Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot turn on Windows Firewall- Error Code (0x8007042c)


  • This topic is locked This topic is locked
32 replies to this topic

#1 felps

felps

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:52 AM

Posted 12 April 2014 - 04:12 PM

I am having a problem with windows firewall. I cannot turn on my firewall, whenever I try to turn it on I get this error (Windows Firewall can't change some of your settings-Error code 0x8007042c)
and i didnt found the zero access with rkill, here is my log from rkill:
 
---------------------------------------------------------------------------------------------------------------------------------
 
 
Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html
 
Program started at: 04/11/2014 11:59:18 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\ProgramData\DatacardService\HWDeviceService64.exe (PID: 2504) [AU-HEUR]
 * C:\ProgramData\DatacardService\DCSHelper.exe (PID: 2608) [AU-HEUR]
 * C:\ProgramData\DatacardService\DCSHelper.exe (PID: 2872) [AU-HEUR]
 
3 proccesses terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * Base Filtering Engine (BFE) is not Running.
   Startup Type set to: Automatic
 
 * Windows Firewall (MpsSvc) is not Running.
   Startup Type set to: Automatic
 
 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Automatic (Delayed Start)
 
 * WMPNetworkSvc [Missing ImagePath]
 
 * WinDefend => %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [Incorrect ServiceDLL]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
 
Program finished at: 04/12/2014 12:00:39 AM
Execution time: 0 hours(s), 1 minute(s), and 21 seconds(s)

Edit: Moved topic from Am I infected? What do I do? to the more appropriate forum, at the request of Malware Removal Team member.~ Animal

BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:52 AM

Posted 12 April 2014 - 05:02 PM

Hello,

 

 

Backup Your Registry

 


 

Now download the following files and save them to your desktop:
 

BFE.reg

 

MpsSvc.reg

 

WinDefend.reg

 

WMPNetworkSvc.reg


Now double click on each of them one by one. An information box will pop up asking if you want to merge the information in the file into the registry, click YES.

 

  • Next please download the ESET ServicesRepair utility and save it to your Desktop.
  • Double-click ServicesRepair.exe to run the ESET ServicesRepair utility.
  • If you are using User Access Control, click Run when prompted and then click Yes when asked to allow changes.
  • Reboot the computer and then please post a fresh log from RKILL.

 

Also please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure that all options are checked.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#3 felps

felps
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:52 AM

Posted 12 April 2014 - 06:21 PM

Hello

 

 

------------------------------------------- rkill---------------------------------------------------------------

 

 

Rkill 2.6.5 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 04/12/2014 08:12:09 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\ProgramData\DatacardService\HWDeviceService64.exe (PID: 2860) [AU-HEUR]
 * C:\ProgramData\DatacardService\DCSHelper.exe (PID: 3008) [AU-HEUR]
 * C:\ProgramData\DatacardService\DCSHelper.exe (PID: 2280) [AU-HEUR]
 
3 proccesses terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * Base Filtering Engine (BFE) is not Running.
   Startup Type set to: Automatic
 
 * Windows Firewall (MpsSvc) is not Running.
   Startup Type set to: Automatic
 
 * Security Center (wscsvc) is not Running.
   Startup Type set to: Automatic (Delayed Start)
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
 
Program finished at: 04/12/2014 08:15:23 PM
Execution time: 0 hours(s), 3 minute(s), and 13 seconds(s)
 
------------------------------------------FARBAR---------------------------------------------------------------
 
 
Farbar Service Scanner Version: 25-02-2014
Ran by Felipe (administrator) on 12-04-2014 at 20:18:21
Running from "C:\Users\Felipe\Downloads"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
WAN connected
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.
 
bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.
 
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****
 
 
-------------------------------------------------------------------------------------------------------------------------------------


#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:52 AM

Posted 13 April 2014 - 01:55 AM

Hi,

 

Please download Windows Repair (all in one) from here

Install the program then go to step 4 and create a new system restore point and new registry backup.

step-4-tab.jpg

On the the Start Repairs tab => Click the Start

start-repairs-tab.jpg

Click on the Select All button and then click on Start

7fthj.png

DON'T use the computer while each scan is in progress.

Restart may be needed to finish the repair procedure.

Post new Farbar Service Scanner log.

 

Thanks!

 

 

Regards,

Georgi


cXfZ4wS.png


#5 felps

felps
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:52 AM

Posted 13 April 2014 - 11:47 AM

Hello Georgi...

 

--------------------------------FARBAR------------------------------------------

 

Farbar Service Scanner Version: 25-02-2014
Ran by Felipe (administrator) on 13-04-2014 at 13:44:55
Running from "C:\Users\Felipe\Downloads"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
WAN connected
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.
 
bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.
 
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****
 
 
-----------------------------------------------------------------------------------------------------------------------


#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:52 AM

Posted 13 April 2014 - 11:59 AM

Hello,

 

Please download and run the following tool, then reboot the computer and post a new log from Farbar Service Scanner.

 

 

Regards,

Georgi


cXfZ4wS.png


#7 felps

felps
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:52 AM

Posted 13 April 2014 - 02:06 PM

So, Georgi..

 

 

i applied the following tool but it doesnt solved the issue, here what was printed to me..

 

-------------------------------RESULT REPORT------------------------------------------------------

 

 
Windows Firewall service is not started Not fixed
Windows Firewall service is not running or is not started.

 

 

 

On the next page it wrote to me this:

 

 

automatically repair windows firewall problems, such as windows  fails to start windows firewall service (0x5), BFE service  is missing, or windows remote assistance is not working 

-------------------------------------------------------------------------------------------------------------

 

Then i tried to send the issue to microsoft windows, but i am having some troubles with my internet, but i am still trying. Maybe i will have more success tomorrow on my university.

 

And here my farbar log

 

-----------------------------------------FARBAR-------------------------------------------------------------

 

 

Farbar Service Scanner Version: 25-02-2014
Ran by Felipe (administrator) on 13-04-2014 at 16:06:16
Running from "C:\Users\Felipe\Downloads"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
WAN connected
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.
 
bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.
 
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****
 
----------------------------------------------------------------------------------------------------------


#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:52 AM

Posted 13 April 2014 - 02:27 PM

Hi,

 

Please do the following:
 

  • Press windows key + R windows-r.jpg on your keyboard at the same time.
  • Type regedit and press Enter
  • Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MpsSvc
  • Right-Click MpsSvc and select Permissions
  • Click Advanced.
  • Under Owner tab select the entry starting with you user name, example: B-boy-PC
  • Put a check mark next to Replace owner on subcontainers and objects and click Apply and OK.
  • Under Security click Add, enter “Everyone” and click Check names and click OK.
  • Now click on Everyone in the list at the top, and check the “Allow Full Control” checkbox below.
  • Click Apply and OK and close the registry editor.
  • Now click on the start menu, then type cmd into the search box and when cmd.exe populates in the window above => right click it and choose "Run as Administrator"
  • Type: net start MpsSvc and hit Enter.
     
  • Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\bfe
  • Right-Click bfe and select Permissions
  • Click Advanced.
  • Under Owner tab select the entry starting with you user name, example: B-boy-PC
  • Put a check mark next to Replace owner on subcontainers and objects and click Apply and OK.
  • Under Security click Add, enter “Everyone” and click Check names and click OK.
  • Now click on Everyone in the list at the top, and check the “Allow Full Control” checkbox below.
  • Click Apply and OK and close the registry editor.
  • Type cmd into the start box and when cmd.exe populates in the window above => right click it and choose "Run as Administrator"
  • Type: net start bfe and hit Enter.

 

  • Reboot the computer.
  • Post a new log from FSS in your next reply.

 

Regards,

Georgi


cXfZ4wS.png


#9 felps

felps
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:52 AM

Posted 13 April 2014 - 03:54 PM

Georgi

 

i tried to do what you ask me, and i have this results:

 

>>MpsSvc

 

on the CMD 

 

--------------------------------------------------------------------------------

 

system error 1068 has occurred
 
the dependency service or group failed to star
 
--------------------------------------------------------------------------------
 
>>BFE
 
On the regedit its already exist "Everyone" in the permissions, i tried to remove it, but its not possible, and i cant chek or unchek the "allow full control".
So i tried to type on CMD, and appears this to me:
 
--------------------------------------------------------------------------------
 
system error 1083 has occurred
 
The executable program that this service is configured to run in does not implement the service

 

--------------------------------------------------------------------------------

 

 

 

 

And here the FARBAR

 

 

-----------------------------------------------------FARBAR--------------------------------------------------------

 

Farbar Service Scanner Version: 25-02-2014
Ran by Felipe (administrator) on 13-04-2014 at 17:45:09
Running from "C:\Users\Felipe\Downloads"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
WAN connected
Attempt to access Google IP returned error. Google IP is unreachable
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.
 
bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.
 
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****
 
------------------------------------------------------------------------------------------------------------------


#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:52 AM

Posted 13 April 2014 - 04:51 PM

Hi,

 

I'll request this topic to be moved in the MRT area where more advanced tools are allowed.

 

  • Now please download Combofix from here.
     
  • Save it to your Desktop.
     
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.
     
  • Double click it & follow the prompts.
     
  • If you receive a UAC prompt asking if you want to continue running the program, you should press the Continue button.
     
  • Click on Yes, to continue scanning for malware.
     
  • When finished, it will produce a log for you.
     
  • Please include the C:\ComboFix.txt in your next reply.
     
  • Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.

 

Do not touch your mouse/keyboard until the ComboFix scan has completed, as this may cause the process to stall or the computer to lock.


Regards,
Georgi


cXfZ4wS.png


#11 felps

felps
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:52 AM

Posted 15 April 2014 - 08:01 PM

hi Georgi... 

 

i am sorry for being slow to respond...

 

So, back to business

 

here your log and you are GREAT...my firewall and windows update are BACK!

 

------------------------------COMBOFIX---------------------------------------------------

 

