Solved Possible malware

M

mfranco

Posts: 20   +0
Hi,

my browsers keep crashing. I tried to download it and install them again with no sucess. Trying to run spybot and malwarebytes and they just dont start.

All happened after a program asked my authorization to run. I said no and it insisted. After I closed the window, my computer restarted and the problem appeared. Normally crashes when Im trying to write on facebook, msn ou skype and it gives a message saying that it encoutered a problem with a script (resource:///components/nsPrompter.js: 466).

Can you help me? Thanks.
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=========================================

What Windows version is it?
 
For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Next...

Re-run FRST again.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes to your reply.

I'll expect two logs:
- FRST.txt
- Search.txt
 
The bleepingcomputer website seems to be down at the moment. I will try to find the recovery tool elsewhere or I will keep trying until I get it.
 
Here are my logs:

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SISTEMA at 28-07-2012 15:33:16
Running from F:\
Windows 7 Ultimate (X86) OS Language: Portuguese Brazilian
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [288040 2010-04-05] (Alps Electric Co., Ltd.)
HKLM\...\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter [206064 2008-08-26] (SupportSoft, Inc.)
HKLM\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4273976 2012-07-03] (AVAST Software)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [141848 2009-09-23] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [173592 2009-09-23] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [150552 2009-09-23] (Intel Corporation)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe [36864 2007-05-09] (Creative Technology Ltd.)
HKU\MarcosFranco\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\MarcosFranco\...\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun [3514176 2011-11-10] (DT Soft Ltd)
HKU\MarcosFranco\...\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent [1242448 2012-06-02] (Valve Corporation)
HKU\MarcosFranco\...\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
HKU\MarcosFranco\...\Run: [LfvUtauj] C:\Users\MarcosFranco\AppData\Local\dyeijwlv\lfvutauj.exe [x]
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,userinit.exe,C:\Users\MarcosFranco\AppData\Local\dyeijwlv\lfvutauj.exe [x]
Winlogon\Notify\ GbPluginBb: C:\Program Files\GbPlugin\gbieh.dll [X]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{EC92354F-7ADC-4B03-846B-57980CD16282}: [NameServer]211.29.132.12 61.88.88.88

================================ Services (Whitelisted) ==================

2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-07-03] (AVAST Software)
2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [229376 2010-08-19] ()
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
2 GbpSv; C:\PROGRA~1\GbPlugin\GbpSv.exe [214088 2012-05-08] ( )
2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2012-06-03] ()
2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [160944 2012-06-07] (Skype Technologies)
2 sprtsvc_DellSupportCenter; "C:\Program Files\Dell Support Center\bin\sprtsvc.exe" /service /P DellSupportCenter [201968 2008-08-26] (SupportSoft, Inc.)

========================== Drivers (Whitelisted) =============

2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [21256 2012-07-03] (AVAST Software)
2 aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [57656 2012-07-03] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [44784 2012-07-03] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [721000 2012-07-03] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [353688 2012-07-03] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [54232 2012-07-03] (AVAST Software)
1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [239168 2012-01-17] (DT Soft Ltd)
4 epmntdrv; \??\C:\Windows\system32\epmntdrv.sys [14216 2011-07-29] ()
4 EuGdiDrv; \??\C:\Windows\system32\EuGdiDrv.sys [8456 2011-07-29] ()
3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [208896 2010-08-31] (Huawei Technologies Co., Ltd.)
3 ew_hwusbdev; C:\Windows\System32\DRIVERS\ew_hwusbdev.sys [102784 2010-07-27] (Huawei Technologies Co., Ltd.)
0 GbpKm; C:\Windows\System32\drivers\gbpkm.sys [46408 2012-04-04] (GAS Tecnologia)
3 HSFHWAZL; C:\Windows\System32\DRIVERS\HSFHWAZL.sys [211200 2007-08-02] (Conexant Systems, Inc.)
3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [989952 2007-08-02] (Conexant Systems, Inc.)
3 huawei_enumerator; C:\Windows\System32\DRIVERS\ew_jubusenum.sys [72832 2010-07-27] (Huawei Technologies Co., Ltd.)
3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2012-07-28] (Malwarebytes Corporation)
3 Ndisrd; C:\Windows\System32\DRIVERS\gbpndisrd.sys [28880 2012-07-28] (GAS Tecnologia)
3 NdisrdMP; C:\Windows\System32\DRIVERS\gbpndisrd.sys [28880 2012-07-28] (GAS Tecnologia)
3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [581480 2011-09-30] (Microsoft Corporation)
3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [194408 2011-09-30] (Microsoft Corporation)
3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [21864 2011-09-30] (Microsoft Corporation)
3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [19304 2011-09-30] (Microsoft Corporation)

