Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE is gone from my PC


  • This topic is locked This topic is locked
5 replies to this topic

#1 JorgeO.555

JorgeO.555

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 10 December 2014 - 11:23 AM

I mostly use Firefox. Tried to use IE but it's gone.

 

In C:\program files x86\internet explorer\  there´s no iexplorer.exe

 

Virus?

 

Thanks for your help!

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer:   BrowserJavaVersion: 10.55.2
Run by Eu at 13:57:55 on 2014-12-10
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.55.1033.18.3932.2247 [GMT -2:00]
.
AV: AVG Internet Security 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\igfxtray.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
C:\Program Files (x86)\3M\PSNotes\psn.exe
C:\Program Files (x86)\Popcorn Time\Updater.exe
C:\Program Files (x86)\Diebold\Warsaw\core.exe
C:\PROGRA~2\3M\PSNotes\PSNGive.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files (x86)\Diebold\Warsaw\core.exe
C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:Blank
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://acer.msn.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe,
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRAM FILES (X86)\GbPlugin\gbiehuni.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
mRun: [Diebold - Warsaw] C:\Program Files (x86)\Diebold\Warsaw\core.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Post-it® Software Notes.lnk - C:\Program Files (x86)\3M\PSNotes\psn.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: &Enviar para o OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll/105
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xportar para o Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: itau.com.br
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0D628D0A-6063-4624-861B-6611507147AC} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
Notify:  GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll
SSODL: WebCheck - <orphaned>
SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\PROGRAM FILES (X86)\GbPlugin\gbiehuni.dll
SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 0.0.0.0 sams.nikonimaging.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Eu\AppData\Roaming\Mozilla\Firefox\Profiles\7trv788x.default-1395576475284\
FF - plugin: C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\Microsoft Office\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\LastPass\nplastpass.dll
FF - plugin: C:\Program Files (x86)\LastPass\nplastpass64.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
FF - plugin: C:\Users\Eu\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll
FF - plugin: C:\Users\Eu\AppData\Local\GAS Tecnologia\GBBD\npsf_uni_64.dll
FF - plugin: C:\Users\Eu\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Users\Eu\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Eu\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2014-6-17 190744]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2014-6-17 328984]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2014-10-29 123672]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2014-6-17 31512]
R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2012-12-8 155272]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-4-5 16152]
R0 tib_mounter;Acronis TIB Mounter;C:\Windows\System32\drivers\tib_mounter.sys [2012-12-8 1093256]
R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2012-12-8 228488]
R0 vidsflt;Acronis Disk Storage Filter;C:\Windows\System32\drivers\vidsflt.sys [2012-12-8 166024]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-6-30 152344]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2012-9-4 57144]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-7-21 244504]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-10-24 237848]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-10-20 269080]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [2014-11-7 1417160]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-11-7 3247120]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-11-7 289328]
R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2012-11-24 21992]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2012-4-16 355920]
R2 ePowerSvc;ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2012-8-25 871296]
R2 GbpSv;Gbp Service;C:\PROGRA~2\GbPlugin\GbpSv.exe [2014-9-28 546104]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-4-5 13592]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-8-25 161560]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2012-4-5 255376]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2013-3-1 794272]
R2 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2012-8-18 7017888]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-8-25 363800]
R2 Update service;Update service;C:\Program Files (x86)\Popcorn Time\Updater.exe [2014-11-22 179200]
R2 Warsaw Technology;Warsaw Technology;C:\Program Files (x86)\Diebold\Warsaw\core.exe [2014-9-21 518968]
R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe [2012-8-25 72864]
