Solved Having problem, but don't know what is...

OTL Extras logfile created on: 09/08/2012 07:41:18 - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Konishi\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 2,81 Gb Available Physical Memory | 70,31% Memory free
8,00 Gb Paging File | 6,69 Gb Available in Paging File | 83,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 397,41 Gb Total Space | 94,81 Gb Free Space | 23,86% Space Free | Partition Type: NTFS
Drive D: | 37,30 Gb Total Space | 25,31 Gb Free Space | 67,87% Space Free | Partition Type: NTFS
Drive E: | 68,25 Gb Total Space | 37,15 Gb Free Space | 54,43% Space Free | Partition Type: NTFS

Computer Name: KONISHI-PC | User Name: Konishi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-989966592-1269749742-2495231924-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02F6D758-EEAD-4BDD-A9BA-EA6AECB32232}" = rport=139 | protocol=6 | dir=out | app=system |
"{3E3386EC-28BF-4BC1-BCE8-576254868B95}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4656BD58-48ED-4661-A462-1F06B5734E38}" = lport=2869 | protocol=6 | dir=in | app=system |
"{53528B18-6306-4E8E-87DA-A7A881550884}" = rport=137 | protocol=17 | dir=out | app=system |
"{591C0336-19E6-4127-A602-38B7E61B5908}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5C9642B6-7D50-487A-977F-6ABB1D771AEC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{6F209B57-5B60-4FDA-A26A-F32927A68F6C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{78EB4D90-4BD3-4079-9D8E-F4EC8FB6FDB7}" = lport=138 | protocol=17 | dir=in | app=system |
"{85D952D8-6088-43FA-84CF-7B0109AE77E7}" = lport=137 | protocol=17 | dir=in | app=system |
"{976F59A4-341D-404D-BC6E-26944D2BD4FC}" = lport=445 | protocol=6 | dir=in | app=system |
"{ABF39F87-6D48-44B6-A5BD-F57839BBB889}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C62B2C70-96ED-4495-BE96-E244B2128932}" = lport=139 | protocol=6 | dir=in | app=system |
"{CFD9E561-807B-4680-8008-FD3C2857DBFD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E10251EA-4780-4BA0-AB44-073E323CC3E8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E55A2E78-48A8-456F-987A-BE83F08F7C1C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{EA7173E9-A10B-4EAE-BEF7-77BA7276066A}" = rport=138 | protocol=17 | dir=out | app=system |
"{EC8D4D17-006E-405E-82F7-211E16F7F5D1}" = rport=445 | protocol=6 | dir=out | app=system |
"{F5306B9F-2E53-48C7-A6C0-A663EFF4DB72}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0534D1CE-3E7E-410A-8C20-CC719E015298}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{0B613AC3-37D3-4F7A-90F5-A94A0C38DF85}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{17153486-6614-4498-B58C-D38877D4C4DE}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{2074DB55-6120-4942-A9CC-206BC03ABB31}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{2657E91D-74BA-4269-B1A7-300B751097EB}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{28ADEDE1-A4D5-42D8-9B05-BF7C283C4059}" = protocol=6 | dir=in | app=c:\windows\system32\svchost.exe |
"{28ADEDE1-A4D5-42D8-9B05-BF7C283C4060}" = protocol=6 | dir=out | app=c:\windows\system32\svchost.exe |
"{37EB1378-172B-4D7A-BD2A-156C01A99F00}" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"{422F2241-768D-4507-BA8C-6AE3D7E47C40}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{47F4782D-84FD-4479-AB2C-532E7E84D571}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
"{4E5C4E76-4653-49C6-B6F6-ADCC315B8356}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{605D63E4-6834-4D6D-8024-15BB002F21DB}" = dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{60DC7CD7-CDDE-4BBA-989B-8E71DA384D85}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6314E996-9F77-4D15-ACA7-7AF690E1CD07}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's ghost recon future soldier\future soldier.exe |
