OTL logfile created on: 30/07/2017 19:48:15 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\OTL 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy 7,96 Gb Total Physical Memory | 5,40 Gb Available Physical Memory | 67,79% Memory free 15,93 Gb Paging File | 13,52 Gb Available in Paging File | 84,89% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 449,12 Gb Total Space | 18,88 Gb Free Space | 4,20% Space Free | Partition Type: NTFS Drive D: | 482,29 Gb Total Space | 70,76 Gb Free Space | 14,67% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2017/07/30 17:40:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\OTL\OTL.exe PRC - [2017/05/03 17:21:28 | 000,450,168 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe PRC - [2017/05/03 17:21:22 | 000,450,168 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe PRC - [2017/05/03 17:21:19 | 015,553,656 | ---- | M] (Node.js) -- C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe PRC - [2016/12/12 12:37:20 | 000,462,624 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe PRC - [2016/12/05 20:47:10 | 003,332,384 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe PRC - [2016/08/01 14:20:26 | 000,133,376 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe PRC - [2016/07/19 21:11:05 | 000,187,824 | ---- | M] () -- C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe PRC - [2016/04/27 21:05:15 | 001,027,072 | ---- | M] () -- C:\ProgramData\DesktopLaunchBar\dlb.exe PRC - [2015/12/01 13:12:56 | 000,855,648 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe PRC - [2015/12/01 13:11:44 | 000,413,280 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe PRC - [2014/06/05 06:41:00 | 000,188,928 | ---- | M] () -- C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe PRC - [2014/06/05 06:40:32 | 000,026,112 | ---- | M] () -- C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe PRC - [2014/04/06 11:54:07 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2014/01/16 15:29:44 | 002,674,456 | ---- | M] (Orbitdownloader.com) -- C:\Program Files (x86)\Orbitdownloader\orbitdm.exe PRC - [2014/01/16 13:36:36 | 000,557,056 | ---- | M] (Orbitdownloader.com) -- C:\Program Files (x86)\Orbitdownloader\orbitnet.exe PRC - [2012/07/17 13:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012/07/17 13:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012/06/25 09:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2017/05/03 17:21:22 | 001,040,504 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll MOD - [2017/05/03 16:28:29 | 002,448,504 | ---- | M] () -- \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node MOD - [2017/05/03 16:28:29 | 000,587,200 | ---- | M] () -- \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node MOD - [2017/05/03 16:28:29 | 000,511,424 | ---- | M] () -- \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvBackendAPINode.node MOD - [2017/05/03 16:28:29 | 000,480,192 | ---- | M] () -- \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node MOD - [2017/05/03 16:28:29 | 000,463,992 | ---- | M] () -- \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameStreamAPINode.node MOD - [2017/05/03 16:28:29 | 000,391,616 | ---- | M] () -- \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node MOD - [2017/05/03 16:28:29 | 000,386,496 | ---- | M] () -- \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node MOD - [2017/05/03 16:28:29 | 000,385,472 | ---- | M] () -- \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvUtil.node MOD - [2017/05/03 16:28:29 | 000,364,480 | ---- | M] () -- \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node MOD - [2017/04/26 13:31:26 | 000,569,856 | ---- | M] () -- C:\Users\User\AppData\Local\MEGAsync\ShellExtX32.dll MOD - [2016/11/01 09:11:58 | 000,078,624 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare\GetProcessDLL.dll MOD - [2016/08/18 17:43:40 | 000,442,144 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare\madExcept_.bpl MOD - [2016/08/18 17:43:36 | 000,059,680 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare\madDisAsm_.bpl MOD - [2016/08/18 17:43:34 | 000,210,720 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare\madBasic_.bpl MOD - [2016/04/27 21:05:15 | 001,027,072 | ---- | M] () -- C:\ProgramData\DesktopLaunchBar\dlb.exe