Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

annoying nym1.ib.adnxs.com add

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

annoying nym1.ib.adnxs.com add

Unread postby peralarep » January 13th, 2013, 4:36 pm

Good evening,

First, sorry about my ´poor english skills; its not my first language.

I´m having some trouble with this constant add that appears while i´m surfing on web. Usually it appears when acess certain sites, such as facebook or google. I´ve seen an old topic about the same problem in this forum, but the expert instructed that the solution posted was for that user only. Thats why i decided to open a new topic.

In the old topic, the expert required a log from OLT. I´ve thought it would be usefull for my request. So it follows below.

At last, thanks in advance and sorry to bother.


OTL logfile created on: 13/01/2013 13:52:11 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pedro\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16453)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

7,89 Gb Total Physical Memory | 3,35 Gb Available Physical Memory | 42,47% Memory free
10,64 Gb Paging File | 5,97 Gb Available in Paging File | 56,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 904,77 Gb Total Space | 765,54 Gb Free Space | 84,61% Space Free | Partition Type: NTFS

Computer Name: PERAL | User Name: Pedro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/13 13:48:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pedro\Downloads\OTL.exe
PRC - [2012/12/27 17:02:36 | 002,879,176 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
PRC - [2012/12/14 07:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2012/12/04 23:15:17 | 001,242,728 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/11/27 17:21:16 | 000,074,416 | ---- | M] (Stardock Software, Inc) -- C:\Program Files (x86)\Stardock\Decor8\Decor8Srv.exe
PRC - [2012/11/22 18:33:21 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
PRC - [2012/11/01 17:46:02 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
PRC - [2012/09/06 04:50:40 | 001,124,288 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2012/09/05 05:50:26 | 001,593,976 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
PRC - [2012/09/05 05:50:24 | 000,085,112 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
PRC - [2012/09/05 05:50:16 | 002,623,096 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\Settings\sSettings.exe
PRC - [2012/08/27 08:45:56 | 001,112,000 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2012/08/15 09:41:26 | 000,097,392 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2012/07/31 13:02:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/07/17 23:10:32 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012/07/17 23:10:30 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012/07/17 23:10:24 | 000,128,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012/07/17 23:10:16 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2012/07/13 13:30:09 | 000,155,488 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
PRC - [2012/06/08 01:34:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
PRC - [2012/05/22 21:48:44 | 000,078,352 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2012/04/03 11:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/12/04 23:15:15 | 012,456,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
MOD - [2012/12/04 23:15:15 | 000,460,904 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
MOD - [2012/12/04 23:15:14 | 004,008,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
MOD - [2012/12/04 23:14:29 | 000,587,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libglesv2.dll
MOD - [2012/12/04 23:14:28 | 000,124,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libegl.dll
MOD - [2012/12/04 23:14:21 | 000,157,304 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avutil-51.dll
MOD - [2012/12/04 23:14:20 | 000,275,576 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avformat-54.dll
MOD - [2012/12/04 23:14:19 | 002,168,952 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll
MOD - [2012/09/05 05:50:28 | 000,110,712 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
MOD - [2012/09/05 05:50:22 | 000,211,064 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
MOD - [2012/09/05 05:50:16 | 000,060,536 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
MOD - [2012/09/05 05:50:10 | 000,103,544 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
MOD - [2012/09/05 05:50:10 | 000,026,744 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
MOD - [2012/08/17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
MOD - [2012/07/13 13:30:10 | 000,400,384 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll
MOD - [2012/07/13 13:30:10 | 000,062,464 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll
MOD - [2012/07/13 13:30:09 | 000,322,048 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll
MOD - [2012/07/13 13:30:09 | 000,195,584 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll
MOD - [2012/07/13 13:30:09 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll
MOD - [2012/07/13 13:30:09 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll
MOD - [2012/07/13 13:30:09 | 000,019,456 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll
MOD - [2012/07/13 13:30:09 | 000,016,896 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll
MOD - [2012/07/13 13:30:08 | 002,281,984 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\QtCore4.dll
MOD - [2012/07/13 13:30:08 | 000,891,392 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\QtNetwork4.dll
MOD - [2012/07/13 13:30:08 | 000,446,976 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll
MOD - [2012/07/13 13:30:08 | 000,339,456 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\QtXml4.dll
MOD - [2012/06/08 01:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
MOD - [2012/06/08 00:34:06 | 000,016,400 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/12/06 02:23:00 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2012/12/06 02:22:59 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2012/11/06 02:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/11/06 02:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2012/11/01 16:22:14 | 000,055,120 | ---- | M] (Condusiv Technologies) [Auto | Running] -- C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe -- (IntelliMemory)
SRV:64bit: - [2012/09/24 16:03:12 | 001,153,840 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2012/09/24 16:02:54 | 000,272,176 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2012/09/24 16:02:42 | 000,617,776 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2012/09/24 16:02:16 | 000,149,296 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2012/09/20 07:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012/09/20 04:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/09/20 04:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012/09/13 04:33:50 | 000,731,688 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2012/08/15 17:08:14 | 000,135,984 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2012/07/26 01:17:59 | 000,015,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2012/07/26 01:08:04 | 001,968,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2012/07/26 01:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/26 01:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012/07/26 01:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/26 01:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/26 01:06:36 | 000,463,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2012/07/26 01:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/26 01:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/26 01:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/26 01:06:00 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/07/26 01:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/26 01:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/26 01:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012/07/26 01:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/26 01:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/25 22:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/25 22:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/25 22:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/25 22:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/25 22:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/25 22:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012/04/20 03:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2013/01/05 01:45:32 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/27 17:02:36 | 002,879,176 | ---- | M] (Samsung Electronics CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe -- (SWUpdateService)
