Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sirefef trojan won't let my computer boot


  • This topic is locked This topic is locked
24 replies to this topic

#1 CristinaLR

CristinaLR

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 27 May 2013 - 08:16 AM

Hi there,

 

A couple of days ago my computer got infected with Sirefef.

Although my Norton said it caught all the trojans (and that I stopped a virus disguised as an adobe update before it finished completion) and that my system was all clear, it asked me to restart the computer, and the computer never booted correctly again.

 

It won't even boot in Safety Mode (yes, even pressing F8, etc)

 For an accurate view of what happens, I have filmed it:

 

The video stops in a screen where you have to select the user. I have selected the user and hit ok, coming to System Recovery Options screen only. Of all options available (startup repair, system restore, system image recovery, windows memory diagnostic and command prompt), the only option that works is command prompt, as for all the others I get messages of "The Startup repair can't repair this computer automatically", or "There aren't restoring points in the system", etc.

 

After trying everything from chkdsk to memcheck86+ and still being convinced that the problem was the trojan either hadn't been deleted yet or had already done some damage, I came to this forum, specifically to

http://www.bleepingcomputer.com/forums/t/494856/please-help-sirefef-trojan-and-now-my-pc-wont-boot-correctly/

 

So I followed the steps suggested by your Malware Response Team (http://www.bleepingcomputer.com/forums/u/57930/jsntgrvr/) and ran Farbar Recovery Tool.

 

Here is the log created on my flashdrive:

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-05-2013
Ran by SISTEMA on 27-05-2013 13:43:25
Running from H:\
Windows 7 Home Premium (X64) OS Language: Portuguese Brazilian
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [MRT] "C:\Windows\system32\MRT.exe" /R [75016696 2013-05-15] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [295512 2013-03-29] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-04-15] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1263952 2013-02-12] ()
HKU\Mari\...\Run: [AdobeBridge]  [x]
HKU\Mari\...\Run: [TouchFreeze] C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe [45056 2005-04-29] ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files (x86)\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
Startup: C:\Users\Mari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
Startup: C:\Users\Todos os Usuários\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files (x86)\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
 
==================== Services (Whitelisted) =================
 
S2 N360; C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\diMaster.dll [309688 2012-04-13] (Symantec Corporation)
S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-05] ()
S2 Web Assistant Updater; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [185856 2012-05-08] ()
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] ()
 
==================== Drivers (Whitelisted) ====================
 
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20130502.001\BHDrvx64.sys [1390680 2013-04-12] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-11-01] (Symantec Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] ()
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20130514.001\IDSvia64.sys [513184 2013-01-13] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130515.003\ENG64.SYS [126192 2013-01-22] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130515.003\EX64.SYS [2087664 2013-01-22] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-05-05] (Symantec Corporation)
S1 ccSet_N360; \SystemRoot\system32\drivers\N360x64\0604010.00E\ccSetx64.sys [x]
S3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S1 SRTSP; \SystemRoot\System32\Drivers\N360x64\0604010.00E\SRTSP64.SYS [x]
S1 SRTSPX; \SystemRoot\system32\drivers\N360x64\0604010.00E\SRTSPX64.SYS [x]
S0 SymDS; system32\drivers\N360x64\0604010.00E\SYMDS64.SYS [x]
S0 SymEFA; system32\drivers\N360x64\0604010.00E\SYMEFA64.SYS [x]
S1 SymIRON; \SystemRoot\system32\drivers\N360x64\0604010.00E\Ironx64.SYS [x]
S1 SymNetS; \SystemRoot\System32\Drivers\N360x64\0604010.00E\SYMNETS.SYS [x]
S1 uvwklyfr; \??\C:\Windows\system32\drivers\uvwklyfr.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
Error(0) reading file: "C:\Windows\System32\ "
2013-05-23 21:36 - 2013-05-23 21:36 - 00000000 ___DC C:\FRST
2013-05-18 01:42 - 2013-05-18 01:42 - 00000000 ___DC C:\NBRT
2013-05-15 14:59 - 2013-05-23 18:22 - 383781603 ____A C:\Windows\MEMORY.DMP
2013-05-15 14:50 - 2013-05-15 14:50 - 00000364 ____A C:\Windows\System32\MRT.INI
2013-05-15 14:50 - 2013-05-15 14:50 - 00000000 ____D C:\Windows\System32\MpEngineStore
2013-05-15 14:43 - 2013-04-05 03:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-15 14:43 - 2013-04-05 03:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-15 14:43 - 2013-04-05 03:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-15 14:43 - 2013-04-05 03:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-15 14:43 - 2013-04-05 03:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-05-15 14:43 - 2013-04-05 03:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-05-15 14:43 - 2013-04-05 03:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-05-15 14:43 - 2013-04-05 02:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-15 14:43 - 2013-04-05 02:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-15 14:43 - 2013-04-05 02:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-15 14:43 - 2013-04-05 02:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-15 14:43 - 2013-04-05 02:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-05-15 14:43 - 2013-04-05 02:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-05-15 14:43 - 2013-04-05 02:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-05-15 14:43 - 2013-04-05 01:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-15 14:43 - 2013-04-05 01:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-15 14:43 - 2013-04-05 00:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-15 14:43 - 2013-04-05 00:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-05-15 14:42 - 2013-04-05 03:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-15 14:42 - 2013-04-05 03:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-15 14:42 - 2013-04-05 03:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-15 14:42 - 2013-04-05 03:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-15 14:42 - 2013-04-05 03:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-15 14:42 - 2013-04-05 03:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-15 14:42 - 2013-04-05 03:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-15 14:42 - 2013-04-05 02:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-15 14:42 - 2013-04-05 02:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-15 14:42 - 2013-04-05 02:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-15 14:42 - 2013-04-05 02:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-15 14:42 - 2013-04-05 02:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-15 14:42 - 2013-04-05 02:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-15 07:04 - 2013-05-15 07:05 - 14361511 ____A C:\Users\Mari\Downloads\beautybox_122_AE.zip
2013-05-15 07:00 - 2013-04-10 03:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-15 07:00 - 2013-04-10 03:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-15 07:00 - 2013-04-10 00:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-15 07:00 - 2013-03-19 02:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-15 07:00 - 2013-03-19 02:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-15 07:00 - 2013-02-27 03:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-15 07:00 - 2013-02-27 02:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-15 07:00 - 2013-02-27 02:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-15 07:00 - 2013-02-27 02:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-15 07:00 - 2013-02-27 02:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-15 07:00 - 2013-02-27 01:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-15 07:00 - 2013-02-27 01:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-15 07:00 - 2013-02-27 01:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-15 07:00 - 2011-02-03 08:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-14 19:05 - 2013-05-14 19:05 - 09195912 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-05-14 18:51 - 2013-05-14 18:52 - 16123376 ____A C:\Users\Mari\Downloads\BeautyBoxVideo2_manual.zip
2013-05-14 18:45 - 2013-05-14 18:45 - 14870852 ____A C:\Users\Mari\Downloads\beautybox_205_AE.zip
2013-05-12 19:15 - 2013-05-12 15:56 - 01846227 ____A C:\Users\Mari\Documents\showreel 2013_CS6_COMEDY - Cópia.prproj
2013-05-07 11:09 - 2013-05-07 11:33 - 00000222 ____A C:\Users\Mari\Desktop\showreel appearances.txt
2013-05-02 19:19 - 2013-05-02 19:19 - 00001294 ____A C:\Users\Public\Desktop\WinX DVD Ripper Platinum.lnk
2013-05-02 19:18 - 2013-05-02 19:18 - 00000000 ____D C:\Users\Mari\Downloads\skydrive-2013-05-02 (1)
2013-05-02 19:12 - 2013-05-02 19:15 - 12154620 ____A C:\Users\Mari\Downloads\skydrive-2013-05-02 (1).zip
2013-05-02 18:39 - 2013-05-02 18:39 - 00000000 ____D C:\Users\Mari\Downloads\skydrive-2013-05-02
2013-05-02 18:07 - 2013-05-02 18:07 - 00000000 ____D C:\Users\Mari\AppData\Roaming\Xilisoft
2013-05-02 18:03 - 2013-05-02 18:03 - 00002097 ____A C:\Users\Public\Desktop\Xilisoft DVD Ripper Ultimate.lnk
2013-05-02 18:03 - 2013-05-02 18:03 - 00000000 ____D C:\Users\Todos os Usuários\Xilisoft
2013-05-02 18:03 - 2013-05-02 18:03 - 00000000 ____D C:\ProgramData\Xilisoft
2013-05-02 18:03 - 2013-05-02 18:03 - 00000000 ____D C:\Program Files (x86)\Xilisoft
2013-05-02 17:46 - 2013-05-02 17:58 - 38005312 ____A C:\Users\Mari\Downloads\x-dvd-ripper-ultimate7.exe
2013-05-02 16:49 - 2013-05-02 16:49 - 00000162 ____A C:\Users\Mari\Downloads\Key.txt
2013-05-02 16:49 - 2013-05-02 16:49 - 00000162 ____A C:\Users\Mari\Downloads\Key (1).txt
2013-05-02 16:48 - 2013-05-02 16:48 - 01377776 ____A C:\Users\Mari\Downloads\skydrive-2013-05-02.zip
2013-05-02 11:11 - 2013-05-04 16:56 - 00000000 ____D C:\Users\Mari\AppData\Roaming\dvdcss
2013-05-02 11:08 - 2013-05-02 11:08 - 00000000 ____D C:\Users\Mari\AppData\Roaming\Digiarty
2013-05-02 11:08 - 2013-05-02 11:08 - 00000000 ____D C:\Program Files (x86)\Digiarty
2013-05-02 11:07 - 2013-05-02 11:07 - 12153129 ____A (Digiarty Software, Inc.                                     ) C:\Users\Mari\Downloads\winx-dvd-ripper-pt.exe
2013-05-02 11:06 - 2013-05-02 11:06 - 00001253 ____A C:\Users\Mari\Downloads\serial.txt
2013-05-02 10:29 - 2013-05-13 21:44 - 00000000 ____D C:\Users\Mari\AppData\Roaming\vlc
2013-05-02 10:26 - 2013-05-02 10:26 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-05-02 10:25 - 2013-05-02 10:25 - 22948790 ____A C:\Users\Mari\Downloads\vlc-2.0.6-win32.exe
2013-04-30 15:49 - 2013-04-30 15:49 - 00017805 ____A C:\Users\Mari\Documents\c&c_WEB (Salvo automaticamente).xlsx
2013-04-30 10:51 - 2013-04-30 10:51 - 00000000 ____D C:\Users\Mari\AppData\Roaming\DivX
2013-04-30 10:00 - 2013-04-30 10:00 - 00000000 ___DC C:\Program Files\DivX
2013-04-30 09:58 - 2013-04-30 10:01 - 00000000 ____D C:\Users\Todos os Usuários\DivX
2013-04-30 09:58 - 2013-04-30 10:01 - 00000000 ____D C:\ProgramData\DivX
2013-04-30 09:58 - 2013-04-30 10:01 - 00000000 ____D C:\Program Files (x86)\DivX
2013-04-30 09:57 - 2013-04-30 09:57 - 00952128 ____A (DivX, LLC) C:\Users\Mari\Downloads\DivXInstaller.exe
2013-04-30 09:53 - 2013-04-30 09:53 - 01909585 ____A C:\Users\Mari\Downloads\winrar-x64-50b2.exe
2013-04-30 09:53 - 2013-04-30 09:53 - 00000000 ___DC C:\Program Files\WinRAR
2013-04-30 09:51 - 2013-04-30 09:55 - 00000000 ____D C:\Users\Mari\AppData\Roaming\WinRAR
2013-04-30 09:36 - 2013-04-30 09:37 - 40437664 ____A (Apple Inc.) C:\Users\Mari\Downloads\QuickTimeInstaller.exe
2013-04-29 23:04 - 2013-04-29 23:04 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-04-29 23:04 - 2013-04-29 23:04 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-04-29 23:04 - 2013-04-29 23:04 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-04-29 23:04 - 2013-04-29 23:04 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-04-29 23:04 - 2013-04-29 23:04 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-04-29 23:04 - 2013-04-29 23:04 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-04-29 23:04 - 2013-04-29 23:04 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-04-29 23:04 - 2013-04-29 23:04 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-04-29 23:04 - 2013-04-29 23:04 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-04-29 23:04 - 2013-04-29 23:04 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-04-29 23:04 - 2013-04-29 23:04 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-04-29 23:04 - 2013-04-29 23:04 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-04-29 23:04 - 2013-04-29 23:04 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-04-29 23:04 - 2013-04-29 23:04 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-04-29 23:04 - 2013-04-29 23:04 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-04-29 23:04 - 2013-04-29 23:04 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-04-29 23:04 - 2013-04-29 23:04 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-04-29 23:04 - 2013-04-29 23:04 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-04-29 23:04 - 2013-04-29 23:04 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-04-29 23:04 - 2013-04-29 23:04 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-04-29 23:04 - 2013-04-29 23:04 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-04-29 23:00 - 2013-04-29 23:09 - 00009564 ____A C:\Windows\IE10_main.log
2013-04-29 13:59 - 2013-04-29 13:59 - 00004304 ____A C:\Users\Mari\Desktop\ep7_subtimes
 