MOD - [2014/06/05 06:41:00 | 000,188,928 | ---- | M] () -- C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe MOD - [2014/06/05 06:40:52 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\RivaTuner Statistics Server\RTMUI.dll MOD - [2014/06/05 06:40:48 | 000,127,488 | ---- | M] () -- C:\Program Files (x86)\RivaTuner Statistics Server\RTUI.dll MOD - [2014/06/05 06:40:40 | 000,354,816 | ---- | M] () -- C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks.dll MOD - [2014/06/05 06:40:32 | 000,056,320 | ---- | M] () -- C:\Program Files (x86)\RivaTuner Statistics Server\RTFC.dll MOD - [2014/06/05 06:40:32 | 000,026,112 | ---- | M] () -- C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe MOD - [2014/01/16 13:43:58 | 000,397,312 | ---- | M] () -- C:\Program Files (x86)\Orbitdownloader\wtlctrl.dll MOD - [2014/01/15 10:30:54 | 000,864,256 | ---- | M] () -- C:\Program Files (x86)\Orbitdownloader\libeay32.dll MOD - [2014/01/15 10:30:54 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\Orbitdownloader\ssleay32.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2016/08/22 13:19:43 | 001,386,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack) SRV - [2017/07/28 15:19:42 | 001,609,504 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2017/05/03 17:21:28 | 000,450,168 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe -- (NvTelemetryContainer) SRV - [2017/05/03 17:21:24 | 000,495,224 | ---- | M] (NVIDIA Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\NVIDIA Corporation\NvContainer\nvcontainer.exe -- (NvContainerNetworkService) SRV - [2017/05/03 17:21:24 | 000,495,224 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Arquivos de Programas\NVIDIA Corporation\NvContainer\nvcontainer.exe -- (NvContainerLocalSystem) SRV - [2017/04/19 21:46:34 | 000,462,968 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Arquivos de Programas\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe -- (NVDisplay.ContainerLocalSystem) SRV - [2017/04/18 18:49:01 | 001,517,576 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService) SRV - [2017/04/05 16:09:10 | 000,317,400 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2017/02/23 20:36:48 | 000,009,728 | ---- | M] (Hi-Rez Studios) [On_Demand | Stopped] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService) SRV - [2017/02/11 13:06:58 | 000,400,656 | ---- | M] (EasyAntiCheat Ltd) [On_Demand | Stopped] -- C:\Windows\SysWOW64\EasyAntiCheat.exe -- (EasyAntiCheat) SRV - [2016/12/12 12:37:20 | 000,462,624 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe -- (AdvancedSystemCareService10) SRV - [2016/10/28 13:54:10 | 000,360,736 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit Uninstaller\IUService.exe -- (IObitUnSvr) SRV - [2016/09/16 00:07:00 | 002,195,472 | ---- | M] (Electronic Arts) [Auto | Stopped] -- C:\Program Files (x86)\Origin\OriginWebHelperService.exe -- (Origin Web Helper Service) SRV - [2016/09/16 00:07:00 | 002,130,440 | ---- | M] (Electronic Arts) [On_Demand | Stopped] -- C:\Program Files (x86)\Origin\OriginClientService.exe -- (Origin Client Service) SRV - [2016/08/01 14:20:26 | 000,133,376 | ---- | M] (Razer Inc.) [Auto | Running] -- C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe -- (RzKLService) SRV - [2016/07/19 21:11:05 | 000,187,824 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe -- (Razer Game Scanner Service) SRV - [2015/12/01 13:12:56 | 000,855,648 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe -- (BstHdUpdaterSvc) SRV - [2015/12/01 13:11:44 | 000,413,280 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc) SRV - [2015/12/01 13:10:38 | 000,433,760 | ---- | M] (BlueStack Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc) SRV - [2015/11/21 19:54:01 | 000,315,208 | ---- | M] (Kingsoft Corporation) [On_Demand | Stopped] -- c:\program files (x86)\cmcm\Clean Master\cmcore.exe -- (cmcore) SRV - [2014/10/15 16:43:52 | 000,487,936 | ---- | M] (Connectify) [On_Demand | Stopped] -- C:\Program Files (x86)\Connectify\ConnectifyService.exe -- (Connectify) SRV - [2014/08/31 14:32:18 | 000,211,520 | ---- | M] (CleverFiles) [On_Demand | Stopped] -- C:\Program Files (x86)\CleverFiles\Disk Drill\cfbackd.w32.exe -- (cfbackd) SRV - [2014/04/11 23:08:08 | 