ComboFix 14-04-12.01 - Felipe 13/04/2014  19:44:47.1.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.55.1033.18.4058.2188 [GMT -3:00]
Executando de: c:\users\Felipe\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Felipe\12.txt
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Serviços   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
((((((((((((((((   Arquivos/Ficheiros criados de 2014-03-13 to 2014-04-13  ))))))))))))))))))))))))))))
.
.
2014-04-13 22:54 . 2014-04-13 22:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-13 22:38 . 2014-04-13 22:39 -------- d-----w- c:\windows\system32\catroot2
2014-04-13 16:15 . 2014-04-13 22:57 -------- d-----w- c:\windows\system32\wbem\repository
2014-04-11 02:30 . 2014-04-11 02:30 -------- d-sh--w- c:\users\Felipe\AppData\Local\EmieUserList
2014-04-11 02:30 . 2014-04-11 02:30 -------- d-sh--w- c:\users\Felipe\AppData\Local\EmieSiteList
2014-04-10 20:49 . 2014-04-10 20:49 35352 ----a-w- c:\windows\system32\drivers\cnnctfy3.sys
2014-04-10 20:49 . 2014-04-11 19:23 -------- d-----w- c:\program files (x86)\Connectify
2014-04-10 20:48 . 2014-04-10 21:09 -------- d-----w- c:\programdata\Connectify
2014-04-10 16:53 . 2014-04-10 16:53 -------- d-----w- c:\program files (x86)\WiFi Password Revealer
2014-04-10 16:33 . 2014-04-10 16:37 -------- d-----w- c:\program files (x86)\Vistumbler
2014-04-10 16:12 . 2014-04-10 16:12 -------- d-----w- c:\program files (x86)\Makayama Interactive
2014-04-08 14:05 . 2014-04-13 16:30 -------- d-----w- c:\users\Felipe\AppData\Local\CrashDumps
2014-04-07 16:35 . 2014-04-07 16:35 578896 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2014-04-04 14:47 . 2014-02-17 16:41 27456 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2014-04-04 03:32 . 2014-04-13 16:23 181064 ----a-w- c:\windows\PSEXESVC.EXE
2014-04-04 03:29 . 2014-04-04 03:29 -------- d-----w- C:\RegBackup
2014-04-04 03:24 . 2014-04-04 03:24 9889352 ----a-w- c:\windows\SysWow64\RsCRIcon.dll
2014-04-04 03:24 . 2014-04-04 03:24 271064 ----a-w- c:\windows\system32\drivers\RtsUStor.sys
2014-04-04 03:24 . 2014-04-04 03:24 -------- d-----w- c:\program files\Synaptics
2014-04-04 03:23 . 2014-04-04 03:23 33008 ----a-w- c:\windows\system32\drivers\Smb_driver_Intel.sys
2014-04-04 02:58 . 2014-04-04 02:58 95544 ----a-w- c:\windows\system32\bcmwlcoi.dll
2014-04-04 02:58 . 2014-04-04 02:58 4719680 ----a-w- c:\windows\system32\drivers\BCMWL664.SYS
2014-04-04 02:58 . 2014-04-04 02:58 3900416 ----a-w- c:\windows\system32\bcmihvsrv64.dll
2014-04-04 02:58 . 2014-04-04 02:58 3566080 ----a-w- c:\windows\system32\bcmihvui64.dll
2014-04-04 02:45 . 2013-11-19 19:52 34080 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2014-04-04 02:44 . 2014-03-10 21:17 128288 ----a-w- c:\windows\system32\IObitSmartDefragExtension.dll
2014-04-04 02:44 . 2013-12-24 13:40 21184 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2014-04-04 02:10 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-04-04 02:10 . 2014-01-03 22:44 6574592 ----a-w- c:\windows\system32\mstscax.dll
2014-04-04 01:37 . 2014-04-12 22:25 -------- d-----w- c:\program files (x86)\Tweaking.com
2014-04-04 00:55 . 2014-04-04 00:55 -------- d-----w- c:\users\Felipe\AppData\Roaming\Apple Computer
2014-04-04 00:55 . 2014-04-04 00:55 -------- d-----w- c:\programdata\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-04-04 00:54 . 2014-04-11 04:27 -------- d-----w- c:\programdata\ProductData
2014-04-04 00:41 . 2013-09-25 02:23 1030144 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-04-04 00:41 . 2013-09-25 01:57 792576 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-04-04 00:27 . 2014-04-11 05:39 -------- d-----w- c:\programdata\Logs
2014-04-03 19:02 . 2014-04-13 16:15 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2014-04-03 18:29 . 2014-04-03 18:29 -------- d-----w- c:\users\Felipe\AppData\Roaming\dll-files.com
2014-04-03 18:28 . 2014-04-04 00:27 -------- d-----w- c:\program files (x86)\Dll-Files.com Fixer
2014-04-03 16:17 . 2014-04-03 16:17 119512 ----a-w- c:\windows\system32\drivers\318E30DC.sys
2014-04-03 15:41 . 2014-04-13 21:21 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-03 15:40 . 2014-04-10 20:14 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-04-03 15:40 . 2014-04-03 15:40 -------- d-----w- c:\programdata\Malwarebytes
2014-04-03 15:40 . 2014-04-03 12:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-03 15:40 . 2014-04-03 12:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-03 15:40 . 2014-04-03 12:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-03 13:04 . 2014-04-03 13:04 -------- d-----w- c:\windows\ERUNT
2014-04-03 00:50 . 2014-04-03 21:59 -------- d-----w- C:\AdwCleaner
2014-04-02 21:17 . 2012-07-11 20:09 64856 ----a-w- c:\windows\system32\klfphc.dll
2014-04-02 21:16 . 2014-04-10 20:40 -------- d-----w- c:\windows\ELAMBKUP
2014-04-02 21:16 . 2014-04-12 03:58 -------- d-----w- c:\programdata\Kaspersky Lab
2014-04-02 21:16 . 2014-04-03 00:58 626272 ----a-w- c:\windows\system32\drivers\klif.sys
2014-04-02 21:16 . 2014-04-03 00:58 90208 ----a-w- c:\windows\system32\drivers\klflt.sys
2014-04-02 19:21 . 2014-04-02 19:21 -------- d-----w- c:\windows\Downloaded Installations
2014-04-02 19:20 . 2014-04-02 19:20 -------- d-----w- c:\program files (x86)\Marcos Velasco Security
2014-04-02 15:56 . 2014-04-02 15:56 -------- d-----w- c:\program files (x86)\BlueStacks
2014-04-02 15:56 . 2014-04-02 15:56 -------- d-----w- c:\programdata\BlueStacks
2014-04-02 13:51 . 2014-04-02 13:51 -------- d-----w- c:\users\Felipe\AppData\Roaming\SystemRequirementsLab
2014-04-02 13:44 . 2014-04-02 21:05 -------- d-----w- c:\users\Felipe\AppData\Roaming\qone8
2014-03-24 20:51 . 2014-04-11 04:27 -------- d-----w- c:\programdata\IObit
2014-03-24 20:31 . 2014-04-04 02:45 -------- d-----w- c:\users\Felipe\AppData\Roaming\IObit
2014-03-24 20:31 . 2014-04-04 02:45 -------- d-----w- c:\program files (x86)\IObit
2014-03-20 23:01 . 2014-04-12 22:19 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2014-03-17 19:32 . 2014-03-18 00:18 -------- d-----w- c:\programdata\Hero Lab
2014-03-17 19:32 . 2014-03-17 19:33 -------- d-----w- c:\program files (x86)\Hero Lab
.
.
.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-12 22:19 . 2014-02-14 18:16 578896 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2014-04-10 18:42 . 2013-08-22 14:04 90655440 ----a-w- c:\windows\system32\MRT.exe
2014-04-07 16:35 . 2014-02-14 18:16 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2014-04-03 00:58 . 2012-08-13 19:49 178448 ----a-w- c:\windows\system32\drivers\kneps.sys
2014-04-03 00:58 . 2012-06-08 14:38 54368 ----a-w- c:\windows\system32\drivers\kltdi.sys
2014-04-03 00:58 . 2012-07-25 17:53 29280 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2014-04-03 00:58 . 2012-05-25 22:38 29280 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
2014-04-03 00:58 . 2012-08-02 18:09 29792 ----a-w- c:\windows\system32\drivers\klim6.sys
2014-04-03 00:58 . 2012-06-19 20:28 458336 ----a-w- c:\windows\system32\drivers\kl1.sys
2014-04-01 16:57 . 2013-08-22 15:45 49952 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2014-03-15 17:05 . 2013-08-25 22:43 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-15 17:05 . 2013-08-25 22:43 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-04 09:17 . 2014-04-09 20:59 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-02-07 01:23 . 2014-03-11 23:58 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-02-04 02:32 . 2014-03-11 23:28 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:32 . 2014-03-11 23:38 624128 ----a-w- c:\windows\system32\qedit.dll
2014-02-04 02:04 . 2014-03-11 23:28 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04 . 2014-03-11 23:38 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-01-29 02:32 . 2014-03-11 23:58 484864 ----a-w- c:\windows\system32\wer.dll
2014-01-29 02:06 . 2014-03-11 23:58 381440 ----a-w- c:\windows\SysWow64\wer.dll
2014-01-28 02:32 . 2014-03-12 00:43 228864 ----a-w- c:\windows\system32\wwansvc.dll
2010-01-26 21:11 . 2013-08-22 16:35 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe
.
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Felipe\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Felipe\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Felipe\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Felipe\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"HW_OPENEYE_OUC_"="c:\program files (x86)\VIVO INTERNET\UpdateDog\ouc.exe" [2009-07-27 110592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2013-02-05 1081224]
.
c:\users\Felipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Game Assistant.lnk - c:\program files (x86)\IObit\Game Assistant\GameAssistant.exe /autorun [2014-4-3 360272]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^Felipe^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Felipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
.
[HKLM\~\startupfolder\C:^Users^Felipe^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\users\Felipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 vToolbarUpdater18.0.5;vToolbarUpdater18.0.5; [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys;c:\windows\SYSNATIVE\DRIVERS\InputFilter_FlexDef2b.sys [x]
R3 PrintNotify;Printer Extensions and Notifications;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
R4 IObitUnlocker;IObitUnlocker;c:\program files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys;c:\program files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 cnnctfy3;Connectify LightWeight Filter;c:\windows\system32\DRIVERS\cnnctfy3.sys;c:\windows\SYSNATIVE\DRIVERS\cnnctfy3.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 Connectify;Connectify;c:\program files (x86)\Connectify\ConnectifyService.exe;c:\program files (x86)\Connectify\ConnectifyService.exe [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 PfFilter;PfFilter;c:\program files (x86)\IObit\Protected Folder\pffilter.sys;c:\program files (x86)\IObit\Protected Folder\pffilter.sys [x]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-13 18:01 1077576 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2014-04-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-25 17:05]
.
2014-04-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-964510740-1985336237-4163979324-1000Core.job
- c:\users\Felipe\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-30 04:36]
.
2014-04-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-964510740-1985336237-4163979324-1000UA.job
- c:\users\Felipe\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-30 04:36]
.
2014-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-22 15:34]
.
2014-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-22 15:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2014-04-04 00:55 2471744 ----a-w- c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Felipe\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Felipe\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Felipe\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Felipe\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-11-14 163360]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-11-14 387616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-11-14 418336]
"Connectify Hotspot"="c:\program files (x86)\Connectify\Connectify.exe" [2013-12-23 3755296]
"Connectify Dispatch"="c:\program files (x86)\Connectify\DispatchUI.exe" [2013-12-23 1685280]
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
IE: &Enviar para o OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: Interfaces\{A67C1568-B1F7-46DC-9A2C-980C137A98BD}: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{E5F8F4D7-E37D-4F87-A864-B01B3124F523}: NameServer = 189.40.198.80 189.40.226.80
.
- - - - ORFÃOS REMOVIDOS - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\software\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Outros Processos em Execução ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
c:\program files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe
c:\program files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
c:\program files (x86)\Dll-Files.com Fixer\DLLFixer.exe
c:\program files (x86)\Connectify\ConnectifyD.exe
.
**************************************************************************
.
Tempo para conclusão: 2014-04-13  20:13:14 - Máquina reiniciou
ComboFix-quarantined-files.txt  2014-04-13 23:13
.
Pré-execução: 23.949.496.320 bytes free
Pós execução: 23.391.096.832 bytes free
.
- - End Of File - - BA8A568E9D25C4E68712AF777946BBD5
 
