: Chromium Wheel Smooth Scroller = C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Extensions\khpcanbeojalbkpgpmjpdkjnkfcgfkhb\1.3.2_0\
CHR - Extension: Downloaders = C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfjamigppmepikjlacjdpgjaiojdjhoj\1.4.4.4_0\
CHR - Extension: Google Maps = C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
CHR - Extension: Ghostery = C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.1.0_0\
CHR - Extension: History Plus = C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmeiidaaeapionnjaheefgcflidanoeg\2.0.0_0\
CHR - Extension: Better History = C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Extensions\obciceimmggglbmelaidpjlmodcebijb\1.9.37_0\
CHR - Extension: Enhanced History = C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocfblifjfffcokdoocoopcnaooljncbh\1.2.1_0\

 

[rnnbe]

O1 HOSTS File: ([2013/02/10 01:39:41 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [KeybdUtility] C:\Program Files\LG Software\LG OSD\HotKey.exe (LG Electronics)
O4 - HKLM..\Run: [Logon] C:\Program Files\Ex-Sight.Com\Logon\Ex-SightLogonTray.exe (Ex-Sight.Com)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [WsmUpdater] C:\Program Files\Web Solution Mart\Fake Webcam Codecs Pack\Updater.exe (Web Solution Mart)
O4 - HKLM..\Run: [zOSD] C:\Program Files\LG Software\LG OSD\HotKey.exe (LG Electronics)
O4 - HKU\S-1-5-21-1533688341-1081067476-2286044317-1001..\Run: [Facebook Update] C:\Users\Renan\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1533688341-1081067476-2286044317-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1533688341-1081067476-2286044317-1001\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1533688341-1081067476-2286044317-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1533688341-1081067476-2286044317-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.15.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.17.0.62 201.17.0.94
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3129C725-817D-41BA-A9F1-D938C7432449}: DhcpNameServer = 201.17.0.62 201.17.0.94
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3129C725-817D-41BA-A9F1-D938C7432449}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4EAAB7FE-42A4-4D60-B8E1-B630F22AAEFC}: DhcpNameServer = 201.17.0.84 201.17.0.94 201.17.0.44
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ GbPluginCef: DllName - (C:\Program Files\GbPlugin\gbiehCef.dll) - C:\Program Files\GbPlugin\gbiehCef.dll (Caixa Economica Federal)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences\FencesMenu.dll (Stardock)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/13 17:42:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/02/13 16:36:06 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/02/13 16:32:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2
[2013/02/13 14:46:24 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2013/02/12 22:25:34 | 000,000,000 | ---D | C] -- C:\Users\Renan\AppData\Roaming\Skype
[2013/02/12 22:25:10 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2013/02/12 22:25:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/02/12 22:25:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/02/12 22:24:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013/02/12 19:18:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/02/12 19:00:56 | 000,400,384 | ---- | C] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Users\Renan\Desktop\JavaRa.exe
[2013/02/12 01:37:13 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Renan\Desktop\TFC.exe
[2013/02/12 01:36:02 | 000,352,883 | ---- | C] (Farbar) -- C:\Users\Renan\Desktop\FSS.exe
[2013/02/10 02:15:12 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/02/10 02:14:53 | 000,000,000 | ---D | C] -- C:\JRT
[2013/02/10 02:14:31 | 000,547,275 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Renan\Desktop\JRT.exe
[2013/02/10 01:42:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/02/10 01:39:39 | 000,000,000 | ---D | C] -- C:\Users\Renan\AppData\Local\temp
[2013/02/10 01:26:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/02/10 01:26:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/02/10 01:26:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/02/10 01:25:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/02/10 01:25:26 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/02/10 01:14:22 | 005,030,592 | R--- | C] (Swearware) -- C:\Users\Renan\Desktop\ComboFix.exe
[2013/02/09 23:58:42 | 000,000,000 | ---D | C] -- C:\Users\Renan\Desktop\mbar
[2013/02/09 23:51:05 | 000,000,000 | ---D | C] -- C:\Users\Renan\AppData\Local\ElevatedDiagnostics
[2013/02/09 23:51:01 | 000,000,000 | ---D | C] -- C:\Users\Renan\Desktop\RK_Quarantine
[2013/02/09 22:23:41 | 000,688,992 | ---- | C] (Swearware) -- C:\Users\Renan\Desktop\dds.scr
[2013/02/09 22:21:36 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Renan\Desktop\dds.com
[2013/02/09 19:21:37 | 000,000,000 | ---D | C] -- C:\Users\Renan\AppData\Roaming\Malwarebytes
[2013/02/09 19:21:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/02/09 19:21:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/02/09 19:21:21 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/02/09 19:21:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/02/09 19:21:12 | 000,000,000 | ---D | C] -- C:\Users\Renan\AppData\Local\Programs
[2013/02/09 18:25:12 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/02/09 18:17:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/02/09 15:04:12 | 000,000,000 | ---D | C] -- C:\RegBackup
[2013/02/09 14:48:14 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2013/02/09 14:47:32 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs
[2013/02/09 14:47:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2013/02/09 14:46:54 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
[2013/02/09 14:26:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2013/02/09 13:42:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orbit
[2013/02/07 19:42:16 | 000,000,000 | ---D | C] -- C:\Users\Renan\AppData\Roaming\Transformice
[2013/02/07 19:41:51 | 000,000,000 | ---D | C] -- C:\Program Files\Transformice
[2013/02/07 19:41:49 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2013/02/07 19:41:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2013/02/07 19:40:42 | 000,000,000 | ---D | C] -- C:\Users\Renan\AppData\Local\Adobe
[2013/02/03 15:52:56 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump

========== Files - Modified Within 30 Days ==========

[2013/02/25 17:31:38 | 000,014,208 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/25 17:31:38 | 000,014,208 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/25 17:29:58 | 000,710,984 | ---- | M] () -- C:\Windows\System32\prfh0416.dat
[2013/02/25 17:29:58 | 000,659,552 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/02/25 17:29:58 | 000,151,518 | ---- | M] () -- C:\Windows\System32\prfc0416.dat
[2013/02/25 17:29:58 | 000,126,232 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/02/25 17:25:22 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/25 17:24:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/25 17:16:09 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/25 17:14:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/25 13:06:04 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1533688341-1081067476-2286044317-1001UA.job
[2013/02/25 13:04:01 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1533688341-1081067476-2286044317-1001UA.job
[2013/02/25 12:25:03 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.umbrella
[2013/02/25 02:18:22 | 000,001,720 | -H-- | M] () -- C:\Users\Renan\Desktop\WNetWatcher.cfg
[2013/02/24 23:04:00 | 000,001,026 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1533688341-1081067476-2286044317-1001Core.job
[2013/02/24 19:06:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1533688341-1081067476-2286044317-1001Core.job
[2013/02/23 00:25:37 | 000,196,382 | ---- | M] () -- C:\Users\Renan\Desktop\ect.jpg
[2013/02/22 23:07:03 | 000,002,368 | ---- | M] () -- C:\Users\Renan\Desktop\Google Chrome.lnk
[2013/02/16 00:46:47 | 001,204,613 | ---- | M] () -- C:\Users\Renan\Desktop\Van Tijuca.jpg
[2013/02/14 11:49:04 | 000,178,350 | ---- | M] () -- C:\Users\Renan\Desktop\certidao (3).pdf
[2013/02/13 23:25:43 | 000,440,952 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/02/13 17:45:22 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/02/13 14:48:57 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2013/02/12 23:01:47 | 000,171,798 | ---- | M] () -- C:\Users\Renan\Documents\justelondres.jpg
[2013/02/12 22:25:10 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/02/12 21:20:42 | 000,002,237 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2013/02/12 19:19:23 | 000,190,892 | ---- | M] () -- C:\Users\Renan\Desktop\Firewall1.jpg
[2013/02/12 19:19:16 | 000,190,206 | ---- | M] () -- C:\Users\Renan\Desktop\Firewall2.jpg
[2013/02/11 11:49:33 | 000,100,666 | ---- | M] () -- C:\Users\Renan\Desktop\Voucher 1001.pdf
[2013/02/10 15:12:49 | 000,352,883 | ---- | M] (Farbar) -- C:\Users\Renan\Desktop\FSS.exe
[2013/02/10 02:06:34 | 000,582,209 | ---- | M] () -- C:\Users\Renan\Desktop\adwcleaner (1).exe
[2013/02/10 01:39:41 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/02/09 19:21:26 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/09 15:05:06 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-RENAN-PC-Microsoft-Windows-7-Home-Premium-(32-bit).dat
[2013/02/09 13:42:56 | 000,001,013 | ---- | M] () -- C:\Users\Renan\Desktop\Orbit.lnk
[2013/02/09 13:41:29 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/02/09 13:31:54 | 001,056,768 | ---- | M] () -- C:\Users\Renan\defltbase.sdb
[2013/02/09 07:36:40 | 000,782,848 | ---- | M] () -- C:\Users\Renan\Desktop\RogueKiller.exe
[2013/02/07 23:56:07 | 005,030,592 | R--- | M] (Swearware) -- C:\Users\Renan\Desktop\ComboFix.exe
[2013/02/07 19:41:52 | 000,000,881 | ---- | M] () -- C:\Users\Public\Desktop\Transformice.lnk
[2013/02/07 19:41:27 | 000,154,932 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2013/02/02 21:55:49 | 000,547,275 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Renan\Desktop\JRT.exe