000,103,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2014/04/06 11:54:07 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2014/03/20 19:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2013/11/06 17:30:44 | 000,758,224 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService) SRV - [2013/09/05 11:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/10/01 19:34:38 | 005,132,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2012/10/01 19:34:38 | 000,178,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64) SRV - [2012/07/17 13:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012/07/17 13:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012/06/25 09:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012/04/20 13:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2008/02/04 10:29:30 | 000,216,576 | ---- | M] (NVIDIA) [On_Demand | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService) SRV - [2008/01/30 13:45:12 | 000,163,328 | ---- | M] (NVIDIA) [On_Demand | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2017/05/03 17:21:30 | 000,057,976 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvhci.sys -- (nvvhci) DRV:[b]64bit:[/b] - [2017/05/03 17:21:29 | 000,048,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible) DRV:[b]64bit:[/b] - [2017/04/19 22:57:43 | 000,218,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:[b]64bit:[/b] - [2017/03/02 13:26:12 | 000,034,720 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:[b]64bit:[/b] - [2016/09/05 04:47:06 | 000,131,712 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:[b]64bit:[/b] - [2016/08/10 13:37:51 | 000,137,840 | ---- | M] (Razer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rzpnk.sys -- (rzpnk) DRV:[b]64bit:[/b] - [2016/05/06 19:50:37 | 000,044,144 | ---- | M] (Razer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rzpmgrk.sys -- (rzpmgrk) DRV:[b]64bit:[/b] - [2016/04/25 00:36:06 | 000,221,824 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudserd.sys -- (ssudserd) DRV:[b]64bit:[/b] - [2016/04/25 00:35:58 | 000,221,824 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:[b]64bit:[/b] - [2015/11/21 19:35:39 | 000,056,680 | ---- | M] (Kingsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ksapi64.sys -- (ksapi64) DRV:[b]64bit:[/b] - [2015/08/13 12:19:08 | 000,201,432 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd) DRV:[b]64bit:[/b] - [2014/12/02 16:59:12 | 000,042,152 | ---- | M] (Connectify) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cnnctfy3.sys -- (cnnctfy3) DRV:[b]64bit:[/b] - [2014/04/27 10:26:00 | 000,047,928 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusbK.sys -- (libusbK) DRV:[b]64bit:[/b] - [2014/02/18 08:48:28 | 000,901,848 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2013/11/28 13:04:15 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:[b]64bit:[/b] - [2013/10/29 04:26:19 | 000,041,704 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd6.sys -- (clwvd6) DRV:[b]64bit:[/b] - [2013/08/28 22:29:52 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:[b]64bit:[/b] - [2013/06/28 13:49:20 | 001,930,240 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur) DRV:[b]64bit:[/b] - [2013/05/19 04:02:50 | 000,039,168 | ---- | M] (Scarlet.Crush Productions) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScpVBus.sys -- (ScpVBus) DRV:[b]64bit:[/b] - [2013/02/23 08:20:10 | 000,052,832 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0) DRV:[b]64bit:[/b] - [2012/07/02 14:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:[b]64bit:[/b] - [2012/05/17 07:57:06 | 000,026,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ICCWDT.sys -- (ICCWDT) DRV:[b]64bit:[/b] - [2012/05/12 12:31:00 | 000,121,416 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter) DRV:[b]64bit:[/b] - [2012/03/01 03:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2011/04/14 00:47:55 | 000,031,216 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:[b]64bit:[/b] - [2010/11/21 00:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2010/11/21 00:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2010/11/21 00:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010/11/21 00:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:[b]64bit:[/b] - [2010/11/21 00:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2010/09/30 23:16:34 | 000,013,312 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VKbms.sys -- (VKbms) DRV:[b]64bit:[/b] - [2009/09/16 06:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t) DRV:[b]64bit:[/b] - [2009/08/21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:[b]64bit:[/b] - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009/07/13 21:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc) DRV:[b]64bit:[/b] - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2017/05/03 17:21:03 | 000,030,328 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Arquivos de Programas\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms) DRV - [2015/12/01 13:11:32 | 000,146,016 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv) DRV - [2014/06/10 03:04:42 | 000,013,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64) DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008/02/04 10:32:18 | 000,040,480 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\nvoclk64.sys -- (NVR0Dev) DRV - [2008/01/30 13:41:58 | 000,040,480 | ---- | M] (NVidia Corp.) [Kernel | Auto | Running] -- C:\Windows\nvflsh64.sys -- (NVR0FLASHDev) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1399078667&from=amt&uid=WDCXWD10EZEX-00RKKA0_WD-WCC1S257374773747&q={searchTerms} IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://login.latinaminternet.com/ IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [String data over 1000 bytes] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-4998183f&q={searchTerms} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{26080cad-4adc-49ac-8c63-eda16e595cbd}: "URL" = [String data over 1000 bytes] IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{f7bb050c-e116-44da-89c2-6f2b68c54836}: "URL" = [String data over 1000 bytes] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=wdcxwd10ezex-00rkka0_wd-wcc1s257374773747 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://br.yahoo.com/?fr=hp-avast&type=avastbcl IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://br.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [String data over 1000 bytes] IE - HKLM\..\SearchScopes,DefaultScope = {9CB96984-43C3-4D44-90EF-01466EFCF7BB} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{26080cad-4adc-49ac-8c63-eda16e595cbd}: "URL" = https://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-4998183f&q={searchTerms} IE - HKLM\..\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}: "URL" = [String data over 1000 bytes] IE - HKLM\..\SearchScopes\{f7bb050c-e116-44da-89c2-6f2b68c54836}: "URL" = [String data over 1000 bytes] IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback> IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50986;https=127.0.0.1:50986; IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback> IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50986;https=127.0.0.1:50986; IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=wdcxwd10ezex-00rkka0_wd-wcc1s257374773747 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=wdcxwd10ezex-00rkka0_wd-wcc1s257374773747 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2467311510-1720262488-2289984342-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKU\S-1-5-21-2467311510-1720262488-2289984342-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://login.latinaminternet.com/ IE - HKU\S-1-5-21-2467311510-1720262488-2289984342-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [String data over 1000 bytes] IE - HKU\S-1-5-21-2467311510-1720262488-2289984342-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2467311510-1720262488-2289984342-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br IE - HKU\S-1-5-21-2467311510-1720262488-2289984342-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1eeK7l24Ey_peMn2wnP0QyCO5K5XmXCpPyor6rlPDxrIa1JvrIYaQXGhyT6OOXCwQqT4qCFdXysEV38xs-vcOQT-dwhJqWGuU-MPjGgPHhyf9DRgLvbpIk9hXWiUnP4rPEZRIs6xwG94qpnk_LSIlNmiGA9lfyMP1sV5DLNqsQ4ybOwXy&q={searchTerms} IE - HKU\S-1-5-21-2467311510-1720262488-2289984342-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1eeK7l24Ey_peMn2wnP0QyCO5K5XmXCpPyor6rlPDxrIa1JvrIYaQXGhyT6OOXCwQqT4qCFdXysEV38xs-vcOQT-dwhJqWGuU-MPjGgPHhyf9DRgLvbpIk9hXWiUnP4rPEZRIs6xwG94qpnk_LSIlNmiGA9lfyMP1sV5DLNqsQ4ybOwXy&q={searchTerms} IE - HKU\S-1-5-21-2467311510-1720262488-2289984342-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2467311510-1720262488-2289984342-1000\..