Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Something messing with my registry?


  • Please log in to reply
24 replies to this topic

#1 Victor2K

Victor2K

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:03:30 PM

Posted 03 July 2014 - 02:23 PM

This afternoon, I am currently doing a few stuff at my computer when Iobit Malware Fighter (yes, I use that stuff) showed a small warning of something trying to make registry modifications to my explore.exe file (don't recall the exact path but do remind that is something like HKEY_USERS\S-1-5-21-419499787-849242958-3298517021-1000). I did not pressed a button (well, probably just closed the window), but that made me so scared that I googled about it and found many different informations about the problem

 

Currently also doing an AVG scan file and a MBAM scan (which didn't find anything) to see if something is trying to sneak into my computer. Checked my Program Data and the my user folders, nothing strange I could find there

 

Is that something trying to infect my computer: (I do have a Windows 7 Ultimate 64bit installed on a Intel Core i3-4130 3,40ghz, 4GB RAM) or it's just some software trying to deal with explorer?

 

 



BC AdBot (Login to Remove)

 


#2 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:12:30 AM

Posted 04 July 2014 - 12:26 PM

Hi Victor2k and welcome to BleepingComputer! :)

 

Please download Rkill by Grinler and save it to your desktop.

  • Link 1
  • Link 2
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista, right-click on it and Run As Administrator.
    • black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer.

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#3 Victor2K

Victor2K
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:03:30 PM

Posted 04 July 2014 - 04:59 PM

Hello!

 

Before running RKill, PC is running fine, AVG and MBAM's daily scheduled verifications seem not found anything and no trouble was found with Explorer

 

And this is what Rkill found

 

Rkill 2.6.7 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 07/04/2014 06:56:00 PM in x64 mode.
Windows Version: Windows 7 Ultimate Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
  * HKCU\SOFTWARE\Classes\.exe "@" exists and is set to !
  * HKCU\SOFTWARE\Classes\.exe has been deleted!
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * Cannot edit the HOSTS file.
 * Permissions could not be fixed. Use Hosts-perm.bat to fix permissions: http://www.bleepingcomputer.com/download/hosts-permbat/
 
 * HOSTS file entries found: 
 
  127.0.0.1 www.007guard.com
  127.0.0.1 007guard.com
  127.0.0.1 008i.com
  127.0.0.1 www.008k.com
  127.0.0.1 008k.com
  127.0.0.1 www.00hq.com
  127.0.0.1 00hq.com
  127.0.0.1 010402.com
  127.0.0.1 www.032439.com
  127.0.0.1 032439.com
  127.0.0.1 www.0scan.com
  127.0.0.1 0scan.com
  127.0.0.1 1000gratisproben.com
  127.0.0.1 www.1000gratisproben.com
  127.0.0.1 1001namen.com
  127.0.0.1 www.1001namen.com
  127.0.0.1 100888290cs.com
  127.0.0.1 www.100888290cs.com
  127.0.0.1 www.100sexlinks.com
  127.0.0.1 100sexlinks.com
 
  20 out of 15492 HOSTS entries shown.
  Please review HOSTS file for further entries.
 
Program finished at: 07/04/2014 06:57:25 PM
Execution time: 0 hours(s), 1 minute(s), and 25 seconds(s)


#4 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:12:30 AM

Posted 07 July 2014 - 10:10 AM

Please download Malwarebytes Anti-Malware photo.jpg?sz=48 and save it to your desktop.

  • Double-click on the setup file (mbam-setup.exe), then click on Run to install.
  • Malwarebytes will automatically open to it's Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"

    malwarebytes-anti-malware-fix-now.jpg
    .
  • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
    .
  • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  • You will be prompted to update Malwarebytes...click on the Update Now button.

    malwarebytes-anti-malware-2-0-update-now
    .
  • The THREAT SCAN will automatically begin.

    malwarebytes-anti-malware-scan.jpg
    .
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.

    malwarebytes-anti-malware-potential-thre
    .
  • To complete any actions taken you will be prompted to restart your computer...click on YesFailure to reboot normally will prevent Malwarebytes from removing all the malware.

    mbam4_zps490948cc.png
    .
  • After rebooting the computer, copy and past the mbam.log in your next reply.

.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)

  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)

  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#5 Victor2K

Victor2K
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:03:30 PM

Posted 07 July 2014 - 11:21 AM

I do have MBAM and I do daily scans, it didn't found nothing yet



#6 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:12:30 AM

Posted 07 July 2014 - 11:24 AM

Can you check IObit log and find the line that include explorer.exe registry changes you mentioned? http://www.iobit.com/help/imf/doc/main-features.html

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#7 Victor2K

Victor2K
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:03:30 PM

Posted 07 July 2014 - 11:29 AM

I cant find it (guess the program deleted it or something did it... I only have logs from Jul 5th until now)



#8 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:12:30 AM

Posted 07 July 2014 - 11:31 AM

Try these:

 

:step1: Please download AdwCleaner by Xplode and save to your Desktop.
* Double-click on AdwCleaner.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.
* Click on the Scan button (only once)
* AdwCleaner will begin...be patient as the scan may take some time to complete.
* After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.

* Check mainly if there are any files you do not wish to delete.

NOW :
* Click on the Clean button (only once)
* Press OK when asked to close all programs and follow the onscreen prompts.
* Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
* After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
* Copy and paste the contents of that logfile in your next reply.

* A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
• NOTE : Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
• To restore an item that has been deleted (if necessary):
• Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

:step2: Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#9 Victor2K

Victor2K
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:03:30 PM

Posted 07 July 2014 - 11:32 AM

Wait a minute, I found them:

 