SRV - [2012/12/14 07:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012/11/27 17:21:16 | 000,074,416 | ---- | M] (Stardock Software, Inc) [Auto | Running] -- C:\Program Files (x86)\Stardock\Decor8\Decor8Srv.exe -- (Decor8)
SRV - [2012/11/22 18:33:21 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2012/11/06 02:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/11/02 13:57:08 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/10/07 22:57:10 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/09/06 04:50:40 | 001,124,288 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2012/09/05 05:50:26 | 001,593,976 | ---- | M] (Samsung Electronics CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe -- (Easy Launcher)
SRV - [2012/08/27 08:45:56 | 001,112,000 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2012/07/31 13:02:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/07/26 01:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012/07/17 23:10:32 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/17 23:10:30 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/07/17 23:10:24 | 000,128,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2012/07/17 23:10:16 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2012/05/22 21:48:42 | 000,243,728 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
SRV - [2012/04/03 11:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/05 23:53:05 | 000,048,472 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\klwfp.sys -- (klwfp)
DRV:64bit: - [2012/12/05 23:53:05 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2012/11/27 05:00:32 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2012/11/27 01:56:29 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2012/11/27 01:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/11/22 18:37:09 | 000,612,696 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012/11/20 02:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/11/09 15:04:03 | 000,450,360 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/11/09 11:55:13 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/11/06 05:52:07 | 000,445,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2012/11/06 05:36:23 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2012/11/06 01:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/11/01 16:22:22 | 000,104,272 | ---- | M] (Condusiv Technologies) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\intmsd.sys -- (intmsd)
DRV:64bit: - [2012/11/01 16:22:22 | 000,028,496 | ---- | M] (Condusiv Technologies) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\intmfs.sys -- (intmfs)
DRV:64bit: - [2012/10/25 20:02:40 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012/10/25 15:51:44 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2012/10/12 06:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/10/11 05:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/10/11 05:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012/10/10 11:18:16 | 004,309,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NETwew00.sys -- (NETwNe64)
DRV:64bit: - [2012/10/09 18:48:50 | 000,035,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2012/10/09 18:48:50 | 000,025,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2012/10/09 18:48:48 | 000,188,896 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\xHCIPort.sys -- (XHCIPort)
DRV:64bit: - [2012/10/09 18:48:48 | 000,047,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usb3Hub.sys -- (usb3Hub)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/09/27 22:57:30 | 005,338,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/09/20 05:55:33 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2012/09/20 05:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012/09/20 05:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012/09/20 05:55:29 | 000,028,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/09/20 05:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/09/20 05:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/09/20 05:03:08 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2012/09/19 10:02:08 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012/09/13 04:35:08 | 000,162,344 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2012/09/13 04:35:08 | 000,162,344 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2012/08/29 08:36:54 | 000,857,472 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2012/08/27 08:48:12 | 000,121,728 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/13 16:49:40 | 000,178,008 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\kneps.sys -- (kneps)
DRV:64bit: - [2012/08/06 11:07:08 | 000,068,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2012/08/02 15:09:32 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012/07/31 00:22:00 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/07/27 18:38:24 | 000,029,616 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\klelam.sys -- (klelam)
DRV:64bit: - [2012/07/27 10:00:03 | 000,023,408 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RadioHIDMini.sys -- (RadioHIDMini)
DRV:64bit: - [2012/07/26 03:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/26 03:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/26 03:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/26 03:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/26 03:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/26 03:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/26 03:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2012/07/26 03:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2012/07/26 03:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/26 03:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/26 03:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/26 03:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/26 03:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/26 03:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/26 03:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/26 03:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/26 03:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/26 03:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/26 03:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/26 02:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/26 02:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012/07/26 02:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/26 02:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2012/07/26 02:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2012/07/26 01:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/26 00:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/26 00:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/26 00:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/26 00:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/26 00:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/26 00:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/26 00:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/26 00:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/26 00:27:30 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/07/26 00:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/26 00:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/26 00:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/26 00:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/26 00:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/26 00:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/26 00:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/26 00:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/26 00:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/26 00:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/26 00:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2012/07/26 00:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/26 00:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/26 00:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/02 21:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/24 23:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2012/06/19 17:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\kl1.sys -- (kl1)
DRV:64bit: - [2012/06/18 20:40:50 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/06/12 10:41:22 | 000,683,664 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV - [2012/10/10 14:10:01 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{9F56C550-2293-4593-84D3-A4BA0F81999A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000.10005&barid={B7C725B3-19FE-429B-90EC-CDBB6A4B80E7}
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{9F56C550-2293-4593-84D3-A4BA0F81999A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10005&barid={B7C725B3-19FE-429B-90EC-CDBB6A4B80E7}