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-28 15:28 - 2012-07-28 15:29 - 00000000 ____D C:\FRST
2012-07-28 02:22 - 2012-07-28 02:22 - 00008408 ____A C:\Windows\System32\Drivers\ndisrd.cat
2012-07-28 02:22 - 2012-07-28 02:22 - 00001398 ____A C:\Windows\System32\Drivers\gas.cer
2012-07-28 02:14 - 2012-07-28 02:14 - 00892822 ____A (Farbar) C:\Users\MarcosFranco\Downloads\FRST.exe
2012-07-27 23:50 - 2012-07-28 00:19 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-07-27 23:50 - 2012-07-27 23:50 - 00001071 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-27 23:50 - 2012-07-27 23:50 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes
2012-07-27 23:50 - 2012-07-27 23:50 - 00000000 ____D C:\Users\MarcosFranco\AppData\Roaming\Malwarebytes
2012-07-27 23:50 - 2012-07-27 23:50 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-27 23:50 - 2012-07-27 23:50 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-07-27 23:50 - 2012-07-03 00:46 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-27 23:43 - 2012-07-27 23:43 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\MarcosFranco\Downloads\mbam-setup-1.62.0.1300.exe
2012-07-27 23:41 - 2012-07-27 23:41 - 00001220 ____A C:\Users\MarcosFranco\Desktop\Spybot - Search & Destroy.lnk
2012-07-27 23:41 - 2012-07-27 23:41 - 00000000 ____D C:\Users\Todos os Usuários\Spybot - Search & Destroy
2012-07-27 23:41 - 2012-07-27 23:41 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-07-27 23:41 - 2012-07-27 23:41 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy
2012-07-27 23:39 - 2012-07-27 23:40 - 16409960 ____A (Safer Networking Limited ) C:\Users\MarcosFranco\Downloads\spybotsd162.exe
2012-07-27 21:14 - 2012-07-28 02:19 - 00000000 ____A C:\Users\MarcosFranco\AppData\Local\karjxvns.log
2012-07-27 21:06 - 2012-07-27 21:06 - 00135507 ____A C:\Users\MarcosFranco\AppData\Local\btaosncw.log
2012-07-27 21:06 - 2012-07-27 21:06 - 00003890 ____A C:\Users\MarcosFranco\AppData\Local\fipaijcq.log
2012-07-27 21:06 - 2012-07-27 21:06 - 00002865 ____A C:\Users\MarcosFranco\AppData\Local\ybgrgoxt.log
2012-07-27 21:04 - 2012-07-27 21:04 - 00000000 ____A C:\Users\MarcosFranco\AppData\Local\oqtwyyir.log
2012-07-27 21:04 - 2012-07-27 21:04 - 00000000 ____A C:\Users\MarcosFranco\AppData\Local\illmbvva.log
2012-07-27 21:02 - 2012-07-28 02:22 - 00028880 ____A (GAS Tecnologia) C:\Windows\System32\Drivers\GbpNdisrd.sys
2012-07-27 21:02 - 2012-07-28 02:14 - 00441440 ____A C:\Users\MarcosFranco\AppData\Local\oyctgdwt.log
2012-07-27 21:00 - 2012-07-27 21:00 - 00004048 ____A C:\Users\MarcosFranco\AppData\Local\rrdhdpir.log
2012-07-27 20:58 - 2012-07-28 02:22 - 00000024 ____A C:\Users\MarcosFranco\AppData\Local\mlinmypg.log
2012-07-27 20:58 - 2012-07-28 02:22 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\dyeijwlv
2012-07-27 20:58 - 2012-07-27 21:04 - 00440304 ____A C:\Users\MarcosFranco\AppData\Local\ncmbivwd.log
2012-07-27 20:58 - 2012-07-27 20:58 - 00093424 ____A C:\Users\MarcosFranco\0.7307799444412308.exe
2012-07-27 20:58 - 2012-07-27 20:58 - 00000064 ____A C:\Users\Todos os Usuários\amqlknth.log
2012-07-27 20:58 - 2012-07-27 20:58 - 00000064 ____A C:\Users\All Users\amqlknth.log
2012-07-27 10:32 - 2012-07-27 10:32 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{CB14558E-0CD4-4319-8E5C-6A3ED09BFE44}
2012-07-27 10:32 - 2012-07-27 10:32 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{921157F7-CECF-40F7-98F1-FDF2C66E5D4F}
2012-07-26 22:31 - 2012-07-26 22:32 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{15305FCE-6AD9-479A-9FF6-5E5E46C0499B}
2012-07-26 22:31 - 2012-07-26 22:31 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{642EF5D7-57EE-4DDC-A470-C1FD43257565}
2012-07-26 10:31 - 2012-07-26 10:31 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{CE50DF5F-C210-45FE-9331-CE7E778002CE}
2012-07-26 10:31 - 2012-07-26 10:31 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{A978560A-9816-4A3B-8108-B6236690622E}
2012-07-25 22:30 - 2012-07-25 22:30 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{2BDB86E1-FC82-4B82-983B-1334115E8867}
2012-07-25 22:29 - 2012-07-25 22:30 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{78957544-9AE6-4637-BFAF-93AA62502D35}
2012-07-25 22:29 - 2011-01-13 21:47 - 00002200 ____A C:\Users\MarcosFranco\Desktop\Setup wireless@SCU.lnk
2012-07-25 10:06 - 2012-07-25 10:06 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\Kobo
2012-07-25 10:05 - 2012-07-25 10:05 - 00000979 ____A C:\Users\Public\Desktop\Kobo.lnk
2012-07-25 10:04 - 2012-07-25 10:06 - 00000000 ____D C:\Windows\tmp
2012-07-25 10:03 - 2012-07-25 10:05 - 00000000 ____D C:\Program Files\Kobo
2012-07-25 09:59 - 2012-07-25 10:00 - 70250178 ____A C:\Users\MarcosFranco\Downloads\kobosetup.exe
2012-07-25 09:40 - 2012-07-25 09:41 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{E53240AF-C645-4B0A-93E3-D58684554C5F}
2012-07-25 09:40 - 2012-07-25 09:40 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{8C1A4D2B-0B46-4AEE-A944-3945439701DE}
2012-07-24 21:40 - 2012-07-24 21:40 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{CEE225C8-9002-4C5E-AD72-BF5B462C0891}
2012-07-24 21:40 - 2012-07-24 21:40 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{63ADCB0D-BE45-4AE0-8156-E3E35DBAED2A}
2012-07-24 09:39 - 2012-07-24 09:40 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{BA2BD716-C618-403F-B911-7C468FC2EA9A}
2012-07-24 09:39 - 2012-07-24 09:39 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{E35D4340-1DF6-40CC-B2A2-42561B7B1429}
2012-07-23 21:39 - 2012-07-23 21:39 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{4E74E366-5AC1-49B3-A61E-DB174DEFFC40}
2012-07-23 00:23 - 2012-07-23 00:23 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{9B4FF7B6-0327-4363-87FB-E1BDF42ED4AF}
2012-07-23 00:23 - 2011-02-19 02:33 - 00802304 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2012-07-23 00:21 - 2012-07-23 00:23 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{110B8E60-1AF3-4FCA-A471-D47A345E26B6}
2012-07-22 10:28 - 2012-07-22 10:28 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{3083EF15-42D5-4F38-9677-A58AA1FED4AB}
2012-07-22 10:28 - 2012-07-22 10:28 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{1EDF86D1-10DB-45E4-83F7-549B344640CF}
2012-07-21 22:27 - 2012-07-21 22:27 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{F4137EF0-636A-4143-8823-7DEEC2C4093B}
2012-07-21 22:27 - 2012-07-21 22:27 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{98C49697-E9A7-4D4B-9811-382789F8951B}
2012-07-21 10:27 - 2012-07-21 10:27 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{BA514EF8-C44F-4EC2-BCC5-900C58E6AE84}
2012-07-21 10:26 - 2012-07-21 10:27 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{5B1A45FF-B1D7-4DE5-8CC5-34E001E324FD}
2012-07-21 04:10 - 2012-07-21 04:10 - 00000000 ____D C:\Users\MarcosFranco\AbiSuite
2012-07-21 04:09 - 2012-07-21 04:10 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\Plagius
2012-07-21 04:09 - 2012-07-21 04:09 - 00001873 ____A C:\Users\Public\Desktop\Plagius - Detector de Plágio.lnk
2012-07-21 04:09 - 2012-07-21 04:09 - 00000000 ____D C:\Program Files\Plagius
2012-07-20 22:26 - 2012-07-20 22:26 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{772EAC3B-A9EC-473D-BF2E-5BDFD064C781}
2012-07-20 22:26 - 2012-07-20 22:26 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{30E713E4-4035-44A1-8D37-5B1FF9A80485}
2012-07-20 10:26 - 2012-07-20 10:26 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{CC4E25D8-0BCC-4E08-ADE2-571F46194274}
2012-07-20 10:25 - 2012-07-20 10:26 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{276E50DA-5E5C-47E4-93B7-CAAE6E58D696}
2012-07-19 22:25 - 2012-07-19 22:25 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{C8C655C5-096D-4D2E-9B6F-7CA36C5FEBE1}
2012-07-19 22:25 - 2012-07-19 22:25 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{6C239332-4E0A-4AA5-A48E-972732931D0C}
2012-07-19 10:25 - 2012-07-19 10:25 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{5BAC9B36-E9F8-443F-9FF9-2227D6131BEC}
2012-07-19 10:24 - 2012-07-19 10:25 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{F71F872E-CFA2-4008-84B0-8026D82CC1D8}
2012-07-18 22:24 - 2012-07-18 22:24 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{3EAAA2AB-E99D-4DAD-8A9E-3ABDD3142435}
2012-07-18 22:20 - 2012-07-18 22:24 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{18ABD6A0-9E41-4CF1-BD54-EA4BB3C035DF}
2012-07-18 11:04 - 2012-07-18 11:04 - 00000214 ____A C:\Users\MarcosFranco\Desktop\Sid Meier's Pirates!.url
2012-07-18 10:39 - 2012-07-18 10:39 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\CRE
2012-07-18 10:39 - 2012-07-18 10:39 - 00000000 ____D C:\Program Files\Conduit
2012-07-18 10:38 - 2012-07-18 10:38 - 00000917 ____A C:\Users\Public\Desktop\µTorrent.lnk
2012-07-18 10:38 - 2012-07-18 10:38 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\Conduit
2012-07-18 10:38 - 2012-07-18 10:38 - 00000000 ____D C:\Program Files\uTorrentBar_PT
2012-07-18 05:14 - 2012-07-18 05:14 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{31D7A350-63C0-4E0C-AD14-A19C1307574B}
2012-07-18 05:13 - 2012-07-18 05:14 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{865C6287-F919-4D05-87E5-E3723D3BBD98}
2012-07-17 08:54 - 2012-07-17 08:55 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{8F45F780-F295-4C0A-90C3-9361A7D49BB1}
2012-07-17 08:54 - 2012-07-17 08:54 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{AA869BB9-40AA-476F-A9AC-C31E2D384584}
2012-07-16 20:54 - 2012-07-16 20:54 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{DD74CBED-8437-4A86-8B43-D5B1240611E3}
2012-07-16 20:54 - 2012-07-16 20:54 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{D0F4FF5F-59AB-4C77-90A1-A2122B416925}
2012-07-16 00:19 - 2012-07-16 00:19 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{6C5C3A72-067E-4F6D-8287-FEAB381E388A}
2012-07-16 00:17 - 2012-07-16 00:18 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{C3860E82-A54B-46D4-BCC8-2EFD055DCDA7}
2012-07-15 09:29 - 2012-07-15 09:29 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{6CF74FE9-9BE3-444D-A41A-B421523F1377}
2012-07-15 09:29 - 2012-07-15 09:29 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{47D4DFB1-F898-4419-BC69-A11A3EDB743C}
2012-07-14 21:29 - 2012-07-14 21:29 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{97CFB749-85ED-4C3F-B4E3-D60717CF33C8}
2012-07-14 21:28 - 2012-07-14 21:29 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{455D9A6C-58EC-45A2-BF5B-A63F9968DF03}
2012-07-14 09:06 - 2012-07-14 09:06 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{A0D9FBA7-D283-4F89-BC0A-C4950E987E7D}
2012-07-14 09:06 - 2012-07-14 09:06 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{34F49B01-ECB3-4FEC-8F7F-FE8DD490AA60}
2012-07-13 21:05 - 2012-07-13 21:06 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{04D46911-BEAC-4F0A-93ED-0BD48624E775}
2012-07-13 21:05 - 2012-07-13 21:05 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{67397B1C-919E-4D72-8407-7B853A9CA0E6}
2012-07-13 08:54 - 2012-07-13 08:54 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{CFD1396A-1BA8-414A-9912-852D91A2D713}
2012-07-13 08:54 - 2012-07-13 08:54 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{B9EF515C-F1C4-43F9-8CAD-13C1E3522DD4}
2012-07-12 20:54 - 2012-07-12 20:54 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{14A82037-3A9E-4EC4-97FA-0863424A139C}
2012-07-12 20:54 - 2012-07-12 20:54 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{13ED9C48-D604-4954-99C3-74E360820AB0}
2012-07-12 08:34 - 2012-07-12 08:37 - 00000000 ____D C:\Users\MarcosFranco\Desktop\Mortal Kombat Conquest Season 1
2012-07-12 07:57 - 2012-07-12 07:57 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{CF6EE235-9E34-4E3D-BF75-C2BF33D4A3C6}
2012-07-12 07:57 - 2012-07-12 07:57 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{8AC44468-B3E3-40FE-A9AE-28CE49FD22B1}
2012-07-11 19:57 - 2012-07-11 19:57 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{AEA71E47-E765-425F-8A84-B57E2FB6170B}
2012-07-11 19:56 - 2012-07-11 19:56 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{B7E07671-94D0-49BA-AF28-9FD43AC8EEEE}
2012-07-11 04:57 - 2012-06-02 06:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-11 04:57 - 2012-06-02 05:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-11 04:57 - 2012-06-02 05:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-11 04:57 - 2012-06-02 05:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-11 04:57 - 2012-06-02 05:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-11 04:57 - 2012-06-02 05:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-11 04:57 - 2012-06-02 05:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-11 04:57 - 2012-06-02 05:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-11 04:57 - 2012-06-02 05:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-11 04:57 - 2012-06-02 05:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-11 04:57 - 2012-06-02 05:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-11 04:57 - 2012-06-02 05:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-11 04:57 - 2012-06-02 05:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-11 04:57 - 2012-06-02 05:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-11 04:55 - 2012-06-11 23:44 - 02344448 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-10 22:50 - 2012-06-09 01:46 - 12868608 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 22:50 - 2012-06-06 02:09 - 01389568 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 22:50 - 2012-06-06 02:09 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 22:50 - 2012-06-02 01:51 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-10 22:50 - 2012-06-02 01:51 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 22:50 - 2012-06-02 01:50 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-10 22:50 - 2012-06-02 01:48 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 22:50 - 2012-06-02 01:47 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 22:45 - 2012-07-10 22:45 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{275C2D91-CF51-4695-A0F7-3CD0122BBDF4}
2012-07-10 22:42 - 2012-07-10 22:45 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{8A1ACD92-A5C6-45C3-8F85-4FD40DD7CDE9}
2012-07-10 12:43 - 2010-03-04 01:04 - 00146304 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbvideo.sys
2012-07-10 12:43 - 2010-03-04 00:57 - 00190976 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ks.sys
2012-07-10 12:38 - 2010-09-14 03:07 - 00276992 ____A (Microsoft Corporation) C:\Windows\System32\wcncsvc.dll
2012-07-10 10:37 - 2012-07-10 10:37 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{8EC31118-961E-4062-9598-31B04F267112}
2012-07-10 10:36 - 2012-07-10 10:37 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{967EAB68-AAEA-4036-87B2-F6B3632AC169}
2012-07-09 22:36 - 2012-07-09 22:36 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{571AE1EC-28E7-4D5A-BC22-8169937D81E7}
2012-07-09 22:36 - 2012-07-09 22:36 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{066D1683-015B-4EDB-AC3B-BBD9DFAA3BFC}
2012-07-09 22:10 - 2012-07-09 22:10 - 00000000 __RHD C:\MSOCache
2012-07-09 20:32 - 2012-07-09 20:32 - 00000000 ____D C:\Users\MarcosFranco\AppData\Roaming\Apple Computer
2012-07-09 20:29 - 2012-07-09 20:29 - 00000000 ____D C:\Program Files\Microsoft.NET
2012-07-09 12:15 - 2012-07-18 22:31 - 00000000 ____D C:\Users\Todos os Usuários\VirtualizedApplications
2012-07-09 12:15 - 2012-07-18 22:31 - 00000000 ____D C:\Users\All Users\VirtualizedApplications
2012-07-09 11:26 - 2012-07-09 11:26 - 00000000 ____D C:\Users\Todos os Usuários\Apple
2012-07-09 11:26 - 2012-07-09 11:26 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\Apple
2012-07-09 11:26 - 2012-07-09 11:26 - 00000000 ____D C:\Users\All Users\Apple
2012-07-09 11:26 - 2012-07-09 11:26 - 00000000 ____D C:\Program Files\Common Files\Apple
2012-07-09 11:26 - 2012-07-09 11:26 - 00000000 ____D C:\Program Files\Apple Software Update
2012-07-09 10:35 - 2012-07-09 10:36 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{8418C3AB-62AB-4658-90A5-4E542605D80C}
2012-07-09 10:35 - 2012-07-09 10:35 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{B24E46E4-240E-4596-84A6-96A45EA670B7}
2012-07-09 10:14 - 2011-06-16 01:35 - 00180224 ____A (Microsoft Corporation) C:\Windows\System32\xmllite.dll
2012-07-09 10:14 - 2011-03-25 00:06 - 00284160 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2012-07-09 10:14 - 2011-03-25 00:06 - 00258560 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2012-07-09 10:14 - 2011-03-25 00:06 - 00075776 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2012-07-09 10:14 - 2011-03-25 00:06 - 00043008 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2012-07-09 10:14 - 2011-03-25 00:06 - 00024064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2012-07-09 10:14 - 2011-03-25 00:06 - 00020480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2012-07-09 10:14 - 2011-03-25 00:06 - 00005888 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2012-07-09 10:14 - 2011-02-18 02:33 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\prevhost.exe
2012-07-09 10:14 - 2009-09-26 02:58 - 00194488 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2012-07-09 10:13 - 2012-04-07 08:34 - 02342400 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-07-09 10:13 - 2012-01-03 02:44 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2012-07-09 10:13 - 2011-05-04 01:53 - 01553920 ____A (Microsoft Corporation) C:\Windows\System32\tquery.dll
2012-07-09 10:13 - 2011-05-04 01:52 - 01401856 ____A (Microsoft Corporation) C:\Windows\System32\mssrch.dll
2012-07-09 10:13 - 2011-05-04 01:52 - 00666624 ____A (Microsoft Corporation) C:\Windows\System32\mssvp.dll
2012-07-09 10:13 - 2011-05-04 01:52 - 00428032 ____A (Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
2012-07-09 10:13 - 2011-05-04 01:52 - 00337408 ____A (Microsoft Corporation) C:\Windows\System32\mssph.dll
2012-07-09 10:13 - 2011-05-04 01:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\mssphtb.dll
2012-07-09 10:13 - 2011-05-04 01:52 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe
2012-07-09 10:13 - 2011-05-04 01:52 - 00086528 ____A (Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe
2012-07-09 10:13 - 2011-05-04 01:52 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\msscntrs.dll
2012-07-09 10:13 - 2011-03-12 08:31 - 00442880 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2012-07-09 10:13 - 2011-03-11 02:44 - 01210240 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-07-09 10:13 - 2011-03-11 02:44 - 00146304 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys
2012-07-09 10:13 - 2011-03-11 02:44 - 00143744 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvstor.sys
2012-07-09 10:13 - 2011-03-11 02:44 - 00117120 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvraid.sys
2012-07-09 10:13 - 2011-03-11 02:43 - 00332160 ____A (Intel Corporation) C:\Windows\System32\Drivers\iaStorV.sys
2012-07-09 10:13 - 2011-03-11 02:43 - 00080256 ____A (Advanced Micro Devices) C:\Windows\System32\Drivers\amdsata.sys
2012-07-09 10:13 - 2011-03-11 02:43 - 00022400 ____A (Advanced Micro Devices) C:\Windows\System32\Drivers\amdxata.sys
2012-07-09 10:13 - 2011-03-11 02:39 - 01686016 ____A (Microsoft Corporation) C:\Windows\System32\esent.dll
2012-07-09 10:13 - 2011-03-11 02:37 - 00074240 ____A (Microsoft Corporation) C:\Windows\System32\fsutil.exe
2012-07-09 10:13 - 2011-03-11 01:08 - 00075776 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\USBSTOR.SYS
2012-07-09 10:13 - 2011-02-26 02:33 - 02614784 ____A (Microsoft Corporation) C:\Windows\explorer.exe
2012-07-09 10:13 - 2011-02-24 02:32 - 00288256 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2012-07-09 10:13 - 2010-08-04 03:17 - 00417792 ____A (Microsoft Corporation) C:\Windows\System32\msdri.dll
2012-07-09 10:12 - 2012-05-02 01:52 - 00163328 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-07-09 10:12 - 2012-01-04 06:03 - 00442880 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-07-09 10:12 - 2011-04-22 16:36 - 00026496 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys
2012-07-09 10:12 - 2010-12-21 02:38 - 00350720 ____A (Microsoft Corporation) C:\Windows\System32\winhttp.dll
2012-07-09 10:12 - 2010-12-21 02:38 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\WebClnt.dll
2012-07-09 10:12 - 2010-12-21 02:38 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\upnp.dll
2012-07-09 10:12 - 2010-12-21 02:38 - 00073728 ____A (Microsoft Corporation) C:\Windows\System32\wscsvc.dll
2012-07-09 10:12 - 2010-12-21 02:38 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\wscapi.dll
2012-07-09 10:12 - 2010-12-21 02:38 - 00014336 ____A (Microsoft Corporation) C:\Windows\System32\slwga.dll
2012-07-09 10:12 - 2010-12-21 02:34 - 00080384 ____A (Microsoft Corporation) C:\Windows\System32\davclnt.dll
2012-07-09 10:12 - 2010-01-18 20:29 - 00369152 ____A (Microsoft Corporation) C:\Windows\System32\secproc.dll
2012-07-09 10:12 - 2010-01-18 20:29 - 00365568 ____A (Microsoft Corporation) C:\Windows\System32\secproc_isv.dll
2012-07-09 10:12 - 2010-01-18 20:29 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\secproc_ssp_isv.dll
2012-07-09 10:12 - 2010-01-18 20:29 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\secproc_ssp.dll
2012-07-09 10:12 - 2010-01-18 20:28 - 00324608 ____A (Microsoft Corporation) C:\Windows\System32\RMActivate_isv.exe
2012-07-09 10:12 - 2010-01-18 20:28 - 00320512 ____A (Microsoft Corporation) C:\Windows\System32\RMActivate.exe
2012-07-09 10:12 - 2010-01-18 20:28 - 00280064 ____A (Microsoft Corporation) C:\Windows\System32\RMActivate_ssp.exe
2012-07-09 10:12 - 2010-01-18 20:28 - 00277504 ____A (Microsoft Corporation) C:\Windows\System32\RMActivate_ssp_isv.exe
2012-07-09 10:10 - 2012-04-24 01:47 - 01156608 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-07-09 10:10 - 2012-04-24 01:47 - 00139264 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-07-09 10:10 - 2012-04-24 01:47 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-07-09 10:09 - 2011-02-03 02:45 - 00219008 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2012-07-09 10:09 - 2010-11-02 01:46 - 00728448 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2012-07-09 10:09 - 2010-11-02 01:23 - 00107520 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2012-07-09 10:03 - 2012-07-28 02:19 - 00000000 ____D C:\Users\MarcosFranco\AppData\Roaming\SoftGrid Client
2012-07-09 10:03 - 2012-07-09 10:04 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\SoftGrid Client
2012-07-09 10:02 - 2012-07-09 10:02 - 00000000 ____D C:\Program Files\Microsoft Office
2012-07-09 10:02 - 2012-07-09 10:02 - 00000000 ____D C:\Program Files\Microsoft Application Virtualization Client
2012-07-09 10:01 - 2012-07-09 10:04 - 00000000 ____D C:\Users\MarcosFranco\AppData\Roaming\TP
2012-07-09 06:32 - 2012-07-27 21:42 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\Google
2012-07-09 06:32 - 2012-07-12 21:11 - 00002290 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-07-08 22:35 - 2012-07-08 22:35 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{E27CE0AD-DE41-445E-912C-C096EFB856EA}
2012-07-08 22:35 - 2012-07-08 22:35 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{B9BCF935-E378-47FC-BB92-88A88E1D27E4}
2012-07-08 10:34 - 2012-07-08 10:34 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{E7917216-7774-47CC-AC8E-0EDB9518916F}
2012-07-08 10:34 - 2012-07-08 10:34 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{6DA2C63F-46A2-4B45-B60A-3435C9C80DB9}
2012-07-07 22:34 - 2012-07-07 22:34 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{E0E949E7-4914-495F-A803-706057CA7A26}
2012-07-07 22:34 - 2012-07-07 22:34 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{CC94327B-780D-489D-ADBC-0FF024F20E8D}
2012-07-07 12:22 - 2012-07-07 12:22 - 00003119 ____A C:\Users\MarcosFranco\Desktop\BANG!.lnk
2012-07-07 12:21 - 2012-07-07 12:21 - 00000000 ____D C:\Program Files\SpinVector
2012-07-07 10:33 - 2012-07-07 10:33 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{D970F667-469C-4577-B7C8-FB30FF54D995}
2012-07-07 10:33 - 2012-07-07 10:33 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{86C5FF4F-F0E8-4B1F-AB98-FD5BCED3A805}
2012-07-07 06:09 - 2009-09-10 02:52 - 00257024 ____A (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2012-07-07 06:04 - 2009-11-24 23:47 - 01130824 ____A (Microsoft Corporation) C:\Windows\System32\dfshim.dll
2012-07-07 06:04 - 2009-11-24 23:47 - 00297808 ____A (Microsoft Corporation) C:\Windows\System32\mscoree.dll
2012-07-07 06:04 - 2009-11-24 23:47 - 00295264 ____A (Microsoft Corporation) C:\Windows\System32\PresentationHost.exe
2012-07-07 06:04 - 2009-11-24 23:47 - 00099176 ____A (Microsoft Corporation) C:\Windows\System32\PresentationHostProxy.dll
2012-07-07 06:04 - 2009-11-24 23:47 - 00049472 ____A (Microsoft Corporation) C:\Windows\System32\netfxperf.dll
2012-07-07 05:53 - 2012-07-11 04:55 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-07 05:39 - 2012-03-01 02:53 - 00019312 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-07-07 05:39 - 2012-03-01 02:49 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-07-07 05:39 - 2012-03-01 02:45 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-07-07 05:39 - 2012-03-01 02:40 - 00005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-07-07 05:36 - 2012-07-07 05:36 - 00000000 ____D C:\Windows\System32\x64
2012-07-07 05:36 - 2009-09-23 06:30 - 01002008 ____A (Intel Corporation) C:\Windows\System32\igxpun.exe
2012-07-07 05:27 - 2012-04-02 01:46 - 03958128 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-07-07 05:27 - 2012-04-02 01:46 - 03902320 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-07-07 05:27 - 2011-11-05 01:30 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-07-07 05:27 - 2011-02-12 02:30 - 00191488 ____A (Microsoft Corporation) C:\Windows\System32\FXSCOVER.exe
2012-07-07 05:27 - 2010-12-23 02:28 - 00850432 ____A (Microsoft Corporation) C:\Windows\System32\sbe.dll
2012-07-07 05:27 - 2010-12-23 02:28 - 00642048 ____A (Microsoft Corporation) C:\Windows\System32\CPFilters.dll
2012-07-07 05:27 - 2010-12-23 02:24 - 00199680 ____A (Microsoft Corporation) C:\Windows\System32\mpg2splt.ax
2012-07-07 05:27 - 2010-08-21 02:32 - 00316928 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2012-07-07 05:26 - 2012-04-28 00:19 - 00177152 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-07-07 05:26 - 2011-11-17 02:39 - 00314368 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
2012-07-07 05:26 - 2011-11-17 02:39 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2012-07-07 05:26 - 2011-11-17 02:39 - 00022016 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
2012-07-07 05:26 - 2011-11-17 02:39 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2012-07-07 05:26 - 2011-11-17 02:38 - 01037312 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2012-07-07 05:26 - 2011-11-17 02:36 - 00022528 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
2012-07-07 05:26 - 2011-10-26 01:28 - 01328640 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll
2012-07-07 05:26 - 2011-10-26 01:28 - 00514560 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-07-07 05:26 - 2011-07-16 01:37 - 00169984 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-07-07 05:26 - 2011-07-16 01:34 - 00868352 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-07-07 05:26 - 2011-07-16 01:34 - 00290816 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-07-07 05:26 - 2011-07-16 01:31 - 00271360 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-07-07 05:26 - 2011-07-16 01:19 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-07-07 05:26 - 2011-07-16 01:19 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-07-07 05:26 - 2011-07-16 01:19 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-07-07 05:26 - 2011-07-16 01:19 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-07-07 05:26 - 2011-07-16 01:19 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-07-07 05:26 - 2011-07-16 01:19 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-07-07 05:26 - 2011-07-16 01:19 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-07-07 05:26 - 2011-07-16 01:19 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-07-07 05:26 - 2011-07-16 01:19 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-07-07 05:26 - 2011-07-16 01:19 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-07-07 05:26 - 2011-07-16 01:19 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-07-07 05:26 - 2011-07-16 01:19 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-07-07 05:26 - 2011-07-16 01:19 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-07-07 05:26 - 2011-07-16 01:19 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-07-07 05:26 - 2011-07-16 01:19 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-07-07 05:26 - 2011-07-16 01:19 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-07-07 05:26 - 2011-07-16 01:19 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-07-07 05:26 - 2011-07-16 01:19 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-07-07 05:26 - 2011-07-16 01:19 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-07-07 05:26 - 2011-07-16 01:19 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-07-07 05:26 - 2011-07-16 01:19 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-07-07 05:26 - 2011-07-16 01:19 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-07-07 05:26 - 2011-07-16 01:19 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-07-07 05:26 - 2011-07-16 01:19 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-07-07 05:26 - 2011-07-15 23:21 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-07-07 05:26 - 2011-07-15 23:21 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-07-07 05:26 - 2011-07-15 23:21 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-07-07 05:26 - 2011-07-15 23:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-07-07 05:26 - 2010-10-16 01:34 - 00573440 ____A (Microsoft Corporation) C:\Windows\System32\odbc32.dll
2012-07-07 05:26 - 2010-08-31 01:32 - 00954752 ____A (Microsoft Corporation) C:\Windows\System32\mfc40.dll
2012-07-07 05:26 - 2010-08-31 01:32 - 00954288 ____A (Microsoft Corporation) C:\Windows\System32\mfc40u.dll
2012-07-07 05:26 - 2009-10-19 11:10 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2012-07-07 05:26 - 2009-09-03 04:04 - 01320960 ____A (Microsoft Corporation) C:\Windows\System32\CertEnroll.dll
2012-07-07 05:26 - 2009-08-19 04:20 - 00507568 ____A (Microsoft Corporation) C:\Windows\System32\winload.exe
2012-07-07 05:26 - 2009-08-19 04:20 - 00442920 ____A (Microsoft Corporation) C:\Windows\System32\winresume.exe
2012-07-07 05:25 - 2012-03-30 07:29 - 01287024 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-07-07 05:25 - 2012-03-03 02:40 - 01170944 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-07-07 05:25 - 2012-03-03 02:40 - 01074176 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-07-07 05:25 - 2012-03-03 02:40 - 00739840 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-07-07 05:25 - 2012-03-03 02:40 - 00218624 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-07-07 05:25 - 2012-03-03 02:40 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-07-07 05:25 - 2012-02-15 02:44 - 00826368 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-07-07 05:25 - 2012-02-15 01:22 - 00024064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-07-07 05:25 - 2011-11-17 02:41 - 01288984 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2012-07-07 05:25 - 2011-10-15 02:48 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2012-07-07 05:25 - 2011-07-08 23:26 - 00222720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2012-07-07 05:25 - 2011-05-03 23:43 - 00123392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2012-07-07 05:25 - 2011-05-03 23:43 - 00096256 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2012-07-07 05:25 - 2011-04-28 23:57 - 00311296 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys
2012-07-07 05:25 - 2011-04-28 23:57 - 00309760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2012-07-07 05:25 - 2011-04-28 23:57 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2012-07-07 05:25 - 2011-04-24 23:35 - 00338944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2012-07-07 05:25 - 2011-04-09 02:56 - 00123904 ____A (Microsoft Corporation) C:\Windows\System32\poqexec.exe
2012-07-07 05:25 - 2011-03-11 02:40 - 01164288 ____A (Microsoft Corporation) C:\Windows\System32\mfc42u.dll
2012-07-07 05:25 - 2011-03-11 02:40 - 01137664 ____A (Microsoft Corporation) C:\Windows\System32\mfc42.dll
2012-07-07 05:25 - 2011-02-19 02:32 - 00034304 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-07-07 05:25 - 2011-02-19 00:37 - 00294912 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-07-07 05:25 - 2010-12-18 02:30 - 02690560 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2012-07-07 05:25 - 2010-12-18 02:29 - 00541184 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-07-07 05:25 - 2010-12-18 02:26 - 01034240 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2012-07-07 05:25 - 2010-11-02 01:41 - 00351232 ____A (Microsoft Corporation) C:\Windows\System32\wmicmiplugin.dll
2012-07-07 05:25 - 2010-11-02 01:40 - 00496128 ____A (Microsoft Corporation) C:\Windows\System32\taskschd.dll
2012-07-07 05:25 - 2010-11-02 01:40 - 00305152 ____A (Microsoft Corporation) C:\Windows\System32\taskcomp.dll
2012-07-07 05:25 - 2010-11-02 01:39 - 00749056 ____A (Microsoft Corporation) C:\Windows\System32\schedsvc.dll
2012-07-07 05:25 - 2010-11-02 01:34 - 00192000 ____A (Microsoft Corporation) C:\Windows\System32\taskeng.exe
2012-07-07 05:25 - 2010-11-02 01:34 - 00179712 ____A (Microsoft Corporation) C:\Windows\System32\schtasks.exe
2012-07-07 05:25 - 2010-09-01 01:29 - 11406848 ____A (Microsoft Corporation) C:\Windows\System32\wmp.dll
2012-07-07 05:25 - 2010-09-01 01:23 - 12625408 ____A (Microsoft Corporation) C:\Windows\System32\wmploc.DLL
2012-07-07 05:25 - 2010-08-27 02:46 - 00168448 ____A (Microsoft Corporation) C:\Windows\System32\srvsvc.dll
2012-07-07 05:25 - 2009-12-08 08:32 - 00292864 ____A (Microsoft Corporation) C:\Windows\System32\apphelp.dll
2012-07-07 05:25 - 2009-10-28 03:17 - 00285696 ____A (Microsoft Corporation) C:\Windows\System32\winlogon.exe
2012-07-07 05:24 - 2012-04-26 01:48 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-07-07 05:24 - 2012-04-26 01:48 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-07-07 05:24 - 2012-04-26 01:43 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-07-07 05:24 - 2011-12-16 04:59 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2012-07-07 05:24 - 2011-11-19 11:06 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2012-07-07 05:24 - 2011-10-26 01:25 - 00038912 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2012-07-07 05:24 - 2011-08-27 01:43 - 00571904 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2012-07-07 05:24 - 2011-08-27 01:43 - 00233472 ____A (Microsoft Corporation) C:\Windows\System32\oleacc.dll
2012-07-07 05:24 - 2011-08-17 01:26 - 00465408 ____A (Microsoft Corporation) C:\Windows\System32\psisdecd.dll
2012-07-07 05:24 - 2011-08-17 01:22 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\MSNP.ax
2012-07-07 05:24 - 2011-08-17 01:22 - 00075776 ____A (Microsoft Corporation) C:\Windows\System32\psisrndr.ax
2012-07-07 05:24 - 2011-08-17 01:22 - 00072704 ____A (Microsoft Corporation) C:\Windows\System32\Mpeg2Data.ax
2012-07-07 05:24 - 2011-08-17 01:22 - 00059904 ____A (Microsoft Corporation) C:\Windows\System32\MSDvbNP.ax
2012-07-07 05:24 - 2011-06-15 06:04 - 00319488 ____A (Microsoft Corporation) C:\Windows\System32\odbcjt32.dll
2012-07-07 05:24 - 2011-06-15 06:04 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\odbctrac.dll
2012-07-07 05:24 - 2011-06-15 06:04 - 00122880 ____A (Microsoft Corporation) C:\Windows\System32\odbccp32.dll
2012-07-07 05:24 - 2011-06-15 06:04 - 00086016 ____A (Microsoft Corporation) C:\Windows\System32\odbccu32.dll
2012-07-07 05:24 - 2011-06-15 06:04 - 00081920 ____A (Microsoft Corporation) C:\Windows\System32\odbccr32.dll
2012-07-07 05:24 - 2011-05-24 07:35 - 00294912 ____A (Microsoft Corporation) C:\Windows\System32\umpnpmgr.dll
2012-07-07 05:24 - 2011-05-03 01:50 - 00740864 ____A (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
2012-07-07 05:24 - 2011-04-26 23:33 - 00078336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dfsc.sys
2012-07-07 05:24 - 2011-03-03 02:29 - 00269824 ____A (Microsoft Corporation) C:\Windows\System32\dnsapi.dll
2012-07-07 05:24 - 2011-03-03 02:29 - 00132608 ____A (Microsoft Corporation) C:\Windows\System32\dnsrslvr.dll
2012-07-07 05:24 - 2011-03-03 02:27 - 00028672 ____A (Microsoft Corporation) C:\Windows\System32\dnscacheugc.exe
2012-07-07 05:24 - 2011-02-23 02:05 - 00069632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bowser.sys
2012-07-07 05:24 - 2010-08-26 01:39 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\t2embed.dll
2012-07-07 05:24 - 2010-08-21 02:33 - 00530432 ____A (Microsoft Corporation) C:\Windows\System32\comctl32.dll
2012-07-07 05:24 - 2010-07-29 03:30 - 00197632 ____A (Intel(R) Corporation) C:\Windows\System32\ir32_32.dll
2012-07-07 05:24 - 2010-07-29 03:30 - 00082944 ____A (Radius Inc.) C:\Windows\System32\iccvid.dll
2012-07-07 05:24 - 2010-06-29 02:02 - 01413632 ____A (Microsoft Corporation) C:\Windows\System32\ole32.dll
2012-07-07 05:24 - 2010-05-05 03:46 - 00363520 ____A (Microsoft Corporation) C:\Windows\System32\StructuredQuery.dll
2012-07-07 05:24 - 2009-12-19 06:02 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\avifil32.dll
2012-07-07 05:24 - 2009-12-19 06:02 - 00084480 ____A (Microsoft Corporation) C:\Windows\System32\mciavi32.dll
2012-07-07 05:24 - 2009-12-19 06:02 - 00050176 ____A (Microsoft Corporation) C:\Windows\System32\iyuv_32.dll
2012-07-07 05:24 - 2009-12-19 06:02 - 00031744 ____A (Microsoft Corporation) C:\Windows\System32\msvidc32.dll
2012-07-07 05:24 - 2009-12-19 06:02 - 00022016 ____A (Microsoft Corporation) C:\Windows\System32\msyuv.dll
2012-07-07 05:24 - 2009-12-19 06:02 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\msrle32.dll
2012-07-07 05:24 - 2009-12-19 06:02 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\tsbyuv.dll
2012-07-07 05:24 - 2009-08-29 03:57 - 00034816 ____A (Microsoft Corporation) C:\Windows\System32\msasn1.dll
2012-07-07 05:23 - 2012-03-17 04:20 - 00056688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-07-07 05:23 - 2010-10-16 01:41 - 00101760 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2012-07-07 05:23 - 2010-08-21 02:36 - 00738816 ____A (Microsoft Corporation) C:\Windows\System32\wmpmde.dll
2012-07-07 05:23 - 2010-06-19 03:23 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\rtutils.dll
2012-07-07 05:23 - 2010-03-05 04:42 - 00067584 ____A (Microsoft Corporation) C:\Windows\System32\asycfilt.dll
2012-07-07 05:23 - 2010-01-09 03:52 - 00132608 ____A (Microsoft Corporation) C:\Windows\System32\cabview.dll
2012-07-06 21:55 - 2012-07-06 21:55 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{A1A991B8-D29D-4DCB-A341-F2C2FA22F196}
2012-07-06 21:55 - 2012-07-06 21:55 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{631115FD-759C-4567-9AB9-E68C9BE51250}
2012-07-06 08:56 - 2012-07-06 08:56 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{AC9AFF83-E77E-4C7E-B057-E329F97813B2}
2012-07-06 08:56 - 2012-07-06 08:56 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{336511E5-BE7B-4721-89DF-546940E7344B}
2012-07-05 20:36 - 2012-07-05 20:36 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{F39254FE-C7FC-44BA-9745-5CA6E62D8785}
2012-07-05 20:35 - 2012-07-05 20:36 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{90829E21-BD43-481B-B904-4AA52A226B60}
2012-07-05 08:35 - 2012-07-05 08:35 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{9921CA91-D73A-4928-9ADD-B28A080F0A4F}
2012-07-05 08:35 - 2012-07-05 08:35 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{0D748EC0-375B-4BCD-8A6E-BB4E185D16EE}
2012-07-04 20:35 - 2012-07-04 20:35 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{DC8C351A-B692-45E6-B4AA-D3E83CAA48C8}
2012-07-04 03:37 - 2012-07-04 03:37 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{B074F85E-DD63-4F31-9674-D8F0CCA1DBA8}
2012-07-04 03:36 - 2012-07-04 03:36 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{590C6963-9BF0-4E7B-9415-C8DD79E485B3}

============ 3 Months Modified Files ========================
 
Cont...