[1 C:\Windows\System32\drivers\etc\*.tmp files -> C:\Windows\System32\drivers\etc\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/23 00:25:37 | 000,196,382 | ---- | C] () -- C:\Users\Renan\Desktop\ect.jpg
[2013/02/16 00:46:47 | 001,204,613 | ---- | C] () -- C:\Users\Renan\Desktop\Van Tijuca.jpg
[2013/02/14 11:49:03 | 000,178,350 | ---- | C] () -- C:\Users\Renan\Desktop\certidao (3).pdf
[2013/02/13 17:45:22 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/02/13 17:43:14 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/02/12 23:01:39 | 000,171,798 | ---- | C] () -- C:\Users\Renan\Documents\justelondres.jpg
[2013/02/12 22:25:10 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/02/12 19:19:23 | 000,190,892 | ---- | C] () -- C:\Users\Renan\Desktop\Firewall1.jpg
[2013/02/12 19:19:16 | 000,190,206 | ---- | C] () -- C:\Users\Renan\Desktop\Firewall2.jpg
[2013/02/12 19:00:56 | 000,323,460 | ---- | C] () -- C:\Users\Renan\Desktop\JavaRa.def
[2013/02/12 19:00:56 | 000,003,127 | ---- | C] () -- C:\Users\Renan\Desktop\Nederlands.lng
[2013/02/12 19:00:56 | 000,003,027 | ---- | C] () -- C:\Users\Renan\Desktop\Français.lng
[2013/02/12 19:00:56 | 000,002,946 | ---- | C] () -- C:\Users\Renan\Desktop\Español.lng
[2013/02/12 19:00:56 | 000,002,920 | ---- | C] () -- C:\Users\Renan\Desktop\Italiano.lng
[2013/02/12 19:00:56 | 000,002,699 | ---- | C] () -- C:\Users\Renan\Desktop\Deutsch.lng
[2013/02/12 19:00:56 | 000,002,553 | ---- | C] () -- C:\Users\Renan\Desktop\Suomi.lng
[2013/02/12 01:25:45 | 000,881,914 | ---- | C] () -- C:\Users\Renan\Desktop\SecurityCheck(1).exe
[2013/02/11 11:49:33 | 000,100,666 | ---- | C] () -- C:\Users\Renan\Desktop\Voucher 1001.pdf
[2013/02/10 02:06:32 | 000,582,209 | ---- | C] () -- C:\Users\Renan\Desktop\adwcleaner (1).exe
[2013/02/10 01:26:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/02/10 01:26:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/02/10 01:26:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/02/10 01:26:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/02/10 01:26:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/02/09 23:49:41 | 000,782,848 | ---- | C] () -- C:\Users\Renan\Desktop\RogueKiller.exe
[2013/02/09 19:21:26 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/09 17:28:12 | 000,440,952 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/02/09 15:05:06 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-RENAN-PC-Microsoft-Windows-7-Home-Premium-(32-bit).dat
[2013/02/09 14:47:01 | 000,002,237 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2013/02/09 13:31:53 | 001,056,768 | ---- | C] () -- C:\Users\Renan\defltbase.sdb
[2013/02/07 19:41:52 | 000,000,893 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Transformice.lnk
[2013/02/07 19:41:52 | 000,000,881 | ---- | C] () -- C:\Users\Public\Desktop\Transformice.lnk
[2012/11/25 15:57:32 | 002,468,520 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2012/11/25 15:57:32 | 002,468,520 | ---- | C] () -- C:\Windows\System32\¸´¼þ BootMan.exe
[2012/11/25 15:57:32 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2012/11/25 15:57:32 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2012/11/25 15:57:32 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2012/11/25 15:57:31 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2012/11/23 12:53:32 | 000,000,286 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/11/21 21:19:41 | 000,001,454 | ---- | C] () -- C:\Windows\GSKETCHP.INI
[2012/10/25 18:51:57 | 000,180,773 | ---- | C] () -- C:\Windows\hpoins43.dat