 
----------------------------------------------------------------------------------------------------------


#12 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:52 AM

Posted 16 April 2014 - 11:41 AM

Hello,

 

I am glad to hear that! :)

 

The log is clean but we need to execute a CFScript to clean some remnants.

Please do this:


1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

2. Open notepad => navigate to format and make sure that wordwrap is unchecked. <--- important !!!

3. Copy/paste the text in the codebox below into it:
 

Driver::
vToolbarUpdater18.0.5
avgtp
File::
c:\windows\system32\drivers\avgtpx64.sys
Folder::
c:\users\Felipe\AppData\Roaming\dll-files.com
c:\program files (x86)\Dll-Files.com Fixer
c:\users\Felipe\AppData\Roaming\qone8
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000000

4. Save this as CFScript.txt, in the same location as ComboFix.exe

5. Close any open browsers.

6. Refering to the picture below, drag CFScript into ComboFix.exe

 

Z3PoF.gif

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



Also reply back to let me know how things are going.

 

 

 

Regards,

Georgi


cXfZ4wS.png


#13 felps

felps
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:52 AM

Posted 17 April 2014 - 06:43 PM

What's up Georgi,

 

So, my firewall and my windows update still both working!!!

 

And i made what you said to me...but i save the arquive as  "CVScript" and not as "CVScript,txt" but i think its not a pproblem...tell me!!!

 

i figured on the runing of combofix that it erase folders from " DLL FIXER" and " QONE8"

 

the second one i tried to remove it a lot of times, but it still returning, i need to care about both of them ?

 

And here are your log

 

 

 

--------------------------------------COMBOFIX-------------------------------------------------------------------------------

 

 