R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\Windows\System32\drivers\b57xdbd.sys [2011-11-4 68648]
R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\Windows\System32\drivers\b57xdmp.sys [2011-11-4 19496]
R3 bScsiMSa;bScsiMSa;C:\Windows\System32\drivers\bScsiMSa.sys [2011-9-2 51752]
R3 bScsiSDa;bScsiSDa;C:\Windows\System32\drivers\bScsiSDa.sys [2012-5-3 81928]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2014-3-21 169752]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2014-3-21 342528]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-4-5 356120]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-4-5 788760]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2012-1-19 435240]
R3 SmbDrv;SmbDrv;C:\Windows\System32\drivers\Smb_driver.sys [2012-4-5 22800]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2012-12-8 367200]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-9-12 110336]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2014-7-6 17480]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2014-7-6 9800]
S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2013-6-11 37344]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-11 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-7-9 19456]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2014-6-20 31800]
S3 rpwkmdrv;Rapoo Wireless Device Driver v1.4.1;C:\Windows\System32\drivers\rpwkmdrv.sys [2014-7-1 22656]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-9-12 206080]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-7-9 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-7-9 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-7-3 1255736]
S4 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2012-7-11 172344]
S4 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-12-8 3696632]
S4 DirMngr;DirMngr;C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [2013-5-28 218112]
S4 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2012-12-17 166400]
S4 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2012-12-17 128512]
.
=============== Created Last 30 ================
.
2014-12-01 21:12:41    98960    --sha-r-    C:\Windows\SysWow64\avfilter-lav-4.dll
2014-12-01 21:12:41    59536    --sha-r-    C:\Windows\SysWow64\avresample-lav-1.dll
2014-12-01 21:12:41    550032    --sha-r-    C:\Windows\SysWow64\avformat-lav-55.dll
2014-12-01 21:12:41    181392    --sha-r-    C:\Windows\SysWow64\avutil-lav-52.dll
2014-12-01 21:12:41    166544    --sha-r-    C:\Windows\SysWow64\IntelQuickSyncDecoder.dll
2014-12-01 21:12:41    118416    --sha-r-    C:\Windows\SysWow64\swscale-lav-2.dll
2014-12-01 21:12:41    109712    --sha-r-    C:\Windows\SysWow64\libbluray.dll
2014-12-01 21:12:40    313520    --sha-r-    C:\Windows\SysWow64\HLvideo.dll
2014-12-01 21:12:40    3109520    --sha-r-    C:\Windows\SysWow64\avcodec-lav-55.dll
2014-12-01 21:12:40    203408    --sha-r-    C:\Windows\SysWow64\HLsplit.dll
2014-12-01 21:12:40    122512    --sha-r-    C:\Windows\SysWow64\HLaudio.dll
2014-11-30 01:13:42    415744    --sh--w-    C:\Windows\SysWow64\avisynth.dll
2014-11-22 13:42:13    --------    d-----w-    C:\Program Files (x86)\Popcorn Time
2014-11-19 10:58:46    --------    d-----w-    C:\Users\Eu\AppData\Local\Avg
2014-11-19 10:30:07    728064    ----a-w-    C:\Windows\System32\kerberos.dll
2014-11-19 10:30:07    550912    ----a-w-    C:\Windows\SysWow64\kerberos.dll
2014-11-19 10:30:07    241152    ----a-w-    C:\Windows\System32\pku2u.dll
2014-11-19 10:30:07    186880    ----a-w-    C:\Windows\SysWow64\pku2u.dll
2014-11-12 10:44:59    342016    ----a-w-    C:\Windows\System32\schannel.dll
2014-11-11 00:34:03    570128    ----a-w-    C:\Windows\SysWow64\DAO350.DLL
2014-11-11 00:34:03    33792    ----a-w-    C:\Windows\SysWow64\CMDLGDE.DLL
2014-11-11 00:34:02    64512    ----a-w-    C:\Windows\SysWow64\MSCC2DE.DLL
2014-11-11 00:34:02    158208    ----a-w-    C:\Windows\SysWow64\MSCMCDE.DLL
2014-11-11 00:34:01    415504    ----a-w-    C:\Windows\SysWow64\msrepl35.dll
2014-11-11 00:34:00    89360    ----a-w-    C:\Windows\SysWow64\VB5DB.DLL
2014-11-11 00:34:00    722192    ----a-w-    C:\Windows\SysWow64\VB40032.DLL
2014-11-11 00:34:00    22528    ----a-w-    C:\Windows\SysWow64\TABCTDE.DLL
2014-11-11 00:34:00    224016    ----a-w-    C:\Windows\SysWow64\TABCTL32.OCX
2014-11-11 00:34:00    125712    ----a-w-    C:\Windows\SysWow64\vb6de.dll
2014-11-11 00:34:00    101888    ----a-w-    C:\Windows\SysWow64\VB6STKIT.DLL
2014-11-11 00:33:21    --------    d-----w-    C:\Windows\uninstall
.
==================== Find3M  ====================
.
2014-12-10 14:14:11    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-10 14:14:11    701104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-12-09 23:21:08    1409    ----a-w-    C:\Windows\SysWow64\Postin__.FOT
2014-11-06 17:30:17    106496    ----a-w-    C:\Windows\SysWow64\ATL71.DLL
2014-10-29 23:03:36    123672    ----a-w-    C:\Windows\System32\drivers\avgmfx64.sys
2014-10-25 02:10:06    33792    ----a-w-    C:\Windows\System32\wgx.dll