"{652636B5-0E43-4B51-9EBD-EF5A99212311}" = dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{6822016D-67E3-4E88-81C1-A8812E1ACC94}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7A716467-C8DC-4785-97D1-9DC06F0A68AA}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's ghost recon future soldier\gu.exe |
"{7F97485B-AF42-4AC6-8F71-18883EB56C55}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{819A9C2C-9D6A-4FB4-BEAC-8D22469E25F0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A13334C8-F6EA-4C1D-9971-758BB42C258F}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's ghost recon future soldier\gu.exe |
"{AB259FC6-6F99-47FE-85F7-B5F73DC995D6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C1989708-9184-496E-AAD3-6F8E5D80AB31}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{C28DB50F-BC22-43D0-AFE5-A28164134A82}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's ghost recon future soldier\future soldier.exe |
"{C879A972-0623-486B-A17C-1D8510F775E6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CE87B1E3-59DC-4051-885A-4983E25EF0E9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D5F42633-E6B5-4359-8757-66628732B2B9}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{D89F6F8C-42D2-41EE-BEA2-CB43871EE013}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{DB051523-FD17-4026-846B-8EA8A3294BC2}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{DE6CE3C0-2FE1-4565-BFFF-0AF9B97FEA19}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E8F3F201-0DE6-445C-89D1-AEF6F2E1EE53}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{EB4458B7-DE44-4AD9-95B5-080608EF3C75}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
"{F153634C-9E83-43B3-BFD6-9F51D0178F61}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F55FAEA0-1F2D-4700-A83F-8D3580F3BDC2}" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"{FE0E43D8-218D-4856-8A8E-B59DCD8F3D6F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{2787BC65-D8E4-4520-AEF1-C1049E0F6C49}C:\users\konishi\downloads\left 4 dead 2 v2.0.2.7 full-rip {blaze69}\left 4 dead 2\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=c:\users\konishi\downloads\left 4 dead 2 v2.0.2.7 full-rip {blaze69}\left 4 dead 2\left 4 dead 2\left4dead2.exe |
"TCP Query User{A65E0629-BAF7-4E66-9CDD-77C9533EB2A7}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"TCP Query User{C8E62CB8-4EBE-444A-A11A-3F08110C3CE2}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"TCP Query User{E222ABE1-A46B-4AF0-97F9-FF2994AB6212}C:\nexon\dfo\dfo.exe" = protocol=6 | dir=in | app=c:\nexon\dfo\dfo.exe |
"UDP Query User{33F6AA39-7307-46B9-ABC9-0D27FCFC023E}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{46690541-75D2-4283-AB0A-E5026FC86FEB}C:\nexon\dfo\dfo.exe" = protocol=17 | dir=in | app=c:\nexon\dfo\dfo.exe |
"UDP Query User{8A58390C-1D34-453D-A44D-9FABEF15C8C4}C:\users\konishi\downloads\left 4 dead 2 v2.0.2.7 full-rip {blaze69}\left 4 dead 2\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=c:\users\konishi\downloads\left 4 dead 2 v2.0.2.7 full-rip {blaze69}\left 4 dead 2\left 4 dead 2\left4dead2.exe |
"UDP Query User{C25B7E2B-3510-4BFC-B5C2-13A679CE4C92}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{06A5A3AF-AFA5-4278-868E-BFD494A9B08B}" = Software básico do dispositivo HP Deskjet 1050 J410 series
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2D58E228-ACD8-0B8A-E1FF-D3F7020DA30F}" = AMD Media Foundation Decoders
"{3D8FB738-B802-456A-A7E2-38B3BC85AE86}" = ProxyCap
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{936D0DCE-9C2A-7D4C-0E96-7D5B40206DD1}" = AMD Fuel
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A71060CF-81D0-EC17-2252-78CA0E96CCCF}" = AMD Drag and Drop Transcoding
"{BABA4667-CF82-B330-A8E5-6E8A09B2D911}" = AMD Accelerated Video Transcoding
"{CB500A52-1B84-CA65-BB07-D092FCE39E42}" = ccc-utility64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E4490157-303F-F06F-FB6E-D2053A43A182}" = AMD Catalyst Install Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"Defraggler" = Defraggler

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05B2AAA8-F30A-163D-76E4-9E618DBDAFB1}" = Catalyst Control Center InstallProxy
"{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{1558A1B8-F033-441B-B56D-E6652FAB9C9C}" = Directip Launcher 0.8.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3BB4634D-CEE5-7AB0-D78D-EA263389A8AB}" = AMD VISION Engine Control Center
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{41B8D9C5-4DBB-D539-7FFA-8D83CB91A53B}" = CCC Help Portuguese
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}" = HP Deskjet 1050 J410 series Ajuda
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D87CAD9-9B94-4421-A439-B25F8DE14575}" = Tom Clancy's Ghost Recon Future Soldier
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"{C41E46F9-0F37-8379-E792-B323021FA4BB}" = Catalyst Control Center Localization All
"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E12ABE6F-830C-AE8F-29EA-76FEC5F2D376}" = Catalyst Control Center Graphics Previews Common
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AhnLab Online Security" = AhnLab Online Security
"avast" = avast! Free Antivirus
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"DAEMON Tools Lite" = DAEMON Tools Lite
"DFO" = DFOLauncher
"Diablo III" = Diablo III
"DNF" = 던전앤파이터
"ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5" = Receitanet
"Foxit Reader_is1" = Foxit Reader 5.1
"Fraps" = Fraps (remove only)
"http://pso2.jp/appid/release_is1" = PHANTASY STAR ONLINE 2
"InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"IRPF2012" = IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.7.0 (Standard)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"MapleStory" = MapleStory
"Mozilla Firefox 14.0.1 (x86 pt-BR)" = Mozilla Firefox 14.0.1 (x86 pt-BR)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MV RegClean 6.0_is1" = MV RegClean 6.0
"Payday The Heist (c) OVERKILL Software_is1" = Payday The Heist (c) OVERKILL Software version 1
"pepakura_viewer3en" = Pepakura Viewer 3
"Revo Uninstaller" = Revo Uninstaller 1.94
"Tibia_is1" = Tibia
"Tunngle beta_is1" = Tunngle beta
"uTorrent" = µTorrent
"Vindictus" = Vindictus
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.10 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-989966592-1269749742-2495231924-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"NeoplePlugin" = NeoplePlugin

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 07/08/2012 20:33:40 | Computer Name = Konishi-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 07/08/2012 20:33:41 | Computer Name = Konishi-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 07/08/2012 20:33:41 | Computer Name = Konishi-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 07/08/2012 20:33:41 | Computer Name = Konishi-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 07/08/2012 20:33:41 | Computer Name = Konishi-PC | Source = Windows Search Service | ID = 7010
Description =

Error - 07/08/2012 20:36:14 | Computer Name = Konishi-PC | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: aswMBR.exe, versao: 0.9.9.1665, carimbo
de hora: 0x4f5f9c86 Nome do modulo de falhas: ntdll.dll, versao: 6.1.7601.17725,
carimbo de hora: 0x4ec49b8f Codigo de excecao: 0xc0000005 Deslocamento com falha:
0x0002e3be Identificacao do processo com falha: 0xd28 Hora de inicio do aplicativo
com falha: 0x01cd74fd7fd5a95e Caminho do aplicativo com falha: C:\Users\Konishi\Desktop\aswMBR.exe
FCaminho
do modulo de falhas: C:\Windows\SysWOW64\ntdll.dll Identificacao do Relatorio: 0eb3a308-e0f1-11e1-adf9-90e6bacfc1b3

Error - 07/08/2012 20:39:29 | Computer Name = Konishi-PC | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: aswMBR.exe, versao: 0.9.9.1665, carimbo
de hora: 0x4f5f9c86 Nome do modulo de falhas: ntdll.dll, versao: 6.1.7601.17725,
carimbo de hora: 0x4ec49b8f Codigo de excecao: 0xc0000005 Deslocamento com falha:
0x0002e3be Identificacao do processo com falha: 0x2e4 Hora de inicio do aplicativo
com falha: 0x01cd74fde7ab4e98 Caminho do aplicativo com falha: C:\Users\Konishi\Desktop\aswMBR.exe
FCaminho
do modulo de falhas: C:\Windows\SysWOW64\ntdll.dll Identificacao do Relatorio: 8322741d-e0f1-11e1-adf9-90e6bacfc1b3

Error - 07/08/2012 22:33:40 | Computer Name = Konishi-PC | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: aswMBR.exe, versao: 0.9.9.1665, carimbo
de hora: 0x4f5f9c86 Nome do modulo de falhas: ntdll.dll, versao: 6.1.7601.17725,
carimbo de hora: 0x4ec49b8f Codigo de excecao: 0xc0000005 Deslocamento com falha:
0x0002e3be Identificacao do processo com falha: 0x710 Hora de inicio do aplicativo
com falha: 0x01cd750de9d3691f Caminho do aplicativo com falha: C:\Users\Konishi\Desktop\aswMBR.exe
FCaminho
do modulo de falhas: C:\Windows\SysWOW64\ntdll.dll Identificacao do Relatorio: 764ad597-e101-11e1-adf9-90e6bacfc1b3

Error - 07/08/2012 23:05:42 | Computer Name = Konishi-PC | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: aswMBR.exe, versao: 0.9.9.1665, carimbo
de hora: 0x4f5f9c86 Nome do modulo de falhas: ntdll.dll, versao: 6.1.7601.17725,
carimbo de hora: 0x4ec49b8f Codigo de excecao: 0xc0000005 Deslocamento com falha:
0x0002e3be Identificacao do processo com falha: 0x1060 Hora de inicio do aplicativo
com falha: 0x01cd750f767043ea Caminho do aplicativo com falha: C:\Users\Konishi\Desktop\aswMBR.exe
FCaminho
do modulo de falhas: C:\Windows\SysWOW64\ntdll.dll Identificacao do Relatorio: f02ead12-e105-11e1-adf9-90e6bacfc1b3

Error - 08/08/2012 08:01:21 | Computer Name = Konishi-PC | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: aswMBR.exe, versao: 0.9.9.1665, carimbo
de hora: 0x4f5f9c86 Nome do modulo de falhas: ntdll.dll, versao: 6.1.7601.17725,
carimbo de hora: 0x4ec49b8f Codigo de excecao: 0xc0000005 Deslocamento com falha:
0x0002e3be Identificacao do processo com falha: 0x4a0 Hora de inicio do aplicativo
com falha: 0x01cd755d4f79c414 Caminho do aplicativo com falha: C:\Users\Konishi\Desktop\aswMBR.exe
FCaminho
do modulo de falhas: C:\Windows\SysWOW64\ntdll.dll Identificacao do Relatorio: c4076da1-e150-11e1-b8f1-90e6bacfc1b3

[ System Events ]
Error - 19/07/2012 03:44:53 | Computer Name = Konishi-PC | Source = Service Control Manager | ID = 7000
Description = Nao foi possivel iniciar o servico i8042 Keyboard and PS/2 Mouse Port
Helper devido ao seguinte erro: %%1083

Error - 19/07/2012 03:44:54 | Computer Name = Konishi-PC | Source = Service Control Manager | ID = 7023
Description = O servico Windows Defender terminou com o erro: %%126

Error - 19/07/2012 06:32:54 | Computer Name = Konishi-PC | Source = Service Control Manager | ID = 7000
Description = Nao foi possivel iniciar o servico i8042 Keyboard and PS/2 Mouse Port
Helper devido ao seguinte erro: %%1083

Error - 19/07/2012 06:32:55 | Computer Name = Konishi-PC | Source = Service Control Manager | ID = 7023
Description = O servico Windows Defender terminou com o erro: %%126

Error - 19/07/2012 14:30:39 | Computer Name = Konishi-PC | Source = Service Control Manager | ID = 7000
Description = Nao foi possivel iniciar o servico i8042 Keyboard and PS/2 Mouse Port
Helper devido ao seguinte erro: %%1083

Error - 19/07/2012 14:30:40 | Computer Name = Konishi-PC | Source = Service Control Manager | ID = 7023
Description = O servico Windows Defender terminou com o erro: %%126

Error - 19/07/2012 18:28:59 | Computer Name = Konishi-PC | Source = Service Control Manager | ID = 7000
Description = Nao foi possivel iniciar o servico i8042 Keyboard and PS/2 Mouse Port
Helper devido ao seguinte erro: %%1083

Error - 19/07/2012 18:28:59 | Computer Name = Konishi-PC | Source = Service Control Manager | ID = 7023
Description = O servico Windows Defender terminou com o erro: %%126

Error - 20/07/2012 11:26:19 | Computer Name = Konishi-PC | Source = Service Control Manager | ID = 7000
Description = Nao foi possivel iniciar o servico i8042 Keyboard and PS/2 Mouse Port
Helper devido ao seguinte erro: %%1083

Error - 20/07/2012 11:26:23 | Computer Name = Konishi-PC | Source = Service Control Manager | ID = 7023
Description = O servico Windows Defender terminou com o erro: %%126


< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O20 - Winlogon\Notify\ecojink: DllName - (C:\Windows\system32\config\systemprofile\AppData\Local\ecojink.dll) - File not found
[2012/05/05 20:44:16 | 000,365,824 | ---- | C] () -- C:\Windows\SysWow64\xjigrgbe.dat
[2012/05/05 20:44:16 | 000,154,368 | ---- | C] () -- C:\Windows\SysWow64\cxgrkvyv.dat
[2012/05/05 20:44:16 | 000,136,960 | ---- | C] () -- C:\Windows\SysWow64\wpcbdxrt.dat
[2012/05/05 20:44:16 | 000,058,112 | ---- | C] () -- C:\Windows\SysWow64\emwfvbkd.dat
[2012/05/05 20:44:16 | 000,055,040 | ---- | C] () -- C:\Windows\SysWow64\qpzuuehn.dat
[2012/05/05 20:44:16 | 000,041,216 | ---- | C] () -- C:\Windows\SysWow64\ogovtfur.dat
[2012/05/05 20:44:16 | 000,036,608 | ---- | C] () -- C:\Windows\SysWow64\vldhibmw.dat
[2012/05/05 20:44:16 | 000,034,048 | ---- | C] () -- C:\Windows\SysWow64\ammmxjyz.dat
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:05EE1EEF


:Services

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000001

:Files

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

======================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
All processes killed
========== OTL ==========
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\Windows\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ecojink\ deleted successfully.
C:\Windows\SysWOW64\xjigrgbe.dat moved successfully.
C:\Windows\SysWOW64\cxgrkvyv.dat moved successfully.
C:\Windows\SysWOW64\wpcbdxrt.dat moved successfully.
C:\Windows\SysWOW64\emwfvbkd.dat moved successfully.
C:\Windows\SysWOW64\qpzuuehn.dat moved successfully.
C:\Windows\SysWOW64\ogovtfur.dat moved successfully.
C:\Windows\SysWOW64\vldhibmw.dat moved successfully.
C:\Windows\SysWOW64\ammmxjyz.dat moved successfully.
ADS C:\ProgramData\TEMP:05EE1EEF deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\"EnableFirewall" | dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\"EnableFirewall" | dword:00000001 /E : value set successfully!
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Konishi
->Temp folder emptied: 2782746 bytes
->Temporary Internet Files folder emptied: 3173811 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 1139175339 bytes
->Google Chrome cache emptied: 46237002 bytes
->Flash cache emptied: 35918 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Todos os Usuários

User: Usuário Padrão
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 75545 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 184115 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.136,00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Konishi
->Java cache emptied: 0 bytes

User: Public

User: Todos os Usuários

User: Usuário Padrão

Total Java Files Cleaned = 0,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Konishi
->Flash cache emptied: 0 bytes

User: Public

User: Todos os Usuários

User: Usuário Padrão

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.56.0 log created on 08092012_140554

Files\Folders moved on Reboot...
File move failed. C:\Users\Konishi\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...
[2012/05/11 06:36:01 | 000,000,000 | ---- | M] () C:\Users\Konishi\AppData\Local\Temp\FXSAPIDebugLogFile.txt : Unable to obtain MD5
[2012/08/09 14:10:07 | 000,000,000 | ---- | M] () C:\Windows\temp\_avast_\Webshlock.txt : Unable to obtain MD5

Registry entries deleted on Reboot...
Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
JavaFX 2.1.0
Java(TM) 7 Update 4
Java version out of Date!
Adobe Flash Player 11.2.202.235 Flash Player out of Date!
Mozilla Firefox (14.0.1)
Google Chrome 20.0.1132.57
Google Chrome 21.0.1180.60
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: =
````````````````````End of Log``````````````````````
 
Farbar Service Scanner Version: 06-08-2012
Ran by Konishi (administrator) on 09-08-2012 at 14:24:29
Running from "C:\Users\Konishi\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
 
Update Adobe Flash Player
Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

=====================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

=====================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
 
Sorry for late answer, these days is really conturbed for me ><
My computer seems better now, sometimes I thik he's little slow but I think it's because the anti virus. Anyway, there's the log.

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Konishi
->Temp folder emptied: 2794162 bytes
->Temporary Internet Files folder emptied: 49245001 bytes
->Java cache emptied: 107497 bytes
->FireFox cache emptied: 638068845 bytes
->Google Chrome cache emptied: 13275012 bytes
->Flash cache emptied: 32048 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Todos os Usuários

User: Usuário Padrão
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 75545 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 106767144 bytes

Total Files Cleaned = 773,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Konishi
->Flash cache emptied: 0 bytes

User: Public

User: Todos os Usuários

User: Usuário Padrão

Total Flash Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Konishi
->Java cache emptied: 0 bytes

User: Public

User: Todos os Usuários

User: Usuário Padrão

Total Java Files Cleaned = 0,00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.56.0 log created on 08122012_164432

Files\Folders moved on Reboot...
C:\Users\Konishi\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Konishi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3S1DRE18\direct;auc.7917562834025598488;ai.89952961.287074455;ac.1344770635-3017607;wi.234;hi.60;cp.0[1].htm moved successfully.
C:\Users\Konishi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3S1DRE18\tt[1].txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...
File C:\Users\Konishi\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\Konishi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3S1DRE18\direct;auc.7917562834025598488;ai.89952961.287074455;ac.1344770635-3017607;wi.234;hi.60;cp.0[1].htm not found!
File C:\Users\Konishi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3S1DRE18\tt[1].txt not found!
[2012/08/12 16:47:38 | 000,000,000 | ---- | M] () C:\Windows\temp\_avast_\Webshlock.txt : Unable to obtain MD5

Registry entries deleted on Reboot...
 
You must log in or register to reply here.

Similar threads

J
Inactive Admin rights are revoked
Replies
18
Views
2K
Broni
Broni
midian182
Survey: 20% of Japanese students don't know any keyboard shortcuts, 40% unfamiliar with...
Replies
16
Views
498
monkeylove
monkeylove
S
Dell Latitude E5470 Video Issues
Replies
1
Views
714
Mark Fuller
M

Latest posts

Back