[2012/10/25 18:51:57 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat
[2012/10/21 22:11:56 | 000,044,220 | ---- | C] () -- C:\Users\Renan\AppData\Local\RAContactHistory.xml
[2012/10/20 17:17:56 | 000,000,998 | ---- | C] () -- C:\Windows\posteriza.INI
[2012/09/19 20:13:15 | 000,208,217 | ---- | C] () -- C:\Windows\hpoins43.dat.temp
[2012/06/25 18:29:54 | 000,014,119 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2012/06/15 00:54:42 | 000,000,598 | ---- | C] () -- C:\Windows\System32\http--imguol.com-2012-06-13-onibus-hibrido-a-hidrogenio-da-coppeufrj-e-movido-a-energia-eletrica-obtida-da-rede-convencional-e-da-produzida-pelo-proprio-motor-do-veiculo-alem-de-energia-cinetica-1.jpg.lnk
[2012/06/08 20:46:56 | 000,045,270 | ---- | C] () -- C:\Users\Renan\AppData\Roaming\room_v3.dat
[2012/06/05 21:52:12 | 000,000,001 | ---- | C] () -- C:\Users\Renan\mm.cfg
[2012/06/02 00:27:22 | 000,428,856 | ---- | C] () -- C:\Windows\System32\ex-sightlogoncredprov.dll
[2012/06/02 00:27:21 | 000,263,480 | ---- | C] () -- C:\Windows\System32\ex-sightlogon.dll
[2012/05/03 16:56:22 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2012/05/03 16:56:21 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2012/05/03 16:56:21 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2012/04/05 01:28:34 | 000,000,000 | ---- | C] () -- C:\Windows\EngineExe.INI
[2012/04/05 01:05:18 | 000,000,000 | ---- | C] () -- C:\Windows\PanelExe.INI
[2012/03/28 22:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012/03/28 22:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012/03/28 22:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012/03/28 22:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012/03/14 19:14:18 | 000,761,856 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012/03/10 20:13:56 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012/02/28 16:21:17 | 000,000,600 | ---- | C] () -- C:\Users\Renan\PUTTY.RND
[2012/02/24 18:43:50 | 000,200,468 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012/02/14 02:01:38 | 000,000,600 | ---- | C] () -- C:\Windows\ago.INI
[2012/02/14 01:46:28 | 000,000,602 | ---- | C] () -- C:\Users\Renan\AppData\Roaming\AutoGK.ini
[2012/01/24 17:51:24 | 000,012,920 | ---- | C] () -- C:\Windows\System32\apl001.sys
[2012/01/24 17:51:24 | 000,010,872 | ---- | C] () -- C:\Windows\System32\apf001.sys
[2011/11/28 15:20:15 | 000,000,638 | ---- | C] () -- C:\Windows\System32\http--www.buxixo.com.br-sites-default-files-imagecache-galeria-de-fotos_interna-J%20Hawilla,%20Luciano%20Huck,%20Jose%20Victor%20Oliva,%20Galvao%20Bueno,%20Ronaldo%20Nazario%20e%20Ricardo%20Teixei.JPG.lnk
[2011/10/15 21:14:12 | 000,154,932 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/10/13 10:31:48 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011/10/13 10:30:24 | 000,000,268 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011/09/15 01:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
[2011/09/13 12:26:11 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2011/09/13 12:26:11 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2011/08/19 07:58:19 | 002,525,238 | ---- | C] () -- C:\Users\Renan\AppData\Local\[j0006]-[p08].bmp
[2011/08/16 22:27:59 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat.temp
[2011/08/01 12:04:25 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/08/01 02:39:41 | 000,000,061 | -HS- | C] () -- C:\Windows\cnerolf.dat
[2011/08/01 02:35:43 | 000,057,344 | ---- | C] () -- C:\Windows\System32\zlib1i.dll
[2011/07/31 19:15:27 | 000,007,603 | ---- | C] () -- C:\Users\Renan\AppData\Local\Resmon.ResmonCfg
[2011/07/31 16:22:46 | 000,012,445 | ---- | C] () -- C:\Windows\lg_up.ini