2014-10-25 01:57:59    77824    ----a-w-    C:\Windows\System32\packager.dll
2014-10-25 01:32:37    67584    ----a-w-    C:\Windows\SysWow64\packager.dll
2014-10-24 12:20:06    237848    ----a-w-    C:\Windows\System32\drivers\avgldx64.sys
2014-10-20 17:15:50    269080    ----a-w-    C:\Windows\System32\drivers\avgtdia.sys
2014-10-18 02:05:23    861696    ----a-w-    C:\Windows\System32\oleaut32.dll
2014-10-18 01:33:18    571904    ----a-w-    C:\Windows\SysWow64\oleaut32.dll
2014-10-14 02:16:37    155064    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06    683520    ----a-w-    C:\Windows\System32\termsrv.dll
2014-10-14 02:12:57    1460736    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-10-14 02:09:31    146432    ----a-w-    C:\Windows\System32\msaudite.dll
2014-10-14 02:07:31    681984    ----a-w-    C:\Windows\System32\adtschema.dll
2014-10-14 01:50:47    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2014-10-14 01:49:38    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2014-10-14 01:47:30    146432    ----a-w-    C:\Windows\SysWow64\msaudite.dll
2014-10-14 01:46:02    681984    ----a-w-    C:\Windows\SysWow64\adtschema.dll
2014-10-11 14:19:06    58368    ----a-w-    C:\Windows\System32\hibernate4win.exe
2014-10-11 14:19:00    334848    ----a-w-    C:\Windows\System32\lua5.1a.dll
2014-10-11 14:18:26    58368    ----a-w-    C:\Windows\System32\udefrag.dll
2014-10-11 14:18:18    350720    ----a-w-    C:\Windows\System32\zenwinx.dll
2014-10-10 00:57:42    3198976    ----a-w-    C:\Windows\System32\win32k.sys
2014-10-03 02:12:00    500224    ----a-w-    C:\Windows\System32\AUDIOKSE.dll
2014-10-03 02:11:54    284672    ----a-w-    C:\Windows\System32\EncDump.dll
2014-10-03 02:11:51    680960    ----a-w-    C:\Windows\System32\audiosrv.dll
2014-10-03 02:11:51    440832    ----a-w-    C:\Windows\System32\AudioEng.dll
2014-10-03 02:11:51    296448    ----a-w-    C:\Windows\System32\AudioSes.dll
2014-10-03 01:44:42    442880    ----a-w-    C:\Windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26    374784    ----a-w-    C:\Windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26    195584    ----a-w-    C:\Windows\SysWow64\AudioSes.dll
2014-09-29 22:30:42    717985    ----a-w-    C:\Users\Eu\AppData\Roaming\unins000.exe
2014-09-29 21:42:59    31088    ----a-w-    C:\Windows\SysWow64\drivers\gbpndisrd.sys
2014-09-28 19:12:22    813217    ----a-w-    C:\Users\Eu\AppData\Roaming\unins001.exe
2014-09-19 09:42:52    210944    ----a-w-    C:\Windows\System32\wdigest.dll
2014-09-19 09:42:51    86528    ----a-w-    C:\Windows\System32\TSpkg.dll
2014-09-19 09:42:47    314880    ----a-w-    C:\Windows\System32\msv1_0.dll
2014-09-19 09:42:47    309760    ----a-w-    C:\Windows\System32\ncrypt.dll
2014-09-19 09:42:41    22016    ----a-w-    C:\Windows\System32\credssp.dll
2014-09-19 09:23:55    172032    ----a-w-    C:\Windows\SysWow64\wdigest.dll
2014-09-19 09:23:52    65536    ----a-w-    C:\Windows\SysWow64\TSpkg.dll
2014-09-19 09:23:49    248832    ----a-w-    C:\Windows\SysWow64\schannel.dll
2014-09-19 09:23:46    221184    ----a-w-    C:\Windows\SysWow64\ncrypt.dll
2014-09-19 09:23:45    259584    ----a-w-    C:\Windows\SysWow64\msv1_0.dll
2014-09-19 09:23:36    17408    ----a-w-    C:\Windows\SysWow64\credssp.dll
2013-11-17 14:05:46    12788736    ----a-w-    C:\Program Files (x86)\Common Files\lpuninstall.exe
2012-12-10 17:23:52    79293952    ----a-w-    C:\Program Files (x86)\Samsung Kies.msi
2014-03-07 12:03:58    3109520    --sha-r-    C:\Windows\SysWOW64\avcodec-lav-55.dll
2014-03-07 12:03:58    98960    --sha-r-    C:\Windows\SysWOW64\avfilter-lav-4.dll
2014-03-07 12:03:58    550032    --sha-r-    C:\Windows\SysWOW64\avformat-lav-55.dll
2009-09-27 11:39:26    415744    --sh--w-    C:\Windows\SysWOW64\avisynth.dll
2014-03-07 12:03:58    59536    --sha-r-    C:\Windows\SysWOW64\avresample-lav-1.dll
2005-07-14 15:31:20    32256    --sha-w-    C:\Windows\SysWOW64\AVSredirect.dll
2014-03-07 12:03:58    181392    --sha-r-    C:\Windows\SysWOW64\avutil-lav-52.dll
2004-02-22 12:11:08    764416    --sh--w-    C:\Windows\SysWOW64\devil.dll
2014-03-07 12:03:58    122512    --sha-r-    C:\Windows\SysWOW64\HLaudio.dll
2014-03-07 12:03:58    203408    --sha-r-    C:\Windows\SysWOW64\HLsplit.dll
2014-03-07 12:03:58    313520    --sha-r-    C:\Windows\SysWOW64\HLvideo.dll
2004-01-25 03:00:00    70656    --sha-w-    C:\Windows\SysWOW64\i420vfw.dll
2014-03-07 12:03:58    166544    --sha-r-    C:\Windows\SysWOW64\IntelQuickSyncDecoder.dll
2014-03-07 12:03:58    109712    --sha-r-    C:\Windows\SysWOW64\libbluray.dll
2011-02-11 11:26:20    112128    --sha-r-    C:\Windows\SysWOW64\OptimFROG.dll
2014-03-07 12:03:58    118416    --sha-r-    C:\Windows\SysWOW64\swscale-lav-2.dll
2010-01-07 01:00:00    107520    --sha-r-    C:\Windows\SysWOW64\TAKDSDecoder.dll
2012-10-05 20:54:00    188416    --sha-r-    C:\Windows\SysWOW64\winDCE32.dll
2004-01-25 03:00:00    70656    --sha-w-    C:\Windows\SysWOW64\yv12vfw.dll
.
============= FINISH: 13:58:17.48 ===============
 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:14 AM