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-652798106-1447119271-1349535322-1001\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-652798106-1447119271-1349535322-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com
IE - HKU\S-1-5-21-652798106-1447119271-1349535322-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000.10005&barid={B7C725B3-19FE-429B-90EC-CDBB6A4B80E7}
IE - HKU\S-1-5-21-652798106-1447119271-1349535322-1002\..\SearchScopes,DefaultScope = {9F56C550-2293-4593-84D3-A4BA0F81999A}
IE - HKU\S-1-5-21-652798106-1447119271-1349535322-1002\..\SearchScopes\{95AA9102-91C1-4CBA-B59E-E2CA23A0AE8F}: "URL" = http://www.mysearchresults.com/search?&c=4001&t=10&q={searchTerms}
IE - HKU\S-1-5-21-652798106-1447119271-1349535322-1002\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10005&barid={B7C725B3-19FE-429B-90EC-CDBB6A4B80E7}
IE - HKU\S-1-5-21-652798106-1447119271-1349535322-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-652798106-1447119271-1349535322-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-652798106-1447119271-1349535322-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 150.164.255.201:3128

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://home.sweetim.com/?crg=3.1010000.10005&barid={B7C725B3-19FE-429B-90EC-CDBB6A4B80E7}"
FF - prefs.js..extensions.enabledAddons: helperbar@helperbar.com:1.0
FF - prefs.js..extensions.enabledAddons: url_advisor%40kaspersky.com:13.0.1.4250
FF - prefs.js..extensions.enabledAddons: virtual_keyboard%40kaspersky.com:13.0.1.4250
FF - prefs.js..extensions.enabledAddons: content_blocker%40kaspersky.com:13.0.1.4250
FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4250
FF - prefs.js..extensions.enabledAddons: online_banking%40kaspersky.com:13.0.1.4250
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - prefs.js..network.proxy.http: "150.164.255.201"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "*.ufmg.br"
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..browser.startup.homepage: "http://www.uptodate.com/contents/acute-arterial-occlusion-of-the-lower-extremities-acute-limb-ischemia?source=see_link"
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: "SweetIM Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&barid={B7C725B3-19FE-429B-90EC-CDBB6A4B80E7}&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2012/12/20 15:22:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2012/12/20 15:22:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2012/12/20 15:22:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2012/12/20 15:22:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2012/12/20 15:22:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/09 21:19:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\addlyrics@addlyrics.net: C:\Program Files (x86)\AddLyrics\FF\ [2013/01/13 13:01:13 | 000,000,000 | ---D | M]

