Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZeroAcess trouble.


  • This topic is locked This topic is locked
30 replies to this topic

#1 nego191

nego191

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:53 AM

Posted 22 May 2013 - 02:27 PM

I'm having such a hard time trying to remove zeroacess infection.

I've alredy run programs like hijackthis, mbrscan, roguekiller and FSS, only for log purposes (don't remove any thing except when avira detects something).

 

Well, my notebook is getting slower and slower this days, my windows defender and firewall are all off, and once a week avira detects virus in the java folder.

 

 

dds

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16476  BrowserJavaVersion: 10.21.2
Run by Marcos at 16:24:55 on 2013-05-22
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.55.1046.18.8086.5497 [GMT -3:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Windows\system32\SearchIndexer.exe
c:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
c:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Users\Marcos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marcos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marcos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marcos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Marcos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marcos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Marcos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marcos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marcos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\My Dell\uaclauncher.exe
C:\Users\Marcos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.br/ig?hl=pt-BR&source=iglk
uProxyServer = 199.192.206.158:8080
mWinlogon: Userinit = userinit.exe
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Auxiliar de Conexão do Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Google Update] "C:\Users\Marcos\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Marcos\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Enviar para o OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xportar para o Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{419C90FF-B205-4320-B83F-E78B5F27BFC1} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{419C90FF-B205-4320-B83F-E78B5F27BFC1}\05162796B61633 : DHCPNameServer = 192.168.137.1
TCP: Interfaces\{419C90FF-B205-4320-B83F-E78B5F27BFC1}\052716072796B6160223 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{75214784-09A2-47B4-99B4-C44432F0A100} : DHCPNameServer = 7.254.254.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify:  GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - 
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Run: [BTMTrayAgent] rundll32.exe "c:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/ig?hl=pt-BR&source=iglk
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Marcos\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2013-3-18 30496]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-10-26 55856]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2011-10-26 21616]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-3-28 28600]
R1 nvkflt;nvkflt;C:\Windows\System32\drivers\nvkflt.sys [2013-3-18 284448]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-10-27 98208]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-8-8 1166848]
R2 AntiVirSchedulerService;Avira Agendamento;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-3-12 86752]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-3-12 110816]
R2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2013-3-12 562744]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-3-28 100712]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-1-24 901184]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-1-24 991296]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]
R2 GbpSv;Gbp Service;C:\PROGRA~2\GbPlugin\GbpSv.exe [2013-3-13 414544]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-10-26 1692480]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-2-9 383264]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Accelern.sys [2011-10-27 27760]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + Adaptador virtual de alta velocidade;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-1-24 1298496]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2011-1-24 58128]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-11-15 327168]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-10-26 176096]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-2-18 283200]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-12-9 60416]
R3 IntcDAud;Áudio do vídeo Intel®;C:\Windows\System32\drivers\IntcDAud.sys [2011-10-27 317440]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-10-27 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-10-27 181760]
R3 qicflt;upper Device Filter Driver;C:\Windows\System32\drivers\qicflt.sys [2011-10-27 29288]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S2 CLKMSVC10_9EC60124;CyberLink Product - 2011/10/26 21:35:56;C:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [2010-10-29 236016]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + Protocolo de alta velocidade;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008]
S3 btmaudio;Intel Bluetooth Audio Service;C:\Windows\System32\drivers\btmaud.sys [2011-1-24 53008]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\System32\drivers\facap.sys [2008-9-24 238848]
S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2011-10-27 174168]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-7-27 340240]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-5-7 19456]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-5-7 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-5-7 30208]
S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-8 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-05-21 20:04:22 -------- d-----w- C:\ProgramData\PC-Doctor for Windows
2013-05-21 20:03:46 -------- d-----w- C:\Program Files\My Dell
2013-05-14 22:17:14 -------- d-----w- C:\Users\Marcos\AppData\Local\{25D36128-0BB5-4D9A-9065-4D349CFFDB4F}
2013-05-14 01:05:11 83160 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
2013-05-10 15:46:58 -------- d-----w- C:\Users\Marcos\AppData\Roaming\Java
2013-05-08 01:04:36 9317456 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{49B22643-D64E-4CA6-BA76-6A544F692532}\mpengine.dll
2013-05-08 01:00:27 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-05-08 00:59:14 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2013-05-08 00:43:17 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-04 19:14:10 -------- d-----w- C:\Users\Marcos\AppData\Local\{DD5E65CF-4BCB-423F-936F-184B35D164F3}
2013-05-03 22:34:48 -------- d-----w- C:\Users\Marcos\AppData\Roaming\ATNSOFT
2013-05-03 22:31:02 -------- d-----w- C:\Users\Marcos\AppData\Local\Rose_Hill_Solutions
2013-05-03 22:31:02 -------- d-----w- C:\Users\Marcos\AppData\Local\KeyMapper
2013-05-03 22:30:44 -------- d-----w- C:\Program Files (x86)\Key Mapper
2013-05-03 21:42:54 540688 ----a-w- C:\Windows\System32\d3dx10_39.dll
2013-05-03 21:42:54 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2013-05-03 21:42:54 1942552 ----a-w- C:\Windows\System32\D3DCompiler_39.dll
2013-05-03 21:42:54 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2013-05-03 21:42:53 4992520 ----a-w- C:\Windows\System32\D3DX9_39.dll
2013-05-03 21:42:53 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2013-05-03 18:42:33 -------- d-----w- C:\Users\Marcos\AppData\Local\{1FBED153-ADD2-4778-B089-FA241296D267}
2013-05-01 22:41:14 -------- d-----w- C:\Users\Marcos\AppData\Local\{88A22161-96E9-486D-9C95-98A090030D56}
2013-04-30 23:16:29 -------- d-----w- C:\Users\Marcos\AppData\Local\{EEC6782B-4590-4EA4-9AEC-028CA0E0BDD2}
2013-04-28 22:17:56 -------- d-----w- C:\Users\Marcos\AppData\Local\CrashDumps
2013-04-28 20:24:36 -------- d-----w- C:\Users\Marcos\AppData\Local\{1E38D314-126E-4B30-B0C9-23ECC8BF8487}
2013-04-27 16:09:24 -------- d-----w- C:\Users\Marcos\AppData\Local\Chromium
2013-04-26 19:43:09 -------- d-----w- C:\Users\Marcos\AppData\Local\{CB5D30DA-D8E0-4E1E-9713-17C7ECB58ECD}
2013-04-25 21:47:21 -------- d-----w- C:\Users\Marcos\AppData\Local\{4C029425-79A1-4E60-91B0-7D4E22A59236}
2013-04-23 16:40:03 -------- d-----w- C:\Users\Marcos\AppData\Local\{05EEF0A0-ABA9-4D80-96BE-20DBCA8ECEBF}
2013-04-22 21:43:33 -------- d-----w- C:\Users\Marcos\AppData\Local\TechSmith
2013-04-22 21:43:24 -------- d-----w- C:\Users\Marcos\AppData\Roaming\TechSmith
2013-04-22 21:41:22 -------- d-----w- C:\Program Files (x86)\Common Files\TechSmith Shared
.
==================== Find3M  ====================
.
2013-05-15 03:29:55 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 03:29:55 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-08 00:43:13 866720 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-05-08 00:43:13 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-05-02 05:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-03-28 23:35:44 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2013-03-28 23:35:44 100712 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
2013-03-16 13:50:04 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2013-03-16 13:50:04 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2013-03-16 13:50:04 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2013-03-16 13:50:04 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2013-03-01 03:36:04 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-02-22 06:27:49 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-22 06:20:51 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-02-22 06:19:37 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-02-22 06:15:48 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-02-22 06:15:23 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-02-22 06:12:41 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-22 03:46:00 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-22 03:38:00 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-22 03:37:50 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-02-22 03:34:17 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-02-22 03:34:03 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-02-22 03:31:46 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 16:25:36,16 ===============
 

 

thanks for your help!

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:53 AM

Posted 22 May 2013 - 04:57 PM


Hello nego191

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 nego191

nego191
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:53 AM

Posted 22 May 2013 - 05:13 PM

Well, bad news for you. I'm portuguese and my adwcleaner report got generated in this language. Hope you understand something x)
 
# AdwCleaner v2.301 - Relatório criado em 22/05/2013 às 19:00:06
# Atualizado em 16/05/2013 por Xplode
# Sistema Operacional : Windows 7 Home Premium Service Pack 1 (64 bits)
# Usuário : Marcos - MARCOS-PC
# Modo de Boot : Normal
# Executado de : C:\Users\Marcos\Desktop\AdwCleaner.exe
# Opção [Remover]
 
 
***** [Serviços] *****
 
 
***** [Arquivos/Pastas] *****
 
Arquivo Removido : C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\gophoto@gophoto.it.xpi
Pasta Removido : C:\Users\Marcos\AppData\Local\TempDir
Pasta Removido : C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\jetpack
 
***** [Registro] *****
 
Chave Removida : HKCU\Software\1ClickDownload
Chave Removida : HKCU\Software\Softonic
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Chave Removida : HKLM\Software\Iminent
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
 
***** [Navegadores] *****
 
-\\ Internet Explorer v9.0.8112.16476
 
[OK] Registro está limpo.
 
-\\ Mozilla Firefox v20.0.1 (pt-BR)
 
Arquivo : C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\prefs.js
 
[OK] Arquivo está limpo.
 
-\\ Google Chrome v26.0.1410.64
 
Arquivo : C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] Arquivo está limpo.
 
*************************
 
AdwCleaner[S1].txt - [1859 octets] - [22/05/2013 19:00:06]
 
########## EOF - C:\AdwCleaner[S1].txt - [1919 octets] ##########
 

 

 

--------------------------------------

 

JRT

 

 

# AdwCleaner v2.301 - Relatório criado em 22/05/2013 às 19:00:06
# Atualizado em 16/05/2013 por Xplode
# Sistema Operacional : Windows 7 Home Premium Service Pack 1 (64 bits)
# Usuário : Marcos - MARCOS-PC
# Modo de Boot : Normal
# Executado de : C:\Users\Marcos\Desktop\AdwCleaner.exe
# Opção [Remover]
 
 
***** [Serviços] *****
 
 
***** [Arquivos/Pastas] *****
 
Arquivo Removido : C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\extensions\gophoto@gophoto.it.xpi
Pasta Removido : C:\Users\Marcos\AppData\Local\TempDir
Pasta Removido : C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\jetpack
 
***** [Registro] *****
 
Chave Removida : HKCU\Software\1ClickDownload
Chave Removida : HKCU\Software\Softonic
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Chave Removida : HKLM\Software\Iminent
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
 
***** [Navegadores] *****
 
-\\ Internet Explorer v9.0.8112.16476
 
[OK] Registro está limpo.
 
-\\ Mozilla Firefox v20.0.1 (pt-BR)
 
Arquivo : C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\prefs.js
 
[OK] Arquivo está limpo.
 
-\\ Google Chrome v26.0.1410.64
 
Arquivo : C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] Arquivo está limpo.
 
*************************
 
AdwCleaner[S1].txt - [1859 octets] - [22/05/2013 19:00:06]
 
########## EOF - C:\AdwCleaner[S1].txt - [1919 octets] ##########
 
 
 