Posted 15 December 2014 - 09:40 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
 

In C:\program files x86\internet explorer\ there´s no iexplorer.exe


The filename for IE is iexplore.exe.

There is no R after iexplore...

===


Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.
===

#3 JorgeO.555

JorgeO.555
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 17 December 2014 - 01:42 PM

Merci, nasdaq

 

The IE spelling was a typo.

 

Here´s the data:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 16/12/2014
Scan Time: 21:05:00
Logfile: MBAM.txt
Administrator: No

Version: 2.00.4.1028
Malware Database: v2014.12.16.05
Rootkit Database: v2014.12.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Eu

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 348053
Time Elapsed: 15 min, 20 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

# AdwCleaner v4.105 - Report created 17/12/2014 at 16:03:43
# Updated 08/12/2014 by Xplode
# Database : 2014-12-16.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Eu - EU-PC
# Running from : C:\Users\Eu\Desktop\adwcleaner_4.105.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

[x] Not Deleted : C:\Users\Eu\AppData\Roaming\registry mechanic

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\AVG Secure Search

***** [ Browsers ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v34.0.5 (x86 en-US)


*************************

AdwCleaner[R0].txt - [2416 octets] - [04/07/2014 19:35:11]
AdwCleaner[R1].txt - [2167 octets] - [16/12/2014 21:25:16]
AdwCleaner[R2].txt - [2227 octets] - [17/12/2014 16:00:27]
AdwCleaner[R3].txt - [2287 octets] - [17/12/2014 16:02:04]
AdwCleaner[S0].txt - [2355 octets] - [04/07/2014 19:37:01]
AdwCleaner[S1].txt - [2227 octets] - [17/12/2014 16:03:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2287 octets] ##########