\SearchScopes\{26080cad-4adc-49ac-8c63-eda16e595cbd}: "URL" = https://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-4998183f&q={searchTerms} IE - HKU\S-1-5-21-2467311510-1720262488-2289984342-1000\..\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}: "URL" = [String data over 1000 bytes] IE - HKU\S-1-5-21-2467311510-1720262488-2289984342-1000\..\SearchScopes\{f7bb050c-e116-44da-89c2-6f2b68c54836}: "URL" = [String data over 1000 bytes] IE - HKU\S-1-5-21-2467311510-1720262488-2289984342-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2467311510-1720262488-2289984342-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback> [color=#E56717]========== FireFox ==========[/color] FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.131.2: C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.131.2: C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll (Oracle Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.3.0: C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Windows\system32\config\systemprofile\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - Extension: No name found = C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\ CHR - Extension: No name found = C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: No name found = C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: No name found = C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: No name found = C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: No name found = C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: No name found = C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbnildbodgangamafkcocnckhikkcohl\7.0\ CHR - Extension: No name found = C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: No name found = C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: No name found = C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kofmneijajkgajeffbphblliaeidahcn\17672.4277.6399_0\ CHR - Extension: No name found = C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\ CHR - Extension: No name found = C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: No name found = C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2017/03/22 18:15:31 | 000,034,974 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 13.69.186.195 global.bing.com O1 - Hosts: 13.69.186.195 www.bing.com O1 - Hosts: 13.69.186.195 cn.bing.com O1 - Hosts: 13.69.186.195 bing.com O1 - Hosts: 13.69.186.195 0search.internetquickaccess.com O1 - Hosts: 13.69.186.195 1and1.com O1 - Hosts: 13.69.186.195 22find.com O1 - Hosts: 13.69.186.195 24img.com O1 - Hosts: 13.69.186.195 7mcn.tvnewtabsearch.com O1 - Hosts: 13.69.186.195 abcsearch.ru O1 - Hosts: 13.69.186.195 airzip.inspsearch.com O1 - Hosts: 13.69.186.195 alexnova.com O1 - Hosts: 13.69.186.195 alles-im-inter.net O1 - Hosts: 13.69.186.195 allinsearch.com O1 - Hosts: 13.69.186.195 allsearch.ca O1 - Hosts: 13.69.186.195 allsearch.space O1 - Hosts: 13.69.186.195 alternativesearch.ru O1 - Hosts: 13.69.186.195 amaizingsearches.info O1 - Hosts: 13.69.186.195 amazon.smart-search.com O1 - Hosts: 13.69.186.195 appiance.com O1 - Hosts: 13.69.186.195 apps.searchalgo.com O1 - Hosts: 13.69.186.195 asiasearch.co O1 - Hosts: 13.69.186.195 ask.com O1 - Hosts: 13.69.186.195 atajitos.com O1 - Hosts: 842 more lines... O2:[b]64bit:[/b] - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit Uninstaller\UninstallExplorer.dll (IObit) O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de Programas\Java\jre1.8.0_131\bin\ssv.dll (Oracle Corporation) O2:[b]64bit:[/b] - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Arquivos de Programas\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de Programas\Java\jre1.8.0_131\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (IObit Surfing Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\ADVANC~1\SURFIN~1\BROWER~1\ASCPLU~1.DLL (IObit) O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (IObit Ads Removal) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Adblock\Adblock.dll (IObit) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:[b]64bit:[/b] - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation) O4 - HKLM..