============ 3 Months Modified Files ========================

2012-07-28 02:22 - 2012-07-28 02:22 - 00008408 ____A C:\Windows\System32\Drivers\ndisrd.cat
2012-07-28 02:22 - 2012-07-28 02:22 - 00001398 ____A C:\Windows\System32\Drivers\gas.cer
2012-07-28 02:22 - 2012-07-27 21:02 - 00028880 ____A (GAS Tecnologia) C:\Windows\System32\Drivers\GbpNdisrd.sys
2012-07-28 02:22 - 2012-07-27 20:58 - 00000024 ____A C:\Users\MarcosFranco\AppData\Local\mlinmypg.log
2012-07-28 02:21 - 2012-02-27 03:47 - 00001054 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-28 02:21 - 2009-07-14 01:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-28 02:21 - 2009-07-14 01:39 - 00048810 ____A C:\Windows\setupact.log
2012-07-28 02:19 - 2012-07-27 21:14 - 00000000 ____A C:\Users\MarcosFranco\AppData\Local\karjxvns.log
2012-07-28 02:19 - 2012-01-04 14:14 - 01458752 ____A C:\Windows\WindowsUpdate.log
2012-07-28 02:14 - 2012-07-28 02:14 - 00892822 ____A (Farbar) C:\Users\MarcosFranco\Downloads\FRST.exe
2012-07-28 02:14 - 2012-07-27 21:02 - 00441440 ____A C:\Users\MarcosFranco\AppData\Local\oyctgdwt.log
2012-07-28 02:08 - 2012-02-27 03:47 - 00001058 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-28 02:05 - 2012-06-22 12:44 - 00000902 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-28 00:19 - 2012-07-27 23:50 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-07-27 23:50 - 2012-07-27 23:50 - 00001071 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-27 23:43 - 2012-07-27 23:43 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\MarcosFranco\Downloads\mbam-setup-1.62.0.1300.exe
2012-07-27 23:41 - 2012-07-27 23:41 - 00001220 ____A C:\Users\MarcosFranco\Desktop\Spybot - Search & Destroy.lnk
2012-07-27 23:40 - 2012-07-27 23:39 - 16409960 ____A (Safer Networking Limited ) C:\Users\MarcosFranco\Downloads\spybotsd162.exe
2012-07-27 21:47 - 2009-07-13 23:04 - 00002577 ____A C:\Windows\System32\config.nt
2012-07-27 21:11 - 2009-07-14 01:34 - 00014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-27 21:11 - 2009-07-14 01:34 - 00014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-27 21:06 - 2012-07-27 21:06 - 00135507 ____A C:\Users\MarcosFranco\AppData\Local\btaosncw.log
2012-07-27 21:06 - 2012-07-27 21:06 - 00003890 ____A C:\Users\MarcosFranco\AppData\Local\fipaijcq.log
2012-07-27 21:06 - 2012-07-27 21:06 - 00002865 ____A C:\Users\MarcosFranco\AppData\Local\ybgrgoxt.log
2012-07-27 21:04 - 2012-07-27 21:04 - 00000000 ____A C:\Users\MarcosFranco\AppData\Local\oqtwyyir.log
2012-07-27 21:04 - 2012-07-27 21:04 - 00000000 ____A C:\Users\MarcosFranco\AppData\Local\illmbvva.log
2012-07-27 21:04 - 2012-07-27 20:58 - 00440304 ____A C:\Users\MarcosFranco\AppData\Local\ncmbivwd.log
2012-07-27 21:00 - 2012-07-27 21:00 - 00004048 ____A C:\Users\MarcosFranco\AppData\Local\rrdhdpir.log
2012-07-27 20:58 - 2012-07-27 20:58 - 00093424 ____A C:\Users\MarcosFranco\0.7307799444412308.exe
2012-07-27 20:58 - 2012-07-27 20:58 - 00000064 ____A C:\Users\Todos os Usuários\amqlknth.log
2012-07-27 20:58 - 2012-07-27 20:58 - 00000064 ____A C:\Users\All Users\amqlknth.log
2012-07-27 04:05 - 2012-06-22 12:43 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-07-27 04:05 - 2012-01-04 14:56 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-07-25 10:05 - 2012-07-25 10:05 - 00000979 ____A C:\Users\Public\Desktop\Kobo.lnk
2012-07-25 10:05 - 2012-01-04 14:45 - 00008822 ____A C:\Windows\DPINST.LOG
2012-07-25 10:00 - 2012-07-25 09:59 - 70250178 ____A C:\Users\MarcosFranco\Downloads\kobosetup.exe
2012-07-21 04:09 - 2012-07-21 04:09 - 00001873 ____A C:\Users\Public\Desktop\Plagius - Detector de Plágio.lnk
2012-07-21 04:09 - 2012-01-04 14:52 - 00106808 ____A C:\Users\MarcosFranco\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-18 22:19 - 2012-01-04 15:13 - 00012826 ____A C:\Windows\PFRO.log
2012-07-18 11:04 - 2012-07-18 11:04 - 00000214 ____A C:\Users\MarcosFranco\Desktop\Sid Meier's Pirates!.url
2012-07-18 10:38 - 2012-07-18 10:38 - 00000917 ____A C:\Users\Public\Desktop\µTorrent.lnk
2012-07-17 06:11 - 2012-01-04 14:24 - 01546842 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-17 06:11 - 2009-07-14 05:31 - 00673742 ____A C:\Windows\System32\prfh0416.dat
2012-07-17 06:11 - 2009-07-14 05:31 - 00133320 ____A C:\Windows\System32\prfc0416.dat
2012-07-12 21:11 - 2012-07-09 06:32 - 00002290 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-07-11 08:10 - 2012-01-04 14:20 - 00000521 ____A C:\Users\MarcosFranco\Downloads\Desktop.lnk
2012-07-11 08:09 - 2009-07-14 01:33 - 00402720 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 04:55 - 2012-07-07 05:53 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-09 09:35 - 2009-07-13 23:04 - 00000387 ____A C:\Windows\win.ini
2012-07-07 12:22 - 2012-07-07 12:22 - 00003119 ____A C:\Users\MarcosFranco\Desktop\BANG!.lnk
2012-07-03 13:21 - 2012-02-25 21:03 - 00044784 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-07-03 13:21 - 2012-01-04 16:59 - 00721000 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-07-03 13:21 - 2012-01-04 16:59 - 00353688 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-07-03 13:21 - 2012-01-04 16:59 - 00057656 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-07-03 13:21 - 2012-01-04 16:59 - 00054232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-07-03 13:21 - 2012-01-04 16:59 - 00021256 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-07-03 13:21 - 2012-01-04 16:58 - 00227648 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-07-03 13:21 - 2012-01-04 16:58 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-07-03 00:46 - 2012-07-27 23:50 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-19 08:48 - 2012-06-19 08:48 - 00002629 ____A C:\Users\Public\Desktop\PRIMER 6 & PERMANOVA+.lnk
2012-06-19 04:37 - 2012-01-04 14:23 - 00001435 ____A C:\Users\MarcosFranco\AppData\Roaming\WWB7_32.DAT
2012-06-11 23:44 - 2012-07-11 04:55 - 02344448 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-11 10:21 - 2012-06-11 10:20 - 00001255 ___AH C:\Windows\EPMBatch.ept
2012-06-11 10:13 - 2012-06-11 10:13 - 00001392 ____A C:\Users\Public\Desktop\EaseUS Partition Master 9.1.1 Home Edition.lnk
2012-06-09 01:46 - 2012-07-10 22:50 - 12868608 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-06 02:09 - 2012-07-10 22:50 - 01389568 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-06 02:09 - 2012-07-10 22:50 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-03 10:22 - 2012-06-03 10:22 - 00002175 ____A C:\Users\MarcosFranco\Desktop\The Lord of the Rings Online.lnk
2012-06-03 06:35 - 2012-06-03 06:35 - 00283416 ____A C:\Windows\System32\PnkBstrB.xtr
2012-06-03 06:35 - 2012-06-03 06:22 - 00140232 ____A C:\Windows\System32\Drivers\PnkBstrK.sys
2012-06-03 06:35 - 2012-06-03 06:21 - 00283416 ____A C:\Windows\System32\PnkBstrB.exe
2012-06-03 06:30 - 2012-06-03 06:21 - 00189248 ____A C:\Windows\System32\PnkBstrB.ex0
2012-06-03 06:30 - 2012-06-03 06:21 - 00138904 ____A C:\Users\MarcosFranco\AppData\Roaming\PnkBstrK.sys
2012-06-03 06:30 - 2012-06-03 06:21 - 00076888 ____A C:\Windows\System32\PnkBstrA.exe
2012-06-03 06:29 - 2012-06-03 06:20 - 00128790 ____A C:\Windows\DirectX.log
2012-06-03 05:59 - 2012-01-09 14:07 - 00005632 ____A C:\Users\MarcosFranco\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-02 19:19 - 2012-06-21 20:41 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 19:19 - 2012-06-21 20:41 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 19:19 - 2012-06-21 20:41 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 19:19 - 2012-06-21 20:40 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 19:19 - 2012-06-21 20:40 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 19:12 - 2012-06-21 20:41 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 19:12 - 2012-06-21 20:40 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 12:55 - 2012-06-02 12:44 - 00000875 ____A C:\Users\Public\Desktop\Steam.lnk
2012-06-02 06:07 - 2012-07-11 04:57 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 05:43 - 2012-07-11 04:57 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 05:33 - 2012-07-11 04:57 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 05:26 - 2012-07-11 04:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 05:25 - 2012-07-11 04:57 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 05:25 - 2012-07-11 04:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 05:23 - 2012-07-11 04:57 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 05:21 - 2012-07-11 04:57 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 05:20 - 2012-07-11 04:57 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 05:19 - 2012-07-11 04:57 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 05:19 - 2012-07-11 04:57 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 05:17 - 2012-07-11 04:57 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 05:16 - 2012-07-11 04:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 05:14 - 2012-07-11 04:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 02:19 - 2012-06-21 20:40 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 02:12 - 2012-06-21 20:40 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 01:51 - 2012-07-10 22:50 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-02 01:51 - 2012-07-10 22:50 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-02 01:50 - 2012-07-10 22:50 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-02 01:48 - 2012-07-10 22:50 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-02 01:47 - 2012-07-10 22:50 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-05-30 23:25 - 2012-01-04 14:50 - 00237072 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-24 10:59 - 2012-05-24 10:59 - 00037376 ____A (http://libusb-win32.sourceforge.net) C:\Windows\System32\libusb0.dll
2012-05-24 10:59 - 2012-05-24 10:59 - 00021504 ____A (http://libusb-win32.sourceforge.net) C:\Windows\System32\Drivers\libusb0.sys
2012-05-21 05:26 - 2012-05-21 05:26 - 00000000 _RASH C:\MSDOS.SYS
2012-05-21 05:26 - 2012-05-21 05:26 - 00000000 _RASH C:\IO.SYS
2012-05-20 03:29 - 2012-05-20 03:29 - 00001037 ____A C:\Users\Public\Desktop\D-Fend Reloaded.lnk
2012-05-18 03:28 - 2009-07-14 01:53 - 00032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-05-17 11:42 - 2012-05-15 11:55 - 00000006 ____A C:\Users\MarcosFranco\Documents\pastsetup.txt
2012-05-17 04:36 - 2012-06-11 10:13 - 02468520 ____A C:\Windows\System32\BootMan.exe
2012-05-11 04:32 - 2012-03-12 09:58 - 00000110 ____H C:\Users\Todos os Usuários\obid31
2012-05-11 04:32 - 2012-03-12 09:58 - 00000110 ____H C:\Users\All Users\obid31
2012-05-11 04:31 - 2012-05-11 04:31 - 00002052 ____A C:\Users\Public\Desktop\GraphPad InStat 3 (Trial).lnk
2012-05-02 01:52 - 2012-07-09 10:12 - 00163328 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 3062.04 MB
Available physical RAM: 2611.92 MB
Total Pagefile: 3060.32 MB
Available Pagefile: 2622.35 MB
Total Virtual: 2047.88 MB
Available Virtual: 1962.3 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:111.69 GB) (Free:22.33 GB) NTFS
3 Drive f: () (Removable) (Total:0.25 GB) (Free:0.01 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (Reservado pelo Sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

N§ Disco Status Tam. Livre Din. GPT
-------- ------------- ------- ------- --- ---
Disco 0 Online 111 GB 1024 KB
Disco 1 Online 252 MB 0 B

Saindo do Diskpart...


==========================================================

Last Boot: 2012-07-18 07:09

======================= End Of Log ==========================


Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SISTEMA at 2012-07-28 15:34:37
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009-07-13 20:11] - [2009-07-13 22:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\System32\services.exe
[2009-07-13 20:11] - [2009-07-13 22:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

=== End Of Search ===
 
Sorry, had to split the first log because there was a message error saying the post was bigger than the limit.
 
Hi,
for any reason that I don´t know why, the computer is working just fine. Still, since I didnt do anything, I would like your insight about my logs. Just keeping you updated as requested in your rules. Thanks.
 
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next....

Restart normally.

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 

Attachments

  • fixlist.txt
    1.7 KB · Views: 1
Hi Broni,
my brother (who thinks is a computer specialist but I can guarantee you that he is not) used some cleaning tools while I was away (spybot and a malware removal program). According to him he found a trojan horse and now the computer is clean. But I no that it is not. So, if you dont mind, I´m pasting the first two logs again for you to take a look before I use the combofix. Thanks for your time and I´m sorry for this.

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SISTEMA at 29-07-2012 10:47:04
Running from F:\
Windows 7 Ultimate (X86) OS Language: Portuguese Brazilian
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [288040 2010-04-05] (Alps Electric Co., Ltd.)
HKLM\...\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter [206064 2008-08-26] (SupportSoft, Inc.)
HKLM\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4273976 2012-07-03] (AVAST Software)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [141848 2009-09-23] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [173592 2009-09-23] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [150552 2009-09-23] (Intel Corporation)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe [36864 2007-05-09] (Creative Technology Ltd.)
HKU\MarcosFranco\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\MarcosFranco\...\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun [3514176 2011-11-10] (DT Soft Ltd)
HKU\MarcosFranco\...\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent [1242448 2012-06-02] (Valve Corporation)
HKU\MarcosFranco\...\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\MarcosFranco\...\Run: [LfvUtauj] C:\Users\MarcosFranco\AppData\Local\dyeijwlv\lfvutauj.exe [x]
Winlogon\Notify\ GbPluginBb: C:\Program Files\GbPlugin\gbieh.dll [X]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{EC92354F-7ADC-4B03-846B-57980CD16282}: [NameServer]211.29.132.12 61.88.88.88

================================ Services (Whitelisted) ==================

2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-07-03] (AVAST Software)
2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [229376 2010-08-19] ()
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
2 GbpSv; C:\PROGRA~1\GbPlugin\GbpSv.exe [214088 2012-05-08] ( )
2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2012-06-03] ()
2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [160944 2012-06-07] (Skype Technologies)
2 sprtsvc_DellSupportCenter; "C:\Program Files\Dell Support Center\bin\sprtsvc.exe" /service /P DellSupportCenter [201968 2008-08-26] (SupportSoft, Inc.)

========================== Drivers (Whitelisted) =============

2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [21256 2012-07-03] (AVAST Software)
2 aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [57656 2012-07-03] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [44784 2012-07-03] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [721000 2012-07-03] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [353688 2012-07-03] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [54232 2012-07-03] (AVAST Software)
1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [239168 2012-01-17] (DT Soft Ltd)
4 epmntdrv; \??\C:\Windows\system32\epmntdrv.sys [14216 2011-07-29] ()
4 EuGdiDrv; \??\C:\Windows\system32\EuGdiDrv.sys [8456 2011-07-29] ()
3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [208896 2010-08-31] (Huawei Technologies Co., Ltd.)
3 ew_hwusbdev; C:\Windows\System32\DRIVERS\ew_hwusbdev.sys [102784 2010-07-27] (Huawei Technologies Co., Ltd.)
0 GbpKm; C:\Windows\System32\drivers\gbpkm.sys [46408 2012-04-04] (GAS Tecnologia)
3 HSFHWAZL; C:\Windows\System32\DRIVERS\HSFHWAZL.sys [211200 2007-08-02] (Conexant Systems, Inc.)
3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [989952 2007-08-02] (Conexant Systems, Inc.)
3 huawei_enumerator; C:\Windows\System32\DRIVERS\ew_jubusenum.sys [72832 2010-07-27] (Huawei Technologies Co., Ltd.)
3 Ndisrd; C:\Windows\System32\DRIVERS\gbpndisrd.sys [28880 2012-07-28] (GAS Tecnologia)
3 NdisrdMP; C:\Windows\System32\DRIVERS\gbpndisrd.sys [28880 2012-07-28] (GAS Tecnologia)
3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [581480 2011-09-30] (Microsoft Corporation)
3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [194408 2011-09-30] (Microsoft Corporation)
3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [21864 2011-09-30] (Microsoft Corporation)
3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [19304 2011-09-30] (Microsoft Corporation)