[07-03-16-28] Start Scan File Operated:C:\Users\Usuario\Desktop\mbar\mbar.cmd
[07-03-16-28] Start Scan File Operated:C:\Users\Usuario\Desktop\mbar\Plugins\fixdamage.exe
[07-03-16-28] Start Scan File Operated:C:\Users\Usuario\Desktop\mbar\mbamdor.exe
[07-03-16-28] Start Scan File Operated:C:\Users\Usuario\Desktop\mbar\mbar.exe
[07-03-16-28] Start Scan File Operated:C:\Users\Usuario\Desktop\mbar\mbam.dll
[07-03-16-28] Start Scan File Operated:C:\Users\Usuario\Desktop\mbar\mbamcore.dll
[07-03-16-28] Start Scan File Operated:C:\Users\Usuario\Desktop\mbar\mbamnet.dll
[07-03-16-28] Start Scan File Operated:C:\Users\Usuario\Desktop\mbar\msvcp100.dll
[07-03-16-28] Start Scan File Operated:C:\Users\Usuario\Desktop\mbar\msvcr100.dll
[07-03-16-28] Start Scan File Operated:C:\Users\Usuario\Desktop\mbar\imageformats\qico4.dll
[07-03-16-28] Start Scan File Operated:C:\Users\Usuario\Desktop\mbar\imageformats\qicod4.dll
[07-03-16-28] Start Scan File Operated:C:\Users\Usuario\Desktop\mbar\QtCore4.dll
[07-03-16-28] Start Scan File Operated:C:\Users\Usuario\Desktop\mbar\QtGui4.dll
[07-03-16-28] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-16-28] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-16-28] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-16-28] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-16-28] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-16-28] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-16-28] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-16-28] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-16-28] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-16-28] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-16-28] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-16-28] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-16-28] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-16-28] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-16-28] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-16-28] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-16-28] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-16-28] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-16-28] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-16-28] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-16-28] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-16-28] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-16-28] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-16-28] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-16-28] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-16-28] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-16-28] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-16-28] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-16-28] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-16-28] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-16-33] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-16-33] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-16-33] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-16-33] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-16-33] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-16-33] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-16-33] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-16-33] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-16-33] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-16-33] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-16-33] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-16-33] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-16-33] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-16-33] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-16-33] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-16-33] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-16-33] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-16-49] Analyzed a URL:ui.skype.com
[07-03-17-47] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-17-47] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-17-47] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-17-47] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-17-47] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-17-47] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-17-47] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-17-47] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-17-47] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-17-47] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-17-47] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-17-47] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-17-47] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-17-47] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-17-47] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-17-47] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-17-47] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-17-47] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-18-01] Analyzed a URL:guru.avg.com
[07-03-18-01] Analyzed a URL:guru.avg.com
[07-03-18-01] Analyzed a URL:guru.avg.com
[07-03-18-01] Analyzed a URL:af.avg.com
[07-03-18-01] Analyzed a URL:guru.avg.com
[07-03-18-01] Analyzed a URL:af.avg.com
[07-03-18-01] Analyzed a URL:guru.avg.com
[07-03-18-01] Analyzed a URL:af.avg.com
[07-03-18-36] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-18-36] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-18-36] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-18-36] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-18-36] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-18-36] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-18-36] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-18-36] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-18-36] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-18-36] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-18-36] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-18-36] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-18-36] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-18-36] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-18-36] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-18-36] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-19-50] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-19-50] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-19-50] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-19-50] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-19-50] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-19-50] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-19-50] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-19-50] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-19-50] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-19-50] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-19-50] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-19-50] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-19-50] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-19-50] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-19-50] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-19-50] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-19-50] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-19-50] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-20-46] Analyzed a URL:evsecure-ocsp.verisign.com
[07-03-20-46] Analyzed a URL:evsecure-ocsp.verisign.com