========== ZeroAccess Check ==========

[2013/02/09 18:44:13 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 01:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\Windows\system32\wbem\fastprox.dll -- [2010/11/20 09:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\Windows\system32\wbem\wbemess.dll -- [2009/07/13 22:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/10/31 07:17:50 | 000,000,000 | ---D | M] -- C:\Users\Convidado\AppData\Roaming\BitMeter2
[2011/10/31 07:17:22 | 000,000,000 | ---D | M] -- C:\Users\Convidado\AppData\Roaming\ProgeCAD
[2012/03/04 00:02:35 | 000,000,000 | ---D | M] -- C:\Users\Convidado\AppData\Roaming\Tibia
[2013/01/01 02:28:26 | 000,000,000 | ---D | M] -- C:\Users\Renan\AppData\Roaming\.minecraft
[2013/01/15 21:18:53 | 000,000,000 | ---D | M] -- C:\Users\Renan\AppData\Roaming\AdamOutler
[2012/02/14 01:06:48 | 000,000,000 | ---D | M] -- C:\Users\Renan\AppData\Roaming\Aegisub
[2013/01/02 11:25:34 | 000,000,000 | ---D | M] -- C:\Users\Renan\AppData\Roaming\Animal Software
[2012/03/07 13:29:59 | 000,000,000 | ---D | M] -- C:\Users\Renan\AppData\Roaming\Audacity
[2012/02/08 15:50:03 | 000,000,000 | ---D | M] -- C:\Users\Renan\AppData\Roaming\Auslogics
[2012/04/06 17:44:17 | 000,000,000 | ---D | M] -- C:\Users\Renan\AppData\Roaming\Broad Intelligence
[2012/10/20 17:23:33 | 000,000,000 | ---D | M] -- C:\Users\Renan\AppData\Roaming\CasaPortale.de
[2012/05/15 01:01:59 | 000,000,000 | ---D | M] -- C:\Users\Renan\AppData\Roaming\CrystalIdea Software
[2011/08/30 19:05:03 | 000,000,000 | ---D | M] -- C:\Users\Renan\AppData\Roaming\DMCache
[2012/06/02 13:23:51 | 000,000,000 | ---D | M] -- C:\Users\Renan\AppData\Roaming\Dropbox
[2012/06/02 00:28:22 | 000,000,000 | ---D | M] -- C:\Users\Renan\AppData\Roaming\Ex-Sight.com
[2012/01/21 11:13:12 | 000,000,000 | ---D | M] -- C:\Users\Renan\AppData\Roaming\Flickr
[2012/03/10 16:20:28 | 000,000,000 | ---D | M] -- C:\Users\Renan\AppData\Roaming\Foxit Software
[2011/12/19 21:11:38 | 000,000,000 | ---D | M] -- C:\Users\Renan\AppData\Roaming\GameConsole
[2012/06/05 22:05:05 | 000,000,000 | ---D | M] -- C:\Users\Renan\AppData\Roaming\gpdf2swf
[2012/05/30 23:46:30 | 000,000,000 | ---D | M] -- C:\Users\Renan\AppData\Roaming\GrabPro
[2012/08/07 05:42:18 | 000,000,000 | ---D | M] -- C:\Users\Renan\AppData\Roaming\IDM
[2012/08/05 21:57:06 | 000,000,000 | ---D | M] -- C:\Users\Renan\AppData\Roaming\ImgBurn
[2012/08/17 23:50:51 | 000,000,000 | ---D | M] -- C:\Users\Renan\AppData\Roaming\Jaran Nilsen
[2012/12/31 02:08:11 | 000,000,000 | ---D | M] -- C:\Users\Renan\AppData\Roaming\LockHunter
[2013/02/03 12:07:06 | 000,000,000 | ---D | M] -- C:\Users\Renan\AppData\Roaming\MiniLyrics
[2012/04/05 01:00:42 | 000,000,000 | ---D | M] -- C:\Users\Renan\AppData\Roaming\Mobile Action
[2011/08/02 21:49:07 | 000,000,000 | ---D | M] -- C:\Users\Renan\AppData\Roaming\MusicBrainz
[2012/05/06 03:34:17 | 000,000,000 | ---D | M] -- C:\Users\Renan\AppData\Roaming\My Battle for Middle-earth Files
