Solved Random audio playing

Vinicius · Feb 16, 2013

Hey guys (and sorry for my poor English)

Since last week, a number of completely random sound clips would just play for 10 seconds or so, then happen again at random intervals. A siren, a typewriter, and a Super Mario song were some of the noises. I'm sure it does not come from a browser tab. Avast shows no virus.

MalwareBytes says "No malicious items detected" for all items checked, both quick and full scan.

DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16482
Run by Vinicius at 13:16:27 on 2013-02-16
Microsoft Windows 8 Pro 6.2.9200.0.1252.55.1046.18.4000.1088 [GMT -2:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\taskhostex.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Opera x64\opera.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Opera x64\pluginwrapper\opera_plugin_wrapper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\system32\igfxsrvc.exe
D:\TV Vivo\Captvty\Captvty.exe
C:\WINDOWS\explorer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Lync] "C:\Program Files\Microsoft Office\Office15\lync.exe" /fromrunkey
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
IE: E&xportar para o Microsoft Excel - C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
TCP: NameServer = 201.6.2.105 201.6.2.185
TCP: Interfaces\{642A19C7-BA40-42F1-83DC-E2A7277643EA} : DHCPNameServer = 201.6.2.105 201.6.2.185
TCP: Interfaces\{642A19C7-BA40-42F1-83DC-E2A7277643EA}\25564656030303 : NameServer = 177.71.182.132,177.71.182.149
TCP: Interfaces\{642A19C7-BA40-42F1-83DC-E2A7277643EA}\25564656030303 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{642A19C7-BA40-42F1-83DC-E2A7277643EA}\4556E64616F5431353147383 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{642A19C7-BA40-42F1-83DC-E2A7277643EA}\B69647028323 : NameServer = 177.71.182.132,177.71.182.149
TCP: Interfaces\{642A19C7-BA40-42F1-83DC-E2A7277643EA}\B69647028323 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{DDF78FA9-45F9-4B48-B8F3-C698264D599E} : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\WINDOWS\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
x64-Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 aswnet;avast! AG Firewall Core Driver;C:\WINDOWS\System32\Drivers\aswnet.sys [2012-11-30 468144]
R1 aswSnx;aswSnx;C:\WINDOWS\System32\Drivers\aswSnx.sys [2012-11-30 984144]
R1 aswSP;aswSP;C:\WINDOWS\System32\Drivers\aswSP.sys [2012-11-30 370288]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\System32\Drivers\aswFsBlk.sys [2012-11-30 25232]
R2 aswMonFlt;aswMonFlt;C:\WINDOWS\System32\Drivers\aswMonFlt.sys [2012-11-30 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-11-30 44808]
R3 RTL8168;Realtek 8168 NT Driver;C:\WINDOWS\System32\Drivers\Rt630x64.sys [2012-6-2 589824]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2012-10-1 178824]
S3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\Drivers\usbaapl64.sys [2012-9-28 53760]
S3 vmbusr;Provedor de Barramento de Máquina Virtual;C:\WINDOWS\System32\Drivers\vmbusr.sys [2012-7-26 117248]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-02-15 15:20:05 -------- d-----w- C:\Users\Vinicius\AppData\Roaming\Malwarebytes
2013-02-15 15:19:55 -------- d-----w- C:\ProgramData\Malwarebytes
2013-02-15 15:19:52 24176 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2013-02-15 15:19:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-02-15 15:19:36 -------- d-----w- C:\Users\Vinicius\AppData\Local\Programs
2013-02-13 22:25:50 -------- d-----w- C:\Users\Vinicius\AppData\Local\Shutdown8
2013-02-12 23:53:29 4055552 ----a-w- C:\WINDOWS\System32\win32k.sys
2013-02-12 23:49:04 6967016 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2013-02-12 23:49:01 2226408 ----a-w- C:\WINDOWS\System32\drivers\tcpip.sys
2013-02-12 23:47:38 817664 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-12 23:47:38 1084416 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-01-25 12:50:18 5065840 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\CMigrate.exe
2013-01-25 12:50:18 4830832 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\Csi.dll
2013-01-25 12:50:18 25357936 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
2013-01-25 12:42:00 2948704 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\1046\MSOINTL.DLL
2013-01-25 12:41:58 6779504 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\CMigrate.exe
2013-01-25 12:41:58 6557808 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Csi.dll
2013-01-25 12:41:48 35329632 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
2013-01-22 13:01:42 -------- d-----w- C:\Program Files (x86)\MSECache
2013-01-21 09:09:01 78176 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2013-01-21 09:09:00 692576 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2013-01-20 22:56:26 1131520 ----a-w- C:\WINDOWS\System32\AppXDeploymentServer.dll
2013-01-20 22:56:25 707584 ----a-w- C:\WINDOWS\System32\AppXDeploymentExtensions.dll
2013-01-20 22:56:23 178176 ----a-w- C:\WINDOWS\System32\SystemEventsBrokerServer.dll
2013-01-20 22:56:23 170496 ----a-w- C:\WINDOWS\System32\TimeBrokerServer.dll
2013-01-20 22:41:07 368640 ----a-w- C:\WINDOWS\System32\sppwinob.dll
2013-01-20 22:08:44 86016 ----a-w- C:\WINDOWS\System32\ncryptsslp.dll
2013-01-20 22:08:44 71168 ----a-w- C:\WINDOWS\SysWow64\ncryptsslp.dll
2013-01-20 21:47:51 2361344 ----a-w- C:\WINDOWS\System32\msxml6.dll
2013-01-20 21:47:51 1836032 ----a-w- C:\WINDOWS\System32\msxml3.dll
2013-01-20 21:47:51 1802240 ----a-w- C:\WINDOWS\SysWow64\msxml6.dll
2013-01-20 21:47:50 1438720 ----a-w- C:\WINDOWS\SysWow64\msxml3.dll
2013-01-20 21:47:48 2048 ----a-w- C:\WINDOWS\SysWow64\msxml6r.dll
2013-01-20 21:47:48 2048 ----a-w- C:\WINDOWS\SysWow64\msxml3r.dll
2013-01-20 21:47:48 2048 ----a-w- C:\WINDOWS\System32\msxml6r.dll
2013-01-20 21:47:48 2048 ----a-w- C:\WINDOWS\System32\msxml3r.dll
2013-01-20 19:34:13 -------- d-----w- C:\Program Files (x86)\ASUS
2013-01-20 19:31:19 -------- d-----w- C:\WINDOWS\System32\appmgmt
.
==================== Find3M ====================
.
2013-01-16 00:35:49 44032 ----a-w- C:\WINDOWS\SysWow64\UXInit.dll
2013-01-16 00:31:26 53760 ----a-w- C:\WINDOWS\System32\UXInit.dll
2013-01-04 05:32:36 2706432 ----a-w- C:\WINDOWS\SysWow64\mshtml.tlb
2013-01-04 04:19:53 2706432 ----a-w- C:\WINDOWS\System32\mshtml.tlb
2012-12-20 00:37:37 1775616 ----a-w- C:\WINDOWS\SysWow64\wininet.dll
2012-12-20 00:37:04 2881536 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll
2012-12-20 00:37:02 61440 ----a-w- C:\WINDOWS\SysWow64\iesetup.dll
2012-12-20 00:37:02 109056 ----a-w- C:\WINDOWS\SysWow64\iesysprep.dll
2012-12-20 00:36:50 431616 ----a-w- C:\WINDOWS\apppatch\AcSpecfc.dll
2012-12-20 00:29:16 2246656 ----a-w- C:\WINDOWS\System32\wininet.dll
2012-12-20 00:29:11 907776 ----a-w- C:\WINDOWS\System32\uxtheme.dll
2012-12-20 00:28:29 3966464 ----a-w- C:\WINDOWS\System32\jscript9.dll
2012-12-20 00:28:26 136704 ----a-w- C:\WINDOWS\System32\iesysprep.dll
2012-12-20 00:28:04 39936 ----a-w- C:\WINDOWS\apppatch\apppatch64\acspecfc.dll
2012-12-18 01:56:27 534528 ----a-w- C:\WINDOWS\SysWow64\uxtheme.dll
2012-12-17 20:37:52 108008 ----a-w- C:\WINDOWS\System32\WindowsAccessBridge-64.dll
2012-12-17 20:37:47 959976 ----a-w- C:\WINDOWS\System32\deployJava1.dll
2012-12-17 20:37:47 1081320 ----a-w- C:\WINDOWS\System32\npDeployJava1.dll
2012-12-16 08:28:20 46080 ----a-w- C:\WINDOWS\System32\atmlib.dll
2012-12-16 08:20:01 35328 ----a-w- C:\WINDOWS\SysWow64\atmlib.dll
2012-12-16 08:08:33 362496 ----a-w- C:\WINDOWS\System32\atmfd.dll
2012-12-16 07:57:09 300032 ----a-w- C:\WINDOWS\SysWow64\atmfd.dll
2012-12-01 16:09:10 468144 ----a-w- C:\WINDOWS\System32\drivers\aswnet.sys
2012-11-27 07:00:32 194280 ----a-w- C:\WINDOWS\System32\drivers\sdbus.sys
2012-11-27 07:00:29 124648 ----a-w- C:\WINDOWS\System32\drivers\dumpsd.sys
2012-11-27 06:59:13 329960 ----a-w- C:\WINDOWS\System32\drivers\storport.sys
2012-11-27 06:39:46 1122768 ----a-w- C:\WINDOWS\System32\Taskmgr.exe
2012-11-27 04:49:20 1027152 ----a-w- C:\WINDOWS\SysWow64\Taskmgr.exe
2012-11-27 04:20:50 1048064 ----a-w- C:\WINDOWS\SysWow64\mstsc.exe
2012-11-27 04:20:42 179200 ----a-w- C:\WINDOWS\SysWow64\wpnapps.dll
2012-11-27 04:20:35 891904 ----a-w- C:\WINDOWS\SysWow64\winmde.dll
2012-11-27 04:20:31 798208 ----a-w- C:\WINDOWS\SysWow64\WebcamUi.dll
2012-11-27 04:20:29 46592 ----a-w- C:\WINDOWS\SysWow64\vds_ps.dll
2012-11-27 04:20:28 560128 ----a-w- C:\WINDOWS\SysWow64\UserLanguagesCpl.dll
2012-11-27 04:20:23 1217536 ----a-w- C:\WINDOWS\SysWow64\storagewmi.dll
2012-11-27 04:20:15 680960 ----a-w- C:\WINDOWS\System32\vds.exe
2012-11-27 04:20:07 702464 ----a-w- C:\WINDOWS\SysWow64\nshwfp.dll
2012-11-27 04:20:07 1123840 ----a-w- C:\WINDOWS\System32\mstsc.exe
2012-11-27 04:18:59 888832 ----a-w- C:\WINDOWS\System32\nshwfp.dll
2012-11-27 04:18:39 5974528 ----a-w- C:\WINDOWS\System32\mstscax.dll
2012-11-27 04:18:13 1071104 ----a-w- C:\WINDOWS\System32\IKEEXT.DLL
2012-11-27 04:18:06 378880 ----a-w- C:\WINDOWS\System32\FWPUCLNT.DLL
2012-11-27 04:17:32 718848 ----a-w- C:\WINDOWS\System32\BFE.DLL
2012-11-27 04:17:31 2302464 ----a-w- C:\WINDOWS\System32\authui.dll
2012-11-27 03:57:32 18432 ----a-w- C:\WINDOWS\System32\drivers\BtaMPM.sys
2012-11-27 03:56:29 31104 ----a-w- C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
2012-11-27 03:55:44 29952 ----a-w- C:\WINDOWS\System32\drivers\BthhfHid.sys
2012-11-20 05:24:19 1164800 ----a-w- C:\WINDOWS\SysWow64\Display.dll
2012-11-20 05:24:17 36352 ----a-w- C:\WINDOWS\SysWow64\DevDispItemProvider.dll
2012-11-20 05:17:23 1184256 ----a-w- C:\WINDOWS\System32\Display.dll
2012-11-20 05:17:20 49152 ----a-w- C:\WINDOWS\System32\DevDispItemProvider.dll
2012-11-20 05:02:46 6656 ----a-w- C:\WINDOWS\SysWow64\KBDKURD.DLL
2012-11-20 04:59:26 7168 ----a-w- C:\WINDOWS\System32\KBDKURD.DLL
2012-11-20 04:56:27 27136 ----a-w- C:\WINDOWS\System32\drivers\usbohci.sys
2012-11-20 04:56:11 83456 ----a-w- C:\WINDOWS\System32\drivers\hidclass.sys
2012-11-20 04:54:31 39936 ----a-w- C:\WINDOWS\System32\drivers\hidi2c.sys
.
============= FINISH: 13:17:36,28 ===============