[07-03-21-03] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-21-03] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-21-03] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-21-03] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-21-03] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-21-03] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-21-03] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-21-03] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-21-03] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-21-03] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-21-03] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-21-03] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-21-03] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-21-03] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-21-03] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-21-03] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-21-20] Analyzed a URL:ui.skype.com
[07-03-21-40] Analyzed a URL:www.google.com.br
[07-03-21-40] Analyzed a URL:www.bing.com
[07-03-21-40] Analyzed a URL:search.yahoo.com
[07-03-21-40] Analyzed a URL:www.amazon.com
[07-03-21-40] Analyzed a URL:bits.wikimedia.org
[07-03-22-11] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-22-11] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-22-11] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-22-11] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-22-11] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-22-11] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-22-11] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-22-11] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-22-11] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-22-11] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-22-11] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-22-11] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-22-11] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-22-11] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-22-11] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-22-11] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-22-23] Analyzed a URL:www.cerious.com
[07-03-22-25] Start Scan File Operated:C:\Users\Usuario\AppData\Local\Temp\miaD294.tmp\data\OFFLINE\12DA2C17\454087C1\idle.bat
[07-03-22-25] Start Scan File Operated:C:\Users\Usuario\AppData\Local\Temp\miaD294.tmp\data\OFFLINE\12DA2C17\A95067F1\python.exe
[07-03-22-25] Start Scan File Operated:C:\Users\Usuario\AppData\Local\Temp\miaD294.tmp\data\OFFLINE\12DA2C17\A95067F1\pythonw.exe
[07-03-22-25] Start Scan File Operated:C:\Users\Usuario\AppData\Local\Temp\miaD294.tmp\data\OFFLINE\D2908FBD\3347E48C\ThumbsBug.exe
[07-03-22-25] Start Scan File Operated:C:\Users\Usuario\AppData\Local\Temp\miaD294.tmp\thumbsplus9sp1setup.exe
[07-03-22-25] Start Scan File Operated:C:\Users\Usuario\AppData\Local\Temp\miaD294.tmp\data\OFFLINE\6363A3BC\3347E48C\ThumbsPriv.exe
[07-03-22-25] Start Scan File Operated:C:\Users\Usuario\AppData\Local\Temp\miaD294.tmp\data\OFFLINE\72B203EF\3347E48C\ThumbsPriv64.exe
[07-03-22-25] Start Scan File Operated:C:\Users\Usuario\AppData\Local\Temp\miaD294.tmp\data\OFFLINE\B9B9353D\3347E48C\ThumbsRex.exe
[07-03-22-25] Start Scan File Operated:C:\Users\Usuario\AppData\Local\Temp\miaD294.tmp\data\OFFLINE\6F386D40\EC86A5F0\vcredist_x86.exe
[07-03-22-25] Start Scan File Operated:C:\Users\Usuario\AppData\Local\Temp\miaD294.tmp\data\OFFLINE\12DA2C17\A95067F1\w9xpopen.exe
[07-03-22-25] Start Scan File Operated:C:\Users\Usuario\AppData\Local\Temp\miaD294.tmp\data\OFFLINE\12DA2C17\ED9456D7\wininst-6.0.exe
[07-03-22-25] Start Scan File Operated:C:\Users\Usuario\AppData\Local\Temp\miaD294.tmp\data\OFFLINE\12DA2C17\ED9456D7\wininst-7.1.exe
[07-03-22-25] Start Scan File Operated:C:\Users\Usuario\AppData\Local\Temp\miaD294.tmp\data\OFFLINE\12DA2C17\ED9456D7\wininst-8.0.exe
[07-03-22-25] Start Scan File Operated:C:\Users\Usuario\AppData\Local\Temp\miaD294.tmp\data\OFFLINE\12DA2C17\ED9456D7\wininst-9.0-amd64.exe
[07-03-22-25] Start Scan File Operated:C:\Users\Usuario\AppData\Local\Temp\miaD294.tmp\data\OFFLINE\12DA2C17\ED9456D7\wininst-9.0.exe
[07-03-22-25] Start Scan File Operated:C:\Users\Usuario\AppData\Local\Temp\miaD294.tmp\data\OFFLINE\CA9D981E\3347E48C\7z.dll
[07-03-22-25] Start Scan File Operated:C:\Users\Usuario\AppData\Local\Temp\miaD294.tmp\data\OFFLINE\9C27DD05\3347E48C\awcodc32.dll
[07-03-22-25] Start Scan File Operated:C:\Users\Usuario\AppData\Local\Temp\miaD294.tmp\data\OFFLINE\B7CB2236\3347E48C\awdcxc32.dll
[07-03-22-25] Start Scan File Operated:C:\Users\Usuario\AppData\Local\Temp\miaD294.tmp\data\OFFLINE\9A10DD6C\3347E48C\awdenc32.dll
[07-03-22-25] Start Scan File Operated:C:\Users\Usuario\AppData\Local\Temp\miaD294.tmp\data\OFFLINE\26211B30\3347E48C\awresx32.dll
[07-03-22-25] Start Scan File Operated:C:\Users\Usuario\AppData\Local\Temp\miaD294.tmp\data\OFFLINE\1E629B32\3347E48C\awview32.dll
[07-03-22-25] Start Scan File Operated:C:\Users\Usuario\AppData\Local\Temp\miaD294.tmp\data\OFFLINE\72A9536F\3347E48C\cwebpage.dll
[07-03-22-25] Start Scan File Operated:C:\Users\Usuario\AppData\Local\Temp\miaD294.tmp\data\OFFLINE\7774A189\3347E48C\dbghelp.dll
[07-03-22-25] Start Scan File Operated:C:\Users\Usuario\AppData\Local\Temp\miaD294.tmp\data\OFFLINE\E787258F\3347E48C\DC120v10_32.dll
[07-03-22-25] Start Scan File Operated:C:\Users\Usuario\AppData\Local\Temp\miaD294.tmp\data\OFFLINE\264B1BA4\3347E48C\Deco_32.dll
[07-03-22-25] Start Scan File Operated:C:\Users\Usuario\AppData\Local\Temp\miaD294.tmp\data\OFFLINE\70DF0967\3347E48C\Dunzip32.dll
[07-03-22-25] Start Scan File Operated:C:\Users\Usuario\AppData\Local\Temp\miaD294.tmp\data\OFFLINE\F2DC11F0\3347E48C\Dzip32.dll
[07-03-22-25] Start Scan File Operated:C:\Users\Usuario\AppData\Local\Temp\miaD294.tmp\data\OFFLINE\F1DB38CF\3347E48C\lfawd13n.dll
[07-03-22-25] Start Scan File Operated:C:\Users\Usuario\AppData\Local\Temp\miaD294.tmp\data\OFFLINE\8D70CC42\3347E48C\LFCMP13n.DLL
[07-03-22-25] Start Scan File Operated:C:\Users\Usuario\AppData\Local\Temp\miaD294.tmp\data\OFFLINE\4C379099\3347E48C\lfCUT13n.dll
[07-03-22-25] Start Scan File Operated:C:\Users\Usuario\AppData\Local\Temp\miaD294.tmp\data\OFFLINE\84B04336\3347E48C\lffax13n.dll
[07-03-22-25] Start Scan File Operated:C:\Users\Usuario\AppData\Local\Temp\miaD294.tmp\data\OFFLINE\F335D458\3347E48C\lffpx13n.dll
[07-03-22-25] Start Scan File Operated:C:\Users\Usuario\AppData\Local\Temp\miaD294.tmp\data\OFFLINE\ADC08B5D\3347E48C\lffpx7.dll
[07-03-22-25] Start Scan File Operated:C:\Users\Usuario\AppData\Local\Temp\miaD294.tmp\data\OFFLINE\8BE39878\3347E48C\lfica13n.dll
[07-03-22-25] Start Scan File Operated:C:\Users\Usuario\AppData\Local\Temp\miaD294.tmp\data\OFFLINE\E85F5194\3347E48C\lfitg13n.dll
[07-03-22-25] Start Scan File Operated:C:\Users\Usuario\AppData\Local\Temp\miaD294.tmp\data\OFFLINE\EF146539\3347E48C\LFJ2K13n.dll
[07-03-22-25] Start Scan File Operated:C:\Users\Usuario\AppData\Local\Temp\miaD294.tmp\data\OFFLINE\C7332E5B\3347E48C\lfkodak.dll
[07-03-22-25] Start Scan File Operated:C:\Users\Usuario\AppData\Local\Temp\miaD294.tmp\data\OFFLINE\AA69CC\3347E48C\lflmb13n.dll
[07-03-22-25] Start Scan File Operated:C:\Users\Usuario\AppData\Local\Temp\miaD294.tmp\data\OFFLINE\FBAC2176\3347E48C\lfwfx13n.dll
[07-03-22-25] Start Scan File Operated:C:\Users\Usuario\AppData\Local\Temp\miaD294.tmp\data\OFFLINE\3464431B\3347E48C\lfwmp13n.dll
[07-03-22-25] Start Scan File Operated:C:\Users\Usuario\AppData\Local\Temp\miaD294.tmp\data\OFFLINE\7BCAF060\3347E48C\lfXbm13n.dll
[07-03-22-25] Start Scan File Operated:C:\Users\Usuario\AppData\Local\Temp\miaD294.tmp\data\OFFLINE\46FC7C86\3347E48C\lfXpm13n.dll
[07-03-22-25] Start Scan File Operated:C:\Users\Usuario\AppData\Local\Temp\miaD294.tmp\data\OFFLINE\2BF09435\3347E48C\lfxwd13n.dll
[07-03-22-25] Start Scan File Operated:C:\Users\Usuario\AppData\Local\Temp\miaD294.tmp\data\OFFLINE\1C28D0B8\3347E48C\LTCLR13n.dll
[07-03-22-25] Start Scan File Operated:C:\Users\Usuario\AppData\Local\Temp\miaD294.tmp\data\OFFLINE\9043BFB2\3347E48C\LTDIS13n.dll
[07-03-22-25] Start Scan File Operated:C:\Users\Usuario\AppData\Local\Temp\miaD294.tmp\data\OFFLINE\69672983\3347E48C\ltefx13n.dll