==================== One Month Modified Files and Folders =======
 
2013-05-27 09:29 - 2009-07-14 01:45 - 01059024 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-23 21:36 - 2013-05-23 21:36 - 00000000 ___DC C:\FRST
2013-05-23 18:22 - 2013-05-15 14:59 - 383781603 ____A C:\Windows\MEMORY.DMP
2013-05-18 01:42 - 2013-05-18 01:42 - 00000000 ___DC C:\NBRT
2013-05-15 14:53 - 2011-11-16 08:33 - 00109290 ____A C:\Windows\PFRO.log
2013-05-15 14:51 - 2011-08-28 17:58 - 01478186 ____A C:\Windows\WindowsUpdate.log
2013-05-15 14:50 - 2013-05-15 14:50 - 00000364 ____A C:\Windows\System32\MRT.INI
2013-05-15 14:50 - 2013-05-15 14:50 - 00000000 ____D C:\Windows\System32\MpEngineStore
2013-05-15 14:47 - 2011-08-28 19:48 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-15 14:45 - 2009-07-14 14:55 - 00664038 ____A C:\Windows\System32\prfh0416.dat
2013-05-15 14:45 - 2009-07-14 14:55 - 00128328 ____A C:\Windows\System32\prfc0416.dat
2013-05-15 14:45 - 2009-07-14 02:13 - 01528992 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-15 14:12 - 2013-01-28 21:55 - 00001064 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-15 14:05 - 2012-12-25 09:53 - 00000902 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-15 12:12 - 2013-01-28 21:55 - 00001060 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-15 07:05 - 2013-05-15 07:04 - 14361511 ____A C:\Users\Mari\Downloads\beautybox_122_AE.zip
2013-05-15 06:59 - 2011-08-31 20:31 - 00000000 ____D C:\Users\Mari\AppData\Local\Adobe
2013-05-15 06:56 - 2009-07-14 01:45 - 00013952 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-15 06:56 - 2009-07-14 01:45 - 00013952 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-15 06:50 - 2013-01-29 13:12 - 00000000 ____D C:\Users\Mari\AppData\Roaming\Dropbox
2013-05-15 06:50 - 2011-08-31 20:00 - 00000000 ___RD C:\Users\Mari\Dropbox
2013-05-15 06:49 - 2011-11-08 19:43 - 00058182 ____A C:\Windows\setupact.log
2013-05-15 06:49 - 2009-07-14 02:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-14 19:05 - 2013-05-14 19:05 - 09195912 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-05-14 19:05 - 2012-12-25 09:53 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-14 19:05 - 2011-08-28 19:28 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-14 18:52 - 2013-05-14 18:51 - 16123376 ____A C:\Users\Mari\Downloads\BeautyBoxVideo2_manual.zip
2013-05-14 18:45 - 2013-05-14 18:45 - 14870852 ____A C:\Users\Mari\Downloads\beautybox_205_AE.zip
2013-05-13 21:44 - 2013-05-02 10:29 - 00000000 ____D C:\Users\Mari\AppData\Roaming\vlc
2013-05-13 09:23 - 2011-09-08 20:40 - 00000000 ___DC C:\Program Files\Adobe
2013-05-13 09:23 - 2011-09-08 20:40 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-05-13 09:22 - 2011-08-31 20:20 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-05-13 07:33 - 2011-08-29 19:15 - 00000000 ____D C:\Users\Mari\AppData\Local\CrashDumps
2013-05-12 15:56 - 2013-05-12 19:15 - 01846227 ____A C:\Users\Mari\Documents\showreel 2013_CS6_COMEDY - Cópia.prproj
2013-05-09 12:04 - 2013-01-30 10:03 - 00000000 ____D C:\Users\Mari\headshots
2013-05-07 11:33 - 2013-05-07 11:09 - 00000222 ____A C:\Users\Mari\Desktop\showreel appearances.txt
2013-05-04 16:56 - 2013-05-02 11:11 - 00000000 ____D C:\Users\Mari\AppData\Roaming\dvdcss
2013-05-02 19:19 - 2013-05-02 19:19 - 00001294 ____A C:\Users\Public\Desktop\WinX DVD Ripper Platinum.lnk
2013-05-02 19:18 - 2013-05-02 19:18 - 00000000 ____D C:\Users\Mari\Downloads\skydrive-2013-05-02 (1)
2013-05-02 19:15 - 2013-05-02 19:12 - 12154620 ____A C:\Users\Mari\Downloads\skydrive-2013-05-02 (1).zip
2013-05-02 18:39 - 2013-05-02 18:39 - 00000000 ____D C:\Users\Mari\Downloads\skydrive-2013-05-02
2013-05-02 18:07 - 2013-05-02 18:07 - 00000000 ____D C:\Users\Mari\AppData\Roaming\Xilisoft
2013-05-02 18:03 - 2013-05-02 18:03 - 00002097 ____A C:\Users\Public\Desktop\Xilisoft DVD Ripper Ultimate.lnk
2013-05-02 18:03 - 2013-05-02 18:03 - 00000000 ____D C:\Users\Todos os Usuários\Xilisoft
2013-05-02 18:03 - 2013-05-02 18:03 - 00000000 ____D C:\ProgramData\Xilisoft
2013-05-02 18:03 - 2013-05-02 18:03 - 00000000 ____D C:\Program Files (x86)\Xilisoft
2013-05-02 17:58 - 2013-05-02 17:46 - 38005312 ____A C:\Users\Mari\Downloads\x-dvd-ripper-ultimate7.exe
2013-05-02 16:49 - 2013-05-02 16:49 - 00000162 ____A C:\Users\Mari\Downloads\Key.txt
2013-05-02 16:49 - 2013-05-02 16:49 - 00000162 ____A C:\Users\Mari\Downloads\Key (1).txt
2013-05-02 16:48 - 2013-05-02 16:48 - 01377776 ____A C:\Users\Mari\Downloads\skydrive-2013-05-02.zip
2013-05-02 11:08 - 2013-05-02 11:08 - 00000000 ____D C:\Users\Mari\AppData\Roaming\Digiarty
2013-05-02 11:08 - 2013-05-02 11:08 - 00000000 ____D C:\Program Files (x86)\Digiarty
2013-05-02 11:07 - 2013-05-02 11:07 - 12153129 ____A (Digiarty Software, Inc.                                     ) C:\Users\Mari\Downloads\winx-dvd-ripper-pt.exe
2013-05-02 11:06 - 2013-05-02 11:06 - 00001253 ____A C:\Users\Mari\Downloads\serial.txt
2013-05-02 10:26 - 2013-05-02 10:26 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-05-02 10:25 - 2013-05-02 10:25 - 22948790 ____A C:\Users\Mari\Downloads\vlc-2.0.6-win32.exe
2013-04-30 15:49 - 2013-04-30 15:49 - 00017805 ____A C:\Users\Mari\Documents\c&c_WEB (Salvo automaticamente).xlsx
2013-04-30 10:51 - 2013-04-30 10:51 - 00000000 ____D C:\Users\Mari\AppData\Roaming\DivX
2013-04-30 10:01 - 2013-04-30 09:58 - 00000000 ____D C:\Users\Todos os Usuários\DivX
2013-04-30 10:01 - 2013-04-30 09:58 - 00000000 ____D C:\ProgramData\DivX
2013-04-30 10:01 - 2013-04-30 09:58 - 00000000 ____D C:\Program Files (x86)\DivX
2013-04-30 10:00 - 2013-04-30 10:00 - 00000000 ___DC C:\Program Files\DivX
2013-04-30 09:57 - 2013-04-30 09:57 - 00952128 ____A (DivX, LLC) C:\Users\Mari\Downloads\DivXInstaller.exe
2013-04-30 09:55 - 2013-04-30 09:51 - 00000000 ____D C:\Users\Mari\AppData\Roaming\WinRAR
2013-04-30 09:53 - 2013-04-30 09:53 - 01909585 ____A C:\Users\Mari\Downloads\winrar-x64-50b2.exe
2013-04-30 09:53 - 2013-04-30 09:53 - 00000000 ___DC C:\Program Files\WinRAR
2013-04-30 09:38 - 2012-12-22 19:08 - 00001805 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2013-04-30 09:38 - 2012-12-22 19:08 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-04-30 09:37 - 2013-04-30 09:36 - 40437664 ____A (Apple Inc.) C:\Users\Mari\Downloads\QuickTimeInstaller.exe
2013-04-30 00:39 - 2012-10-23 18:28 - 00000000 ____D C:\Windows\rescache
2013-04-29 23:39 - 2011-08-28 17:55 - 00000000 ____D C:\Windows\Panther
2013-04-29 23:36 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-04-29 23:09 - 2013-04-29 23:00 - 00009564 ____A C:\Windows\IE10_main.log
2013-04-29 23:04 - 2013-04-29 23:04 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-04-29 23:04 - 2013-04-29 23:04 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-04-29 23:04 - 2013-04-29 23:04 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-04-29 23:04 - 2013-04-29 23:04 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-04-29 23:04 - 2013-04-29 23:04 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-04-29 23:04 - 2013-04-29 23:04 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-04-29 23:04 - 2013-04-29 23:04 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-04-29 23:04 - 2013-04-29 23:04 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-04-29 23:04 - 2013-04-29 23:04 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-04-29 23:04 - 2013-04-29 23:04 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-04-29 23:04 - 2013-04-29 23:04 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-04-29 23:04 - 2013-04-29 23:04 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-04-29 23:04 - 2013-04-29 23:04 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-04-29 23:04 - 2013-04-29 23:04 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-04-29 23:04 - 2013-04-29 23:04 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-04-29 23:04 - 2013-04-29 23:04 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-04-29 23:04 - 2013-04-29 23:04 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-04-29 23:04 - 2013-04-29 23:04 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-04-29 23:04 - 2013-04-29 23:04 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-04-29 23:04 - 2013-04-29 23:04 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-04-29 23:04 - 2013-04-29 23:04 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-04-29 23:04 - 2013-04-29 23:04 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-04-29 13:59 - 2013-04-29 13:59 - 00004304 ____A C:\Users\Mari\Desktop\ep7_subtimes
2013-04-28 13:10 - 2011-08-28 18:08 - 00000000 ____D C:\users\Mari
 
ZeroAccess:
C:\Windows\Installer\{1e0f3c94-4a16-48c5-09ce-ded4c70b16a3}
C:\Windows\Installer\{1e0f3c94-4a16-48c5-09ce-ded4c70b16a3}\@
C:\Windows\Installer\{1e0f3c94-4a16-48c5-09ce-ded4c70b16a3}\L
C:\Windows\Installer\{1e0f3c94-4a16-48c5-09ce-ded4c70b16a3}\U
C:\Windows\Installer\{1e0f3c94-4a16-48c5-09ce-ded4c70b16a3}\U\00000008.@
 
Other Malware:
===========
C:\Users\Mari\chromeinstall-7u17.exe
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 15%
Total physical RAM: 4056.36 MB
Available physical RAM: 3445.25 MB
Total Pagefile: 4054.51 MB
Available Pagefile: 3432.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:58.79 GB) (Free:1.01 GB) NTFS (Disk=0 Partition=2)
Drive e: () (Fixed) (Total:239.2 GB) (Free:226.52 GB) NTFS (Disk=0 Partition=3)
Drive h: (MULTIBOOT) (Removable) (Total:0.96 GB) (Free:0.95 GB) FAT32 (Disk=2 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: E0000000)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=59 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=239 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 982 MB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=981 MB) - (Type=0B)
 
 
Last Boot: 2013-05-15 08:49
 
==================== End Of Log ============================

 

Thank you very much for your help!

Cristina

 



BC AdBot (Login to Remove)

 


#2 CristinaLR

CristinaLR
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 27 May 2013 - 08:21 AM

Please note that under "Bamital & volsnap Check" it indicates that my services.exe is missing.



#3 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:37 PM

Posted 27 May 2013 - 08:03 PM

Hi and :welcome:

 

Run FRST as you did before.

Type the following in the edit box on FRST, after "Search:".

services.exe

It then should look like:

Search: services.exe

Click Search button and post the log (Search.txt) it makes on the USB drive in your next reply.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#4 CristinaLR

CristinaLR
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 28 May 2013 - 05:26 AM

Thanks! Here it goes:

 

 

Farbar Recovery Scan Tool (x64) Version: 23-05-2013
Ran by SISTEMA at 2013-05-28 11:21:43
Running from H:\
Boot Mode: Recovery
 
================== Search: "services.exe" ===================
 
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 20:19] - [2009-07-13 22:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
 
====== End Of Search ======


#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:37 PM

Posted 28 May 2013 - 10:56 AM

Download the enclosed file.

 

Save it next to FRST.

 

Run FRST as you did before, except that this time around, click on the Fix button and wait.

 

The tool will make a log in the flashdrive (Fixlog.txt) please post it to your reply.
 

Attempt to boot in Normal Mode and let me know the outcome.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 CristinaLR

CristinaLR
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 28 May 2013 - 12:12 PM

Thanks again. Here is the fixlog:

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-05-2013
Ran by SISTEMA at 2013-05-28 18:05:57 Run:1
Running from H:\
Boot Mode: Recovery
==============================================
 
HKEY_USERS\Mari\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => Value deleted successfully.
C:\Windows\Installer\{1e0f3c94-4a16-48c5-09ce-ded4c70b16a3} => Moved successfully.
C:\Users\Mari\chromeinstall-7u17.exe => Moved successfully.
Could not find C:\Windows\System32\services.exe.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
 
==== End of Fixlog ====

 

And... yes!!! There is progress! We are past the "Starting Windows" screen (after a very slow boot, with one minute of black screen where I can move the mouse, and a "Configuring Windows - please wait" and percentage screen, and a very slow "Welcome" screen, but yes! I could boot in normal mode!! You're an angel! What's the next step?

 

PS: one minute later my Norton 360 has "found and fixed threats", and a pop up showed saying "Do you want to allow the following program to make alterations on this computer?"
Name of program: Malware removal tool for Microsoft Windows

Verified supplier: Windows"

 

I didn't click on anything and the pop up window disappeared. Then an Adobe installation popped up as ready to be installed. Maybe the same disguised trojan that caused the problem. Won't click anything until I hear back from you.


Edited by CristinaLR, 28 May 2013 - 12:16 PM.


#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:37 PM

Posted 28 May 2013 - 03:44 PM

Lets scan.
 
Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

AdwCleaner.GIF

Once done it will ask to reboot, allow this
On reboot a log will be produced at C:\ADWCleaner[XX].txt please post it in your next reply.
 
bf_new.gif Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
 
 
Download OTL  to your Desktop

 

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

  • OTL should now start.
  • Under the Custom Scan box paste this in

dir C:\ /S /A:L /C

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan may take some time to finish..
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt (first run only). These are saved in the same location as OTL.
    • Please post  the contents of the OTL.txt file and attach the Extras.Txt, if any, in your next reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 CristinaLR

CristinaLR
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 28 May 2013 - 04:30 PM

Ok, first, the ADW Cleaner log (so sorry about that, as the Windows version is in Portuguese, the ADW was automatically downloaded in Portuguese as well)
I've translated it with google translate, let me know if you would prefer the original.

Also, mbam-setup.exe is actually mbam-setup-1.75.0.1300.exe I suppose it's just the version and it's ok?
 

# AdwCleaner v2.301 - Report created on 28/05/2013 at 22:19:52
# Updated 5/16/2013 by Xplode
# Operating System: Windows 7 Home Premium Service Pack 1 (64-bit)
# User: Mari - NBMARI
# Boot mode: Normal
# Run from: C: \ Users \ Mari \ Desktop \ AdwCleaner.exe
# Option [Remove]
 
 
***** [Services] *****
 
Closed & Removed: Updater Web Assistant
 
***** [Files / Folders] *****
 
Removed file: C: \ Users \ Mari \ AppData \ Local \ Google \ Chrome \ User Data \ Default \ Local Storage \ hxxp_apps.conduit.com_0.localstorage
Removed file: C: \ Users \ Mari \ AppData \ Local \ Google \ Chrome \ User Data \ Default \ Local Storage \ hxxp_apps.conduit.com_0.localstorage-journal
Removed folder: C: \ Program Files (x86) \ AutocompletePro
Removed folder: C: \ Program Files (x86) \ Conduit
Removed folder: C: \ Program Files \ Web Assistant
Removed folder: C: \ Users \ Mari \ AppData \ Local \ APN
Removed folder: C: \ Users \ Mari \ AppData \ Local \ Conduit
Removed folder: C: \ Users \ Mari \ AppData \ Local \ Google \ Chrome \ User Data \ Default \ Extensions \ dlnembnfbcpjnepmfjmngjenhhajpdfd
Removed folder: C: \ Users \ Mari \ AppData \ LocalLow \ Conduit
 
***** [Register] *****
 
Removed key: HKLM \ Software \ APN PIP
Removed key: HKLM \ Software \ AppDataLow \ Software \ SmartBar
Removed key: HKLM \ Software \ Complitly
Removed key: HKLM \ Software \ Conduit
Removed key: HKLM \ Software \ IM
Removed key: HKLM \ Software \ ImInstaller
Removed key: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Ext \ Settings \ {0FB6A909-6086-458F-BD92-1F8EE10042A0}
Removed key: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Ext \ Settings \ {336D0C35-8A85-403A-B9D2-65C292C39087}
Removed key: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Ext \ Stats \ {0FB6A909-6086-458F-BD92-1F8EE10042A0}
Removed key: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Ext \ Stats \ {336D0C35-8A85-403A-B9D2-65C292C39087}
Removed key: HKLM \ Software \ Softonic
Removed key: HKLM \ SOFTWARE \ Classes \ AppID \ {B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Removed key: HKLM \ SOFTWARE \ Classes \ AppID \ AutocompletePro.DLL
Removed key: HKLM \ SOFTWARE \ Classes \ AppID \ Extension.DLL
Removed key: HKLM \ SOFTWARE \ Classes \ AppID \ NCTAudioCDGrabber2.DLL
Removed key: HKLM \ SOFTWARE \ Classes \ Extension.ExtensionHelperObject
Removed key: HKLM \ SOFTWARE \ Classes \ Extension.ExtensionHelperObject.1
Removed key: HKLM \ SOFTWARE \ Classes \ Toolbar.CT2727622
Removed key: HKLM \ SOFTWARE \ Classes \ TypeLib \ {1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Removed key: HKLM \ SOFTWARE \ Classes \ TypeLib \ {93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Removed key: HKLM \ Software \ Conduit
Removed key: HKLM \ Software \ ImInstaller
Removed key: HKLM \ SOFTWARE \ Microsoft \ Tracing \ apntoolbarinstaller_RASAPI32
Removed key: HKLM \ SOFTWARE \ Microsoft \ Tracing \ apntoolbarinstaller_RASMANCS
Removed key: HKLM \ SOFTWARE \ Microsoft \ Tracing \ ConduitInstaller_RASAPI32
Removed key: HKLM \ SOFTWARE \ Microsoft \ Tracing \ ConduitInstaller_RASMANCS
Removed key: HKLM \ Software \ PIP
Removed key: HKLM \ Software \ Web Assistant
Removed key: HKLM \ SOFTWARE \ Wow6432Node \ Classes \ CLSID \ {0FB6A909-6086-458F-BD92-1F8EE10042A0}
Removed key: HKLM \ SOFTWARE \ Wow6432Node \ Classes \ CLSID \ {336D0C35-8A85-403A-B9D2-65C292C39087}
Removed key: HKLM \ SOFTWARE \ Wow6432Node \ Classes \ CLSID \ {35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Removed key: HKLM \ SOFTWARE \ Wow6432Node \ Classes \ CLSID \ {3C471948-F874-49F5-B338-4F214A2EE0B1}
Removed key: HKLM \ SOFTWARE \ Wow6432Node \ Classes \ CLSID \ {5EB0259D-ab79-4AE6-A6E6-24FFE21C3DA4}
Removed key: HKLM \ SOFTWARE \ Wow6432Node \ Classes \ CLSID \ {CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Removed key: HKLM \ SOFTWARE \ Wow6432Node \ Classes \ Interface \ {2BEF239C-752E-4001-8048-F256E0D8CD93}
Removed key: HKLM \ SOFTWARE \ Wow6432Node \ Classes \ Interface \ {3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Removed key: HKLM \ SOFTWARE \ Wow6432Node \ Classes \ Interface \ {49C00A51-6E59-41fe-B3FA-2D2157FAD67B}
Removed key: HKLM \ SOFTWARE \ Wow6432Node \ Classes \ Interface \ {6DFF5DBA-AE3A-46dB-B301-ECFFC6DB2982}
Removed key: HKLM \ SOFTWARE \ Wow6432Node \ Classes \ Interface \ {A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Removed key: HKLM \ SOFTWARE \ Wow6432Node \ Classes \ Interface \ {DE34CD67-F1C8-4001-9a23-B8A68F63F377}
Removed key: HKLM \ SOFTWARE \ Wow6432Node \ Classes \ Interface \ {FE0273D1-99DF-4AC0-87D5-1371C6271785}
Removed key: HKLM \ SOFTWARE \ Wow6432Node \ Google \ Chrome \ Extensions \ dlnembnfbcpjnepmfjmngjenhhajpdfd
Removed key: HKLM \ SOFTWARE \ Wow6432Node \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Browser Helper Objects \ {0FB6A909-6086-458F-BD92-1F8EE10042A0}
Removed key: HKLM \ SOFTWARE \ Wow6432Node \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Browser Helper Objects \ {336D0C35-8A85-403A-B9D2-65C292C39087}
Removed key: HKLM \ SOFTWARE \ Wow6432Node \ Microsoft \ Windows \ CurrentVersion \ Uninstall \ AutocompletePro2_is1
Removed key: HKLM \ SOFTWARE \ Classes \ CLSID \ {336D0C35-8A85-403A-B9D2-65C292C39087}
Removed key: HKLM \ SOFTWARE \ Classes \ Interface \ {2BEF239C-752E-4001-8048-F256E0D8CD93}
Removed key: HKLM \ SOFTWARE \ Classes \ Interface \ {3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Removed key: HKLM \ SOFTWARE \ Classes \ Interface \ {49C00A51-6E59-41fe-B3FA-2D2157FAD67B}
Removed key: HKLM \ SOFTWARE \ Classes \ Interface \ {6DFF5DBA-AE3A-46dB-B301-ECFFC6DB2982}
Removed key: HKLM \ SOFTWARE \ Classes \ Interface \ {A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Removed key: HKLM \ SOFTWARE \ Classes \ Interface \ {DE34CD67-F1C8-4001-9a23-B8A68F63F377}
Removed key: HKLM \ SOFTWARE \ Classes \ Interface \ {FE0273D1-99DF-4AC0-87D5-1371C6271785}
Removed key: HKLM \ SOFTWARE \ Google \ Chrome \ Extensions \ dlnembnfbcpjnepmfjmngjenhhajpdfd
Removed key: HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Browser Helper Objects \ {336D0C35-8A85-403A-B9D2-65C292C39087}
Removed key: HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uninstall \ {336D0C35-403a-8A85-B9D2-65C292C39087} _is1
Removed key: HKLM \ SOFTWARE \ Web Assistant
Removed value: HKLM \ Software \ Microsoft \ Internet Explorer \ Toolbar \ WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Removed value: HKLM \ SOFTWARE \ Mozilla \ Firefox \ extensions [{336D0C35-8A85-B9D2-403a-65C292C39087}]
Removed value: HKLM \ SOFTWARE \ Mozilla \ Firefox \ Extensions [support@predictad.com]
 
***** [Browsers] *****
 
- \ \ Internet Explorer v10.0.9200.16576
 
[OK] registry is clean.
 
- \ \ Google Chrome v26.0.1410.64
 
File: C: \ Users \ Mari \ AppData \ Local \ Google \ Chrome \ User Data \ Default \ Preferences
 
[OK] File is clean.
 

Edited by CristinaLR, 28 May 2013 - 04:33 PM.


#9 CristinaLR

CristinaLR
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 28 May 2013 - 05:09 PM

And now for the MBAM log:

 

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.05.28.07
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Mari :: NBMARI [administrator]
 
Protection: Enabled
 
28/05/2013 22:37:11
mbam-log-2013-05-28 (22-37-11).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215359
Time elapsed: 3 minute(s), 48 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 2
C:\$Recycle.Bin\S-1-5-21-1506989644-3909475681-1477476496-1001\$RAC0C83E4 (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-1506989644-3909475681-1477476496-1001\$RB5E3A440 (Rootkit.0Access) -> Quarantined and deleted successfully.
 
(end)


#10 CristinaLR

CristinaLR
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 28 May 2013 - 05:37 PM

And finally, the OTL log (please also find attached the extras.txt):

 

(PS: the Malware Removal Tool For Microsoft Windows insists on appearing every time I reboot (I had to reboot after ADW and MBAM), and this time I clicked on scan. It picked Sirefef in the first 2 minutes of scan. I interrupted that scan to run OTL as per your instruction)

 

OTL logfile created on: 28/05/2013 23:22:28 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mari\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
 
3,96 Gb Total Physical Memory | 2,57 Gb Available Physical Memory | 64,90% Memory free
7,92 Gb Paging File | 6,49 Gb Available in Paging File | 81,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,79 Gb Total Space | 1,27 Gb Free Space | 2,16% Space Free | Partition Type: NTFS
Drive D: | 239,20 Gb Total Space | 226,52 Gb Free Space | 94,70% Space Free | Partition Type: NTFS
 
Computer Name: NBMARI | User Name: Mari | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/05/28 23:20:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mari\Desktop\OTL.exe
PRC - [2013/05/02 16:07:51 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/30 00:51:06 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2013/03/06 03:21:50 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/02/13 03:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2012/12/18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/06/16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccsvchst.exe
PRC - [2005/04/29 20:15:40 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe
PRC - [2002/11/22 12:10:00 | 000,106,560 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files (x86)\WinZip\WZQKPICK.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/02/13 03:38:06 | 000,100,688 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2013/02/13 03:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2005/04/29 20:15:40 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe
MOD - [2005/04/29 20:15:36 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\TouchFreeze\TouchFreeze.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/14 23:05:27 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/06 03:21:50 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/12/18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/06/16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe -- (N360)
SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 16:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/09/28 13:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/06 03:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/07/06 03:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/06/07 05:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2012/05/22 02:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/05/05 16:44:31 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/16 20:38:00 | 000,405,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/11/16 20:17:50 | 000,190,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\ironx64.sys -- (SymIRON)
DRV:64bit: - [2011/11/03 04:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/08/15 23:51:40 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\symds64.sys -- (SymDS)
DRV:64bit: - [2011/07/29 16:54:56 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2011/07/29 16:54:56 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/11 23:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013/04/13 00:53:05 | 001,390,680 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20130502.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/01/22 21:59:15 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130515.003\ex64.sys -- (NAVEX15)
DRV - [2013/01/22 21:59:14 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130515.003\eng64.sys -- (NAVENG)
DRV - [2013/01/15 15:38:55 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/01/13 09:20:32 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20130514.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/11/01 21:44:08 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/07/29 16:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2011/07/29 16:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-BR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C6 3E 60 CA CB 7F CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {140afdc9-061f-4b86-8c58-42994309768f} - No CLSID value found
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{210E6060-6146-48F5-8A9D-3EA22847E03C}: "URL" = http://www.google.com/search?hl=en&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPlgn\ [2012/05/05 16:50:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\ [2013/05/28 23:11:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/03/30 00:51:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/03/30 00:51:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/04/30 14:01:15 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Injovo Extension Plugin (Enabled) = C:\Users\Mari\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.441_0\npbrowserext.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\Mari\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
CHR - Extension: Google Docs = C:\Users\Mari\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Mari\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Mari\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Mari\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: RealDownloader = C:\Users\Mari\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0\
CHR - Extension: Norton Identity Protection = C:\Users\Mari\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.13.5_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Mari\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0\
CHR - Extension: Gmail = C:\Users\Mari\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [TouchFreeze] C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe ()
O4 - Startup: C:\Users\Mari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Mari\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8755B250-D7DC-44CE-9CE6-9EC37362521B}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AFD296DC-B9BE-429C-937D-99617387B871}: DhcpNameServer = 192.168.1.1 201.6.2.182 201.6.2.102
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/05/28 23:20:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mari\Desktop\OTL.exe
[2013/05/28 22:35:47 | 000,000,000 | ---D | C] -- C:\Users\Mari\AppData\Roaming\Malwarebytes
[2013/05/28 22:35:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/05/28 22:35:32 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/05/28 22:35:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/05/28 22:05:58 | 000,328,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\services.exe
[2013/05/28 18:11:32 | 000,000,000 | R--D | C] -- C:\Users\Mari\Saved Games
[2013/05/28 18:09:40 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/05/24 01:36:27 | 000,000,000 | ---D | C] -- C:\FRST
[2013/05/18 05:42:36 | 000,000,000 | ---D | C] -- C:\NBRT
[2013/05/15 18:43:03 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/05/15 18:43:02 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/05/15 18:43:02 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/05/15 18:43:01 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/05/15 18:43:01 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/05/15 18:43:01 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/05/15 18:43:01 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/05/15 18:43:01 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/05/15 18:43:01 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/05/15 18:43:01 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/05/15 18:43:01 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/05/15 18:43:01 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/05/15 18:42:59 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/05/15 18:42:59 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/05/15 18:42:58 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/05/15 11:06:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Beauty Box AE 1.2.2
[2013/05/15 11:00:45 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013/05/15 11:00:45 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013/05/15 11:00:27 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013/05/15 11:00:27 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013/05/15 11:00:26 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/05/15 11:00:26 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013/05/15 11:00:21 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013/05/14 23:05:19 | 009,195,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013/05/02 22:07:49 | 000,000,000 | ---D | C] -- C:\Users\Mari\AppData\Roaming\Xilisoft
[2013/05/02 22:03:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xilisoft
[2013/05/02 22:03:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Xilisoft
[2013/05/02 22:03:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xilisoft
[2013/05/02 15:11:20 | 000,000,000 | ---D | C] -- C:\Users\Mari\AppData\Roaming\dvdcss
[2013/05/02 15:08:39 | 000,000,000 | ---D | C] -- C:\Users\Mari\AppData\Roaming\Digiarty
[2013/05/02 15:08:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digiarty
[2013/05/02 15:08:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Digiarty
[2013/05/02 14:29:13 | 000,000,000 | ---D | C] -- C:\Users\Mari\AppData\Roaming\vlc
[2013/05/02 14:27:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/05/02 14:26:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2013/04/30 14:51:42 | 000,000,000 | ---D | C] -- C:\Users\Mari\AppData\Roaming\DivX
[2013/04/30 14:00:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2013/04/30 14:00:24 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2013/04/30 14:00:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2013/04/30 13:58:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2013/04/30 13:58:06 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2013/04/30 13:55:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013/04/30 13:53:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/04/30 13:53:55 | 000,000,000 | ---D | C] -- C:\Users\Mari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/04/30 13:53:53 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013/04/30 13:51:56 | 000,000,000 | ---D | C] -- C:\Users\Mari\AppData\Roaming\WinRAR
[2013/04/30 03:04:36 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/04/30 03:04:36 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/04/30 03:04:36 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/04/30 03:04:35 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/04/30 03:04:35 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/04/30 03:04:35 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/04/30 03:04:35 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/04/30 03:04:35 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/04/30 03:04:35 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/04/30 03:04:35 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/04/30 03:04:35 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/04/30 03:04:35 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/04/30 03:04:35 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/04/30 03:04:35 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/04/30 03:04:35 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/04/30 03:04:35 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/04/30 03:04:35 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/04/30 03:04:35 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/04/30 03:04:35 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/04/30 03:04:35 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/04/30 03:04:35 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/04/30 03:04:35 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/04/30 03:04:35 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/04/30 03:04:35 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/04/30 03:04:35 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/04/30 03:04:35 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/04/30 03:04:35 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/04/30 03:04:35 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/04/30 03:04:35 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/04/30 03:04:35 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/04/30 03:04:35 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/04/30 03:04:35 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/04/30 03:04:35 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/04/30 03:04:35 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/04/30 03:04:35 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/04/30 03:04:35 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/04/30 03:04:35 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/04/30 03:04:35 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/04/30 03:04:35 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/04/30 03:04:35 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/04/30 03:04:35 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/04/30 03:04:35 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/04/30 03:04:35 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/04/30 03:04:35 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/04/30 03:04:35 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/04/30 03:04:35 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/04/30 03:04:35 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/04/30 03:04:35 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/04/30 03:04:35 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/04/30 03:04:35 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/04/30 03:04:35 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/04/30 03:04:35 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/04/30 03:04:34 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/02/17 04:27:32 | 002,174,976 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Program Files (x86)\Common Files\atimpenc.dll
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\Windows\SysNative\
[2013/05/28 23:20:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mari\Desktop\OTL.exe
[2013/05/28 23:19:13 | 000,013,952 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/28 23:19:13 | 000,013,952 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/28 23:15:03 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/28 23:11:29 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/28 23:10:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/28 23:10:49 | 3190,050,816 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/28 23:05:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/28 22:35:33 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/28 22:19:15 | 000,632,031 | ---- | M] () -- C:\Users\Mari\Desktop\AdwCleaner.exe
[2013/05/28 18:08:58 | 005,566,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/15 18:50:02 | 000,000,364 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2013/05/15 18:45:29 | 001,528,992 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/15 18:45:29 | 000,664,038 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2013/05/15 18:45:29 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/15 18:45:29 | 000,128,328 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2013/05/15 18:45:29 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/14 23:05:25 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/05/14 23:05:25 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/05/14 23:05:19 | 009,195,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013/05/12 19:56:23 | 001,846,227 | ---- | M] () -- C:\Users\Mari\Documents\showreel 2013_CS6_COMEDY - Cópia.prproj
[2013/05/02 23:19:23 | 000,001,294 | ---- | M] () -- C:\Users\Public\Desktop\WinX DVD Ripper Platinum.lnk
[2013/05/02 22:03:49 | 000,002,097 | ---- | M] () -- C:\Users\Public\Desktop\Xilisoft DVD Ripper Ultimate.lnk
[2013/04/30 13:38:54 | 000,001,805 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013/04/30 03:04:36 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/04/30 03:04:36 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/04/30 03:04:36 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/04/30 03:04:35 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/04/30 03:04:35 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/04/30 03:04:35 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/04/30 03:04:35 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/04/30 03:04:35 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/04/30 03:04:35 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/04/30 03:04:35 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/04/30 03:04:35 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/04/30 03:04:35 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/04/30 03:04:35 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/04/30 03:04:35 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/04/30 03:04:35 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/04/30 03:04:35 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/04/30 03:04:35 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/04/30 03:04:35 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/04/30 03:04:35 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/04/30 03:04:35 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/04/30 03:04:35 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/04/30 03:04:35 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/04/30 03:04:35 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/04/30 03:04:35 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/04/30 03:04:35 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/04/30 03:04:35 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/04/30 03:04:35 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/04/30 03:04:35 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/04/30 03:04:35 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/04/30 03:04:35 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/04/30 03:04:35 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/04/30 03:04:35 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/04/30 03:04:35 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/04/30 03:04:35 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/04/30 03:04:35 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/04/30 03:04:35 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/04/30 03:04:35 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/04/30 03:04:35 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/04/30 03:04:35 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/04/30 03:04:35 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/04/30 03:04:35 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/04/30 03:04:35 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/04/30 03:04:35 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/04/30 03:04:35 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/04/30 03:04:35 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/04/30 03:04:35 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/04/30 03:04:35 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/04/30 03:04:35 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/04/30 03:04:35 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/04/30 03:04:35 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/04/30 03:04:35 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/04/30 03:04:35 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/04/30 03:04:35 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/04/30 03:04:35 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/04/30 03:04:34 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/04/29 17:59:29 | 000,004,304 | ---- | M] () -- C:\Users\Mari\Desktop\ep7_subtimes
 
========== Files Created - No Company Name ==========
 
File not found -- C:\Windows\SysNative\
[2013/05/28 22:35:33 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/28 22:19:06 | 000,632,031 | ---- | C] () -- C:\Users\Mari\Desktop\AdwCleaner.exe
[2013/05/15 18:50:02 | 000,000,364 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2013/05/12 23:15:11 | 001,846,227 | ---- | C] () -- C:\Users\Mari\Documents\showreel 2013_CS6_COMEDY - Cópia.prproj
[2013/05/02 23:19:23 | 000,001,294 | ---- | C] () -- C:\Users\Public\Desktop\WinX DVD Ripper Platinum.lnk
[2013/05/02 22:03:49 | 000,002,097 | ---- | C] () -- C:\Users\Public\Desktop\Xilisoft DVD Ripper Ultimate.lnk
[2013/04/30 03:04:35 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/04/30 03:04:35 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/04/29 17:59:29 | 000,004,304 | ---- | C] () -- C:\Users\Mari\Desktop\ep7_subtimes
[2013/03/26 12:36:26 | 000,577,024 | ---- | C] () -- C:\Users\Mari\what.jpg
[2013/03/22 13:11:49 | 000,582,903 | ---- | C] () -- C:\Users\Mari\YEAH.jpg
[2013/03/21 15:22:08 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX6000EIPS.ini
[2013/03/14 02:46:47 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2013/03/14 02:46:47 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2013/03/14 02:46:47 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2013/03/14 02:46:47 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2013/03/14 02:46:47 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2013/03/14 02:46:47 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2013/03/14 02:46:47 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2013/03/14 02:46:47 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2013/03/14 02:46:47 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2013/03/14 02:46:47 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2013/03/14 02:46:47 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2013/03/14 02:46:47 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2013/03/14 02:46:47 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2013/03/14 02:46:47 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2013/03/14 02:46:47 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2013/03/14 02:46:47 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2013/03/14 02:46:47 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2013/03/14 02:46:47 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2013/03/14 02:46:47 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2012/11/22 23:48:05 | 002,468,520 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2012/11/22 23:48:05 | 002,468,520 | ---- | C] () -- C:\Windows\SysWow64\¸´¼þ BootMan.exe
[2012/11/22 23:48:05 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2012/11/22 23:48:05 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2012/11/22 23:48:05 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2012/11/22 23:48:05 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2012/05/05 19:32:37 | 000,161,185 | ---- | C] () -- C:\Windows\Expstudio Audio Editor FREE Uninstaller.exe
[2012/04/24 01:00:24 | 000,000,132 | ---- | C] () -- C:\Users\Mari\AppData\Roaming\Preferências do formato PNG do Adobe CS5
[2011/12/04 14:23:33 | 000,000,132 | ---- | C] () -- C:\Users\Mari\AppData\Roaming\Preferências do formato BMP do Adobe CS5
[2011/10/21 14:14:09 | 000,000,132 | ---- | C] () -- C:\Users\Mari\AppData\Roaming\Preferências de formato GIF do Adobe CS5
[2011/08/29 23:45:01 | 000,094,720 | ---- | C] () -- C:\Users\Mari\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 06:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Custom Scans ==========
 
< dir C:\ /S /A:L /C >
 O volume na unidade C nÆo tem nome.
 O N£mero de S‚rie do Volume ‚ FE14-1479
 Pasta de C:\
28/08/2011  22:08    <JUNCTION>     Arquivos de Programas [C:\Program Files]
14/07/2009  06:08    <JUNCTION>     Documents and Settings [C:\Users]
               0 arquivo(s)              0 bytes
 Pasta de C:\Program Files
28/08/2011  22:08    <JUNCTION>     Arquivos Comuns [C:\Program Files\Common Files]
               0 arquivo(s)              0 bytes
 Pasta de C:\Program Files\Common Files
28/08/2011  22:08    <JUNCTION>     Sistema [C:\Program Files\Common Files\System]
               0 arquivo(s)              0 bytes
 Pasta de C:\Program Files\Windows Defender
14/07/2009  02:41    <SYMLINK>      MpAsDesc.dll [c:\windows\system32\config]
14/07/2009  02:41    <SYMLINK>      MpClient.dll [c:\windows\system32\config]
14/07/2009  02:39    <SYMLINK>      MpCmdRun.exe [c:\windows\system32\config]
14/07/2009  02:41    <SYMLINK>      MpCommu.dll [c:\windows\system32\config]
14/07/2009  02:29    <SYMLINK>      MpEvMsg.dll [c:\windows\system32\config]
14/07/2009  02:41    <SYMLINK>      MpOAV.dll [c:\windows\system32\config]
14/07/2009  02:41    <SYMLINK>      MpRTP.dll [c:\windows\system32\config]
14/07/2009  02:41    <SYMLINK>      MpSvc.dll [c:\windows\system32\config]
14/07/2009  02:39    <SYMLINK>      MSASCui.exe [c:\windows\system32\config]
20/11/2010  14:27    <SYMLINK>      MsMpCom.dll [c:\windows\system32\config]
14/07/2009  02:29    <SYMLINK>      MsMpLics.dll [c:\windows\system32\config]
14/07/2009  02:41    <SYMLINK>      MsMpRes.dll [c:\windows\system32\config]
14/07/2009  18:55    <SYMLINKD>     pt-BR [c:\windows\system32\config]
              12 arquivo(s)      3.919.360 bytes
 Pasta de C:\Program Files\Windows NT
28/08/2011  22:08    <JUNCTION>     Acess¢rios [C:\Program Files\Windows NT\Accessories]
               0 arquivo(s)              0 bytes
 Pasta de C:\ProgramData
14/07/2009  06:08    <JUNCTION>     Application Data [C:\ProgramData]
28/08/2011  22:08    <JUNCTION>     Dados de aplicativos [C:\ProgramData]
14/07/2009  06:08    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
28/08/2011  22:08    <JUNCTION>     Documentos [C:\Users\Public\Documents]
14/07/2009  06:08    <JUNCTION>     Documents [C:\Users\Public\Documents]
14/07/2009  06:08    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
28/08/2011  22:08    <JUNCTION>     Favoritos [C:\Users\Public\Favorites]
28/08/2011  22:08    <JUNCTION>     Menu Iniciar [C:\ProgramData\Microsoft\Windows\Start Menu]
28/08/2011  22:08    <JUNCTION>     Modelos [C:\ProgramData\Microsoft\Windows\Templates]
14/07/2009  06:08    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  06:08    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 arquivo(s)              0 bytes
 Pasta de C:\ProgramData\Microsoft\Windows\Start Menu
28/08/2011  22:08    <JUNCTION>     Programas [C:\ProgramData\Microsoft\Windows\Start Menu\Programs]
               0 arquivo(s)              0 bytes
 Pasta de C:\Users
14/07/2009  06:08    <SYMLINKD>     All Users [C:\ProgramData]
14/07/2009  06:08    <JUNCTION>     Default User [C:\Users\Default]
28/08/2011  22:08    <SYMLINKD>     Todos os Usu rios [C:\ProgramData]
28/08/2011  22:08    <JUNCTION>     Usu rio PadrÆo [C:\Users\Default]
               0 arquivo(s)              0 bytes
 Pasta de C:\Users\All Users
14/07/2009  06:08    <JUNCTION>     Application Data [C:\ProgramData]
28/08/2011  22:08    <JUNCTION>     Dados de aplicativos [C:\ProgramData]
14/07/2009  06:08    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
28/08/2011  22:08    <JUNCTION>     Documentos [C:\Users\Public\Documents]
14/07/2009  06:08    <JUNCTION>     Documents [C:\Users\Public\Documents]
14/07/2009  06:08    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
28/08/2011  22:08    <JUNCTION>     Favoritos [C:\Users\Public\Favorites]
28/08/2011  22:08    <JUNCTION>     Menu Iniciar [C:\ProgramData\Microsoft\Windows\Start Menu]
28/08/2011  22:08    <JUNCTION>     Modelos [C:\ProgramData\Microsoft\Windows\Templates]
14/07/2009  06:08    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  06:08    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 arquivo(s)              0 bytes
 Pasta de C:\Users\All Users\Microsoft\Windows\Start Menu
28/08/2011  22:08    <JUNCTION>     Programas [C:\ProgramData\Microsoft\Windows\Start Menu\Programs]
               0 arquivo(s)              0 bytes
 Pasta de C:\Users\Default
28/08/2011  22:08    <JUNCTION>     Ambiente de impressÆo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
28/08/2011  22:08    <JUNCTION>     Ambiente de rede [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14/07/2009  06:08    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
28/08/2011  22:08    <JUNCTION>     Configura‡äes locais [C:\Users\Default\AppData\Local]
14/07/2009  06:08    <JUNCTION>     Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
28/08/2011  22:08    <JUNCTION>     Dados de aplicativos [C:\Users\Default\AppData\Roaming]
14/07/2009  06:08    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
28/08/2011  22:08    <JUNCTION>     Menu Iniciar [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
28/08/2011  22:08    <JUNCTION>     Meus documentos [C:\Users\Default\Documents]
28/08/2011  22:08    <JUNCTION>     Modelos [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
14/07/2009  06:08    <JUNCTION>     My Documents [C:\Users\Default\Documents]
14/07/2009  06:08    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14/07/2009  06:08    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/07/2009  06:08    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14/07/2009  06:08    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14/07/2009  06:08    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14/07/2009  06:08    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 arquivo(s)              0 bytes
 Pasta de C:\Users\Default\AppData\Local
14/07/2009  06:08    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
28/08/2011  22:08    <JUNCTION>     Dados de aplicativos [C:\Users\Default\AppData\Local]
14/07/2009  06:08    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
28/08/2011  22:08    <JUNCTION>     Hist¢rico [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  06:08    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 arquivo(s)              0 bytes
 Pasta de C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu
28/08/2011  22:08    <JUNCTION>     Programas [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs]
               0 arquivo(s)              0 bytes
 Pasta de C:\Users\Default\Documents
28/08/2011  22:08    <JUNCTION>     Meus v¡deos [C:\Users\Default\Videos]
28/08/2011  22:08    <JUNCTION>     Minhas imagens [C:\Users\Default\Pictures]
28/08/2011  22:08    <JUNCTION>     Minhas m£sicas [C:\Users\Default\Music]
14/07/2009  06:08    <JUNCTION>     My Music [C:\Users\Default\Music]
14/07/2009  06:08    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
14/07/2009  06:08    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 arquivo(s)              0 bytes
 Pasta de C:\Users\Mari
28/08/2011  22:08    <JUNCTION>     Ambiente de impressÆo [C:\Users\Mari\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
28/08/2011  22:08    <JUNCTION>     Ambiente de rede [C:\Users\Mari\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
28/08/2011  22:08    <JUNCTION>     Configura‡äes locais [C:\Users\Mari\AppData\Local]
28/08/2011  22:08    <JUNCTION>     Cookies [C:\Users\Mari\AppData\Roaming\Microsoft\Windows\Cookies]
28/08/2011  22:08    <JUNCTION>     Dados de aplicativos [C:\Users\Mari\AppData\Roaming]
28/08/2011  22:08    <JUNCTION>     Menu Iniciar [C:\Users\Mari\AppData\Roaming\Microsoft\Windows\Start Menu]
28/08/2011  22:08    <JUNCTION>     Meus documentos [C:\Users\Mari\Documents]
28/08/2011  22:08    <JUNCTION>     Modelos [C:\Users\Mari\AppData\Roaming\Microsoft\Windows\Templates]
28/08/2011  22:08    <JUNCTION>     Recent [C:\Users\Mari\AppData\Roaming\Microsoft\Windows\Recent]
28/08/2011  22:08    <JUNCTION>     SendTo [C:\Users\Mari\AppData\Roaming\Microsoft\Windows\SendTo]
               0 arquivo(s)              0 bytes
 Pasta de C:\Users\Mari\AppData\Local
28/08/2011  22:08    <JUNCTION>     Dados de aplicativos [C:\Users\Mari\AppData\Local]
28/08/2011  22:08    <JUNCTION>     Hist¢rico [C:\Users\Mari\AppData\Local\Microsoft\Windows\History]
28/08/2011  22:08    <JUNCTION>     Temporary Internet Files [C:\Users\Mari\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 arquivo(s)              0 bytes
 Pasta de C:\Users\Mari\AppData\Roaming\Microsoft\Windows\Start Menu
28/08/2011  22:08    <JUNCTION>     Programas [C:\Users\Mari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs]
               0 arquivo(s)              0 bytes
 Pasta de C:\Users\Mari\Documents
28/08/2011  22:08    <JUNCTION>     Meus v¡deos [C:\Users\Mari\Videos]
28/08/2011  22:08    <JUNCTION>     Minhas imagens [C:\Users\Mari\Pictures]
28/08/2011  22:08    <JUNCTION>     Minhas m£sicas [C:\Users\Mari\Music]
               0 arquivo(s)              0 bytes
 Pasta de C:\Users\Public\Downloads\Documents
28/08/2011  22:08    <JUNCTION>     Meus v¡deos [C:\Users\Public\Videos]
28/08/2011  22:08    <JUNCTION>     Minhas imagens [C:\Users\Public\Pictures]
28/08/2011  22:08    <JUNCTION>     Minhas m£sicas [C:\Users\Public\Music]
14/07/2009  06:08    <JUNCTION>     My Music [C:\Users\Public\Music]
14/07/2009  06:08    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
14/07/2009  06:08    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 arquivo(s)              0 bytes
 Pasta de C:\Users\Todos os Usu rios
14/07/2009  06:08    <JUNCTION>     Application Data [C:\ProgramData]
28/08/2011  22:08    <JUNCTION>     Dados de aplicativos [C:\ProgramData]
14/07/2009  06:08    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
28/08/2011  22:08    <JUNCTION>     Documentos [C:\Users\Public\Documents]
14/07/2009  06:08    <JUNCTION>     Documents [C:\Users\Public\Documents]
14/07/2009  06:08    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
28/08/2011  22:08    <JUNCTION>     Favoritos [C:\Users\Public\Favorites]
28/08/2011  22:08    <JUNCTION>     Menu Iniciar [C:\ProgramData\Microsoft\Windows\Start Menu]
28/08/2011  22:08    <JUNCTION>     Modelos [C:\ProgramData\Microsoft\Windows\Templates]
14/07/2009  06:08    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  06:08    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 arquivo(s)              0 bytes
 Pasta de C:\Users\Todos os Usu rios\Microsoft\Windows\Start Menu
28/08/2011  22:08    <JUNCTION>     Programas [C:\ProgramData\Microsoft\Windows\Start Menu\Programs]
               0 arquivo(s)              0 bytes
 Pasta de C:\Windows\winsxs\amd64_security-malware-windows-defender-events_31bf3856ad364e35_6.1.7600.16385_none_118cf1dcd54a3dea
14/07/2009  02:29    <SYMLINK>      MpEvMsg.dll [c:\windows\system32\config]
               1 arquivo(s)         52.224 bytes
 Pasta de C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c
14/07/2009  02:41    <SYMLINK>      MpAsDesc.dll [c:\windows\system32\config]
14/07/2009  02:41    <SYMLINK>      MpClient.dll [c:\windows\system32\config]
14/07/2009  02:39    <SYMLINK>      MpCmdRun.exe [c:\windows\system32\config]
14/07/2009  02:41    <SYMLINK>      MpCommu.dll [c:\windows\system32\config]
14/07/2009  02:41    <SYMLINK>      MpOAV.dll [c:\windows\system32\config]
14/07/2009  02:41    <SYMLINK>      MpRTP.dll [c:\windows\system32\config]
14/07/2009  02:41    <SYMLINK>      MpSvc.dll [c:\windows\system32\config]
14/07/2009  02:39    <SYMLINK>      MSASCui.exe [c:\windows\system32\config]
14/07/2009  02:29    <SYMLINK>      MsMpLics.dll [c:\windows\system32\config]
14/07/2009  02:41    <SYMLINK>      MsMpRes.dll [c:\windows\system32\config]
              10 arquivo(s)      3.806.208 bytes
 Pasta de C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306
14/07/2009  02:41    <SYMLINK>      MpAsDesc.dll [c:\windows\system32\config]
14/07/2009  02:41    <SYMLINK>      MpClient.dll [c:\windows\system32\config]
14/07/2009  02:39    <SYMLINK>      MpCmdRun.exe [c:\windows\system32\config]
14/07/2009  02:41    <SYMLINK>      MpCommu.dll [c:\windows\system32\config]
14/07/2009  02:41    <SYMLINK>      MpOAV.dll [c:\windows\system32\config]
14/07/2009  02:41    <SYMLINK>      MpRTP.dll [c:\windows\system32\config]
14/07/2009  02:41    <SYMLINK>      MpSvc.dll [c:\windows\system32\config]
14/07/2009  02:39    <SYMLINK>      MSASCui.exe [c:\windows\system32\config]
20/11/2010  14:27    <SYMLINK>      MsMpCom.dll [c:\windows\system32\config]
14/07/2009  02:29    <SYMLINK>      MsMpLics.dll [c:\windows\system32\config]
14/07/2009  02:41    <SYMLINK>      MsMpRes.dll [c:\windows\system32\config]
              11 arquivo(s)      3.867.136 bytes
     Total de Arquivos na Lista:
              34 arquivo(s)     11.644.928 bytes
              98 pasta(s)    1.368.891.392 bytes dispon¡veis
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
 
< End of report >
 

 

Attached Files



#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:37 PM

Posted 28 May 2013 - 08:36 PM

Download the enclosed file.
 
Save it next to FRST, overwriting the existing one..
 
Run FRST in Normal Mode. This time around, click on the Fix button and wait.
 
The tool will make a log in the location FRST is, (Fixlog.txt). Please post it to your reply.
 
 

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 CristinaLR

CristinaLR
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 28 May 2013 - 08:44 PM

OK, here it goes:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-05-2013
Ran by Mari at 2013-05-29 02:45:32 Run:3
Running from F:\
Boot Mode: Normal
==============================================
 
"C:\Program Files\Windows Defender" => Deleting junctions completed successfully.
permissions for C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c were reset successfully 
permissions for C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MpAsDesc.dll were reset successfully 
permissions for C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MpClient.dll were reset successfully 
permissions for C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MpCmdRun.exe were reset successfully 
permissions for C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MpCommu.dll were reset successfully 
permissions for C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MpOAV.dll were reset successfully 
permissions for C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MpRTP.dll were reset successfully 
permissions for C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MpSvc.dll were reset successfully 
permissions for C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MSASCui.exe were reset successfully 
permissions for C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MsMpLics.dll were reset successfully 
permissions for C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MsMpRes.dll were reset successfully 
 
=========  fsutil reparsepoint delete "C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c" =========
 
Erro:  O arquivo ou pasta nÆo ‚ um ponto de nova an lise.
 
 
========= End of CMD: =========
 
 
=========  fsutil reparsepoint delete "C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MpAsDesc.dll" =========
 
Erro:  O arquivo ou pasta nÆo ‚ um ponto de nova an lise.
 
 
========= End of CMD: =========
 
 
=========  fsutil reparsepoint delete "C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MpClient.dll" =========
 
Erro:  O arquivo ou pasta nÆo ‚ um ponto de nova an lise.
 
 
========= End of CMD: =========
 
 
=========  fsutil reparsepoint delete "C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MpCmdRun.exe" =========
 
Erro:  O arquivo ou pasta nÆo ‚ um ponto de nova an lise.
 
 
========= End of CMD: =========
 
 
=========  fsutil reparsepoint delete "C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MpCommu.dll" =========
 
Erro:  O arquivo ou pasta nÆo ‚ um ponto de nova an lise.
 
 
========= End of CMD: =========
 
 
=========  fsutil reparsepoint delete "C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MpOAV.dll" =========
 
Erro:  O arquivo ou pasta nÆo ‚ um ponto de nova an lise.
 
 
========= End of CMD: =========
 
 
=========  fsutil reparsepoint delete "C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MpRTP.dll" =========
 
Erro:  O arquivo ou pasta nÆo ‚ um ponto de nova an lise.
 
 
========= End of CMD: =========
 
 
=========  fsutil reparsepoint delete "C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MpSvc.dll" =========
 
Erro:  O arquivo ou pasta nÆo ‚ um ponto de nova an lise.
 
 
========= End of CMD: =========
 
 
=========  fsutil reparsepoint delete "C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MSASCui.exe" =========
 
Erro:  O arquivo ou pasta nÆo ‚ um ponto de nova an lise.
 
 
========= End of CMD: =========
 
 
=========  fsutil reparsepoint delete "C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MsMpLics.dll" =========
 
Erro:  O arquivo ou pasta nÆo ‚ um ponto de nova an lise.
 
 
========= End of CMD: =========
 
 
=========  fsutil reparsepoint delete "C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MsMpRes.dll" =========
 
Erro:  O arquivo ou pasta nÆo ‚ um ponto de nova an lise.
 
 
========= End of CMD: =========
 
permissions for C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306 were reset successfully 
permissions for C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpAsDesc.dll were reset successfully 
permissions for C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpClient.dll were reset successfully 
permissions for C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpCmdRun.exe were reset successfully 
permissions for C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpCommu.dll were reset successfully 
permissions for C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpOAV.dll were reset successfully 
permissions for C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpRTP.dll were reset successfully 
permissions for C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpSvc.dll were reset successfully 
permissions for C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MSASCui.exe were reset successfully 
permissions for C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MsMpLics.dll were reset successfully 
permissions for C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MsMpRes.dll were reset successfully 
 
=========  fsutil reparsepoint delete "C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306" =========
 
Erro:  O arquivo ou pasta nÆo ‚ um ponto de nova an lise.
 
 
========= End of CMD: =========
 
 
=========  fsutil reparsepoint delete "C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpAsDesc.dll" =========
 
Erro:  O arquivo ou pasta nÆo ‚ um ponto de nova an lise.
 
 
========= End of CMD: =========
 
 
=========  fsutil reparsepoint delete "C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpClient.dll" =========
 
Erro:  O arquivo ou pasta nÆo ‚ um ponto de nova an lise.
 
 
========= End of CMD: =========
 
 
=========  fsutil reparsepoint delete "C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpCmdRun.exe" =========
 
Erro:  O arquivo ou pasta nÆo ‚ um ponto de nova an lise.
 
 
========= End of CMD: =========
 
 
=========  fsutil reparsepoint delete "C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpCommu.dll" =========
 
Erro:  O arquivo ou pasta nÆo ‚ um ponto de nova an lise.
 
 
========= End of CMD: =========
 
 
=========  fsutil reparsepoint delete "C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpOAV.dll" =========
 
Erro:  O arquivo ou pasta nÆo ‚ um ponto de nova an lise.
 
 
========= End of CMD: =========
 
 
=========  fsutil reparsepoint delete "C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpRTP.dll" =========
 
Erro:  O arquivo ou pasta nÆo ‚ um ponto de nova an lise.
 
 
========= End of CMD: =========
 
 
=========  fsutil reparsepoint delete "C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpSvc.dll" =========
 
Erro:  O arquivo ou pasta nÆo ‚ um ponto de nova an lise.
 
 
========= End of CMD: =========
 
 
=========  fsutil reparsepoint delete "C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MSASCui.exe" =========
 
Erro:  O arquivo ou pasta nÆo ‚ um ponto de nova an lise.
 
 
========= End of CMD: =========
 
 
=========  fsutil reparsepoint delete "C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MsMpLics.dll" =========
 
Erro:  O arquivo ou pasta nÆo ‚ um ponto de nova an lise.
 
 
========= End of CMD: =========
 
 
=========  fsutil reparsepoint delete "C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MsMpRes.dll" =========
 
Erro:  O arquivo ou pasta nÆo ‚ um ponto de nova an lise.
 
 
========= End of CMD: =========
 
 
=========  Dir /s /a:l c:\ =========
 
 O volume na unidade C nÆo tem nome.
 O N£mero de S‚rie do Volume ‚ FE14-1479
 
 Pasta de c:\
 
28/08/2011  22:08    <JUNCTION>     Arquivos de Programas [C:\Program Files]
14/07/2009  06:08    <JUNCTION>     Documents and Settings [C:\Users]
               0 arquivo(s)              0 bytes
 
 Pasta de c:\Program Files
 
28/08/2011  22:08    <JUNCTION>     Arquivos Comuns [C:\Program Files\Common Files]
               0 arquivo(s)              0 bytes
 
 Pasta de c:\Program Files\Common Files
 
28/08/2011  22:08    <JUNCTION>     Sistema [C:\Program Files\Common Files\System]
               0 arquivo(s)              0 bytes
 
 Pasta de c:\Program Files\Windows NT
 
28/08/2011  22:08    <JUNCTION>     Acess¢rios [C:\Program Files\Windows NT\Accessories]
               0 arquivo(s)              0 bytes
 
 Pasta de c:\ProgramData
 
14/07/2009  06:08    <JUNCTION>     Application Data [C:\ProgramData]
28/08/2011  22:08    <JUNCTION>     Dados de aplicativos [C:\ProgramData]
14/07/2009  06:08    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
28/08/2011  22:08    <JUNCTION>     Documentos [C:\Users\Public\Documents]
14/07/2009  06:08    <JUNCTION>     Documents [C:\Users\Public\Documents]
14/07/2009  06:08    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
28/08/2011  22:08    <JUNCTION>     Favoritos [C:\Users\Public\Favorites]
28/08/2011  22:08    <JUNCTION>     Menu Iniciar [C:\ProgramData\Microsoft\Windows\Start Menu]
28/08/2011  22:08    <JUNCTION>     Modelos [C:\ProgramData\Microsoft\Windows\Templates]
14/07/2009  06:08    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  06:08    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 arquivo(s)              0 bytes
 
 Pasta de c:\ProgramData\Microsoft\Windows\Start Menu
 
28/08/2011  22:08    <JUNCTION>     Programas [C:\ProgramData\Microsoft\Windows\Start Menu\Programs]
               0 arquivo(s)              0 bytes
 
 Pasta de c:\Users
 
14/07/2009  06:08    <SYMLINKD>     All Users [C:\ProgramData]
14/07/2009  06:08    <JUNCTION>     Default User [C:\Users\Default]
28/08/2011  22:08    <SYMLINKD>     Todos os Usu rios [C:\ProgramData]
28/08/2011  22:08    <JUNCTION>     Usu rio PadrÆo [C:\Users\Default]
               0 arquivo(s)              0 bytes
 
 Pasta de c:\Users\All Users
 
14/07/2009  06:08    <JUNCTION>     Application Data [C:\ProgramData]
28/08/2011  22:08    <JUNCTION>     Dados de aplicativos [C:\ProgramData]
14/07/2009  06:08    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
28/08/2011  22:08    <JUNCTION>     Documentos [C:\Users\Public\Documents]
14/07/2009  06:08    <JUNCTION>     Documents [C:\Users\Public\Documents]
14/07/2009  06:08    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
28/08/2011  22:08    <JUNCTION>     Favoritos [C:\Users\Public\Favorites]
28/08/2011  22:08    <JUNCTION>     Menu Iniciar [C:\ProgramData\Microsoft\Windows\Start Menu]
28/08/2011  22:08    <JUNCTION>     Modelos [C:\ProgramData\Microsoft\Windows\Templates]
14/07/2009  06:08    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  06:08    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 arquivo(s)              0 bytes
 
 Pasta de c:\Users\All Users\Microsoft\Windows\Start Menu
 
28/08/2011  22:08    <JUNCTION>     Programas [C:\ProgramData\Microsoft\Windows\Start Menu\Programs]
               0 arquivo(s)              0 bytes
 
 Pasta de c:\Users\Default
 
28/08/2011  22:08    <JUNCTION>     Ambiente de impressÆo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
28/08/2011  22:08    <JUNCTION>     Ambiente de rede [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14/07/2009  06:08    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
28/08/2011  22:08    <JUNCTION>     Configura‡äes locais [C:\Users\Default\AppData\Local]
14/07/2009  06:08    <JUNCTION>     Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
28/08/2011  22:08    <JUNCTION>     Dados de aplicativos [C:\Users\Default\AppData\Roaming]
14/07/2009  06:08    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
28/08/2011  22:08    <JUNCTION>     Menu Iniciar [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
28/08/2011  22:08    <JUNCTION>     Meus documentos [C:\Users\Default\Documents]
28/08/2011  22:08    <JUNCTION>     Modelos [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
14/07/2009  06:08    <JUNCTION>     My Documents [C:\Users\Default\Documents]
14/07/2009  06:08    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14/07/2009  06:08    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/07/2009  06:08    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14/07/2009  06:08    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14/07/2009  06:08    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14/07/2009  06:08    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 arquivo(s)              0 bytes
 
 Pasta de c:\Users\Default\AppData\Local
 
14/07/2009  06:08    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
28/08/2011  22:08    <JUNCTION>     Dados de aplicativos [C:\Users\Default\AppData\Local]
14/07/2009  06:08    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
28/08/2011  22:08    <JUNCTION>     Hist¢rico [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  06:08    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 arquivo(s)              0 bytes
 
 Pasta de c:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu
 
28/08/2011  22:08    <JUNCTION>     Programas [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs]
               0 arquivo(s)              0 bytes
 
 Pasta de c:\Users\Default\Documents
 
28/08/2011  22:08    <JUNCTION>     Meus v¡deos [C:\Users\Default\Videos]
28/08/2011  22:08    <JUNCTION>     Minhas imagens [C:\Users\Default\Pictures]
28/08/2011  22:08    <JUNCTION>     Minhas m£sicas [C:\Users\Default\Music]
14/07/2009  06:08    <JUNCTION>     My Music [C:\Users\Default\Music]
14/07/2009  06:08    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
14/07/2009  06:08    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 arquivo(s)              0 bytes
 
 Pasta de c:\Users\Mari
 
28/08/2011  22:08    <JUNCTION>     Ambiente de impressÆo [C:\Users\Mari\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
28/08/2011  22:08    <JUNCTION>     Ambiente de rede [C:\Users\Mari\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
28/08/2011  22:08    <JUNCTION>     Configura‡äes locais [C:\Users\Mari\AppData\Local]
28/08/2011  22:08    <JUNCTION>     Cookies [C:\Users\Mari\AppData\Roaming\Microsoft\Windows\Cookies]
28/08/2011  22:08    <JUNCTION>     Dados de aplicativos [C:\Users\Mari\AppData\Roaming]
28/08/2011  22:08    <JUNCTION>     Menu Iniciar [C:\Users\Mari\AppData\Roaming\Microsoft\Windows\Start Menu]
28/08/2011  22:08    <JUNCTION>     Meus documentos [C:\Users\Mari\Documents]
28/08/2011  22:08    <JUNCTION>     Modelos [C:\Users\Mari\AppData\Roaming\Microsoft\Windows\Templates]
28/08/2011  22:08    <JUNCTION>     Recent [C:\Users\Mari\AppData\Roaming\Microsoft\Windows\Recent]
28/08/2011  22:08    <JUNCTION>     SendTo [C:\Users\Mari\AppData\Roaming\Microsoft\Windows\SendTo]
               0 arquivo(s)              0 bytes
 
 Pasta de c:\Users\Mari\AppData\Local
 
28/08/2011  22:08    <JUNCTION>     Dados de aplicativos [C:\Users\Mari\AppData\Local]
28/08/2011  22:08    <JUNCTION>     Hist¢rico [C:\Users\Mari\AppData\Local\Microsoft\Windows\History]
28/08/2011  22:08    <JUNCTION>     Temporary Internet Files [C:\Users\Mari\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 arquivo(s)              0 bytes
 
 Pasta de c:\Users\Mari\AppData\Roaming\Microsoft\Windows\Start Menu
 
28/08/2011  22:08    <JUNCTION>     Programas [C:\Users\Mari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs]
               0 arquivo(s)              0 bytes
 
 Pasta de c:\Users\Mari\Documents
 
28/08/2011  22:08    <JUNCTION>     Meus v¡deos [C:\Users\Mari\Videos]
28/08/2011  22:08    <JUNCTION>     Minhas imagens [C:\Users\Mari\Pictures]
28/08/2011  22:08    <JUNCTION>     Minhas m£sicas [C:\Users\Mari\Music]
               0 arquivo(s)              0 bytes
 
 Pasta de c:\Users\Public\Downloads\Documents
 
28/08/2011  22:08    <JUNCTION>     Meus v¡deos [C:\Users\Public\Videos]
28/08/2011  22:08    <JUNCTION>     Minhas imagens [C:\Users\Public\Pictures]
28/08/2011  22:08    <JUNCTION>     Minhas m£sicas [C:\Users\Public\Music]
14/07/2009  06:08    <JUNCTION>     My Music [C:\Users\Public\Music]
14/07/2009  06:08    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
14/07/2009  06:08    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 arquivo(s)              0 bytes
 
 Pasta de c:\Users\Todos os Usu rios
 
14/07/2009  06:08    <JUNCTION>     Application Data [C:\ProgramData]
28/08/2011  22:08    <JUNCTION>     Dados de aplicativos [C:\ProgramData]
14/07/2009  06:08    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
28/08/2011  22:08    <JUNCTION>     Documentos [C:\Users\Public\Documents]
14/07/2009  06:08    <JUNCTION>     Documents [C:\Users\Public\Documents]
14/07/2009  06:08    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
28/08/2011  22:08    <JUNCTION>     Favoritos [C:\Users\Public\Favorites]
28/08/2011  22:08    <JUNCTION>     Menu Iniciar [C:\ProgramData\Microsoft\Windows\Start Menu]
28/08/2011  22:08    <JUNCTION>     Modelos [C:\ProgramData\Microsoft\Windows\Templates]
14/07/2009  06:08    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  06:08    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 arquivo(s)              0 bytes
 
 Pasta de c:\Users\Todos os Usu rios\Microsoft\Windows\Start Menu
 
28/08/2011  22:08    <JUNCTION>     Programas [C:\ProgramData\Microsoft\Windows\Start Menu\Programs]
               0 arquivo(s)              0 bytes
 
     Total de Arquivos na Lista:
               0 arquivo(s)              0 bytes
              97 pasta(s)    1.364.467.712 bytes dispon¡veis
 
========= End of CMD: =========
 
 
==== End of Fixlog ====

 


Edited by CristinaLR, 28 May 2013 - 08:46 PM.


#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:37 PM

Posted 28 May 2013 - 09:11 PM

Restart and test the computer.

 

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
 

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
     then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

 

 

Security check

Download and run Security Check by screen317 and post its report.

 

 

How is the computer doing?

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 CristinaLR

CristinaLR
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 29 May 2013 - 07:11 AM

Hi again!

Well, this time I was not sure what the logfile was. There was no C:\Program Files\ESET\ created, therefore no log.txt saved

 

However, I took a screenshot of the finished scan (please find "log.jpeg"), and "copied the scan results to clipboard", pasting them in notepad, and attaching them to this response (log.txt)Attached File  log.jpg   323.08KB   3 downloads.

 

And here is the security check by screen317 report:

 

 Results of screen317's Security Check version 0.99.64 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````
Norton 360   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Java 7 Update 21 
 Adobe Flash Player 11.7.700.202 
 Adobe Reader 10.1.6 Adobe Reader out of Date! 
 Google Chrome 26.0.1410.64 
 Google Chrome 27.0.1453.94 
````````Process Check: objlist.exe by Laurent```````` 
 Norton ccSvcHst.exe
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: =
````````````````````End of Log``````````````````````

Attached Files

  • Attached File  log.txt   402bytes   1 downloads

Edited by CristinaLR, 29 May 2013 - 07:16 AM.


#15 CristinaLR

CristinaLR
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 29 May 2013 - 07:27 AM

I'm confused as per Internet Explorer showed as version 9 on the Farbar scan 2 days ago, and now it showed as version 10 on the screen317 report.

Also, adobe reader is asking me to update, but a fake update of some adobe product was what downloaded the virus on my computer in the first place... should I authorize that update now?

 

As for the rest, answering to your question, the computer is doing fine. Just taking a bit long to book everytime, but perfectly fine. I'm just wary of using it as I don't know if it's clean yet.


Edited by CristinaLR, 29 May 2013 - 07:28 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users