Vinicius · Feb 16, 2013

Here's Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8 Pro
Boot Device: \Device\HarddiskVolume2
Install Date: 30/11/2012 14:21:50
System Uptime: 15/02/2013 13:12:50 (24 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | K84C
Processor: Intel(R) Core(TM) i3-2330M CPU @ 2.20GHz | CPU 1 | 2200/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 254 GiB total, 195,783 GiB free.
D: is FIXED (NTFS) - 317 GiB total, 237,131 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: USB2.0-CRW
Device ID: USB\VID_0BDA&PID_0139\20100201396000000
Manufacturer:
Name: USB2.0-CRW
PNP Device ID: USB\VID_0BDA&PID_0139\20100201396000000
Service:
.
==== System Restore Points ===================
.
RP16: 01/02/2013 02:19:58 - Removed Adobe Reader XI - Português.
RP17: 04/02/2013 06:22:25 - Windows Update
RP18: 08/02/2013 03:31:35 - Windows Update
RP19: 12/02/2013 22:02:08 - Windows Update
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
Adobe Flash Player 11 Plugin
Adobe Reader XI - Português
Apple Mobile Device Support
Apple Software Update
ATK Package
avast! Free Antivirus
Bonjour
Cycledog Tree Mod 1.0 english
Definition update for Microsoft Office 2013 (KB2760587) 64-Bit Edition
Google Chrome
Google Earth
Google Update Helper
Grand Theft Auto: San Andreas
iFunbox (v2.1.2228.731), iFunbox DevTeam
Intel(R) Processor Graphics
iTunes
Java 7 Update 10 (64-bit)
Malwarebytes Anti-Malware versão 1.70.0.1100
Microsoft Access MUI (Portuguese (Brazil)) 2013
Microsoft Application Error Reporting
Microsoft DCF MUI (Portuguese (Brazil)) 2013
Microsoft Excel MUI (Portuguese (Brazil)) 2013
Microsoft Groove MUI (Portuguese (Brazil)) 2013
Microsoft InfoPath MUI (Portuguese (Brazil)) 2013
Microsoft Lync MUI (Portuguese (Brazil)) 2013
Microsoft Office 32-bit Components 2013
Microsoft Office OSM MUI (Portuguese (Brazil)) 2013
Microsoft Office OSM UX MUI (Portuguese (Brazil)) 2013
Microsoft Office Professional Plus 2013
Microsoft Office Proofing (Portuguese (Brazil)) 2013
Microsoft Office Proofing Tools 2013 - English
Microsoft Office Proofing Tools 2013 - Español
Microsoft Office Shared 32-bit MUI (Portuguese (Brazil)) 2013
Microsoft Office Shared MUI (Portuguese (Brazil)) 2013
Microsoft OneNote MUI (Portuguese (Brazil)) 2013
Microsoft Outlook MUI (Portuguese (Brazil)) 2013
Microsoft PowerPoint MUI (Portuguese (Brazil)) 2013
Microsoft Publisher MUI (Portuguese (Brazil)) 2013
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Word MUI (Portuguese (Brazil)) 2013
Network Addon Mod Version 30 with Essentials r132
Opera 12.14
Outils de vérification linguistique 2013 de Microsoft Office - Français
Revisores de Texto do Microsoft Office 2013 – Português do Brasil
SC4 Mapper 2013
Shutdown8
SimCity 4 Deluxe
Simcity 4 Region and Config Creator (Scracc)
Steam
Suporte para Aplicativos Apple
TweetDeck
Update for Microsoft Access 2013 (KB2760350) 64-Bit Edition
Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition
Update for Microsoft Office 2013 (KB2726961) 64-Bit Edition
Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition
Update for Microsoft Office 2013 (KB2737954) 64-Bit Edition
Update for Microsoft Office 2013 (KB2752025) 64-Bit Edition
Update for Microsoft Office 2013 (KB2752101) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760224) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760311) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760318) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760621) 64-Bit Edition
Update for Microsoft Office 2013 (KB2767845) 64-Bit Edition
Update for Microsoft Office 2013 (KB2767861) 64-Bit Edition
Update for Microsoft Office 2013 (KB2767864) 64-Bit Edition
Update for Microsoft OneNote 2013 (KB2737968) 64-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2726947) 64-Bit Edition
Update for Microsoft SkyDrive Pro (KB2760214) 64-Bit Edition
Update for Microsoft Visio Viewer 2013 (KB2767856) 64-Bit Edition
Update for Microsoft Word 2013 (KB2752073) 64-Bit Edition
Update for Microsoft Word 2013 (KB2760244) 64-Bit Edition
Update for Microsoft Word 2013 (KB2767854) 64-Bit Edition
URL Helper
VLC media player 2.0.4
WinPcap 4.1.1
.
==== End Of File ===========================

Thank you guys, hope there's a solution for this problem

Broni · Feb 16, 2013

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================

Download RogueKiller on the desktop

Close all the running programs
Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
Wait until the Status box shows Scan Finished
Click on Delete.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Download Malwarebytes Anti-Rootkit (MBAR) from HERE

Unzip downloaded file.
Open the folder where the contents were unzipped and run mbar.exe
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Click on the Cleanup button to remove any threats and reboot if prompted to do so.
Wait while the system shuts down and the cleanup process is performed.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

Vinicius · Feb 16, 2013

Ok, here are the RogueKiller files

RogueKiller V8.5.1 [Feb 12 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Vinicius [Admin rights]
Mode : Scan -- Date : 02/16/2013 17:43:23
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> ENCONTRADO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ENCONTRADO

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS547564A9E384 +++++
--- User ---
[MBR] 7799615772c8ffb0a466961ce1d0c7c2
[BSP] 82d3e802d36b8a6f63558c029dec2cf9 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 260473 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 585879552 | Size: 324406 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_02162013_02d1743.txt >>
RKreport[1]_S_02162013_02d1743.txt

RogueKiller V8.5.1 [Feb 12 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Vinicius [Admin rights]
Mode : Remove -- Date : 02/16/2013 17:44:26
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> SUBSTITUIDO (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> SUBSTITUIDO (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS547564A9E384 +++++
--- User ---
[MBR] 7799615772c8ffb0a466961ce1d0c7c2
[BSP] 82d3e802d36b8a6f63558c029dec2cf9 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 260473 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 585879552 | Size: 324406 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_02162013_02d1744.txt >>
RKreport[1]_S_02162013_02d1743.txt ; RKreport[2]_D_02162013_02d1744.txt

Vinicius · Feb 16, 2013

Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org

Database version: v2013.02.16.05

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16484
Vinicius :: CARMINHA [administrator]

16/02/2013 18:10:45
mbar-log-2013-02-16 (18-10-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29225
Time elapsed: 16 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1020

(c) Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16484

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.195000 GHz
Memory total: 4194435072, free: 3198128128