[2012/11/06 17:27:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pedro\AppData\Roaming\mozilla\Extensions
[2013/01/13 13:12:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pedro\AppData\Roaming\mozilla\Firefox\Profiles\nim2mp9n.default\extensions
[2013/01/13 13:13:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pedro\AppData\Roaming\mozilla\Firefox\Profiles\nim2mp9n.default\extensions\staged
[2013/01/13 13:03:04 | 000,190,000 | ---- | M] () (No name found) -- C:\Users\Pedro\AppData\Roaming\mozilla\firefox\profiles\nim2mp9n.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2013/01/13 13:03:38 | 000,003,998 | ---- | M] () -- C:\Users\Pedro\AppData\Roaming\mozilla\firefox\profiles\nim2mp9n.default\searchplugins\sweetim.xml
[2013/01/09 21:19:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/12/20 15:22:18 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM
[2012/12/20 15:22:18 | 000,000,000 | ---D | M] (Content Blocker) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\CONTENT_BLOCKER@KASPERSKY.COM
[2012/12/20 15:22:18 | 000,000,000 | ---D | M] (Safe Money) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ONLINE_BANKING@KASPERSKY.COM
[2012/12/20 15:22:18 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\URL_ADVISOR@KASPERSKY.COM
[2012/12/20 15:22:18 | 000,000,000 | ---D | M] (Virtual Keyboard) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\VIRTUAL_KEYBOARD@KASPERSKY.COM
[2013/01/05 01:45:48 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/01/05 01:45:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/01/05 01:45:12 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.0.0.72_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - Extension: Prezi = C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\acoonfmhnndodekhecidldfdjgooefpg\1.3_0\
CHR - Extension: Google Docs = C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.4_0\
CHR - Extension: Google Drive = C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Facebook = C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm\1.0.3_0\
CHR - Extension: Conselheiro de URLs da Kaspersky = C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: Insta 9GAG = C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcioealmkobjedgcgebfeppgghgfhmfc\1_0\
CHR - Extension: Google Agenda = C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: retroLink = C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\fialekndleeclflilkpdcgdbboiibdab\1.2_0\
CHR - Extension: Dinheiro seguro = C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\
CHR - Extension: Bloqueio de Conte\u00FAdo = C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\
CHR - Extension: Teclado virtual = C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\
CHR - Extension: Evernote Web = C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol\1.0.7_0\
CHR - Extension: Google Maps = C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
CHR - Extension: Gmail = C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Anti-Banner = C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\
CHR - Extension: Prezi = C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\acoonfmhnndodekhecidldfdjgooefpg\1.3_0\
CHR - Extension: Google Docs = C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.4_0\
CHR - Extension: Google Drive = C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Facebook = C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm\1.0.3_0\
CHR - Extension: Conselheiro de URLs da Kaspersky = C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: Insta 9GAG = C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcioealmkobjedgcgebfeppgghgfhmfc\1_0\
CHR - Extension: Google Agenda = C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: retroLink = C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\fialekndleeclflilkpdcgdbboiibdab\1.2_0\
CHR - Extension: Dinheiro seguro = C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\
CHR - Extension: Bloqueio de Conte\u00FAdo = C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\
CHR - Extension: Teclado virtual = C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\
CHR - Extension: Evernote Web = C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol\1.0.7_0\
CHR - Extension: Google Maps = C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
CHR - Extension: Gmail = C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Anti-Banner = C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\