 
---- JRT log
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Marcos on 22/05/2013 at 19:06:10,25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{00836F62-2A19-4D5D-965F-393671118478}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{00CC35D6-5B78-4099-A5CD-3D532A5CD844}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{018524E5-556A-419A-83E5-1DF19077C366}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{01B5ED5D-3233-4EF1-9909-66BE4DF0A704}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{02E1452E-92AC-42F2-A318-27AB6E2872E6}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{02F68610-00A2-433C-90A4-18C430C69248}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{03825822-1ADC-4775-891B-1E0BB723B05C}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{03EFDF83-BDDB-4E50-9426-5CA48F210921}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{03F650B5-8639-4392-836D-8E46C2F92344}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{0434839C-31B6-419A-BF66-18BF1C1F055E}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{04558EF8-B45A-4442-AA2C-D17B2C4734D8}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{04E8C26C-7647-4426-8C90-ED0CE9598068}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{055DC204-404F-44E6-B1C3-4D07C0A611D2}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{056B6764-7983-44BF-8FF5-610C5DF90B84}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{0596A774-772B-4265-9ABD-237FB0072180}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{05AEF2CB-50F4-4526-9ECD-A4EED5109EF9}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{05EEF0A0-ABA9-4D80-96BE-20DBCA8ECEBF}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{063E9C55-C5F3-45A3-B3AE-7A00FB0E1348}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{0656C3EA-DAF0-4B3A-AA4C-505BAE74724E}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{076BBC04-0AA2-4F8C-AEAB-C03990C481C9}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{0773EB85-F0B4-47F6-8982-BDC92DE7DF1F}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{077A9DA9-CE8A-4944-AE6C-49F008D37F2B}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{081A2EE1-E2E0-47EE-8586-FCF0333F04F9}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{082F3863-7B3B-4E27-B7C0-C7270DEDC045}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{08637A42-1113-48E7-B7AB-3677DFFB4EAF}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{087FDBB3-6AFD-4F00-BB4C-9C1EE4D19D3D}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{09397643-28DD-417D-94B1-996EC446862D}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{09AA6422-970B-45E9-A24E-0504C02461AF}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{09FBA2DC-EAE5-4000-A543-1CEC7827CF3D}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{0A1A4D5D-2911-4608-8AD8-C8F8A4E566FA}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{0A522769-4E0E-4D6A-BDB0-BA37F72356A8}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{0ABD76A7-7591-49D8-9E29-A4DAD3CADC2B}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{0BB4F9B0-B206-4A99-8D11-DB465587EDAD}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{0BC5622E-32FA-4751-A265-DF10A191CB3C}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{0C655B69-9CC4-4F6A-A4A5-5F631C843971}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{0CB1D6CB-A794-4C39-9FE1-63E43C43CFD7}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{0CD292CD-622E-458B-AD25-5A9A1472C4F4}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{0CEA2955-97EF-46E2-84A1-82377CC57FD7}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{0D2B59F8-2620-4061-9E3A-F33D2A7E4B4A}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{0D76F4C7-D101-4C86-8338-B3815E738327}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{0D997BA8-A282-449D-A9AB-06EC2CE4DC69}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{0DD2FF19-562C-4EE8-9862-D5313D65C9C3}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{0DFF4F1B-DF3F-49A0-81B1-AF3FD77F43E1}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{0E4BBE12-22C5-49D2-90AE-A7FCD434FEEE}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{0E63C1E2-86A9-4E64-8A95-F13F141FAC7A}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{0E6E16AC-D69A-4580-9468-D8753271F24F}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{0E80B889-99DA-4248-ADC0-A5540E531F2F}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{0EB122A3-65F6-4E32-BF3F-D65B77CBDE6D}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{0F56611E-8011-40B5-9E38-19265F8E9BCC}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{0F94D3B4-A754-4825-B56A-F1F983EEB9B1}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{0FB91A7D-FFE7-443B-9440-3C7692F438EE}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{101DD2D5-1B02-4639-8904-33DC0D6E1C51}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{10230EB4-555C-4CFE-856C-8E4F4B12C1C2}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{10DB84EF-117B-4462-8DBF-2701AD720FEE}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{10DF78D9-43F4-4E1A-A2FC-C2DE67892C7A}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{10EF5876-1110-4D6A-9AB3-E8293718EC24}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{11AB6213-6B34-419D-88CD-436CF6983442}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{12515C07-285D-4091-8819-0BA0028CA20F}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{12BDD81C-425B-4DEC-B80D-CFF98F01CA12}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{14214724-4AAC-48C2-8E8D-D7A7F1C78F80}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{14291655-FF7D-4E96-9F24-104F184903CD}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{157BC555-11BD-41DD-98D6-C2076FBB7D6A}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{1591C6F7-F58C-4598-A472-154802B72C4A}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{15AA9353-151E-413D-9141-1FA425EE0D2C}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{16CE57FB-67A5-41AB-A31F-B23FF2EA9525}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{16E15B22-0038-49A5-92F0-D1C746617F33}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{171C0CE0-5539-4FBF-B3AC-EA49C9CF1248}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{17416912-DF09-48B9-A6BF-50F887C473FC}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{174A2C37-A72A-4B82-8F2E-A857102CF5F8}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{174D6BD5-A1F3-4D82-94C3-3F3443CF6592}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{188E2023-624B-4AF8-A30E-A79C9D035227}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{189B891F-2B00-4772-80E8-8B78C84EA54E}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{18B8894D-193F-4EEB-BB4F-F7BFFBEDA18A}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{18FD1A91-40FF-4424-8D18-558C7D8CB3BE}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{194E3572-2631-4E0D-BC8F-CC8CDBF01649}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{196331F1-6431-43C3-B2D0-1B4A04C43F1C}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{19ADE7A4-81E3-43E7-909C-03D7B34AA985}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{19B89558-7B74-4F74-A690-912301CC89AB}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{19F26560-4738-48F4-992C-FA96E56C68F6}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{19F3FD05-B26F-417B-81DB-67BFA6DB0B52}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{1A2E60A7-7693-4F63-A71F-1358680DDE30}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{1A7673B5-3B47-44DA-BF19-CBDC765AA149}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{1A7B6772-8E31-4960-A684-F3E200834815}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{1AA702A1-EF62-42EA-8E4A-5566DB3FC170}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{1B363680-2FC0-4780-BEFF-D62D749149B2}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{1B6F4D50-737A-40CE-88EC-F25863E4BFD3}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{1BC3E88E-61C3-46CD-A63A-F36A9D5CCE26}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{1BF6FA46-621A-4524-863C-F7A251BA06D0}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{1C3F577B-820D-4CD7-88B2-B80CBF7C8F5A}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{1D35FAB8-A9E5-427F-B78F-32DD69CAD218}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{1D397766-89A3-4174-8B72-F2ACDA1D7C04}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{1DADC1B4-073D-4608-8AD6-1C3A78DC262E}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{1DD9666D-6063-445C-A8A6-80BBF858FDA6}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{1DE79C3F-CC51-478C-BB33-4B45D7658B4B}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{1E38D314-126E-4B30-B0C9-23ECC8BF8487}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{1E844FCA-FF3D-48F9-8477-29E03BA3F978}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{1E88FF86-5233-4A9B-B3CD-3210997FE21D}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{1F12C1C6-1FB2-4392-88FD-9AE7F65E7D97}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{1F7F0AEA-5A8D-4013-A7B9-D17ABB9D1D7C}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{1F8A66F7-A471-4248-8E25-DAA1A7029B36}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{1FBED153-ADD2-4778-B089-FA241296D267}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{1FED028C-C31C-4996-8C91-F604C36093FB}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{205E5873-E863-4631-96C8-4CA14E5BFF19}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{20EDEF88-43E4-479C-A8E1-BE34E9DF2C21}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{2151C718-5846-46C8-974C-2EEC7C3E7B0E}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{2155AD11-2C29-4C67-8204-B98ECD0A7A97}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{219D5CFA-BC5F-4774-8A0D-31D6B3C4420E}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{2252FBEC-D150-4BF8-AA73-2A809AD7BF70}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{22F67204-6264-4E9E-976B-91E4068DB0FB}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{242DEB4D-AA60-4125-86B1-0079A644E489}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{25126840-E5B1-4C15-9DC3-0B63E9B52B96}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{25D36128-0BB5-4D9A-9065-4D349CFFDB4F}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{26234A1E-A792-4AF6-8B64-DD5A7FE84ECD}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{26855B3E-66C0-4577-9F56-2673AB3560A2}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{269572A6-49AE-4E4B-8925-5B3A516B7443}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{26D76EBB-2169-40CC-9B23-99A74CA89673}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{26FE7717-1F77-4FDA-89BF-E0F68BE228EA}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{2733039E-AAF9-4226-AA4D-23C5867F347E}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{27755B69-D434-4E0D-8747-C96544B8FF54}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{279BD475-7A95-4FE4-8822-7991B2FC6B6D}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{27C66789-1C72-43A1-8889-1E192DD9F496}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{2803A55F-8D1E-423C-ABFA-9AF6F9B5D793}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{2868B0D8-2A35-4F8F-8340-B49ED764EC6B}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{287B1276-D330-4D68-BCFB-568DA98772D9}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{288C208A-6B39-4A0B-BDB0-E3859E2AA7C0}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{2898B6E4-99D9-46CE-AFBA-C5CF21F558E9}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{28E2168D-032C-418D-9BFB-DD7ABFDC14C0}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{2936BFD3-B0E5-42AE-B331-2326C9D42FA0}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{2A30F433-8EB7-4691-8389-9C2E27CB8B0D}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{2A425FBC-3BB8-4CCE-9250-1358E20304D2}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{2A8DA8E6-84F5-43DD-B861-EBA7A96DBCFB}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{2AD7A39F-E8DA-4746-84E0-3E6EF0CBB91B}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{2B547B66-A9A3-4666-B7CA-9A5612646F97}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{2B89953C-A7A7-4F0E-993E-847D8D306089}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{2BB34919-1D1B-41BA-8407-E95627700EF4}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{2C20A1F4-413D-4B32-BD26-16F404387848}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{2C60EC3E-6678-4710-BA9F-9C8144B65B03}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{2C8FCB5B-92C8-47DF-9899-22CCCCF06DC8}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{2D30ECA7-9AAD-41E3-9F68-20BD1705AB49}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{2D3FF0E4-C6EE-48C9-A236-518EE1A38EE2}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{2D6E978A-2F10-456C-BC69-B6B89487463C}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{2DC94689-5494-47B8-8C16-CD0ED2123976}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{2DF15A2E-F954-459C-B4ED-29BA20616D4A}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{2E0FF0AA-C1E1-4118-8BC9-7B4D06D49421}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{2EDE5C53-3017-420B-BE22-C9AE1F3A564C}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{2FBB20EC-8694-4ED2-9307-B1D20ABD9AC2}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{300C3EE7-A115-4A97-9419-814B0DFB3CC3}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{30CFBA63-614D-4D49-A69F-0AFE31B61F4A}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{30E96B1C-3C70-4795-A5D7-7C4AD7999A06}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{3198CA13-0293-4E7F-8E58-5823CD263B65}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{327ADD24-CC3F-4073-8A8C-DCEAF07295E7}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{32BFF537-6C94-4712-83C5-884F7A50D085}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{33009629-E582-41A8-A785-474572F177BA}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{330F8997-FDB7-46F6-B20E-6B879A1B0006}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{331D9139-CFA6-4DB8-A24C-05E99CF05A01}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{33FE9381-55E7-47B0-A76A-7EC56604C2CE}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{3434FCE1-A3EE-4C7B-A08B-F8BD2A0C5FA6}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{3440B3B9-DE30-41D1-9C2C-3F0985A11F46}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{346A751C-EF51-4AFC-A3EA-A46BAA4E650B}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{348AF91C-371F-4E15-9C96-CB946F1BEA02}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{349EBB0C-BC52-4260-82F2-028C5B8B0328}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{34BEFFD2-85C2-4834-BB74-DA83B877A8ED}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{3525E329-4C3C-4AB0-94BB-672E94EB79A1}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{3539F2F5-D3A1-4313-86AB-49DA7203FC60}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{375BA8E7-5529-434B-A91F-17843951DA2E}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{37EC5B27-A3D4-4F77-9AA6-083D4933330A}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{3843414F-5616-44D1-8154-88328D9DCFE3}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{387CFCB2-95C1-4B80-8FCD-17471AAEB991}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{39920E97-6D92-4E62-B520-0B33B77A1885}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{39E57928-EBCD-4436-8B5F-F97D36C572CA}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{3A55A680-743B-4153-86DB-F76E3F61AEAB}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{3B3616BF-3CA5-4E8C-AF4C-7ED112D53612}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{3B51A083-03AA-4798-9136-81EF399C8FCE}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{3B7E8BEA-5D93-43DF-A79B-26B8434EFEA1}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{3CAEB99A-3A42-4ED2-9203-570C15FC61AB}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{3CDB4672-5750-495B-A512-169341936BAA}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{3D5A1D28-6DBC-41F9-8408-F8DCEFAC959E}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{3DC7BC0D-9EE0-4B2A-8F3C-BADC74455A70}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{3DE7A202-39F0-4376-A330-179B6513B541}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{3E610F2F-1FEA-4F17-8EC5-7451ADEE8235}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{3ECD0144-C9CF-406C-A309-46CCE9C04D66}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{3F73C935-5ECD-44B7-A4DF-79EF022B7C32}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{3FB5F209-747F-4918-B02D-A9C11A0474B9}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{40251271-EBAA-4A81-B032-AF7650D6CF82}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{40413F79-7B60-454A-9D58-53BF0981D6C2}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{40D6C4A4-97C1-4487-A3A6-D817ABB5935F}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{410ADA36-3742-4514-A5AE-4D794D935DD8}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{42DE8ADA-8593-4592-8481-3759379C0C90}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{42E1B453-A19A-4360-81DE-582EC83FF711}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{444594EE-53F2-4C1B-8AEE-57AAEB042349}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{4452C6C5-03E3-4008-8027-A65EC320D5FF}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{446C6DAE-2862-4BF5-BC20-E307AB22A169}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{44791265-F9C6-4B6B-8EA5-F89FA047B176}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{447D6026-FA9D-4E25-AE7A-D7AED675AA12}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{44844163-18E8-429E-9684-B7D8A18B3E90}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{44E3E824-67C4-442F-A0F3-210F51C1B1A8}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{44F6220C-4F80-4D48-87FC-D639BB587149}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{4530F11E-FAA7-4058-8C3A-5374524E7B63}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{4547494A-DD36-4EE6-B9B0-217E19E63E72}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{45CB921D-3286-428C-8923-5B1DB5BF351C}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{461FA816-1826-41D9-9866-E03066F924C7}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{4630933C-43CC-409D-BBDB-802AA09BBC0F}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{47007C97-0DA8-428E-AAB8-49511E238948}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{47BBC2B4-3A86-4968-A18B-7F6C78938AA9}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{48BC0BE4-7658-4147-B3A4-9DD506382377}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{48CA233B-2898-4DB7-8346-105A8A84D0AE}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{48D2BC5E-4C15-4CFE-A51B-886829AE7FA8}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{48D538E9-355F-484B-842C-C16946129853}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{49E68DD7-7AE6-4B4F-AB7C-F885C495CD15}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{4AC3FBA7-2294-42C8-A708-4324AFC149EF}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{4AF860B1-DEE5-4F3E-BFD4-09A060D501CE}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{4B53066D-30CE-481D-A746-DAF70B1800B6}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{4BDB2E8F-3381-4DAA-9AB6-6B3EF64D82A6}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{4C029425-79A1-4E60-91B0-7D4E22A59236}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{4CAF91EE-1214-4FC4-9C7A-676057A0C775}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{4CB897D1-C977-4434-9721-825D6495A0F4}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{4D36810D-AD70-4F9B-BD1F-88544379A5B8}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{4D48DE66-023C-475A-B903-50DADC2C238E}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{4D7DBDC3-1D62-4468-BEC2-F545C0AFB353}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{4DA291E1-EF3A-43FE-831F-002D4761A22E}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{4DC72F75-4821-420F-A495-D1DBDC94DBCF}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{4DEFF57F-369F-4215-AC49-965133B721A2}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{4F0F49D8-7F74-46A5-A051-0BFF84E69928}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{4FA2E51D-CC91-40E4-94AB-D12A4D6F1B57}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{4FBA9BCE-8D84-4D72-8BFC-8EA989BB3678}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{4FD031F5-56CF-4FE1-8192-9FDCB18298DA}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{50567132-1989-45E3-8882-1B42B40E32C1}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{5099EA2C-05DC-433D-96EB-0B43D4664E2F}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{50AAB344-8217-4F3C-91B4-CC09411B04E4}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{516E857D-0C11-4A98-89EE-ACBB23C4C22A}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{51F45717-D2CE-45E5-943F-2D850ED86D86}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{51FBD731-A9BC-45BF-B343-9EE8AAC79550}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{5247130B-54BD-4880-9914-284347823CB2}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{52C0A26F-B022-4E92-8051-91D1E70648A0}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{52EF09B7-6002-4658-89E9-5BEE79A17D4E}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{54542644-0E91-4837-98EE-9BD2E9100FD8}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{54C13761-71D2-486A-90F6-C91AE76357A1}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{54CDAFBA-8A01-42DB-B868-DFC9718D25F4}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{54D511C2-858A-4C3A-A9D8-18259D3C78C4}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{552ADE5F-145D-409C-BAEF-762798418EF1}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{5557C110-6111-4B31-AB21-C8303A11FBC7}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{56B1AF10-8E52-46B9-842F-FE7C3727C79B}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{570EFEA6-FC0F-40C2-8650-080803B7CCE2}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{57D7ACD8-E771-45FF-AAEC-E55A42E630A7}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{58863FE4-B969-4458-BE07-2CCE21DD652D}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{58AD9634-8A27-4652-963E-FC6B419320FF}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{58D219B6-5279-40DD-AAE4-837B24BC389F}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{58D4FF70-304D-4256-8630-2EB9B7A6883E}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{5AC18929-B9F9-4481-BD7F-8FF23BD588CC}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{5AE75A66-50E6-4238-9068-FB5E1485D65F}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{5AE7E537-EC23-4D32-B690-E53245AEC00B}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{5B1BB0C3-B07E-4041-A3D9-DF75885DCA2A}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{5B23B68D-10E0-44D9-93C8-D05E066F1BBD}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{5C25827D-AC76-4D2C-94D9-2EC3088B8E93}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{5C6551DD-748C-4800-AED2-90E69C2A4181}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{5C820541-CE96-4AA0-9BDB-1CF4A32C42BE}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{5E0C33C0-EA39-41FA-9469-39BB17F06B9A}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{5E81529D-201B-455F-BB14-4541F0DA0756}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{5EB0B260-279B-430E-8372-4268FC485875}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{5EECA883-B76B-4811-AC75-1BAF469B0A17}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{5F2D2F7C-4168-45DA-BEF0-525901CD8E21}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{5F9ACB1F-1B80-4AA8-AFB6-CB55A919D303}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{5FB95119-BA51-4F26-99C1-0769022B95E0}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{5FBC9B83-DF0F-4DA8-AB54-8C2853B2E8A3}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{6082908A-793B-437E-A3D5-BCFD4003B08A}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{6112A4F6-C2D8-4512-B1A6-D8FEA2EDA9F2}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{61273AA7-F1A1-4963-9B8B-29EC76CCDC4B}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{61B50C25-AFFA-429E-96DF-67CCD28B7CA9}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{620E2E2C-CB7B-4C94-A4A2-F5E64352593E}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{622827F4-6B3A-4CD9-84A5-7ED4760A2278}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{623A3466-F94E-4F2D-B8F0-3AD13BCE30C2}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{62C7B78F-FB87-404E-8DC0-15FC6C4AE8BF}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{64394961-3AA3-4C5A-9D6B-93B059D7A993}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{647B836F-4A7C-4AC2-9EE6-73CCB78FF86E}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{6515A5DE-67B3-4492-816D-ADD59E1A9DC4}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{659D0AE1-4354-404B-B72A-5846984E6469}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{663FA9DF-89D4-4A60-B355-2DD3022DCDEF}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{670D72BF-6B85-4944-9948-B9484F594742}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{67B50FEE-67A9-4518-9250-BDF67F4084AA}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{67D8D74A-797F-41AC-A34F-5F95C16CCD98}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{67EE638F-55A0-46DE-844B-9E8FF97158CC}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{68AB8EA1-C337-42E4-8FA3-32A4A9B663B2}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{693CFC4F-E229-479C-8AD3-CCD896563320}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{69C145A0-A4DE-48D8-857A-3E658823CA4D}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{69CAAEB5-A771-47C4-A990-0DAB7719149D}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{6A224787-399C-47F5-A477-2EFAD12A50D4}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{6AD0BF5A-7D91-4DEE-8FB9-78336DD21B53}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{6AE577B4-2D92-4C5B-B96F-D00FEF779844}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{6AE77DDE-C339-4549-862B-0E9524D364C0}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{6B0DC891-DBDD-4D9C-983D-7759649B1ED8}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{6C1D7411-34AD-4FE9-8CDE-77E31F8EEFD6}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{6C1E5A87-A119-4E9E-AD36-BEC02BA87680}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{6C693BA7-51B4-4AB7-BDBD-B01E63E48E5F}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{6CA63301-CD8E-4442-83A7-911244BD913F}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{6CAA7C6D-AFF1-49CE-A0A4-4369E0CA5980}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{6D83D021-9367-46BF-A91B-7C70100C2BF1}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{6D895D42-C830-4A6E-AA85-40D4B05085BB}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{6DF85C16-E00A-4826-81EB-5BB557027074}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{6E167956-C942-41C2-9C4F-4E1B0860CED7}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{6E1C311D-3A3E-44BD-8962-BC2C00F17634}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{6E4B1328-5FBE-45E8-AFE9-4DC17BB0B52D}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{6E4C0301-3492-41B1-A802-D122F14544E7}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{6E6B73F9-82A0-4730-8593-34315137BEA6}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{6F45F1B4-002F-48A6-AB96-F6A4A37C6616}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{6FD93BDB-AA05-4C78-8AD6-6FE437CECD24}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{6FE7EBF8-D565-44D3-A5E9-0907350191E8}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{70786F64-73B5-4225-9081-25827FB269C6}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{71137FA9-1149-4013-86C2-390FE3856A78}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{7132AE01-7843-44F2-A7BE-1D3C86ECF1BC}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{722AEB46-7539-46B6-A5B5-978ADEB8249C}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{72390ACA-6F99-402E-BAD8-86D3164C9E5F}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{724E27D1-DEBD-4D00-AB46-551A83DAAC6C}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{728191ED-0791-43EC-AA6F-E74B362741CC}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{7293BC20-B018-4D34-B464-A0FA42901B16}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{72E3A0FD-75C4-45AF-BC18-0C61159D71BA}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{72F79DE9-B885-44BE-8A35-31575FBB23BA}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{738285AC-9643-4D66-A8B0-ABEC72A7605A}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{73ED9A2A-95DB-4F33-B064-E6F44FC5662D}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{74755CA6-141B-4C1E-A742-4616E05D5228}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{7554BD0C-5161-4FC1-8ECA-16F21B330FC9}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{76962C12-BD95-4926-8A9B-5D8198DFBB2E}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{776DB90B-A27C-4457-B964-0692F1D13FF9}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{7980EEC7-E8B9-4381-97BA-05F8E3003CAB}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{79F924FC-E301-4EBB-86AA-17C271F1E054}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{7A361620-F8F6-4F30-BBBF-29C21019A789}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{7A405791-821B-4E66-878D-E117DD414810}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{7BB94F73-F467-4FC7-802E-2ED08EE3C21D}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{7C9DDE15-D078-49BE-ADDE-C5E0E6D04F88}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{7D21C348-4900-4C5B-946F-312E5B1F989E}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{7D36106F-66D9-4441-AA3D-DA5F588AE1C6}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{7D3B2F36-632D-4FA1-8B39-8232D6723E11}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{7D69D15D-DD10-43B3-8253-597663090AED}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{7D91CEC3-F86D-472D-A781-144400F27B68}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{7DC1335B-3765-4EE8-A839-4276ADE7A6DC}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{7DC85B39-BF88-4AEA-8935-8A965145254B}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{7DE3314C-852F-4769-816F-02FBD56A6547}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{7E366F46-5C9E-45E5-80F9-630C658D97F3}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{7E8F2840-6FBC-4F2B-8780-B07839CD978F}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{7F477AAD-9BF3-4C8D-8B6F-FCAFE829D3E1}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{7FAB51E6-0F8E-460D-876C-C5DE75DB6D15}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{801C1F9F-7D1B-45AB-8713-A358B6E14F1A}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{802959EE-47BD-4658-97FD-BE98D4CB0882}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{80F12125-9BDA-427C-9DA4-ABA29897A254}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{8114A74C-1628-46F3-8819-00485211BB60}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{81327C0B-96BF-46C1-8C6E-DC261EDE06BC}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{8162DABD-0E8D-4E2B-9486-5B78F61E213E}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{8168DA9F-B569-4965-B17D-BA7DF3D2B033}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{819F4EC6-3016-414B-A647-D92AB29A049C}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{81AFA5AE-4F32-4FA8-B0B9-266B4905BD9A}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{81CEC35C-0D8E-465A-9C27-D1A74ED9364D}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{82421617-2983-43E0-99F0-DEDC9A2CDA6A}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{8246792D-8837-4689-A934-79124D0FE897}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{82C55163-1722-4976-8FA2-08130ED7090F}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{82E8ED25-A13C-4EF7-887D-FBDF914DCF45}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{82EC4A1F-BF04-4D27-A8BF-25FF864C6A01}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{8301EAED-D642-420E-851A-E8496E5C33E1}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{8364676D-9562-439F-AE97-389B6FCE87DD}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{836C3218-9738-4ADA-941A-0E5D57218047}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{843849C9-5B66-4DF1-A9E2-4FC4A920E4D5}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{843FBB26-3967-496B-943D-797D90087A9B}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{8462A345-E7DF-4CA4-8534-C7D06DBA32A9}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{846CE88C-132F-484E-BEB3-2C4DE4D4CA23}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{8470B148-8D19-49C4-9DA2-12CF61E5F174}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{84908072-98FB-4BA9-B29E-2AE63018B833}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{84C319FE-D198-460B-9354-D66902A23768}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{84ED2750-4BE4-48BE-BCC6-5542B7A18A7F}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{8510588A-A9EC-45F0-A834-306321271400}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{858E86CF-123A-4B49-82EB-197FBDFC5889}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{85A27A35-771F-498E-BF94-0293FB001239}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{862FD377-B531-466E-9740-036395A2011E}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{86618941-8137-4280-9E31-26D8C02D639E}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{8677EFB5-B836-4E8C-B2A2-BD5B58F29711}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{868A62DE-7F2D-43FD-BD6B-E7AD486783E0}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{86EB13C5-0053-4BDC-8C40-C0AB6292F396}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{8737205B-9FE3-4882-9D26-D7A0B8747359}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{874E52BF-3A57-4903-8A62-D1FFDA5B3261}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{87593174-0CCA-40D9-8F52-33CD4C67DB56}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{87700499-401A-456F-9956-5127D2CC5476}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{877FB667-B95E-49A6-A2CA-C0331A1E16D7}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{8788C59B-297E-4A85-ABAF-5EFAC4FD4F30}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{87E05F74-F7B3-48CA-8423-DD2E4259FD25}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{87ED8FF2-5C7C-4B00-B958-62A666214437}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{88A22161-96E9-486D-9C95-98A090030D56}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{88D136BC-5AE8-4BCF-ACB7-EFAE8E6F8BE8}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{89618117-E2F8-41F8-BE76-87638388FFBB}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{89DADADA-D715-437A-9C72-DFA860F74F29}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{8A79BAE9-A6CA-450A-9F19-B30E713EF3C0}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{8ABEA4C2-8C31-4829-82D7-8F116F810ED3}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{8AC1FBBB-9DD6-4F8C-8659-F42CD8527B9F}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{8B735A26-0C98-44B4-842E-A57C3CD45E18}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{8BD5A114-1ABC-4C1F-82A2-230BB289D257}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{8C4A8C47-97D4-411C-8F14-FDDB656286DC}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{8C526CE3-5886-41B1-AD2E-5A7506B1B258}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{8CECAC3A-3686-4E0E-963C-33EFFEB80F01}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{8D034411-0901-460A-A274-482E258CF4BF}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{8D53CA26-EC52-4091-802D-36CE107C4AFB}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{8D7854F5-E17B-4637-9322-3902FD30875D}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{8E241B27-0CF1-4CAE-ABCB-E0A67C103035}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{8FA4F3E2-C066-4F7A-BE95-A7040E674BE5}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{8FAD625D-96B9-4FF6-A8CF-BD6A06B75C51}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{900D717B-1DAB-4F73-B5D4-EBC8AD16DE65}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{90D384CE-AFFD-4F62-8EC3-07AC5387E6F7}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{9155A972-44F4-4209-8BAB-14498AFC9FCF}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{919CEF75-FBAF-4767-84DD-781DD0E8A40E}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{91D3060B-6481-436A-90C9-2268888BAE15}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{92266721-CAA1-4003-B5FD-681C23FF221E}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{923BBBDF-993E-464E-94B0-BFAA42876536}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{92494BF6-E2ED-4A95-84BC-1A4D8EE1A8D2}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{92C6D91C-615C-49F4-9C5C-58EA64BF13BB}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{92E574C3-4A92-4842-B23C-688F513EBF4E}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{937BC404-E143-4F50-8CC7-546D2BC7BCDB}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{939965BB-936A-456F-B164-1059602D9BD2}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{93A6DDF4-BBE9-4253-90AA-D48E22F8BBAE}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{93CCFD1D-7DBC-49D1-97B5-EE2B3C9AEDB5}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{93DD284A-EDF5-448A-9463-75341EA958A4}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{9463C6DF-E934-4B47-9F28-D736901F9E84}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{94AE6CF4-37B5-451B-B447-B79D67D0E14B}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{94CCFB3D-C530-4756-A893-3AE22EBEF078}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{94DE5715-3D14-4C9E-8513-0D6793255E3C}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{951512D8-03D4-4584-A5B8-141F8324A26A}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{9557A530-5457-4C07-A759-29DBB0241200}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{961E667D-487C-4A72-861C-570E006356E7}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{964B338A-429C-4C81-9EFA-C961E8B53C4B}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{96BA1F96-66AC-4FF6-B10C-B5F4082D3069}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{96D63DF4-2E72-4427-A906-1DACC217BEE9}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{97A307DE-5AF7-4FFC-A797-91477ED244CB}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{97C6E123-85D3-463D-B46F-6474A7EFF464}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{97D886F3-3C8A-4B25-A763-D2E9A4577B4F}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{98147E15-90F3-4170-9891-894F54CB2312}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{98298957-709D-4A05-9FDC-27DA73F6C908}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{9891ACD6-E8D9-4F38-898B-9DA64FB8F17C}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{989A12AE-410A-4FFD-8B69-AE352D99DD06}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{989C9DAA-1387-4A37-B61D-672C4CD5D8F2}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{98B7D68E-BBA8-4664-8AC0-6EB8D15E0EA0}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{98C7CC56-FAB8-4569-A565-543D2B5DDB9E}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{992F9FB2-B760-48F3-B0B9-06F07F822DAD}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{9958EE95-6ACB-4E88-A224-E37B52377D18}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{99986F5F-32A0-4A30-80A8-A7AE25481B30}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{99BEDF87-6352-42A6-BAB0-160B4ADC7397}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{9A00A3C1-70CA-48A8-8BD5-0BF2C3CF9BCB}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{9A3B8D6D-DED4-44E9-9070-88AE6F46B616}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{9A95B856-DD56-4BD9-9074-0E03113D9E63}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{9AD3F902-23FF-4BBC-9393-60EF16411F61}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{9AF1AA5B-AD16-42F5-B4D1-84DF5B9EB2A5}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{9B6B9AFF-160A-4B38-9EB4-5DF1F7D7190F}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{9B83E224-40E7-4A4D-8757-97E339F21CA4}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{9C1C0751-F5DB-4AFB-ABCB-DDBD16D08E49}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{9C6611E9-E678-4524-A0F2-A926448B5F49}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{9C8C217C-0893-4461-9EEF-60757EEA5EEC}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{9CB315E7-FA69-4EDC-9C7B-D448A600F813}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{9CF85711-BF39-4710-9F6B-8F5F1D04EDA4}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{9CFB147A-72BD-4C1E-BE75-FE963A20DD74}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{9D458F8A-253E-4704-BA8E-5E572F0C82F6}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{9DBA83BF-5639-40DD-AF78-A4236291394B}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{9DC36B13-7A42-4FE5-8B7E-F6BD55321916}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{9DCC252C-9E76-470D-AF58-91E33D26689D}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{9EA70FC1-5649-42F2-AADB-8BD3F52C3F97}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{9EB22523-54D8-4313-89C0-7A9F31B8F1C6}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{9F579DED-6F6D-4CFB-BBE3-C3DDE3F88D0D}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{A015C460-3959-49A4-971E-515C2712F65F}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{A0B01F41-CB98-440C-AFE1-DD8F7916B5F1}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{A0F155AC-0BA7-48B7-8A70-9251A65D9BF9}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{A16BDB62-58CC-4CD8-91C8-5E59192EEDEB}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{A1B8B4F4-8CA4-40A8-894F-BF1FC259C825}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{A2DF77EB-0BD5-44A4-8C95-E92042947FF3}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{A2F1280B-6958-418D-B86B-222C68049AAE}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{A3095AAB-2641-44DD-80FF-2A4C22509137}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{A3261831-981E-4E9F-99EB-21BEA4A96865}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{A34D13BD-37D1-456B-B193-AA8E50DC554C}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{A367762C-7C43-451B-BF60-3B56C9698691}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{A5088E27-5BC4-4636-B0E7-AF494C94C2E1}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{A65EAF89-BEBE-4ABF-BE55-CEC7A5710462}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{A6D3393C-65B5-45B3-9F76-0B0CF3C5BD58}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{A740651B-75EF-4279-B7FB-2C9E00842F68}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{A77C44FC-56C0-401D-983D-127612E528D8}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{A806261B-8EE5-4A7F-9093-54F904ECE6F8}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{A8CB06F6-41C3-4D61-9DFD-B496EF75A1E6}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{A9126250-4FD8-48B4-A157-E2EC07C977AB}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{A99783DD-B379-4F20-83FC-7A6B1B30AD24}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{A9C085D7-D9A3-40C2-A946-35E97F04F6FB}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{AA11FC85-1A6F-40DD-8AA1-8B5C401ACE0F}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{AA3D3D7C-6A7E-47C2-AB59-DAA29F49B75D}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{AA414192-99F0-4453-8208-7BD2AD46305E}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{AA89970B-73DC-41CB-BAD2-8EDB38BACEFF}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{AB3E6B96-A86D-4B6D-8732-3EFF5BF542C2}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{AB5A8491-DA83-4908-9A5F-165BFB7090D6}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{AB6B94B6-FB74-4437-8C1B-CC3ED30E5F03}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{AB724F47-F45E-43D8-955A-5F5F051DD161}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{ABAD1E4B-6DE9-4C8B-AC8A-013529294F95}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{AC568DFF-9414-4AAB-966A-AC29C1EC7F21}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{AC837C1F-FA42-4662-AD45-E6E82DD85611}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{AC9833A3-1EDA-42C9-B2DC-6430B6858549}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{ACAED000-5937-4834-AB1C-CC4FD6B13D69}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{AD622A4E-BDBD-41E2-86B1-CDCE170DF36C}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{AD7912F8-48EC-4594-9CBC-D422CB9E8EDD}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{AEB58E0C-FCF1-4EF4-81A0-7D8FAA00BB21}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{AEF97F49-ADA3-41C6-8F65-B21EE3DC75CC}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{B006EAAA-A223-48F2-A45C-4A1D9B1DBA31}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{B0637AB7-8A20-4E1B-B43F-56A8C5BE5A6A}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{B0B5665B-03F3-4A7A-A7FC-A0940A512D5D}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{B0F6AFA4-34D4-4C90-8D99-BFE8FBD32DAF}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{B108B4F2-DD75-4145-822F-8276740FB9D5}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{B11CCD1A-B702-45D3-98A2-99C94C939817}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{B176D6EE-96DE-4A9C-BB9B-D949E9F2D653}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{B25E6741-4DF2-480D-94C4-5AA5B3E934C3}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{B2C0D1ED-4464-4B3B-B708-EC2F165CD339}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{B2EA1304-76BB-4487-9BC3-067BAF91C79C}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{B30717B5-2D18-4F88-8A72-9341C620D4F3}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{B3A7ABC0-7F70-45F1-8A67-758A25FCC050}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{B3B44E7B-2423-490A-BB88-45160BA8B14A}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{B405883C-53DC-42DD-86D5-AE82FFC10C9E}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{B4986CDC-D2B5-4BC0-A76F-CE300CC8CCE6}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{B4988B2D-C279-4417-9B1F-E0299200B6B0}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{B4FF9900-1FFB-45D2-B755-44B6E634865D}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{B560695E-5B84-48B7-9ABB-3C242B732D20}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{B574A088-B6E3-4E44-AE7E-9046B13485C0}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{B68CCDE2-227B-46AC-A994-0379663EC309}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{B773DE10-CF54-4E69-837C-FE234E5B32FA}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{B820BDA4-69E2-4024-967A-FC4A9DD1B6EB}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{B87275AC-BE27-4BE4-8A48-6F3C6D1ABA15}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{B8738649-7F81-4E68-83B2-CBF6CC5DDCC4}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{B8E62FFE-4B20-4029-8C40-5E46B3C9F08E}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{B9CBD026-7625-4C88-8B13-B4BCA85148A1}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{B9F76223-0561-4627-9E1F-22D76D76830F}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{BA3854D5-DCD2-4817-85BA-B326DD0CFFE5}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{BAA0C7E9-CAF5-4D73-94DD-94908884049D}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{BC8EEDD3-0B68-4339-8DB4-92F1E002E3BF}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{BCEEA0B1-F21C-4032-BF0F-DEBCE107F6E1}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{BD96DF82-9F90-4FD2-9E4D-8FB4DB857EE6}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{BDA4CF84-45A4-4C95-B353-C119A778BF1E}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{BDD5F969-DC10-4D39-890D-E1269774E8D0}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{BE1778F3-4F85-4C86-AA99-F248A0C89FE4}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{BE58A3E2-9C2E-49E3-84ED-D6725C9D6FFB}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{BE8B2FBF-E19A-49F5-8B70-5952DD23AF6D}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{BF731465-E1F5-4285-9844-F7E45CF50B7E}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{BFC5AC76-5691-45BC-B2C3-BE9967D441AE}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{C04046EE-5171-4384-A4D8-ED62687F9689}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{C0B8381C-E787-4409-B23D-CE3BC944A08A}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{C0D8EE5E-2BB7-4E8F-91C3-FB3B7D7A05E8}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{C0FDCF8F-D5CA-4AA4-ADA2-1EEAA71A073B}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{C150A856-2269-465B-BE7B-6525DDBFE244}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{C18ADFA2-EC11-4F3B-ABFB-8E992329158B}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{C18D6FD9-C766-4242-B434-DA718050556C}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{C1B0DBC4-4681-4C9E-B306-0869E1B5382F}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{C2064F43-475A-48B9-AEFA-D171A573D09C}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{C22D05F4-29A8-4060-82E1-49BD6F867AB3}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{C28D4536-4B26-4E35-84D5-D0AD50BD1926}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{C2CCD477-F61E-4FA1-9233-E94D9D26A0E8}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{C306E7C2-31AD-4D49-AF81-F72DABA70509}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{C36A3664-536A-42EE-A900-255F8508B82E}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{C37C7473-085C-480F-9B0A-0F35905E29A1}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{C4732EA7-0912-4406-9352-87CAC4F8E37E}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{C4B5195B-F589-4332-8D9E-4754C82E1584}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{C50859D7-47C2-4F4C-B194-81E8CEBF29A9}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{C556E93B-8622-4783-905A-AF3CAA79E3D3}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{C56AB65E-4FBD-4137-88D7-841B6139CADD}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{C5873694-7F16-439A-9C1F-50C1BF1C27BD}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{C59B1582-BBFB-4DFE-87BA-2E126AE0311F}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{C6064A3A-0239-418E-9A83-D84B1A082FD7}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{C6BAD9D0-DAD1-4CCA-9F30-E2E5775872C2}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{C6CCC586-0766-4714-926D-9E1C02DD493E}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{C8395102-19BE-45E7-B379-8C518DA616BC}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{C901BF82-8180-4A07-B110-58E0B905F8B1}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{C97B7195-6B5F-4AFE-B005-D75C122FFC52}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{C9834C3B-5BE2-4D0E-BA8F-163B60DB0059}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{C9AD4083-3797-4C2C-9398-4ACFBA575261}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{C9ED4A49-2A15-4011-9685-4C69B36ABD6C}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{CA0DF9FD-4F56-4DF1-9FBB-83E763AE0B53}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{CA34038A-0A15-47F3-B581-BDC9470B7220}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{CA5C5957-C099-4C84-BC64-AC000CF707F5}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{CAD0120A-2EBD-4322-8F4C-8FD2B90CDAAD}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{CAD4A3C3-4FBE-4799-BB4D-B66EBE8D59F0}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{CB035D31-A98E-4B37-9182-955B384F31A0}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{CB29F866-CD2E-4B63-891A-B1D92E6F3DCB}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{CB5D30DA-D8E0-4E1E-9713-17C7ECB58ECD}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{CB82C6BC-E238-4585-987E-D298D0A8B805}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{CBBA3D95-A982-4B27-A68D-E5B997B2FA16}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{CC0AFC20-4B96-4E57-9841-D2C0F6144AC4}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{CC210F3E-6497-4C94-AF8E-238368F5203A}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{CC43DEC9-B49F-4CC3-A54F-6294B704FFE7}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{CC9A7A7F-B75B-4E82-B0A2-292444E28846}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{CCAF3978-C520-44BB-905A-2FDC95E8AF36}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{CD1755B8-E2D9-49B6-B7E1-F705FF7489D5}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{CD5BAE0B-A157-4D1B-B14B-1F37951FABE3}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{CE08E308-8AA1-4AE3-AE4E-7D3E24AD306C}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{CF12D00A-6185-4BDE-A667-ACEBE9792DC3}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{CF56B93E-4EF3-4972-9732-A562F7838100}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{CFC749F8-6C8D-4308-887B-8B1FDC28D471}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{CFE665CF-CB53-4C40-AAED-B108A7BC711C}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{D02D8DD7-3D4B-466B-AE15-5B14DC87C9C5}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{D0365A7D-7197-4CC6-92C2-2A7396E071AD}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{D05F27F2-DD31-4F4C-B870-859D593DBBC4}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{D09E5C27-775B-460F-BD8B-ED481C1BA132}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{D1F18DBB-ACE7-46B5-8F11-141650998108}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{D2BE356D-4C4E-45A9-AA57-11280239EF8B}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{D30CACC1-179C-4BBD-9BFC-19FF9BA79765}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{D38D11CE-416C-415A-A1CF-607B563F578C}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{D38D7690-F5AC-4DE4-A44F-149422C76494}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{D39DB88C-A130-424B-9B8C-DEE82730C32E}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{D3D8D529-EDAB-4ED3-80F8-662F3AA71B52}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{D443D70A-01F4-49E1-8649-84AEE1B4637B}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{D4FD2A8B-9544-4D38-9F4B-BA94D6D2A4F8}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{D523B049-3026-4DB9-8608-2ED9ED626DA2}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{D5F965E2-7E46-4CCE-BDA4-A07253A03A04}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{D6519BB3-DBDF-4055-848B-2A9338DC8BE3}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{D6630147-A5A2-4274-83C6-F630A0607F3D}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{D6F6F8BD-9288-4389-AE8A-C29C50F58DA3}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{D7CA03AF-A987-493D-9652-D22B469757BA}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{D7F77E29-5ED0-400B-9F06-0BFB20F90678}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{D8389A85-70A3-453E-98C9-6CCCB3780E55}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{D863E598-1554-4533-BC89-67E0A3C438F5}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{D91CDC76-7CA7-490E-8351-DA561303BEEF}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{D9418F75-C2AB-4D42-BC6E-65A2AF2E646C}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{D947B08A-FA65-4681-BE3C-FDFFD177F00F}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{D948C7F8-D45E-4D87-A23E-F711C4DC83B6}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{D961516A-8BF9-4467-84C5-CB81F661A8F1}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{D9D0034B-312A-454F-92C4-4BCA1F6468A3}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{DA248FC8-F297-4782-99C6-F5312FA22927}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{DA342D45-7F71-4923-838B-6936DB7872F9}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{DAB8271B-D16F-4568-A91F-2D436B90F1E7}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{DADE8449-8E31-44E9-8384-598D1FA27FA5}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{DBC593E7-43AD-4807-84FF-91DB806D67DE}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{DBF09103-A82A-409A-BF7F-541FE91E1FB2}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{DC30A201-EF95-45AE-B601-4AECE9D24EB7}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{DC40B2FD-AD54-49C6-B836-ECD8DF26B22B}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{DC7011D1-69FA-479D-8170-887C191E2E61}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{DCB73C18-13FB-4F93-B3FC-CD8C6D8AC13D}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{DCCC3F8E-B06E-4D3A-83AB-3800EAB2E569}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{DD074BC4-7A55-4DBF-9DD4-4EAB0E990393}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{DD0B240A-2D65-4209-8459-5E822885E530}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{DD5E65CF-4BCB-423F-936F-184B35D164F3}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{DD7110E9-6A81-4818-8A77-F9F791773DD4}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{DDC52CA6-F9A6-490C-BAAD-D03BDB6DAC35}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{DE00EE21-0C43-4295-B900-BD50EF29750A}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{DED09EAA-A4B1-4D41-8ED9-367499FB7075}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{DF278188-E7C6-4D2A-B8CD-E4832501BA48}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{DF5D3647-32C9-4D55-A13B-F24966E916A8}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{DFABBA19-73A4-43CD-8CD5-339C029280BD}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{DFFCED3B-03D8-4BA3-A658-5A098D3E5936}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{E0A2C771-FF3D-421E-9582-089FDC18271B}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{E0EA9733-2D13-4750-98C5-286B750A6C22}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{E15EDFE6-DF42-428D-ACD1-456CD90773BC}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{E16FEF46-2E15-4BC4-B91C-00B6E467EBF2}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{E1CE7BF0-E1D1-4C8D-8A1A-208C48E6398F}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{E237B40B-3917-451A-94C3-FCEADA7357E1}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{E260789F-2413-4E33-A138-B1ABE665704E}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{E2E30A20-615B-461C-851D-1054D7BDCE8E}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{E32EA48D-ADDC-4C5B-B7E8-0F28A83BFB37}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{E3BB9B5C-E071-4B3F-B598-B78708C5B363}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{E4A6C13D-7184-4F4A-B3E5-43A71B8EBA23}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{E4E4545F-594B-4701-AB60-6F6E63347AC8}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{E50FC42C-5BC2-470D-9B75-3C72B0DDB9E4}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{E518D135-D81A-4061-8DDF-910CE6A4313C}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{E5460017-A71D-40BF-9D5B-72E8BCC9709A}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{E578E3FA-3296-46D5-9F52-E196AC092355}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{E585007A-BDF1-4FC1-A01D-6FF7809F1139}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{E58A365F-551C-47B5-AE92-2E085B02256E}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{E5A6C333-009D-4467-A08B-488B68179A4F}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{E5E2E6CB-3BAF-4206-9745-D7B585EDDB58}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{E628304A-62A4-4D4A-B0C5-D2DA9FE57025}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{E6A5971A-0FD3-4291-9433-F1ABF18B4818}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{E752A1E8-AA91-4C21-BE5C-B8732EBA072F}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{E78E8822-DE95-4151-AD66-F0882368240A}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{E7A6F2E1-D6ED-44F0-A493-8880F4DB4B4F}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{E7E2422C-DE92-4DF8-81EF-803AAEFC9A74}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{E83FCC25-D4BA-446A-8F09-DBCC78B556BA}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{E84BE8F6-F4E7-4502-AC47-0F5AD7673F99}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{E90B07DE-8495-45E0-8E8F-39361044C1B8}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{E9351AC4-400B-4FCF-9D2E-55BA1A9C24D4}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{E9D3ADC9-3179-437A-9FCA-EC0DCE94F7C9}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{E9F2E240-7DE7-4B3C-A527-ECD79C4E13D7}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{EA1F514C-A0B4-4F15-ADFA-72645E3AB8AD}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{EA6503E9-FD0E-4CB4-BE20-5DC7C200CF5D}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{EAB82785-2DB3-4AB5-9CC4-6361DB1D386C}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{EB063BF7-51D2-4D98-B729-4A307FE85B7F}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{EB06A951-ED41-45AC-8494-DA8B7C8C05D4}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{EB078FC9-3A64-434D-AAEF-62061FDEA0AE}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{EB127FC2-0FD9-4A5F-8CEB-CC29117AB562}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{EB92B2BA-EB7B-435A-9910-465C6A17D610}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{EBD18803-7682-4418-BB27-8EFB0CA9D1B6}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{EBF343FD-9197-41A3-A1DA-7FFA28CD1EC3}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{ECF3E503-E0DC-405B-9C93-0C8866A39694}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{ED37E455-0631-415E-8FC8-6F2789C194DC}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{ED3F2657-08F6-4ACD-B86A-D0A4562111D5}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{ED8DD07E-F066-4B04-87B2-AD1EE64DCC98}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{EDBF06A7-E818-464E-BD39-108416150E05}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{EDE3301C-FE4C-48BD-827F-F6933E5552EC}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{EEC6782B-4590-4EA4-9AEC-028CA0E0BDD2}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{F003330E-5474-475B-881C-7099AED5B033}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{F0AC68AE-9C09-4488-B633-AA9DABF88905}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{F0B3AED8-2AE5-4CBE-AE4F-080E577582D8}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{F114D0F1-7A1E-47B3-AFD1-81E4607C8C68}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{F13A66D7-6C05-419A-A28F-F4B926ABF7BC}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{F1837B44-1AC0-4A3D-8002-3ACCAB3A6277}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{F19799D5-F035-4D92-9BE3-691182C72A8A}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{F198676C-BD57-4B47-9196-9EB6FDB51D6E}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{F1B2F4A3-722B-4913-B4C0-CC08F3406884}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{F2174D95-582C-4CA7-989A-600A874971C3}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{F28B31DA-11C4-40FF-9FE4-BEE5ABAE0A75}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{F28E0163-3683-4FAA-A898-1B2D8E68BE88}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{F3044C91-90F0-4FBA-9F4D-4B3E0DF9F9AE}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{F3BE9841-67FC-4FD7-A1BB-2591A37912B4}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{F46BFCD2-7415-4F83-A9A4-2FD4FB058F61}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{F495A400-40E1-4C6B-AB3F-5359A2A94217}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{F4EEFAFE-48D6-42F3-A72F-9EEE197FDDE8}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{F5A4ED92-C374-47B7-83ED-63F3758A41F0}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{F5C09A7A-87BB-4936-AEF8-1002DBC098F5}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{F60E73FE-9EB5-44E1-A54D-5AABF6099484}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{F63B8B97-0D2A-4DA5-AC4F-D551D91DD704}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{F63F9B24-B24F-4B2C-8FFE-5ED65F8FD864}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{F64BDCD0-4179-4C70-906C-29D97DCEC4C3}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{F6EB0872-9E4D-47E5-93EE-21E353D53559}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{F6F4EA71-C286-417E-AB26-AA02FC55D3A2}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{F736FE53-F88D-4679-BB9C-66D94E5E0B79}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{F7AC0602-3602-49AA-B275-D3136AB120F2}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{F830E889-5F39-46E1-9D1B-7673FA683425}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{F86438C6-E0B2-4A8F-9F99-45342C4AE176}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{F8F04C8E-E1E2-42EC-9565-A2C9038B6171}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{FA330166-18FC-4422-B4EE-545FFA4A87E0}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{FAD0B1CF-8CD7-42D8-A5C9-0730A9964422}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{FB10622F-C451-4FBC-8777-1FDA11CFC21C}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{FB10B671-E3E7-4029-BC74-14AA441A8431}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{FB23E8A5-8B02-44C1-96B9-D6E3CAE9C6B7}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{FC8E584B-5B26-4A70-BAF3-E1AA9025BE43}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{FD720A88-FF06-477F-9934-66BBB74FA812}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{FD972AC9-D357-427F-9879-FE2D7D584D65}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{FDD54617-06F7-4BD3-A1EA-5B5E191B23E9}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{FDD7770F-4400-4261-B9E8-26300D8E2170}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{FDE77716-28BC-43AD-9614-8DD992FB9473}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{FEF7DD12-8393-4B98-A3C0-FC894687D6C0}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{FF046EC7-1029-4A77-B5D0-C4D8379CC526}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{FFC17C53-8E19-4C8B-9A75-20AD22DFFE4C}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{FFED8DAD-75E2-4BFE-89B9-C5B362422292}
Successfully deleted: [Empty Folder] C:\Users\Marcos\appdata\local\{FFEFD420-7A0A-4A00-905E-6269DC8BE54A}
 