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-28 21:43 - 2012-07-28 21:43 - 00008408 ____A C:\Windows\System32\Drivers\ndisrd.cat
2012-07-28 21:43 - 2012-07-28 21:43 - 00001398 ____A C:\Windows\System32\Drivers\gas.cer
2012-07-28 20:47 - 2012-07-28 20:47 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{B1B24E28-C0AF-4132-8210-658185461163}
2012-07-28 20:47 - 2012-07-28 20:47 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{AD75EEA7-0A67-4058-BF31-2D2200B47299}
2012-07-28 15:28 - 2012-07-28 15:29 - 00000000 ____D C:\FRST
2012-07-28 11:04 - 2012-07-28 11:04 - 00000000 ____D C:\Windows\Sun
2012-07-28 02:41 - 2012-07-28 02:41 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{A281EA52-4C74-4E8F-8A52-CF88BBC2A0BC}
2012-07-28 02:40 - 2012-07-28 02:41 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{4D125173-B444-46F6-A7ED-C2E3B5537DE1}
2012-07-28 02:14 - 2012-07-28 02:14 - 00892822 ____A (Farbar) C:\Users\MarcosFranco\Downloads\FRST.exe
2012-07-27 23:50 - 2012-07-27 23:50 - 00001071 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-27 23:50 - 2012-07-27 23:50 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes
2012-07-27 23:50 - 2012-07-27 23:50 - 00000000 ____D C:\Users\MarcosFranco\AppData\Roaming\Malwarebytes
2012-07-27 23:50 - 2012-07-27 23:50 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-27 23:50 - 2012-07-27 23:50 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-07-27 23:50 - 2012-07-03 00:46 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-27 23:43 - 2012-07-27 23:43 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\MarcosFranco\Downloads\mbam-setup-1.62.0.1300.exe
2012-07-27 23:41 - 2012-07-28 04:32 - 00000000 ____D C:\Users\Todos os Usuários\Spybot - Search & Destroy
2012-07-27 23:41 - 2012-07-28 04:32 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-07-27 23:41 - 2012-07-28 04:13 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy
2012-07-27 23:41 - 2012-07-27 23:41 - 00001220 ____A C:\Users\MarcosFranco\Desktop\Spybot - Search & Destroy.lnk
2012-07-27 23:39 - 2012-07-27 23:40 - 16409960 ____A (Safer Networking Limited ) C:\Users\MarcosFranco\Downloads\spybotsd162.exe
2012-07-27 21:14 - 2012-07-28 02:19 - 00000000 ____A C:\Users\MarcosFranco\AppData\Local\karjxvns.log
2012-07-27 21:06 - 2012-07-27 21:06 - 00135507 ____A C:\Users\MarcosFranco\AppData\Local\btaosncw.log
2012-07-27 21:06 - 2012-07-27 21:06 - 00003890 ____A C:\Users\MarcosFranco\AppData\Local\fipaijcq.log
2012-07-27 21:06 - 2012-07-27 21:06 - 00002865 ____A C:\Users\MarcosFranco\AppData\Local\ybgrgoxt.log
2012-07-27 21:04 - 2012-07-27 21:04 - 00000000 ____A C:\Users\MarcosFranco\AppData\Local\oqtwyyir.log
2012-07-27 21:04 - 2012-07-27 21:04 - 00000000 ____A C:\Users\MarcosFranco\AppData\Local\illmbvva.log
2012-07-27 21:02 - 2012-07-28 21:43 - 00028880 ____A (GAS Tecnologia) C:\Windows\System32\Drivers\GbpNdisrd.sys
2012-07-27 21:02 - 2012-07-28 02:14 - 00441440 ____A C:\Users\MarcosFranco\AppData\Local\oyctgdwt.log
2012-07-27 21:00 - 2012-07-27 21:00 - 00004048 ____A C:\Users\MarcosFranco\AppData\Local\rrdhdpir.log
2012-07-27 20:58 - 2012-07-28 02:22 - 00000024 ____A C:\Users\MarcosFranco\AppData\Local\mlinmypg.log
2012-07-27 20:58 - 2012-07-28 02:22 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\dyeijwlv
2012-07-27 20:58 - 2012-07-27 21:04 - 00440304 ____A C:\Users\MarcosFranco\AppData\Local\ncmbivwd.log
2012-07-27 20:58 - 2012-07-27 20:58 - 00000064 ____A C:\Users\Todos os Usuários\amqlknth.log
2012-07-27 20:58 - 2012-07-27 20:58 - 00000064 ____A C:\Users\All Users\amqlknth.log
2012-07-27 10:32 - 2012-07-27 10:32 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{CB14558E-0CD4-4319-8E5C-6A3ED09BFE44}
2012-07-27 10:32 - 2012-07-27 10:32 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{921157F7-CECF-40F7-98F1-FDF2C66E5D4F}
2012-07-26 22:31 - 2012-07-26 22:32 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{15305FCE-6AD9-479A-9FF6-5E5E46C0499B}
2012-07-26 22:31 - 2012-07-26 22:31 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{642EF5D7-57EE-4DDC-A470-C1FD43257565}
2012-07-26 10:31 - 2012-07-26 10:31 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{CE50DF5F-C210-45FE-9331-CE7E778002CE}
2012-07-26 10:31 - 2012-07-26 10:31 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{A978560A-9816-4A3B-8108-B6236690622E}
2012-07-25 22:30 - 2012-07-25 22:30 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{2BDB86E1-FC82-4B82-983B-1334115E8867}
2012-07-25 22:29 - 2012-07-25 22:30 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{78957544-9AE6-4637-BFAF-93AA62502D35}
2012-07-25 22:29 - 2011-01-13 21:47 - 00002200 ____A C:\Users\MarcosFranco\Desktop\Setup wireless@SCU.lnk
2012-07-25 10:06 - 2012-07-25 10:06 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\Kobo
2012-07-25 10:05 - 2012-07-25 10:05 - 00000979 ____A C:\Users\Public\Desktop\Kobo.lnk
2012-07-25 10:04 - 2012-07-25 10:06 - 00000000 ____D C:\Windows\tmp
2012-07-25 10:03 - 2012-07-25 10:05 - 00000000 ____D C:\Program Files\Kobo
2012-07-25 09:59 - 2012-07-25 10:00 - 70250178 ____A C:\Users\MarcosFranco\Downloads\kobosetup.exe
2012-07-25 09:40 - 2012-07-25 09:41 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{E53240AF-C645-4B0A-93E3-D58684554C5F}
2012-07-25 09:40 - 2012-07-25 09:40 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{8C1A4D2B-0B46-4AEE-A944-3945439701DE}
2012-07-24 21:40 - 2012-07-24 21:40 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{CEE225C8-9002-4C5E-AD72-BF5B462C0891}
2012-07-24 21:40 - 2012-07-24 21:40 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{63ADCB0D-BE45-4AE0-8156-E3E35DBAED2A}
2012-07-24 09:39 - 2012-07-24 09:40 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{BA2BD716-C618-403F-B911-7C468FC2EA9A}
2012-07-24 09:39 - 2012-07-24 09:39 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{E35D4340-1DF6-40CC-B2A2-42561B7B1429}
2012-07-23 21:39 - 2012-07-23 21:39 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{4E74E366-5AC1-49B3-A61E-DB174DEFFC40}
2012-07-23 00:23 - 2012-07-23 00:23 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{9B4FF7B6-0327-4363-87FB-E1BDF42ED4AF}
2012-07-23 00:23 - 2011-02-19 02:33 - 00802304 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2012-07-23 00:21 - 2012-07-23 00:23 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{110B8E60-1AF3-4FCA-A471-D47A345E26B6}
2012-07-22 10:28 - 2012-07-22 10:28 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{3083EF15-42D5-4F38-9677-A58AA1FED4AB}
2012-07-22 10:28 - 2012-07-22 10:28 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{1EDF86D1-10DB-45E4-83F7-549B344640CF}
2012-07-21 22:27 - 2012-07-21 22:27 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{F4137EF0-636A-4143-8823-7DEEC2C4093B}
2012-07-21 22:27 - 2012-07-21 22:27 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{98C49697-E9A7-4D4B-9811-382789F8951B}
2012-07-21 10:27 - 2012-07-21 10:27 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{BA514EF8-C44F-4EC2-BCC5-900C58E6AE84}
2012-07-21 10:26 - 2012-07-21 10:27 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{5B1A45FF-B1D7-4DE5-8CC5-34E001E324FD}
2012-07-21 04:10 - 2012-07-21 04:10 - 00000000 ____D C:\Users\MarcosFranco\AbiSuite
2012-07-21 04:09 - 2012-07-21 04:10 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\Plagius
2012-07-21 04:09 - 2012-07-21 04:09 - 00001873 ____A C:\Users\Public\Desktop\Plagius - Detector de Plágio.lnk
2012-07-21 04:09 - 2012-07-21 04:09 - 00000000 ____D C:\Program Files\Plagius
2012-07-20 22:26 - 2012-07-20 22:26 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{772EAC3B-A9EC-473D-BF2E-5BDFD064C781}
2012-07-20 22:26 - 2012-07-20 22:26 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{30E713E4-4035-44A1-8D37-5B1FF9A80485}
2012-07-20 10:26 - 2012-07-20 10:26 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{CC4E25D8-0BCC-4E08-ADE2-571F46194274}
2012-07-20 10:25 - 2012-07-20 10:26 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{276E50DA-5E5C-47E4-93B7-CAAE6E58D696}
2012-07-19 22:25 - 2012-07-19 22:25 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{C8C655C5-096D-4D2E-9B6F-7CA36C5FEBE1}
2012-07-19 22:25 - 2012-07-19 22:25 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{6C239332-4E0A-4AA5-A48E-972732931D0C}
2012-07-19 10:25 - 2012-07-19 10:25 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{5BAC9B36-E9F8-443F-9FF9-2227D6131BEC}
2012-07-19 10:24 - 2012-07-19 10:25 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{F71F872E-CFA2-4008-84B0-8026D82CC1D8}
2012-07-18 22:24 - 2012-07-18 22:24 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{3EAAA2AB-E99D-4DAD-8A9E-3ABDD3142435}
2012-07-18 22:20 - 2012-07-18 22:24 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{18ABD6A0-9E41-4CF1-BD54-EA4BB3C035DF}
2012-07-18 11:04 - 2012-07-18 11:04 - 00000214 ____A C:\Users\MarcosFranco\Desktop\Sid Meier's Pirates!.url
2012-07-18 10:39 - 2012-07-18 10:39 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\CRE
2012-07-18 10:39 - 2012-07-18 10:39 - 00000000 ____D C:\Program Files\Conduit
2012-07-18 10:38 - 2012-07-18 10:38 - 00000917 ____A C:\Users\Public\Desktop\µTorrent.lnk
2012-07-18 10:38 - 2012-07-18 10:38 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\Conduit
2012-07-18 10:38 - 2012-07-18 10:38 - 00000000 ____D C:\Program Files\uTorrentBar_PT
2012-07-18 05:14 - 2012-07-18 05:14 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{31D7A350-63C0-4E0C-AD14-A19C1307574B}
2012-07-18 05:13 - 2012-07-18 05:14 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{865C6287-F919-4D05-87E5-E3723D3BBD98}
2012-07-17 08:54 - 2012-07-17 08:55 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{8F45F780-F295-4C0A-90C3-9361A7D49BB1}
2012-07-17 08:54 - 2012-07-17 08:54 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{AA869BB9-40AA-476F-A9AC-C31E2D384584}
2012-07-16 20:54 - 2012-07-16 20:54 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{DD74CBED-8437-4A86-8B43-D5B1240611E3}
2012-07-16 20:54 - 2012-07-16 20:54 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{D0F4FF5F-59AB-4C77-90A1-A2122B416925}
2012-07-16 00:19 - 2012-07-16 00:19 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{6C5C3A72-067E-4F6D-8287-FEAB381E388A}
2012-07-16 00:17 - 2012-07-16 00:18 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{C3860E82-A54B-46D4-BCC8-2EFD055DCDA7}
2012-07-15 09:29 - 2012-07-15 09:29 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{6CF74FE9-9BE3-444D-A41A-B421523F1377}
2012-07-15 09:29 - 2012-07-15 09:29 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{47D4DFB1-F898-4419-BC69-A11A3EDB743C}
2012-07-14 21:29 - 2012-07-14 21:29 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{97CFB749-85ED-4C3F-B4E3-D60717CF33C8}
2012-07-14 21:28 - 2012-07-14 21:29 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{455D9A6C-58EC-45A2-BF5B-A63F9968DF03}
2012-07-14 09:06 - 2012-07-14 09:06 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{A0D9FBA7-D283-4F89-BC0A-C4950E987E7D}
2012-07-14 09:06 - 2012-07-14 09:06 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{34F49B01-ECB3-4FEC-8F7F-FE8DD490AA60}
2012-07-13 21:05 - 2012-07-13 21:06 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{04D46911-BEAC-4F0A-93ED-0BD48624E775}
2012-07-13 21:05 - 2012-07-13 21:05 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{67397B1C-919E-4D72-8407-7B853A9CA0E6}
2012-07-13 08:54 - 2012-07-13 08:54 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{CFD1396A-1BA8-414A-9912-852D91A2D713}
2012-07-13 08:54 - 2012-07-13 08:54 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{B9EF515C-F1C4-43F9-8CAD-13C1E3522DD4}
2012-07-12 20:54 - 2012-07-12 20:54 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{14A82037-3A9E-4EC4-97FA-0863424A139C}
2012-07-12 20:54 - 2012-07-12 20:54 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{13ED9C48-D604-4954-99C3-74E360820AB0}
2012-07-12 08:34 - 2012-07-12 08:37 - 00000000 ____D C:\Users\MarcosFranco\Desktop\Mortal Kombat Conquest Season 1
2012-07-12 07:57 - 2012-07-12 07:57 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{CF6EE235-9E34-4E3D-BF75-C2BF33D4A3C6}
2012-07-12 07:57 - 2012-07-12 07:57 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{8AC44468-B3E3-40FE-A9AE-28CE49FD22B1}
2012-07-11 19:57 - 2012-07-11 19:57 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{AEA71E47-E765-425F-8A84-B57E2FB6170B}
2012-07-11 19:56 - 2012-07-11 19:56 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{B7E07671-94D0-49BA-AF28-9FD43AC8EEEE}
2012-07-11 04:57 - 2012-06-02 06:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-11 04:57 - 2012-06-02 05:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-11 04:57 - 2012-06-02 05:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-11 04:57 - 2012-06-02 05:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-11 04:57 - 2012-06-02 05:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-11 04:57 - 2012-06-02 05:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-11 04:57 - 2012-06-02 05:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-11 04:57 - 2012-06-02 05:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-11 04:57 - 2012-06-02 05:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-11 04:57 - 2012-06-02 05:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-11 04:57 - 2012-06-02 05:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-11 04:57 - 2012-06-02 05:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-11 04:57 - 2012-06-02 05:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-11 04:57 - 2012-06-02 05:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-11 04:55 - 2012-06-11 23:44 - 02344448 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-10 22:50 - 2012-06-09 01:46 - 12868608 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 22:50 - 2012-06-06 02:09 - 01389568 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 22:50 - 2012-06-06 02:09 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 22:50 - 2012-06-02 01:51 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-10 22:50 - 2012-06-02 01:51 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 22:50 - 2012-06-02 01:50 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-10 22:50 - 2012-06-02 01:48 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 22:50 - 2012-06-02 01:47 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 22:45 - 2012-07-10 22:45 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{275C2D91-CF51-4695-A0F7-3CD0122BBDF4}
2012-07-10 22:42 - 2012-07-10 22:45 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{8A1ACD92-A5C6-45C3-8F85-4FD40DD7CDE9}
2012-07-10 12:43 - 2010-03-04 01:04 - 00146304 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbvideo.sys
2012-07-10 12:43 - 2010-03-04 00:57 - 00190976 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ks.sys
2012-07-10 12:38 - 2010-09-14 03:07 - 00276992 ____A (Microsoft Corporation) C:\Windows\System32\wcncsvc.dll
2012-07-10 10:37 - 2012-07-10 10:37 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{8EC31118-961E-4062-9598-31B04F267112}
2012-07-10 10:36 - 2012-07-10 10:37 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{967EAB68-AAEA-4036-87B2-F6B3632AC169}
2012-07-09 22:36 - 2012-07-09 22:36 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{571AE1EC-28E7-4D5A-BC22-8169937D81E7}
2012-07-09 22:36 - 2012-07-09 22:36 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{066D1683-015B-4EDB-AC3B-BBD9DFAA3BFC}
2012-07-09 22:10 - 2012-07-09 22:10 - 00000000 __RHD C:\MSOCache
2012-07-09 20:32 - 2012-07-09 20:32 - 00000000 ____D C:\Users\MarcosFranco\AppData\Roaming\Apple Computer
2012-07-09 20:29 - 2012-07-09 20:29 - 00000000 ____D C:\Program Files\Microsoft.NET
2012-07-09 12:15 - 2012-07-18 22:31 - 00000000 ____D C:\Users\Todos os Usuários\VirtualizedApplications
2012-07-09 12:15 - 2012-07-18 22:31 - 00000000 ____D C:\Users\All Users\VirtualizedApplications
2012-07-09 11:26 - 2012-07-09 11:26 - 00000000 ____D C:\Users\Todos os Usuários\Apple
2012-07-09 11:26 - 2012-07-09 11:26 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\Apple
2012-07-09 11:26 - 2012-07-09 11:26 - 00000000 ____D C:\Users\All Users\Apple
2012-07-09 11:26 - 2012-07-09 11:26 - 00000000 ____D C:\Program Files\Common Files\Apple
2012-07-09 11:26 - 2012-07-09 11:26 - 00000000 ____D C:\Program Files\Apple Software Update
2012-07-09 10:35 - 2012-07-09 10:36 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{8418C3AB-62AB-4658-90A5-4E542605D80C}
2012-07-09 10:35 - 2012-07-09 10:35 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{B24E46E4-240E-4596-84A6-96A45EA670B7}
2012-07-09 10:14 - 2011-06-16 01:35 - 00180224 ____A (Microsoft Corporation) C:\Windows\System32\xmllite.dll
2012-07-09 10:14 - 2011-03-25 00:06 - 00284160 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2012-07-09 10:14 - 2011-03-25 00:06 - 00258560 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2012-07-09 10:14 - 2011-03-25 00:06 - 00075776 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2012-07-09 10:14 - 2011-03-25 00:06 - 00043008 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2012-07-09 10:14 - 2011-03-25 00:06 - 00024064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2012-07-09 10:14 - 2011-03-25 00:06 - 00020480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2012-07-09 10:14 - 2011-03-25 00:06 - 00005888 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2012-07-09 10:14 - 2011-02-18 02:33 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\prevhost.exe
2012-07-09 10:14 - 2009-09-26 02:58 - 00194488 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2012-07-09 10:13 - 2012-04-07 08:34 - 02342400 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-07-09 10:13 - 2012-01-03 02:44 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2012-07-09 10:13 - 2011-05-04 01:53 - 01553920 ____A (Microsoft Corporation) C:\Windows\System32\tquery.dll
2012-07-09 10:13 - 2011-05-04 01:52 - 01401856 ____A (Microsoft Corporation) C:\Windows\System32\mssrch.dll
2012-07-09 10:13 - 2011-05-04 01:52 - 00666624 ____A (Microsoft Corporation) C:\Windows\System32\mssvp.dll
2012-07-09 10:13 - 2011-05-04 01:52 - 00428032 ____A (Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
2012-07-09 10:13 - 2011-05-04 01:52 - 00337408 ____A (Microsoft Corporation) C:\Windows\System32\mssph.dll
2012-07-09 10:13 - 2011-05-04 01:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\mssphtb.dll
2012-07-09 10:13 - 2011-05-04 01:52 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe
2012-07-09 10:13 - 2011-05-04 01:52 - 00086528 ____A (Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe
2012-07-09 10:13 - 2011-05-04 01:52 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\msscntrs.dll
2012-07-09 10:13 - 2011-03-12 08:31 - 00442880 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2012-07-09 10:13 - 2011-03-11 02:44 - 01210240 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-07-09 10:13 - 2011-03-11 02:44 - 00146304 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys
2012-07-09 10:13 - 2011-03-11 02:44 - 00143744 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvstor.sys
2012-07-09 10:13 - 2011-03-11 02:44 - 00117120 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvraid.sys
2012-07-09 10:13 - 2011-03-11 02:43 - 00332160 ____A (Intel Corporation) C:\Windows\System32\Drivers\iaStorV.sys
2012-07-09 10:13 - 2011-03-11 02:43 - 00080256 ____A (Advanced Micro Devices) C:\Windows\System32\Drivers\amdsata.sys
2012-07-09 10:13 - 2011-03-11 02:43 - 00022400 ____A (Advanced Micro Devices) C:\Windows\System32\Drivers\amdxata.sys
2012-07-09 10:13 - 2011-03-11 02:39 - 01686016 ____A (Microsoft Corporation) C:\Windows\System32\esent.dll
2012-07-09 10:13 - 2011-03-11 02:37 - 00074240 ____A (Microsoft Corporation) C:\Windows\System32\fsutil.exe
2012-07-09 10:13 - 2011-03-11 01:08 - 00075776 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\USBSTOR.SYS
2012-07-09 10:13 - 2011-02-26 02:33 - 02614784 ____A (Microsoft Corporation) C:\Windows\explorer.exe
2012-07-09 10:13 - 2011-02-24 02:32 - 00288256 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2012-07-09 10:13 - 2010-08-04 03:17 - 00417792 ____A (Microsoft Corporation) C:\Windows\System32\msdri.dll
2012-07-09 10:12 - 2012-05-02 01:52 - 00163328 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-07-09 10:12 - 2012-01-04 06:03 - 00442880 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-07-09 10:12 - 2011-04-22 16:36 - 00026496 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys
2012-07-09 10:12 - 2010-12-21 02:38 - 00350720 ____A (Microsoft Corporation) C:\Windows\System32\winhttp.dll
2012-07-09 10:12 - 2010-12-21 02:38 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\WebClnt.dll
2012-07-09 10:12 - 2010-12-21 02:38 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\upnp.dll
2012-07-09 10:12 - 2010-12-21 02:38 - 00073728 ____A (Microsoft Corporation) C:\Windows\System32\wscsvc.dll
2012-07-09 10:12 - 2010-12-21 02:38 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\wscapi.dll
2012-07-09 10:12 - 2010-12-21 02:38 - 00014336 ____A (Microsoft Corporation) C:\Windows\System32\slwga.dll
2012-07-09 10:12 - 2010-12-21 02:34 - 00080384 ____A (Microsoft Corporation) C:\Windows\System32\davclnt.dll
2012-07-09 10:12 - 2010-01-18 20:29 - 00369152 ____A (Microsoft Corporation) C:\Windows\System32\secproc.dll
2012-07-09 10:12 - 2010-01-18 20:29 - 00365568 ____A (Microsoft Corporation) C:\Windows\System32\secproc_isv.dll
2012-07-09 10:12 - 2010-01-18 20:29 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\secproc_ssp_isv.dll
2012-07-09 10:12 - 2010-01-18 20:29 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\secproc_ssp.dll
2012-07-09 10:12 - 2010-01-18 20:28 - 00324608 ____A (Microsoft Corporation) C:\Windows\System32\RMActivate_isv.exe
2012-07-09 10:12 - 2010-01-18 20:28 - 00320512 ____A (Microsoft Corporation) C:\Windows\System32\RMActivate.exe
2012-07-09 10:12 - 2010-01-18 20:28 - 00280064 ____A (Microsoft Corporation) C:\Windows\System32\RMActivate_ssp.exe
2012-07-09 10:12 - 2010-01-18 20:28 - 00277504 ____A (Microsoft Corporation) C:\Windows\System32\RMActivate_ssp_isv.exe
2012-07-09 10:10 - 2012-04-24 01:47 - 01156608 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-07-09 10:10 - 2012-04-24 01:47 - 00139264 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-07-09 10:10 - 2012-04-24 01:47 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-07-09 10:09 - 2011-02-03 02:45 - 00219008 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2012-07-09 10:09 - 2010-11-02 01:46 - 00728448 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2012-07-09 10:09 - 2010-11-02 01:23 - 00107520 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2012-07-09 10:03 - 2012-07-28 13:01 - 00000000 ____D C:\Users\MarcosFranco\AppData\Roaming\SoftGrid Client
2012-07-09 10:03 - 2012-07-09 10:04 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\SoftGrid Client
2012-07-09 10:02 - 2012-07-09 10:02 - 00000000 ____D C:\Program Files\Microsoft Office
2012-07-09 10:02 - 2012-07-09 10:02 - 00000000 ____D C:\Program Files\Microsoft Application Virtualization Client
2012-07-09 10:01 - 2012-07-09 10:04 - 00000000 ____D C:\Users\MarcosFranco\AppData\Roaming\TP
2012-07-09 06:32 - 2012-07-27 21:42 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\Google
2012-07-09 06:32 - 2012-07-12 21:11 - 00002290 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-07-08 22:35 - 2012-07-08 22:35 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{E27CE0AD-DE41-445E-912C-C096EFB856EA}
2012-07-08 22:35 - 2012-07-08 22:35 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{B9BCF935-E378-47FC-BB92-88A88E1D27E4}
2012-07-08 10:34 - 2012-07-08 10:34 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{E7917216-7774-47CC-AC8E-0EDB9518916F}
2012-07-08 10:34 - 2012-07-08 10:34 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{6DA2C63F-46A2-4B45-B60A-3435C9C80DB9}
2012-07-07 22:34 - 2012-07-07 22:34 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{E0E949E7-4914-495F-A803-706057CA7A26}
2012-07-07 22:34 - 2012-07-07 22:34 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{CC94327B-780D-489D-ADBC-0FF024F20E8D}
2012-07-07 12:22 - 2012-07-07 12:22 - 00003119 ____A C:\Users\MarcosFranco\Desktop\BANG!.lnk
2012-07-07 12:21 - 2012-07-07 12:21 - 00000000 ____D C:\Program Files\SpinVector
2012-07-07 10:33 - 2012-07-07 10:33 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{D970F667-469C-4577-B7C8-FB30FF54D995}
2012-07-07 10:33 - 2012-07-07 10:33 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{86C5FF4F-F0E8-4B1F-AB98-FD5BCED3A805}
2012-07-07 06:09 - 2009-09-10 02:52 - 00257024 ____A (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2012-07-07 06:04 - 2009-11-24 23:47 - 01130824 ____A (Microsoft Corporation) C:\Windows\System32\dfshim.dll
2012-07-07 06:04 - 2009-11-24 23:47 - 00297808 ____A (Microsoft Corporation) C:\Windows\System32\mscoree.dll
2012-07-07 06:04 - 2009-11-24 23:47 - 00295264 ____A (Microsoft Corporation) C:\Windows\System32\PresentationHost.exe
2012-07-07 06:04 - 2009-11-24 23:47 - 00099176 ____A (Microsoft Corporation) C:\Windows\System32\PresentationHostProxy.dll
2012-07-07 06:04 - 2009-11-24 23:47 - 00049472 ____A (Microsoft Corporation) C:\Windows\System32\netfxperf.dll
2012-07-07 05:53 - 2012-07-11 04:55 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-07 05:39 - 2012-03-01 02:53 - 00019312 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-07-07 05:39 - 2012-03-01 02:49 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-07-07 05:39 - 2012-03-01 02:45 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-07-07 05:39 - 2012-03-01 02:40 - 00005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-07-07 05:36 - 2012-07-07 05:36 - 00000000 ____D C:\Windows\System32\x64
2012-07-07 05:36 - 2009-09-23 06:30 - 01002008 ____A (Intel Corporation) C:\Windows\System32\igxpun.exe
2012-07-07 05:27 - 2012-04-02 01:46 - 03958128 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-07-07 05:27 - 2012-04-02 01:46 - 03902320 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-07-07 05:27 - 2011-11-05 01:30 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-07-07 05:27 - 2011-02-12 02:30 - 00191488 ____A (Microsoft Corporation) C:\Windows\System32\FXSCOVER.exe
2012-07-07 05:27 - 2010-12-23 02:28 - 00850432 ____A (Microsoft Corporation) C:\Windows\System32\sbe.dll
2012-07-07 05:27 - 2010-12-23 02:28 - 00642048 ____A (Microsoft Corporation) C:\Windows\System32\CPFilters.dll
2012-07-07 05:27 - 2010-12-23 02:24 - 00199680 ____A (Microsoft Corporation) C:\Windows\System32\mpg2splt.ax
2012-07-07 05:27 - 2010-08-21 02:32 - 00316928 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2012-07-07 05:26 - 2012-04-28 00:19 - 00177152 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-07-07 05:26 - 2011-11-17 02:39 - 00314368 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
2012-07-07 05:26 - 2011-11-17 02:39 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2012-07-07 05:26 - 2011-11-17 02:39 - 00022016 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
2012-07-07 05:26 - 2011-11-17 02:39 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2012-07-07 05:26 - 2011-11-17 02:38 - 01037312 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2012-07-07 05:26 - 2011-11-17 02:36 - 00022528 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
2012-07-07 05:26 - 2011-10-26 01:28 - 01328640 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll
2012-07-07 05:26 - 2011-10-26 01:28 - 00514560 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-07-07 05:26 - 2011-07-16 01:37 - 00169984 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-07-07 05:26 - 2011-07-16 01:34 - 00868352 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-07-07 05:26 - 2011-07-16 01:34 - 00290816 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-07-07 05:26 - 2011-07-16 01:31 - 00271360 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-07-07 05:26 - 2011-07-16 01:19 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-07-07 05:26 - 2011-07-16 01:19 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-07-07 05:26 - 2011-07-16 01:19 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-07-07 05:26 - 2011-07-16 01:19 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-07-07 05:26 - 2011-07-16 01:19 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-07-07 05:26 - 2011-07-16 01:19 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-07-07 05:26 - 2011-07-16 01:19 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-07-07 05:26 - 2011-07-16 01:19 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-07-07 05:26 - 2011-07-16 01:19 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-07-07 05:26 - 2011-07-16 01:19 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-07-07 05:26 - 2011-07-16 01:19 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-07-07 05:26 - 2011-07-16 01:19 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-07-07 05:26 - 2011-07-16 01:19 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-07-07 05:26 - 2011-07-16 01:19 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-07-07 05:26 - 2011-07-16 01:19 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-07-07 05:26 - 2011-07-16 01:19 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-07-07 05:26 - 2011-07-16 01:19 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-07-07 05:26 - 2011-07-16 01:19 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-07-07 05:26 - 2011-07-16 01:19 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-07-07 05:26 - 2011-07-16 01:19 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-07-07 05:26 - 2011-07-16 01:19 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-07-07 05:26 - 2011-07-16 01:19 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-07-07 05:26 - 2011-07-16 01:19 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-07-07 05:26 - 2011-07-16 01:19 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-07-07 05:26 - 2011-07-15 23:21 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-07-07 05:26 - 2011-07-15 23:21 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-07-07 05:26 - 2011-07-15 23:21 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-07-07 05:26 - 2011-07-15 23:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-07-07 05:26 - 2010-10-16 01:34 - 00573440 ____A (Microsoft Corporation) C:\Windows\System32\odbc32.dll
2012-07-07 05:26 - 2010-08-31 01:32 - 00954752 ____A (Microsoft Corporation) C:\Windows\System32\mfc40.dll
2012-07-07 05:26 - 2010-08-31 01:32 - 00954288 ____A (Microsoft Corporation) C:\Windows\System32\mfc40u.dll
2012-07-07 05:26 - 2009-10-19 11:10 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2012-07-07 05:26 - 2009-09-03 04:04 - 01320960 ____A (Microsoft Corporation) C:\Windows\System32\CertEnroll.dll
2012-07-07 05:26 - 2009-08-19 04:20 - 00507568 ____A (Microsoft Corporation) C:\Windows\System32\winload.exe
2012-07-07 05:26 - 2009-08-19 04:20 - 00442920 ____A (Microsoft Corporation) C:\Windows\System32\winresume.exe
2012-07-07 05:25 - 2012-03-30 07:29 - 01287024 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-07-07 05:25 - 2012-03-03 02:40 - 01170944 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-07-07 05:25 - 2012-03-03 02:40 - 01074176 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-07-07 05:25 - 2012-03-03 02:40 - 00739840 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-07-07 05:25 - 2012-03-03 02:40 - 00218624 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-07-07 05:25 - 2012-03-03 02:40 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-07-07 05:25 - 2012-02-15 02:44 - 00826368 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-07-07 05:25 - 2012-02-15 01:22 - 00024064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-07-07 05:25 - 2011-11-17 02:41 - 01288984 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2012-07-07 05:25 - 2011-10-15 02:48 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2012-07-07 05:25 - 2011-07-08 23:26 - 00222720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2012-07-07 05:25 - 2011-05-03 23:43 - 00123392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2012-07-07 05:25 - 2011-05-03 23:43 - 00096256 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2012-07-07 05:25 - 2011-04-28 23:57 - 00311296 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys
2012-07-07 05:25 - 2011-04-28 23:57 - 00309760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2012-07-07 05:25 - 2011-04-28 23:57 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2012-07-07 05:25 - 2011-04-24 23:35 - 00338944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2012-07-07 05:25 - 2011-04-09 02:56 - 00123904 ____A (Microsoft Corporation) C:\Windows\System32\poqexec.exe
2012-07-07 05:25 - 2011-03-11 02:40 - 01164288 ____A (Microsoft Corporation) C:\Windows\System32\mfc42u.dll
2012-07-07 05:25 - 2011-03-11 02:40 - 01137664 ____A (Microsoft Corporation) C:\Windows\System32\mfc42.dll
2012-07-07 05:25 - 2011-02-19 02:32 - 00034304 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-07-07 05:25 - 2011-02-19 00:37 - 00294912 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-07-07 05:25 - 2010-12-18 02:30 - 02690560 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2012-07-07 05:25 - 2010-12-18 02:29 - 00541184 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-07-07 05:25 - 2010-12-18 02:26 - 01034240 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2012-07-07 05:25 - 2010-11-02 01:41 - 00351232 ____A (Microsoft Corporation) C:\Windows\System32\wmicmiplugin.dll
2012-07-07 05:25 - 2010-11-02 01:40 - 00496128 ____A (Microsoft Corporation) C:\Windows\System32\taskschd.dll
2012-07-07 05:25 - 2010-11-02 01:40 - 00305152 ____A (Microsoft Corporation) C:\Windows\System32\taskcomp.dll
2012-07-07 05:25 - 2010-11-02 01:39 - 00749056 ____A (Microsoft Corporation) C:\Windows\System32\schedsvc.dll
2012-07-07 05:25 - 2010-11-02 01:34 - 00192000 ____A (Microsoft Corporation) C:\Windows\System32\taskeng.exe
2012-07-07 05:25 - 2010-11-02 01:34 - 00179712 ____A (Microsoft Corporation) C:\Windows\System32\schtasks.exe
2012-07-07 05:25 - 2010-09-01 01:29 - 11406848 ____A (Microsoft Corporation) C:\Windows\System32\wmp.dll
2012-07-07 05:25 - 2010-09-01 01:23 - 12625408 ____A (Microsoft Corporation) C:\Windows\System32\wmploc.DLL
2012-07-07 05:25 - 2010-08-27 02:46 - 00168448 ____A (Microsoft Corporation) C:\Windows\System32\srvsvc.dll
2012-07-07 05:25 - 2009-12-08 08:32 - 00292864 ____A (Microsoft Corporation) C:\Windows\System32\apphelp.dll
2012-07-07 05:25 - 2009-10-28 03:17 - 00285696 ____A (Microsoft Corporation) C:\Windows\System32\winlogon.exe
2012-07-07 05:24 - 2012-04-26 01:48 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-07-07 05:24 - 2012-04-26 01:48 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-07-07 05:24 - 2012-04-26 01:43 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-07-07 05:24 - 2011-12-16 04:59 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2012-07-07 05:24 - 2011-11-19 11:06 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2012-07-07 05:24 - 2011-10-26 01:25 - 00038912 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2012-07-07 05:24 - 2011-08-27 01:43 - 00571904 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2012-07-07 05:24 - 2011-08-27 01:43 - 00233472 ____A (Microsoft Corporation) C:\Windows\System32\oleacc.dll
2012-07-07 05:24 - 2011-08-17 01:26 - 00465408 ____A (Microsoft Corporation) C:\Windows\System32\psisdecd.dll
2012-07-07 05:24 - 2011-08-17 01:22 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\MSNP.ax
2012-07-07 05:24 - 2011-08-17 01:22 - 00075776 ____A (Microsoft Corporation) C:\Windows\System32\psisrndr.ax
2012-07-07 05:24 - 2011-08-17 01:22 - 00072704 ____A (Microsoft Corporation) C:\Windows\System32\Mpeg2Data.ax
2012-07-07 05:24 - 2011-08-17 01:22 - 00059904 ____A (Microsoft Corporation) C:\Windows\System32\MSDvbNP.ax
2012-07-07 05:24 - 2011-06-15 06:04 - 00319488 ____A (Microsoft Corporation) C:\Windows\System32\odbcjt32.dll
2012-07-07 05:24 - 2011-06-15 06:04 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\odbctrac.dll
2012-07-07 05:24 - 2011-06-15 06:04 - 00122880 ____A (Microsoft Corporation) C:\Windows\System32\odbccp32.dll
2012-07-07 05:24 - 2011-06-15 06:04 - 00086016 ____A (Microsoft Corporation) C:\Windows\System32\odbccu32.dll
2012-07-07 05:24 - 2011-06-15 06:04 - 00081920 ____A (Microsoft Corporation) C:\Windows\System32\odbccr32.dll
2012-07-07 05:24 - 2011-05-24 07:35 - 00294912 ____A (Microsoft Corporation) C:\Windows\System32\umpnpmgr.dll
2012-07-07 05:24 - 2011-05-03 01:50 - 00740864 ____A (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
2012-07-07 05:24 - 2011-04-26 23:33 - 00078336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dfsc.sys
2012-07-07 05:24 - 2011-03-03 02:29 - 00269824 ____A (Microsoft Corporation) C:\Windows\System32\dnsapi.dll
2012-07-07 05:24 - 2011-03-03 02:29 - 00132608 ____A (Microsoft Corporation) C:\Windows\System32\dnsrslvr.dll
2012-07-07 05:24 - 2011-03-03 02:27 - 00028672 ____A (Microsoft Corporation) C:\Windows\System32\dnscacheugc.exe
2012-07-07 05:24 - 2011-02-23 02:05 - 00069632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bowser.sys
2012-07-07 05:24 - 2010-08-26 01:39 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\t2embed.dll
2012-07-07 05:24 - 2010-08-21 02:33 - 00530432 ____A (Microsoft Corporation) C:\Windows\System32\comctl32.dll
2012-07-07 05:24 - 2010-07-29 03:30 - 00197632 ____A (Intel(R) Corporation) C:\Windows\System32\ir32_32.dll
2012-07-07 05:24 - 2010-07-29 03:30 - 00082944 ____A (Radius Inc.) C:\Windows\System32\iccvid.dll
2012-07-07 05:24 - 2010-06-29 02:02 - 01413632 ____A (Microsoft Corporation) C:\Windows\System32\ole32.dll
2012-07-07 05:24 - 2010-05-05 03:46 - 00363520 ____A (Microsoft Corporation) C:\Windows\System32\StructuredQuery.dll
2012-07-07 05:24 - 2009-12-19 06:02 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\avifil32.dll
2012-07-07 05:24 - 2009-12-19 06:02 - 00084480 ____A (Microsoft Corporation) C:\Windows\System32\mciavi32.dll
2012-07-07 05:24 - 2009-12-19 06:02 - 00050176 ____A (Microsoft Corporation) C:\Windows\System32\iyuv_32.dll
2012-07-07 05:24 - 2009-12-19 06:02 - 00031744 ____A (Microsoft Corporation) C:\Windows\System32\msvidc32.dll
2012-07-07 05:24 - 2009-12-19 06:02 - 00022016 ____A (Microsoft Corporation) C:\Windows\System32\msyuv.dll
2012-07-07 05:24 - 2009-12-19 06:02 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\msrle32.dll
2012-07-07 05:24 - 2009-12-19 06:02 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\tsbyuv.dll
2012-07-07 05:24 - 2009-08-29 03:57 - 00034816 ____A (Microsoft Corporation) C:\Windows\System32\msasn1.dll
2012-07-07 05:23 - 2012-03-17 04:20 - 00056688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-07-07 05:23 - 2010-10-16 01:41 - 00101760 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2012-07-07 05:23 - 2010-08-21 02:36 - 00738816 ____A (Microsoft Corporation) C:\Windows\System32\wmpmde.dll
2012-07-07 05:23 - 2010-06-19 03:23 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\rtutils.dll
2012-07-07 05:23 - 2010-03-05 04:42 - 00067584 ____A (Microsoft Corporation) C:\Windows\System32\asycfilt.dll
2012-07-07 05:23 - 2010-01-09 03:52 - 00132608 ____A (Microsoft Corporation) C:\Windows\System32\cabview.dll
2012-07-06 21:55 - 2012-07-06 21:55 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{A1A991B8-D29D-4DCB-A341-F2C2FA22F196}
 