O1 HOSTS File: ([2012/07/26 03:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (AddLyrics) - {B40720CF-4DDD-40DC-86EA-26404E77C1E8} - C:\Program Files (x86)\AddLyrics\AddLyrics.dll (RVZR)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll (Motorola Solutions, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\runner_avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CLMLServer_For_P2G8] C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink)
O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-652798106-1447119271-1349535322-1002..\Run: [addlyrics@addlyrics.net] C:\Program Files (x86)\AddLyrics\YTLUpdater.exe ()
O4 - HKU\S-1-5-21-652798106-1447119271-1349535322-1002..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-652798106-1447119271-1349535322-1002..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-652798106-1447119271-1349535322-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Adicionar ao Antibanner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Enviar para o Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()
O8 - Extra context menu item: Adicionar ao Antibanner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Enviar para o Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()
O9:64bit: - Extra Button: Teclado Virtual - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Verificação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Teclado Virtual - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Verificação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D5D5AF9-6AE7-457D-B869-5DA1DD24F636}: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CC0B4BA4-6CF4-4B4C-AF56-2095BE025026}: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2417AF0-0979-45E6-9ABB-144D864B62A3}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/13 13:11:38 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/01/13 13:01:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AddLyrics
[2013/01/13 13:00:21 | 000,000,000 | ---D | C] -- C:\Users\Pedro\AppData\Local\SwvUpdater
[2013/01/13 13:00:12 | 000,000,000 | ---D | C] -- C:\Users\Pedro\Documents\Downloads
[2013/01/13 12:34:53 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\windows\SysNative\bootdelete.exe
[2013/01/13 11:54:51 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/01/13 11:11:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam
[2013/01/13 11:11:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bandicam
[2013/01/13 10:51:12 | 000,000,000 | ---D | C] -- C:\Users\Pedro\AppData\Roaming\Malwarebytes
[2013/01/13 10:50:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/01/13 10:50:37 | 000,000,000 | ---D | C] -- C:\Users\Pedro\AppData\Local\Programs
[2013/01/12 16:48:46 | 000,000,000 | ---D | C] -- C:\Users\Pedro\AppData\Roaming\BANDISOFT
[2013/01/12 16:48:15 | 000,000,000 | ---D | C] -- C:\Users\Pedro\Documents\Bandicam
[2013/01/12 16:47:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BandiMPEG1
[2013/01/12 09:38:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
[2013/01/12 09:35:38 | 000,000,000 | ---D | C] -- C:\Fraps
[2013/01/11 18:34:32 | 001,131,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AppXDeploymentServer.dll
[2013/01/11 18:34:32 | 000,707,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AppXDeploymentExtensions.dll
[2013/01/11 18:34:31 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SystemEventsBrokerServer.dll
[2013/01/11 18:34:31 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TimeBrokerServer.dll
[2013/01/11 18:34:30 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sppwinob.dll
[2013/01/11 18:34:25 | 005,974,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstscax.dll
[2013/01/11 18:34:25 | 005,088,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstscax.dll
[2013/01/11 18:34:25 | 001,096,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wmpmde.dll
[2013/01/11 18:34:23 | 003,245,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorets.dll
[2013/01/11 18:34:23 | 001,145,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winmde.dll
[2013/01/11 18:34:22 | 002,302,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\authui.dll
[2013/01/11 18:34:22 | 001,536,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\storagewmi.dll
[2013/01/11 18:34:22 | 001,122,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Taskmgr.exe
[2013/01/11 18:34:22 | 001,027,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Taskmgr.exe
[2013/01/11 18:34:21 | 000,955,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WebcamUi.dll
[2013/01/11 18:34:21 | 000,798,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WebcamUi.dll
[2013/01/11 18:34:21 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\UserLanguagesCpl.dll
[2013/01/11 18:34:21 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\usbmon.dll
[2013/01/11 18:34:20 | 002,033,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\authui.dll
[2013/01/11 18:34:20 | 000,891,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\winmde.dll
[2013/01/11 18:34:20 | 000,329,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\storport.sys
[2013/01/11 18:34:20 | 000,244,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wpnapps.dll
[2013/01/11 18:34:19 | 000,560,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\UserLanguagesCpl.dll
[2013/01/11 18:34:19 | 000,194,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\sdbus.sys
[2013/01/11 18:34:19 | 000,124,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dumpsd.sys
[2013/01/11 18:34:15 | 000,058,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuauclt.exe
[2013/01/11 18:34:14 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WSDMon.dll
[2013/01/11 18:34:13 | 000,179,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wpnapps.dll
[2013/01/11 18:34:12 | 001,217,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\storagewmi.dll
[2013/01/11 18:34:12 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstsc.exe
[2013/01/11 18:34:12 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstsc.exe
[2013/01/11 18:34:12 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\nshwfp.dll
[2013/01/11 18:34:11 | 000,888,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\nshwfp.dll
[2013/01/11 18:34:11 | 000,378,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\FWPUCLNT.DLL
[2013/01/11 18:34:11 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\FWPUCLNT.DLL
[2013/01/11 18:34:11 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vdsutil.dll
[2013/01/11 18:34:11 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\storewuauth.dll
[2013/01/11 18:34:11 | 000,120,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vds_ps.dll
[2013/01/11 18:34:11 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\vds_ps.dll
[2013/01/11 18:34:11 | 000,031,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\BthAvrcpTg.sys
[2013/01/11 18:34:11 | 000,029,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\BthhfHid.sys
[2013/01/11 18:34:11 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vdsldr.exe
[2013/01/11 18:34:11 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\BtaMPM.sys
[2013/01/09 21:19:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/01/09 21:19:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/01/09 12:47:51 | 000,080,728 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/01/09 12:47:50 | 000,695,640 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013/01/08 21:57:33 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncryptsslp.dll
[2013/01/08 21:57:33 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ncryptsslp.dll
[2013/01/08 21:57:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml6r.dll
[2013/01/08 21:57:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msxml6r.dll
[2013/01/08 21:57:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml3r.dll
[2013/01/08 21:57:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msxml3r.dll
[2013/01/06 13:46:43 | 000,000,000 | ---D | C] -- C:\Games
[2013/01/06 13:44:42 | 000,000,000 | ---D | C] -- C:\Users\Pedro\Documents\Nexus Mod Manager
[2013/01/06 13:44:42 | 000,000,000 | ---D | C] -- C:\Users\Pedro\AppData\Local\Black_Tree_Gaming
[2013/01/06 13:44:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
[2013/01/06 13:44:32 | 000,000,000 | ---D | C] -- C:\Program Files\Nexus Mod Manager
[2013/01/06 13:20:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013/01/06 13:20:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/01/06 13:20:38 | 000,859,072 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\npDeployJava1.dll
[2013/01/06 13:20:38 | 000,779,704 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\deployJava1.dll
[2013/01/06 13:20:38 | 000,260,528 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2013/01/06 13:20:27 | 000,174,000 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2013/01/06 13:20:27 | 000,173,992 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2013/01/06 13:20:27 | 000,095,184 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2013/01/06 13:20:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/01/06 09:01:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bethesda Softworks
[2013/01/06 09:01:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