ComboFix 14-04-12.01 - Felipe 17/04/2014  20:13:47.2.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.55.1033.18.4058.2748 [GMT -3:00]
Executando de: c:\users\Felipe\Downloads\ComboFix.exe
Comandos utilizados :: c:\users\Felipe\Downloads\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Criado um novo ponto de restauração
.
FILE ::
"c:\windows\system32\drivers\avgtpx64.sys"
.
.
(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Dll-Files.com Fixer
c:\program files (x86)\Dll-Files.com Fixer\Chinese_rcp.ini
c:\program files (x86)\Dll-Files.com Fixer\CleanSchedule.exe
c:\program files (x86)\Dll-Files.com Fixer\Danish_rcp.ini
c:\program files (x86)\Dll-Files.com Fixer\DLLFixer.exe
c:\program files (x86)\Dll-Files.com Fixer\Dutch_rcp.ini
c:\program files (x86)\Dll-Files.com Fixer\eng_rcp.ini
c:\program files (x86)\Dll-Files.com Fixer\Finnish_rcp_fi.ini
c:\program files (x86)\Dll-Files.com Fixer\French_rcp.ini
c:\program files (x86)\Dll-Files.com Fixer\German_rcp.ini
c:\program files (x86)\Dll-Files.com Fixer\greek_rcp_el.ini
c:\program files (x86)\Dll-Files.com Fixer\install_left_image.bmp
c:\program files (x86)\Dll-Files.com Fixer\isxdl.dll
c:\program files (x86)\Dll-Files.com Fixer\Italian_rcp.ini
c:\program files (x86)\Dll-Files.com Fixer\Japanese_rcp.ini
c:\program files (x86)\Dll-Files.com Fixer\korean_rcp_ko.ini
c:\program files (x86)\Dll-Files.com Fixer\Norwegian_rcp.ini
c:\program files (x86)\Dll-Files.com Fixer\polish_rcp_pl.ini
c:\program files (x86)\Dll-Files.com Fixer\portugese_rcp_pt.ini
c:\program files (x86)\Dll-Files.com Fixer\Portuguese_rcp.ini
c:\program files (x86)\Dll-Files.com Fixer\RegCleanPro.dll
c:\program files (x86)\Dll-Files.com Fixer\russian_rcp_ru.ini
c:\program files (x86)\Dll-Files.com Fixer\Spanish_rcp.ini
c:\program files (x86)\Dll-Files.com Fixer\Swedish_rcp.ini
c:\program files (x86)\Dll-Files.com Fixer\TraditionalCn_rcp_zh-tw.ini
c:\program files (x86)\Dll-Files.com Fixer\turkish_rcp_tr.ini
c:\program files (x86)\Dll-Files.com Fixer\unins000.dat
c:\program files (x86)\Dll-Files.com Fixer\unins000.exe
c:\program files (x86)\Dll-Files.com Fixer\unins000.msg
c:\program files (x86)\Dll-Files.com Fixer\xmllite.dll
c:\users\Felipe\AppData\Roaming\dll-files.com
c:\users\Felipe\AppData\Roaming\dll-files.com\Fixer\Version 1.0\1396571908.reg
c:\users\Felipe\AppData\Roaming\dll-files.com\Fixer\Version 1.0\ExcludeList.rcp
c:\users\Felipe\AppData\Roaming\dll-files.com\Fixer\Version 1.0\log_04-09-2014.log
c:\users\Felipe\AppData\Roaming\dll-files.com\Fixer\Version 1.0\log_04-10-2014.log
c:\users\Felipe\AppData\Roaming\dll-files.com\Fixer\Version 1.0\log_04-11-2014.log
c:\users\Felipe\AppData\Roaming\dll-files.com\Fixer\Version 1.0\log_04-12-2014.log
c:\users\Felipe\AppData\Roaming\dll-files.com\Fixer\Version 1.0\log_04-13-2014.log
c:\users\Felipe\AppData\Roaming\dll-files.com\Fixer\Version 1.0\Partial Backups\00000001.rmx
c:\users\Felipe\AppData\Roaming\dll-files.com\Fixer\Version 1.0\Partial Backups\00000001.rxb
c:\users\Felipe\AppData\Roaming\dll-files.com\Fixer\Version 1.0\Partial Backups\00000002.rmx
c:\users\Felipe\AppData\Roaming\dll-files.com\Fixer\Version 1.0\Partial Backups\00000002.rxb
c:\users\Felipe\AppData\Roaming\dll-files.com\Fixer\Version 1.0\Partial Backups\00000003.rmx
c:\users\Felipe\AppData\Roaming\dll-files.com\Fixer\Version 1.0\Partial Backups\00000003.rxb
c:\users\Felipe\AppData\Roaming\dll-files.com\Fixer\Version 1.0\Partial Backups\00000004.rmx
c:\users\Felipe\AppData\Roaming\dll-files.com\Fixer\Version 1.0\Partial Backups\00000004.rxb
c:\users\Felipe\AppData\Roaming\dll-files.com\Fixer\Version 1.0\Partial Backups\00000005.rmx
c:\users\Felipe\AppData\Roaming\dll-files.com\Fixer\Version 1.0\Partial Backups\00000005.rxb
c:\users\Felipe\AppData\Roaming\dll-files.com\Fixer\Version 1.0\productSetup_Setup_4_3_2014.exe
c:\users\Felipe\AppData\Roaming\dll-files.com\Fixer\Version 1.0\proupdate.tmp
c:\users\Felipe\AppData\Roaming\dll-files.com\Fixer\Version 1.0\results.rcp
c:\users\Felipe\AppData\Roaming\dll-files.com\Fixer\Version 1.0\TempHLList.rcp
c:\users\Felipe\AppData\Roaming\qone8
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Serviços   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AVGTP
-------\Service_avgtp
-------\Service_vToolbarUpdater18.0.5
.
.
((((((((((((((((   Arquivos/Ficheiros criados de 2014-03-17 to 2014-04-17  ))))))))))))))))))))))))))))
.
.
2014-04-17 23:20 . 2014-04-17 23:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-16 02:46 . 2014-03-20 11:52 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5D52CD09-2A43-4B54-BFFD-C90E89865D49}\mpengine.dll
2014-04-13 22:38 . 2014-04-13 22:39 -------- d-----w- c:\windows\system32\catroot2
2014-04-13 16:15 . 2014-04-17 23:22 -------- d-----w- c:\windows\system32\wbem\repository
2014-04-11 02:30 . 2014-04-11 02:30 -------- d-sh--w- c:\users\Felipe\AppData\Local\EmieUserList
2014-04-11 02:30 . 2014-04-11 02:30 -------- d-sh--w- c:\users\Felipe\AppData\Local\EmieSiteList
2014-04-10 20:49 . 2014-04-10 20:49 35352 ----a-w- c:\windows\system32\drivers\cnnctfy3.sys
2014-04-10 20:49 . 2014-04-11 19:23 -------- d-----w- c:\program files (x86)\Connectify
2014-04-10 20:48 . 2014-04-10 21:09 -------- d-----w- c:\programdata\Connectify
2014-04-10 16:53 . 2014-04-10 16:53 -------- d-----w- c:\program files (x86)\WiFi Password Revealer
2014-04-10 16:33 . 2014-04-10 16:37 -------- d-----w- c:\program files (x86)\Vistumbler
2014-04-10 16:12 . 2014-04-10 16:12 -------- d-----w- c:\program files (x86)\Makayama Interactive
2014-04-08 14:05 . 2014-04-13 16:30 -------- d-----w- c:\users\Felipe\AppData\Local\CrashDumps
2014-04-07 16:35 . 2014-04-16 01:57 578896 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2014-04-04 14:47 . 2014-02-17 16:41 27456 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2014-04-04 03:32 . 2014-04-13 16:23 181064 ----a-w- c:\windows\PSEXESVC.EXE
2014-04-04 03:29 . 2014-04-04 03:29 -------- d-----w- C:\RegBackup
2014-04-04 03:24 . 2014-04-04 03:24 9889352 ----a-w- c:\windows\SysWow64\RsCRIcon.dll
2014-04-04 03:24 . 2014-04-04 03:24 271064 ----a-w- c:\windows\system32\drivers\RtsUStor.sys
2014-04-04 03:24 . 2014-04-04 03:24 -------- d-----w- c:\program files\Synaptics
2014-04-04 03:23 . 2014-04-04 03:23 33008 ----a-w- c:\windows\system32\drivers\Smb_driver_Intel.sys
2014-04-04 02:58 . 2014-04-04 02:58 95544 ----a-w- c:\windows\system32\bcmwlcoi.dll
2014-04-04 02:58 . 2014-04-04 02:58 4719680 ----a-w- c:\windows\system32\drivers\BCMWL664.SYS
2014-04-04 02:58 . 2014-04-04 02:58 3900416 ----a-w- c:\windows\system32\bcmihvsrv64.dll
2014-04-04 02:58 . 2014-04-04 02:58 3566080 ----a-w- c:\windows\system32\bcmihvui64.dll
2014-04-04 02:45 . 2013-11-19 19:52 34080 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2014-04-04 02:44 . 2014-03-10 21:17 128288 ----a-w- c:\windows\system32\IObitSmartDefragExtension.dll
2014-04-04 02:44 . 2013-12-24 13:40 21184 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2014-04-04 02:10 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-04-04 02:10 . 2014-01-03 22:44 6574592 ----a-w- c:\windows\system32\mstscax.dll
2014-04-04 01:37 . 2014-04-12 22:25 -------- d-----w- c:\program files (x86)\Tweaking.com
2014-04-04 00:55 . 2014-04-04 00:55 -------- d-----w- c:\users\Felipe\AppData\Roaming\Apple Computer
2014-04-04 00:55 . 2014-04-04 00:55 -------- d-----w- c:\programdata\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-04-04 00:54 . 2014-04-11 04:27 -------- d-----w- c:\programdata\ProductData
2014-04-04 00:41 . 2013-09-25 02:23 1030144 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-04-04 00:41 . 2013-09-25 01:57 792576 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-04-04 00:27 . 2014-04-11 05:39 -------- d-----w- c:\programdata\Logs
2014-04-03 19:02 . 2014-04-13 16:15 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2014-04-03 16:17 . 2014-04-03 16:17 119512 ----a-w- c:\windows\system32\drivers\318E30DC.sys
2014-04-03 15:41 . 2014-04-13 21:21 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-03 15:40 . 2014-04-10 20:14 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-04-03 15:40 . 2014-04-03 15:40 -------- d-----w- c:\programdata\Malwarebytes