Cont...

2012-07-06 21:55 - 2012-07-06 21:55 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{631115FD-759C-4567-9AB9-E68C9BE51250}
2012-07-06 08:56 - 2012-07-06 08:56 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{AC9AFF83-E77E-4C7E-B057-E329F97813B2}
2012-07-06 08:56 - 2012-07-06 08:56 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{336511E5-BE7B-4721-89DF-546940E7344B}
2012-07-05 20:36 - 2012-07-05 20:36 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{F39254FE-C7FC-44BA-9745-5CA6E62D8785}
2012-07-05 20:35 - 2012-07-05 20:36 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{90829E21-BD43-481B-B904-4AA52A226B60}
2012-07-05 08:35 - 2012-07-05 08:35 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{9921CA91-D73A-4928-9ADD-B28A080F0A4F}
2012-07-05 08:35 - 2012-07-05 08:35 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{0D748EC0-375B-4BCD-8A6E-BB4E185D16EE}
2012-07-04 20:35 - 2012-07-04 20:35 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{DC8C351A-B692-45E6-B4AA-D3E83CAA48C8}
2012-07-04 03:37 - 2012-07-04 03:37 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{B074F85E-DD63-4F31-9674-D8F0CCA1DBA8}
2012-07-04 03:36 - 2012-07-04 03:36 - 00000000 ____D C:\Users\MarcosFranco\AppData\Local\{590C6963-9BF0-4E7B-9415-C8DD79E485B3}

============ 3 Months Modified Files ========================

2012-07-28 21:43 - 2012-07-28 21:43 - 00008408 ____A C:\Windows\System32\Drivers\ndisrd.cat
2012-07-28 21:43 - 2012-07-28 21:43 - 00001398 ____A C:\Windows\System32\Drivers\gas.cer
2012-07-28 21:43 - 2012-07-27 21:02 - 00028880 ____A (GAS Tecnologia) C:\Windows\System32\Drivers\GbpNdisrd.sys
2012-07-28 21:42 - 2012-02-27 03:47 - 00001054 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-28 21:42 - 2009-07-14 01:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-28 21:42 - 2009-07-14 01:39 - 00049090 ____A C:\Windows\setupact.log
2012-07-28 21:41 - 2012-01-04 14:14 - 01503762 ____A C:\Windows\WindowsUpdate.log
2012-07-28 21:41 - 2009-07-14 01:34 - 00014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-28 21:41 - 2009-07-14 01:34 - 00014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-28 21:08 - 2012-02-27 03:47 - 00001058 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-28 21:05 - 2012-06-22 12:44 - 00000902 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-28 04:46 - 2012-01-04 15:13 - 00013158 ____A C:\Windows\PFRO.log
2012-07-28 02:22 - 2012-07-27 20:58 - 00000024 ____A C:\Users\MarcosFranco\AppData\Local\mlinmypg.log
2012-07-28 02:19 - 2012-07-27 21:14 - 00000000 ____A C:\Users\MarcosFranco\AppData\Local\karjxvns.log
2012-07-28 02:14 - 2012-07-28 02:14 - 00892822 ____A (Farbar) C:\Users\MarcosFranco\Downloads\FRST.exe
2012-07-28 02:14 - 2012-07-27 21:02 - 00441440 ____A C:\Users\MarcosFranco\AppData\Local\oyctgdwt.log
2012-07-27 23:50 - 2012-07-27 23:50 - 00001071 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-27 23:43 - 2012-07-27 23:43 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\MarcosFranco\Downloads\mbam-setup-1.62.0.1300.exe
2012-07-27 23:41 - 2012-07-27 23:41 - 00001220 ____A C:\Users\MarcosFranco\Desktop\Spybot - Search & Destroy.lnk
2012-07-27 23:40 - 2012-07-27 23:39 - 16409960 ____A (Safer Networking Limited ) C:\Users\MarcosFranco\Downloads\spybotsd162.exe
2012-07-27 21:47 - 2009-07-13 23:04 - 00002577 ____A C:\Windows\System32\config.nt
2012-07-27 21:06 - 2012-07-27 21:06 - 00135507 ____A C:\Users\MarcosFranco\AppData\Local\btaosncw.log
2012-07-27 21:06 - 2012-07-27 21:06 - 00003890 ____A C:\Users\MarcosFranco\AppData\Local\fipaijcq.log
2012-07-27 21:06 - 2012-07-27 21:06 - 00002865 ____A C:\Users\MarcosFranco\AppData\Local\ybgrgoxt.log
2012-07-27 21:04 - 2012-07-27 21:04 - 00000000 ____A C:\Users\MarcosFranco\AppData\Local\oqtwyyir.log
2012-07-27 21:04 - 2012-07-27 21:04 - 00000000 ____A C:\Users\MarcosFranco\AppData\Local\illmbvva.log
2012-07-27 21:04 - 2012-07-27 20:58 - 00440304 ____A C:\Users\MarcosFranco\AppData\Local\ncmbivwd.log
2012-07-27 21:00 - 2012-07-27 21:00 - 00004048 ____A C:\Users\MarcosFranco\AppData\Local\rrdhdpir.log
2012-07-27 20:58 - 2012-07-27 20:58 - 00000064 ____A C:\Users\Todos os Usuários\amqlknth.log
2012-07-27 20:58 - 2012-07-27 20:58 - 00000064 ____A C:\Users\All Users\amqlknth.log
2012-07-27 04:05 - 2012-06-22 12:43 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-07-27 04:05 - 2012-01-04 14:56 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-07-25 10:05 - 2012-07-25 10:05 - 00000979 ____A C:\Users\Public\Desktop\Kobo.lnk
2012-07-25 10:05 - 2012-01-04 14:45 - 00008822 ____A C:\Windows\DPINST.LOG
2012-07-25 10:00 - 2012-07-25 09:59 - 70250178 ____A C:\Users\MarcosFranco\Downloads\kobosetup.exe
2012-07-21 04:09 - 2012-07-21 04:09 - 00001873 ____A C:\Users\Public\Desktop\Plagius - Detector de Plágio.lnk
2012-07-21 04:09 - 2012-01-04 14:52 - 00106808 ____A C:\Users\MarcosFranco\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-18 11:04 - 2012-07-18 11:04 - 00000214 ____A C:\Users\MarcosFranco\Desktop\Sid Meier's Pirates!.url
2012-07-18 10:38 - 2012-07-18 10:38 - 00000917 ____A C:\Users\Public\Desktop\µTorrent.lnk
2012-07-17 06:11 - 2012-01-04 14:24 - 01546842 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-17 06:11 - 2009-07-14 05:31 - 00673742 ____A C:\Windows\System32\prfh0416.dat
2012-07-17 06:11 - 2009-07-14 05:31 - 00133320 ____A C:\Windows\System32\prfc0416.dat
2012-07-12 21:11 - 2012-07-09 06:32 - 00002290 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-07-11 08:10 - 2012-01-04 14:20 - 00000521 ____A C:\Users\MarcosFranco\Downloads\Desktop.lnk
2012-07-11 08:09 - 2009-07-14 01:33 - 00402720 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 04:55 - 2012-07-07 05:53 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-09 09:35 - 2009-07-13 23:04 - 00000387 ____A C:\Windows\win.ini
2012-07-07 12:22 - 2012-07-07 12:22 - 00003119 ____A C:\Users\MarcosFranco\Desktop\BANG!.lnk
2012-07-03 13:21 - 2012-02-25 21:03 - 00044784 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-07-03 13:21 - 2012-01-04 16:59 - 00721000 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-07-03 13:21 - 2012-01-04 16:59 - 00353688 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-07-03 13:21 - 2012-01-04 16:59 - 00057656 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-07-03 13:21 - 2012-01-04 16:59 - 00054232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-07-03 13:21 - 2012-01-04 16:59 - 00021256 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-07-03 13:21 - 2012-01-04 16:58 - 00227648 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-07-03 13:21 - 2012-01-04 16:58 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-07-03 00:46 - 2012-07-27 23:50 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-19 08:48 - 2012-06-19 08:48 - 00002629 ____A C:\Users\Public\Desktop\PRIMER 6 & PERMANOVA+.lnk
2012-06-19 04:37 - 2012-01-04 14:23 - 00001435 ____A C:\Users\MarcosFranco\AppData\Roaming\WWB7_32.DAT
2012-06-11 23:44 - 2012-07-11 04:55 - 02344448 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-11 10:21 - 2012-06-11 10:20 - 00001255 ___AH C:\Windows\EPMBatch.ept
2012-06-11 10:13 - 2012-06-11 10:13 - 00001392 ____A C:\Users\Public\Desktop\EaseUS Partition Master 9.1.1 Home Edition.lnk
2012-06-09 01:46 - 2012-07-10 22:50 - 12868608 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-06 02:09 - 2012-07-10 22:50 - 01389568 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-06 02:09 - 2012-07-10 22:50 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-03 10:22 - 2012-06-03 10:22 - 00002175 ____A C:\Users\MarcosFranco\Desktop\The Lord of the Rings Online.lnk
2012-06-03 06:35 - 2012-06-03 06:35 - 00283416 ____A C:\Windows\System32\PnkBstrB.xtr
2012-06-03 06:35 - 2012-06-03 06:22 - 00140232 ____A C:\Windows\System32\Drivers\PnkBstrK.sys
2012-06-03 06:35 - 2012-06-03 06:21 - 00283416 ____A C:\Windows\System32\PnkBstrB.exe
2012-06-03 06:30 - 2012-06-03 06:21 - 00189248 ____A C:\Windows\System32\PnkBstrB.ex0
2012-06-03 06:30 - 2012-06-03 06:21 - 00138904 ____A C:\Users\MarcosFranco\AppData\Roaming\PnkBstrK.sys
2012-06-03 06:30 - 2012-06-03 06:21 - 00076888 ____A C:\Windows\System32\PnkBstrA.exe
2012-06-03 06:29 - 2012-06-03 06:20 - 00128790 ____A C:\Windows\DirectX.log
2012-06-03 05:59 - 2012-01-09 14:07 - 00005632 ____A C:\Users\MarcosFranco\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-02 19:19 - 2012-06-21 20:41 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 19:19 - 2012-06-21 20:41 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 19:19 - 2012-06-21 20:41 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 19:19 - 2012-06-21 20:40 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 19:19 - 2012-06-21 20:40 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 19:12 - 2012-06-21 20:41 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 19:12 - 2012-06-21 20:40 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 12:55 - 2012-06-02 12:44 - 00000875 ____A C:\Users\Public\Desktop\Steam.lnk
2012-06-02 06:07 - 2012-07-11 04:57 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 05:43 - 2012-07-11 04:57 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 05:33 - 2012-07-11 04:57 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 05:26 - 2012-07-11 04:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 05:25 - 2012-07-11 04:57 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 05:25 - 2012-07-11 04:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 05:23 - 2012-07-11 04:57 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 05:21 - 2012-07-11 04:57 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 05:20 - 2012-07-11 04:57 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 05:19 - 2012-07-11 04:57 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 05:19 - 2012-07-11 04:57 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 05:17 - 2012-07-11 04:57 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 05:16 - 2012-07-11 04:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 05:14 - 2012-07-11 04:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 02:19 - 2012-06-21 20:40 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 02:12 - 2012-06-21 20:40 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 01:51 - 2012-07-10 22:50 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-02 01:51 - 2012-07-10 22:50 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-02 01:50 - 2012-07-10 22:50 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-02 01:48 - 2012-07-10 22:50 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-02 01:47 - 2012-07-10 22:50 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-05-30 23:25 - 2012-01-04 14:50 - 00237072 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-24 10:59 - 2012-05-24 10:59 - 00037376 ____A (http://libusb-win32.sourceforge.net) C:\Windows\System32\libusb0.dll
2012-05-24 10:59 - 2012-05-24 10:59 - 00021504 ____A (http://libusb-win32.sourceforge.net) C:\Windows\System32\Drivers\libusb0.sys
2012-05-21 05:26 - 2012-05-21 05:26 - 00000000 _RASH C:\MSDOS.SYS
2012-05-21 05:26 - 2012-05-21 05:26 - 00000000 _RASH C:\IO.SYS
2012-05-20 03:29 - 2012-05-20 03:29 - 00001037 ____A C:\Users\Public\Desktop\D-Fend Reloaded.lnk
2012-05-18 03:28 - 2009-07-14 01:53 - 00032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-05-17 11:42 - 2012-05-15 11:55 - 00000006 ____A C:\Users\MarcosFranco\Documents\pastsetup.txt
2012-05-17 04:36 - 2012-06-11 10:13 - 02468520 ____A C:\Windows\System32\BootMan.exe
2012-05-11 04:32 - 2012-03-12 09:58 - 00000110 ____H C:\Users\Todos os Usuários\obid31
2012-05-11 04:32 - 2012-03-12 09:58 - 00000110 ____H C:\Users\All Users\obid31
2012-05-11 04:31 - 2012-05-11 04:31 - 00002052 ____A C:\Users\Public\Desktop\GraphPad InStat 3 (Trial).lnk
2012-05-02 01:52 - 2012-07-09 10:12 - 00163328 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 3062.04 MB
Available physical RAM: 2607.09 MB
Total Pagefile: 3060.32 MB
Available Pagefile: 2610.73 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.22 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:111.69 GB) (Free:21.82 GB) NTFS
3 Drive f: () (Removable) (Total:0.25 GB) (Free:0.01 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (Reservado pelo Sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

N§ Disco Status Tam. Livre Din. GPT
-------- ------------- ------- ------- --- ---
Disco 0 Online 111 GB 1024 KB
Disco 1 Online 252 MB 0 B

Saindo do Diskpart...