[2013/01/06 09:00:34 | 000,000,000 | ---D | C] -- C:\Users\Pedro\AppData\Local\Oblivion
[2013/01/03 20:32:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2012/12/22 00:03:06 | 000,362,496 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll
[2012/12/22 00:03:06 | 000,300,032 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll
[2012/12/22 00:03:06 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll
[2012/12/22 00:03:06 | 000,035,328 | ---- | C] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll
[2012/12/20 09:17:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/12/20 09:16:08 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/12/20 09:16:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/12/20 09:16:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/12/20 09:16:07 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/12/17 18:25:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IZArc
[2012/12/17 00:26:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2012/12/17 00:25:58 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Stardock
[2012/12/17 00:25:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Stardock
[2012/12/17 00:25:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
[2012/12/17 00:25:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stardock
[2012/12/15 17:47:53 | 000,000,000 | ---D | C] -- C:\Users\Pedro\Documents\Meus Arquivos Recebidos
[2012/12/15 17:21:32 | 001,120,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msctf.dll
[2012/12/15 17:21:29 | 006,971,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2012/12/15 17:21:29 | 001,184,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Display.dll
[2012/12/15 17:21:29 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Display.dll
[2012/12/15 17:21:29 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\hidclass.sys
[2012/12/15 17:21:29 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DevDispItemProvider.dll
[2012/12/15 17:21:29 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\hidi2c.sys
[2012/12/15 17:21:28 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\DevDispItemProvider.dll
[2012/12/15 17:21:28 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KBDKURD.DLL
[2012/12/15 17:21:28 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\KBDKURD.DLL
[2012/12/15 17:21:27 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WSShared.dll
[2012/12/15 17:21:27 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WSShared.dll
[2012/12/15 17:21:27 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.ApplicationModel.Store.dll
[2012/12/15 17:21:27 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2012/12/15 17:21:27 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.ApplicationModel.Store.dll
[2012/12/15 17:21:27 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2012/12/15 17:20:45 | 011,459,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\glcndFilter.dll
[2012/12/15 17:20:44 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\twinui.dll
[2012/12/15 17:20:41 | 008,856,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\twinui.dll
[2012/12/15 17:20:40 | 008,552,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\glcndFilter.dll
[2012/12/15 17:20:38 | 001,526,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfcore.dll
[2012/12/15 17:20:37 | 001,566,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ole32.dll
[2012/12/15 17:20:37 | 001,451,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfcore.dll
[2012/12/15 17:20:37 | 000,976,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2012/12/15 17:20:36 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\localspl.dll
[2012/12/15 17:20:35 | 000,490,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AudioEng.dll
[2012/12/15 17:20:35 | 000,447,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AudioSes.dll
[2012/12/15 17:20:35 | 000,253,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\audiodg.exe
[2012/12/15 17:20:34 | 000,883,712 | ---- | C] (Microsoft Corporation) -- C:\windows\HelpPane.exe
[2012/12/15 17:20:34 | 000,767,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapi.dll
[2012/12/15 17:20:34 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drvstore.dll
[2012/12/15 17:20:33 | 000,549,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\drvstore.dll
[2012/12/15 17:20:33 | 000,069,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\pdc.sys
[2012/12/15 17:20:23 | 000,291,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.Networking.Connectivity.dll
[2012/12/15 17:20:22 | 000,522,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AUDIOKSE.dll
[2012/12/15 17:20:22 | 000,501,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DevicePairing.dll
[2012/12/15 17:20:22 | 000,445,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\USBHUB3.SYS
[2012/12/15 17:20:22 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dafWCN.dll
[2012/12/15 17:20:21 | 001,619,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wucltux.dll
[2012/12/15 17:20:21 | 000,463,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\AUDIOKSE.dll
[2012/12/15 17:20:18 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wlanmsm.dll
[2012/12/15 17:20:18 | 000,386,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wlanmsm.dll
[2012/12/15 17:20:18 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\bthprops.cpl
[2012/12/15 17:20:17 | 000,449,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\DevicePairing.dll
[2012/12/15 17:20:17 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpclip.exe
[2012/12/15 17:20:17 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Networking.Connectivity.dll
[2012/12/15 17:20:17 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\bthprops.cpl
[2012/12/15 17:20:17 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MFCaptureEngine.dll
[2012/12/15 17:20:17 | 000,141,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuwebv.dll
[2012/12/15 17:20:17 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wuwebv.dll
[2012/12/15 17:20:16 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wuapi.dll
[2012/12/15 17:20:16 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfreadwrite.dll
[2012/12/15 17:20:15 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ubpm.dll
[2012/12/15 17:20:15 | 000,251,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUSettingsProvider.dll
[2012/12/15 17:20:15 | 000,246,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ubpm.dll
[2012/12/15 17:20:15 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfreadwrite.dll
[2012/12/15 17:20:15 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MFCaptureEngine.dll
[2012/12/15 17:20:15 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapp.exe
[2012/12/15 17:20:15 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wuapp.exe
[2012/12/15 17:20:14 | 000,273,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wlanapi.dll
[2012/12/15 17:20:14 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fsquirt.exe
[2012/12/15 17:20:14 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AudioEndpointBuilder.dll
[2012/12/15 17:20:14 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wudriver.dll
[2012/12/15 17:20:14 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wudriver.dll
[2012/12/15 17:20:14 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskhost.exe
[2012/12/15 17:20:13 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wlanapi.dll
[2012/12/15 17:20:13 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskhostex.exe
[2012/12/15 17:20:12 | 000,446,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wlansec.dll
[2012/12/15 17:20:12 | 000,375,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wlansec.dll
[2012/12/15 17:20:12 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WcnApi.dll
[2012/12/15 17:20:12 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fdWCN.dll
[2012/12/15 17:20:12 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WcnApi.dll
[2012/12/15 17:20:12 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WcnEapAuthProxy.dll
[2012/12/15 17:20:11 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wfdprov.dll
[2012/12/15 17:20:11 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WcnEapPeerProxy.dll
[2012/12/15 17:20:10 | 002,146,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\actxprxy.dll
[2012/12/15 17:20:10 | 000,267,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\EncDump.dll
[2012/12/15 17:20:10 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups.dll
[2012/12/15 17:20:10 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wfdprov.dll
[2012/12/15 17:20:09 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\fxppm.sys
[2012/12/15 17:20:09 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wups.dll
[2012/12/15 17:20:09 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuaext.dll
[2012/12/15 17:20:09 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wlanhlp.dll
[2012/12/15 17:20:09 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wlanhlp.dll
[2012/12/15 17:20:08 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wushareduxresources.dll
[2012/12/15 17:20:08 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iscsilog.dll
[2012/09/10 06:39:06 | 002,258,432 | ---- | C] (Samsung Electronics) -- C:\ProgramData\MakeMarkerFile.exe