\Run: [cmsc] c:\program files (x86)\cmcm\Clean Master\cmtray.exe (Kingsoft Corporation) O4 - HKLM..\Run: [RazerCortex] C:\Program Files (x86)\Razer\Razer Cortex\CortexLauncher.exe (Razer Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2467311510-1720262488-2289984342-1000..\Run: [Advanced SystemCare 10] C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe (IObit) O4 - HKU\S-1-5-21-2467311510-1720262488-2289984342-1000..\Run: [BingSvc] C:\Users\User\AppData\Local\Microsoft\BingSvc\BingSvc.exe (© 2015 Microsoft Corporation) O4 - HKU\S-1-5-21-2467311510-1720262488-2289984342-1000..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd) O4 - HKU\S-1-5-21-2467311510-1720262488-2289984342-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd) O4 - HKU\S-1-5-21-2467311510-1720262488-2289984342-1000..\Run: [Discord] C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Discord\app-0.0.297\Discord.exe (Hammer & Chisel, Inc.) O4 - HKU\S-1-5-21-2467311510-1720262488-2289984342-1000..\Run: [Dxtory Update Checker 2.0] C:\Program Files (x86)\ExKode\Dxtory2.0\UpdateChecker.exe (Dxtory Software) O4 - HKU\S-1-5-21-2467311510-1720262488-2289984342-1000..\Run: [NVIDIA nTune] C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA) O4 - HKU\S-1-5-21-2467311510-1720262488-2289984342-1000..\Run: [uTorrent] C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.) O4:[b]64bit:[/b] - HKLM..\RunOnce: [DCERegBootClean64] C:\Windows\RegBootClean64.exe (Trend Micro Inc.) O4:[b]64bit:[/b] - HKLM..\RunOnce: [MSKSSRV] rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196} File not found O4:[b]64bit:[/b] - HKLM..\RunOnce: [MSPCLOCK] rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000} File not found O4:[b]64bit:[/b] - HKLM..\RunOnce: [MSPQM] rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196} File not found O4:[b]64bit:[/b] - HKLM..\RunOnce: [MSTEE.CxTransform] rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install File not found O4:[b]64bit:[/b] - HKLM..\RunOnce: [MSTEE.Splitter] rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install File not found O4:[b]64bit:[/b] - HKLM..\RunOnce: [WDM_DRMKAUD] rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install File not found O4 - HKLM..\RunOnce: [Famege] C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\Default\AppData\Roaming\Resogalu" File not found O4 - HKLM..\RunOnce: [Kagelefel] C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Windows\system32\config\SYSTEM~1\AppData\Roaming\{0C483~1\Togefucoci.dat" File not found O4 - HKLM..\RunOnce: [Lacokafedapo] C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\Default\AppData\Roaming\Geman" File not found O4 - HKLM..\RunOnce: [Mebiledemogo] C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\Default\AppData\Roaming\685B5E~1\Luconagedago.dat" File not found O4 - HKLM..\RunOnce: [Sunol] C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\Default\AppData\Local\{728B4~1\Dubunilefog.dat" File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnabledLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\SearchScopes present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\SearchScopes present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\SearchScopes present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\SearchScopes present O7 - HKU\S-1-5-21-2467311510-1720262488-2289984342-1000\Software\Policies\Microsoft\Internet Explorer\SearchScopes present O7 - HKU\S-1-5-21-2467311510-1720262488-2289984342-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221 O7 - HKU\S-1-5-21-2467311510-1720262488-2289984342-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoThumbnail = 1 O7 - HKU\S-1-5-21-2467311510-1720262488-2289984342-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-21-2467311510-1720262488-2289984342-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 0 O7 - HKU\S-1-5-21-2467311510-1720262488-2289984342-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 0 O7 - HKU\S-1-5-21-2467311510-1720262488-2289984342-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleNetIDList = 1 O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.0 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CBBEF712-5B5A-48AD-98A9-512FE0A8EA53}: DhcpNameServer = 192.168.0.1 192.168.0.0 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D84D9F7B-2854-41EF-9C17-43BF37B7B50D}: NameServer = 192.168.1.1,192.168.0.1 O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de Programas\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:[b]64bit:[/b] - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Arquivos de Programas\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help - No CLSID value found O18:[b]64bit:[/b] - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{2fc30824-7a91-11e6-a82a-902b34f92efb}\Shell - "" = AutoRun O33 - MountPoints2\{2fc30824-7a91-11e6-a82a-902b34f92efb}\Shell\AutoRun\command - "" = F:\CMADownloader.exe O33 - MountPoints2\{51029247-5836-11e3-853b-902b34f92efb}\Shell - "" = AutoRun O33 - MountPoints2\{51029247-5836-11e3-853b-902b34f92efb}\Shell\AutoRun\command - "" = J:\Setup.exe O33 - MountPoints2\{893d0165-0f48-11e7-8e9b-902b34f92efb}\Shell - "" = AutoRun O33 - MountPoints2\{893d0165-0f48-11e7-8e9b-902b34f92efb}\Shell\AutoRun\command - "" = F:\CMADownloader.exe O33 - MountPoints2\{8941367d-269b-11e7-97d1-902b34f92efb}\Shell - "" = AutoRun O33 - MountPoints2\{8941367d-269b-11e7-97d1-902b34f92efb}\Shell\AutoRun\command - "" = F:\CMADownloader.exe O33 - MountPoints2\{98f664b6-7743-11e4-8b22-902b34f92efb}\Shell - "" = AutoRun O33 - MountPoints2\{98f664b6-7743-11e4-8b22-902b34f92efb}\Shell\AutoRun\command - "" = K:\CMADownloader.exe O33 - MountPoints2\{b08f9a09-267c-11e6-8e32-902b34f92efb}\Shell - "" = AutoRun O33 - MountPoints2\{b08f9a09-267c-11e6-8e32-902b34f92efb}\Shell\AutoRun\command - "" = F:\CMADownloader.exe O33 - MountPoints2\J\Shell - "" = AutoRun O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\Setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2017/07/20 22:15:29 | 000,000,000 | ---D | C] -- C:\Discord [2017/07/02 19:52:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCSX2 [2017/07/02 19:32:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories [2017/07/02 19:32:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Xbox 360 Accessories [2017/07/02 19:28:24 | 000,000,000 | ---D | C] -- C:\ScpServer [2017/07/02 19:00:10 | 000,000,000 | ---D | C] -- C:\Widget Updates [2017/07/02 19:00:05 | 000,000,000 | ---D | C] -- C:\Origin [2010/11/21 00:24:00 | 000,104,960 | -HS- | C] (Factions) -- C:\ProgramData\msnds.exe [3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\system32\config\systemprofile\Desktop\*.tmp files -> C:\Windows\system32\config\systemprofile\Desktop\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2017/07/30 19:34:58 | 000,000,008 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2017/07/30 19:28:20 | 000,003,657 | ---- | M] () -- C:\Windows\unins002.dat [2017/07/30 19:28:17 | 000,707,354 | ---- | M] () -- C:\Windows\unins002.exe [2017/07/30 19:16:17 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\{685B5E90-4E2F-923C-B6C4-3767C587FE38}.job [2017/07/30 19:11:18 | 000,000,250 | ---- | M] () -- C:\Windows\tasks\{232CB0E5-DC82-8F21-4600-1DAA049B7F1C}.job [2017/07/30 19:10:19 | 000,000,270 | ---- | M] () -- C:\Windows\tasks\{59CFF5F7-D746-6533-F528-3C772EC59143}.job [2017/07/30 19:09:40 | 000,000,026 | ---- | M] () -- C:\ProgramData\megatmp.ini [2017/07/30 19:09:20 | 000,000,268 | ---- | M] () -- C:\Windows\tasks\{53B16136-B49D-9C74-DF8B-4C3033943863}.job [2017/07/30 19:06:22 | 000,046,960 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2017/07/30 19:06:22 | 000,046,960 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2017/07/30 18:57:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2017/07/30 18:56:58 | 2119,000,063 | -HS- | M] () -- C:\hiberfil.sys [2017/07/30 11:33:51 | 004,995,024 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2017/07/29 22:35:21 | 000,000,290 | ---- | M] () -- C:\Windows\tasks\DLL-Files.Com Fixer_Updates.job [2017/07/29 10:13:33 | 000,365,971 | ---- | M] () -- C:\Users\Public\Documents\louro jose.jpg [2017/07/28 21:22:48 | 000,060,765 | ---- | M] () -- C:\Users\Public\Documents\louro jose meme 2.jpg [2017/07/28 21:21:39 | 000,008,857 | ---- | M] () -- C:\Users\Public\Documents\memes louro jose.jpg [2017/07/23 20:00:25 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2017/07/22 13:06:15 | 000,080,203 | ---- | M] () -- C:\Users\Public\Documents\carlos-alberto-de-nobrega-rindo.jpg [2017/07/21 20:49:06 | 000,000,222 | ---- | M] () -- C:\The Evil Within Demo.url [2017/07/21 15:12:35 | 000,035,144 | ---- | M] () -- C:\51600182855bcc1dd75264.jpg [2017/07/19 23:28:48 | 000,235,284 | ---- | M] () -- C:\img-padre-quemedo-e-o-filho-do-capeta-440.jpg [2017/07/19 22:36:19 | 000,000,274 | ---- | M] () -- C:\Windows\tasks\DLL-Files.Com Fixer_MONTHLY.job [2017/07/18 20:19:51 | 011,334,216 | ---- | M] (EMACLAB) -- C:\GCLauncher.exe [2017/07/02 19:59:59 | 000,037,914 | ---- | M] () -- C:\pcsx2.jpg [3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\system32\config\systemprofile\Desktop\*.tmp files -> C:\Windows\system32\config\systemprofile\Desktop\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2017/07/30 19:09:40 | 000,000,026 | ---- | C] () -- C:\ProgramData\megatmp.ini [2017/07/30 11:31:32 | 004,995,024 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2017/07/29 10:12:27 | 000,365,971 | ---- | C] () -- C:\Users\Public\Documents\louro jose.jpg [2017/07/28 21:22:48 | 000,060,765 | ---- | C] () -- C:\Users\Public\Documents\louro jose meme 2.jpg [2017/07/28 21:21:38 | 000,008,857 | ---- | C] () -- C:\Users\Public\Documents\memes louro jose.jpg [2017/07/22 13:06:14 | 000,080,203 | ---- | C] () -- C:\Users\Public\Documents\carlos-alberto-de-nobrega-rindo.jpg [2017/07/21 20:49:06 | 000,000,222 | ---- | C] () -- C:\The Evil Within Demo.url [2017/07/21 15:12:34 | 000,035,144 | ---- | C] () -- C:\51600182855bcc1dd75264.jpg [2017/07/19 23:27:55 | 000,235,284 | ---- | C] () -- C:\img-padre-quemedo-e-o-filho-do-capeta-440.jpg [2017/07/02 20:00:59 | 000,037,914 | ---- | C] () -- C:\pcsx2.jpg [2017/03/10 18:17:28 | 000,525,600 | ---- | C] () -- C:\Windows\SysWow64\vulkan-1-1-0-42-1.dll [2017/03/10 18:17:20 | 000,233,760 | ---- | C] () -- C:\Windows\SysWow64\vulkaninfo-1-1-0-42-1.exe [2016/06/18 04:22:36 | 000,000,000 | ---- | C] () -- C:\Windows\system32\config\systemprofile\AppData\Roaming\Spotify.redir [2016/04/28 13:09:00 | 000,707,354 | ---- | C] () -- C:\Windows\unins002.exe [2016/04/28 13:09:00 | 000,003,657 | ---- | C] () -- C:\Windows\unins002.dat [2016/04/27 21:04:51 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2016/04/23 18:53:05 | 000,525,600 | ---- | C] () -- C:\Windows\SysWow64\vulkan-1.dll [2016/04/23 18:53:05 | 000,233,760 | ---- | C] () -- C:\Windows\SysWow64\vulkaninfo.exe [2016/02/13 22:47:02 | 000,125,720 | ---- | C] () -- C:\Windows\SysWow64\vulkan-1-1-0-3-0.dll [2016/02/13 22:45:46 | 000,042,264 | ---- | C] () -- C:\Windows\SysWow64\vulkaninfo-1-1-0-3-0.exe [2015/12/22 23:25:39 | 000,001,189 | ---- | C] () -- C:\Windows\system32\config\systemprofile\AppData\Roaming\vso_ts_preview.xml [2015/11/09 17:27:06 | 000,003,591 | ---- | C] () -- C:\Users\User\Msirepair.reg [2015/06/09 19:43:07 | 000,416,273 | ---- | C] () -- C:\ProgramData\1433889079.bdinstall.bin [2015/03/06 13:04:55 | 000,000,033 | ---- | C] () -- C:\ProgramData\droidcam-settings [2014/12/27 00:29:05 | 000,000,029 | ---- | C] () -- C:\Users\User\terminar_hotspot.bat [2014/12/27 00:28:25 | 000,000,063 | ---- | C] () -- C:\Users\User\iniciar_hotspot.bat [2014/09/02 17:33:03 | 000,000,090 | ---- | C] () -- C:\Users\User\.atl.properties [2014/06/10 18:59:16 | 000,000,095 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc [2014/05/09 13:38:00 | 000,000,286 | RHS- | C] () -- C:\Users\User\ntuser.pol [2014/04/10 19:28:30 | 000,000,051 | ---- | C] () -- C:\Users\User\.gtk-bookmarks [2014/03/11 19:54:23 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [color=#E56717]========== ZeroAccess Check ==========[/color] [2009/07/14 01:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2015/08/06 15:04:07 | 014,176,768 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2015/08/06 14:44:51 | 012,875,776 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 22:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 00:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 22:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:E965A533 @Alternate Data Stream - 40 bytes -> C:\ProgramData\MTA San Andreas All:NT @Alternate Data Stream - 40 bytes -> C:\ProgramData:NT < End of report >