[2013/01/22 23:17:05 | 000,000,000 | ---D | M] -- C:\Users\Renan\AppData\Roaming\MyPhoneExplorer
[2012/03/05 01:27:01 | 000,000,000 | ---D | M] -- C:\Users\Renan\AppData\Roaming\Nvu
[2011/08/15 14:22:53 | 000,000,000 | ---D | M] -- C:\Users\Renan\AppData\Roaming\OpenOffice.org
[2013/02/25 17:33:23 | 000,000,000 | ---D | M] -- C:\Users\Renan\AppData\Roaming\Orbit
[2012/03/03 19:14:02 | 000,000,000 | ---D | M] -- C:\Users\Renan\AppData\Roaming\PDF Writer
[2012/10/21 22:11:29 | 000,000,000 | ---D | M] -- C:\Users\Renan\AppData\Roaming\PeerNetworking
[2011/08/02 13:57:32 | 000,000,000 | ---D | M] -- C:\Users\Renan\AppData\Roaming\PhotoFiltre Studio X
[2012/03/03 23:59:34 | 000,000,000 | ---D | M] -- C:\Users\Renan\AppData\Roaming\Pmcc
[2011/09/04 20:41:29 | 000,000,000 | ---D | M] -- C:\Users\Renan\AppData\Roaming\ProgeCAD
[2011/10/24 16:54:16 | 000,000,000 | ---D | M] -- C:\Users\Renan\AppData\Roaming\ProgSense
[2012/08/06 12:19:42 | 000,000,000 | ---D | M] -- C:\Users\Renan\AppData\Roaming\redsn0w
[2012/06/02 13:09:46 | 000,000,000 | ---D | M] -- C:\Users\Renan\AppData\Roaming\Samsung
[2012/05/31 23:02:23 | 000,000,000 | ---D | M] -- C:\Users\Renan\AppData\Roaming\Stardock
[2012/05/05 18:21:19 | 000,000,000 | ---D | M] -- C:\Users\Renan\AppData\Roaming\Stellarium
[2011/07/31 21:16:36 | 000,000,000 | ---D | M] -- C:\Users\Renan\AppData\Roaming\Thunderbird
[2012/09/09 18:28:29 | 000,000,000 | ---D | M] -- C:\Users\Renan\AppData\Roaming\Tibia
[2013/02/07 19:42:16 | 000,000,000 | ---D | M] -- C:\Users\Renan\AppData\Roaming\Transformice
[2013/01/28 22:06:18 | 000,000,000 | ---D | M] -- C:\Users\Renan\AppData\Roaming\uTorrent
[2011/11/07 20:08:48 | 000,000,000 | ---D | M] -- C:\Users\Renan\AppData\Roaming\Windows Live Writer
[2012/04/02 00:35:28 | 000,000,000 | ---D | M] -- C:\Users\Renan\AppData\Roaming\YoWindow

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 212 bytes -> C:\Windows\System32\drivers:GbpKmAp.lst

< End of report >

 

[Broni]

How is firewall issue now?

 

[rnnbe]

Unfortunately the problem still persists: \

"Windows Firewall with advanced Security snap-in failed to load. Error Code 0x6D9"

I don't know what to do anymore

 

[Broni]

Go here: http://support.microsoft.com/kb/2530126 and start with "Method 2" (click on a "+" sign next to it to expand instructions).

 

[Broni]

Still with me?

 

[rnnbe]

Hi Broni! Sorry for delay!
I'll be here more often next days!

Tried Method 2 and it stays the same problem.
I'm getting very sad about it.

Thanks for your help!

 

[Broni]

Let's try repair installation: http://www.sevenforums.com/tutorials/3413-repair-install.html

 

[Broni]

Still with me?

 

[Broni]

This topic is marked as abandoned and closed due to inactivity.
This member will NOT be eligible to receive any more help in malware removal forum.

 

[rnnbe]

Hi Broni! Thanks for your help!
I did everything as you said and it's now solved!

Thank you!

 

[rnnbe]

And I'm sorry for my delay, I haven't got the email alert!

 

[Broni]

Good news