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 01
Ran by Eu (administrator) on EU-PC on 16-12-2014 21:39:52
Running from C:\Users\Eu\Desktop
Loaded Profile: Eu (Available profiles: Eu)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Company) C:\Program Files (x86)\Popcorn Time\Updater.exe
(GAS Tecnologia LTDA) C:\Program Files (x86)\Diebold\Warsaw\core.exe
(Atheros) C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(3M) C:\Program Files (x86)\3M\PSNotes\psn.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Nikon Corporation) C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
(GAS Tecnologia LTDA) C:\Program Files (x86)\Diebold\Warsaw\core.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(3M) C:\Program Files (x86)\3M\PSNotes\PSNGive.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12343400 2011-12-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2868496 2012-02-14] (Synaptics Incorporated)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1829768 2012-02-07] (Acer Incorporated)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-11-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Nikon Transfer Monitor] => C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe [479232 2009-09-15] (Nikon Corporation)
HKLM-x32\...\Run: [Diebold - Warsaw] => C:\Program Files (x86)\Diebold\Warsaw\core.exe [518968 2014-07-12] (GAS Tecnologia LTDA)
HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %localappdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION
HKLM Group Policy restriction on software: %localappdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION
HKLM Group Policy restriction on software: %localappdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION
HKLM Group Policy restriction on software: %localappdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ GbPluginBb-x32: C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
Winlogon\Notify\ GbPluginUni-x32: C:\Program Files (x86)\GbPlugin\gbiehUni.dll (Banco Itaú Unibanco)
HKU\S-1-5-21-262562547-3967574758-1019554599-1000\...\Policies\Explorer: [NoInstrumentation] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Post-it® Software Notes.lnk
ShortcutTarget: Post-it® Software Notes.lnk -> C:\Program Files (x86)\3M\PSNotes\psn.exe (3M)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-262562547-3967574758-1019554599-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
HKU\S-1-5-21-262562547-3967574758-1019554599-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:Blank
HKU\S-1-5-21-262562547-3967574758-1019554599-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-262562547-3967574758-1019554599-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-262562547-3967574758-1019554599-1000 -> DefaultScope {6A1806CD-94D4-4689 URL =
SearchScopes: HKU\S-1-5-21-262562547-3967574758-1019554599-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-262562547-3967574758-1019554599-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehuni.dll (Banco Itaú Unibanco)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\PROGRAM FILES (X86)\GbPlugin\gbiehuni.dll [1586744 2014-05-05] (Banco Itaú Unibanco)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll [1754664 2014-07-31] (Banco do Brasil)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Eu\AppData\Roaming\Mozilla\Firefox\Profiles\7trv788x.default-1395576475284
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-262562547-3967574758-1019554599-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-262562547-3967574758-1019554599-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Eu\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-262562547-3967574758-1019554599-1000: @talk.google.com/O1DPlugin -> C:\Users\Eu\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-262562547-3967574758-1019554599-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Eu\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-262562547-3967574758-1019554599-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Eu\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-262562547-3967574758-1019554599-1000: gastecnologia.com.br/sf/uni -> C:\Users\Eu\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll (GAS Tecnologia)
FF Plugin ProgramFiles/Appdata: C:\Users\Eu\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Eu\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Blur (Formerly DoNotTrackMe) - C:\Users\Eu\AppData\Roaming\Mozilla\Firefox\Profiles\7trv788x.default-1395576475284\Extensions\donottrackplus@abine.com [2014-11-21]
FF Extension: LastPass - C:\Users\Eu\AppData\Roaming\Mozilla\Firefox\Profiles\7trv788x.default-1395576475284\Extensions\support@lastpass.com [2014-03-23]
FF Extension: DownloadHelper - C:\Users\Eu\AppData\Roaming\Mozilla\Firefox\Profiles\7trv788x.default-1395576475284\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-05]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Eu\AppData\Roaming\Mozilla\Firefox\Profiles\7trv788x.default-1395576475284\Extensions\adblockpopups@jessehakanen.net.xpi [2014-03-23]
FF Extension: Xirvik .torrent to seedbox uploader - C:\Users\Eu\AppData\Roaming\Mozilla\Firefox\Profiles\7trv788x.default-1395576475284\Extensions\torrent_uploader@xirvik.com.xpi [2014-09-17]
FF Extension: Adblock Plus - C:\Users\Eu\AppData\Roaming\Mozilla\Firefox\Profiles\7trv788x.default-1395576475284\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-23]
FF Extension: Greasemonkey - C:\Users\Eu\AppData\Roaming\Mozilla\Firefox\Profiles\7trv788x.default-1395576475284\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-03-23]
FF HKU\S-1-5-21-262562547-3967574758-1019554599-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E8873}] - C:\Users\Eu\AppData\Local\GAS Tecnologia\GBBD\uni\xpi
FF Extension: Guardião - Itaú 30 horas - C:\Users\Eu\AppData\Local\GAS Tecnologia\GBBD\uni\xpi [2014-09-29]
FF Extension: Free Download Manager plugin - C:\ProgramData\Free Download Manager\Firefox\Extensions\1.6.0.8 [2014-10-09]
FF Extension: No Name - {87F8774F-B485-47E2-A755-A40A8A5E8873} [Not Found]
FF Extension: No Name - fdm_ffext@freedownloadmanager.org [Not Found]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-09-27] (SUPERAntiSpyware.com)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1417160 2014-11-07] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3247120 2014-11-07] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-11-07] (AVG Technologies CZ, s.r.o.)
S4 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-05-28] () [File not signed]
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [546104 2014-07-21] (GAS Tecnologia)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [111616 2014-05-30] (Microsoft Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-08] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [794272 2012-08-21] (PC Tools)
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [179200 2014-10-05] (Company) [File not signed]
R2 Warsaw Technology; C:\Program Files (x86)\Diebold\Warsaw\core.exe [518968 2014-07-12] (GAS Tecnologia LTDA)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe [72864 2012-01-18] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [237848 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-10-20] (AVG Technologies CZ, s.r.o.)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2012-12-21] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14920 2012-12-21] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2012-12-21] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2012-12-21] () [File not signed]
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-05-22] () [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-16] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 rpwkmdrv; C:\Windows\System32\drivers\rpwkmdrv.sys [22656 2014-04-28] () [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [22800 2012-02-14] (Synaptics Incorporated)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [1093256 2012-12-08] (Acronis)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [166024 2012-12-08] (Acronis)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-16 21:39 - 2014-12-16 21:40 - 00029858 _____ () C:\Users\Eu\Desktop\FRST.txt
2014-12-16 21:39 - 2014-12-16 21:39 - 02119168 _____ (Farbar) C:\Users\Eu\Desktop\FRST64.exe
2014-12-16 21:39 - 2014-12-16 21:39 - 00000000 ____D () C:\FRST
2014-12-16 21:24 - 2014-12-16 21:24 - 02166272 _____ () C:\Users\Eu\Desktop\adwcleaner_4.105.exe
2014-12-16 21:22 - 2014-12-16 21:22 - 00001051 _____ () C:\Users\Eu\Desktop\MBAM.txt
2014-12-16 21:04 - 2014-12-16 21:04 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-16 21:04 - 2014-12-16 21:04 - 00001122 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-16 21:04 - 2014-12-16 21:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-16 21:04 - 2014-12-16 21:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-16 21:04 - 2014-12-16 21:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-16 21:04 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-16 21:04 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-16 21:04 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-10 20:46 - 2014-12-16 08:50 - 00010944 _____ () C:\Windows\setupact.log
2014-12-10 20:46 - 2014-12-10 20:46 - 00005960 _____ () C:\Windows\PFRO.log
2014-12-10 20:46 - 2014-12-10 20:46 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-10 20:35 - 2014-12-10 20:36 - 00000000 ____D () C:\Program Files\UltraDefrag
2014-12-10 20:35 - 2014-12-10 20:35 - 00000868 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraDefrag.lnk
2014-12-10 13:58 - 2014-12-10 13:58 - 00024230 _____ () C:\Users\Eu\Desktop\dds.txt
2014-12-10 13:58 - 2014-12-10 13:58 - 00013035 _____ () C:\Users\Eu\Desktop\attach.txt
2014-12-10 10:10 - 2014-11-11 01:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 10:10 - 2014-11-11 00:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-09 21:11 - 2014-12-09 21:11 - 00280256 _____ () C:\Windows\Minidump\120914-23758-01.dmp
2014-12-09 11:32 - 2014-12-09 11:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-08 13:34 - 2014-12-09 21:11 - 00000000 ____D () C:\Windows\Minidump
2014-12-08 13:34 - 2014-12-08 13:34 - 00280256 _____ () C:\Windows\Minidump\120814-26223-01.dmp
2014-12-08 13:33 - 2014-12-09 21:11 - 505799216 _____ () C:\Windows\MEMORY.DMP
2014-12-01 19:12 - 2014-03-07 10:03 - 03109520 __RSH (FFmpeg Project) C:\Windows\SysWOW64\avcodec-lav-55.dll
2014-12-01 19:12 - 2014-03-07 10:03 - 00550032 __RSH (FFmpeg Project) C:\Windows\SysWOW64\avformat-lav-55.dll
2014-12-01 19:12 - 2014-03-07 10:03 - 00313520 __RSH (1f0.de - Hendrik Leppkes) C:\Windows\SysWOW64\HLvideo.dll
2014-12-01 19:12 - 2014-03-07 10:03 - 00203408 __RSH (1f0.de - Hendrik Leppkes) C:\Windows\SysWOW64\HLsplit.dll
2014-12-01 19:12 - 2014-03-07 10:03 - 00181392 __RSH (FFmpeg Project) C:\Windows\SysWOW64\avutil-lav-52.dll
2014-12-01 19:12 - 2014-03-07 10:03 - 00166544 __RSH (Intel Corp.) C:\Windows\SysWOW64\IntelQuickSyncDecoder.dll
2014-12-01 19:12 - 2014-03-07 10:03 - 00122512 __RSH (1f0.de - Hendrik Leppkes) C:\Windows\SysWOW64\HLaudio.dll
2014-12-01 19:12 - 2014-03-07 10:03 - 00118416 __RSH (FFmpeg Project) C:\Windows\SysWOW64\swscale-lav-2.dll
2014-12-01 19:12 - 2014-03-07 10:03 - 00109712 __RSH () C:\Windows\SysWOW64\libbluray.dll
2014-12-01 19:12 - 2014-03-07 10:03 - 00098960 __RSH (FFmpeg Project) C:\Windows\SysWOW64\avfilter-lav-4.dll
2014-12-01 19:12 - 2014-03-07 10:03 - 00059536 __RSH (FFmpeg Project) C:\Windows\SysWOW64\avresample-lav-1.dll
2014-12-01 19:12 - 2014-01-31 15:20 - 00000493 __RSH () C:\Windows\SysWOW64\LAVFilters.Dependencies.manifest
2014-11-29 23:13 - 2009-09-27 09:39 - 00415744 ___SH (The Public) C:\Windows\SysWOW64\avisynth.dll
2014-11-29 23:03 - 2014-11-29 23:03 - 00000000 ____D () C:\Users\Eu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
2014-11-22 11:42 - 2014-11-22 11:42 - 00001139 _____ () C:\Users\Public\Desktop\Popcorn Time.lnk
2014-11-22 11:42 - 2014-11-22 11:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time
2014-11-22 11:42 - 2014-11-22 11:42 - 00000000 ____D () C:\Program Files (x86)\Popcorn Time
2014-11-19 08:30 - 2014-11-11 01:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 08:30 - 2014-11-11 01:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 08:30 - 2014-11-11 00:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 08:30 - 2014-11-11 00:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-19 04:31 - 2014-11-19 04:31 - 01217192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FM20.DLL

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-16 21:32 - 2014-01-13 18:37 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-16 21:26 - 2014-07-04 19:35 - 00000000 ____D () C:\AdwCleaner
2014-12-16 21:14 - 2013-12-13 09:33 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-16 21:01 - 2012-11-23 16:08 - 00000000 ____D () C:\ProgramData\MFAData
2014-12-16 20:21 - 2012-11-28 22:48 - 00000000 ____D () C:\Users\Eu\AppData\Roaming\vlc
2014-12-16 18:48 - 2014-07-06 12:06 - 01737632 _____ () C:\Windows\WindowsUpdate.log
2014-12-16 09:32 - 2014-01-13 18:37 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-16 08:59 - 2009-07-14 02:45 - 00035200 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-16 08:59 - 2009-07-14 02:45 - 00035200 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-16 08:51 - 2014-11-03 09:16 - 00001409 _____ () C:\Windows\SysWOW64\Postin__.FOT
2014-12-16 08:51 - 2014-09-30 09:41 - 00000000 ____D () C:\ProgramData\TEMP
2014-12-16 08:51 - 2014-09-19 13:00 - 00000296 _____ () C:\Windows\Tasks\RMAutoUpdate.job
2014-12-16 08:50 - 2009-07-14 03:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-15 22:27 - 2014-07-09 12:44 - 00000000 ____D () C:\Users\Eu\AppData\Roaming\Free Download Manager
2014-12-15 21:11 - 2009-07-14 03:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-15 18:42 - 2013-11-13 14:32 - 00000000 ____D () C:\ProgramData\GAS Tecnologia
2014-12-14 20:47 - 2013-05-14 00:55 - 00000000 ____D () C:\Users\Eu\AppData\Roaming\PFrank
2014-12-12 21:06 - 2014-01-16 00:02 - 00004557 _____ () C:\Users\Eu\AppData\Roaming\LTspiceIV.ini
2014-12-12 19:14 - 2013-03-03 17:32 - 00000000 ____D () C:\Users\Eu\AppData\Roaming\foobar2000
2014-12-12 18:55 - 2013-09-03 00:14 - 00000000 ____D () C:\Users\Eu\AppData\Roaming\ViberPC
2014-12-12 16:33 - 2013-05-25 23:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
2014-12-10 20:49 - 2013-12-13 09:33 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-10 20:49 - 2012-04-05 10:01 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-10 20:49 - 2012-04-05 10:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-10 20:44 - 2013-01-13 12:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 20:43 - 2013-08-15 00:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 20:38 - 2014-07-06 13:29 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-09 21:35 - 2012-08-25 12:06 - 00000000 ____D () C:\Windows\softwaredistribution.bak
2014-12-09 21:35 - 2009-07-14 01:20 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-12-09 21:11 - 2012-11-24 21:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-05 11:56 - 2012-11-24 23:15 - 00000000 ____D () C:\Users\Eu\AppData\Roaming\Skype
2014-12-02 21:58 - 2009-07-14 01:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-01 19:12 - 2014-02-17 01:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER © - by eRightSoft
2014-12-01 19:12 - 2014-02-17 01:00 - 00000000 ____D () C:\Program Files (x86)\eRightSoft
2014-11-29 23:03 - 2013-05-25 23:33 - 00000000 ____D () C:\Program Files (x86)\AviSynth 2.5
2014-11-29 23:02 - 2013-09-05 22:02 - 00000000 ____D () C:\Program Files (x86)\MKV2AC3
2014-11-29 22:45 - 2014-04-09 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MKVToolNix
2014-11-29 22:45 - 2014-04-09 21:00 - 00000000 ____D () C:\Program Files\MKVToolNix
2014-11-27 11:37 - 2014-06-23 21:52 - 00001933 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk
2014-11-26 19:18 - 2014-07-24 18:45 - 00000000 ____D () C:\Users\Eu\AppData\Roaming\avidemux
2014-11-19 18:43 - 2014-11-06 18:58 - 03960832 _____ () C:\Users\Eu\s-1-5-21-262562547-3967574758-1019554599-1000.rrr
2014-11-19 18:43 - 2014-11-06 18:58 - 00163840 _____ () C:\Windows\system32\config\default.rrr
2014-11-19 18:43 - 2014-11-06 18:55 - 70721536 _____ () C:\Windows\system32\config\software.rrr
2014-11-19 18:43 - 2014-07-06 11:28 - 00000000 ____D () C:\Users\Eu
2014-11-19 08:59 - 2014-06-17 10:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-11-17 16:51 - 2012-11-26 18:44 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-15 09:53

==================== End Of Log ============================

 

 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:14 AM

Posted 17 December 2014 - 02:08 PM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

(Company) C:\Program Files (x86)\Popcorn Time\Updater.exe
HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %localappdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION
HKLM Group Policy restriction on software: %localappdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION
HKLM Group Policy restriction on software: %localappdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION
HKLM Group Policy restriction on software: %localappdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-262562547-3967574758-1019554599-1000 -> DefaultScope {6A1806CD-94D4-4689 URL =
SearchScopes: HKU\S-1-5-21-262562547-3967574758-1019554599-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: No Name - {87F8774F-B485-47E2-A755-A40A8A5E8873} [Not Found]
FF Extension: No Name - fdm_ffext@freedownloadmanager.org [Not Found]
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [179200 2014-10-05] (Company) [File not signed]
Task: {3D2D0117-7476-4E2D-B8C1-10B751B84D6C} - \DriverToolkit Autorun No Task File <==== ATTENTION
AlternateDataStreams: C:\Windows\System32:BF34AA0F_Bb.gbp
AlternateDataStreams: C:\Windows\System32:BF34AA0F_Uni.gbp
AlternateDataStreams: C:\ProgramData\TEMP:3AC4C770
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
C:\Program Files (x86)\Popcorn Time
End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:14 AM

Posted 23 December 2014 - 10:19 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:14 AM

Posted 29 December 2014 - 09:57 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users