------------ Kernel report ------------
02/16/2013 17:49:41
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\system32\drivers\tpm.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\System32\Drivers\aswrdr2.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\System32\Drivers\aswnet.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\ucx01000.sys
\SystemRoot\system32\DRIVERS\Rt630x64.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_storahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\WINDOWS\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\npf.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800541f060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000038\
Lower Device Object: 0xfffffa8004941060
Lower Device Driver Name: \Driver\storahci\
Driver name found: storahci
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\Drivers\storport.sys (0x0)
Load Function returned 0x0
Downloaded database version: v2013.02.16.05
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800541f060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800541fb10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800541f060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa8004942cc0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8004941060, DeviceName: \Device\00000038\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0xfffff8a00db066c0, 0xfffffa800541f060, 0xfffffa800e6a46e0
Lower DeviceData: 0xfffff8a0034c1440, 0xfffffa8004941060, 0xfffffa800d8ad730
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 5BE4A3F9

Partition information:

Partition 0 type is Other (0x1c)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 52428800

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 52430848 Numsec = 533448704
Partition file system is NTFS
Partition is bootable

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 585879552 Numsec = 664383488

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 640135028736 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1250243728-1250263728)...
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================

Broni · Feb 16, 2013

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Vinicius · Feb 16, 2013

AdwCleaner log came in portuguese, sorry. It says that the registry key was removed and IE/Chrome registry/file is clean

# AdwCleaner v2.112 - Relatório criado em 16/02/2013 às 19:31:33
# Atualizado em 10/02/2013 por Xplode
# Sistema Operacional : Windows 8 Pro (64 bits)
# Usuário : Vinicius - CARMINHA
# Modo de Boot : Normal
# Executado de : C:\Users\Vinicius\Desktop\adwcleaner0.exe
# Opção [Remover]

***** [Serviços] *****

***** [Arquivos/Pastas] *****

***** [Registro] *****

Chave Removida : HKCU\Software\Softonic

***** [Navegadores] *****

-\\ Internet Explorer v10.0.9200.16482

[OK] Registro está limpo.

-\\ Google Chrome v24.0.1312.57

Arquivo : C:\Users\Vinicius\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Arquivo está limpo.

*************************

AdwCleaner[R1].txt - [840 octets] - [16/02/2013 19:31:07]
AdwCleaner[S1].txt - [768 octets] - [16/02/2013 19:31:33]

########## EOF - C:\AdwCleaner[S1].txt - [827 octets] ##########

Vinicius · Feb 16, 2013

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.3 (02.12.2013:1)
OS: Windows 8 Pro x64
Ran by Vinicius on 16/02/2013 at 19:36:43,98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16/02/2013 at 19:43:58,29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Vinicius · Feb 16, 2013

Otl.txt

OTL logfile created on: 16/02/2013 20:16:35 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Vinicius\Desktop
64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16484)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

3,91 Gb Total Physical Memory | 3,09 Gb Available Physical Memory | 79,21% Memory free
6,41 Gb Paging File | 5,58 Gb Available in Paging File | 87,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 254,37 Gb Total Space | 195,53 Gb Free Space | 76,87% Space Free | Partition Type: NTFS
Drive D: | 316,80 Gb Total Space | 237,15 Gb Free Space | 74,86% Space Free | Partition Type: NTFS

Computer Name: CARMINHA | User Name: Vinicius | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/16 19:19:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Vinicius\Desktop\OTL.exe
PRC - [2013/02/16 19:19:43 | 000,547,384 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Vinicius\Desktop\JRT.exe
PRC - [2012/11/26 10:36:04 | 000,184,704 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2012/11/14 14:42:46 | 000,106,880 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
PRC - [2012/10/30 20:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Arquivos de Programas\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 20:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Arquivos de Programas\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/10/17 19:08:40 | 000,205,184 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/09/14 13:14:16 | 000,328,064 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2012/07/26 01:20:44 | 000,349,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2011/11/21 14:19:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

========== Modules (No Company Name) ==========

MOD - [2012/11/28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/11/28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

========== Services (SafeList) ==========

SRV:64bit: - [2012/12/06 02:23:00 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2012/12/06 02:22:59 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2012/11/06 02:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/11/06 02:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2012/09/20 07:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012/09/20 04:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/09/20 04:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012/07/26 01:08:04 | 001,968,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2012/07/26 01:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/26 01:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012/07/26 01:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/26 01:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/26 01:06:36 | 000,463,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2012/07/26 01:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/26 01:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/26 01:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/26 01:06:00 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/07/26 01:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/26 01:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/26 01:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012/07/26 01:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/26 01:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/26 01:05:04 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2012/07/25 22:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/25 22:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/25 22:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/25 22:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/25 22:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/25 22:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV - [2013/01/18 10:11:16 | 000,541,608 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/11/14 14:42:46 | 000,106,880 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2012/11/06 02:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/10/30 20:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Arquivos de Programas\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/10/10 02:22:26 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/10/01 20:34:38 | 000,178,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose64)
SRV - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/26 01:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2011/11/21 14:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009/10/20 16:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/01 14:09:10 | 000,468,144 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\aswnet.sys -- (aswnet)
DRV:64bit: - [2012/11/27 05:00:32 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2012/11/27 01:56:29 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2012/11/27 01:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/11/20 02:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/11/06 05:52:07 | 000,445,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2012/11/06 05:36:23 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2012/11/06 01:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/10/30 20:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/10/30 20:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/10/30 20:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/10/30 20:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/10/15 12:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/10/12 06:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/10/11 05:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/10/11 05:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012/10/10 02:22:28 | 005,343,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/09/20 05:55:33 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2012/09/20 05:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012/09/20 05:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012/09/20 05:55:29 | 000,028,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/09/20 05:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/09/20 05:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/09/20 05:03:08 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/26 03:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/26 03:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/26 03:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/26 03:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/26 03:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/26 03:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/26 03:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2012/07/26 03:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2012/07/26 03:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/26 03:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/26 03:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/26 03:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/26 03:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/26 03:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/26 03:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/26 03:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/26 03:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/26 03:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/26 03:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/26 02:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/26 02:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012/07/26 02:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/26 02:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2012/07/26 02:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2012/07/26 01:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/26 00:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/26 00:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/26 00:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/26 00:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/26 00:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/26 00:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/26 00:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/26 00:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/26 00:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/26 00:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/26 00:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/26 00:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/26 00:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/26 00:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/26 00:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/26 00:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/26 00:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/26 00:25:26 | 000,203,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Vid.sys -- (Vid)
DRV:64bit: - [2012/07/26 00:25:22 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\storvsp.sys -- (storvsp)
DRV:64bit: - [2012/07/26 00:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/26 00:25:12 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmbusr.sys -- (vmbusr)
DRV:64bit: - [2012/07/26 00:25:12 | 000,066,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpcivsp.sys -- (vpcivsp)
DRV:64bit: - [2012/07/26 00:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/26 00:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/26 00:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/06/02 12:31:56 | 000,589,824 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012/06/02 12:31:32 | 002,935,808 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2009/10/20 16:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\npf.sys -- (NPF)
DRV - [2011/09/07 09:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009/07/02 17:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1047536796-3939516741-3083161548-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.br.msn.com/
IE - HKU\S-1-5-21-1047536796-3939516741-3083161548-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-BR,pt;q=0.8,en-US;q=0.5,en;q=0.3
IE - HKU\S-1-5-21-1047536796-3939516741-3083161548-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 19 57 D0 E9 5D E1 CD 01 [binary data]
IE - HKU\S-1-5-21-1047536796-3939516741-3083161548-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1047536796-3939516741-3083161548-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-1047536796-3939516741-3083161548-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1047536796-3939516741-3083161548-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\WINDOWS\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google

riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
CHR - Extension: Google Drive = C:\Users\Vinicius\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Vinicius\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Pesquisa do Google = C:\Users\Vinicius\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\Vinicius\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: CommentBlocker = C:\Users\Vinicius\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhkjhnbkeibefoijmacgnnkddlkkmjaf\1.0.20_0\
CHR - Extension: Gmail = C:\Users\Vinicius\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/26 03:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Arquivos de Programas\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de Programas\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Arquivos de Programas\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de Programas\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de Programas\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Arquivos de Programas\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de Programas\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKU\S-1-5-21-1047536796-3939516741-3083161548-1001..\Run: [Lync] "C:\Program Files\Microsoft Office\Office15\lync.exe" /fromrunkey File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Arquivos de Programas\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{642A19C7-BA40-42F1-83DC-E2A7277643EA}: DhcpNameServer = 201.6.2.105 201.6.2.185
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DDF78FA9-45F9-4B48-B8F3-C698264D599E}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de Programas\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Arquivos de Programas\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/16 19:36:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/02/16 19:36:23 | 000,000,000 | ---D | C] -- C:\JRT
[2013/02/16 19:19:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Vinicius\Desktop\OTL.exe
[2013/02/16 19:19:42 | 000,547,384 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Vinicius\Desktop\JRT.exe
[2013/02/16 17:49:01 | 000,000,000 | ---D | C] -- C:\Users\Vinicius\Desktop\mbar-1.01.0.1020
[2013/02/16 17:34:22 | 000,000,000 | ---D | C] -- C:\Users\Vinicius\Desktop\RK_Quarantine
[2013/02/16 13:14:17 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Vinicius\Desktop\dds.com
[2013/02/15 13:20:05 | 000,000,000 | ---D | C] -- C:\Users\Vinicius\AppData\Roaming\Malwarebytes
[2013/02/15 13:19:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/02/15 13:19:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/02/15 13:19:52 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbam.sys
[2013/02/15 13:19:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/02/15 13:19:36 | 000,000,000 | ---D | C] -- C:\Users\Vinicius\AppData\Local\Programs
[2013/02/14 14:23:57 | 000,000,000 | ---D | C] -- C:\Users\Vinicius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Columbus Terrain Mod
[2013/02/14 14:23:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Columbus Terrain Mod
[2013/02/13 20:25:50 | 000,000,000 | ---D | C] -- C:\Users\Vinicius\AppData\Local\Shutdown8
[2013/02/01 02:27:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/01/27 15:40:06 | 000,000,000 | ---D | C] -- C:\Users\Vinicius\Desktop\Video
[2013/01/27 15:40:01 | 000,000,000 | ---D | C] -- C:\Users\Vinicius\Desktop\dip
[2013/01/23 21:30:39 | 000,000,000 | ---D | C] -- C:\Users\Vinicius\Desktop\DST
[2013/01/22 11:01:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2013/01/20 20:19:23 | 000,000,000 | ---D | C] -- C:\Users\Vinicius\Desktop\The Donnas-Gold medal-2004
[2013/01/20 17:34:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS
[2013/01/20 17:31:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\appmgmt
[2013/01/20 17:30:34 | 000,000,000 | ---D | C] -- C:\Users\Vinicius\Desktop\Nova pasta (2)
[2013/01/20 16:43:33 | 000,000,000 | ---D | C] -- C:\Users\Vinicius\Desktop\data

========== Files - Modified Within 30 Days ==========

[2013/02/16 19:54:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/16 19:34:59 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/02/16 19:33:30 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/16 19:32:49 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/02/16 19:32:47 | 3355,545,600 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/16 19:19:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Vinicius\Desktop\OTL.exe
[2013/02/16 19:19:43 | 000,547,384 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Vinicius\Desktop\JRT.exe
[2013/02/16 19:19:37 | 000,587,671 | ---- | M] () -- C:\Users\Vinicius\Desktop\adwcleaner0.exe
[2013/02/16 17:29:29 | 013,711,621 | ---- | M] () -- C:\Users\Vinicius\Desktop\mbar-1.01.0.1020.zip
[2013/02/16 17:28:31 | 000,798,208 | ---- | M] () -- C:\Users\Vinicius\Desktop\RogueKiller.exe
[2013/02/16 13:14:18 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Vinicius\Desktop\dds.com
[2013/02/15 13:20:10 | 001,765,682 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2013/02/15 13:20:10 | 000,762,816 | ---- | M] () -- C:\WINDOWS\SysNative\prfh0416.dat
[2013/02/15 13:20:10 | 000,710,244 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2013/02/15 13:20:10 | 000,154,608 | ---- | M] () -- C:\WINDOWS\SysNative\prfc0416.dat
[2013/02/15 13:20:10 | 000,132,614 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2013/02/15 13:19:57 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/15 04:42:42 | 000,352,912 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2013/02/13 20:25:56 | 000,001,091 | ---- | M] () -- C:\Users\Vinicius\Desktop\Shutdown8.lnk
[2013/02/01 02:28:00 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/01/29 22:55:26 | 000,038,670 | ---- | M] () -- C:\Users\Vinicius\Desktop\aiii.png
[2013/01/26 21:51:45 | 000,000,947 | ---- | M] () -- C:\Users\Vinicius\Desktop\Overplay.lnk