 
 
~~~ FireFox
 
Emptied folder: C:\Users\Marcos\AppData\Roaming\mozilla\firefox\profiles\8wpc2obe.default\minidumps [244 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22/05/2013 at 19:09:40,99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:53 AM

Posted 22 May 2013 - 05:28 PM


Hello nego191

I Normally know whats what according to where it is in the report but if I have any questions I will ask you Ok

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 nego191

nego191
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:53 AM

Posted 22 May 2013 - 06:16 PM

The PC looks like normal. This week I was experiencing some troubles with my 7-zip, but I guess now it's fine.

The $Recicle.bin folder, only detected on 7-zip filemanager, is still hidden from the windows explorer

well, I ran the scan and the log is here.

 

 

 

ComboFix 13-05-22.01 - Marcos 22/05/2013  19:54:53.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.55.1046.18.8086.6221 [GMT -3:00]
Executando de: c:\users\Marcos\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Criado um novo ponto de restauração
.
.
(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\programdata\PCDr\6261\AddOnDownloaded\1b0b3c38-2b97-4f8d-954b-06296209b73d.dll
c:\programdata\PCDr\6261\AddOnDownloaded\1ea63693-456f-437c-857f-522df77e7357.dll
c:\programdata\PCDr\6261\AddOnDownloaded\2eccd5d6-e118-4f76-97b6-ba56fb6c597a.dll
c:\programdata\PCDr\6261\AddOnDownloaded\3e0b29b2-9809-4050-abfc-ef8aff73ceab.dll
c:\programdata\PCDr\6261\AddOnDownloaded\4d4f44db-c9f0-4cc8-a32f-e98ea4fff68d.dll
c:\programdata\PCDr\6261\AddOnDownloaded\5f2ce3e8-3c56-40bb-86d6-a1a41867000b.dll
c:\programdata\PCDr\6261\AddOnDownloaded\7b6e388f-35d0-44f8-aa2c-20538273473f.dll
c:\programdata\PCDr\6261\AddOnDownloaded\97cd9b9c-9747-469a-acfa-cfbf8aed528a.dll
c:\programdata\PCDr\6261\AddOnDownloaded\bea3f575-677a-4c92-89ca-7be8480c11a9.dll
c:\programdata\PCDr\6261\AddOnDownloaded\c0ff87a7-2f82-4d5e-8d0f-38cbd0c2f4d1.dll
c:\programdata\PCDr\6261\AddOnDownloaded\caf72ad2-a222-415c-a303-8ca35e466713.dll
c:\programdata\Roaming
c:\users\Marcos\AppData\Roaming\Java\Update\Download\Cache\check_update.bat
c:\users\Marcos\AppData\Roaming\Java\Update\Download\Cache\diablo121016.cl
c:\users\Marcos\AppData\Roaming\Java\Update\Download\Cache\diakgcn121016.cl
c:\users\Marcos\AppData\Roaming\Java\Update\Download\Cache\jsheded.exe
c:\users\Marcos\AppData\Roaming\Java\Update\Download\Cache\libcurl-4.dll
c:\users\Marcos\AppData\Roaming\Java\Update\Download\Cache\libeay32.dll
c:\users\Marcos\AppData\Roaming\Java\Update\Download\Cache\libidn-11.dll
c:\users\Marcos\AppData\Roaming\Java\Update\Download\Cache\libpdcurses.dll
c:\users\Marcos\AppData\Roaming\Java\Update\Download\Cache\libusb-1.0.dll
c:\users\Marcos\AppData\Roaming\Java\Update\Download\Cache\OpenCL.dll
c:\users\Marcos\AppData\Roaming\Java\Update\Download\Cache\phatk121016.cl
c:\users\Marcos\AppData\Roaming\Java\Update\Download\Cache\poclbm121016.cl
c:\users\Marcos\AppData\Roaming\Java\Update\Download\Cache\pthreadGC2.dll
c:\users\Marcos\AppData\Roaming\Java\Update\Download\Cache\ssleay32.dll
c:\users\Marcos\AppData\Roaming\Java\Update\Download\Cache\zlib1.dll
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\tmp8133.tmp
c:\windows\SysWow64\tmpAF64.tmp
c:\windows\SysWow64\tmpAF74.tmp
.
.
((((((((((((((((   Arquivos/Ficheiros criados de 2013-04-22 to 2013-05-22  ))))))))))))))))))))))))))))
.
.
2013-05-22 22:06 . 2013-05-22 22:06 -------- d-----w- c:\windows\ERUNT
2013-05-22 22:06 . 2013-05-22 22:06 -------- d-----w- C:\JRT
2013-05-21 20:04 . 2013-05-21 20:04 -------- d-----w- c:\programdata\PC-Doctor for Windows
2013-05-21 20:03 . 2013-05-21 20:04 -------- d-----w- c:\program files\My Dell
2013-05-14 01:05 . 2013-05-14 01:04 83160 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-05-10 15:46 . 2013-05-10 15:46 -------- d-----w- c:\users\Marcos\AppData\Roaming\Java
2013-05-08 01:04 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{49B22643-D64E-4CA6-BA76-6A544F692532}\mpengine.dll
2013-05-08 01:00 . 2013-02-22 07:04 182896 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-05-08 00:59 . 2013-01-13 19:53 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-05-08 00:43 . 2013-05-08 00:43 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-05-08 00:43 . 2013-05-08 00:43 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-08 00:43 . 2013-05-08 00:43 -------- d-----w- c:\program files (x86)\Java
2013-05-03 22:34 . 2013-05-03 22:34 -------- d-----w- c:\users\Marcos\AppData\Roaming\ATNSOFT
2013-05-03 22:31 . 2013-05-03 22:32 -------- d-----w- c:\users\Marcos\AppData\Local\KeyMapper
2013-05-03 22:31 . 2013-05-03 22:31 -------- d-----w- c:\users\Marcos\AppData\Local\Rose_Hill_Solutions
2013-05-03 22:30 . 2013-05-03 22:33 -------- d-----w- c:\program files (x86)\Key Mapper
2013-05-03 21:42 . 2008-07-12 11:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2013-05-03 21:42 . 2008-07-12 11:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2013-05-03 21:42 . 2008-07-12 11:18 540688 ----a-w- c:\windows\system32\d3dx10_39.dll
2013-05-03 21:42 . 2008-07-12 11:18 1942552 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2013-05-03 21:42 . 2008-07-12 11:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2013-05-03 21:42 . 2008-07-12 11:18 4992520 ----a-w- c:\windows\system32\D3DX9_39.dll
2013-04-28 22:17 . 2013-05-07 10:14 -------- d-----w- c:\users\Marcos\AppData\Local\CrashDumps
2013-04-27 16:09 . 2013-04-27 16:09 -------- d-----w- c:\users\Marcos\AppData\Local\Chromium
.
.
.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 03:29 . 2012-04-02 19:34 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 03:29 . 2011-10-26 23:03 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-14 00:41 . 2011-12-08 23:49 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-08 01:02 . 2011-12-10 01:59 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-05-08 00:43 . 2013-01-15 12:35 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-05-08 00:43 . 2011-10-26 23:14 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-05-02 05:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-03-28 23:35 . 2013-03-28 23:35 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-03-28 23:35 . 2013-03-28 23:35 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-03-28 23:35 . 2013-03-28 23:35 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-03-16 13:50 . 2011-12-12 04:26 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2013-03-16 13:50 . 2011-12-12 04:26 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2013-03-16 13:50 . 2011-12-12 04:26 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2013-03-16 13:50 . 2011-12-12 04:26 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
.
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-05-14 345312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
c:\users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor da tecnologia Intel® Turbo Boost 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\program files (x86)\GbPlugin\gbiehuni.dll" [2013-02-18 1364304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]
2013-02-18 13:57 1364304 ----a-w- c:\program files (x86)\GbPlugin\gbiehuni.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/10/26 21:35;c:\program files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [2010-10-29 236016]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 ALSysIO;ALSysIO;c:\users\Marcos\AppData\Local\Temp\ALSysIO64.sys [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + Protocolo de alta velocidade;c:\windows\system32\DRIVERS\amppal.sys [2011-08-08 299008]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-01-24 1298496]
R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [2011-01-24 53008]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-24 238848]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-12-15 174168]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-27 340240]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-08 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2013-02-10 30496]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-28 28600]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [2013-02-10 284448]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-08-08 1166848]
S2 AntiVirSchedulerService;Avira Agendamento;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-28 86752]
S2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2013-05-14 562744]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-01-24 901184]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-01-24 991296]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe [2013-02-18 414544]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-02-09 383264]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-12-13 27760]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + Adaptador virtual de alta velocidade;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 299008]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-01-24 58128]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-15 327168]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-02-19 283200]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-09 60416]
S3 IntcDAud;Áudio do vídeo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [2010-07-13 29288]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
--- =Outros Serviços/Drivers Na Memória ---
.
*Deregistered* - CLKMDRV10_9EC60124
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2013-05-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 03:29]
.
2013-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-14 22:28]
.
2013-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-14 22:28]
.
2013-05-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1438545249-339806314-3607663721-1002Core.job
- c:\users\Marcos\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-17 21:04]
.
2013-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1438545249-339806314-3607663721-1002UA.job
- c:\users\Marcos\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-17 21:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-27 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-01-24 10355200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com.br/ig?hl=pt-BR&source=iglk
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 199.192.206.158:8080
IE: &Enviar para o OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/ig?hl=pt-BR&source=iglk
FF - prefs.js: network.proxy.type - 0
.
- - - - ORFÃOS REMOVIDOS - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
AddRemove-InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8} - c:\program files (x86)\InstallShield Installation Information\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\setup.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
AddRemove-{0ED7EE95-6A97-47AA-AD73-152C08A15B04} - c:\program files (x86)\InstallShield Installation Information\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}\setup.exe
AddRemove-{87434D51-51DB-4109-B68F-A829ECDCF380} - c:\program files (x86)\InstallShield Installation Information\{87434D51-51DB-4109-B68F-A829ECDCF380}\setup.exe
AddRemove-{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8} - c:\program files (x86)\InstallShield Installation Information\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\setup.exe
AddRemove-{A9668246-FB70-4103-A1E3-66C9BC2EFB49} - c:\program files (x86)\InstallShield Installation Information\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}\setup.exe
AddRemove-{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F} - c:\program files (x86)\InstallShield Installation Information\{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}\setup.exe
.
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\S-1-5-21-1438545249-339806314-3607663721-1002\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{686C42A2-8CF9-5966-3216-9257BFE08B54}*]
"handjmcpkoehdpek"=hex:69,61,6d,69,70,6d,66,6d,64,68,61,6d,6b,68,63,6b,6b,67,
   00,00
"iapdlmnpinamapombl"=hex:69,61,6d,69,70,6d,66,6d,64,68,61,6d,6b,68,63,6b,6b,67,
   00,00
.
[HKEY_USERS\S-1-5-21-1438545249-339806314-3607663721-1002\Software\SecuROM\License information*]
"datasecu"=hex:7a,38,96,0f,3b,51,37,2b,8e,e2,10,c1,a9,4c,34,a8,de,c8,ba,8a,08,
   b8,e8,ea,2b,b1,a6,93,4f,e5,48,19,da,c7,b6,ad,43,aa,73,d3,95,b5,d5,6b,46,bd,\
"rkeysecu"=hex:57,52,52,b0,eb,ea,c9,c7,6c,51,16,9a,04,97,57,df
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Bohemia Interactive Studio\ArmA 2 OA]
@Denied: (A B C 2 3) (Everyone)
"KEY"="46 0C DC D3 87 91 FE 4D D3 9C 57 46 6E 06 1D"
"MAIN"="c:\\Program Files (x86)\\Bohemia Interactive\\ArmA 2 Free"
"DATA"="%MAIN%\\Expansion"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Outros Processos em Execução ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
.
**************************************************************************
.
Tempo para conclusão: 2013-05-22  20:05:19 - Máquina reiniciou
ComboFix-quarantined-files.txt  2013-05-22 23:05
.
Pré-execução: 600.428.249.088 bytes disponíveis
Pós execução: 599.885.033.472 bytes disponíveis
.
- - End Of File - - A6C446ECC5C2B30BEAAC5EB4B5B0327D
 
 
 
Please note that I wanna make sure this (and eventually other) threat(s) are off my notebook. :)

Edited by nego191, 22 May 2013 - 06:23 PM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:53 AM

Posted 22 May 2013 - 09:04 PM


Hello nego191,

I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • more than one report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". The one that I need is the larger one. Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================
    Scan finished
    ==================
and I will see if I want to see the whole report

--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+
send me the reports made from TDSSKiller and Roguekiller and also let me know how the computer is doing at this time.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 nego191

nego191
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:53 AM

Posted 23 May 2013 - 10:55 AM

I ran both tdss and roguekiller. the tdss report is attached, but when I was going to generate the roguekiller report the program unexpectedly shut down.
 
I found some archives related to RK, take a look
 
RogueKiller V8.5.4 _x64_ [Mar 18 2013] Por Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Iniciado em : Modo Normal
Usuario : Marcos [Privilegios de Admnistrador]
Modo : Verificar -- Data : 05/23/2013 12:38:38
| ARK || FAK || MBR |
 
¤¤¤ Entradas ruins : 0 ¤¤¤
 
¤¤¤ Entradas do Registro : 6 ¤¤¤
[TASK][SUSP PATH] {E6C83DCE-3237-4782-BCAA-E57A6E4ED14C} : C:\Users\Marcos\Desktop\Alcohol 120% 1.9.7 + crack\Alcohol 120% 1.9.7.6221\Alcohol120_trial_1.9.7.6221.exe  [x] -> ENCONTRADO
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (199.192.206.158:8080) -> ENCONTRADO
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> ENCONTRADO
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> ENCONTRADO
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> ENCONTRADO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ENCONTRADO
 
¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤
 
¤¤¤ Driver : [Não Carregado] ¤¤¤
 
¤¤¤ Arquivo de Hosts: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
 
127.0.0.1       localhost
 
 
¤¤¤ Verificaçao do MBR: ¤¤¤
 
+++++ PhysicalDrive0: WDC WD7500BPKT-75PK4T0 +++++
--- User ---
[MBR] e9881fef0fdfef43dc918550cde5eabe
[BSP] 41f991a41ab400043bd851d044fc5bae : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 13568 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 27869184 | Size: 701792 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Concluido : << RKreport[2]_S_05232013_02d1238.txt >>
RKreport[1]_S_05142013_02d1320.txt ; RKreport[2]_S_05232013_02d1238.txt
 
 
 

AND

 

 

 

 

RogueKiller V8.5.4 _x64_ [Mar 18 2013] Por Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Iniciado em : Modo Normal
Usuario : Marcos [Privilegios de Admnistrador]
Modo : Remover -- Data : 05/23/2013 12:39:37
| ARK || FAK || MBR |
 
¤¤¤ Entradas ruins : 0 ¤¤¤
 
¤¤¤ Entradas do Registro : 5 ¤¤¤
[TASK][SUSP PATH] {E6C83DCE-3237-4782-BCAA-E57A6E4ED14C} : C:\Users\Marcos\Desktop\Alcohol 120% 1.9.7 + crack\Alcohol 120% 1.9.7.6221\Alcohol120_trial_1.9.7.6221.exe  [x] -> DELETADO
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (199.192.206.158:8080) -> NÃO REMOVIDO, USE A OPÇÃO REPARAR PROXY
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETADO
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> SUBSTITUIDO (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> SUBSTITUIDO (0)
 
¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤
 
¤¤¤ Driver : [Não Carregado] ¤¤¤
 
¤¤¤ Arquivo de Hosts: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
 
127.0.0.1       localhost
 
 
¤¤¤ Verificaçao do MBR: ¤¤¤
 
+++++ PhysicalDrive0: WDC WD7500BPKT-75PK4T0 +++++
--- User ---
[MBR] e9881fef0fdfef43dc918550cde5eabe
[BSP] 41f991a41ab400043bd851d044fc5bae : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 13568 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 27869184 | Size: 701792 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Concluido : << RKreport[3]_D_05232013_02d1239.txt >>
RKreport[1]_S_05142013_02d1320.txt ; RKreport[2]_S_05232013_02d1238.txt ; RKreport[3]_D_05232013_02d1239.txt
 
 
 

 

Attached Files



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:53 AM

Posted 23 May 2013 - 02:23 PM


Hello nego191

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

RegNull::
[HKEY_USERS\S-1-5-21-1438545249-339806314-3607663721-1002\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{686C42A2-8CF9-5966-3216-9257BFE08B54}*]

 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 nego191

nego191
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:53 AM

Posted 23 May 2013 - 03:17 PM

there are some issues that I need your help to resolve.
Windows defender seems to be gone.
After running roguekiller and restarting my notebook (last reply) unexpectedly 'my computer' shortcut and that explorer shortcut appears.
Can I delete all that virus removal programs and logs from the desktop?
I have to ask you what free antivirus software you recommend me? my free up to date avira let zeroacess come in.
And, for last, is zeroacess alredy off my pc?
 
My computer was never 'really slow', but when infected, he was unable to run a 720p youtube video smotherly. now he can.
 
 
ComboFix 13-05-23.02 - Marcos 23/05/2013  17:03:05.2.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.55.1046.18.8086.6326 [GMT -3:00]
Executando de: c:\users\Marcos\Desktop\ComboFix.exe
Comandos utilizados :: c:\users\Marcos\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((   Arquivos/Ficheiros criados de 2013-04-23 to 2013-05-23  ))))))))))))))))))))))))))))
.
.
2013-05-23 20:08 . 2013-05-23 20:08 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-05-23 20:08 . 2013-05-23 20:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-22 22:06 . 2013-05-22 22:06 -------- d-----w- c:\windows\ERUNT
2013-05-22 22:06 . 2013-05-22 22:06 -------- d-----w- C:\JRT
2013-05-21 20:04 . 2013-05-21 20:04 -------- d-----w- c:\programdata\PC-Doctor for Windows
2013-05-21 20:03 . 2013-05-21 20:04 -------- d-----w- c:\program files\My Dell
2013-05-14 01:05 . 2013-05-14 01:04 83160 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-05-10 15:46 . 2013-05-10 15:46 -------- d-----w- c:\users\Marcos\AppData\Roaming\Java
2013-05-08 01:04 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{49B22643-D64E-4CA6-BA76-6A544F692532}\mpengine.dll
2013-05-08 01:00 . 2013-02-22 07:04 182896 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-05-08 00:59 . 2013-01-13 19:53 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-05-08 00:43 . 2013-05-08 00:43 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-05-08 00:43 . 2013-05-08 00:43 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-08 00:43 . 2013-05-08 00:43 -------- d-----w- c:\program files (x86)\Java
2013-05-03 22:34 . 2013-05-03 22:34 -------- d-----w- c:\users\Marcos\AppData\Roaming\ATNSOFT
2013-05-03 22:31 . 2013-05-03 22:32 -------- d-----w- c:\users\Marcos\AppData\Local\KeyMapper
2013-05-03 22:31 . 2013-05-03 22:31 -------- d-----w- c:\users\Marcos\AppData\Local\Rose_Hill_Solutions
2013-05-03 22:30 . 2013-05-03 22:33 -------- d-----w- c:\program files (x86)\Key Mapper
2013-05-03 21:42 . 2008-07-12 11:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2013-05-03 21:42 . 2008-07-12 11:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2013-05-03 21:42 . 2008-07-12 11:18 540688 ----a-w- c:\windows\system32\d3dx10_39.dll
2013-05-03 21:42 . 2008-07-12 11:18 1942552 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2013-05-03 21:42 . 2008-07-12 11:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2013-05-03 21:42 . 2008-07-12 11:18 4992520 ----a-w- c:\windows\system32\D3DX9_39.dll
2013-04-28 22:17 . 2013-05-07 10:14 -------- d-----w- c:\users\Marcos\AppData\Local\CrashDumps
2013-04-27 16:09 . 2013-04-27 16:09 -------- d-----w- c:\users\Marcos\AppData\Local\Chromium
.
.
.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 03:29 . 2012-04-02 19:34 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 03:29 . 2011-10-26 23:03 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-14 00:41 . 2011-12-08 23:49 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-08 01:02 . 2011-12-10 01:59 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-05-08 00:43 . 2013-01-15 12:35 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-05-08 00:43 . 2011-10-26 23:14 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-05-02 05:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-03-28 23:35 . 2013-03-28 23:35 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-03-28 23:35 . 2013-03-28 23:35 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-03-28 23:35 . 2013-03-28 23:35 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-03-16 13:50 . 2011-12-12 04:26 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2013-03-16 13:50 . 2011-12-12 04:26 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2013-03-16 13:50 . 2011-12-12 04:26 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2013-03-16 13:50 . 2011-12-12 04:26 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
.
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-05-14 345312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
c:\users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor da tecnologia Intel® Turbo Boost 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\program files (x86)\GbPlugin\gbiehuni.dll" [2013-02-18 1364304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]
2013-02-18 13:57 1364304 ----a-w- c:\program files (x86)\GbPlugin\gbiehuni.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-01-24 991296]
R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/10/26 21:35;c:\program files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [2010-10-29 236016]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 ALSysIO;ALSysIO;c:\users\Marcos\AppData\Local\Temp\ALSysIO64.sys [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + Protocolo de alta velocidade;c:\windows\system32\DRIVERS\amppal.sys [2011-08-08 299008]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-01-24 1298496]
R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [2011-01-24 53008]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-24 238848]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-12-15 174168]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-27 340240]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-08 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2013-02-10 30496]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-28 28600]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [2013-02-10 284448]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-08-08 1166848]
S2 AntiVirSchedulerService;Avira Agendamento;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-28 86752]
S2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2013-05-14 562744]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-01-24 901184]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe [2013-02-18 414544]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-02-09 383264]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-12-13 27760]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + Adaptador virtual de alta velocidade;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 299008]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-01-24 58128]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-15 327168]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-02-19 283200]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-09 60416]
S3 IntcDAud;Áudio do vídeo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [2010-07-13 29288]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
.
.
--- =Outros Serviços/Drivers Na Memória ---
.
*Deregistered* - CLKMDRV10_9EC60124
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2013-05-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 03:29]
.
2013-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-14 22:28]
.
2013-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-14 22:28]
.
2013-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1438545249-339806314-3607663721-1002Core.job
- c:\users\Marcos\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-17 21:04]
.
2013-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1438545249-339806314-3607663721-1002UA.job
- c:\users\Marcos\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-17 21:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-27 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-01-24 10355200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com.br/ig?hl=pt-BR&source=iglk
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 199.192.206.158:8080
IE: &Enviar para o OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/ig?hl=pt-BR&source=iglk
FF - prefs.js: network.proxy.type - 0
.
- - - - ORFÃOS REMOVIDOS - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-37000078.sys
AddRemove-InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8} - c:\program files (x86)\InstallShield Installation Information\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\setup.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
AddRemove-{0ED7EE95-6A97-47AA-AD73-152C08A15B04} - c:\program files (x86)\InstallShield Installation Information\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}\setup.exe
AddRemove-{87434D51-51DB-4109-B68F-A829ECDCF380} - c:\program files (x86)\InstallShield Installation Information\{87434D51-51DB-4109-B68F-A829ECDCF380}\setup.exe
AddRemove-{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8} - c:\program files (x86)\InstallShield Installation Information\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\setup.exe
AddRemove-{A9668246-FB70-4103-A1E3-66C9BC2EFB49} - c:\program files (x86)\InstallShield Installation Information\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}\setup.exe
AddRemove-{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F} - c:\program files (x86)\InstallShield Installation Information\{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}\setup.exe
.
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\S-1-5-21-1438545249-339806314-3607663721-1002\Software\SecuROM\License information*]
"datasecu"=hex:7a,38,96,0f,3b,51,37,2b,8e,e2,10,c1,a9,4c,34,a8,de,c8,ba,8a,08,
   b8,e8,ea,2b,b1,a6,93,4f,e5,48,19,da,c7,b6,ad,43,aa,73,d3,95,b5,d5,6b,46,bd,\
"rkeysecu"=hex:57,52,52,b0,eb,ea,c9,c7,6c,51,16,9a,04,97,57,df
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Bohemia Interactive Studio\ArmA 2 OA]
@Denied: (A B C 2 3) (Everyone)
"KEY"="46 0C DC D3 87 91 FE 4D D3 9C 57 46 6E 06 1D"
"MAIN"="c:\\Program Files (x86)\\Bohemia Interactive\\ArmA 2 Free"
"DATA"="%MAIN%\\Expansion"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2013-05-23  17:09:38
ComboFix-quarantined-files.txt  2013-05-23 20:09
ComboFix2.txt  2013-05-22 23:05
.
Pré-execução: 601.534.570.496 bytes disponíveis
Pós execução: 602.143.526.912 bytes disponíveis
.
- - End Of File - - 7F461954E0B638D6FF2722EE2A80AC79

Edited by nego191, 23 May 2013 - 03:20 PM.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:53 AM

Posted 23 May 2013 - 09:19 PM


Hello nego191,

Windows defender seems to be gone. - I will look into this now
After running roguekiller and restarting my notebook (last reply) unexpectedly 'my computer' shortcut and that explorer shortcut appears. - these can be removed if you do not want them
Can I delete all that virus removal programs and logs from the desktop? - I will remove them later
I have to ask you what free antivirus software you recommend me? my free up to date avira let zeroacess come in. - when we finish I will give you what I use
And, for last, is zeroacess alredy off my pc? - at this time it looks like it

Please download Farbar Recovery Scan Tool and save it to your desktop.


Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 nego191

nego191
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:53 AM

Posted 24 May 2013 - 09:53 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-05-2013
Ran by Marcos (administrator) on 24-05-2013 11:49:36
Running from C:\Users\Marcos\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Portuguese Brazilian
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(GAS Tecnologia) C:\PROGRA~2\GbPlugin\GbpSv.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) c:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) c:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
(Intel Corporation) c:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) c:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Users\Marcos\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Marcos\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Marcos\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Marcos\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Marcos\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Marcos\AppData\Local\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Marcos\Desktop\FRST64.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-11-29] ()
HKLM\...\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()
HKLM\...\Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray [1935120 2011-07-27] (Intel® Corporation)
HKLM\...\Run: [BTMTrayAgent] rundll32.exe "c:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp [10355200 2011-01-24] (Intel Corporation)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-21] (Microsoft Corporation)
HKCU\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345312 2013-05-13] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [250504 2013-02-10] (NVIDIA Corporation)
Startup: C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor da tecnologia Intel® Turbo Boost 2.0.lnk
ShortcutTarget: Monitor da tecnologia Intel® Turbo Boost 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
 
==================== Internet (Whitelisted) ====================
 
ProxyServer: 199.192.206.158:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/ig?hl=pt-BR&source=iglk
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: GbIehObj Class - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll (Banco Itaú Unibanco)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
PDF: HKLM-x32 {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab
PDF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
PDF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
PDF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll [1364304 2013-02-18] (Banco Itaú Unibanco)
Winsock: Catalog9 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [36352] (Microsoft Corporation)
Winsock: Catalog9 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [36352] (Microsoft Corporation)
Winsock: Catalog9 03 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [36352] (Microsoft Corporation)
Winsock: Catalog9 04 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [36352] (Microsoft Corporation)
Winsock: Catalog9 05 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [36352] (Microsoft Corporation)
Winsock: Catalog9 06 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [36352] (Microsoft Corporation)
Winsock: Catalog9 07 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [36352] (Microsoft Corporation)
Winsock: Catalog9 08 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [36352] (Microsoft Corporation)
Winsock: Catalog9 20 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [232448] (Microsoft Corporation)