========== Files - Modified Within 30 Days ==========

[2013/01/13 13:51:00 | 000,001,078 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/13 13:44:57 | 000,001,074 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/13 13:44:46 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/01/13 13:43:39 | 000,000,286 | ---- | M] () -- C:\windows\tasks\AutoKMS.job
[2013/01/13 13:42:40 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/01/13 13:42:38 | 2482,626,559 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/13 12:34:53 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\windows\SysNative\bootdelete.exe
[2013/01/13 11:11:09 | 000,000,998 | ---- | M] () -- C:\Users\Pedro\Desktop\Bandicam.lnk
[2013/01/12 11:06:59 | 000,422,528 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/01/06 22:46:15 | 001,765,682 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/01/06 22:46:15 | 000,762,816 | ---- | M] () -- C:\windows\SysNative\prfh0416.dat
[2013/01/06 22:46:15 | 000,710,244 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/01/06 22:46:15 | 000,154,608 | ---- | M] () -- C:\windows\SysNative\prfc0416.dat
[2013/01/06 22:46:15 | 000,132,614 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/01/06 16:47:27 | 000,000,023 | ---- | M] () -- C:\windows\BlendSettings.ini
[2013/01/06 13:20:22 | 000,859,072 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\npDeployJava1.dll
[2013/01/06 13:20:22 | 000,779,704 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\deployJava1.dll
[2013/01/06 13:20:22 | 000,260,528 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2013/01/06 13:20:22 | 000,174,000 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2013/01/06 13:20:22 | 000,173,992 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2013/01/06 13:20:22 | 000,095,184 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2012/12/18 21:32:58 | 000,695,640 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012/12/18 21:32:58 | 000,080,728 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/12/16 10:08:05 | 000,018,902 | ---- | M] () -- C:\windows\SysNative\results.xml
[2012/12/16 06:28:20 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll
[2012/12/16 06:20:01 | 000,035,328 | ---- | M] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll
[2012/12/16 06:08:33 | 000,362,496 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll
[2012/12/16 05:57:09 | 000,300,032 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll

========== Files Created - No Company Name ==========

[2013/01/13 13:43:39 | 000,000,286 | ---- | C] () -- C:\windows\tasks\AutoKMS.job
[2013/01/13 11:11:09 | 000,000,998 | ---- | C] () -- C:\Users\Pedro\Desktop\Bandicam.lnk
[2013/01/12 11:06:30 | 000,422,528 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/01/09 21:19:17 | 000,001,175 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/01/06 14:12:50 | 000,000,023 | ---- | C] () -- C:\windows\BlendSettings.ini
[2013/01/03 20:32:47 | 000,001,188 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2012/12/15 17:20:21 | 000,385,604 | ---- | C] () -- C:\windows\SysNative\ApnDatabase.xml
[2012/11/19 05:33:32 | 000,065,656 | ---- | C] () -- C:\windows\SysWow64\bdmpegv.dll
[2012/11/19 05:33:30 | 000,022,640 | ---- | C] () -- C:\windows\SysWow64\bdmjpeg.dll
[2012/11/09 11:59:01 | 000,007,609 | ---- | C] () -- C:\Users\Pedro\AppData\Local\Resmon.ResmonCfg
[2012/11/01 19:20:45 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll
[2012/11/01 16:49:12 | 000,009,324 | ---- | C] () -- C:\Users\Pedro\AppData\Roaming\AbsoluteReminder.xml
[2012/09/27 22:57:52 | 000,598,780 | ---- | C] () -- C:\windows\SysWow64\igvpkrng700.bin
[2012/09/27 22:57:20 | 000,064,512 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012/09/27 22:57:12 | 000,755,048 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng700.bin
[2012/09/10 06:39:06 | 000,003,196 | ---- | C] () -- C:\ProgramData\MakeMarkerFile.xml
[2012/07/26 06:13:10 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2012/07/26 06:13:09 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2012/07/26 05:21:26 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2012/07/25 23:17:42 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2012/07/25 18:37:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2012/07/25 18:28:31 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2012/06/02 12:31:19 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2012/04/20 02:59:44 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2012/09/10 06:33:59 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/11/06 02:19:27 | 019,789,824 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/11/06 02:20:00 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/26 01:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/26 01:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/26 01:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
peralarep
Regular Member
 
Posts: 18
Joined: January 13th, 2013, 4:24 pm
Advertisement
Register to Remove

Re: annoying nym1.ib.adnxs.com add

Unread postby wannabeageek » January 13th, 2013, 7:33 pm

Hello peralarep, and Welcome to MalWare Removal forums!

My name is wannabeageek and I'll be helping you with any malware problems.
I am a MRU Undergraduate trainee here, and as such my posts to you have to first be checked by a Teacher.
Because of this my replies to your posts may be slightly delayed. Please be patient and I'm sure we'll be able to resolve your problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:

    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: annoying nym1.ib.adnxs.com add

Unread postby peralarep » January 15th, 2013, 6:49 pm

wannabeageek,

thanks a lot. I've alredy done the back-up. Anything else you need, please post it.

=)
peralarep
Regular Member
 
Posts: 18
Joined: January 13th, 2013, 4:24 pm

Re: annoying nym1.ib.adnxs.com add

Unread postby wannabeageek » January 20th, 2013, 2:16 am

Hello peralarep,

I apologize for the long delay.

Please post the other log that was produced by OTL called, "extras.txt". It should be located on your desktop. This is necessary to help further diagnose the problem with your computer.

Also, download DDS and save it to your Desktop.

  • Right click on DDS.scr select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  • When the scan is complete, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both these logs to your Desktop. They will be automatically deleted when closed.

Also, please tell me what you use this computer for?

Let me know if you have trouble with the DDS program.

Thanks,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: annoying nym1.ib.adnxs.com add

Unread postby Elrond » January 20th, 2013, 1:52 pm

Posting at multiple forums

You are already receiving help with this problem at another forum:
[url] http://www.cybertechhelp.com/forums/sho ... p?t=220866
[/url]

May I draw your attention to the ALL USERS OF THIS FORUM MUST READ THIS FIRST topic, which you should have read before posting for help.
See the section here where we tell you why this is not a good idea.


This topic is now closed
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 46 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware