Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Variant of Win64/Sathurbot.A found and deleted on every startup


  • This topic is locked This topic is locked
10 replies to this topic

#1 miesze

miesze

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 25 September 2014 - 11:19 AM

Hi,

 

I've been having trouble with a lot of trojans lately, I think I got rid of some of them by installing different anti-malaware programs seen mostly on foruns where people complained about having the same problem, but something remains.

 

Everytime my computer boots up I get a message from ESET NOD32 telling me "iconscachehelper.dll" is a variant of Win64/Sathurbot.A and it has been quarantined. I usually delete it from quarantine but even if I dont, the message will show again on the next reboot.

 

Second problem, I also get a frequent warning (30 in 30 seconds, or something) saying a connection to http://traffagon.in/index.php has been blocked.

 

Could someone please help me? Thanks!

 

This is my DDS.txt:

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17280  BrowserJavaVersion: 10.55.2
Run by Jose at 16:54:06 on 2014-09-25
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.351.2070.18.7974.5363 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: ESET NOD32 Antivirus 7.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: ESET NOD32 Antivirus 7.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Windows\system32\taskhost.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Windows\explorer.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Users\Jose\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Samsung\S Agent\CommonAgent.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\hkcmd.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
c:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = about:blank
mSearch Page = hxxp://www.google.com
mDefault_Search_URL = www.google.com
uWinlogon: Shell = expstart.exe
mWinlogon: Userinit = userinit.exe,
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [EPSON SX510W Series] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIFIE.EXE /FU "C:\Windows\TEMP\E_S4837.tmp" /EF "HKCU"
StartupFolder: C:\Users\Jose\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Jose\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoResolveTrack = dword:1
uPolicies-Explorer: Run = "C:\Users\Jose\AppData\Roaming\Microsoft\Windows\IEUpdate\label.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Windows\System: UseOEMBackground = dword:0
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{00DE21F1-F272-44F4-AF20-83926AFFF440} : NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{065FE3B0-5FE0-41C6-8483-5D68F952CB80} : NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{5BADF103-4ADC-4423-AB2E-BD1BF05A29E1} : NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{5C41539E-1209-4FAD-9CBB-F2EA418F9FBE} : NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{9E7A9BB3-7378-435F-8EEF-52EA520328FE} : NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{9E7A9BB3-7378-435F-8EEF-52EA520328FE} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{BC8E17D3-B0E8-483F-90D1-EC814565811E} : NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,62.169.67.167 62.169.64.129
TCP: Interfaces\{DE86B5BC-A044-42E2-AF12-DB10D9C46855} : NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{DE86B5BC-A044-42E2-AF12-DB10D9C46855} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{DE86B5BC-A044-42E2-AF12-DB10D9C46855}\4505D2C494E4B4F554874756E6465627F5334463446443 : DHCPNameServer = 192.168.0.254
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
x64-mSearch Page = hxxp://www.google.com
x64-mDefault_Search_URL = www.google.com
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 107.181.174.68 www.google-analytics.com.
Hosts: 107.181.174.68 google-analytics.com.
Hosts: 107.181.174.68 connect.facebook.net.
Hosts: 188.40.62.184 www.google-analytics.com.
Hosts: 188.40.62.184 google-analytics.com.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jose\AppData\Roaming\Mozilla\Firefox\Profiles\t2vr696j.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Users\Jose\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Jose\AppData\Roaming\Mozilla\Firefox\Profiles\t2vr696j.default\extensions\2020Player_IKEA@2020Technologies.com\plugins\NP_2020Player_IKEA.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
FF - ExtSQL: !HIDDEN! 1970-05-29 21:49; {41E54E59-60FF-A99C-BAD7-619B312679AB}; -
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Controlador do comutador do controlo do anfitrião Intel® USB 3.0;C:\Windows\System32\drivers\iusb3hcs.sys [2012-1-5 16152]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2013-9-5 30496]
R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2013-9-17 239320]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\Windows\System32\drivers\SABI.sys [2013-11-26 13824]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2013-4-11 772064]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-2-21 1014096]
R2 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2012-2-21 1304912]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-2-21 1104208]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-9-12 135984]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2014-2-24 1343408]
R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2013-9-17 157432]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2013-11-26 128280]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-11-26 161560]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-9-23 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-9-23 860472]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 133928]
R2 SamsungDeviceConfigurationWinService;SamsungDeviceConfiguration;C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [2013-11-26 31624]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-11-26 363800]
R2 uxpatch;uxpatch;C:\Windows\System32\drivers\uxpatch.sys [2009-7-13 30568]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2013-5-8 3385584]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + Adaptador virtual High Speed;C:\Windows\System32\drivers\AmpPal.sys [2013-4-11 164832]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2011-11-30 94720]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-11-30 747008]
R3 ETD;Samsung PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2012-6-7 293712]
R3 ibtfltcoex;ibtfltcoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2012-2-14 60928]
R3 IntcDAud;Áudio do Monitor Intel®;C:\Windows\System32\drivers\IntcDAud.sys [2013-11-26 331264]
R3 iusb3hub;Controlador do concentrador Intel® USB 3.0;C:\Windows\System32\drivers\iusb3hub.sys [2012-1-5 355096]
R3 iusb3xhc;Controlador do controle do anfitrião eXtensível Intel® USB 3.0;C:\Windows\System32\drivers\iusb3xhc.sys [2012-1-5 786200]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2012-10-9 25528]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-9-23 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-9-23 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-9-23 63704]
R3 NisSrv;Inspeção de Rede da Microsoft;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-11-26 648808]
R3 usb3Hub;USB-IF USB 3.0 Hub;C:\Windows\System32\drivers\usb3Hub.sys [2012-10-9 47072]
R3 XHCIPort;USB-IF xHCI USB Host Controller;C:\Windows\System32\drivers\xHCIPort.sys [2012-10-9 188896]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SWUpdateService;SW Update Service;C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [2014-8-28 3000664]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + Protocolo High Speed;C:\Windows\System32\drivers\AmpPal.sys [2013-4-11 164832]
S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\System32\drivers\ewusbnet.sys [2014-7-29 243200]
S3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe [2014-5-20 1357104]
S3 hwusbdev;Huawei DataCard USB PNP Device;C:\Windows\System32\drivers\ewusbdev.sys [2014-7-29 114304]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-9-18 111616]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2012-10-9 35256]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2013-5-8 273136]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-6-25 19456]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;C:\Windows\System32\drivers\silabenm.sys [2014-7-18 23040]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;C:\Windows\System32\drivers\silabser.sys [2014-7-18 66560]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-6-25 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-6-25 30208]
S3 WatAdminSvc;Serviço de Tecnologias de Activação do Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-3-17 1255736]
S3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2011-12-20 42392]
S3 WSDScan;Suporte de Procura do WSD através de UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-14 25088]
S4 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2014-2-7 31192]
S4 UnsignedThemes;Unsigned Themes;C:\Windows\UnsignedThemesSvc.exe [2009-7-13 24168]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"
.
=============== Created Last 30 ================
.
2014-09-25 09:23:49    --------    d-----w-    C:\FRST
2014-09-25 01:00:58    198232    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2014-09-24 23:01:07    1188440    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{48D0E512-4FAB-4960-B0E7-3F09943B4DFE}\gapaengine.dll
2014-09-24 23:00:36    11578928    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B3DA0649-82D9-437F-9DDD-1984CB721E64}\mpengine.dll
2014-09-23 23:26:55    --------    d-----w-    C:\AdwCleaner
2014-09-23 18:27:29    122584    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-09-23 18:26:37    91352    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-09-23 18:26:37    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-09-23 18:26:37    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-09-23 18:26:37    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-09-23 18:26:37    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-23 11:15:40    11578928    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-09-18 11:52:23    99480    ----a-w-    C:\Windows\SysWow64\infocardapi.dll
2014-09-18 11:52:23    619672    ----a-w-    C:\Windows\SysWow64\icardagt.exe
2014-09-18 11:52:23    171160    ----a-w-    C:\Windows\System32\infocardapi.dll
2014-09-18 11:52:23    1389208    ----a-w-    C:\Windows\System32\icardagt.exe
2014-09-18 11:52:19    8856    ----a-w-    C:\Windows\SysWow64\icardres.dll
2014-09-18 11:52:19    8856    ----a-w-    C:\Windows\System32\icardres.dll
2014-09-18 11:51:40    35480    ----a-w-    C:\Windows\SysWow64\TsWpfWrp.exe
2014-09-18 11:51:40    35480    ----a-w-    C:\Windows\System32\TsWpfWrp.exe
2014-09-18 11:50:07    985536    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2014-09-18 11:49:14    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2014-09-18 11:49:14    2048    ----a-w-    C:\Windows\System32\tzres.dll
2014-09-18 11:48:56    3241984    ----a-w-    C:\Windows\System32\msi.dll
2014-09-18 11:48:55    2363392    ----a-w-    C:\Windows\SysWow64\msi.dll
2014-09-18 11:48:55    1941504    ----a-w-    C:\Windows\System32\authui.dll
2014-09-18 11:48:55    1805824    ----a-w-    C:\Windows\SysWow64\authui.dll
2014-09-18 11:48:54    504320    ----a-w-    C:\Windows\System32\msihnd.dll
2014-09-18 11:48:54    337408    ----a-w-    C:\Windows\SysWow64\msihnd.dll
2014-09-18 11:48:54    112064    ----a-w-    C:\Windows\System32\consent.exe
2014-09-18 11:48:39    728064    ----a-w-    C:\Windows\System32\kerberos.dll
2014-09-18 11:48:39    550912    ----a-w-    C:\Windows\SysWow64\kerberos.dll
2014-09-18 11:48:38    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2014-09-18 11:48:38    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2014-09-18 11:48:38    1460736    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-09-18 11:43:21    3163648    ----a-w-    C:\Windows\System32\win32k.sys
2014-09-18 11:43:20    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2014-09-18 11:43:20    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2014-09-18 11:42:31    1216000    ----a-w-    C:\Windows\System32\rpcrt4.dll
2014-09-18 11:42:30    664064    ----a-w-    C:\Windows\SysWow64\rpcrt4.dll
2014-09-18 10:02:49    --------    d-----w-    C:\Users\Jose\AppData\Local\ESET
2014-09-18 09:46:53    --------    d-----w-    C:\Program Files\ESET
2014-09-18 00:55:25    115696    ----a-w-    C:\Windows\System32\drivers\ESETRovnixCleanerDrv.sys
2014-09-17 23:59:25    --------    d---a-w-    C:\boot-sav
2014-09-15 15:40:26    --------    d-----w-    C:\Users\Jose\AppData\Local\Efftion
2014-09-15 15:40:00    --------    d-----w-    C:\Users\Jose\AppData\Local\IPsoft
2014-09-10 15:32:37    --------    d-----w-    C:\Program Files (x86)\Foxit Reader
.
==================== Find3M  ====================
.
2014-09-22 06:42:39    278152    ------w-    C:\Windows\System32\MpSigStub.exe
2014-08-18 22:29:49    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-08-18 22:29:35    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-08-18 22:19:53    5833728    ----a-w-    C:\Windows\System32\jscript9.dll
2014-08-18 22:15:34    547328    ----a-w-    C:\Windows\System32\vbscript.dll
2014-08-18 22:15:09    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-08-18 22:14:38    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-08-18 22:14:10    83968    ----a-w-    C:\Windows\System32\MshtmlDac.dll
2014-08-18 22:08:55    4232704    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-08-18 22:03:47    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-08-18 22:03:37    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-08-18 22:03:01    758272    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-08-18 21:57:44    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-08-18 21:56:17    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-08-18 21:46:26    454656    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-08-18 21:45:23    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-08-18 21:45:12    72704    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-08-18 21:44:44    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44:09    61952    ----a-w-    C:\Windows\SysWow64\MshtmlDac.dll
2014-08-18 21:36:07    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-08-18 21:35:24    597504    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-08-18 21:23:17    2104832    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-08-18 21:23:16    1249280    ----a-w-    C:\Windows\System32\mshtmlmedia.dll
2014-08-18 21:22:48    60416    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:15:13    2310656    ----a-w-    C:\Windows\System32\wininet.dll
2014-08-18 21:08:54    2014208    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-08-18 21:07:44    1068032    ----a-w-    C:\Windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:46:48    1812992    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-07-25 01:35:46    875688    ----a-w-    C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 22:47:06    869544    ----a-w-    C:\Windows\System32\msvcr120_clr0400.dll
.
============= FINISH: 16:54:20,10 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:03 PM

Posted 25 September 2014 - 12:28 PM

Hi there,

please run a FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 miesze

miesze
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 25 September 2014 - 01:04 PM

Hi there! Thanks for helping!

First of all, I forgot to mention, we have a dualboot system with Linux (Elementary) and Windows 7, I don't know if this information matters.

 

 

Here are the logs.

FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-09-2014 01
Ran by Jose (administrator) on JOSE-W on 25-09-2014 18:56:44
Running from C:\Users\Jose\Desktop
Loaded Profiles: Jose & UpdatusUser (Available profiles: Jose & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Português (Portugal)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Dropbox, Inc.) C:\Users\Jose\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2824528 2013-11-26] (ELAN Microelectronics Corp.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5581888 2014-02-24] (ESET)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-370231555-3394855781-2661931009-1000\...\Run: [EPSON SX510W Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIE.EXE [223232 2008-11-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-370231555-3394855781-2661931009-1000\...\Policies\Explorer: []
HKU\S-1-5-21-370231555-3394855781-2661931009-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-370231555-3394855781-2661931009-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-370231555-3394855781-2661931009-1000\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-370231555-3394855781-2661931009-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-370231555-3394855781-2661931009-1000\...\Policies\Explorer: [Run] "C:\Users\Jose\AppData\Roaming\Microsoft\Windows\IEUpdate\label.exe"
HKU\S-1-5-21-370231555-3394855781-2661931009-1000\...\MountPoints2: {31189e01-5689-11e3-8d80-806e6f6e6963} - D:\setup.exe
HKU\S-1-5-21-370231555-3394855781-2661931009-1000\...\MountPoints2: {337301f9-133f-11e4-814d-ef907a2db033} - E:\AutoRun.exe
HKU\S-1-5-21-370231555-3394855781-2661931009-1000\...\MountPoints2: {3373020b-133f-11e4-814d-ef907a2db033} - E:\AutoRun.exe
HKU\S-1-5-21-370231555-3394855781-2661931009-1000\...\MountPoints2: {33730216-133f-11e4-814d-ef907a2db033} - E:\AutoRun.exe
HKU\S-1-5-21-370231555-3394855781-2661931009-1000\...\MountPoints2: {4d124a81-133b-11e4-bfbe-ba6485776e34} - E:\AutoRun.exe
HKU\S-1-5-21-370231555-3394855781-2661931009-1000\...\MountPoints2: {4d124a8e-133b-11e4-bfbe-ba6485776e34} - E:\AutoRun.exe
HKU\S-1-5-21-370231555-3394855781-2661931009-1000\...\MountPoints2: {4d124abe-133b-11e4-bfbe-ba6485776e34} - E:\AutoRun.exe
HKU\S-1-5-21-370231555-3394855781-2661931009-1000\...\MountPoints2: {4d124ad2-133b-11e4-bfbe-ba6485776e34} - E:\AutoRun.exe
HKU\S-1-5-21-370231555-3394855781-2661931009-1000\...\MountPoints2: {5f6eda86-6d92-11e3-b171-e494c1fd48dc} - E:\AutoRun.exe
HKU\S-1-5-21-370231555-3394855781-2661931009-1000\...\MountPoints2: {5f6eda9d-6d92-11e3-b171-e494c1fd48dc} - E:\AutoRun.exe
HKU\S-1-5-21-370231555-3394855781-2661931009-1000\...\MountPoints2: {5f6edaaa-6d92-11e3-b171-e494c1fd48dc} - E:\AutoRun.exe
HKU\S-1-5-21-370231555-3394855781-2661931009-1000\...\MountPoints2: {6724a203-171a-11e4-8070-eb22fda4c430} - E:\AutoRun.exe
HKU\S-1-5-21-370231555-3394855781-2661931009-1000\...\MountPoints2: {6724a236-171a-11e4-8070-eb22fda4c430} - E:\AutoRun.exe
HKU\S-1-5-21-370231555-3394855781-2661931009-1000\...\MountPoints2: {aac6ef9a-ae8e-11e3-85e4-e8039ab771dc} - E:\AutoRun.exe
HKU\S-1-5-21-370231555-3394855781-2661931009-1000\...\MountPoints2: {aac6efba-ae8e-11e3-85e4-e8039ab771dc} - E:\AutoRun.exe
HKU\S-1-5-21-370231555-3394855781-2661931009-1000\...\Winlogon: [Shell] C:\Windows\expstart.exe [925184 2013-11-27] () <==== ATTENTION
HKU\S-1-5-21-370231555-3394855781-2661931009-1001\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation)
Startup: C:\Users\Jose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Jose\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: 1SecureIconsProvider -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll ()
ShellIconOverlayIdentifiers: AutoCAD Digital Signatures Icon Overlay Handler -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://pt.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC73A37F8A3EACE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{00DE21F1-F272-44F4-AF20-83926AFFF440}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{065FE3B0-5FE0-41C6-8483-5D68F952CB80}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{5BADF103-4ADC-4423-AB2E-BD1BF05A29E1}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{5C41539E-1209-4FAD-9CBB-F2EA418F9FBE}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{9E7A9BB3-7378-435F-8EEF-52EA520328FE}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{BC8E17D3-B0E8-483F-90D1-EC814565811E}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,62.169.67.167 62.169.64.129
Tcpip\..\Interfaces\{DE86B5BC-A044-42E2-AF12-DB10D9C46855}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\Jose\AppData\Roaming\Mozilla\Firefox\Profiles\t2vr696j.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jose\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Jose\AppData\Roaming\Mozilla\Firefox\Profiles\t2vr696j.default\searchplugins\google-tradutor.xml
FF SearchPlugin: C:\Users\Jose\AppData\Roaming\Mozilla\Firefox\Profiles\t2vr696j.default\searchplugins\pesquisa-de-vdeos-do-youtube.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\priberam.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\sapo.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipedia-ptpt.xml
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\Jose\AppData\Roaming\Mozilla\Firefox\Profiles\t2vr696j.default\Extensions\2020Player_IKEA@2020Technologies.com [2014-03-21]
FF Extension: Microsoft.Audio.AudioClient Binder - C:\Users\Jose\AppData\Roaming\Mozilla\Firefox\Profiles\t2vr696j.default\Extensions\{41E54E59-60FF-A99C-BAD7-619B312679AB} [2014-09-15]
FF Extension: MZ8 - C:\Users\Jose\AppData\Roaming\Mozilla\Firefox\Profiles\t2vr696j.default\Extensions\someone@somewhere.xpi [2014-05-05]
FF Extension: Adblock Plus - C:\Users\Jose\AppData\Roaming\Mozilla\Firefox\Profiles\t2vr696j.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-27]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-09-18]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1343408 2014-02-24] (ESET)
S4 EPSON_EB_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE [163840 2007-12-17] (SEIKO EPSON CORPORATION) [File not signed]
S4 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE [126464 2007-01-11] (SEIKO EPSON CORPORATION) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2013-11-26] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2013-11-26] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-05-08] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 SamsungDeviceConfigurationWinService; C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [31624 2012-02-13] () [File not signed]
S2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3000664 2014-08-28] (Samsung Electronics CO., LTD.)
S4 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [24168 2009-07-13] (The Within Network, LLC)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3385584 2013-05-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [157432 2013-09-17] (ESET)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-25] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [47072 2012-10-09] (Windows ® Win 7 DDK provider)
R2 uxpatch; C:\Windows\system32\drivers\uxpatch.sys [30568 2009-07-13] ()
R3 XHCIPort; C:\Windows\System32\DRIVERS\XHCIPort.sys [188896 2012-10-09] (Windows ® Win 7 DDK provider)
S3 SBIOSIO; \??\C:\Users\Jose\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-25 18:56 - 2014-09-25 18:56 - 00018237 _____ () C:\Users\Jose\Desktop\FRST.txt
2014-09-25 18:55 - 2014-09-25 18:56 - 00041334 _____ () C:\Users\Jose\Downloads\FRST.txt
2014-09-25 18:55 - 2014-09-25 18:56 - 00032103 _____ () C:\Users\Jose\Downloads\Addition.txt
2014-09-25 18:54 - 2014-09-25 18:54 - 00000000 ____D () C:\Users\Jose\Downloads\FRST-OlderVersion
2014-09-25 17:27 - 2014-09-25 17:27 - 00000000 ____D () C:\Users\Jose\Desktop\logs bleeping
2014-09-25 16:32 - 2014-09-25 16:32 - 00688992 ____R (Swearware) C:\Users\Jose\Downloads\dds.com
2014-09-25 13:39 - 2014-09-25 14:08 - 00000000 ____D () C:\Users\Jose\Downloads\Materiais_modelos
2014-09-25 10:23 - 2014-09-25 18:56 - 00000000 ____D () C:\FRST
2014-09-25 10:23 - 2014-09-25 18:54 - 02108928 _____ (Farbar) C:\Users\Jose\Desktop\FRST64.exe
2014-09-25 02:00 - 2014-09-25 02:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-24 00:30 - 2014-09-24 00:30 - 00000310 _____ () C:\Windows\PFRO.log
2014-09-24 00:27 - 2014-09-24 00:27 - 00415232 _____ (Farbar) C:\Users\Jose\Downloads\FSS.exe
2014-09-24 00:26 - 2014-09-24 00:29 - 00000000 ____D () C:\AdwCleaner
2014-09-24 00:26 - 2014-09-24 00:26 - 01373475 _____ () C:\Users\Jose\Downloads\adwcleaner_3.310.exe
2014-09-23 19:27 - 2014-09-25 16:56 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-23 19:27 - 2014-09-23 19:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-23 19:26 - 2014-09-23 19:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-23 19:26 - 2014-09-23 19:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-23 19:26 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-23 19:26 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-23 19:26 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-18 18:13 - 2014-09-18 18:13 - 00349688 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-18 17:57 - 2014-09-18 17:57 - 00091464 _____ () C:\Users\Jose\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-18 14:44 - 2014-09-25 18:10 - 00000784 _____ () C:\Windows\setupact.log
2014-09-18 14:44 - 2014-09-18 14:44 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-18 13:03 - 2014-08-19 19:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-18 13:03 - 2014-08-19 18:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-18 13:03 - 2014-08-19 00:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-18 13:03 - 2014-08-18 23:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-18 13:03 - 2014-08-18 23:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-18 13:03 - 2014-08-18 23:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-18 13:03 - 2014-08-18 23:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-18 13:03 - 2014-08-18 23:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-18 13:03 - 2014-08-18 23:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-18 13:03 - 2014-08-18 23:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-18 13:03 - 2014-08-18 23:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-18 13:03 - 2014-08-18 23:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-18 13:03 - 2014-08-18 23:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-18 13:03 - 2014-08-18 23:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-18 13:03 - 2014-08-18 23:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-18 13:03 - 2014-08-18 23:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-18 13:03 - 2014-08-18 23:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-18 13:03 - 2014-08-18 23:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-18 13:03 - 2014-08-18 23:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-18 13:03 - 2014-08-18 22:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-18 13:03 - 2014-08-18 22:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-18 13:03 - 2014-08-18 22:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-18 13:03 - 2014-08-18 22:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-18 13:03 - 2014-08-18 22:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-18 13:03 - 2014-08-18 22:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-18 13:03 - 2014-08-18 22:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-18 13:03 - 2014-08-18 22:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-18 13:03 - 2014-08-18 22:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-18 13:03 - 2014-08-18 22:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-18 13:03 - 2014-08-18 22:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-18 13:03 - 2014-08-18 22:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-18 13:03 - 2014-08-18 22:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-18 13:03 - 2014-08-18 22:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-18 13:03 - 2014-08-18 22:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-18 13:03 - 2014-08-18 22:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-18 13:03 - 2014-08-18 22:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-18 13:03 - 2014-08-18 22:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-18 13:03 - 2014-08-18 22:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-18 13:03 - 2014-08-18 22:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-18 13:03 - 2014-08-18 22:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-18 13:03 - 2014-08-18 22:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-18 13:03 - 2014-08-18 22:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-18 13:03 - 2014-08-18 22:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-18 13:03 - 2014-08-18 22:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-18 13:03 - 2014-08-18 22:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-18 13:03 - 2014-08-18 22:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-18 13:03 - 2014-08-18 22:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-18 13:03 - 2014-08-18 22:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-18 13:03 - 2014-08-18 22:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-18 13:03 - 2014-08-18 22:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-18 13:03 - 2014-08-18 22:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-18 13:03 - 2014-08-18 21:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-18 13:03 - 2014-08-18 21:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-18 13:03 - 2014-08-18 21:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-18 13:03 - 2014-08-18 21:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-18 13:03 - 2014-08-18 21:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-18 12:52 - 2014-06-30 23:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-09-18 12:52 - 2014-06-30 23:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-09-18 12:52 - 2014-03-09 22:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-09-18 12:52 - 2014-03-09 22:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-09-18 12:52 - 2014-03-09 22:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-09-18 12:52 - 2014-03-09 22:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-09-18 12:51 - 2014-06-06 07:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-09-18 12:51 - 2014-06-06 07:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-09-18 12:50 - 2014-06-16 03:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-09-18 12:49 - 2014-07-16 04:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-18 12:49 - 2014-07-16 03:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-18 12:48 - 2014-07-07 03:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-18 12:48 - 2014-07-07 03:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-18 12:48 - 2014-07-07 02:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-18 12:48 - 2014-07-07 02:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-18 12:48 - 2014-07-07 02:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-18 12:48 - 2014-06-03 11:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-09-18 12:48 - 2014-06-03 11:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-09-18 12:48 - 2014-06-03 11:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-09-18 12:48 - 2014-06-03 11:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-09-18 12:48 - 2014-06-03 10:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-09-18 12:48 - 2014-06-03 10:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-09-18 12:48 - 2014-06-03 10:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-09-18 12:43 - 2014-08-23 03:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-18 12:43 - 2014-08-23 02:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-09-18 12:43 - 2014-08-23 01:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-18 12:42 - 2014-07-14 03:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-09-18 12:42 - 2014-07-14 02:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-09-18 12:26 - 2014-05-14 17:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-18 12:26 - 2014-05-14 17:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-18 12:26 - 2014-05-14 17:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-09-18 12:26 - 2014-05-14 17:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-18 12:26 - 2014-05-14 17:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-09-18 12:26 - 2014-05-14 17:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-09-18 12:26 - 2014-05-14 17:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-09-18 12:26 - 2014-05-14 17:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-18 12:26 - 2014-05-14 17:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-18 12:26 - 2014-05-14 17:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-09-18 12:26 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-18 12:26 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-09-18 12:26 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-09-18 12:26 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-09-18 11:02 - 2014-09-18 11:02 - 00000000 ____D () C:\Users\Jose\AppData\Local\ESET
2014-09-18 10:46 - 2014-09-18 10:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-09-18 10:46 - 2014-09-18 10:46 - 00000000 ____D () C:\ProgramData\ESET
2014-09-18 10:46 - 2014-09-18 10:46 - 00000000 ____D () C:\Program Files\ESET
2014-09-18 10:37 - 2014-09-18 10:37 - 01695680 _____ (ESET) C:\Users\Jose\Downloads\eset_nod32_antivirus_live_installer_.exe
2014-09-18 01:55 - 2014-09-18 01:58 - 00115696 _____ () C:\Windows\system32\Drivers\ESETRovnixCleanerDrv.sys
2014-09-18 01:55 - 2014-09-18 01:55 - 00319176 _____ (ESET) C:\Users\Jose\Downloads\ESETRovnixCleaner.exe
2014-09-18 01:31 - 2014-09-18 01:31 - 00003272 _____ () C:\Users\Jose\Downloads\ESETSimdaCleaner.exe_20140918.013149.6968.log
2014-09-18 00:59 - 2014-09-18 00:59 - 00000000 ____D () C:\boot-sav
2014-09-17 23:00 - 2014-09-17 23:00 - 00210176 _____ (ESET) C:\Users\Jose\Downloads\ESETSimdaCleaner.exe
2014-09-17 14:50 - 2014-09-17 22:15 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2014-09-15 16:40 - 2014-09-18 11:03 - 00000000 ____D () C:\Users\Jose\AppData\Local\IPsoft
2014-09-15 16:40 - 2014-09-18 11:03 - 00000000 ____D () C:\Users\Jose\AppData\Local\Efftion
2014-09-15 16:39 - 2014-09-15 16:39 - 00003208 _____ () C:\Windows\System32\Tasks\{89882D1D-46DA-4B38-A0ED-98BFCD417180}
2014-09-13 16:21 - 2014-09-13 16:21 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-09-10 16:32 - 2014-09-10 16:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-09-10 16:32 - 2014-09-10 16:32 - 00000000 ____D () C:\Program Files (x86)\Foxit Reader
2014-09-10 13:21 - 2012-02-25 02:25 - 00002172 _____ () C:\Users\Jose\Downloads\inst.ini
2014-09-10 13:21 - 2010-12-17 07:23 - 00508416 _____ (Samsung Electronics Co., Ltd.) C:\Users\Jose\Downloads\Inst.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-25 18:56 - 2014-09-25 18:56 - 00018237 _____ () C:\Users\Jose\Desktop\FRST.txt
2014-09-25 18:56 - 2014-09-25 18:55 - 00041334 _____ () C:\Users\Jose\Downloads\FRST.txt
2014-09-25 18:56 - 2014-09-25 18:55 - 00032103 _____ () C:\Users\Jose\Downloads\Addition.txt
2014-09-25 18:56 - 2014-09-25 10:23 - 00000000 ____D () C:\FRST
2014-09-25 18:54 - 2014-09-25 18:54 - 00000000 ____D () C:\Users\Jose\Downloads\FRST-OlderVersion
2014-09-25 18:54 - 2014-09-25 10:23 - 02108928 _____ (Farbar) C:\Users\Jose\Desktop\FRST64.exe
2014-09-25 18:10 - 2014-09-18 14:44 - 00000784 _____ () C:\Windows\setupact.log
2014-09-25 17:27 - 2014-09-25 17:27 - 00000000 ____D () C:\Users\Jose\Desktop\logs bleeping
2014-09-25 16:56 - 2014-09-23 19:27 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-25 16:32 - 2014-09-25 16:32 - 00688992 ____R (Swearware) C:\Users\Jose\Downloads\dds.com
2014-09-25 16:18 - 2009-07-14 05:45 - 00017152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-25 16:18 - 2009-07-14 05:45 - 00017152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-25 16:15 - 2011-03-21 21:27 - 00721146 _____ () C:\Windows\system32\prfh0816.dat
2014-09-25 16:15 - 2011-03-21 21:27 - 00153098 _____ () C:\Windows\system32\prfc0816.dat
2014-09-25 16:15 - 2009-07-14 06:13 - 01656214 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-25 16:14 - 2013-11-26 12:00 - 01401513 _____ () C:\Windows\WindowsUpdate.log
2014-09-25 16:12 - 2014-05-20 12:38 - 00000000 ___RD () C:\Users\Jose\Dropbox
2014-09-25 16:12 - 2014-05-20 12:36 - 00000000 ____D () C:\Users\Jose\AppData\Roaming\Dropbox
2014-09-25 16:11 - 2013-11-26 19:36 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-09-25 16:10 - 2014-03-17 14:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-25 16:10 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-25 14:08 - 2014-09-25 13:39 - 00000000 ____D () C:\Users\Jose\Downloads\Materiais_modelos
2014-09-25 02:01 - 2014-09-25 02:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-24 12:02 - 2013-11-26 19:36 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-09-24 10:21 - 2013-11-26 19:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-09-24 00:30 - 2014-09-24 00:30 - 00000310 _____ () C:\Windows\PFRO.log
2014-09-24 00:29 - 2014-09-24 00:26 - 00000000 ____D () C:\AdwCleaner
2014-09-24 00:27 - 2014-09-24 00:27 - 00415232 _____ (Farbar) C:\Users\Jose\Downloads\FSS.exe
2014-09-24 00:26 - 2014-09-24 00:26 - 01373475 _____ () C:\Users\Jose\Downloads\adwcleaner_3.310.exe
2014-09-23 23:50 - 2014-06-11 23:41 - 00000000 ____D () C:\Windows\pss
2014-09-23 19:27 - 2014-09-23 19:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-23 19:26 - 2014-09-23 19:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-23 19:26 - 2014-09-23 19:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-23 19:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-09-22 07:42 - 2010-11-21 04:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-18 18:13 - 2014-09-18 18:13 - 00349688 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-18 17:57 - 2014-09-18 17:57 - 00091464 _____ () C:\Users\Jose\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-18 14:44 - 2014-09-18 14:44 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-18 14:27 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-09-18 12:59 - 2013-11-27 19:01 - 01622074 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-18 11:07 - 2014-05-20 12:38 - 00001012 _____ () C:\Users\Jose\Desktop\Dropbox.lnk
2014-09-18 11:07 - 2014-05-20 12:37 - 00000000 ____D () C:\Users\Jose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-18 11:03 - 2014-09-15 16:40 - 00000000 ____D () C:\Users\Jose\AppData\Local\IPsoft
2014-09-18 11:03 - 2014-09-15 16:40 - 00000000 ____D () C:\Users\Jose\AppData\Local\Efftion
2014-09-18 11:02 - 2014-09-18 11:02 - 00000000 ____D () C:\Users\Jose\AppData\Local\ESET
2014-09-18 10:46 - 2014-09-18 10:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-09-18 10:46 - 2014-09-18 10:46 - 00000000 ____D () C:\ProgramData\ESET
2014-09-18 10:46 - 2014-09-18 10:46 - 00000000 ____D () C:\Program Files\ESET
2014-09-18 10:37 - 2014-09-18 10:37 - 01695680 _____ (ESET) C:\Users\Jose\Downloads\eset_nod32_antivirus_live_installer_.exe
2014-09-18 01:58 - 2014-09-18 01:55 - 00115696 _____ () C:\Windows\system32\Drivers\ESETRovnixCleanerDrv.sys
2014-09-18 01:55 - 2014-09-18 01:55 - 00319176 _____ (ESET) C:\Users\Jose\Downloads\ESETRovnixCleaner.exe
2014-09-18 01:31 - 2014-09-18 01:31 - 00003272 _____ () C:\Users\Jose\Downloads\ESETSimdaCleaner.exe_20140918.013149.6968.log
2014-09-18 00:59 - 2014-09-18 00:59 - 00000000 ____D () C:\boot-sav
2014-09-17 23:00 - 2014-09-17 23:00 - 00210176 _____ (ESET) C:\Users\Jose\Downloads\ESETSimdaCleaner.exe
2014-09-17 22:15 - 2014-09-17 14:50 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2014-09-17 19:17 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-15 16:39 - 2014-09-15 16:39 - 00003208 _____ () C:\Windows\System32\Tasks\{89882D1D-46DA-4B38-A0ED-98BFCD417180}
2014-09-15 16:38 - 2014-08-01 14:58 - 00000000 ____D () C:\Windows\Minidump
2014-09-15 16:38 - 2014-05-19 17:05 - 00000000 ____D () C:\Users\Jose\AppData\Roaming\uTorrent
2014-09-15 16:37 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-09-13 16:21 - 2014-09-13 16:21 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-09-10 16:32 - 2014-09-10 16:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-09-10 16:32 - 2014-09-10 16:32 - 00000000 ____D () C:\Program Files (x86)\Foxit Reader
2014-09-09 13:06 - 2014-06-04 18:33 - 00000779 _____ () C:\Users\Jose\Documents\plot.log
2014-08-29 13:01 - 2014-03-17 14:01 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Jose\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpifuzgv.dll
C:\Users\Jose\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyyxmkm.dll
C:\Users\Jose\AppData\Local\Temp\InstHelper.exe
C:\Users\Jose\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-23 19:05

==================== End Of Log ============================

 

 

 

 

 

 

Here is Addition.txt:

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-09-2014 01
Ran by Jose at 2014-09-25 18:57:04
Running from C:\Users\Jose\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AV: ESET NOD32 Antivirus 7.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
AS: ESET NOD32 Antivirus 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.31227 - BitTorrent Inc.)
Actualizações da NVIDIA 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\Adobe Photoshop CS6) (Version: 13.0.0.0 - © The Computer Guy Tony)
AutoCAD 2015 - English (Version: 20.0.51.0 - Autodesk) Hidden
AutoCAD 2015 Language Pack - English (Version: 20.0.51.0 - Autodesk) Hidden
Autodesk AutoCAD 2015 - English (HKLM\...\AutoCAD 2015 - English) (Version: 20.0.51.0 - Autodesk)
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk)
Autodesk Content Service (x32 Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (x32 Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Material Library 2015 (HKLM-x32\...\{427F733F-4D6C-45BC-9324-EB743104C321}) (Version: 5.2.9.100 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2015 (HKLM-x32\...\{ABE2F70B-8D94-44E9-AA04-F0DB35063D62}) (Version: 5.2.9.100 - Autodesk)
Bullzip PDF Printer 10.4.0.2240 (HKLM\...\Bullzip PDF Printer_is1) (Version: 10.4.0.2240 - Bullzip)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Centro da Microsoft de Ratos e Teclados (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Centro da Microsoft de Ratos e Teclados (Version: 2.3.188.0 - Microsoft Corporation) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Easy Settings (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 1.1 - Samsung Electronics CO., LTD.)
EPSON SX510W Series Printer Uninstall (HKLM\...\EPSON SX510W Series) (Version:  - SEIKO EPSON Corporation)
ESET NOD32 Antivirus (HKLM\...\{FBC0F617-1AA0-4483-8153-3FD97FE01D9E}) (Version: 7.0.317.4 - ESET, spol s r. o.)
ETDWare PS/2-X64 10.7.17.5_WHQL (HKLM\...\Elantech) (Version: 10.7.17.5 - ELAN Microelectronic Corp.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.5.624 - Foxit Corporation)
Importação do SketchUp (HKLM-x32\...\{C403E867-FCF1-432B-BCC1-8FFD40A10A6E}) (Version: 1.2.0 - Autodesk)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (Version: 15.8.0.0548 - Intel Corporation) Hidden
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{520C4DD4-2BC7-409B-BA48-E1A4F832662D}) (Version: 2.1.0.0140 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software Driver (Version: 15.08.0000.0320 - Intel Corporation) Hidden
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation)
Intel® WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® PROSet/Wireless WiFi Software (Version: 15.08.0000.0196 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
IRS - Modelo 3 2.0.7.0069 (HKLM\...\4041-6604-5356-9627) (Version: 2.0.7.0069 - AT)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ 7 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417000FF}) (Version: 7.0.0 - Oracle)
Malwarebytes Anti-Malware versão 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 32.0.3 (x86 pt-PT) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 pt-PT)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
NVIDIA Controlador gráfico 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA O software do sistema PhysX 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Optimus 1.14.17 (Version: 1.14.17 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.0213 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.14.17 - NVIDIA Corporation) Hidden
Painel de controlo da NVIDIA 327.02 (Version: 327.02 - NVIDIA Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.50.1123.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6699 - Realtek Semiconductor Corp.)
Resource Hacker Version 3.6.0 (HKLM-x32\...\ResourceHacker_is1) (Version:  - )
S Agent (Version: 1.1.48 - Samsung Electronics CO., LTD.) Hidden
SketchUp 2014 (HKLM-x32\...\{A608A8D3-E77C-4BEE-8F2A-F8124F5F0FE2}) (Version: 14.0.4900 - Trimble Navigation Limited)
Software Intel® PROSet/Wireless (HKLM-x32\...\{ae509f68-6982-4506-befc-f2218d72cd5e}) (Version: 15.8.0 - Intel Corporation)
SW Update (HKLM-x32\...\{E74136C1-4ABE-44A2-8141-469818312175}) (Version: 2.2.0 - Samsung Electronics CO., LTD.)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
UxStyle Core Beta (HKLM\...\{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}) (Version: 0.2.1.1 - The Within Network, LLC)
V-Ray for SketchUp demo (HKLM-x32\...\V-Ray for SketchUp demo 2.00.24261) (Version: 2.00.24261 - Chaos Software, Ltd)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
ZON NET Mobile (HKLM-x32\...\ZON NET Mobile) (Version: 11.302.09.01.548 - Huawei Technologies Co.,Ltd)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-370231555-3394855781-2661931009-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jose\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-370231555-3394855781-2661931009-1000_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-370231555-3394855781-2661931009-1000_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-370231555-3394855781-2661931009-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2015\en-US\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-370231555-3394855781-2661931009-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jose\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-370231555-3394855781-2661931009-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jose\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-370231555-3394855781-2661931009-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jose\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-370231555-3394855781-2661931009-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jose\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-370231555-3394855781-2661931009-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jose\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-370231555-3394855781-2661931009-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jose\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-370231555-3394855781-2661931009-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jose\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-370231555-3394855781-2661931009-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jose\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-09-17 22:15 - 00001394 _RASH C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
107.181.174.68 www.google-analytics.com.
107.181.174.68 google-analytics.com.
107.181.174.68 connect.facebook.net.
188.40.62.184 www.google-analytics.com.
188.40.62.184 google-analytics.com.
188.40.62.184 connect.facebook.net.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1536105D-E58D-4523-AE23-04BB3E153B04} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {164DDFE0-AAAD-4724-A1D2-4A2DBB7C886D} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\Easy Settings\EBM\EasyBatteryMgr4.exe [2011-11-18] (SAMSUNG Electronics co., LTD.)
Task: {30309731-FA2E-4327-B740-E8098BF1DB5A} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {342B8FD0-EB8F-4720-95F5-2D72F5D83CE0} - System32\Tasks\SCCSpeedBoot => C:\Program Files (x86)\Samsung\Easy Settings\SCCSpeedBoot.exe [2012-03-27] (Samsung Electronics Co., Ltd.)
Task: {3F500E3E-D377-476C-B707-E884D21FA564} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2014-06-02] (Samsung Electronics CO., LTD.)
Task: {43449782-30EE-4420-B0E9-64BA3DAF86D3} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe [2012-04-25] (Samsung Electronics Co., Ltd.)
Task: {4F2A1ACE-A50D-439A-BD07-283059E2C4ED} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {56304554-44BB-4AF3-BDBC-239B713A9DEA} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {5B47D245-9AFD-48C6-8877-4C13A9725299} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {5E4E0692-815F-47A3-9A01-FB513AFA9B4D} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe [2012-05-30] (Samsung Electronics Co., Ltd.)
Task: {6988D7E1-18AC-4769-B2C7-58FF14BE3FED} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe [2012-01-31] (Samsung Electronics)
Task: {6C6E9A25-2C39-4812-BB4C-ABD712C8CE0C} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {88C5CBD1-0177-4D09-96FB-B05517E6FD88} - System32\Tasks\SmartSetting => C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe [2012-05-02] (Samsung Electronics Co., Ltd.)
Task: {C1F9043F-E99A-483F-A3F7-B118F5381D44} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {D86CEFF5-AF1D-49F5-8318-698DD8A5B274} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {EF0A3F1E-45A1-45D2-A0F9-D5687A998F6D} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe [2012-04-03] (Samsung Electronics)
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe

==================== Loaded Modules (whitelisted) =============

2013-11-26 19:39 - 2013-08-29 23:43 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-09-15 16:38 - 2014-09-15 16:38 - 03140096 _____ () C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll
2013-11-26 19:35 - 2013-11-26 19:33 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2013-11-26 19:11 - 2012-02-13 16:02 - 00031624 _____ () C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
2013-11-26 19:35 - 2013-11-26 19:35 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll
2013-11-26 19:11 - 2011-02-17 02:03 - 00203776 _____ () C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll
2013-11-26 19:11 - 2006-08-12 13:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll
2014-09-25 16:12 - 2014-09-25 16:12 - 00043008 _____ () c:\users\jose\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyyxmkm.dll
2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\Jose\AppData\Roaming\Dropbox\bin\libcef.dll
2014-09-25 02:01 - 2014-09-25 02:01 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-11-26 19:35 - 2013-11-26 19:33 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Autodesk Content Service => 3
MSCONFIG\Services: EPSON_EB_RPCV4_01 => 2
MSCONFIG\Services: EPSON_PM_RPCV4_01 => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: UnsignedThemes => 3
MSCONFIG\startupfolder: C:^Users^Jose^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Efftion => regsvr32.exe C:\Users\Jose\AppData\Local\Efftion\xglxowkmv.dll
MSCONFIG\startupreg: Ermtion => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Jose\AppData\Local\IPsoft\axutil.dll

========================= Accounts: ==========================

Administrador (S-1-5-21-370231555-3394855781-2661931009-500 - Disabled - Status: Degraded)
Convidado (S-1-5-21-370231555-3394855781-2661931009-501 - Disabled - Status: Degraded)
HomeGroupUser$ (S-1-5-21-370231555-3394855781-2661931009-1003 - Enabled - Status: OK)
Jose (S-1-5-21-370231555-3394855781-2661931009-1000 - Enabled - Status: OK) => C:\Users\Jose
UpdatusUser (S-1-5-21-370231555-3394855781-2661931009-1001 - Enabled - Status: OK) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/25/2014 04:13:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome da aplicação com falha: SWMAgent.exe, versão: 2.2.0.7, carimbo de data/hora: 0x53fed6fe
Nome do módulo com falha: SWMAgent.exe, versão: 2.2.0.7, carimbo de data/hora: 0x53fed6fe
Código de excepção: 0xc0000005
Desvio de falha: 0x00006464
ID do processo com falha: 0x7dc
Data/hora de início da aplicação com falha: 0xSWMAgent.exe0
Caminho da aplicação com falha: SWMAgent.exe1
Caminho do módulo com falha: SWMAgent.exe2
ID do Relatório: SWMAgent.exe3

Error: (09/25/2014 04:11:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/25/2014 10:14:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome da aplicação com falha: SWMAgent.exe, versão: 2.2.0.7, carimbo de data/hora: 0x53fed6fe
Nome do módulo com falha: SWMAgent.exe, versão: 2.2.0.7, carimbo de data/hora: 0x53fed6fe
Código de excepção: 0xc0000005
Desvio de falha: 0x00006464
ID do processo com falha: 0xa40
Data/hora de início da aplicação com falha: 0xSWMAgent.exe0
Caminho da aplicação com falha: SWMAgent.exe1
Caminho do módulo com falha: SWMAgent.exe2
ID do Relatório: SWMAgent.exe3

Error: (09/25/2014 10:12:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/24/2014 10:23:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome da aplicação com falha: SWMAgent.exe, versão: 2.2.0.7, carimbo de data/hora: 0x53fed6fe
Nome do módulo com falha: SWMAgent.exe, versão: 2.2.0.7, carimbo de data/hora: 0x53fed6fe
Código de excepção: 0xc0000005
Desvio de falha: 0x00006464
ID do processo com falha: 0x70c
Data/hora de início da aplicação com falha: 0xSWMAgent.exe0
Caminho da aplicação com falha: SWMAgent.exe1
Caminho do módulo com falha: SWMAgent.exe2
ID do Relatório: SWMAgent.exe3

Error: (09/24/2014 00:32:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome da aplicação com falha: ZeroConfigService.exe, versão: 15.8.0.0, carimbo de data/hora: 0x518ac980
Nome do módulo com falha: MurocApi.dll, versão: 15.8.0.0, carimbo de data/hora: 0x518ac8a0
Código de excepção: 0xc0000005
Desvio de falha: 0x0000000000026990
ID do processo com falha: 0xc1c
Data/hora de início da aplicação com falha: 0xZeroConfigService.exe0
Caminho da aplicação com falha: ZeroConfigService.exe1
Caminho do módulo com falha: ZeroConfigService.exe2
ID do Relatório: ZeroConfigService.exe3

Error: (09/24/2014 00:32:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/24/2014 00:12:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/23/2014 11:53:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/23/2014 07:58:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (09/25/2014 06:31:18 PM) (Source: bowser) (EventID: 8003) (User: )
Description: O browser principal recebeu um aviso de servidor a partir do computador JOANA
que pensa que é o browser principal do domínio no transporte NetBT_Tcpip_{9E7A9BB3-7378-435F-8EEF-52EA520328FE}.
O browser principal está a ser terminado ou está a ser forçada uma eleição.

Error: (09/25/2014 05:31:31 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: O nome "WORKGROUP      :1d" não pode ser registado na interface com o endereço IP 192.168.1.4.
O computador com o endereço IP 192.168.1.6 não permitiu que o nome
fosse reivindicado por este computador.

Error: (09/25/2014 05:26:36 PM) (Source: bowser) (EventID: 8003) (User: )
Description: O browser principal recebeu um aviso de servidor a partir do computador JOANA-W7
que pensa que é o browser principal do domínio no transporte NetBT_Tcpip_{9E7A9BB3-7378-435F-8EEF-52EA520328FE}.
O browser principal está a ser terminado ou está a ser forçada uma eleição.

Error: (09/25/2014 05:22:40 PM) (Source: bowser) (EventID: 8003) (User: )
Description: O browser principal recebeu um aviso de servidor a partir do computador JOANA-W7
que pensa que é o browser principal do domínio no transporte NetBT_Tcpip_{9E7A9BB3-7378-435F-8EEF-52EA520328FE}.
O browser principal está a ser terminado ou está a ser forçada uma eleição.

Error: (09/25/2014 05:22:16 PM) (Source: bowser) (EventID: 8003) (User: )
Description: O browser principal recebeu um aviso de servidor a partir do computador JOANA
que pensa que é o browser principal do domínio no transporte NetBT_Tcpip_{9E7A9BB3-7378-435F-8EEF-52EA520328FE}.
O browser principal está a ser terminado ou está a ser forçada uma eleição.

Error: (09/25/2014 05:16:31 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: O nome "WORKGROUP      :1d" não pode ser registado na interface com o endereço IP 192.168.1.4.
O computador com o endereço IP 192.168.1.6 não permitiu que o nome
fosse reivindicado por este computador.

Error: (09/25/2014 05:11:58 PM) (Source: bowser) (EventID: 8003) (User: )
Description: O browser principal recebeu um aviso de servidor a partir do computador JOANA-W7
que pensa que é o browser principal do domínio no transporte NetBT_Tcpip_{9E7A9BB3-7378-435F-8EEF-52EA520328FE}.
O browser principal está a ser terminado ou está a ser forçada uma eleição.

Error: (09/25/2014 04:46:33 PM) (Source: bowser) (EventID: 8003) (User: )
Description: O browser principal recebeu um aviso de servidor a partir do computador JOANA
que pensa que é o browser principal do domínio no transporte NetBT_Tcpip_{9E7A9BB3-7378-435F-8EEF-52EA520328FE}.
O browser principal está a ser terminado ou está a ser forçada uma eleição.

Error: (09/25/2014 04:13:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço SW Update Service terminou inesperadamente. Isto aconteceu 1 vez(es).

Error: (09/25/2014 10:14:21 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço SW Update Service terminou inesperadamente. Isto aconteceu 1 vez(es).


Microsoft Office Sessions:
=========================
Error: (09/25/2014 04:13:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SWMAgent.exe2.2.0.753fed6feSWMAgent.exe2.2.0.753fed6fec0000005000064647dc01cfd8d2efb085d8C:\ProgramData\Samsung\SW Update Service\SWMAgent.exeC:\ProgramData\Samsung\SW Update Service\SWMAgent.exe7e6d6bce-44c6-11e4-9c90-c485081faedb

Error: (09/25/2014 04:11:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/25/2014 10:14:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: SWMAgent.exe2.2.0.753fed6feSWMAgent.exe2.2.0.753fed6fec000000500006464a4001cfd8a0da213081C:\ProgramData\Samsung\SW Update Service\SWMAgent.exeC:\ProgramData\Samsung\SW Update Service\SWMAgent.exe5345d19b-4494-11e4-bcad-e8039ab771dc

Error: (09/25/2014 10:12:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/24/2014 10:23:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: SWMAgent.exe2.2.0.753fed6feSWMAgent.exe2.2.0.753fed6fec00000050000646470c01cfd7d8e278a152C:\ProgramData\Samsung\SW Update Service\SWMAgent.exeC:\ProgramData\Samsung\SW Update Service\SWMAgent.exe6e371e3f-43cc-11e4-9447-c485081faedb

Error: (09/24/2014 00:32:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ZeroConfigService.exe15.8.0.0518ac980MurocApi.dll15.8.0.0518ac8a0c00000050000000000026990c1c01cfd78688fa3033C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exeC:\Program Files\Intel\WiFi\bin\MurocApi.dllda050d6e-4379-11e4-9447-c485081faedb

Error: (09/24/2014 00:32:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/24/2014 00:12:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/23/2014 11:53:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/23/2014 07:58:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: Intel® Core™ i5-3317U CPU @ 1.70GHz
Percentage of memory in use: 29%
Total physical RAM: 7973.54 MB
Available physical RAM: 5583.21 MB
Total Pagefile: 15945.25 MB
Available Pagefile: 13414.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:59.25 GB) (Free:8.36 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: FEFF8CFD)
Partition 1: (Not Active) - (Size=242.2 GB) - (Type=05)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=59.2 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=25 GB) - (Type=27)

========================================================
Disk: 1 (Size: 22.4 GB) (Disk ID: 000649AB)
Partition 1: (Not Active) - (Size=18.3 GB) - (Type=05)

==================== End Of Log ============================



#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:03 PM

Posted 26 September 2014 - 05:24 AM

Hi,

no the dualboot doesn't matter here. Let's remove the malware:


Step 1

Please download this attached Attached File  fixlist.txt   755bytes   36 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


Step 2

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#5 miesze

miesze
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 26 September 2014 - 06:16 AM

Well, for the first time Windows started with no warning about trojans.

 

 

Here are the logs.

Fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-09-2014 01
Ran by Jose at 2014-09-26 12:01:50 Run:1
Running from C:\Users\Jose\Desktop
Loaded Profiles: Jose & UpdatusUser (Available profiles: Jose & UpdatusUser)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
HKU\S-1-5-21-370231555-3394855781-2661931009-1000\...\Policies\Explorer: [Run] "C:\Users\Jose\AppData\Roaming\Microsoft\Windows\IEUpdate\label.exe"
C:\Users\Jose\AppData\Roaming\Microsoft\Windows\IEUpdate\label.exe
ShellIconOverlayIdentifiers: 1SecureIconsProvider -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll ()
C:\ProgramData\Microsoft\Secure
2014-09-15 16:40 - 2014-09-18 11:03 - 00000000 ____D () C:\Users\Jose\AppData\Local\IPsoft
2014-09-15 16:40 - 2014-09-18 11:03 - 00000000 ____D () C:\Users\Jose\AppData\Local\Efftion
2014-09-15 16:39 - 2014-09-15 16:39 - 00003208 _____ () C:\Windows\System32\Tasks\{89882D1D-46DA-4B38-A0ED-98BFCD417180}
Hosts:
EmptyTemp:

*****************

Processes closed successfully.
HKU\S-1-5-21-370231555-3394855781-2661931009-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\Run => value deleted successfully.
"C:\Users\Jose\AppData\Roaming\Microsoft\Windows\IEUpdate\label.exe" => File/Directory not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\1SecureIconsProvider" => Key deleted successfully.
"HKCR\CLSID\{FC9D8189-520A-4417-AED7-9EAC810C6FBA}" => Key deleted successfully.

"C:\ProgramData\Microsoft\Secure" directory move:

Could not move "C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll" => Scheduled to move on reboot.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp4193.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp46CF.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp6DBF.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp722.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp7BF3.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp9972.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmpC287.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmpC830.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmpCCA5.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\{969F3264-0FD8-B50C-0FBA-594F1ED31863} => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\{CF30507F-7A9E-40AB-0B93-358479A959B9} => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\zepplauncher.mif => Moved successfully.
Could not move "C:\ProgramData\Microsoft\Secure" directory. => Scheduled to move on reboot.

C:\Users\Jose\AppData\Local\IPsoft => Moved successfully.
C:\Users\Jose\AppData\Local\Efftion => Moved successfully.
C:\Windows\System32\Tasks\{89882D1D-46DA-4B38-A0ED-98BFCD417180} => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 553.5 MB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-09-26 12:05:17)<=

C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll => Is moved successfully.
C:\ProgramData\Microsoft\Secure => Is moved successfully.

==== End of Fixlog ====

 

 

 

 

 

FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-09-2014 01
Ran by Jose (administrator) on JOSE-W on 26-09-2014 12:07:13
Running from C:\Users\Jose\Desktop
Loaded Profiles: Jose & UpdatusUser (Available profiles: Jose & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Português (Portugal)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SCCSpeedBoot.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
(Dropbox, Inc.) C:\Users\Jose\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2824528 2013-11-26] (ELAN Microelectronics Corp.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5581888 2014-02-24] (ESET)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-370231555-3394855781-2661931009-1000\...\Run: [EPSON SX510W Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIE.EXE [223232 2008-11-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-370231555-3394855781-2661931009-1000\...\Policies\Explorer: []
HKU\S-1-5-21-370231555-3394855781-2661931009-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-370231555-3394855781-2661931009-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-370231555-3394855781-2661931009-1000\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-370231555-3394855781-2661931009-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-370231555-3394855781-2661931009-1000\...\MountPoints2: {31189e01-5689-11e3-8d80-806e6f6e6963} - D:\setup.exe
HKU\S-1-5-21-370231555-3394855781-2661931009-1000\...\MountPoints2: {337301f9-133f-11e4-814d-ef907a2db033} - E:\AutoRun.exe
HKU\S-1-5-21-370231555-3394855781-2661931009-1000\...\MountPoints2: {3373020b-133f-11e4-814d-ef907a2db033} - E:\AutoRun.exe
HKU\S-1-5-21-370231555-3394855781-2661931009-1000\...\MountPoints2: {33730216-133f-11e4-814d-ef907a2db033} - E:\AutoRun.exe
HKU\S-1-5-21-370231555-3394855781-2661931009-1000\...\MountPoints2: {4d124a81-133b-11e4-bfbe-ba6485776e34} - E:\AutoRun.exe
HKU\S-1-5-21-370231555-3394855781-2661931009-1000\...\MountPoints2: {4d124a8e-133b-11e4-bfbe-ba6485776e34} - E:\AutoRun.exe
HKU\S-1-5-21-370231555-3394855781-2661931009-1000\...\MountPoints2: {4d124abe-133b-11e4-bfbe-ba6485776e34} - E:\AutoRun.exe
HKU\S-1-5-21-370231555-3394855781-2661931009-1000\...\MountPoints2: {4d124ad2-133b-11e4-bfbe-ba6485776e34} - E:\AutoRun.exe
HKU\S-1-5-21-370231555-3394855781-2661931009-1000\...\MountPoints2: {5f6eda86-6d92-11e3-b171-e494c1fd48dc} - E:\AutoRun.exe
HKU\S-1-5-21-370231555-3394855781-2661931009-1000\...\MountPoints2: {5f6eda9d-6d92-11e3-b171-e494c1fd48dc} - E:\AutoRun.exe
HKU\S-1-5-21-370231555-3394855781-2661931009-1000\...\MountPoints2: {5f6edaaa-6d92-11e3-b171-e494c1fd48dc} - E:\AutoRun.exe
HKU\S-1-5-21-370231555-3394855781-2661931009-1000\...\MountPoints2: {6724a203-171a-11e4-8070-eb22fda4c430} - E:\AutoRun.exe
HKU\S-1-5-21-370231555-3394855781-2661931009-1000\...\MountPoints2: {6724a236-171a-11e4-8070-eb22fda4c430} - E:\AutoRun.exe
HKU\S-1-5-21-370231555-3394855781-2661931009-1000\...\MountPoints2: {aac6ef9a-ae8e-11e3-85e4-e8039ab771dc} - E:\AutoRun.exe
HKU\S-1-5-21-370231555-3394855781-2661931009-1000\...\MountPoints2: {aac6efba-ae8e-11e3-85e4-e8039ab771dc} - E:\AutoRun.exe
HKU\S-1-5-21-370231555-3394855781-2661931009-1000\...\Winlogon: [Shell] C:\Windows\expstart.exe [925184 2013-11-27] () <==== ATTENTION
HKU\S-1-5-21-370231555-3394855781-2661931009-1001\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation)
Startup: C:\Users\Jose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Jose\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: AutoCAD Digital Signatures Icon Overlay Handler -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://pt.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC73A37F8A3EACE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{00DE21F1-F272-44F4-AF20-83926AFFF440}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{065FE3B0-5FE0-41C6-8483-5D68F952CB80}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{5BADF103-4ADC-4423-AB2E-BD1BF05A29E1}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{5C41539E-1209-4FAD-9CBB-F2EA418F9FBE}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{9E7A9BB3-7378-435F-8EEF-52EA520328FE}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{BC8E17D3-B0E8-483F-90D1-EC814565811E}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,62.169.67.167 62.169.64.129
Tcpip\..\Interfaces\{DE86B5BC-A044-42E2-AF12-DB10D9C46855}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\Jose\AppData\Roaming\Mozilla\Firefox\Profiles\t2vr696j.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jose\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Jose\AppData\Roaming\Mozilla\Firefox\Profiles\t2vr696j.default\searchplugins\google-tradutor.xml
FF SearchPlugin: C:\Users\Jose\AppData\Roaming\Mozilla\Firefox\Profiles\t2vr696j.default\searchplugins\pesquisa-de-vdeos-do-youtube.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\priberam.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\sapo.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipedia-ptpt.xml
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\Jose\AppData\Roaming\Mozilla\Firefox\Profiles\t2vr696j.default\Extensions\2020Player_IKEA@2020Technologies.com [2014-03-21]
FF Extension: Microsoft.Audio.AudioClient Binder - C:\Users\Jose\AppData\Roaming\Mozilla\Firefox\Profiles\t2vr696j.default\Extensions\{41E54E59-60FF-A99C-BAD7-619B312679AB} [2014-09-15]
FF Extension: MZ8 - C:\Users\Jose\AppData\Roaming\Mozilla\Firefox\Profiles\t2vr696j.default\Extensions\someone@somewhere.xpi [2014-05-05]
FF Extension: Adblock Plus - C:\Users\Jose\AppData\Roaming\Mozilla\Firefox\Profiles\t2vr696j.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-27]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-09-18]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1343408 2014-02-24] (ESET)
S4 EPSON_EB_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE [163840 2007-12-17] (SEIKO EPSON CORPORATION) [File not signed]
S4 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE [126464 2007-01-11] (SEIKO EPSON CORPORATION) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2013-11-26] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2013-11-26] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-05-08] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 SamsungDeviceConfigurationWinService; C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [31624 2012-02-13] () [File not signed]
S2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3000664 2014-08-28] (Samsung Electronics CO., LTD.)
S4 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [24168 2009-07-13] (The Within Network, LLC)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3385584 2013-05-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [157432 2013-09-17] (ESET)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-26] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [47072 2012-10-09] (Windows ® Win 7 DDK provider)
R2 uxpatch; C:\Windows\system32\drivers\uxpatch.sys [30568 2009-07-13] ()
R3 XHCIPort; C:\Windows\System32\DRIVERS\XHCIPort.sys [188896 2012-10-09] (Windows ® Win 7 DDK provider)
S3 SBIOSIO; \??\C:\Users\Jose\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-26 12:07 - 2014-09-26 12:07 - 00017190 _____ () C:\Users\Jose\Desktop\FRST.txt
2014-09-26 01:02 - 2014-09-26 01:02 - 00000987 _____ () C:\Users\Jose\Desktop\Dropbox - Atalho.lnk
2014-09-25 18:55 - 2014-09-25 18:56 - 00041334 _____ () C:\Users\Jose\Downloads\FRST.txt
2014-09-25 18:55 - 2014-09-25 18:56 - 00032103 _____ () C:\Users\Jose\Downloads\Addition.txt
2014-09-25 18:54 - 2014-09-25 18:54 - 00000000 ____D () C:\Users\Jose\Downloads\FRST-OlderVersion
2014-09-25 17:27 - 2014-09-25 19:10 - 00000000 ____D () C:\Users\Jose\Desktop\logs bleeping
2014-09-25 16:32 - 2014-09-25 16:32 - 00688992 ____R (Swearware) C:\Users\Jose\Downloads\dds.com
2014-09-25 13:39 - 2014-09-25 14:08 - 00000000 ____D () C:\Users\Jose\Downloads\Materiais_modelos
2014-09-25 10:23 - 2014-09-26 12:07 - 00000000 ____D () C:\FRST
2014-09-25 10:23 - 2014-09-25 18:54 - 02108928 _____ (Farbar) C:\Users\Jose\Desktop\FRST64.exe
2014-09-25 02:00 - 2014-09-25 02:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-24 00:30 - 2014-09-26 12:03 - 00004210 _____ () C:\Windows\PFRO.log
2014-09-24 00:27 - 2014-09-24 00:27 - 00415232 _____ (Farbar) C:\Users\Jose\Downloads\FSS.exe
2014-09-24 00:26 - 2014-09-24 00:29 - 00000000 ____D () C:\AdwCleaner
2014-09-24 00:26 - 2014-09-24 00:26 - 01373475 _____ () C:\Users\Jose\Downloads\adwcleaner_3.310.exe
2014-09-23 19:27 - 2014-09-26 12:06 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-23 19:27 - 2014-09-23 19:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-23 19:26 - 2014-09-23 19:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-23 19:26 - 2014-09-23 19:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-23 19:26 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-23 19:26 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-23 19:26 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-18 18:13 - 2014-09-18 18:13 - 00349688 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-18 17:57 - 2014-09-18 17:57 - 00091464 _____ () C:\Users\Jose\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-18 14:44 - 2014-09-26 12:04 - 00000840 _____ () C:\Windows\setupact.log
2014-09-18 14:44 - 2014-09-18 14:44 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-18 13:03 - 2014-08-19 19:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-18 13:03 - 2014-08-19 18:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-18 13:03 - 2014-08-19 00:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-18 13:03 - 2014-08-18 23:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-18 13:03 - 2014-08-18 23:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-18 13:03 - 2014-08-18 23:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-18 13:03 - 2014-08-18 23:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-18 13:03 - 2014-08-18 23:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-18 13:03 - 2014-08-18 23:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-18 13:03 - 2014-08-18 23:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-18 13:03 - 2014-08-18 23:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-18 13:03 - 2014-08-18 23:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-18 13:03 - 2014-08-18 23:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-18 13:03 - 2014-08-18 23:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-18 13:03 - 2014-08-18 23:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-18 13:03 - 2014-08-18 23:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-18 13:03 - 2014-08-18 23:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-18 13:03 - 2014-08-18 23:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-18 13:03 - 2014-08-18 23:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-18 13:03 - 2014-08-18 22:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-18 13:03 - 2014-08-18 22:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-18 13:03 - 2014-08-18 22:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-18 13:03 - 2014-08-18 22:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-18 13:03 - 2014-08-18 22:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-18 13:03 - 2014-08-18 22:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-18 13:03 - 2014-08-18 22:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-18 13:03 - 2014-08-18 22:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-18 13:03 - 2014-08-18 22:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-18 13:03 - 2014-08-18 22:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-18 13:03 - 2014-08-18 22:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-18 13:03 - 2014-08-18 22:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-18 13:03 - 2014-08-18 22:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-18 13:03 - 2014-08-18 22:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-18 13:03 - 2014-08-18 22:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-18 13:03 - 2014-08-18 22:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-18 13:03 - 2014-08-18 22:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-18 13:03 - 2014-08-18 22:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-18 13:03 - 2014-08-18 22:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-18 13:03 - 2014-08-18 22:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-18 13:03 - 2014-08-18 22:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-18 13:03 - 2014-08-18 22:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-18 13:03 - 2014-08-18 22:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-18 13:03 - 2014-08-18 22:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-18 13:03 - 2014-08-18 22:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-18 13:03 - 2014-08-18 22:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-18 13:03 - 2014-08-18 22:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-18 13:03 - 2014-08-18 22:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-18 13:03 - 2014-08-18 22:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-18 13:03 - 2014-08-18 22:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-18 13:03 - 2014-08-18 22:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-18 13:03 - 2014-08-18 22:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-18 13:03 - 2014-08-18 21:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-18 13:03 - 2014-08-18 21:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-18 13:03 - 2014-08-18 21:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-18 13:03 - 2014-08-18 21:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-18 13:03 - 2014-08-18 21:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-18 12:52 - 2014-06-30 23:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-09-18 12:52 - 2014-06-30 23:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-09-18 12:52 - 2014-03-09 22:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-09-18 12:52 - 2014-03-09 22:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-09-18 12:52 - 2014-03-09 22:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-09-18 12:52 - 2014-03-09 22:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-09-18 12:51 - 2014-06-06 07:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-09-18 12:51 - 2014-06-06 07:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-09-18 12:50 - 2014-06-16 03:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-09-18 12:49 - 2014-07-16 04:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-18 12:49 - 2014-07-16 03:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-18 12:48 - 2014-07-07 03:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-18 12:48 - 2014-07-07 03:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-18 12:48 - 2014-07-07 02:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-18 12:48 - 2014-07-07 02:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-18 12:48 - 2014-07-07 02:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-18 12:48 - 2014-06-03 11:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-09-18 12:48 - 2014-06-03 11:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-09-18 12:48 - 2014-06-03 11:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-09-18 12:48 - 2014-06-03 11:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-09-18 12:48 - 2014-06-03 10:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-09-18 12:48 - 2014-06-03 10:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-09-18 12:48 - 2014-06-03 10:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-09-18 12:43 - 2014-08-23 03:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-18 12:43 - 2014-08-23 02:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-09-18 12:43 - 2014-08-23 01:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-18 12:42 - 2014-07-14 03:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-09-18 12:42 - 2014-07-14 02:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-09-18 12:26 - 2014-05-14 17:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-18 12:26 - 2014-05-14 17:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-18 12:26 - 2014-05-14 17:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-09-18 12:26 - 2014-05-14 17:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-18 12:26 - 2014-05-14 17:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-09-18 12:26 - 2014-05-14 17:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-09-18 12:26 - 2014-05-14 17:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-09-18 12:26 - 2014-05-14 17:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-18 12:26 - 2014-05-14 17:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-18 12:26 - 2014-05-14 17:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-09-18 12:26 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-18 12:26 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-09-18 12:26 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-09-18 12:26 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-09-18 11:02 - 2014-09-18 11:02 - 00000000 ____D () C:\Users\Jose\AppData\Local\ESET
2014-09-18 10:46 - 2014-09-18 10:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-09-18 10:46 - 2014-09-18 10:46 - 00000000 ____D () C:\ProgramData\ESET
2014-09-18 10:46 - 2014-09-18 10:46 - 00000000 ____D () C:\Program Files\ESET
2014-09-18 10:37 - 2014-09-18 10:37 - 01695680 _____ (ESET) C:\Users\Jose\Downloads\eset_nod32_antivirus_live_installer_.exe
2014-09-18 01:55 - 2014-09-18 01:58 - 00115696 _____ () C:\Windows\system32\Drivers\ESETRovnixCleanerDrv.sys
2014-09-18 01:55 - 2014-09-18 01:55 - 00319176 _____ (ESET) C:\Users\Jose\Downloads\ESETRovnixCleaner.exe
2014-09-18 01:31 - 2014-09-18 01:31 - 00003272 _____ () C:\Users\Jose\Downloads\ESETSimdaCleaner.exe_20140918.013149.6968.log
2014-09-18 00:59 - 2014-09-18 00:59 - 00000000 ____D () C:\boot-sav
2014-09-17 23:00 - 2014-09-17 23:00 - 00210176 _____ (ESET) C:\Users\Jose\Downloads\ESETSimdaCleaner.exe
2014-09-17 14:50 - 2014-09-17 22:15 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2014-09-13 16:21 - 2014-09-13 16:21 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-09-10 16:32 - 2014-09-10 16:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-09-10 16:32 - 2014-09-10 16:32 - 00000000 ____D () C:\Program Files (x86)\Foxit Reader
2014-09-10 13:21 - 2012-02-25 02:25 - 00002172 _____ () C:\Users\Jose\Downloads\inst.ini
2014-09-10 13:21 - 2010-12-17 07:23 - 00508416 _____ (Samsung Electronics Co., Ltd.) C:\Users\Jose\Downloads\Inst.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-26 12:08 - 2014-09-26 12:07 - 00017190 _____ () C:\Users\Jose\Desktop\FRST.txt
2014-09-26 12:07 - 2014-09-25 10:23 - 00000000 ____D () C:\FRST
2014-09-26 12:06 - 2014-09-23 19:27 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-26 12:06 - 2014-05-20 12:38 - 00000000 ___RD () C:\Users\Jose\Dropbox
2014-09-26 12:06 - 2014-05-20 12:36 - 00000000 ____D () C:\Users\Jose\AppData\Roaming\Dropbox
2014-09-26 12:05 - 2013-11-26 19:36 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-09-26 12:04 - 2014-09-18 14:44 - 00000840 _____ () C:\Windows\setupact.log
2014-09-26 12:04 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-26 12:03 - 2014-09-24 00:30 - 00004210 _____ () C:\Windows\PFRO.log
2014-09-26 12:03 - 2013-11-26 12:00 - 01459536 _____ () C:\Windows\WindowsUpdate.log
2014-09-26 12:02 - 2013-11-26 19:36 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-09-26 10:55 - 2014-05-19 17:05 - 00000000 ____D () C:\Users\Jose\AppData\Roaming\uTorrent
2014-09-26 01:02 - 2014-09-26 01:02 - 00000987 _____ () C:\Users\Jose\Desktop\Dropbox - Atalho.lnk
2014-09-25 19:10 - 2014-09-25 17:27 - 00000000 ____D () C:\Users\Jose\Desktop\logs bleeping
2014-09-25 18:56 - 2014-09-25 18:55 - 00041334 _____ () C:\Users\Jose\Downloads\FRST.txt
2014-09-25 18:56 - 2014-09-25 18:55 - 00032103 _____ () C:\Users\Jose\Downloads\Addition.txt
2014-09-25 18:54 - 2014-09-25 18:54 - 00000000 ____D () C:\Users\Jose\Downloads\FRST-OlderVersion
2014-09-25 18:54 - 2014-09-25 10:23 - 02108928 _____ (Farbar) C:\Users\Jose\Desktop\FRST64.exe
2014-09-25 16:32 - 2014-09-25 16:32 - 00688992 ____R (Swearware) C:\Users\Jose\Downloads\dds.com
2014-09-25 16:18 - 2009-07-14 05:45 - 00017152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-25 16:18 - 2009-07-14 05:45 - 00017152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-25 16:15 - 2011-03-21 21:27 - 00721146 _____ () C:\Windows\system32\prfh0816.dat
2014-09-25 16:15 - 2011-03-21 21:27 - 00153098 _____ () C:\Windows\system32\prfc0816.dat
2014-09-25 16:15 - 2009-07-14 06:13 - 01656214 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-25 16:10 - 2014-03-17 14:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-25 14:08 - 2014-09-25 13:39 - 00000000 ____D () C:\Users\Jose\Downloads\Materiais_modelos
2014-09-25 02:01 - 2014-09-25 02:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-24 10:21 - 2013-11-26 19:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-09-24 00:29 - 2014-09-24 00:26 - 00000000 ____D () C:\AdwCleaner
2014-09-24 00:27 - 2014-09-24 00:27 - 00415232 _____ (Farbar) C:\Users\Jose\Downloads\FSS.exe
2014-09-24 00:26 - 2014-09-24 00:26 - 01373475 _____ () C:\Users\Jose\Downloads\adwcleaner_3.310.exe
2014-09-23 23:50 - 2014-06-11 23:41 - 00000000 ____D () C:\Windows\pss
2014-09-23 19:27 - 2014-09-23 19:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-23 19:26 - 2014-09-23 19:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-23 19:26 - 2014-09-23 19:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-23 19:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-09-22 07:42 - 2010-11-21 04:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-18 18:13 - 2014-09-18 18:13 - 00349688 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-18 17:57 - 2014-09-18 17:57 - 00091464 _____ () C:\Users\Jose\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-18 14:44 - 2014-09-18 14:44 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-18 14:27 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-09-18 12:59 - 2013-11-27 19:01 - 01622074 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-18 11:07 - 2014-05-20 12:37 - 00000000 ____D () C:\Users\Jose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-18 11:02 - 2014-09-18 11:02 - 00000000 ____D () C:\Users\Jose\AppData\Local\ESET
2014-09-18 10:46 - 2014-09-18 10:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-09-18 10:46 - 2014-09-18 10:46 - 00000000 ____D () C:\ProgramData\ESET
2014-09-18 10:46 - 2014-09-18 10:46 - 00000000 ____D () C:\Program Files\ESET
2014-09-18 10:37 - 2014-09-18 10:37 - 01695680 _____ (ESET) C:\Users\Jose\Downloads\eset_nod32_antivirus_live_installer_.exe
2014-09-18 01:58 - 2014-09-18 01:55 - 00115696 _____ () C:\Windows\system32\Drivers\ESETRovnixCleanerDrv.sys
2014-09-18 01:55 - 2014-09-18 01:55 - 00319176 _____ (ESET) C:\Users\Jose\Downloads\ESETRovnixCleaner.exe
2014-09-18 01:31 - 2014-09-18 01:31 - 00003272 _____ () C:\Users\Jose\Downloads\ESETSimdaCleaner.exe_20140918.013149.6968.log
2014-09-18 00:59 - 2014-09-18 00:59 - 00000000 ____D () C:\boot-sav
2014-09-17 23:00 - 2014-09-17 23:00 - 00210176 _____ (ESET) C:\Users\Jose\Downloads\ESETSimdaCleaner.exe
2014-09-17 22:15 - 2014-09-17 14:50 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2014-09-17 19:17 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-15 16:38 - 2014-08-01 14:58 - 00000000 ____D () C:\Windows\Minidump
2014-09-15 16:37 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-09-13 16:21 - 2014-09-13 16:21 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-09-10 16:32 - 2014-09-10 16:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-09-10 16:32 - 2014-09-10 16:32 - 00000000 ____D () C:\Program Files (x86)\Foxit Reader
2014-09-09 13:06 - 2014-06-04 18:33 - 00000779 _____ () C:\Users\Jose\Documents\plot.log
2014-08-29 13:01 - 2014-03-17 14:01 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Jose\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpawdtyr.dll
C:\Users\Jose\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpquoqvd.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-23 19:05

==================== End Of Log ============================



#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:03 PM

Posted 26 September 2014 - 08:07 AM

Yes the log looks better now. Is the computer running fine now or are there still any problems left?
Let's do a check up:


Download Emsisoft Emergency Kit and save it to your desktop. Double click on EmsisoftEmergencyKit.exe to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click Accept & Extract. A folder named EEK will be created in the root of the drive (usually c:\). .
  • After extraction an Emsisoft Emergency Kit window will open. Under "Run Directly:" click Emergency Kit Scanner.
  • When asked to run an online update, click Yes.
  • When the update is finished, click the Back to Security Status link in the left corner. On the main screen click the Scan Now button.
  • Select the Full Scan option and click the SCAN button.
  • When the scan is finished click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
  • Click the View Report button and in the Reports window double-click on the most recent log. Note, logs are named as follows: a2scan_<date>-<time>.txt.
  • Copy/paste the report contents in your next reply.


#7 miesze

miesze
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 26 September 2014 - 10:34 AM

The computer is running fine for now, at least I stopped getting warnings about trojans and the computer trying to connect to some weird sites.

I have to admit though, I still haven't rebooted since the automatic reboot from the fixlist with FRST (which didn't give me any warning or errors), I'm afraid I'll interrupt the cleaning process...

 

BUT... Emsisoft Emergency Kit found what seems to be a not so harmfull threat.

(the install and scan process wasn't exactly as you described, I believe the software may have received some recent UI changes)

 

Here is the report:

 

 

Emsisoft Anti-Malware Free - Versão 9.0
Última atualização 26-09-2014 15:21:25
User account: Jose-W\Jose

Configuração do exame:

Tipo de exame: Exame Profundo
arquivos: Rootkits, Memória, Rastros, C:\

Detect PUPs: Ligado
Análise de arquivos: Ligado
Análise de ADS: Ligado
Extensão de arquivo: Desligado
Caching avançado: Ligado
Acesso direto ao disco: Desligado

Início do exame:    26-09-2014 15:23:10
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SDP     detectados: Application.Win32.InstallAd (A)

Analisados:    200325
Achado    1

Fim do exame:    26-09-2014 16:22:58
Duração do exame:    0:59:48

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SDP    Em quarentena Application.Win32.InstallAd (A)

Em quarentena    1

 

 

EDIT: I just realised some parts of these reports are in portuguese, do you need me to translate something? Sorry for that.


Edited by miesze, 26 September 2014 - 10:37 AM.


#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:03 PM

Posted 26 September 2014 - 03:14 PM

Emsisoft Emergency Kit found what seems to be a not so harmfull threat.

Yes, completely irrelevant.

That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:
  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.


Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:

Adobe Flash Player 13 ActiveX
Adobe Flash Player 13 Plugin
Java 7 Update 55
Java™ 7 (64-bit)




Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

#9 miesze

miesze
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 26 September 2014 - 08:02 PM

Thank you so much!

That fixlist you cooked there was something completely out of my league. I guess I've been away from Windows for too long.

I really appreciate your effort, I'll donate the possible amount at this moment, more of a symbolic gesture I'm afraid. I'm don't know the price of a beer in your country, you could buy 3 here in Portugal (just hop on a plane). Thanks again. Cheers!



#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:03 PM

Posted 27 September 2014 - 08:05 AM

Thank you very much for the beer!
Take care.

#11 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:03 PM

Posted 27 September 2014 - 08:05 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users