Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

adultcameras.info related problem - possible virus affecting multiple browsers


  • This topic is locked This topic is locked
139 replies to this topic

#1 iParadase

iParadase

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 29 January 2015 - 12:09 PM

Hey  :wink:

 

I apologize for having no logs, but it seems that i have the same problem described in this posts, so... 

http://www.bleepingcomputer.com/forums/t/564970/adultcamerasinfo-virus-on-chrome-and-internet-explorerpls-help-me/ and here, http://www.bleepingcomputer.com/forums/t/563436/trojandnschanger-malwarebytes-detects-it-even-after-os-reinstallation/ (although i haven't tried reinstalling my OS).

 

How should i procede?

(I also have 3 phones and 1 tablet connected to the affected network, should i reset them? In addition one of my home computers is an iMac how should i proceed in this case, should i just do a clean reinstallation of the OS?)

Thank you in advance,

iP  :thumbup2:

 



BC AdBot (Login to Remove)

 


#2 iParadase

iParadase
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 31 January 2015 - 04:39 PM

Can anyone help me, please? :/



#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:55 PM

Posted 01 February 2015 - 09:47 AM

Greetings iParadase and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. We need to see where we are at before we know what to do.

While I review our situation please run the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#4 iParadase

iParadase
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 01 February 2015 - 11:00 AM

Hi Gary, thanks for your assistance. You may call me Diogo :) (english is not my mother language, so any misspelling i apolagize)

I'm just now starting to run the scan, but as soon as i pressed Scan, my AV software, G Data Internet Security, popped a warning.
Warning:
Editor: Unknown

Initiated by: cmd.exe
It also said that C:\FRST\Hives\Users\00000001\NTUSER.DAT allong with c:\windows\erunt.exe would be quarantined.

I should press ignore, correct?

 

 

P.S.: MBAM is always popping the same warning, just with a different port: fiYFswq.jpg?1

 



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:55 PM

Posted 01 February 2015 - 03:20 PM

Hi Diogo, nice to meet you.

 

Yes, ignore the G Data warning. We will be dealing with the IP Address warning soon.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#6 iParadase

iParadase
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 01 February 2015 - 04:11 PM

Nice to meet you too :)

 

Here are the logs:

 

-FRST log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Diogo Paraíso (administrator) on DIOGOPARAISO on 01-02-2015 16:42:47
Running from C:\Users\Diogo Paraíso\Desktop
Loaded Profiles: Diogo Paraíso (Available profiles: Diogo Paraíso)
Platform: Windows 8.1 (X64) OS Language: Português (Portugal)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe
(MSI) C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Mentor Graphics Corporation) C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe
(Mentor Graphics Corporation) C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\dispatcher.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GdBgInx64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(MSI) C:\Program Files (x86)\SCM\Radio Manager.exe
(MSI) C:\Program Files (x86)\SCM\SCM.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\Dragon Gaming Center\Dragon Gaming Center.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(MSI) C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\msinfo32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\wermgr.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-21] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-04-09] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3273480 2014-04-09] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Radio Manager] => C:\Program Files (x86)\SCM\Radio Manager.exe [406920 2014-01-02] (MSI)
HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [407720 2014-01-02] (MSI)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM-x32\...\Run: [Sound Blaster Cinema 2] => C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe [1440768 2014-01-28] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [SUPER CHARGER] => C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe [1047536 2014-02-21] (MSI)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1284680 2014-03-25] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)
HKLM-x32\...\Run: [Andy] => C:\Program Files\Andy\HandyAndy.exe [896904 2014-10-22] ()
HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1724728 2013-12-19] (G Data Software AG)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe,c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe,
HKU\S-1-5-21-2158951120-1777611874-3846038393-1001\...\Run: [SteelSeries Engine] => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [252928 2014-02-06] (SteelSeries ApS)
HKU\S-1-5-21-2158951120-1777611874-3846038393-1001\...\Run: [GoogleChromeAutoLaunch_90C76974B77BB264F6FDA3F0391DF3C1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-01-25] (Google Inc.)
HKU\S-1-5-21-2158951120-1777611874-3846038393-1001\...\MountPoints2: {a1640841-74ee-11e4-827e-448a5b6fdc10} - "E:\mybatchfile.bat" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{FF3BFE8F-D4B5-428A-9E62-464DCA7EBCFF}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks 2014 Fast Start.lnk
ShortcutTarget: SolidWorks 2014 Fast Start.lnk -> C:\Windows\Installer\{4FFA60C4-9A8B-4C9E-8265-2241B266304C}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software LLC)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2158951120-1777611874-3846038393-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
HKU\S-1-5-21-2158951120-1777611874-3846038393-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://msi13.msn.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 91.212.124.159 8.8.8.8

FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

Chrome: 
=======
CHR Profile: C:\Users\Diogo Paraíso\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Apresentações Google) - C:\Users\Diogo Paraíso\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-28]
CHR Extension: (wareztuga.tv streamer) - C:\Users\Diogo Paraíso\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajnommifabkikkfaponcacapkfaghkcj [2014-09-29]
CHR Extension: (Google Docs) - C:\Users\Diogo Paraíso\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-28]
CHR Extension: (Google Drive) - C:\Users\Diogo Paraíso\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-28]
CHR Extension: (YouTube) - C:\Users\Diogo Paraíso\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-28]
CHR Extension: (Pesquisa do Google) - C:\Users\Diogo Paraíso\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-28]
CHR Extension: (Google Folhas de Cálculo) - C:\Users\Diogo Paraíso\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-28]
CHR Extension: (AdBlock) - C:\Users\Diogo Paraíso\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-09-28]
CHR Extension: (ProxMate) - C:\Users\Diogo Paraíso\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifalmiidchkjjmkkbkoaibpmoeichmki [2014-10-23]
CHR Extension: (Google Wallet) - C:\Users\Diogo Paraíso\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-28]
CHR Extension: (Gmail) - C:\Users\Diogo Paraíso\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2244728 2014-02-12] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [2723400 2014-03-25] (G Data Software AG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101680 2014-04-09] (ELAN Microelectronics Corp.)
R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2992760 2014-01-30] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [700024 2014-02-03] (G Data Software AG)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140936 2013-05-14] ()
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-09] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2014-01-02] (Micro-Star International Co., Ltd.) [File not signed]
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe [162800 2014-02-21] (MSI)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-08] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [344576 2013-12-09] (Qualcomm Atheros) [File not signed]
R2 RemoteSolverDispatcher; C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe [235656 2014-01-11] (Mentor Graphics Corporation) [File not signed]
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2014-09-29] (SolidWorks) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2014-01-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [80592 2013-11-08] (Qualcomm Atheros, Inc.)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131328 2014-10-08] (Microsoft Corporation)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-11-07] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1411384 2013-11-07] (Motorola Solutions, Inc.)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [57344 2014-11-03] (G Data Software AG)
R3 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [22016 2014-11-03] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [135168 2014-11-03] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [71168 2014-11-03] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [67584 2014-11-03] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2014-11-03] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [65024 2014-11-03] (G Data Software AG)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [160464 2014-04-09] (Intel Corporation)
R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [163536 2013-03-20] (Qualcomm Atheros, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-01] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3610592 2014-01-28] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\SUPER CHARGER\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [466648 2014-04-09] (Realsil Semiconductor Corporation)
S3 SAlphamBth; C:\Windows\System32\drivers\SAlphabt64.sys [31232 2012-10-16] (SteelSeries Corporation)
S3 SAlphamHid; C:\Windows\System32\drivers\SAlpham64.sys [38016 2013-05-31] (SteelSeries Corporation)
R3 SAlphaPS2; C:\Windows\System32\drivers\SAlphaPS264.sys [26496 2013-12-12] (SteelSeries Corporation)
S3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
R3 WINIO; C:\Program Files (x86)\MSI\Dragon Gaming Center\winio64.sys [15160 2010-06-07] ()
R3 WUDFWpdComp; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
S3 XSplit_Dummy; C:\Windows\system32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-01 16:42 - 2015-02-01 16:42 - 00022083 _____ () C:\Users\Diogo Paraíso\Desktop\FRST.txt
2015-02-01 16:16 - 2015-02-01 16:16 - 00183279 _____ () C:\Users\Diogo Paraíso\Desktop\Summary.zip
2015-02-01 16:12 - 2015-02-01 16:12 - 04638452 _____ () C:\Users\Diogo Paraíso\Desktop\Summary.nfo
2015-02-01 15:47 - 2015-02-01 16:42 - 00000000 ____D () C:\FRST
2015-02-01 15:45 - 2015-02-01 15:45 - 02131456 _____ (Farbar) C:\Users\Diogo Paraíso\Desktop\FRST64.exe