==========================================================

Last Boot: 2012-07-28 06:51

======================= End Of Log ==========================

Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SISTEMA at 2012-07-29 10:48:58
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009-07-13 20:11] - [2009-07-13 22:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\System32\services.exe
[2009-07-13 20:11] - [2009-07-13 22:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

=== End Of Search ===
 
Hi Broni, here are my logs:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SISTEMA at 2012-07-29 12:11:44 Run:1
Running from F:\

==============================================

HKEY_USERS\MarcosFranco\Software\Microsoft\Windows\CurrentVersion\Run\\LfvUtauj Value deleted successfully.
C:\Users\MarcosFranco\AppData\Local\dyeijwlv\lfvutauj.exe not found.
C:\Users\MarcosFranco\AppData\Local\dyeijwlv moved successfully.
C:\Users\MarcosFranco\AppData\Local\karjxvns.log moved successfully.
C:\Users\MarcosFranco\AppData\Local\btaosncw.log moved successfully.
C:\Users\MarcosFranco\AppData\Local\fipaijcq.log moved successfully.
C:\Users\MarcosFranco\AppData\Local\ybgrgoxt.log moved successfully.
C:\Users\MarcosFranco\AppData\Local\oqtwyyir.log moved successfully.
C:\Users\MarcosFranco\AppData\Local\illmbvva.log moved successfully.
C:\Users\MarcosFranco\AppData\Local\oyctgdwt.log moved successfully.
C:\Users\MarcosFranco\AppData\Local\rrdhdpir.log moved successfully.
C:\Users\MarcosFranco\AppData\Local\mlinmypg.log moved successfully.
C:\Users\MarcosFranco\AppData\Local\dyeijwlv not found.
C:\Users\MarcosFranco\AppData\Local\ncmbivwd.log moved successfully.
C:\Users\MarcosFranco\0.7307799444412308.exe not found.
C:\Users\Todos os Usuários\amqlknth.log moved successfully.
C:\Users\All Users\amqlknth.log not found.

==== End of Fixlog ====

ComboFix 12-07-27.03 - MarcosFranco 29/07/2012 12:21:42.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.3062.2136 [GMT 10:00]
Executando de: c:\users\MarcosFranco\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - system32: deleted 2 bytes in 1 streams.
ADS - drivers: deleted 208 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\MarcosFranco\AppData\Local\dyeijwlv\lfvutauj.exe
c:\windows\system32\drivers\ati4irxx.sys
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2012-06-28 to 2012-07-29 ))))))))))))))))))))))))))))
.
.
2012-07-29 02:30 . 2012-07-29 02:32 -------- d-----w- c:\users\MarcosFranco\AppData\Local\temp
2012-07-28 18:28 . 2012-07-28 18:29 -------- d-----w- C:\FRST
2012-07-28 14:04 . 2012-07-28 14:04 -------- d-----w- c:\windows\Sun
2012-07-28 02:50 . 2012-07-28 02:50 -------- d-----w- c:\users\MarcosFranco\AppData\Roaming\Malwarebytes
2012-07-28 02:50 . 2012-07-28 02:50 -------- d-----w- c:\programdata\Malwarebytes
2012-07-28 02:50 . 2012-07-28 02:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-28 02:50 . 2012-07-03 03:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-28 02:41 . 2012-07-28 07:32 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-07-28 02:41 . 2012-07-28 07:13 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-07-28 00:02 . 2012-07-29 02:21 28880 ----a-w- c:\windows\system32\drivers\GbpNdisrd.sys
2012-07-25 13:06 . 2012-07-25 13:06 -------- d-----w- c:\users\MarcosFranco\AppData\Local\Kobo
2012-07-25 13:04 . 2012-07-25 13:06 -------- d-----w- c:\windows\tmp
2012-07-25 13:03 . 2012-07-25 13:05 -------- d-----w- c:\program files\Kobo
2012-07-23 03:23 . 2011-02-19 05:33 802304 ----a-w- c:\windows\system32\FntCache.dll
2012-07-21 07:10 . 2012-07-21 07:10 -------- d-----w- c:\users\MarcosFranco\AbiSuite
2012-07-21 07:09 . 2012-07-21 07:10 -------- d-----w- c:\users\MarcosFranco\AppData\Local\Plagius
2012-07-21 07:09 . 2012-07-21 07:09 -------- d-----w- c:\program files\Plagius
2012-07-18 13:39 . 2012-07-18 13:39 -------- d-----w- c:\users\MarcosFranco\AppData\Local\CRE
2012-07-18 13:39 . 2012-07-18 13:39 -------- d-----w- c:\program files\Conduit
2012-07-18 13:38 . 2012-07-18 13:38 -------- d-----w- c:\users\MarcosFranco\AppData\Local\Conduit
2012-07-18 13:38 . 2012-07-18 13:38 -------- d-----w- c:\program files\uTorrentBar_PT
2012-07-11 07:55 . 2012-06-12 02:44 2344448 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 01:50 . 2012-06-02 04:50 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-11 01:50 . 2012-06-02 04:51 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-11 01:50 . 2012-06-02 04:47 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-11 01:50 . 2012-06-02 04:51 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 01:50 . 2012-06-02 04:48 225280 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 01:50 . 2012-06-06 05:09 1389568 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 01:50 . 2012-06-06 05:09 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 01:50 . 2012-06-06 05:09 987136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-10 15:43 . 2010-03-04 04:04 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2012-07-10 15:43 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2012-07-10 15:38 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2012-07-10 01:10 . 2012-07-10 01:10 -------- d-----r- C:\MSOCache
2012-07-09 23:32 . 2012-07-09 23:32 -------- d-----w- c:\users\MarcosFranco\AppData\Roaming\Apple Computer
2012-07-09 23:29 . 2012-07-09 23:29 -------- d-----w- c:\program files\Microsoft.NET
2012-07-09 15:15 . 2012-07-19 01:31 -------- d-----w- c:\programdata\VirtualizedApplications
2012-07-09 14:26 . 2012-07-09 14:26 -------- d-----w- c:\program files\Common Files\Apple
2012-07-09 14:26 . 2012-07-09 14:26 -------- d-----w- c:\users\MarcosFranco\AppData\Local\Apple
2012-07-09 14:26 . 2012-07-09 14:26 -------- d-----w- c:\program files\Apple Software Update
2012-07-09 14:26 . 2012-07-09 14:26 -------- d-----w- c:\programdata\Apple
2012-07-09 13:14 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2012-07-09 13:14 . 2011-02-18 05:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2012-07-09 13:14 . 2011-03-25 03:06 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2012-07-09 13:14 . 2011-03-25 03:06 284160 ----a-w- c:\windows\system32\drivers\usbport.sys
2012-07-09 13:14 . 2011-03-25 03:06 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2012-07-09 13:14 . 2011-03-25 03:06 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-07-09 13:14 . 2011-03-25 03:06 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2012-07-09 13:14 . 2011-03-25 03:06 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2012-07-09 13:14 . 2011-03-25 03:06 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2012-07-09 13:12 . 2012-05-02 04:52 163328 ----a-w- c:\windows\system32\profsvc.dll
2012-07-09 13:10 . 2012-04-24 04:47 1156608 ----a-w- c:\windows\system32\crypt32.dll
2012-07-09 13:10 . 2012-04-24 04:47 139264 ----a-w- c:\windows\system32\cryptsvc.dll
2012-07-09 13:10 . 2012-04-24 04:47 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-07-09 13:09 . 2010-11-02 04:46 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-07-09 13:09 . 2011-02-03 05:45 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2012-07-09 13:09 . 2010-11-02 04:23 107520 ----a-w- c:\windows\system32\cdd.dll
2012-07-09 13:03 . 2012-07-09 13:04 -------- d-----w- c:\users\MarcosFranco\AppData\Local\SoftGrid Client
2012-07-09 13:03 . 2012-07-28 16:01 -------- d-----w- c:\users\MarcosFranco\AppData\Roaming\SoftGrid Client
2012-07-09 13:02 . 2012-07-09 13:02 -------- d-----w- c:\program files\Microsoft Application Virtualization Client
2012-07-09 13:01 . 2012-07-09 13:04 -------- d-----w- c:\users\MarcosFranco\AppData\Roaming\TP
2012-07-09 09:32 . 2012-07-28 00:42 -------- d-----w- c:\users\MarcosFranco\AppData\Local\Google
2012-07-07 15:21 . 2012-07-07 15:21 -------- d-----w- c:\program files\SpinVector
2012-07-07 09:09 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2012-07-07 09:04 . 2009-11-25 02:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-07-07 09:04 . 2009-11-25 02:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2012-07-07 09:04 . 2009-11-25 02:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2012-07-07 09:04 . 2009-11-25 02:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2012-07-07 09:04 . 2009-11-25 02:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-07-07 08:39 . 2012-03-01 05:53 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-07-07 08:39 . 2012-03-01 05:49 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-07-07 08:39 . 2012-03-01 05:40 5120 ----a-w- c:\windows\system32\wmi.dll
2012-07-07 08:39 . 2012-03-01 05:45 158720 ----a-w- c:\windows\system32\imagehlp.dll
2012-07-07 08:36 . 2012-07-07 08:36 -------- d-----w- c:\windows\system32\x64
2012-07-07 08:36 . 2009-09-23 09:30 1002008 ----a-w- c:\windows\system32\igxpun.exe
2012-07-07 08:27 . 2011-11-05 04:30 2048 ----a-w- c:\windows\system32\tzres.dll
2012-07-07 08:27 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
2012-07-07 08:27 . 2011-02-12 05:30 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2012-07-07 08:27 . 2012-04-02 04:46 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-07-07 08:27 . 2012-04-02 04:46 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-07-07 08:27 . 2010-12-23 05:28 642048 ----a-w- c:\windows\system32\CPFilters.dll
2012-07-07 08:27 . 2010-12-23 05:28 850432 ----a-w- c:\windows\system32\sbe.dll
2012-07-07 08:27 . 2010-12-23 05:24 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2012-07-07 08:25 . 2010-10-16 04:33 372736 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-07-07 08:24 . 2011-08-17 04:26 465408 ----a-w- c:\windows\system32\psisdecd.dll
2012-07-07 08:23 . 2012-03-17 07:20 56688 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-07-07 08:23 . 2010-08-21 05:36 738816 ----a-w- c:\windows\system32\wmpmde.dll
2012-07-07 08:23 . 2010-10-16 04:41 101760 ----a-w- c:\windows\system32\consent.exe
2012-07-07 08:23 . 2010-06-19 06:23 37376 ----a-w- c:\windows\system32\rtutils.dll
2012-07-07 08:23 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll
2012-07-07 08:23 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-29 02:30 . 2012-07-28 00:00 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E4D85350-B630-4312-8B35-92A5CF774F57}\offreg.dll
2012-07-27 07:05 . 2012-06-22 15:43 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-27 07:05 . 2012-01-04 17:56 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 16:21 . 2012-01-04 19:59 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2012-02-26 00:03 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-03 16:21 . 2012-01-04 19:59 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2012-01-04 19:59 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2012-01-04 19:59 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2012-01-04 19:59 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21 . 2012-01-04 19:58 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 16:21 . 2012-01-04 19:58 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-29 08:44 . 2012-07-27 23:37 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E4D85350-B630-4312-8B35-92A5CF774F57}\mpengine.dll
2012-06-03 09:35 . 2012-06-03 09:22 140232 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-06-03 09:35 . 2012-06-03 09:35 283416 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-06-03 09:35 . 2012-06-03 09:21 283416 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-06-03 09:30 . 2012-06-03 09:21 138904 ----a-w- c:\users\MarcosFranco\AppData\Roaming\PnkBstrK.sys
2012-06-03 09:30 . 2012-06-03 09:21 189248 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-06-03 09:30 . 2012-06-03 09:21 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-06-02 22:19 . 2012-06-21 23:41 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 23:41 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 23:40 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 23:40 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 23:41 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 23:41 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 23:40 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 05:19 . 2012-06-21 23:40 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 05:12 . 2012-06-21 23:40 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 02:25 . 2012-01-04 17:50 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-24 13:59 . 2012-05-24 13:59 37376 ----a-w- c:\windows\system32\libusb0.dll
2012-05-24 13:59 . 2012-05-24 13:59 21504 ----a-w- c:\windows\system32\drivers\libusb0.sys
2012-05-17 07:36 . 2012-06-11 13:13 2468520 ----a-w- c:\windows\system32\BootMan.exe
2012-06-04 01:43 . 2012-01-04 17:28 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e0301295-ab3e-4af3-979f-3d453c5f9f48}"= "c:\program files\uTorrentBar_PT\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{e0301295-ab3e-4af3-979f-3d453c5f9f48}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e0301295-ab3e-4af3-979f-3d453c5f9f48}]
2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentBar_PT\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e0301295-ab3e-4af3-979f-3d453c5f9f48}"= "c:\program files\uTorrentBar_PT\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{e0301295-ab3e-4af3-979f-3d453c5f9f48}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E0301295-AB3E-4AF3-979F-3D453C5F9F48}"= "c:\program files\uTorrentBar_PT\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{e0301295-ab3e-4af3-979f-3d453c5f9f48}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
"Steam"="c:\program files\Steam\Steam.exe" [2012-06-02 1242448]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 288040]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-26 206064]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2012-05-08 23:01 1313864 ----a-w- c:\program files\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
R2 gupdate;Serviço do Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 gupdatem;Serviço do Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 Ndisrd;GAS Tecnologia Service;c:\windows\system32\DRIVERS\gbpndisrd.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirwin7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [x]
R4 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [x]
S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [x]
S2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 NdisrdMP;NdisrdMP;c:\windows\system32\DRIVERS\gbpndisrd.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfswin7.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaywin7.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvolwin7.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
--- =Outros Serviços/Drivers Na Memória ---
.
*NewlyCreated* - WS2IFSL
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2012-07-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-22 07:05]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-27 06:46]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-27 06:46]
.
.
------- Scan Suplementar -------
.
IE: &Enviar para o OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
Trusted Zone: bancobrasil.com.br\www
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bb.com.br\www
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{EC92354F-7ADC-4B03-846B-57980CD16282}: NameServer = 211.29.132.12 61.88.88.88
FF - ProfilePath - c:\users\MarcosFranco\AppData\Roaming\Mozilla\Firefox\Profiles\v7iabxfd.MarcosAU\
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
.
- - - - - - - > 'Explorer.exe'(4820)
c:\program files\GbPlugin\gbieh.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\taskhost.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\conhost.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Tempo para conclusão: 2012-07-29 12:39:25 - Máquina reiniciou
ComboFix-quarantined-files.txt 2012-07-29 02:39
.
Pré-execução: 23.133.368.320 bytes disponíveis
Pós execução: 23.151.271.936 bytes disponíveis
.
- - End Of File - - 9B0B08F2C9A2B50142F441CB67C70119
 
Looks good :)

Any current issues?

==============================

Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer IF MBAM asks you to do so.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

===============================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Hey Broni,

the computer looks perfect. Here are the logs you requested:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Versão da Base de Dados: v2012.07.28.07

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
MarcosFranco :: MARCOSFRANCO-PC [limitado]

29/07/2012 12:57:18
mbam-log-2012-07-29 (12-57-18).txt

Tipo de Verificação: Verificação Rápida
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 180040
Tempo decorrido: 4 minuto(s), 44 segundo(s)

Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)

Arquivos Detectados: 0
(Não foram detectados ítens maliciosos)

(fim)
 
OTL logfile created on: 29/07/2012 13:04:38 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\MarcosFranco\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

2,99 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 65,48% Memory free
5,98 Gb Paging File | 4,85 Gb Available in Paging File | 81,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,69 Gb Total Space | 21,62 Gb Free Space | 19,35% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive G: | 251,84 Mb Total Space | 7,69 Mb Free Space | 3,05% Space Free | Partition Type: FAT