Winsock: Catalog9-x64 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 03 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 04 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 05 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 06 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 07 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 08 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 20 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234208] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default
FF Homepage: hxxp://www.google.com.br/ig?hl=pt-BR&source=iglk
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Battlefield Play4Free - C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\Extensions\battlefieldplay4free@ea.com
FF Extension: No Name - C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\8wpc2obe.default\Extensions\btpersonas@brandthunder.com
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Marcos\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Marcos\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Marcos\AppData\Local\Google\Chrome\Application\27.0.1453.94\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Fast Access SSO) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\feocblgcojafilfbgoineopkngchgaei\1.0.0.36_0\nprt.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.122.1_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (YouTube) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0
CHR Extension: (Tema dos memes 2012) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\pccihcokebgfaddhnbnleiohljdlgapl\1_0
CHR Extension: (Gmail) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
 
==================== Services (Whitelisted) =================
 
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86752 2013-03-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110816 2013-03-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [562744 2013-05-13] (Avira Operations GmbH & Co. KG)
S2 CLKMSVC10_9EC60124; c:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [236016 2010-10-29] (CyberLink)
R2 GbpSv; C:\PROGRA~2\GbPlugin\GbpSv.exe [414544 2013-02-18] (GAS Tecnologia)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] ()
 
==================== Drivers (Whitelisted) ====================
 
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-02-18] (DT Soft Ltd)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2013-02-10] (NVIDIA Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-02-14] (Duplex Secure Ltd.)
U3 ar5ufyvq; C:\Windows\System32\Drivers\ar5ufyvq.sys [0 ] (Intel Corporation)
S3 ALSysIO; \??\C:\Users\Marcos\AppData\Local\Temp\ALSysIO64.sys [x]
R2 avgntflt; system32\DRIVERS\avgntflt.sys [x]
R1 avipbb; system32\DRIVERS\avipbb.sys [x]
R1 avkmgr; system32\DRIVERS\avkmgr.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-05-24 11:49 - 2013-05-24 11:49 - 00000000 ____D C:\FRST
2013-05-24 11:48 - 2013-05-24 11:48 - 01878604 ____A (Farbar) C:\Users\Marcos\Desktop\FRST64.exe
2013-05-23 17:09 - 2013-05-23 17:09 - 00021912 ____A C:\ComboFix.txt
2013-05-23 12:39 - 2013-05-23 12:39 - 00001990 ____A C:\Users\Marcos\Desktop\RKreport[3]_D_05232013_02d1239.txt
2013-05-23 12:38 - 2013-05-23 12:38 - 00001997 ____A C:\Users\Marcos\Desktop\RKreport[2]_S_05232013_02d1238.txt
2013-05-23 12:28 - 2013-05-23 12:28 - 00791040 ____A C:\Users\Marcos\Desktop\RogueKillerX64.exe
2013-05-23 12:27 - 2013-05-23 12:27 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Marcos\Desktop\tdsskiller.exe
2013-05-22 19:47 - 2011-06-26 03:45 - 00256000 ____A C:\Windows\PEV.exe
2013-05-22 19:47 - 2010-11-07 14:20 - 00208896 ____A C:\Windows\MBR.exe
2013-05-22 19:47 - 2009-04-20 01:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-05-22 19:47 - 2000-08-30 21:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-05-22 19:47 - 2000-08-30 21:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-05-22 19:47 - 2000-08-30 21:00 - 00098816 ____A C:\Windows\sed.exe
2013-05-22 19:47 - 2000-08-30 21:00 - 00080412 ____A C:\Windows\grep.exe
2013-05-22 19:47 - 2000-08-30 21:00 - 00068096 ____A C:\Windows\zip.exe
2013-05-22 19:46 - 2013-05-23 17:09 - 00000000 ____D C:\Qoobox
2013-05-22 19:46 - 2013-05-22 20:04 - 00000000 ____D C:\Windows\erdnt
2013-05-22 19:32 - 2013-05-23 16:57 - 05070388 ____R (Swearware) C:\Users\Marcos\Desktop\ComboFix.exe
2013-05-22 19:09 - 2013-05-22 19:09 - 00079449 ____A C:\Users\Marcos\Desktop\JRT.txt
2013-05-22 19:06 - 2013-05-22 19:06 - 00000000 ____D C:\Windows\ERUNT
2013-05-22 19:06 - 2013-05-22 19:06 - 00000000 ____D C:\JRT
2013-05-22 19:04 - 2013-05-22 19:04 - 00001986 ____A C:\Users\Marcos\Desktop\AdwCleaner[S1].txt
2013-05-22 19:00 - 2013-05-22 19:01 - 00001986 ____A C:\AdwCleaner[S1].txt
2013-05-22 18:59 - 2013-05-22 18:59 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Marcos\Desktop\JRT.exe
2013-05-22 18:58 - 2013-05-22 18:58 - 00632031 ____A C:\Users\Marcos\Desktop\AdwCleaner.exe
2013-05-22 16:25 - 2013-05-22 16:25 - 00022990 ____A C:\Users\Marcos\Desktop\dds.txt
2013-05-22 16:25 - 2013-05-22 16:25 - 00007463 ____A C:\Users\Marcos\Desktop\attach.txt
2013-05-21 17:03 - 2013-05-21 17:04 - 00000000 ____D C:\Program Files\My Dell
2013-05-21 15:36 - 2013-05-21 15:36 - 00408576 ____A C:\Users\Marcos\Downloads\tc021_2013_alunos.xls
2013-05-21 14:22 - 2013-05-21 14:25 - 05046823 ____A C:\Users\Marcos\Downloads\Kkkk.zip
2013-05-21 07:36 - 2013-05-21 08:54 - 00000000 ____D C:\Users\Marcos\Desktop\Prog 2105
2013-05-19 21:13 - 2013-05-19 21:12 - 00015564 ____A C:\Users\Marcos\Desktop\Trabalho 10.zir
2013-05-19 21:13 - 2013-05-19 21:03 - 00006935 ____A C:\Users\Marcos\Desktop\Trabalho 09.zir
2013-05-17 10:46 - 2013-05-17 10:46 - 01877462 ____A (Farbar) C:\Users\Marcos\Downloads\FRST64.exe
2013-05-14 18:47 - 2013-05-14 18:47 - 00007386 ____A C:\Users\Marcos\Downloads\aula 1.zir
2013-05-14 13:20 - 2013-05-14 13:20 - 00003277 ____A C:\Users\Marcos\Desktop\RKreport[1]_S_05142013_02d1320.txt
2013-05-14 13:19 - 2013-05-23 12:38 - 00000000 ____D C:\Users\Marcos\Desktop\RK_Quarantine
2013-05-14 13:18 - 2013-05-14 13:18 - 00816128 ____A C:\Users\Marcos\Downloads\RogueKiller.exe
2013-05-13 22:13 - 2013-05-13 22:12 - 00003748 ____A C:\Users\Marcos\Desktop\FSS.txt
2013-05-13 22:12 - 2013-05-13 22:12 - 00003748 ____A C:\Users\Marcos\Downloads\FSS.txt
2013-05-13 22:11 - 2013-05-13 22:11 - 00354299 ____A (Farbar) C:\Users\Marcos\Downloads\FSS.exe
2013-05-13 22:09 - 2013-05-13 22:09 - 00147456 ____A (Eric_71) C:\Users\Marcos\Downloads\MbrScan.exe
2013-05-13 22:09 - 2013-05-13 22:09 - 00147456 ____A (Eric_71) C:\Users\Marcos\Desktop\MbrScan.exe
2013-05-13 22:09 - 2013-05-13 22:09 - 00047554 ____A C:\Users\Marcos\Desktop\MbrScan.log
2013-05-13 22:09 - 2013-05-13 22:09 - 00000512 ____A C:\Users\Marcos\Desktop\Dump_Hdd0_DR0.mbr
2013-05-13 22:05 - 2013-05-13 22:04 - 00083160 ____A (Avira GmbH) C:\Windows\System32\Drivers\avnetflt.sys
2013-05-13 22:04 - 2013-05-13 22:06 - 00000000 ____D C:\Users\Marcos\Desktop\HijackThis
2013-05-13 22:02 - 2013-05-13 22:03 - 00218112 ____A (Soeperman Enterprises Ltd.) C:\Users\Marcos\Downloads\HijackThis.exe
2013-05-13 21:45 - 2013-05-13 22:55 - 165271400 ____A (Symantec Corporation) C:\Users\Marcos\Downloads\N360-TW-20-3-0-36-PT.exe
2013-05-10 12:46 - 2013-05-10 12:46 - 00000000 ____D C:\Users\Marcos\AppData\Roaming\Java
2013-05-09 15:06 - 2013-05-09 15:13 - 83401665 ____A C:\Users\Marcos\Downloads\@derito NBA 2K13 Draft Class 2013 & 2014.rar
2013-05-08 15:39 - 2013-05-08 15:39 - 00031403 ____A C:\Users\Marcos\Downloads\Trabalho 2.zir
2013-05-07 22:01 - 2012-08-23 11:13 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
2013-05-07 22:01 - 2012-08-23 11:10 - 00019456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
2013-05-07 22:01 - 2012-08-23 11:08 - 00030208 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbGD.sys
2013-05-07 22:01 - 2012-08-23 11:07 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
2013-05-07 22:01 - 2012-08-23 10:47 - 00046592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-05-07 22:01 - 2012-08-23 10:46 - 00016896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2013-05-07 22:01 - 2012-08-23 10:41 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2013-05-07 22:01 - 2012-08-23 10:40 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2013-05-07 22:01 - 2012-08-23 10:24 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll
2013-05-07 22:01 - 2012-08-23 10:20 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll
2013-05-07 22:01 - 2012-08-23 10:18 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-05-07 22:01 - 2012-08-23 10:17 - 00018432 ____A (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll
2013-05-07 22:01 - 2012-08-23 10:06 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll
2013-05-07 22:01 - 2012-08-23 09:52 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-05-07 22:01 - 2012-08-23 08:20 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2013-05-07 22:01 - 2012-08-23 08:15 - 00269312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-05-07 22:01 - 2012-08-23 08:14 - 00384000 ____A (Microsoft Corporation) C:\Windows\System32\wksprt.exe
2013-05-07 22:01 - 2012-08-23 08:12 - 00192000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2013-05-07 22:01 - 2012-08-23 07:54 - 00322560 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-05-07 22:01 - 2012-08-23 07:51 - 00228864 ____A (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll
2013-05-07 22:01 - 2012-08-23 07:39 - 01048064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-05-07 22:01 - 2012-08-23 07:22 - 01123840 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2013-05-07 22:01 - 2012-08-23 06:51 - 03174912 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2013-05-07 22:01 - 2012-08-23 05:19 - 04916224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-05-07 22:01 - 2012-08-23 05:13 - 05773824 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-05-07 22:00 - 2013-02-22 03:57 - 17817088 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-07 22:00 - 2013-02-22 03:29 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-07 22:00 - 2013-02-22 03:27 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-07 22:00 - 2013-02-22 03:21 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-07 22:00 - 2013-02-22 03:20 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-07 22:00 - 2013-02-22 03:19 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-07 22:00 - 2013-02-22 03:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-07 22:00 - 2013-02-22 03:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-07 22:00 - 2013-02-22 03:15 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-07 22:00 - 2013-02-22 03:15 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-07 22:00 - 2013-02-22 03:15 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-07 22:00 - 2013-02-22 03:14 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-07 22:00 - 2013-02-22 03:13 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-07 22:00 - 2013-02-22 03:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-07 22:00 - 2013-02-22 03:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-07 22:00 - 2013-02-22 03:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-07 22:00 - 2013-02-22 01:05 - 12324352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-07 22:00 - 2013-02-22 00:47 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-07 22:00 - 2013-02-22 00:46 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-07 22:00 - 2013-02-22 00:38 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-07 22:00 - 2013-02-22 00:38 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-07 22:00 - 2013-02-22 00:37 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-05-07 22:00 - 2013-02-22 00:36 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-05-07 22:00 - 2013-02-22 00:35 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-07 22:00 - 2013-02-22 00:34 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-07 22:00 - 2013-02-22 00:34 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-05-07 22:00 - 2013-02-22 00:34 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-05-07 22:00 - 2013-02-22 00:33 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-07 22:00 - 2013-02-22 00:32 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-07 22:00 - 2013-02-22 00:31 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-07 22:00 - 2013-02-22 00:31 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-05-07 22:00 - 2013-02-22 00:28 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-07 21:59 - 2013-01-13 18:17 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-07 21:59 - 2013-01-13 18:17 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-07 21:59 - 2013-01-13 18:16 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-07 21:59 - 2013-01-13 18:12 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-07 21:59 - 2013-01-13 18:11 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-07 21:59 - 2013-01-13 18:11 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-07 21:59 - 2013-01-13 18:11 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-07 21:59 - 2013-01-13 18:11 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-07 21:59 - 2013-01-13 18:11 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-07 21:59 - 2013-01-13 17:35 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-07 21:59 - 2013-01-13 17:35 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-07 21:59 - 2013-01-13 17:35 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-07 21:59 - 2013-01-13 17:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-07 21:59 - 2013-01-13 17:31 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-05-07 21:59 - 2013-01-13 17:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-07 21:59 - 2013-01-13 17:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-07 21:59 - 2013-01-13 17:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-07 21:59 - 2013-01-13 17:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-07 21:59 - 2013-01-13 17:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-07 21:59 - 2013-01-13 17:22 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-05-07 21:59 - 2013-01-13 17:20 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-05-07 21:59 - 2013-01-13 17:09 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-05-07 21:59 - 2013-01-13 17:08 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-05-07 21:59 - 2013-01-13 17:08 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-05-07 21:59 - 2013-01-13 16:59 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-05-07 21:59 - 2013-01-13 16:58 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-05-07 21:59 - 2013-01-13 16:54 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-05-07 21:59 - 2013-01-13 16:53 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-05-07 21:59 - 2013-01-13 16:53 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-05-07 21:59 - 2013-01-13 16:51 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-05-07 21:59 - 2013-01-13 16:49 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-05-07 21:59 - 2013-01-13 16:48 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-05-07 21:59 - 2013-01-13 16:46 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-05-07 21:59 - 2013-01-13 16:43 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-05-07 21:59 - 2013-01-13 16:38 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-05-07 21:59 - 2013-01-13 16:38 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-05-07 21:59 - 2013-01-13 16:38 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-05-07 21:59 - 2013-01-13 16:37 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-05-07 21:59 - 2013-01-13 16:25 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-05-07 21:59 - 2013-01-13 16:24 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-05-07 21:59 - 2013-01-13 16:24 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-05-07 21:59 - 2013-01-13 16:20 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-05-07 21:59 - 2013-01-13 16:20 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-05-07 21:59 - 2013-01-13 16:15 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-05-07 21:59 - 2013-01-13 16:10 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-05-07 21:59 - 2013-01-13 16:02 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-05-07 21:59 - 2013-01-13 15:34 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-05-07 21:59 - 2013-01-13 15:32 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-05-07 21:59 - 2013-01-13 15:09 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-05-07 21:59 - 2013-01-13 14:26 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-05-07 21:59 - 2013-01-13 14:05 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-05-07 21:59 - 2013-01-04 03:11 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-05-07 21:59 - 2013-01-04 03:11 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-05-07 21:43 - 2013-05-07 21:43 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-05-07 21:43 - 2013-05-07 21:43 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-05-07 21:43 - 2013-05-07 21:43 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-05-07 21:43 - 2013-05-07 21:43 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-05-07 21:43 - 2013-05-07 21:43 - 00000000 ____D C:\Program Files (x86)\Java