2015-01-30 19:37 - 2015-01-30 19:37 - 00001918 _____ () C:\Users\Diogo Paraíso\Desktop\log.xml
2015-01-29 12:38 - 2015-02-01 15:45 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-29 12:38 - 2015-01-29 12:38 - 00001128 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-29 12:38 - 2015-01-29 12:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-29 12:38 - 2015-01-29 12:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-29 12:38 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-29 12:38 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-29 12:38 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-29 12:36 - 2015-01-29 12:37 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Diogo Paraíso\Desktop\mbam-setup-2.0.4.1028.exe
2015-01-24 20:32 - 2015-01-24 20:20 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-23 11:28 - 2015-01-10 08:07 - 32102544 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-01-23 11:28 - 2015-01-10 08:07 - 25459856 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-01-23 11:28 - 2015-01-10 08:07 - 24765584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-01-23 11:28 - 2015-01-10 08:07 - 20465296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-01-23 11:28 - 2015-01-10 08:07 - 17250776 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-01-23 11:28 - 2015-01-10 08:07 - 16009120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-01-23 11:28 - 2015-01-10 08:07 - 13295552 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-01-23 11:28 - 2015-01-10 08:07 - 13210248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-01-23 11:28 - 2015-01-10 08:07 - 10774544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-01-23 11:28 - 2015-01-10 08:07 - 10714488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-01-23 11:28 - 2015-01-10 08:07 - 10274448 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-01-23 11:28 - 2015-01-10 08:07 - 03607184 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-01-23 11:28 - 2015-01-10 08:07 - 03245712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-01-23 11:28 - 2015-01-10 08:07 - 02902456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-01-23 11:28 - 2015-01-10 08:07 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434725.dll
2015-01-23 11:28 - 2015-01-10 08:07 - 01556808 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434725.dll
2015-01-23 11:28 - 2015-01-10 08:07 - 00969360 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-01-23 11:28 - 2015-01-10 08:07 - 00942736 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-01-23 11:28 - 2015-01-10 08:07 - 00929424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-01-23 11:28 - 2015-01-10 08:07 - 00906384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-01-23 11:28 - 2015-01-10 08:07 - 00496456 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-01-23 11:28 - 2015-01-10 08:07 - 00399688 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-01-23 11:28 - 2015-01-10 08:07 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-01-23 11:28 - 2015-01-10 08:07 - 00345744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-01-23 11:28 - 2015-01-10 08:07 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-01-17 14:13 - 2014-04-15 23:35 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2015-01-17 14:13 - 2014-04-15 23:34 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2015-01-16 10:21 - 2015-01-16 10:21 - 00000000 ____D () C:\Users\Diogo Paraíso\AppData\Roaming\FiraxisLive
2015-01-16 10:21 - 2015-01-16 10:21 - 00000000 ____D () C:\Users\Diogo Paraíso\AppData\Local\My Games
2015-01-14 09:52 - 2014-12-19 06:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 09:52 - 2014-12-12 02:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 09:52 - 2014-12-12 00:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-01-14 09:52 - 2014-12-09 01:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 09:51 - 2014-12-08 19:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-14 09:51 - 2014-12-08 19:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-01-14 09:51 - 2014-12-08 19:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-14 09:51 - 2014-12-08 19:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-14 09:51 - 2014-12-08 19:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-14 09:51 - 2014-12-08 19:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-14 09:51 - 2014-12-08 19:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-14 09:51 - 2014-12-08 19:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-14 09:51 - 2014-12-06 03:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 09:51 - 2014-12-06 01:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 09:51 - 2014-12-06 01:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-01-06 10:20 - 2015-01-06 18:10 - 00000000 ____D () C:\Users\Diogo Paraíso\Desktop\estudo cp
2015-01-02 16:00 - 2015-01-02 16:14 - 00000000 ____D () C:\Users\Diogo Paraíso\Desktop\81287 - Diogo Paraíso