========== Files Created - No Company Name ==========

[2013/02/16 19:19:37 | 000,587,671 | ---- | C] () -- C:\Users\Vinicius\Desktop\adwcleaner0.exe
[2013/02/16 17:28:48 | 013,711,621 | ---- | C] () -- C:\Users\Vinicius\Desktop\mbar-1.01.0.1020.zip
[2013/02/16 17:28:30 | 000,798,208 | ---- | C] () -- C:\Users\Vinicius\Desktop\RogueKiller.exe
[2013/02/15 13:19:57 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/15 04:42:29 | 000,352,912 | ---- | C] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2013/02/13 20:25:56 | 000,001,091 | ---- | C] () -- C:\Users\Vinicius\Desktop\Shutdown8.lnk
[2013/02/01 02:28:00 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/02/01 02:28:00 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/01/29 22:55:26 | 000,038,670 | ---- | C] () -- C:\Users\Vinicius\Desktop\aiii.png
[2013/01/27 15:40:06 | 000,003,057 | ---- | C] () -- C:\Users\Vinicius\Desktop\WilmaaTV.bat
[2013/01/26 21:51:51 | 000,001,113 | ---- | C] () -- C:\Users\Vinicius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overplay.lnk
[2013/01/26 21:51:08 | 000,000,947 | ---- | C] () -- C:\Users\Vinicius\Desktop\Overplay.lnk
[2013/01/20 19:46:34 | 000,000,470 | ---- | C] () -- C:\Users\Vinicius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DATA (D).lnk
[2012/12/01 14:24:39 | 000,083,968 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2012/11/30 20:11:32 | 000,000,533 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2012/11/30 16:14:38 | 000,003,528 | ---- | C] () -- C:\Users\Vinicius\.swfinfo
[2012/10/10 02:22:34 | 000,064,512 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll
[2012/10/10 02:22:28 | 000,272,928 | ---- | C] () -- C:\WINDOWS\SysWow64\igvpkrng600.bin
[2012/10/10 02:22:20 | 000,963,452 | ---- | C] () -- C:\WINDOWS\SysWow64\igcodeckrng600.bin
[2012/07/26 06:13:10 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2012/07/26 06:13:09 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2012/07/26 05:21:26 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/07/25 23:17:42 | 000,043,520 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2012/07/25 18:37:29 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2012/07/25 18:28:31 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2012/06/02 12:31:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat

========== ZeroAccess Check ==========

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/11/06 02:19:27 | 019,789,824 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/11/06 02:20:00 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/26 01:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/26 01:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/26 01:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/12/19 14:47:35 | 000,000,000 | ---D | M] -- C:\Users\Vinicius\AppData\Roaming\iFunbox_UserCache
[2012/11/30 15:59:34 | 000,000,000 | ---D | M] -- C:\Users\Vinicius\AppData\Roaming\Opera

========== Purity Check ==========

< End of report >

Vinicius · Feb 16, 2013

Extras.txt

OTL Extras logfile created on: 16/02/2013 20:16:35 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Vinicius\Desktop
64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16484)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

3,91 Gb Total Physical Memory | 3,09 Gb Available Physical Memory | 79,21% Memory free
6,41 Gb Paging File | 5,58 Gb Available in Paging File | 87,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 254,37 Gb Total Space | 195,53 Gb Free Space | 76,87% Space Free | Partition Type: NTFS
Drive D: | 316,80 Gb Total Space | 237,15 Gb Free Space | 74,86% Space Free | Partition Type: NTFS