2013-05-07 21:38 - 2013-04-12 11:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-05-07 21:38 - 2013-03-19 03:04 - 05550424 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-05-07 21:38 - 2013-03-19 02:46 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-05-07 21:38 - 2013-03-19 02:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-05-07 21:38 - 2013-03-19 02:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-05-07 21:38 - 2013-03-19 01:47 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-05-07 21:38 - 2013-03-19 00:06 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-05-07 21:38 - 2013-03-01 00:36 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-07 21:38 - 2013-01-24 03:01 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2013-05-07 21:38 - 2012-08-24 15:13 - 00154480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-05-07 21:38 - 2012-08-24 15:09 - 00458712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-05-07 21:38 - 2012-08-24 15:05 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-05-07 21:38 - 2012-08-24 15:03 - 01448448 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-05-07 21:38 - 2012-08-24 13:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-05-07 21:38 - 2012-08-24 13:57 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-05-07 21:38 - 2012-08-24 13:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-05-07 21:30 - 2013-05-07 21:32 - 00903072 ____A (Oracle Corporation) C:\Users\Marcos\Downloads\chromeinstall-7u21.exe
2013-05-03 19:34 - 2013-05-03 19:34 - 00000000 ____D C:\Users\Marcos\AppData\Roaming\ATNSOFT
2013-05-03 19:31 - 2013-05-03 19:32 - 00000000 ____D C:\Users\Marcos\AppData\Local\KeyMapper
2013-05-03 19:31 - 2013-05-03 19:31 - 00000000 ____D C:\Users\Marcos\AppData\Local\Rose_Hill_Solutions
2013-05-03 19:30 - 2013-05-03 19:33 - 00000000 ____D C:\Program Files (x86)\Key Mapper
2013-05-03 18:42 - 2008-07-12 08:18 - 04992520 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_39.dll
2013-05-03 18:42 - 2008-07-12 08:18 - 03851784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2013-05-03 18:42 - 2008-07-12 08:18 - 01942552 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_39.dll
2013-05-03 18:42 - 2008-07-12 08:18 - 01493528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2013-05-03 18:42 - 2008-07-12 08:18 - 00540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_39.dll
2013-05-03 18:42 - 2008-07-12 08:18 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2013-04-30 00:08 - 2013-04-30 00:08 - 00666608 ____A C:\Windows\Minidump\043013-21169-01.dmp
2013-04-28 19:17 - 2013-05-07 07:14 - 00000000 ____D C:\Users\Marcos\AppData\Local\CrashDumps
2013-04-27 13:09 - 2013-04-27 13:09 - 00000000 ____D C:\Users\Marcos\AppData\Local\Chromium
 
==================== One Month Modified Files and Folders =======
 
2013-05-24 11:49 - 2013-05-24 11:49 - 00000000 ____D C:\FRST
2013-05-24 11:48 - 2013-05-24 11:48 - 01878604 ____A (Farbar) C:\Users\Marcos\Desktop\FRST64.exe
2013-05-24 11:47 - 2010-11-21 06:37 - 00703580 ____A C:\Windows\System32\prfh0416.dat
2013-05-24 11:47 - 2010-11-21 06:37 - 00146366 ____A C:\Windows\System32\prfc0416.dat
2013-05-24 11:47 - 2009-07-14 02:13 - 01628224 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-24 11:46 - 2011-10-26 20:30 - 00000000 ____D C:\Users\Usuário Padrão\AppData\Local\SoftThinks
2013-05-24 11:46 - 2011-10-26 20:30 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-05-24 11:46 - 2011-10-26 20:30 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-05-24 11:46 - 2011-10-26 20:21 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-05-24 11:45 - 2012-02-14 19:28 - 00001064 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-24 11:45 - 2011-10-26 19:54 - 00000000 ____D C:\Users\Todos os Usuários\NVIDIA
2013-05-24 11:45 - 2011-10-26 19:54 - 00000000 ____D C:\ProgramData\NVIDIA
2013-05-24 11:45 - 2009-07-14 02:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-24 11:45 - 2009-07-14 01:51 - 00227188 ____A C:\Windows\setupact.log
2013-05-24 11:44 - 2010-11-21 00:47 - 00067280 ____A C:\Windows\PFRO.log
2013-05-23 23:19 - 2011-10-26 19:55 - 01324849 ____A C:\Windows\WindowsUpdate.log
2013-05-23 23:00 - 2012-02-14 19:28 - 00001068 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-23 22:44 - 2012-02-17 18:04 - 00001082 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1438545249-339806314-3607663721-1002UA.job
2013-05-23 22:28 - 2012-06-12 13:19 - 00000902 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-23 21:00 - 2013-04-21 10:43 - 00000000 ____D C:\Users\Marcos\AppData\Roaming\CodeBlocks
2013-05-23 20:56 - 2013-03-13 20:53 - 00000000 ____D C:\Users\Marcos\AppData\Roaming\Skype
2013-05-23 17:09 - 2013-05-23 17:09 - 00021912 ____A C:\ComboFix.txt
2013-05-23 17:09 - 2013-05-22 19:46 - 00000000 ____D C:\Qoobox
2013-05-23 17:09 - 2009-07-14 01:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-23 17:09 - 2009-07-14 01:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-23 17:08 - 2009-07-13 23:34 - 00000215 ____A C:\Windows\system.ini
2013-05-23 16:57 - 2013-05-22 19:32 - 05070388 ____R (Swearware) C:\Users\Marcos\Desktop\ComboFix.exe
2013-05-23 12:43 - 2012-02-17 18:04 - 00001030 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1438545249-339806314-3607663721-1002Core.job
2013-05-23 12:39 - 2013-05-23 12:39 - 00001990 ____A C:\Users\Marcos\Desktop\RKreport[3]_D_05232013_02d1239.txt
2013-05-23 12:38 - 2013-05-23 12:38 - 00001997 ____A C:\Users\Marcos\Desktop\RKreport[2]_S_05232013_02d1238.txt
2013-05-23 12:38 - 2013-05-14 13:19 - 00000000 ____D C:\Users\Marcos\Desktop\RK_Quarantine
2013-05-23 12:28 - 2013-05-23 12:28 - 00791040 ____A C:\Users\Marcos\Desktop\RogueKillerX64.exe
2013-05-23 12:27 - 2013-05-23 12:27 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Marcos\Desktop\tdsskiller.exe
2013-05-22 20:05 - 2009-07-14 00:20 - 00000000 __RHD C:\users\Default
2013-05-22 20:04 - 2013-05-22 19:46 - 00000000 ____D C:\Windows\erdnt
2013-05-22 19:09 - 2013-05-22 19:09 - 00079449 ____A C:\Users\Marcos\Desktop\JRT.txt
2013-05-22 19:06 - 2013-05-22 19:06 - 00000000 ____D C:\Windows\ERUNT
2013-05-22 19:06 - 2013-05-22 19:06 - 00000000 ____D C:\JRT
2013-05-22 19:04 - 2013-05-22 19:04 - 00001986 ____A C:\Users\Marcos\Desktop\AdwCleaner[S1].txt
2013-05-22 19:01 - 2013-05-22 19:00 - 00001986 ____A C:\AdwCleaner[S1].txt
2013-05-22 18:59 - 2013-05-22 18:59 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Marcos\Desktop\JRT.exe
2013-05-22 18:58 - 2013-05-22 18:58 - 00632031 ____A C:\Users\Marcos\Desktop\AdwCleaner.exe
2013-05-22 16:25 - 2013-05-22 16:25 - 00022990 ____A C:\Users\Marcos\Desktop\dds.txt
2013-05-22 16:25 - 2013-05-22 16:25 - 00007463 ____A C:\Users\Marcos\Desktop\attach.txt
2013-05-21 21:54 - 2011-10-26 20:42 - 00000000 ____D C:\Users\Todos os Usuários\Sonic
2013-05-21 21:54 - 2011-10-26 20:42 - 00000000 ____D C:\ProgramData\Sonic
2013-05-21 17:13 - 2012-02-19 11:00 - 00000000 ____D C:\Users\Todos os Usuários\PCDr
2013-05-21 17:13 - 2012-02-19 11:00 - 00000000 ____D C:\ProgramData\PCDr
2013-05-21 17:04 - 2013-05-21 17:03 - 00000000 ____D C:\Program Files\My Dell
2013-05-21 17:04 - 2012-04-07 14:26 - 00000000 ____D C:\Program Files\Dell Support Center
2013-05-21 17:04 - 2011-10-27 01:42 - 00000000 ____D C:\Users\Todos os Usuários\Dell
2013-05-21 17:04 - 2011-10-27 01:42 - 00000000 ____D C:\ProgramData\Dell
2013-05-21 15:36 - 2013-05-21 15:36 - 00408576 ____A C:\Users\Marcos\Downloads\tc021_2013_alunos.xls
2013-05-21 14:35 - 2011-12-08 09:15 - 00000000 ____D C:\Users\Marcos\Desktop\Marcos
2013-05-21 14:25 - 2013-05-21 14:22 - 05046823 ____A C:\Users\Marcos\Downloads\Kkkk.zip
2013-05-21 08:54 - 2013-05-21 07:36 - 00000000 ____D C:\Users\Marcos\Desktop\Prog 2105
2013-05-19 21:12 - 2013-05-19 21:13 - 00015564 ____A C:\Users\Marcos\Desktop\Trabalho 10.zir
2013-05-19 21:03 - 2013-05-19 21:13 - 00006935 ____A C:\Users\Marcos\Desktop\Trabalho 09.zir
2013-05-17 10:46 - 2013-05-17 10:46 - 01877462 ____A (Farbar) C:\Users\Marcos\Downloads\FRST64.exe
2013-05-17 10:42 - 2013-01-27 20:42 - 00000000 ____D C:\Users\Marcos\Desktop\Eng Civil 2013 - Pré-Aulas
2013-05-16 22:18 - 2013-02-14 07:22 - 00000000 ____D C:\Users\Marcos\AppData\Roaming\DAEMON Tools Pro
2013-05-16 22:18 - 2013-01-07 12:41 - 00000000 ____D C:\Users\Marcos\AppData\Roaming\uTorrent
2013-05-16 22:18 - 2012-01-11 00:27 - 00000000 ____D C:\Users\Marcos\AppData\Roaming\Media Player Classic
2013-05-16 20:21 - 2013-03-13 20:53 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-05-16 20:21 - 2011-10-26 20:22 - 00000000 ____D C:\Users\Todos os Usuários\Skype
2013-05-16 20:21 - 2011-10-26 20:22 - 00000000 ____D C:\ProgramData\Skype
2013-05-15 00:29 - 2012-04-02 16:34 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-15 00:29 - 2011-10-26 20:03 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-14 18:47 - 2013-05-14 18:47 - 00007386 ____A C:\Users\Marcos\Downloads\aula 1.zir
2013-05-14 13:20 - 2013-05-14 13:20 - 00003277 ____A C:\Users\Marcos\Desktop\RKreport[1]_S_05142013_02d1320.txt
2013-05-14 13:18 - 2013-05-14 13:18 - 00816128 ____A C:\Users\Marcos\Downloads\RogueKiller.exe
2013-05-13 22:55 - 2013-05-13 21:45 - 165271400 ____A (Symantec Corporation) C:\Users\Marcos\Downloads\N360-TW-20-3-0-36-PT.exe
2013-05-13 22:12 - 2013-05-13 22:13 - 00003748 ____A C:\Users\Marcos\Desktop\FSS.txt
2013-05-13 22:12 - 2013-05-13 22:12 - 00003748 ____A C:\Users\Marcos\Downloads\FSS.txt
2013-05-13 22:11 - 2013-05-13 22:11 - 00354299 ____A (Farbar) C:\Users\Marcos\Downloads\FSS.exe
2013-05-13 22:09 - 2013-05-13 22:09 - 00147456 ____A (Eric_71) C:\Users\Marcos\Downloads\MbrScan.exe
2013-05-13 22:09 - 2013-05-13 22:09 - 00147456 ____A (Eric_71) C:\Users\Marcos\Desktop\MbrScan.exe
2013-05-13 22:09 - 2013-05-13 22:09 - 00047554 ____A C:\Users\Marcos\Desktop\MbrScan.log
2013-05-13 22:09 - 2013-05-13 22:09 - 00000512 ____A C:\Users\Marcos\Desktop\Dump_Hdd0_DR0.mbr
2013-05-13 22:06 - 2013-05-13 22:04 - 00000000 ____D C:\Users\Marcos\Desktop\HijackThis
2013-05-13 22:04 - 2013-05-13 22:05 - 00083160 ____A (Avira GmbH) C:\Windows\System32\Drivers\avnetflt.sys
2013-05-13 22:03 - 2013-05-13 22:02 - 00218112 ____A (Soeperman Enterprises Ltd.) C:\Users\Marcos\Downloads\HijackThis.exe
2013-05-10 12:46 - 2013-05-10 12:46 - 00000000 ____D C:\Users\Marcos\AppData\Roaming\Java
2013-05-09 19:09 - 2011-12-07 14:10 - 00014336 ____A C:\Users\Marcos\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-09 19:03 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\rescache
2013-05-09 15:13 - 2013-05-09 15:06 - 83401665 ____A C:\Users\Marcos\Downloads\@derito NBA 2K13 Draft Class 2013 & 2014.rar
2013-05-08 15:39 - 2013-05-08 15:39 - 00031403 ____A C:\Users\Marcos\Downloads\Trabalho 2.zir
2013-05-08 15:21 - 2009-07-14 01:45 - 05157808 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-07 22:13 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-05-07 22:13 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-05-07 22:13 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-05-07 22:13 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\System32\tr-TR
2013-05-07 22:13 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-05-07 22:02 - 2011-12-09 22:59 - 72702784 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-07 21:43 - 2013-05-07 21:43 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-05-07 21:43 - 2013-05-07 21:43 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-05-07 21:43 - 2013-05-07 21:43 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-05-07 21:43 - 2013-05-07 21:43 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-05-07 21:43 - 2013-05-07 21:43 - 00000000 ____D C:\Program Files (x86)\Java
2013-05-07 21:43 - 2013-01-15 09:35 - 00866720 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-05-07 21:43 - 2011-10-26 20:14 - 00788896 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-05-07 21:32 - 2013-05-07 21:30 - 00903072 ____A (Oracle Corporation) C:\Users\Marcos\Downloads\chromeinstall-7u21.exe
2013-05-07 21:25 - 2011-12-13 17:22 - 00000000 ____D C:\Users\Marcos\Documents\Backup Registros
2013-05-07 21:01 - 2011-12-07 12:28 - 00000000 ____D C:\users\Marcos
2013-05-07 07:14 - 2013-04-28 19:17 - 00000000 ____D C:\Users\Marcos\AppData\Local\CrashDumps
2013-05-03 22:53 - 2013-02-14 07:36 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-05-03 19:34 - 2013-05-03 19:34 - 00000000 ____D C:\Users\Marcos\AppData\Roaming\ATNSOFT
2013-05-03 19:33 - 2013-05-03 19:30 - 00000000 ____D C:\Program Files (x86)\Key Mapper
2013-05-03 19:32 - 2013-05-03 19:31 - 00000000 ____D C:\Users\Marcos\AppData\Local\KeyMapper
2013-05-03 19:31 - 2013-05-03 19:31 - 00000000 ____D C:\Users\Marcos\AppData\Local\Rose_Hill_Solutions
2013-05-03 18:42 - 2011-10-26 20:32 - 00389118 ____A C:\Windows\DirectX.log
2013-05-02 17:44 - 2009-07-14 02:08 - 00032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-02 02:06 - 2010-11-21 00:27 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-04-30 08:43 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\System32\NDF
2013-04-30 00:08 - 2013-04-30 00:08 - 00666608 ____A C:\Windows\Minidump\043013-21169-01.dmp
2013-04-30 00:08 - 2012-12-29 12:27 - 689463102 ____A C:\Windows\MEMORY.DMP
2013-04-30 00:08 - 2012-01-17 19:57 - 00000000 ____D C:\Windows\Minidump
2013-04-29 20:50 - 2013-04-21 10:49 - 00000000 ____D C:\Users\Marcos\Desktop\Eng Civil - 1o Sem
2013-04-27 13:09 - 2013-04-27 13:09 - 00000000 ____D C:\Users\Marcos\AppData\Local\Chromium
2013-04-24 17:43 - 2011-12-13 17:00 - 00000000 ____D C:\Users\Marcos\Desktop\Stuff
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
Last Boot: 2013-05-14 16:18
 
==================== End Of Log ============================

 

Attached Files



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:53 AM

Posted 24 May 2013 - 10:10 AM

Hello nego191



I need you to download this script I have made for you --> Attached File  fixlist.txt   38bytes   3 downloads


It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.


When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 nego191

nego191
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:53 AM

Posted 24 May 2013 - 12:37 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-05-2013
Ran by Marcos at 2013-05-24 14:36:24 Run:1
Running from C:\Users\Marcos\Desktop
Boot Mode: Normal
==============================================
 
 
=========  Dir /b /a:l "C:\Program Files" /s =========
 
C:\Program Files\Arquivos Comuns
C:\Program Files\Common Files\Sistema
C:\Program Files\Windows Defender\MpAsDesc.dll
C:\Program Files\Windows Defender\MpClient.dll
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\Program Files\Windows Defender\MpCommu.dll
C:\Program Files\Windows Defender\MpEvMsg.dll
C:\Program Files\Windows Defender\MpOAV.dll
C:\Program Files\Windows Defender\MpRTP.dll
C:\Program Files\Windows Defender\MpSvc.dll
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Windows Defender\MsMpCom.dll
C:\Program Files\Windows Defender\MsMpLics.dll
C:\Program Files\Windows Defender\MsMpRes.dll
C:\Program Files\Windows Defender\pt-BR
C:\Program Files\Windows NT\Acess¢rios
 
========= End of CMD: =========
 
 
==== End of Fixlog ====


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:53 AM

Posted 24 May 2013 - 08:55 PM

Hello billyjoeiknow

It looks like you did so lets try it again - if you already have a fixlist on the computer go ahead and delete them

I need you to download this script I have made for you --> Attached File  fixlist.txt   185bytes   5 downloads

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.


When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 nego191

nego191
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:53 AM

Posted 24 May 2013 - 09:00 PM

haha looks like you missed the topic.

check it out :)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users