[07-03-22-25] Start Scan File Operated:C:\Users\Usuario\AppData\Local\Temp\miaD294.tmp\data\OFFLINE\A5AE5F65\3347E48C\ltfil13n.DLL
[07-03-22-25] Start Scan File Operated:C:\Users\Usuario\AppData\Local\Temp\miaD294.tmp\data\OFFLINE\2171557A\3347E48C\ltimg13n.dll
[07-03-22-25] Start Scan File Operated:C:\Users\Usuario\AppData\Local\Temp\miaD294.tmp\data\OFFLINE\E1718587\3347E48C\ltkrn13n.dll
[07-03-22-25] Start Scan File Operated:C:\Users\Usuario\AppData\Local\Temp\miaD294.tmp\data\OFFLINE\9C49E1F5\3347E48C\Lvkrn13n.dll
[07-03-22-25] Start Scan File Operated:C:\Users\Usuario\AppData\Local\Temp\miaD294.tmp\data\mMSI.dll\mMSIExec.dll
[07-03-22-25] Start Scan File Operated:C:\Users\Usuario\AppData\Local\Temp\miaD294.tmp\data\OFFLINE\9CA0A1C7\3347E48C\PCDLIB32.DLL
[07-03-22-25] Start Scan File Operated:C:\Users\Usuario\AppData\Local\Temp\miaD294.tmp\data\OFFLINE\91885412\3347E48C\PolyImagePro.dll
[07-03-22-25] Start Scan File Operated:C:\Users\Usuario\AppData\Local\Temp\miaD294.tmp\data\OFFLINE\19B30641\3347E48C\python27.dll
[07-03-22-25] Start Scan File Operated:C:\Users\Usuario\AppData\Local\Temp\miaD294.tmp\data\OFFLINE\12DA2C17\75572AD9\sqlite3.dll
[07-03-22-25] Start Scan File Operated:C:\Users\Usuario\AppData\Local\Temp\miaD294.tmp\data\OFFLINE\C4D5AFEB\683C59A2\sqlite3odbc.dll
[07-03-22-25] Start Scan File Operated:C:\Users\Usuario\AppData\Local\Temp\miaD294.tmp\data\OFFLINE\d_\projects\thumbsmisc\installaware\thumbs9\files\sqlite3odbc.dll
[07-03-22-25] Start Scan File Operated:C:\Users\Usuario\AppData\Local\Temp\mia1\mMSIExec.dll
[07-03-22-27] Start Scan File Operated:C:\Users\Usuario\AppData\Local\Temp\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\.ba1\wixstdba.dll
[07-03-22-27] Start Scan File Operated:C:\Users\Usuario\AppData\Local\Temp\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\.be\vcredist_x86.exe
[07-03-22-27] Detected Registy Threat:"C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe" /burn.log.append "C:\Users\Usuario\AppData\Local\Temp\dd_vcredist_x86_20140703222710.log" /quiet ignored /burn.runonce
[07-03-22-56] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-22-56] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-22-56] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-22-56] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-22-56] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-22-56] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-22-56] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-22-56] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-22-56] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-22-56] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-22-57] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-22-57] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-22-57] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-22-57] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-22-57] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-22-57] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-23-39] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-23-39] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-23-39] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-23-40] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-23-40] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-23-40] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-23-40] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-23-40] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-23-40] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-23-40] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-23-40] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-23-40] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-23-40] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-23-40] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-23-40] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-23-40] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-23-40] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-23-42] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-23-49] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-23-49] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-23-49] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-23-49] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-23-49] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-23-49] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-23-49] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-23-49] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-23-49] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-23-49] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-23-49] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-23-49] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-23-49] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-23-49] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-23-49] Analyzed a URL:data-cdn.mbamupdates.com
[07-03-23-49] Analyzed a URL:data-cdn.mbamupdates.com
[07-04-00-54] Analyzed a URL:data-cdn.mbamupdates.com
[07-04-00-54] Analyzed a URL:data-cdn.mbamupdates.com
[07-04-00-54] Analyzed a URL:data-cdn.mbamupdates.com
[07-04-00-54] Analyzed a URL:data-cdn.mbamupdates.com
[07-04-00-54] Analyzed a URL:data-cdn.mbamupdates.com
[07-04-00-54] Analyzed a URL:data-cdn.mbamupdates.com
[07-04-00-54] Analyzed a URL:data-cdn.mbamupdates.com
[07-04-00-54] Analyzed a URL:data-cdn.mbamupdates.com
[07-04-00-54] Analyzed a URL:data-cdn.mbamupdates.com
[07-04-00-54] Analyzed a URL:data-cdn.mbamupdates.com
[07-04-00-54] Analyzed a URL:data-cdn.mbamupdates.com
[07-04-00-54] Analyzed a URL:data-cdn.mbamupdates.com
[07-04-00-54] Analyzed a URL:data-cdn.mbamupdates.com
[07-04-00-54] Analyzed a URL:data-cdn.mbamupdates.com
[07-04-00-54] Analyzed a URL:data-cdn.mbamupdates.com
[07-04-00-54] Analyzed a URL:data-cdn.mbamupdates.com
[07-04-00-54] Analyzed a URL:data-cdn.mbamupdates.com
[07-04-00-54] Analyzed a URL:data-cdn.mbamupdates.com
[07-04-01-20] Analyzed a URL:ui.skype.com
[07-04-01-48] Analyzed a URL:data-cdn.mbamupdates.com
[07-04-01-48] Analyzed a URL:data-cdn.mbamupdates.com
[07-04-01-48] Analyzed a URL:data-cdn.mbamupdates.com
[07-04-01-48] Analyzed a URL:data-cdn.mbamupdates.com
[07-04-01-48] Analyzed a URL:data-cdn.mbamupdates.com
[07-04-01-48] Analyzed a URL:data-cdn.mbamupdates.com
[07-04-01-48] Analyzed a URL:data-cdn.mbamupdates.com
[07-04-01-48] Analyzed a URL:data-cdn.mbamupdates.com
[07-04-01-48] Analyzed a URL:data-cdn.mbamupdates.com
[07-04-01-48] Analyzed a URL:data-cdn.mbamupdates.com
[07-04-01-48] Analyzed a URL:data-cdn.mbamupdates.com
[07-04-01-48] Analyzed a URL:data-cdn.mbamupdates.com
[07-04-01-48] Analyzed a URL:data-cdn.mbamupdates.com
[07-04-01-48] Analyzed a URL:data-cdn.mbamupdates.com
[07-04-01-48] Analyzed a URL:data-cdn.mbamupdates.com
[07-04-01-48] Analyzed a URL:data-cdn.mbamupdates.com
[07-04-01-59] Analyzed a URL:data-cdn.mbamupdates.com
[07-04-01-59] Analyzed a URL:data-cdn.mbamupdates.com
[07-04-01-59] Analyzed a URL:data-cdn.mbamupdates.com
[07-04-01-59] Analyzed a URL:data-cdn.mbamupdates.com
[07-04-01-59] Analyzed a URL:data-cdn.mbamupdates.com
[07-04-01-59] Analyzed a URL:data-cdn.mbamupdates.com
[07-04-01-59] Analyzed a URL:data-cdn.mbamupdates.com
[07-04-01-59] Analyzed a URL:data-cdn.mbamupdates.com
[07-04-01-59] Analyzed a URL:data-cdn.mbamupdates.com
[07-04-01-59] Analyzed a URL:data-cdn.mbamupdates.com
[07-04-01-59] Analyzed a URL:data-cdn.mbamupdates.com
[07-04-01-59] Analyzed a URL:data-cdn.mbamupdates.com
[07-04-01-59] Analyzed a URL:data-cdn.mbamupdates.com
[07-04-01-59] Analyzed a URL:data-cdn.mbamupdates.com
[07-04-01-59] Analyzed a URL:data-cdn.mbamupdates.com
[07-04-01-59] Analyzed a URL:data-cdn.mbamupdates.com