Computer Name: CARMINHA | User Name: Vinicius | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files\Opera x64\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera x64\Opera.exe (Opera Software)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Opera x64\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera x64\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Opera x64\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera x64\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01EC4240-10AD-48EF-B4B6-956C264966E6}" = rport=138 | protocol=17 | dir=out | app=system |
"{0414ABEB-2A17-4FBD-9991-0044D721DC44}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{26157B5C-D147-4938-87D1-46D3A4869D3A}" = lport=138 | protocol=17 | dir=in | app=system |
"{2D048585-BD0E-4551-8E47-C1E6D9A65DB7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{579459CB-861C-49CA-8E50-19942F250D79}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{57C17E90-A514-4851-B1DF-D7882F45D044}" = rport=137 | protocol=17 | dir=out | app=system |
"{5D891C0A-EFF3-46E6-9B4C-533B8B68AB86}" = lport=137 | protocol=17 | dir=in | app=system |
"{64B216E7-5F30-4B8B-87DA-C09501FD8F9C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6DE4BE6E-8DA6-480B-A84E-A424D7A26ED1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9E31A2D3-919B-44DF-A191-D2819D2760F8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B2FFFB23-C297-49EC-A8CA-A53D27585401}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BDB6C168-B340-4562-A7C8-27EF119A0E42}" = rport=10243 | protocol=6 | dir=out | app=system |
"{CE2ACFD9-7068-4C28-B359-7D25C73E0DCF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CF0E6D5C-36C0-4C64-BFAB-01B72AA01A78}" = lport=139 | protocol=6 | dir=in | app=system |
"{D1D684F6-0DD7-4A20-BB2E-38F001D86F5C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D2D365D1-993C-4717-AEFE-3F527135AF15}" = rport=139 | protocol=6 | dir=out | app=system |
"{D37DFF3E-3057-4862-80CC-87E634C15F58}" = lport=445 | protocol=6 | dir=in | app=system |
"{DC80BA04-54B4-4185-BA5F-45812241476E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F32724ED-570C-4C1E-B1DC-239B1DC8032B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FA26C171-3D71-477F-882B-8A14C28DF897}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FAA92082-9267-4DF7-A75F-E3C0A40E816A}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{042DE096-C03C-465D-9691-F913D53D8FCB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{04334332-9AB3-41F4-8BB2-138C4FE8379C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{04858DB3-F1B6-4D67-934B-A6AF5850D9B1}" = dir=out | name=dailymotion |
"{0A82F330-6948-4ECB-9AC6-4B6A5B771889}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0EA373D3-17AA-48F8-A8E1-3EB87EDB2198}" = protocol=17 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper_32.exe |
"{0F3B314D-84D9-436E-A1E0-6563052DD45A}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{14E0C8EF-8720-4BD9-863A-CB2B4B08E423}" = dir=out | name=top-music-videos.com |
"{190C5F84-4F4A-4DC7-B819-B1D9543BE6DD}" = protocol=17 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper_32.exe |
"{19ED4739-94BD-46D0-8C07-46776F017F8F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1AC0AF0B-6865-4248-BE7F-9CB60E086217}" = dir=in | name=kexp artist discovery |
"{2168AD64-17C2-40DC-A504-39BF013704E2}" = dir=out | name=@{microsoft.zunemusic_1.1.144.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{2E30F964-C7E0-4815-885E-D2CBD37A159A}" = protocol=17 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper.exe |
"{33DB049B-B3C9-450F-AA46-F03B55DAF6F3}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{36793536-9DC8-4DDD-A971-F707803A288C}" = dir=out | name=google search |
"{3A283D72-4CAB-422A-8D15-9A05B2BDB846}" = dir=out | name=youtube mp3 & videos downloader |
"{3ACED8D2-F0D0-420A-A633-E6B8DFECE55E}" = dir=in | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{3CAC4C60-8A84-41F8-862A-D3E136A0FB5A}" = dir=out | name=advanced english dictionary |
"{3DBE9DB3-B9BD-4150-B40A-3E4CD691EE79}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{452C13F4-4F9A-40FE-A122-062E3960ED5D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4748670F-CB6D-4A2B-BBF0-D597D9534FC4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{47F7DB87-4896-4479-ABD5-D3AD3D482E9C}" = dir=out | name=metro commander |
"{49D1DF6C-53D6-4A22-8C0A-178A0AAE1F89}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{4A13F199-7AD6-4D34-955B-EE26522D3D95}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4CD13705-5905-4D63-98F9-1B451AD8A2B5}" = dir=out | name=lingvo |
"{4D737E75-BBBD-40F6-8264-DDF2B12D9232}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{53E7208B-9979-4E7E-A296-2689A43E4B86}" = protocol=6 | dir=out | app=system |
"{555EAD1E-7E9A-4D06-A4C3-8A7CF76FE364}" = dir=out | name=netflix |
"{5D1A7C03-66AA-4815-9FC5-8FD2D6FA0104}" = protocol=6 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper_32.exe |
"{622811A9-E3F4-4659-985D-2B74B2D05205}" = dir=in | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{67115A97-8EB8-49BF-911B-69F08413E2F6}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{67218572-AC4C-4489-BEE0-6E039C2484B0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{690A0427-4204-4846-A2F3-9D23C859DB54}" = dir=out | name=@{microsoft.bingsports_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{6994573C-E192-4D65-A54E-408AA2BF243E}" = protocol=17 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper.exe |
"{6BB68C24-1BB1-4C62-9AC6-B217405E8B7F}" = dir=out | name=wordament |
"{6C870F6F-5FB0-43EB-907B-8B08AC67AF69}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{6D3D7A4F-0278-43E4-BDF3-94D7CEA28964}" = dir=out | name=@{microsoft.bingfinance_1.7.0.29_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{6E8054DA-AF51-4685-A897-CFB724905419}" = dir=out | name=kexp artist discovery |
"{71391E85-EE23-4060-9CFF-1D56CEF77C7D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{74D4E2D0-0716-489A-AD7A-77D52EC71729}" = protocol=6 | dir=in | app=c:\program files\opera x64\opera.exe |
"{76FC9521-3D7D-4490-92D4-A3B404FE1CC9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{83213361-E1EB-485C-A1E3-3CA49B4329DE}" = dir=out | name=word blast |
"{85E9A8EA-CA8F-44B2-B194-90845BC30245}" = dir=out | name=france 24-mcd-rfi |
"{88B09729-D028-46B5-8E2F-F779084F3802}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{89693380-41F6-46DB-9E4C-15CD0A351317}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{899CFFB7-88AE-4FB2-8767-AB3AAA1B3735}" = dir=out | name=soundtracker |
"{8A8949D8-9EFF-4638-BAEE-40A388DBEE47}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{8D505148-BE37-4DD8-B670-4A4FA6BC603E}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{8FE3DE13-3A77-4509-9BA8-CA3D2AFAACAB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8FFE01E8-66E4-4E9D-92DE-E73385DD96C7}" = dir=out | name=metrotwit |
"{905819BC-C420-451C-BF5F-6D04B1C55640}" = dir=out | name=world of words |
"{9168328E-CC9D-4687-BEC1-FA57F0F44529}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{918212F8-58B9-4BDF-845E-96A84931B7B8}" = dir=out | name=@{microsoft.bingnews_1.7.0.31_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{92235316-26FC-474C-A084-09428360B019}" = dir=out | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{9624908D-602A-441A-A4CE-7A0F00B2498B}" = protocol=6 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper.exe |
"{9C08D428-47FF-45ED-9977-052ACEA9B9A8}" = dir=out | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{9CD01D3C-377B-474E-8EF8-15785015FB16}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A0BEEA68-2831-4742-B28D-BC46ABCEBDB8}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{A418B64D-B8CE-4095-AD5A-D11248E4DCDB}" = dir=out | name=win8 dictionary |
"{A4DB9411-EA30-4A1D-AF10-5D1EB3A08997}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto san andreas\gta-sa.exe |
"{A830D42E-A1C2-4D08-B7D0-33718B430361}" = dir=out | name=microsoft mahjong |
"{A850E70B-8022-4FFE-92C6-59C55590B47D}" = protocol=17 | dir=in | app=c:\program files\opera x64\opera.exe |
"{A8C5B151-D818-4B0D-AF78-024D0B4D45EB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AE2CD7D6-78EB-4886-A9F8-64BF073AD2A1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B0CF6EA8-C41F-49EA-B09C-C2D223881A4D}" = protocol=6 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper.exe |
"{B79F3086-29B5-44D9-9D16-9ABE6A93DB03}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{BAC4ADA2-F658-4F75-AA7A-C98FCD356FD5}" = dir=out | name=wordfeud |
"{BC4EF5CE-E733-430A-9C91-F62D8AE2A1F4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BD755D1E-34A8-4CAC-A953-9F0697997738}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{BDEF9B22-AB81-4FAD-BFB3-BBC708A4F472}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C427379A-1133-4EE9-85B7-EABF4293C05C}" = dir=in | name=metrotwit |
"{C4950822-F73D-436D-BF2F-E690F652FC0A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C58AB287-9788-44D9-83AB-CD564C89C471}" = dir=out | name=toolbox for windows 8 |
"{CED7FD6F-6853-4815-AE70-DD350F3A7CB9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{CEE4E208-868E-4BE3-8860-9FCCF5B06AFE}" = dir=out | name=tuba.fm |
"{D16B7ACC-0844-444E-9D40-CDBB648F1A69}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto san andreas\gta-sa.exe |
"{D1AE9290-6DA6-4C30-A85D-0270339C9AD9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D3E38719-4ED1-4C2E-911A-32C0A6BF4A6B}" = dir=out | name=taptiles |
"{D7D53DB2-D0AD-4B6B-9ED9-17CD56E4869C}" = protocol=6 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper_32.exe |
"{DB4B77C3-9376-4050-ACFA-1D63F868749D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DBABAA56-8141-4343-8639-5734CAEABF46}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{DEE5C23F-2580-4260-A5F4-5D49D1A75A95}" = dir=out | name=dictionary. |
"{E0743A60-C165-453E-9755-4399DBA7C9CB}" = dir=out | name=@{microsoft.bingtravel_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{E39D8283-FDE5-49C6-A802-5A41A399DA22}" = dir=out | name=tunein radio |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{EB6C5FCF-2C8F-4EC2-9098-E2BFABDE3990}" = dir=out | name=speedwords arena |
"{EBD1B49B-994A-4B1F-A1EF-2AA5EC395D13}" = dir=out | name=@{babbel.com.learnfrenchwithbabbel.com_1.0.1.10_x64__qy1gdghayqfcm?ms-resource://babbel.com.learnfrenchwithbabbel.com/apptitles/app_title} |
"{F25AAFE4-29E9-4842-B6D8-0338416C91DC}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{F3443103-E9B8-4044-B147-E3AE5DDB4D09}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{FD422B8F-EB03-45EE-BAC8-ED3ACA8C93A6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FD7A0F1D-470B-4B4F-B6D8-C5EE62461DDC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{BC0AC150-BD11-44FC-9E05-B25E4F426C33}C:\program files\opera x64\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera x64\opera.exe |
"TCP Query User{DDF6185C-02E7-406E-9F42-D287E010FE91}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{2D46649F-3039-4400-B84B-C5D8B197AF43}C:\program files\opera x64\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera x64\opera.exe |
"UDP Query User{E5FA3E39-A845-4187-AEC2-9FBD149AEF9E}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417010FF}" = Java 7 Update 10 (64-bit)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{90150000-0015-0416-1000-0000000FF1CE}" = Microsoft Access MUI (Portuguese (Brazil)) 2013
"{90150000-0016-0416-1000-0000000FF1CE}" = Microsoft Excel MUI (Portuguese (Brazil)) 2013
"{90150000-0018-0416-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (Portuguese (Brazil)) 2013
"{90150000-0019-0416-1000-0000000FF1CE}" = Microsoft Publisher MUI (Portuguese (Brazil)) 2013
"{90150000-001A-0416-1000-0000000FF1CE}" = Microsoft Outlook MUI (Portuguese (Brazil)) 2013
"{90150000-001B-0416-1000-0000000FF1CE}" = Microsoft Word MUI (Portuguese (Brazil)) 2013
"{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-1000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office - Français
"{90150000-001F-0416-1000-0000000FF1CE}" = Revisores de Texto do Microsoft Office 2013 – Português do Brasil
"{90150000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Español
"{90150000-002C-0416-1000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2013
"{90150000-0044-0416-1000-0000000FF1CE}" = Microsoft InfoPath MUI (Portuguese (Brazil)) 2013
"{90150000-006E-0416-1000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2013
"{90150000-0090-0416-1000-0000000FF1CE}" = Microsoft DCF MUI (Portuguese (Brazil)) 2013
"{90150000-00A1-0416-1000-0000000FF1CE}" = Microsoft OneNote MUI (Portuguese (Brazil)) 2013
"{90150000-00BA-0416-1000-0000000FF1CE}" = Microsoft Groove MUI (Portuguese (Brazil)) 2013
"{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013
"{90150000-00C1-0416-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (Portuguese (Brazil)) 2013
"{90150000-00E1-0416-1000-0000000FF1CE}" = Microsoft Office OSM MUI (Portuguese (Brazil)) 2013
"{90150000-00E2-0416-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (Portuguese (Brazil)) 2013
"{90150000-012B-0416-1000-0000000FF1CE}" = Microsoft Lync MUI (Portuguese (Brazil)) 2013
"{91150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"Office15.PROPLUSR" = Microsoft Office Professional Plus 2013
"Opera 12.14.1738" = Opera 12.14