Computer Name: MARCOSFRANCO-PC | User Name: MarcosFranco | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/29 12:55:30 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\MarcosFranco\Desktop\OTL.exe
PRC - [2012/07/04 02:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Arquivos de Programas\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/04 02:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Arquivos de Programas\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/06/03 01:45:34 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Arquivos de Programas\Steam\steam.exe
PRC - [2012/05/09 09:02:12 | 000,214,088 | ---- | M] ( ) -- C:\Arquivos de Programas\GbPlugin\gbpsv.exe
PRC - [2012/01/03 23:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Arquivos de Programas\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/10 19:17:04 | 003,514,176 | ---- | M] (DT Soft Ltd) -- C:\Arquivos de Programas\DAEMON Tools Lite\DTLite.exe
PRC - [2011/10/01 01:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/07/16 14:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/03/28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011/03/28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2011/02/26 15:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/08/19 18:52:04 | 000,229,376 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe
PRC - [2010/04/06 04:46:08 | 000,288,040 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Arquivos de Programas\DellTPad\Apoint.exe
PRC - [2010/03/24 01:22:26 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Arquivos de Programas\DellTPad\ApntEx.exe
PRC - [2010/02/18 03:34:40 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Arquivos de Programas\DellTPad\ApMsgFwd.exe
PRC - [2009/07/14 11:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe
PRC - [2009/07/14 11:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/02/01 10:43:30 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Arquivos de Programas\DellTPad\hidfind.exe
PRC - [2008/08/27 03:58:12 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Arquivos de Programas\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/08/27 03:58:10 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Arquivos de Programas\Dell Support Center\bin\sprtcmd.exe
PRC - [2007/05/09 17:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/11 11:42:35 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
MOD - [2012/07/11 11:42:24 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012/07/11 11:42:05 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2012/06/25 09:15:26 | 020,313,384 | ---- | M] () -- C:\Arquivos de Programas\Steam\bin\libcef.dll
MOD - [2012/06/25 09:15:16 | 000,895,312 | ---- | M] () -- C:\Arquivos de Programas\Steam\bin\chromehtml.dll
MOD - [2012/06/25 09:15:15 | 000,190,776 | ---- | M] () -- C:\Arquivos de Programas\Steam\bin\avformat-53.dll
MOD - [2012/06/25 09:15:15 | 000,123,192 | ---- | M] () -- C:\Arquivos de Programas\Steam\bin\avutil-51.dll
MOD - [2012/06/25 09:15:14 | 001,099,576 | ---- | M] () -- C:\Arquivos de Programas\Steam\bin\avcodec-53.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/07/27 17:05:14 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/04 02:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Arquivos de Programas\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/06/25 09:15:29 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Arquivos de Programas\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/04 11:43:09 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/09 09:02:12 | 000,214,088 | ---- | M] ( ) [Auto | Running] -- C:\Arquivos de Programas\GbPlugin\gbpsv.exe -- (GbpSv)
SRV - [2012/02/07 20:54:54 | 000,822,624 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Arquivos de Programas\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc)
SRV - [2012/01/05 04:12:24 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/01/03 23:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Arquivos de Programas\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/01 01:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Arquivos de Programas\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 01:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Arquivos de Programas\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/03/28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010/08/19 18:52:04 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2010/01/09 21:17:58 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009/11/05 03:31:14 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/07/14 11:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 11:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 11:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de Programas\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 11:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008/08/27 03:58:12 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\MARCOS~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/07/29 12:38:57 | 000,028,880 | ---- | M] (GAS Tecnologia) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GbpNdisrd.sys -- (NdisrdMP)
DRV - [2012/07/29 12:38:57 | 000,028,880 | ---- | M] (GAS Tecnologia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GbpNdisrd.sys -- (Ndisrd)
DRV - [2012/07/04 02:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/07/04 02:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/07/04 02:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/07/04 02:21:53 | 000,057,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/07/04 02:21:53 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/07/04 02:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/04/05 09:34:04 | 000,046,408 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\GbpKm.sys -- (GbpKm)
DRV - [2012/01/18 09:03:38 | 000,239,168 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/10/01 01:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvolwin7.sys -- (Sftvol)
DRV - [2011/10/01 01:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftredirwin7.sys -- (Sftredir)
DRV - [2011/10/01 01:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaywin7.sys -- (Sftplay)
DRV - [2011/10/01 01:30:36 | 000,581,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfswin7.sys -- (Sftfs)
DRV - [2011/07/29 13:54:56 | 000,014,216 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2011/07/29 13:54:56 | 000,008,456 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/09/01 07:09:00 | 000,208,896 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2010/08/08 06:48:42 | 000,106,880 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010/07/28 04:25:48 | 000,072,832 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010/07/27 22:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010/04/16 01:36:40 | 000,252,536 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/07/14 11:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/14 11:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 11:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/14 09:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 09:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 08:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2007/10/10 17:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/08/03 05:35:12 | 000,989,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/08/03 05:34:30 | 000,211,200 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/08/03 05:34:26 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/03/22 10:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/03/05 10:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/02/25 02:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/24 04:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {e0301295-ab3e-4af3-979f-3d453c5f9f48} - C:\Arquivos de Programas\uTorrentBar_PT\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1394843730-1302084004-2182928936-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-BR
IE - HKU\S-1-5-21-1394843730-1302084004-2182928936-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 51 D8 30 ED 31 6B CD 01 [binary data]
IE - HKU\S-1-5-21-1394843730-1302084004-2182928936-1000\..\URLSearchHook: {e0301295-ab3e-4af3-979f-3d453c5f9f48} - C:\Arquivos de Programas\uTorrentBar_PT\prxtbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1394843730-1302084004-2182928936-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1394843730-1302084004-2182928936-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/09 11:21:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/04 11:43:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/01/05 03:28:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MarcosFranco\AppData\Roaming\mozilla\Extensions
[2012/07/19 22:15:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MarcosFranco\AppData\Roaming\mozilla\Firefox\Profiles\nqp8g0z3.default\extensions
[2012/06/04 11:44:26 | 000,000,000 | ---D | M] (Modulo de Seguranca - Banco do Brasil) -- C:\Users\MarcosFranco\AppData\Roaming\mozilla\Firefox\Profiles\nqp8g0z3.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}
[2012/07/19 22:15:00 | 000,000,000 | ---D | M] (uTorrentBar_PT Community Toolbar) -- C:\Users\MarcosFranco\AppData\Roaming\mozilla\Firefox\Profiles\nqp8g0z3.default\extensions\{e0301295-ab3e-4af3-979f-3d453c5f9f48}
[2012/07/29 12:46:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MarcosFranco\AppData\Roaming\mozilla\Firefox\Profiles\v7iabxfd.MarcosAU\extensions
[2012/02/29 08:29:52 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de Programas\Mozilla Firefox\extensions
[2012/07/09 11:21:33 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/06/04 11:43:09 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/29 08:29:47 | 000,001,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\buscape.xml
[2012/02/29 08:29:47 | 000,001,212 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mercadolivre.xml
[2012/02/29 08:29:47 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/02/29 08:29:47 | 000,001,168 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-br.xml
[2012/02/29 08:29:47 | 000,000,952 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-br.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\MarcosFranco\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Pesquisa do Google = C:\Users\MarcosFranco\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\MarcosFranco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/29 12:32:00 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de Programas\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de Programas\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de Programas\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de Programas\GbPlugin\gbieh.dll (Banco do Brasil)
O2 - BHO: (uTorrentBar_PT Toolbar) - {e0301295-ab3e-4af3-979f-3d453c5f9f48} - C:\Arquivos de Programas\uTorrentBar_PT\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de Programas\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (uTorrentBar_PT Toolbar) - {e0301295-ab3e-4af3-979f-3d453c5f9f48} - C:\Arquivos de Programas\uTorrentBar_PT\prxtbuTor.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1394843730-1302084004-2182928936-1000\..\Toolbar\WebBrowser: (uTorrentBar_PT Toolbar) - {E0301295-AB3E-4AF3-979F-3D453C5F9F48} - C:\Arquivos de Programas\uTorrentBar_PT\prxtbuTor.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Apoint] C:\Arquivos de Programas\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKU\S-1-5-21-1394843730-1302084004-2182928936-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1394843730-1302084004-2182928936-1000..\Run: [SpybotSD TeaTimer] C:\Arquivos de Programas\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1394843730-1302084004-2182928936-1000..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1394843730-1302084004-2182928936-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1394843730-1302084004-2182928936-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de Programas\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O15 - HKU\S-1-5-21-1394843730-1302084004-2182928936-1000\..Trusted Domains: bancobrasil.com.br ([www] * in Trusted sites)
O15 - HKU\S-1-5-21-1394843730-1302084004-2182928936-1000\..Trusted Domains: bancobrasil.com.br ([www14] * in Trusted sites)
O15 - HKU\S-1-5-21-1394843730-1302084004-2182928936-1000\..Trusted Domains: bancobrasil.com.br ([www2] * in Trusted sites)
O15 - HKU\S-1-5-21-1394843730-1302084004-2182928936-1000\..Trusted Domains: bb.com.br ([www] * in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{979E5126-C758-4A80-AFE6-F47599AE5CFE}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC92354F-7ADC-4B03-846B-57980CD16282}: NameServer = 211.29.132.12 61.88.88.88
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de Programas\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Program Files\GbPlugin\gbieh.dll) - C:\Arquivos de Programas\GbPlugin\gbieh.dll (Banco do Brasil)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Arquivos de Programas\GbPlugin\gbieh.dll (Banco do Brasil)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/29 12:55:25 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\MarcosFranco\Desktop\OTL.exe
[2012/07/29 12:32:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/29 12:30:01 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\temp
[2012/07/29 12:19:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/29 12:19:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/29 12:19:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/29 12:19:23 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/07/29 12:19:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/29 12:18:56 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/29 12:14:56 | 004,719,842 | R--- | C] (Swearware) -- C:\Users\MarcosFranco\Desktop\ComboFix.exe
[2012/07/29 09:47:29 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{B1B24E28-C0AF-4132-8210-658185461163}
[2012/07/29 09:47:17 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{AD75EEA7-0A67-4058-BF31-2D2200B47299}
[2012/07/29 04:28:57 | 000,000,000 | ---D | C] -- C:\FRST
[2012/07/29 00:04:57 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/07/28 15:41:11 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{A281EA52-4C74-4E8F-8A52-CF88BBC2A0BC}
[2012/07/28 15:40:58 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{4D125173-B444-46F6-A7ED-C2E3B5537DE1}
[2012/07/28 12:50:31 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Roaming\Malwarebytes
[2012/07/28 12:50:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/28 12:50:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/28 12:50:19 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/07/28 12:50:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/07/28 12:41:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/07/28 12:41:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/07/28 12:41:07 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/07/28 10:02:55 | 000,028,880 | ---- | C] (GAS Tecnologia) -- C:\Windows\System32\drivers\GbpNdisrd.sys
[2012/07/27 23:32:23 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{921157F7-CECF-40F7-98F1-FDF2C66E5D4F}
[2012/07/27 23:32:12 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{CB14558E-0CD4-4319-8E5C-6A3ED09BFE44}
[2012/07/27 11:31:59 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{15305FCE-6AD9-479A-9FF6-5E5E46C0499B}
[2012/07/27 11:31:48 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{642EF5D7-57EE-4DDC-A470-C1FD43257565}
[2012/07/26 23:31:21 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{CE50DF5F-C210-45FE-9331-CE7E778002CE}
[2012/07/26 23:31:08 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{A978560A-9816-4A3B-8108-B6236690622E}
[2012/07/26 11:30:36 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{2BDB86E1-FC82-4B82-983B-1334115E8867}
[2012/07/26 11:29:28 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{78957544-9AE6-4637-BFAF-93AA62502D35}
[2012/07/25 23:06:40 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\Kobo
[2012/07/25 23:05:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kobo
[2012/07/25 23:04:13 | 000,000,000 | ---D | C] -- C:\Windows\tmp
[2012/07/25 23:03:46 | 000,000,000 | ---D | C] -- C:\Program Files\Kobo
[2012/07/25 22:40:56 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{E53240AF-C645-4B0A-93E3-D58684554C5F}
[2012/07/25 22:40:45 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{8C1A4D2B-0B46-4AEE-A944-3945439701DE}
[2012/07/25 10:40:32 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{CEE225C8-9002-4C5E-AD72-BF5B462C0891}
[2012/07/25 10:40:21 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{63ADCB0D-BE45-4AE0-8156-E3E35DBAED2A}
[2012/07/24 22:39:56 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{BA2BD716-C618-403F-B911-7C468FC2EA9A}
[2012/07/24 22:39:44 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{E35D4340-1DF6-40CC-B2A2-42561B7B1429}
[2012/07/24 10:39:55 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{4E74E366-5AC1-49B3-A61E-DB174DEFFC40}
[2012/07/23 13:23:09 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{9B4FF7B6-0327-4363-87FB-E1BDF42ED4AF}
[2012/07/23 13:21:01 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{110B8E60-1AF3-4FCA-A471-D47A345E26B6}
[2012/07/22 23:28:22 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{1EDF86D1-10DB-45E4-83F7-549B344640CF}
[2012/07/22 23:28:10 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{3083EF15-42D5-4F38-9677-A58AA1FED4AB}
[2012/07/22 11:27:45 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{F4137EF0-636A-4143-8823-7DEEC2C4093B}
[2012/07/22 11:27:34 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{98C49697-E9A7-4D4B-9811-382789F8951B}
[2012/07/21 23:27:09 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{BA514EF8-C44F-4EC2-BCC5-900C58E6AE84}
[2012/07/21 23:26:58 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{5B1A45FF-B1D7-4DE5-8CC5-34E001E324FD}
[2012/07/21 17:10:05 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AbiSuite
[2012/07/21 17:09:29 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\Plagius
[2012/07/21 17:09:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plagius
[2012/07/21 17:09:14 | 000,000,000 | ---D | C] -- C:\Program Files\Plagius
[2012/07/21 11:26:45 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{30E713E4-4035-44A1-8D37-5B1FF9A80485}
[2012/07/21 11:26:34 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{772EAC3B-A9EC-473D-BF2E-5BDFD064C781}
[2012/07/20 23:26:09 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{CC4E25D8-0BCC-4E08-ADE2-571F46194274}
[2012/07/20 23:25:58 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{276E50DA-5E5C-47E4-93B7-CAAE6E58D696}
[2012/07/20 11:25:44 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{6C239332-4E0A-4AA5-A48E-972732931D0C}
[2012/07/20 11:25:33 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{C8C655C5-096D-4D2E-9B6F-7CA36C5FEBE1}
[2012/07/19 23:25:08 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{5BAC9B36-E9F8-443F-9FF9-2227D6131BEC}
[2012/07/19 23:24:57 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{F71F872E-CFA2-4008-84B0-8026D82CC1D8}
[2012/07/19 11:24:29 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{3EAAA2AB-E99D-4DAD-8A9E-3ABDD3142435}
[2012/07/19 11:20:45 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{18ABD6A0-9E41-4CF1-BD54-EA4BB3C035DF}
[2012/07/18 23:39:14 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\CRE
[2012/07/18 23:39:08 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012/07/18 23:38:56 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\Conduit
[2012/07/18 23:38:51 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrentBar_PT
[2012/07/18 18:14:15 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{31D7A350-63C0-4E0C-AD14-A19C1307574B}
[2012/07/18 18:13:58 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{865C6287-F919-4D05-87E5-E3723D3BBD98}
[2012/07/17 21:54:57 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{8F45F780-F295-4C0A-90C3-9361A7D49BB1}
[2012/07/17 21:54:46 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{AA869BB9-40AA-476F-A9AC-C31E2D384584}
[2012/07/17 09:54:28 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{D0F4FF5F-59AB-4C77-90A1-A2122B416925}
[2012/07/17 09:54:08 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{DD74CBED-8437-4A86-8B43-D5B1240611E3}
[2012/07/16 13:19:01 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{6C5C3A72-067E-4F6D-8287-FEAB381E388A}
[2012/07/16 13:17:53 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{C3860E82-A54B-46D4-BCC8-2EFD055DCDA7}
[2012/07/15 22:29:34 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{6CF74FE9-9BE3-444D-A41A-B421523F1377}
[2012/07/15 22:29:23 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{47D4DFB1-F898-4419-BC69-A11A3EDB743C}
[2012/07/15 10:29:07 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{97CFB749-85ED-4C3F-B4E3-D60717CF33C8}
[2012/07/15 10:28:53 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{455D9A6C-58EC-45A2-BF5B-A63F9968DF03}
[2012/07/14 22:06:19 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{A0D9FBA7-D283-4F89-BC0A-C4950E987E7D}
[2012/07/14 22:06:07 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{34F49B01-ECB3-4FEC-8F7F-FE8DD490AA60}
[2012/07/14 10:05:53 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{04D46911-BEAC-4F0A-93ED-0BD48624E775}
[2012/07/14 10:05:38 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{67397B1C-919E-4D72-8407-7B853A9CA0E6}
[2012/07/13 21:54:43 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{B9EF515C-F1C4-43F9-8CAD-13C1E3522DD4}
[2012/07/13 21:54:31 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{CFD1396A-1BA8-414A-9912-852D91A2D713}
[2012/07/13 09:54:18 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{13ED9C48-D604-4954-99C3-74E360820AB0}
[2012/07/13 09:54:04 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{14A82037-3A9E-4EC4-97FA-0863424A139C}
[2012/07/12 21:34:01 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\Desktop\Mortal Kombat Conquest Season 1
[2012/07/12 20:57:35 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{8AC44468-B3E3-40FE-A9AE-28CE49FD22B1}
[2012/07/12 20:57:24 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{CF6EE235-9E34-4E3D-BF75-C2BF33D4A3C6}
[2012/07/12 08:57:06 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{AEA71E47-E765-425F-8A84-B57E2FB6170B}
[2012/07/12 08:56:17 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{B7E07671-94D0-49BA-AF28-9FD43AC8EEEE}
[2012/07/11 11:45:13 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{275C2D91-CF51-4695-A0F7-3CD0122BBDF4}
[2012/07/11 11:42:55 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{8A1ACD92-A5C6-45C3-8F85-4FD40DD7CDE9}
[2012/07/10 23:37:05 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{8EC31118-961E-4062-9598-31B04F267112}
[2012/07/10 23:36:53 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{967EAB68-AAEA-4036-87B2-F6B3632AC169}
[2012/07/10 11:36:40 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{066D1683-015B-4EDB-AC3B-BBD9DFAA3BFC}
[2012/07/10 11:36:28 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{571AE1EC-28E7-4D5A-BC22-8169937D81E7}
[2012/07/10 11:10:38 | 000,000,000 | R--D | C] -- C:\MSOCache
[2012/07/10 09:32:30 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Roaming\Apple Computer
[2012/07/10 09:29:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/07/10 02:16:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Webcam
[2012/07/10 01:15:41 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2012/07/10 00:26:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/07/10 00:26:11 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\Apple
[2012/07/10 00:26:05 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/07/10 00:26:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/07/09 23:35:58 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{8418C3AB-62AB-4658-90A5-4E542605D80C}
[2012/07/09 23:35:45 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{B24E46E4-240E-4596-84A6-96A45EA670B7}
[2012/07/09 23:03:59 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\SoftGrid Client
[2012/07/09 23:03:58 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Roaming\SoftGrid Client
[2012/07/09 23:03:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Home and Student (Português (Brasil))
[2012/07/09 23:02:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/07/09 23:02:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Application Virtualization Client
[2012/07/09 23:01:17 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Roaming\TP
[2012/07/09 19:32:11 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\Google
[2012/07/09 19:32:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/07/09 11:35:17 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{B9BCF935-E378-47FC-BB92-88A88E1D27E4}
[2012/07/09 11:35:04 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{E27CE0AD-DE41-445E-912C-C096EFB856EA}
[2012/07/08 23:34:39 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{6DA2C63F-46A2-4B45-B60A-3435C9C80DB9}
[2012/07/08 23:34:28 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{E7917216-7774-47CC-AC8E-0EDB9518916F}
[2012/07/08 11:34:15 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{E0E949E7-4914-495F-A803-706057CA7A26}
[2012/07/08 11:34:03 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{CC94327B-780D-489D-ADBC-0FF024F20E8D}
[2012/07/08 01:22:25 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BANG!
[2012/07/08 01:21:09 | 000,000,000 | ---D | C] -- C:\Program Files\SpinVector
[2012/07/07 23:33:37 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{D970F667-469C-4577-B7C8-FB30FF54D995}
[2012/07/07 23:33:24 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{86C5FF4F-F0E8-4B1F-AB98-FD5BCED3A805}
[2012/07/07 18:36:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\x64
[2012/07/07 10:55:27 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{A1A991B8-D29D-4DCB-A341-F2C2FA22F196}
[2012/07/07 10:55:07 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{631115FD-759C-4567-9AB9-E68C9BE51250}
[2012/07/06 21:56:46 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{336511E5-BE7B-4721-89DF-546940E7344B}
[2012/07/06 21:56:35 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{AC9AFF83-E77E-4C7E-B057-E329F97813B2}
[2012/07/06 09:36:11 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{F39254FE-C7FC-44BA-9745-5CA6E62D8785}
[2012/07/06 09:35:56 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{90829E21-BD43-481B-B904-4AA52A226B60}
[2012/07/05 21:35:44 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{0D748EC0-375B-4BCD-8A6E-BB4E185D16EE}
[2012/07/05 21:35:32 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{9921CA91-D73A-4928-9ADD-B28A080F0A4F}
[2012/07/05 09:35:34 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{DC8C351A-B692-45E6-B4AA-D3E83CAA48C8}
[2012/07/04 16:37:09 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{B074F85E-DD63-4F31-9674-D8F0CCA1DBA8}
[2012/07/04 16:36:45 | 000,000,000 | ---D | C] -- C:\Users\MarcosFranco\AppData\Local\{590C6963-9BF0-4E7B-9415-C8DD79E485B3}

========== Files - Modified Within 30 Days ==========

[2012/07/29 13:08:00 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/29 13:05:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/29 12:55:30 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\MarcosFranco\Desktop\OTL.exe
[2012/07/29 12:42:50 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/29 12:42:50 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/29 12:38:57 | 000,028,880 | ---- | M] (GAS Tecnologia) -- C:\Windows\System32\drivers\GbpNdisrd.sys
[2012/07/29 12:32:00 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/07/29 12:31:48 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/29 12:31:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/29 12:31:22 | 2408,087,552 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/29 12:15:14 | 004,719,842 | R--- | M] (Swearware) -- C:\Users\MarcosFranco\Desktop\ComboFix.exe
[2012/07/28 12:50:21 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/28 12:41:14 | 000,001,220 | ---- | M] () -- C:\Users\MarcosFranco\Desktop\Spybot - Search & Destroy.lnk
[2012/07/28 10:47:08 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/07/25 23:05:35 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Kobo.lnk
[2012/07/21 17:09:16 | 000,001,873 | ---- | M] () -- C:\Users\Public\Desktop\Plagius - Detector de Plágio.lnk
[2012/07/19 00:04:30 | 000,000,214 | ---- | M] () -- C:\Users\MarcosFranco\Desktop\Sid Meier's Pirates!.url
[2012/07/18 23:38:37 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012/07/17 19:11:17 | 000,673,742 | ---- | M] () -- C:\Windows\System32\prfh0416.dat
[2012/07/17 19:11:17 | 000,625,220 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/17 19:11:17 | 000,133,320 | ---- | M] () -- C:\Windows\System32\prfc0416.dat
[2012/07/17 19:11:17 | 000,110,600 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/13 10:11:15 | 000,002,290 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/07/11 21:09:15 | 000,402,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/08 01:22:25 | 000,003,119 | ---- | M] () -- C:\Users\MarcosFranco\Desktop\BANG!.lnk
[2012/07/04 02:21:54 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/07/04 02:21:53 | 000,721,000 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/07/04 02:21:53 | 000,353,688 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/07/04 02:21:53 | 000,057,656 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/07/04 02:21:53 | 000,044,784 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012/07/04 02:21:53 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/07/04 02:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/07/04 02:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[
 
cont of OTL. txt

========== Files Created - No Company Name ==========

[2012/07/29 12:19:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/29 12:19:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/29 12:19:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/29 12:19:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/29 12:19:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/28 12:50:21 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/28 12:41:14 | 000,001,220 | ---- | C] () -- C:\Users\MarcosFranco\Desktop\Spybot - Search & Destroy.lnk
[2012/07/26 11:29:51 | 000,002,200 | ---- | C] () -- C:\Users\MarcosFranco\Desktop\Setup wireless@SCU.lnk
[2012/07/25 23:05:35 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Kobo.lnk
[2012/07/21 17:09:16 | 000,001,873 | ---- | C] () -- C:\Users\Public\Desktop\Plagius - Detector de Plágio.lnk
[2012/07/19 00:04:30 | 000,000,214 | ---- | C] () -- C:\Users\MarcosFranco\Desktop\Sid Meier's Pirates!.url
[2012/07/18 23:38:37 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012/07/10 00:26:07 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/07/09 19:32:02 | 000,002,290 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/07/08 01:22:25 | 000,003,119 | ---- | C] () -- C:\Users\MarcosFranco\Desktop\BANG!.lnk
[2012/06/11 23:13:05 | 002,468,520 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2012/06/11 23:13:05 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2012/06/11 23:13:05 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2012/06/11 23:13:05 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2012/06/11 23:13:05 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2012/06/03 19:22:07 | 000,140,232 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012/06/03 19:21:56 | 000,138,904 | ---- | C] () -- C:\Users\MarcosFranco\AppData\Roaming\PnkBstrK.sys
[2012/06/03 19:21:21 | 000,283,416 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012/06/03 19:21:15 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012/03/12 22:58:46 | 000,000,110 | -H-- | C] () -- C:\ProgramData\obid31
[2012/02/27 19:53:51 | 000,000,100 | ---- | C] () -- C:\Users\MarcosFranco\AppData\Local\fusioncache.dat
[2012/01/10 03:07:27 | 000,005,632 | ---- | C] () -- C:\Users\MarcosFranco\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/05 03:43:15 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2012/01/05 03:27:14 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/01/05 03:27:13 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2012/01/05 03:27:12 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012/01/05 03:27:12 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012/01/05 03:27:12 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012/01/05 03:23:20 | 000,001,435 | ---- | C] () -- C:\Users\MarcosFranco\AppData\Roaming\WWB7_32.DAT

========== LOP Check ==========

[2012/05/18 22:00:55 | 000,000,000 | ---D | M] -- C:\Users\MarcosFranco\AppData\Roaming\AppClient
[2012/05/21 18:26:13 | 000,000,000 | ---D | M] -- C:\Users\MarcosFranco\AppData\Roaming\DAEMON Tools Lite
[2012/03/12 22:58:53 | 000,000,000 | ---D | M] -- C:\Users\MarcosFranco\AppData\Roaming\GraphPad Software
[2012/07/29 02:01:01 | 000,000,000 | ---D | M] -- C:\Users\MarcosFranco\AppData\Roaming\SoftGrid Client
[2012/01/13 06:19:45 | 000,000,000 | ---D | M] -- C:\Users\MarcosFranco\AppData\Roaming\StatSoft
[2012/06/13 22:39:59 | 000,000,000 | ---D | M] -- C:\Users\MarcosFranco\AppData\Roaming\The Creative Assembly
[2012/01/05 03:47:40 | 000,000,000 | ---D | M] -- C:\Users\MarcosFranco\AppData\Roaming\TMP
[2012/07/09 23:04:10 | 000,000,000 | ---D | M] -- C:\Users\MarcosFranco\AppData\Roaming\TP
[2012/07/19 01:50:56 | 000,000,000 | ---D | M] -- C:\Users\MarcosFranco\AppData\Roaming\uTorrent
[2012/05/18 16:28:03 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 208 bytes -> C:\Windows\System32\drivers:GbpKmAp.lst

< End of report >
 
Extras.txt

OTL Extras logfile created on: 29/07/2012 13:04:38 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\MarcosFranco\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

2,99 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 65,48% Memory free
5,98 Gb Paging File | 4,85 Gb Available in Paging File | 81,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,69 Gb Total Space | 21,62 Gb Free Space | 19,35% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive G: | 251,84 Mb Total Space | 7,69 Mb Free Space | 3,05% Space Free | Partition Type: FAT

Computer Name: MARCOSFRANCO-PC | User Name: MarcosFranco | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-1394843730-1302084004-2182928936-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0756EB52-70D6-4432-9BF5-1E2AA5E104E1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{15C9700B-40A7-401D-9883-6E5922C3C766}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{19506819-E48A-459D-8A52-4E31AD27C0A3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1B7631C2-BDCD-4AB3-92A1-8FCF704B2387}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1B803597-7295-430A-BC68-A2C62CD1E931}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2624560D-A319-4FF1-AD9C-5080616DDAE6}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2E811DBE-6900-49E3-917A-88578C26CA1A}" = lport=445 | protocol=6 | dir=in | app=system |
"{4D66BE98-B08B-4FDF-9242-23924C4E98F9}" = lport=10243 | protocol=6 | dir=in | app=system |
"{51E528AC-9786-4560-911F-B8C4E4C90458}" = lport=139 | protocol=6 | dir=in | app=system |
"{5E496A31-CFED-4A83-86A2-08D3C81A80B5}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{6D24F1B5-B1F8-4C88-81E9-83D970BBDA4B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{71561F01-C52A-4522-ACC0-631F130E6778}" = lport=2869 | protocol=6 | dir=in | app=system |
"{75464648-C88D-4426-854D-7A43A265FBA7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8C260438-827D-422F-96DA-56E4EABE9557}" = lport=137 | protocol=17 | dir=in | app=system |
"{980B03BE-E907-4697-92BE-AE20A20D23C0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A02ED0E1-512E-4FA9-87B7-1B8BA9A8E035}" = lport=57885 | protocol=17 | dir=in | name=pando media booster |
"{A2EFADEE-6FC0-4F8C-ACCE-CE002B81F546}" = lport=57885 | protocol=6 | dir=in | name=pando media booster |
"{A665D812-A263-49D7-B689-CCD6CEB1D494}" = lport=57885 | protocol=17 | dir=in | name=pando media booster |
"{B17362D4-BDD9-4E5C-809D-8D542A75AA5C}" = rport=138 | protocol=17 | dir=out | app=system |
"{B30F71F2-EB6F-4977-B0E6-16F4E2D1C128}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C88B6CB8-2717-4446-A153-DC46AC7E7B8A}" = rport=139 | protocol=6 | dir=out | app=system |
"{CB14188D-FB49-4525-99E7-74B83702EC4B}" = lport=138 | protocol=17 | dir=in | app=system |
"{D527D987-1CC0-418E-A283-899833F785BB}" = rport=137 | protocol=17 | dir=out | app=system |
"{E5C826A1-B865-4A4D-B71D-D3CFCC954CEA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F0C7BD3E-6EA5-4040-9C8B-AA6B0FFB4A9D}" = rport=445 | protocol=6 | dir=out | app=system |
"{F1D5B2B7-2190-4AD6-9861-81C7A6E29763}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F2324CE7-08CC-4B86-AD43-0FD45E7C8E50}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FB5C76B2-A725-4B45-AE59-CE298B37AD05}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FBFFFD26-4663-4B07-A875-D23DC2C1579D}" = lport=57885 | protocol=6 | dir=in | name=pando media booster |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01D757F7-440C-4641-AA56-17221A26DCE5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{0B6F0B6C-5301-4671-81D1-0A85D3712540}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
"{11E7DEC5-16E4-418B-8442-30488FE8AE95}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{134FFA9A-082D-4F04-B19D-917B733BEF1F}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{14519BE0-F37E-439B-89B0-6CB565DD0E4E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{18F79150-4CD0-4E2C-A1F7-D9CF29DF45A7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1DBB5635-0845-4344-9AE0-60F5CD7CDFFB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1FE3A784-8242-41D4-BDFE-0C705EE9F8E1}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\apb reloaded\binaries\apb.exe |
"{240DD9C3-415D-432B-91BA-D6A494088D4A}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{26CCA0A4-21B9-43D0-A923-737F0838A340}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2778CCB9-CFC6-4905-866C-A268A2A9FF23}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\napoleon total war\napoleon.exe |
"{2C25A156-FE14-4FFD-8145-035117F20345}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2E19C8BC-361C-438D-8290-59BD6C424110}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{303DCF43-A467-4313-BAE5-304C396DCCFA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3C4639E9-A2FE-4018-87D3-3E43A1E6DFE6}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{3FB409F4-A7F1-43A1-82AA-69C29F3E7724}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's pirates!\pirates!.exe |
"{432E8BD7-D3F5-4463-B994-515357CF2F4B}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{4A9196A8-7E6A-4B5A-BD08-60CA1998D9EE}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{51CC9396-A26E-41E2-A914-AFDE245EF39F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{564CE296-27BA-4031-A0B1-7ABEE840B95D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5B835529-3D86-484A-B824-0883B542B82F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{6237E082-1DBD-4E2E-A800-6FFDA71D966E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7123D739-9D43-42D3-AF30-A857F2B6767D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{7F107A9D-F08F-4830-BBE9-393A52D8135A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's pirates!\pirates!.exe |
"{8461937C-56C7-48CA-AB7C-EE73EEA1BDDE}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{89E890B0-0312-4676-9538-A94BB010FF0E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{9ACF85C3-6DD7-4312-9531-375AC1DBA567}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9B563E3B-4D69-4121-A379-9C1D896412E8}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{9CB83EBA-CA21-4880-8EFD-3492BB5A30B3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9F4F8317-8CA9-4735-8F9F-10DE5C27AA42}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{ACE5B641-6AB7-4A46-8362-C2DC6C9BC198}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{BD980C5E-A5E0-40E2-9172-C34DDB6FCE3E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\napoleon total war\napoleon.exe |
"{BE2B7225-4E83-4993-844F-80B15638058B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BFBA5312-9EEF-4BD2-A97E-0504626E4F5F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C203FA37-DA5F-4120-BFF1-39A712731D59}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{C5EF5C5F-63B7-45F5-8FFE-5BCDB4D37ECC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C8572B42-958C-4B50-B2E0-063C11FB269B}" = protocol=6 | dir=out | app=system |
"{CD21F818-4C79-454B-8470-6A1D6C34A7B3}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{D76E122E-CE37-488C-803C-35977E647374}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
"{D8F42350-CD6B-4042-8815-B37A19A43E6E}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{E462FBAC-47FC-4B63-8E34-9B59A9DDEFF3}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{F13D60B5-A14E-4B9A-ABD1-15A77B755F6B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\apb reloaded\binaries\apb.exe |
"{F14A9D22-0579-4C62-8E87-C321E1A488B4}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{FD95C074-0C46-4143-B9AD-560ADBCE3D4C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{CBF5346C-3DB4-45A9-B682-B21270B429B4}C:\program files\turbine\the lord of the rings online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files\turbine\the lord of the rings online\lotroclient.exe |
"TCP Query User{F55CBD35-50B7-4838-AB0F-C804EDB3C583}C:\program files\spinvector\bang\bang!.exe" = protocol=6 | dir=in | app=c:\program files\spinvector\bang\bang!.exe |
"UDP Query User{4799CC67-71CA-4908-A8BC-48F7E3AE0AA9}C:\program files\turbine\the lord of the rings online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files\turbine\the lord of the rings online\lotroclient.exe |
"UDP Query User{BE0CF9C6-7759-4935-A130-0FAEC412237D}C:\program files\spinvector\bang\bang!.exe" = protocol=17 | dir=in | app=c:\program files\spinvector\bang\bang!.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20A15757-4AE4-3C82-9711-863C84AFE6AA}" = Microsoft .NET Framework 4 Client Profile PTB Language Pack
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{39930321-4C58-4B8B-BCBF-342698C9801D}" = Max Payne
"{3AFDB27A-CE54-4C98-89A4-AB26FE9A0419}" = PRIMER 6
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ADC8FAB-C60F-4984-9DC4-823F344F8AF3}_is1" = Plagius - Detector de Plágio 2.1
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5ED69AF4-C38E-11D3-B10A-00500406C16C}" = STATISTICA 7
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-006D-0416-0000-0000000FF1CE}" = Microsoft Office com Clique para Executar 2010
"{90140011-0061-0416-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - Português (Brasil)
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD7C153B-B2B7-47D8-8A0E-5D6CC3C10005}" = BANG! the official video game
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Software de Suporte)
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Ferramenta de diagnóstico de modem
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™ v03.06.00.8025
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"DAEMON Tools Lite" = DAEMON Tools Lite
"D-Fend Reloaded" = D-Fend Reloaded 1.3.0 (deinstall)
"EaseUS Partition Master Home Edition_is1" = EaseUS Partition Master 9.1.1 Home Edition
"Google Chrome" = Google Chrome
"GraphPad InStat_is1" = GraphPad InStat 3 (Trial)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.8.0
"Kobo" = Kobo
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versão 1.62.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PTB Language Pack" = Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)
"Mozilla Firefox 12.0 (x86 pt-BR)" = Mozilla Firefox 12.0 (x86 pt-BR)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office com Clique para Executar 2010
"Optus Mobile Broadband" = Optus Mobile Broadband
"PunkBusterSvc" = PunkBuster Services
"R for Windows 2.14.1_is1" = R for Windows 2.14.1
"Steam App 3920" = Sid Meier's Pirates!
"uTorrent" = µTorrent
"uTorrentBar_PT Toolbar" = uTorrentBar_PT Toolbar
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"ZMBV" = Zip Motion Block Video codec (Remove Only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1394843730-1302084004-2182928936-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"80b77bf0c209b804" = Emulator Starter

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 27/07/2012 20:56:19 | Computer Name = MarcosFranco-PC | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: iexplore.exe, versão: 9.0.8112.16447,
carimbo de hora: 0xf36bac23 Nome do módulo de falhas: unknown, versão: 0.0.0.0,
carimbo de hora: 0x00000000 Código de exceção: 0xc0000005 Deslocamento com falha:
0x20051966 Identificação do processo com falha: 0x13dc Hora de início do aplicativo
com falha: 0x01cd6c5bc5035c92 Caminho do aplicativo com falha: C:\Program Files\Internet
Explorer\iexplore.exe FCaminho do módulo de falhas: unknown Identificação do Relatório:
0a16da58-d84f-11e1-bd72-0023aeeade02

Error - 27/07/2012 20:56:27 | Computer Name = MarcosFranco-PC | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: iexplore.exe, versão: 9.0.8112.16447,
carimbo de hora: 0xf36bac23 Nome do módulo de falhas: ntdll.dll, versão: 6.1.7600.16915,
carimbo de hora: 0x4ec49caf Código de exceção: 0xc0000005 Deslocamento com falha:
0x00055403 Identificação do processo com falha: 0x1080 Hora de início do aplicativo
com falha: 0x01cd6c5bcead92cb Caminho do aplicativo com falha: C:\Program Files\Internet
Explorer\iexplore.exe FCaminho do módulo de falhas: C:\Windows\SYSTEM32\ntdll.dll
Identificação
do Relatório: 0f59063d-d84f-11e1-bd72-0023aeeade02

Error - 27/07/2012 20:57:28 | Computer Name = MarcosFranco-PC | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: Skype.exe, versão: 5.10.0.116, carimbo
de hora: 0x50001496 Nome do módulo de falhas: unknown, versão: 0.0.0.0, carimbo
de hora: 0x00000000 Código de exceção: 0xc0000005 Deslocamento com falha: 0x20011966
Identificação
do processo com falha: 0x978 Hora de início do aplicativo com falha: 0x01cd6c582eb09756
Caminho
do aplicativo com falha: C:\Program Files\Skype\Phone\Skype.exe FCaminho do módulo
de falhas: unknown Identificação do Relatório: 33a3a10b-d84f-11e1-bd72-0023aeeade02

Error - 27/07/2012 21:01:15 | Computer Name = MarcosFranco-PC | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: Skype.exe, versão: 5.10.0.116, carimbo
de hora: 0x50001496 Nome do módulo de falhas: ntdll.dll, versão: 6.1.7600.16915,
carimbo de hora: 0x4ec49caf Código de exceção: 0xc0000005 Deslocamento com falha:
0x00057e03 Identificação do processo com falha: 0x978 Hora de início do aplicativo
com falha: 0x01cd6c582eb09756 Caminho do aplicativo com falha: C:\Program Files\Skype\Phone\Skype.exe
FCaminho
do módulo de falhas: C:\Windows\SYSTEM32\ntdll.dll Identificação do Relatório: ba93f0b6-d84f-11e1-bd72-0023aeeade02

Error - 27/07/2012 21:37:18 | Computer Name = MarcosFranco-PC | Source = Application Hang | ID = 1002
Description = O programa iexplore.exe versão 9.0.8112.16447 parou de interagir com
o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema,
verifique o histórico de problemas no painel de controle da Central de Ações. ID
de Processo: d7c Hora de Início: 01cd6c60ca4963f9 Hora de Término: 8 Caminho do Aplicativo:
C:\Program Files\Internet Explorer\iexplore.exe Id do Relatório: c1bc16ac-d854-11e1-bd72-0023aeeade02


Error - 27/07/2012 22:48:29 | Computer Name = MarcosFranco-PC | Source = Application Hang | ID = 1002
Description = O programa mbam-setup-1.62.0.1300.tmp versão 51.52.0.0 parou de interagir
com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre
o problema, verifique o histórico de problemas no painel de controle da Central
de Ações. ID de Processo: f24 Hora de Início: 01cd6c6ad6cb9e89 Hora de Término: 15 Caminho
do Aplicativo: C:\Users\MARCOS~1\AppData\Local\Temp\is-HTOB1.tmp\mbam-setup-1.62.0.1300.tmp

Id
do Relatório:

Error - 27/07/2012 23:08:32 | Computer Name = MarcosFranco-PC | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: Skype.exe, versão: 5.10.0.116, carimbo
de hora: 0x50001496 Nome do módulo de falhas: unknown, versão: 0.0.0.0, carimbo
de hora: 0x00000000 Código de exceção: 0xc0000005 Deslocamento com falha: 0x20011966
Identificação
do processo com falha: 0x1528 Hora de início do aplicativo com falha: 0x01cd6c6621c7e81f
Caminho
do aplicativo com falha: C:\Program Files\Skype\Phone\Skype.exe FCaminho do módulo
de falhas: unknown Identificação do Relatório: 829b9a61-d861-11e1-bd72-0023aeeade02

Error - 27/07/2012 23:11:38 | Computer Name = MarcosFranco-PC | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: Skype.exe, versão: 5.10.0.116, carimbo
de hora: 0x50001496 Nome do módulo de falhas: ntdll.dll, versão: 6.1.7600.16915,
carimbo de hora: 0x4ec49caf Código de exceção: 0xc0000005 Deslocamento com falha:
0x00051e86 Identificação do processo com falha: 0x1528 Hora de início do aplicativo
com falha: 0x01cd6c6621c7e81f Caminho do aplicativo com falha: C:\Program Files\Skype\Phone\Skype.exe
FCaminho
do módulo de falhas: C:\Windows\SYSTEM32\ntdll.dll Identificação do Relatório: f170b32a-d861-11e1-bd72-0023aeeade02

Error - 28/07/2012 05:52:58 | Computer Name = MarcosFranco-PC | Source = SideBySide | ID = 16842785
Description = Falha na geração de contexto de ativação para "c:\program files\Kobo\drivers\dpinst64.exe".
Assembly dependente Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
não pôde ser localizado. Use o arquivo sxstrace.exe para obter um diagnóstico detalhado.

Error - 28/07/2012 22:23:16 | Computer Name = MarcosFranco-PC | Source = CVHSVC | ID = 100
Description = Somente informações. (Patch task for {90140011-0061-0416-0000-0000000FF1CE}):
DownloadLatest Failed: O nome ou o endereço do servidor não pôde ser resolvido

[ System Events ]
Error - 23/05/2012 20:57:37 | Computer Name = MarcosFranco-PC | Source = Service Control Manager | ID = 7011
Description = Tempo limite esgotado (30000 milissegundos) ao aguardar a resposta
de uma transação do serviço ShellHWDetection.

Error - 24/05/2012 02:34:29 | Computer Name = MarcosFranco-PC | Source = volsnap | ID = 393252
Description = As cópias de sombra do volume C: foram anuladas porque o armazenamento
de cópia de sombra não pôde crescer devido a um limite imposto pelo usuário.

Error - 26/05/2012 03:52:13 | Computer Name = MarcosFranco-PC | Source = volsnap | ID = 393252
Description = As cópias de sombra do volume C: foram anuladas porque o armazenamento
de cópia de sombra não pôde crescer devido a um limite imposto pelo usuário.

Error - 29/05/2012 04:36:19 | Computer Name = MarcosFranco-PC | Source = volsnap | ID = 393252
Description = As cópias de sombra do volume C: foram anuladas porque o armazenamento
de cópia de sombra não pôde crescer devido a um limite imposto pelo usuário.

Error - 30/05/2012 00:46:21 | Computer Name = MarcosFranco-PC | Source = volsnap | ID = 393252
Description = As cópias de sombra do volume C: foram anuladas porque o armazenamento
de cópia de sombra não pôde crescer devido a um limite imposto pelo usuário.

Error - 30/05/2012 20:19:42 | Computer Name = MarcosFranco-PC | Source = volsnap | ID = 393252
Description = As cópias de sombra do volume C: foram anuladas porque o armazenamento
de cópia de sombra não pôde crescer devido a um limite imposto pelo usuário.

Error - 01/06/2012 21:49:11 | Computer Name = MarcosFranco-PC | Source = volsnap | ID = 393252
Description = As cópias de sombra do volume C: foram anuladas porque o armazenamento
de cópia de sombra não pôde crescer devido a um limite imposto pelo usuário.

Error - 02/06/2012 09:08:46 | Computer Name = MarcosFranco-PC | Source = volsnap | ID = 393252
Description = As cópias de sombra do volume C: foram anuladas porque o armazenamento
de cópia de sombra não pôde crescer devido a um limite imposto pelo usuário.

Error - 02/06/2012 11:46:45 | Computer Name = MarcosFranco-PC | Source = Service Control Manager | ID = 7009
Description = Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão
do serviço Steam Client Service.

Error - 02/06/2012 11:46:45 | Computer Name = MarcosFranco-PC | Source = Service Control Manager | ID = 7000
Description = Não foi possível iniciar o serviço Steam Client Service devido ao
seguinte erro: %%1053


< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O15 - HKU\S-1-5-21-1394843730-1302084004-2182928936-1000\..Trusted Domains: bancobrasil.com.br ([www] * in Trusted sites)
O15 - HKU\S-1-5-21-1394843730-1302084004-2182928936-1000\..Trusted Domains: bancobrasil.com.br ([www14] * in Trusted sites)
O15 - HKU\S-1-5-21-1394843730-1302084004-2182928936-1000\..Trusted Domains: bancobrasil.com.br ([www2] * in Trusted sites)
O15 - HKU\S-1-5-21-1394843730-1302084004-2182928936-1000\..Trusted Domains: bb.com.br ([www] * in Trusted sites)
[2012/07/29 04:28:57 | 000,000,000 | ---D | C] -- C:\FRST
@Alternate Data Stream - 208 bytes -> C:\Windows\System32\drivers:GbpKmAp.lst

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

=============================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Here it is the OTL log:

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Enviar para o OneNote\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xportar para o Microsoft Excel\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1394843730-1302084004-2182928936-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bancobrasil.com.br\www\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1394843730-1302084004-2182928936-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bancobrasil.com.br\www14\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1394843730-1302084004-2182928936-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bancobrasil.com.br\www2\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1394843730-1302084004-2182928936-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bb.com.br\www\ deleted successfully.
C:\FRST\Quarantine\dyeijwlv folder moved successfully.
C:\FRST\Quarantine folder moved successfully.
C:\FRST\Logs folder moved successfully.
C:\FRST\Hives folder moved successfully.
C:\FRST folder moved successfully.
ADS C:\Windows\System32\drivers:GbpKmAp.lst deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: MarcosFranco
->Temp folder emptied: 32692 bytes
->Temporary Internet Files folder emptied: 787318219 bytes
->Java cache emptied: 6591226 bytes
->FireFox cache emptied: 536514226 bytes
->Google Chrome cache emptied: 11180832 bytes
->Flash cache emptied: 3457 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Todos os Usuários

User: Usuário Padrão
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.279,00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: MarcosFranco
->Java cache emptied: 0 bytes

User: Public

User: Todos os Usuários

User: Usuário Padrão

Total Java Files Cleaned = 0,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: MarcosFranco
->Flash cache emptied: 0 bytes

User: Public

User: Todos os Usuários

User: Usuário Padrão

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.55.0 log created on 07292012_152924

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
Security Check log:

Results of screen317's Security Check version 0.99.43
Windows 7 x86 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware versão 1.62.0.1300
Java(TM) 6 Update 31
Java version out of Date!
Adobe Flash Player 11.3.300.268
Adobe Reader X (10.1.3)
Mozilla Firefox 12.0 Firefox out of Date!
Google Chrome 20.0.1132.47
Google Chrome 20.0.1132.57
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
 
FSS log:

Farbar Service Scanner Version: 26-07-2012
Ran by MarcosFranco (administrator) on 29-07-2012 at 15:43:19
Running from "C:\Users\MarcosFranco\Desktop"
Microsoft Windows 7 Ultimate (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Auto
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-07-07 18:25] - [2012-03-30 20:29] - 1287024 ____A (Microsoft Corporation) 55E9965552741F3850CB22CBBA9671ED

C:\Windows\system32\dnsrslvr.dll
[2012-07-07 18:24] - [2011-03-03 15:29] - 0132608 ____A (Microsoft Corporation) B15BE77A2BACF9C3177D27518AFE26A9

C:\Windows\system32\mpssvc.dll
[2009-07-14 09:53] - [2009-07-14 11:15] - 0565760 ____A (Microsoft Corporation) 5CD996CECF45CBC3E8D109C86B82D69E

C:\Windows\system32\bfe.dll
[2009-07-14 09:54] - [2009-07-14 11:14] - 0493568 ____A (Microsoft Corporation) 85AC71C045CEB054ED48A7841AAE0C11

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll
[2009-07-14 09:23] - [2009-07-14 11:16] - 0125952 ____A (Microsoft Corporation) 5FD90ABDBFAEE85986802622CBB03446

C:\Windows\system32\vssvc.exe
[2009-07-14 09:24] - [2009-07-14 11:14] - 1025536 ____A (Microsoft Corporation) 7EA2BCD94D9CFAF4C556F5CC94532A6C

C:\Windows\system32\wscsvc.dll
[2012-07-09 23:12] - [2010-12-21 15:38] - 0073728 ____A (Microsoft Corporation) A661A76333057B383A06E65F0073222F

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2009-07-14 09:30] - [2009-07-14 11:16] - 0589312 ____A (Microsoft Corporation) 53F476476F55A27F580661BDE09C4EC4

C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2012-07-09 23:10] - [2012-04-24 14:47] - 0139264 ____A (Microsoft Corporation) 520A108A2657F4BCA7FCED9CA7D885DE

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
 
Eset log:

C:\Local Disk D_61120122321\HD Externo\marcos\documentos\Meus arquivos recebidos\VDownloaderInitializer.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
 
1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

============================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
 
You must log in or register to reply here.

Similar threads

midian182
OneDrive users must justify why they are closing the app before exiting (Updated)
Replies
17
Views
545
Nobina
Nobina
midian182
Apple iPhone 15 Pro Max users are reporting cases of OLED burn-in
Replies
22
Views
668
WhoCaresAnymore
WhoCaresAnymore
midian182
Fake ChatGPT services are being used as lures to spread malware on Facebook
Replies
5
Views
588
MaestroIT
M

Latest posts

Back