#10 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:12:30 AM

Posted 07 July 2014 - 11:36 AM

Only one detection I can see is:

 

[07-03-22-27] Detected Registy Threat:"C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe" /burn.log.append "C:\Users\Usuario\AppData\Local\Temp\dd_vcredist_x86_20140703222710.log" /quiet ignored /burn.runonce

 

Its related to .net installation file, but please run those two tools above too.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#11 Victor2K

Victor2K
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:03:30 PM

Posted 07 July 2014 - 11:50 AM

AdwCleaner just did it and showed me those:

 

# AdwCleaner v3.214 - Relatório criado 07/07/2014 às 13:39:22
# Atualizado 29/06/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (64 bits)
# Usuário : Usuario - USUARIO-PC
# Executando de : C:\Users\Usuario\Desktop\adwcleaner_3.214.exe
# Opção : Limpar
 
***** [ Serviços ] *****
 
 
***** [ Arquivos / Pastas ] *****
 
Pasta Deletada : C:\ProgramData\NCH Software
Pasta Deletada : C:\ProgramData\ParetoLogic
Pasta Deletada : C:\Program Files (x86)\NCH Software
Pasta Deletada : C:\Users\Usuario\AppData\Local\PackageAware
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\DriverCure
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\NCH Software
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\ParetoLogic
Arquivo Deletada : C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\uqcyog4w.default\Extensions\jid1-0xtMKhXFEs4jIg@jetpack.xpi
 
***** [ Atalhos ] *****
 
 
***** [ Registro ] *****
 
Chave Deletedo : HKCU\Software\ParetoLogic
Chave Deletedo : HKLM\Software\ParetoLogic
 
***** [ Navegadores ] *****
 
-\\ Internet Explorer v11.0.9600.17126
 
 
-\\ Mozilla Firefox v30.0 (pt-BR)
 
[ Arquivo : C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\uqcyog4w.default\prefs.js ]
 
 
-\\ Google Chrome v35.0.1916.153
 
[ Arquivo : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deletedo [Search Provider] : hxxp://www.anisearch.com/anime/index/?char=all&sort=rank&q=true&text={searchTerms}
Deletedo [Search Provider] : hxxp://anidb.net/perl-bin/animedb.pl?show=animelist&adb.search={searchTerms}&do.search=search
Deletedo [Search Provider] : hxxp://br.ask.com/web?q={searchTerms}
Deletedo [Search Provider] : hxxp://www.softonic.com.br/s/{searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [1625 octets] - [07/07/2014 13:34:18]
AdwCleaner[S0].txt - [1849 octets] - [07/07/2014 13:39:22]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1909 octets] ##########
 
Will run JRT soon


#12 Victor2K

Victor2K
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:03:30 PM

Posted 07 July 2014 - 12:17 PM

JRT Log

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by Usuario on 07/07/2014 at 13:51:23,76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07/07/2014 at 14:15:05,01
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#13 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:12:30 AM

Posted 09 July 2014 - 05:42 AM

Technically, explorer.exe is a file and you cannot do registry modification to it. So the warning you saw maybe explorer.exe doing registry modification.

 

:step1: Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

 

:step2: Download Screen317 Security Check   and save it to your Desktop.

 * Double-click SecurityCheck.exe
 * Follow the onscreen instructions inside of the black box.
 * A Notepad document should open automatically called checkup.txt
 * Please post the contents of that document.
Note:: If any security program requests permission to access the Internet, allow it to do

 

 

What we need in your next reply:

  • minitoolbox log
  • securitycheck log

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#14 Victor2K

Victor2K
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:03:30 PM

Posted 09 July 2014 - 10:50 AM

Here they are:

 

MiniToolBox

 

MiniToolBox by Farbar  Version: 06-07-2014
Ran by Usuario (administrator) on 09-07-2014 at 12:37:51
Running from "C:\Users\Usuario\Desktop"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Configura��o de IP do Windows
 
Libera��o do Cache do DNS Resolver bem-sucedida.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
 
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
 
There are 15472 more lines starting with "127.0.0.1"
 
========================= IP Configuration: ================================
 
Realtek PCIe GBE Family Controller = Conexão local (Connected)
 
 
# ----------------------------------
# Configura��o de IPv4
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# Final da configura��o IPv4
 
 
 
Configura��o de IP do Windows
 
   Nome do host. . . . . . . . . . . . . . . . : Usuario-PC
   Sufixo DNS prim�rio . . . . . . . . . . . . : 
   Tipo de n�. . . . . . . . . . . . . . . . . : h�brido
   Roteamento de IP ativado. . . . . . . . . . : n�o
   Proxy WINS ativado. . . . . . . . . . . . . : n�o
   Lista de pesquisa de sufixo DNS . . . . . . : home
 
Adaptador Ethernet Conex�o local:
 
   Sufixo DNS espec�fico de conex�o. . . . . . : vivax.com.br
   Descri��o . . . . . . . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Endere�o F�sico . . . . . . . . . . . . . . : 94-DE-80-D9-3A-3A
   DHCP Habilitado . . . . . . . . . . . . . . : Sim
   Configura��o Autom�tica Habilitada. . . . . : Sim
   Endere�o IPv6 de link local . . . . . . . . : fe80::54be:486e:efe:74ce%11(Preferencial) 
   Endere�o IPv4. . . . . . . .  . . . . . . . : 192.168.1.103(Preferencial) 
   M�scara de Sub-rede . . . . . . . . . . . . : 255.255.255.0
   Concess�o Obtida. . . . . . . . . . . . . . : quarta-feira, 9 de julho de 2014 11:20:33
   Concess�o Expira. . . . . . . . . . . . . . : quinta-feira, 10 de julho de 2014 11:20:33
   Gateway Padr�o. . . . . . . . . . . . . . . : 192.168.1.1
   Servidor DHCP . . . . . . . . . . . . . . . : 192.168.1.1
   IAID de DHCPv6. . . . . . . . . . . . . . . : 244637312
   DUID de Cliente DHCPv6. . . . . . . . . . . : 00-01-00-01-1A-8E-CD-E2-94-DE-80-D9-3A-3A
   Servidores DNS. . . . . . . . . . . . . . . : fdf4:22ef:e281:1:feb0:c4ff:fe77:f43c
                                                 200.189.80.122
                                                 200.189.80.108
   NetBIOS em Tcpip. . . . . . . . . . . . . . : Habilitado
   Lista de pesquisa de sufixos DNS espec�ficos da conex�o:
                                                 home
 
Adaptador de t�nel isatap.{BF6AFB00-39F5-43B5-97AD-0B3DBFECB2A0}:
 
   Estado da m�dia. . . . . . . . . . . . . .  : m�dia desconectada
   Sufixo DNS espec�fico de conex�o. . . . . . : 
   Descri��o . . . . . . . . . . . . . . . . . : Adaptador do Microsoft ISATAP
   Endere�o F�sico . . . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Habilitado . . . . . . . . . . . . . . : N�o
   Configura��o Autom�tica Habilitada. . . . . : Sim
 
Adaptador de t�nel Teredo Tunneling Pseudo-Interface:
 
   Estado da m�dia. . . . . . . . . . . . . .  : m�dia desconectada
   Sufixo DNS espec�fico de conex�o. . . . . . : 
   Descri��o . . . . . . . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Endere�o F�sico . . . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Habilitado . . . . . . . . . . . . . . : N�o
   Configura��o Autom�tica Habilitada. . . . . : Sim
Servidor:  UnKnown
Address:  fdf4:22ef:e281:1:feb0:c4ff:fe77:f43c
 
 
Disparando google.com [189.55.196.95] com 32 bytes de dados:
Resposta de 189.55.196.95: bytes=32 tempo=11ms TTL=60
Resposta de 189.55.196.95: bytes=32 tempo=10ms TTL=60
 
Estat�sticas do Ping para 189.55.196.95:
    Pacotes: Enviados = 2, Recebidos = 2, Perdidos = 0 (0% de
             perda),
Aproximar um n�mero redondo de vezes em milissegundos:
    M�nimo = 10ms, M�ximo = 11ms, M�dia = 10ms
Servidor:  UnKnown
Address:  fdf4:22ef:e281:1:feb0:c4ff:fe77:f43c
 
 
Disparando yahoo.com [98.139.183.24] com 32 bytes de dados:
Resposta de 98.139.183.24: bytes=32 tempo=149ms TTL=50
Resposta de 98.139.183.24: bytes=32 tempo=148ms TTL=50
 
Estat�sticas do Ping para 98.139.183.24:
    Pacotes: Enviados = 2, Recebidos = 2, Perdidos = 0 (0% de
             perda),
Aproximar um n�mero redondo de vezes em milissegundos:
    M�nimo = 148ms, M�ximo = 149ms, M�dia = 148ms
 
Disparando 127.0.0.1 com 32 bytes de dados:
Resposta de 127.0.0.1: bytes=32 tempo<1ms TTL=128
Resposta de 127.0.0.1: bytes=32 tempo<1ms TTL=128
 
Estat�sticas do Ping para 127.0.0.1:
    Pacotes: Enviados = 2, Recebidos = 2, Perdidos = 0 (0% de
             perda),
Aproximar um n�mero redondo de vezes em milissegundos:
    M�nimo = 0ms, M�ximo = 0ms, M�dia = 0ms
===========================================================================
Lista de interfaces
 11...94 de 80 d9 3a 3a ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Adaptador do Microsoft ISATAP
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
Tabela de rotas IPv4
===========================================================================
Rotas ativas:
Endere�o de rede          M�scara   Ender. gateway       Interface   Custo
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.103     20
        127.0.0.0        255.0.0.0      No v�nculo         127.0.0.1    306
        127.0.0.1  255.255.255.255      No v�nculo         127.0.0.1    306
  127.255.255.255  255.255.255.255      No v�nculo         127.0.0.1    306
      192.168.1.0    255.255.255.0      No v�nculo     192.168.1.103    276
    192.168.1.103  255.255.255.255      No v�nculo     192.168.1.103    276
    192.168.1.255  255.255.255.255      No v�nculo     192.168.1.103    276
        224.0.0.0        240.0.0.0      No v�nculo         127.0.0.1    306
        224.0.0.0        240.0.0.0      No v�nculo     192.168.1.103    276
  255.255.255.255  255.255.255.255      No v�nculo         127.0.0.1    306
  255.255.255.255  255.255.255.255      No v�nculo     192.168.1.103    276
===========================================================================
Rotas persistentes:
  Nenhuma
 
Tabela de rotas IPv6
===========================================================================
Rotas ativas:
 Se destino de rede de m�trica      Gateway
  1    306 ::1/128                  No v�nculo
 11    276 fe80::/64                No v�nculo
 11    276 fe80::54be:486e:efe:74ce/128
                                    No v�nculo
  1    306 ff00::/8                 No v�nculo
 11    276 ff00::/8                 No v�nculo
===========================================================================
Rotas persistentes:
  Nenhuma
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (07/09/2014 00:37:09 PM) (Source: SideBySide) (User: )
Description: Falha na geração de contexto de ativação para "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Erro no arquivo de manifesto ou de diretiva "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2", na linhaC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.
Os componentes conflitantes são:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (07/09/2014 00:36:15 PM) (Source: Application Error) (User: )
Description: Nome de aplicativo com falha: Explorer.EXE, versão: 6.1.7601.17567, carimbo de hora: 0x4d672ee4
Nome do módulo de falhas: mswsock.dll, versão: 6.1.7601.18254, carimbo de hora: 0x522be0b3
Código de exceção: 0xc0000005
Deslocamento com falha: 0x00000000000012c6
Identificação do processo com falha: 0x440
Hora de início do aplicativo com falha: 0xExplorer.EXE0
Caminho do aplicativo com falha: Explorer.EXE1
FCaminho do módulo de falhas: Explorer.EXE2
Identificação do Relatório: Explorer.EXE3
 
Error: (07/09/2014 11:21:34 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/09/2014 00:46:48 AM) (Source: Application Error) (User: )
Description: Nome de aplicativo com falha: Explorer.EXE, versão: 6.1.7601.17567, carimbo de hora: 0x4d672ee4
Nome do módulo de falhas: SDECon64.dll, versão: 2.1.18.113, carimbo de hora: 0x00000000
Código de exceção: 0xc0000005
Deslocamento com falha: 0x000000000000e3cf
Identificação do processo com falha: 0xc14
Hora de início do aplicativo com falha: 0xExplorer.EXE0
Caminho do aplicativo com falha: Explorer.EXE1
FCaminho do módulo de falhas: Explorer.EXE2
Identificação do Relatório: Explorer.EXE3
 
Error: (07/08/2014 00:22:14 PM) (Source: ESENT) (User: )
Description: taskhost (1760) WebCacheLocal: Erro -1811 (0xfffff8ed) ao abrir o arquivo de log C:\Users\Usuario\AppData\Local\Microsoft\Windows\WebCache\V01.log.
 
Error: (07/08/2014 00:20:43 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/07/2014 09:17:10 PM) (Source: SideBySide) (User: )
Description: Falha na geração de contexto de ativação para "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Erro no arquivo de manifesto ou de diretiva "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2", na linhaC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.
Os componentes conflitantes são:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (07/07/2014 08:40:29 PM) (Source: Application Error) (User: )
Description: Nome de aplicativo com falha: IEXPLORE.EXE, versão: 11.0.9600.17126, carimbo de hora: 0x53882e30
Nome do módulo de falhas: Adblock.dll, versão: 1.0.0.1, carimbo de hora: 0x53980129
Código de exceção: 0xc0000005
Deslocamento com falha: 0x00025f16
Identificação do processo com falha: 0x11008
Hora de início do aplicativo com falha: 0xIEXPLORE.EXE0
Caminho do aplicativo com falha: IEXPLORE.EXE1
FCaminho do módulo de falhas: IEXPLORE.EXE2
Identificação do Relatório: IEXPLORE.EXE3
 
Error: (07/07/2014 07:48:21 PM) (Source: SideBySide) (User: )
Description: Falha na geração de contexto de ativação para "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Erro no arquivo de manifesto ou de diretiva "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2", na linhaC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.
Os componentes conflitantes são:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
 
System errors:
=============
Error: (07/09/2014 11:21:20 AM) (Source: Service Control Manager) (User: )
Description: Não foi possível iniciar o serviço Spybot-S&D 2 Scanner Service devido ao seguinte erro: 
%%1053
 
Error: (07/09/2014 11:21:20 AM) (Source: Service Control Manager) (User: )
Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço Spybot-S&D 2 Scanner Service.
 
Error: (07/09/2014 11:20:50 AM) (Source: Service Control Manager) (User: )
Description: Não foi possível iniciar o serviço Messenger Plus! Service devido ao seguinte erro: 
%%2
 
Error: (07/09/2014 02:22:16 AM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (07/08/2014 00:20:30 PM) (Source: Service Control Manager) (User: )
Description: Não foi possível iniciar o serviço Spybot-S&D 2 Scanner Service devido ao seguinte erro: 
%%1053
 
Error: (07/08/2014 00:20:30 PM) (Source: Service Control Manager) (User: )
Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço Spybot-S&D 2 Scanner Service.
 
Error: (07/08/2014 00:20:00 PM) (Source: Service Control Manager) (User: )
Description: Não foi possível iniciar o serviço Messenger Plus! Service devido ao seguinte erro: 
%%2
 
 
Microsoft Office Sessions:
=========================
Error: (05/24/2014 06:08:02 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 41 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-02-26 19:41:40.120
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows.old\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-26 19:41:40.061
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows.old\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-26 19:41:40.004
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows.old\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-26 19:34:21.769
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows.old\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-26 19:34:21.705
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows.old\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-26 19:34:21.646
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows.old\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-26 19:34:21.563
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows.old\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-26 19:34:21.504
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows.old\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-26 19:34:21.441
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows.old\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-26 19:28:01.371
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows.old\Windows\winsxs\Backup\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db_bcrypt.dll_e2f091ac because the set of per-page image hashes could not be found on the system.
 
 
 
=========================== Installed Programs ============================
2.0 (HKLM-x32\...\Free Video to GIF Converter_is1) (Version: 2.0 - www.video-gif-converter.com)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 13.0.0.111 - Adobe Systems Incorporated) Hidden
Adobe Anchor Service CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS3 (x32 Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Bridge Start Meeting (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Camera Raw 4.0 (x32 Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.4.1.351 - Adobe Systems Incorporated)
Adobe Default Language CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit 2 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS3 (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Fireworks CS3 (HKLM-x32\...\Adobe_bbef028176efa5abf0233d3e1747be8) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Fireworks CS3 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Fireworks CS6 (HKLM-x32\...\{CA7C485C-7A89-11E1-B2C8-CD54B377BC52}) (Version: 12.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Help Viewer CS3 (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files (x32 Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.07) - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Setup (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Type Support (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS3 (x32 Version: 5.1.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Client (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Advanced SystemCare 7 (HKLM-x32\...\Advanced SystemCare 7_is1) (Version: 7.3.0 - IObit)
Arquivo do WinRAR (HKLM-x32\...\WinRAR archiver) (Version:  - )
Atualização do produto Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{717C9095-8AAE-41CB-B046-BD6E8399F4F3}) (Version:  - Microsoft)
Atualização do produto Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{5016CB22-B9A7-44FB-AA72-AF28B27B15EA}) (Version:  - Microsoft)
Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{BE3A7C0C-0081-4694-B5F9-980DD66BDDF8}) (Version:  - Microsoft)
Atualização do produto Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{7297E3A9-FCD4-4E0E-A306-7A90359E50E3}) (Version:  - Microsoft)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4716 - AVG Technologies)
AVG 2014 (Version: 14.0.3986 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4716 - AVG Technologies) Hidden
AVS Video Editor 6.5 (HKLM-x32\...\AVS Video Editor_is1) (Version: 6.5.1.246 - Online Media Technologies Ltd.)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.8.2.30587 - BitTorrent Inc.)
CPUID HWMonitor 1.25 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
CryptoPrevent v4.3.0 (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Digsby (HKLM-x32\...\Digsby) (Version:  - dotSyntax, LLC)
Elifoot 2002 - Revision 2 (HKLM-x32\...\Elifoot 2002_is1) (Version:  - )
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FastStone Photo Resizer 3.2 (HKLM-x32\...\FastStone Photo Resizer) (Version: 3.2 - FastStone Soft.)
FIFA 09 (HKLM-x32\...\{2315B23D-3E21-4920-837D-AE6460934ECB}) (Version: 1.0.1.1 - Electronic Arts)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.2.75.126 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.4.217 - Foxit Corporation)
Free YouTube Download version 3.2.41.623 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.41.623 - DVDVideoSoft Ltd.)
Galeria de Fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3186 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.6.0.1033 - Intel Corporation) Hidden
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
InterVideo DeviceService (HKLM-x32\...\{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}) (Version: 1.0.0 - InterVideo)
IObit Malware Fighter (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 2.4 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.2.10.2466 - IObit)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Malwarebytes Anti-Exploit version 0.10.0.1000 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 0.10.0.1000 - Malwarebytes)
Malwarebytes Anti-Malware versão 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Messenger Plus! 5 (HKLM-x32\...\Messenger Plus!) (Version: 5.50.0.761 - Yuna Software)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Portuguese (Brazil)) 2007 (x32 Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Módulo de Proteção Banco Santander (Brasil) S.A. (HKLM-x32\...\{83033d93-48d0-48fc-9c5b-82e57e7e0dd6}_is1) (Version: 3.7.1.1 - )
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movier 1.1.4 (HKLM-x32\...\Movier) (Version: 1.1.4 - )
Mozilla Firefox 30.0 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 pt-BR)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
msxml4 (HKLM-x32\...\{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}) (Version: 1.0.0 - Default Company Name)
MV RegClean 6.9 (HKLM-x32\...\MV RegClean 6.9_is1) (Version:  - )
Nero 7 Ultra Edition (HKLM-x32\...\{CF097717-F174-4144-954A-FBC4BF301046}) (Version: 7.02.9753 - Nero AG)
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Opera Stable 22.0.1471.70 (HKLM-x32\...\Opera 22.0.1471.70) (Version: 22.0.1471.70 - Opera Software ASA)
Patch Paraguai (HKCU\...\Patch Paraguai) (Version:  - )
PcLiga 2000 v1.2 (HKLM-x32\...\PcLiga 2000 v1.2) (Version:  - )
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.65.1025.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6849 - Realtek Semiconductor Corp.)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.8.0.123 - PandoraTV)
ThumbsPlus (HKLM-x32\...\ThumbsPlus) (Version:  - Cerious Software Inc.)
ThumbsPlus (x32 Version: 9.1.0.3938 - Cerious Software Inc.) Hidden
ThumbsPlus version 7.0 (HKLM-x32\...\ThumbsPlus7) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{52F3455A-9ADB-41A6-BCE7-8D99F3770590}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2881065) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{B7EF38F7-1D58-4085-A9A4-0F6C69A5AA1E}) (Version:  - Microsoft)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 3.29 - NCH Software)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VSDC Free Video Editor version 2.1.8.150 (HKLM-x32\...\VSDC Free Video Editor_is1) (Version: 2.1.8.150 - Flash-Integro LLC)
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
XP Codec Pack (HKLM-x32\...\XP Codec Pack) (Version:  - )
 
========================= Memory info: ===================================
 
Percentage of memory in use: 75%
Total physical RAM: 3983.25 MB
Available physical RAM: 986.18 MB
Total Pagefile: 7964.67 MB
Available Pagefile: 5077.59 MB
Total Virtual: 4095.88 MB
Available Virtual: 3972.11 MB
 
========================= Partitions: =====================================
 
1 Drive c: (DRIVE_C) (Fixed) (Total:465.66 GB) (Free:399.95 GB) NTFS
3 Drive e: (V) (Fixed) (Total:298.08 GB) (Free:136.06 GB) NTFS
4 Drive f: (DRIVE_D) (Fixed) (Total:465.76 GB) (Free:178.47 GB) NTFS
 
========================= Users: ========================================
 
Contas de usu rio para \\USUARIO-PC
 
Administrador            Convidado                Usuario                  
Comando conclu¡do com ˆxito.
 
 
**** End of log ****
 
Security Check log
 

 Results of screen317's Security Check version 0.99.85  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
AVG AntiVirus Free Edition 2014   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 MVPS Hosts File  
 Spybot - Search & Destroy 
 Secunia PSI (3.0.0.9016)   
 Java 7 Update 55  
 Java version out of Date! 
 Adobe Flash Player 14.0.0.145  
 Adobe Reader XI  
 Mozilla Firefox (30.0) 
 Google Chrome 35.0.1916.153  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Spybot Teatimer.exe is disabled! 
 AVG avgwdsvc.exe 
 IObit IObit Malware Fighter IMFsrv.exe  
 Malwarebytes Anti-Exploit mbae-svc.exe   
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Malwarebytes Anti-Exploit mbae.exe   
 IObit IObit Malware Fighter IMF.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: = 
````````````````````End of Log`````````````````````` 
 


#15 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:12:30 AM

Posted 11 July 2014 - 12:59 AM

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
Kaspersky Lab report: Evaluating the threat level of software vulnerabilities
Microsoft: Unprecedented Wave of Java Exploitation
Ghosts of Java Haunt Users

Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java Runtime Environment (JRE) Version 8 and save it to your desktop.
  • Under "Java Platform, Standard Edition"...click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select (click on) the download link for your operating system (Windows x86 Offline: jre-8u5-windows-i586.exe or Windows x64: jre-8u5-windows-x64.exe) and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to StartBtn.gif > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7/8 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-8u5-windows-i586.exe (or jre-8u5-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7/8 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered any unwanted software or toolbars during installation, just uncheck the box before continuing unless you want it. The McAfee Security Scan Plus may be installed unless you uncheck the McAfee installation box when updating Java.

-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary. Todisable the JQS service if you don't want to use it:

  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

 

NOTE: You may need to remove Java 7 update 55 out by yourself.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users