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{533B3480-EAB6-44DD-B2E4-715E958210E0}" = TweetDeck
"{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}" = Google Earth
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FF23187-713D-4785-9B62-33B609A10F0D}" = Simcity 4 Region and Config Creator (Scracc)
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-1046-7B44-AB0000000001}" = Adobe Reader XI - Português
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Suporte para Aplicativos Apple
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"Cycledog Tree Mod" = Cycledog Tree Mod 1.0 english
"Google Chrome" = Google Chrome
"iFunbox_is1" = iFunbox (v2.1.2228.731), iFunbox DevTeam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versão 1.70.0.1100
"Steam App 12120" = Grand Theft Auto: San Andreas
"URL Helper_is1" = URL Helper
"VLC media player" = VLC media player 2.0.4
"WinPcapInst" = WinPcap 4.1.1

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1047536796-3939516741-3083161548-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Network Addon Mod" = Network Addon Mod Version 30 with Essentials r132
"SC4 Mapper 2013" = SC4 Mapper 2013
"Shutdown8" = Shutdown8

< End of report >

Broni · Feb 16, 2013

OTL logs are clean.

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click on List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

Vinicius · Feb 17, 2013

Checkup.txt

Results of screen317's Security Check version 0.99.57
x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Windows Defender
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware versão 1.70.0.1100
Adobe Flash Player 11.5.502.135
Adobe Reader XI
Google Chrome 24.0.1312.56
Google Chrome 24.0.1312.57
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

FSS.txt
Farbar Service Scanner Version: 15-02-2013
Ran by Vinicius (administrator) on 16-02-2013 at 21:40:51
Running from "C:\Users\Vinicius\Desktop"
Windows 8 Pro (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-02-12 21:49] - [2013-01-31 01:29] - 2226408 ____A (Microsoft Corporation) D192288CE5FB395F0BBAFDD1A8B5285D

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MsMpEng.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

ESET found no threat

Broni · Feb 17, 2013

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

8. Run Temporary File Cleaner (TFC) weekly.

9. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

11. (Windows XP only) Run defrag at your convenience.

12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

13. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

14. Please, let me know, how your computer is doing.

Vinicius · Feb 17, 2013

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Todos os Usuários

User: Usuário Padrão
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Vinicius
->Temp folder emptied: 1018105 bytes
->Temporary Internet Files folder emptied: 128 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 61965018 bytes
->Flash cache emptied: 1793 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 22152 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 60,00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Todos os Usuários

User: Usuário Padrão

User: Vinicius
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Todos os Usuários

User: Usuário Padrão

User: Vinicius
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0,00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 02172013_145738

Files\Folders moved on Reboot...
C:\Users\Vinicius\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\WINDOWS\temp\_avast_\unp80176766.tmp moved successfully.
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Vinicius · Feb 17, 2013

I haven't heard sounds today, It seems to have stopped.

Thank you so much for your attention.

Broni · Feb 17, 2013

Way to go!!
Good luck and stay safe

Solved Random audio playing

Vinicius

Posts: 11 +0

Vinicius

Posts: 11 +0

Broni

Posts: 56,041 +516

Vinicius

Posts: 11 +0

Vinicius

Posts: 11 +0

Broni

Posts: 56,041 +516

Vinicius

Posts: 11 +0

Vinicius

Posts: 11 +0

Vinicius

Posts: 11 +0

Vinicius

Posts: 11 +0

Broni

Posts: 56,041 +516

Vinicius

Posts: 11 +0

Broni

Posts: 56,041 +516

Vinicius

Posts: 11 +0

Vinicius

Posts: 11 +0

Broni

Posts: 56,041 +516

Similar threads

Latest posts