2014-04-03 15:40 . 2014-04-03 12:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-03 15:40 . 2014-04-03 12:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-03 15:40 . 2014-04-03 12:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-03 13:04 . 2014-04-03 13:04 -------- d-----w- c:\windows\ERUNT
2014-04-03 00:50 . 2014-04-03 21:59 -------- d-----w- C:\AdwCleaner
2014-04-02 21:17 . 2012-07-11 20:09 64856 ----a-w- c:\windows\system32\klfphc.dll
2014-04-02 21:16 . 2014-04-10 20:40 -------- d-----w- c:\windows\ELAMBKUP
2014-04-02 21:16 . 2014-04-12 03:58 -------- d-----w- c:\programdata\Kaspersky Lab
2014-04-02 21:16 . 2014-04-03 00:58 626272 ----a-w- c:\windows\system32\drivers\klif.sys
2014-04-02 21:16 . 2014-04-03 00:58 90208 ----a-w- c:\windows\system32\drivers\klflt.sys
2014-04-02 19:21 . 2014-04-02 19:21 -------- d-----w- c:\windows\Downloaded Installations
2014-04-02 19:20 . 2014-04-02 19:20 -------- d-----w- c:\program files (x86)\Marcos Velasco Security
2014-04-02 15:56 . 2014-04-02 15:56 -------- d-----w- c:\program files (x86)\BlueStacks
2014-04-02 15:56 . 2014-04-02 15:56 -------- d-----w- c:\programdata\BlueStacks
2014-04-02 13:51 . 2014-04-02 13:51 -------- d-----w- c:\users\Felipe\AppData\Roaming\SystemRequirementsLab
2014-03-24 20:51 . 2014-04-11 04:27 -------- d-----w- c:\programdata\IObit
2014-03-24 20:31 . 2014-04-04 02:45 -------- d-----w- c:\users\Felipe\AppData\Roaming\IObit
2014-03-24 20:31 . 2014-04-04 02:45 -------- d-----w- c:\program files (x86)\IObit
2014-03-20 23:01 . 2014-04-12 22:19 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
.
.
.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-16 01:57 . 2014-02-14 18:16 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2014-04-12 22:19 . 2014-02-14 18:16 578896 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2014-04-10 18:42 . 2013-08-22 14:04 90655440 ----a-w- c:\windows\system32\MRT.exe
2014-04-03 00:58 . 2012-08-13 19:49 178448 ----a-w- c:\windows\system32\drivers\kneps.sys
2014-04-03 00:58 . 2012-06-08 14:38 54368 ----a-w- c:\windows\system32\drivers\kltdi.sys
2014-04-03 00:58 . 2012-07-25 17:53 29280 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2014-04-03 00:58 . 2012-05-25 22:38 29280 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
2014-04-03 00:58 . 2012-08-02 18:09 29792 ----a-w- c:\windows\system32\drivers\klim6.sys
2014-04-03 00:58 . 2012-06-19 20:28 458336 ----a-w- c:\windows\system32\drivers\kl1.sys
2014-04-01 16:57 . 2013-08-22 15:45 49952 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2014-03-31 12:35 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-03-15 17:05 . 2013-08-25 22:43 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-15 17:05 . 2013-08-25 22:43 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-04 09:17 . 2014-04-09 20:59 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-02-07 01:23 . 2014-03-11 23:58 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-02-04 02:32 . 2014-03-11 23:28 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:32 . 2014-03-11 23:38 624128 ----a-w- c:\windows\system32\qedit.dll
2014-02-04 02:04 . 2014-03-11 23:28 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04 . 2014-03-11 23:38 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-01-29 02:32 . 2014-03-11 23:58 484864 ----a-w- c:\windows\system32\wer.dll
2014-01-29 02:06 . 2014-03-11 23:58 381440 ----a-w- c:\windows\SysWow64\wer.dll
2014-01-28 02:32 . 2014-03-12 00:43 228864 ----a-w- c:\windows\system32\wwansvc.dll
2010-01-26 21:11 . 2013-08-22 16:35 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe
.
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Felipe\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Felipe\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Felipe\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Felipe\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"HW_OPENEYE_OUC_"="c:\program files (x86)\VIVO INTERNET\UpdateDog\ouc.exe" [2009-07-27 110592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2013-02-05 1081224]
.
c:\users\Felipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Game Assistant.lnk - c:\program files (x86)\IObit\Game Assistant\GameAssistant.exe /autorun [2014-4-3 360272]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^Felipe^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Felipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
.
[HKLM\~\startupfolder\C:^Users^Felipe^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\users\Felipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys;c:\windows\SYSNATIVE\DRIVERS\InputFilter_FlexDef2b.sys [x]
R3 PrintNotify;Printer Extensions and Notifications;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
R4 IObitUnlocker;IObitUnlocker;c:\program files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys;c:\program files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S1 cnnctfy3;Connectify LightWeight Filter;c:\windows\system32\DRIVERS\cnnctfy3.sys;c:\windows\SYSNATIVE\DRIVERS\cnnctfy3.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 Connectify;Connectify;c:\program files (x86)\Connectify\ConnectifyService.exe;c:\program files (x86)\Connectify\ConnectifyService.exe [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 PfFilter;PfFilter;c:\program files (x86)\IObit\Protected Folder\pffilter.sys;c:\program files (x86)\IObit\Protected Folder\pffilter.sys [x]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-13 18:01 1077576 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2014-04-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-25 17:05]
.
2014-04-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-964510740-1985336237-4163979324-1000Core.job
- c:\users\Felipe\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-30 04:36]
.
2014-04-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-964510740-1985336237-4163979324-1000UA.job
- c:\users\Felipe\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-30 04:36]
.
2014-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-22 15:34]
.
2014-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-22 15:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2014-04-04 00:55 2471744 ----a-w- c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Felipe\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Felipe\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Felipe\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Felipe\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-11-14 163360]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-11-14 387616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-11-14 418336]
"Connectify Hotspot"="c:\program files (x86)\Connectify\Connectify.exe" [2013-12-23 3755296]
"Connectify Dispatch"="c:\program files (x86)\Connectify\DispatchUI.exe" [2013-12-23 1685280]
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
IE: &Enviar para o OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: Interfaces\{49338909-C114-4048-9AA4-14EC9D21A5DA}: NameServer = 189.40.198.81 189.40.226.80
TCP: Interfaces\{A67C1568-B1F7-46DC-9A2C-980C137A98BD}: NameServer = 208.67.222.222,208.67.220.220
.
- - - - ORFÃOS REMOVIDOS - - - -
.
AddRemove-Dll-Files Fixer_is1 - c:\program files (x86)\Dll-Files.com Fixer\unins000.exe
.
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\software\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Outros Processos em Execução ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe
c:\program files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
c:\program files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
c:\program files (x86)\Connectify\ConnectifyD.exe
c:\program files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
.
**************************************************************************
.
Tempo para conclusão: 2014-04-17  20:28:55 - Máquina reiniciou
ComboFix-quarantined-files.txt  2014-04-17 23:28
.
Pré-execução: 17.983.062.016 bytes free
Pós execução: 17.974.616.064 bytes free
.
- - End Of File - - 0E3E4AF58F5D203ABD7DA0264ECB9ECE
 
 
 
----------------------------------------------------------------------------------------------------


#14 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:52 AM

Posted 18 April 2014 - 01:47 AM

Hello,

 

And i made what you said to me...but i save the arquive as  "CVScript" and not as "CVScript,txt" but i think its not a pproblem...tell me!!!

 

You mean CFScript...it look like the script worked as it should, so there is no problem here.

 

i figured on the runing of combofix that it erase folders from " DLL FIXER" and " QONE8" the second one i tried to remove it a lot of times, but it still returning, i need to care about both of them ?

 

It seems that they are gone now but let's check for remnants:

 

 

Also if you don't mind, I want to make sure there is nothing lurking on the system so just in case I want you to go through these steps:

 

The most of them should take no more than 5 minutes each (but the time they take to complete can vary depending on the size of your hard and the speed of your computer).

 

 

STEP 1

 

 

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

 

STEP 2

 

 

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

STEP 3

 

  • Please download RKill by Grinler from the link below and save it to your desktop.

    Rkill
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log.
  • Please post the log in your next reply.

 

STEP 4

 

  • Please download RogueKillerX64.exe and save to the desktop.
  • Close all windows and browsers
  • Right-click the program and select 'Run as Administrator'
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 5
 

 

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
     
  • Put a checkmark beside loaded modules.
    Sbf88.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
     
  • Click the Start Scan button.
     
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 6

 

 

Please download Malwarebytes Anti-Malware to your desktop.
 

  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may see this message box.
    • 'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

STEP 7

 

 

1.Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
 
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
 
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 

 

 

STEP 8

 

 

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

and then if there aren't any issues left I'll give you my final recommendations. :)

 

 

Regards,

Georgi


cXfZ4wS.png


#15 felps

felps
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:52 AM

Posted 19 April 2014 - 06:11 PM

Hello again Georgi!!! And Good weekend!

 

On the proccess of try to fix up my pc, i realized that i have some troubles with share local and internet with my tv, which before this problems happened i didnt have this dificulties, i tried to running the troubleshoting of the windows to fix it but isnt solve it!

 

Could you help with it?

 

i did all your steps and i will post them to you, but remain one doubt, which anti-virus i need to install on my computer, because i dont have none!

 

here your logs

 

 

--------------------------------------------ADWCLEANER----------------------------------------------------------------

 

# AdwCleaner v3.024 - Report created 19/04/2014 at 11:00:52
# Updated 18/04/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Felipe - SIF
# Running from : C:\Users\Felipe\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Deleted : C:\Windows\System32\Tasks\Driver Booster Update
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Softonic
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17041
 
 
-\\ Google Chrome v34.0.1847.116
 
[ File : C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [6726 octets] - [02/04/2014 21:50:58]
AdwCleaner[R1].txt - [6786 octets] - [03/04/2014 09:46:30]
AdwCleaner[R2].txt - [941 octets] - [03/04/2014 18:58:28]
AdwCleaner[R3].txt - [1141 octets] - [19/04/2014 10:56:18]
AdwCleaner[S0].txt - [6268 octets] - [03/04/2014 09:47:42]
AdwCleaner[S1].txt - [1025 octets] - [19/04/2014 11:00:52]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1085 octets] ##########
 
 
 
---------------------------------------------JRT-------------------------------------------------------
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by Felipe on 19/04/2014 at 11:44:32,18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19/04/2014 at 11:54:01,16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
--------------------------------------------------------KRILL------------------------------------------------------
 

Rkill 2.6.5 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 04/19/2014 12:50:43 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\ProgramData\DatacardService\HWDeviceService64.exe (PID: 2312) [AU-HEUR]
 * C:\ProgramData\DatacardService\DCSHelper.exe (PID: 2392) [AU-HEUR]
 
2 proccesses terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
 
Program finished at: 04/19/2014 12:51:47 PM
Execution time: 0 hours(s), 1 minute(s), and 3 seconds(s)
 
 
----------------------------------------------------ROGUE---------------------------------------------------
 
 

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Felipe [Admin rights]
Mode : Scan -- Date : 04/19/2014 13:38:12
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 9 ¤¤¤
[DNS][PUM] HKLM\[...]\CCSet\[...]\{49338909-C114-4048-9AA4-14EC9D21A5DA} : NameServer (189.40.198.80 189.40.226.80 [(Unknown Country?) (XX) - (Unknown Country?) (XX)]) -> FOUND
[DNS][PUM] HKLM\[...]\CCSet\[...]\{E5F8F4D7-E37D-4F87-A864-B01B3124F523} : NameServer (189.40.198.81 189.40.226.80 [(Unknown Country?) (XX) - (Unknown Country?) (XX)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS001\[...]\{49338909-C114-4048-9AA4-14EC9D21A5DA} : NameServer (189.40.198.80 189.40.226.80 [(Unknown Country?) (XX) - (Unknown Country?) (XX)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS001\[...]\{E5F8F4D7-E37D-4F87-A864-B01B3124F523} : NameServer (189.40.198.81 189.40.226.80 [(Unknown Country?) (XX) - (Unknown Country?) (XX)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS002\[...]\{E5F8F4D7-E37D-4F87-A864-B01B3124F523} : NameServer (189.40.198.81 189.40.226.80 [(Unknown Country?) (XX) - (Unknown Country?) (XX)]) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD3200BEVT-22ZCT0 +++++
--- User ---
[MBR] 189e029e550ce94a0e7ecbbef8570167
[BSP] ffd1605cc6cb7edb30b7fcd5144f4985 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 223223 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 457367552 | Size: 81920 MB
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) General USB Flash Disk USB Device +++++
--- User ---
[MBR] 3fb69d3bb1ffab5389fe35506f4edda2
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8255 | Size: 7646 MB
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )
 
+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) HUAWEI SD Storage USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )
 
Finished : << RKreport[0]_S_04192014_133812.txt >>
 
 
------------------------------------------------MALWARE-------------------------------------------
 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Data de Verificação: 19/04/2014
Hora da Verificação: 16:20:06
Logfile: mal f.txt
Administrador: Sim
 
Versão: 2.00.1.1004
Malware Database: v2014.04.19.09
Rootkit Database: v2014.03.27.01
Licença: Premium
Proteção de Malware: Enabled
Proteção de Site Malicioso: Enabled
Chameleon: Desabilitado
 
OS: Windows 7 Service Pack 1
CPU: x64
Sistema de Arquivo: NTFS
Usuário: Felipe
 
Tipo da Verificação: Verificar Ameaça
Resultado: Completado
Arquivos Verificados: 263560
Tempo Decorrido: 22 min, 20 seg
 
Memória: Enabled
Inicialização: Enabled
Filesystem: Enabled
Arquivos: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
 
Processos: 0
(No malicious items detected)
 
Módulos: 0
(No malicious items detected)
 
Chaves de Registro: 0
(No malicious items detected)
 
Valores de Registro: 0
(No malicious items detected)
 
Dados do Registro: 0
(No malicious items detected)
 
Pastas: 0
(No malicious items detected)
 
Arquivos: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
------------------------------------HITMAN--------------------------------------------------
 

HitmanPro 3.7.9.216
www.hitmanpro.com
 
   Computer name . . . . : SIF
   Windows . . . . . . . : 6.1.1.7601.X64/2
   User name . . . . . . : SIF\Felipe
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
 
   Scan date . . . . . . : 2014-04-19 17:39:55
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 5m 38s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 2
   Traces  . . . . . . . : 43
 
   Objects scanned . . . : 1.470.447
   Files scanned . . . . : 36.424
   Remnants scanned  . . : 260.552 files / 1.173.471 keys
 
Malware _____________________________________________________________________
 
   C:\Users\Felipe\Documents\Estudos\Faculdade\Engenharia Elétrica\1º periodo\Introduçao a tecnologia de computaçao\Estudos C\Resolvidos\convercao(fahrenhein-celcius)usando for.exe
      Size . . . . . . . : 21.865 bytes
      Age  . . . . . . . : 73.9 days (2014-02-04 20:24:37)
      Entropy  . . . . . : 4.5
      SHA-256  . . . . . : DC77778621A3857E6BDEF85A3B683E70BBCF6EF1F05B427822D6AD7BDF8B855D
    > Bitdefender  . . . : Gen:Variant.Graftor.74525
      Fuzzy  . . . . . . : 106.0
 
   C:\Users\Felipe\Ferramentas\Proteus\Crack\CR@CK_Protues v7.4 SP3 (build 6792).exe
      Size . . . . . . . : 101.888 bytes
      Age  . . . . . . . : 74.0 days (2014-02-04 18:38:46)
      Entropy  . . . . . : 7.7
      SHA-256  . . . . . : A492D3299E67A889271F4FE5770C0BB46755BC89B695FD7C0A2BE54655FD176A
      Product  . . . . . : HO CHI MINH UNIVERSITY INDUSTRY
      Publisher  . . . . : hUi
      Description  . . . : ...:::HUI CRACKING GROUP:::...
      Version  . . . . . : 1.1.0.0
    > Bitdefender  . . . : Trojan.Generic.9991872
      Fuzzy  . . . . . . : 108.0
 
 
Potential Unwanted Programs _________________________________________________
 
   HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}\ (FTDownloader)
   HKLM\SYSTEM\ControlSet001\services\eventlog\Application\IePluginService\ (FTDownloader)
   HKLM\SYSTEM\ControlSet001\services\eventlog\Application\Wpm\ (FTDownloader)
   HKLM\SYSTEM\ControlSet002\services\eventlog\Application\IePluginService\ (FTDownloader)
   HKLM\SYSTEM\ControlSet002\services\eventlog\Application\Wpm\ (FTDownloader)
   HKLM\SYSTEM\CurrentControlSet\services\eventlog\Application\IePluginService\ (FTDownloader)
   HKLM\SYSTEM\CurrentControlSet\services\eventlog\Application\Wpm\ (FTDownloader)
 
Cookies _____________________________________________________________________
 
   C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.auditude.com
   C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.propellerads.com
   C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.2xbpub.com
   C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.adsfirefly.com
   C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.cpmboosterexchange.com
   C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.cpxcenter.com
   C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
   C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.globo.com
   C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.p161.net
   C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
   C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.trkclk.net
   C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
   C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
   C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
   C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertstream.com
   C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
   C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Cookies:clicksor.com
   C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
   C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Cookies:googleadservices.com
   C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Cookies:in.getclicky.com
   C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Cookies:kontera.com
   C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Cookies:microsoftsto.112.2o7.net
   C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Cookies:myroitracking.com
   C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Cookies:pcworldcommunication.122.2o7.net
   C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
   C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.efiliacao.com.br
   C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com
   C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Cookies:yadro.ru
 
 
 
 
---------------------------------------SECURITY CHECK----------------------------------------------------
 

 Results of screen317's Security Check version 0.99.82  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 55  
 Adobe Reader XI  
 Google Chrome 33.0.1750.154  
 Google Chrome 34.0.1847.116  
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log``````````````````````
 
 
----------------------------------------------------------------------------------------
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users