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-01 16:42 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-02-01 16:02 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-01 15:56 - 2014-09-27 10:53 - 01869982 _____ () C:\Windows\WindowsUpdate.log
2015-02-01 15:53 - 2014-09-28 16:38 - 00001042 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-01 15:51 - 2014-09-27 11:03 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2158951120-1777611874-3846038393-1001
2015-02-01 15:36 - 2014-09-29 21:26 - 00000000 ___DO () C:\Users\Diogo Paraíso\SkyDrive
2015-02-01 15:36 - 2014-09-28 16:38 - 00001038 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-30 19:46 - 2013-11-12 23:39 - 00789794 _____ () C:\Windows\system32\prfh0816.dat
2015-01-30 19:46 - 2013-11-12 23:39 - 00164364 _____ () C:\Windows\system32\prfc0816.dat
2015-01-30 19:46 - 2013-11-12 20:54 - 01819778 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-30 19:39 - 2013-11-12 20:44 - 00384394 _____ () C:\Windows\PFRO.log
2015-01-30 19:39 - 2013-08-22 14:46 - 00038548 _____ () C:\Windows\setupact.log
2015-01-30 19:39 - 2013-08-22 14:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-30 19:39 - 2013-08-22 13:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-01-28 17:17 - 2013-08-22 15:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-01-28 16:52 - 2014-10-11 11:09 - 00000000 ____D () C:\Users\Diogo Paraíso\AppData\Roaming\TS3Client
2015-01-24 23:13 - 2014-09-29 18:34 - 00000000 ____D () C:\Users\Diogo Paraíso\AppData\Local\CrashDumps
2015-01-24 20:20 - 2013-08-22 15:38 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-23 11:29 - 2014-04-11 02:18 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-22 13:58 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-01-21 15:29 - 2014-09-27 10:58 - 00000000 ____D () C:\Users\Diogo Paraíso\AppData\Local\Packages
2015-01-17 22:58 - 2014-09-27 10:58 - 00000000 ____D () C:\Users\Diogo Paraíso
2015-01-16 06:41 - 2014-10-02 09:08 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-01-16 06:41 - 2014-10-02 09:08 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-01-16 06:41 - 2014-04-11 02:18 - 01514528 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-01-16 06:41 - 2014-04-11 02:18 - 01278920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-01-14 13:38 - 2014-09-29 08:41 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 13:08 - 2014-09-29 08:41 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-11 13:31 - 2014-11-08 22:43 - 26942554 _____ () C:\Users\Diogo Paraíso\Andy.log
2015-01-11 13:25 - 2014-11-01 13:21 - 00000000 ____D () C:\Users\Diogo Paraíso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Andy
2015-01-11 13:24 - 2014-11-01 13:21 - 00000000 ____D () C:\Users\Diogo Paraíso\.VirtualBox
2015-01-10 08:07 - 2014-12-24 15:58 - 18566296 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-01-10 08:07 - 2014-12-24 15:58 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-01-10 08:07 - 2014-11-18 19:14 - 14115944 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-01-10 08:07 - 2014-04-11 02:17 - 03298816 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-01-10 08:07 - 2014-04-11 02:17 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-01-09 23:30 - 2014-04-11 02:18 - 06860432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-01-09 23:30 - 2014-04-11 02:18 - 03517256 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-01-09 23:29 - 2014-04-11 02:18 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-01-09 23:29 - 2014-04-11 02:18 - 01097872 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2015-01-09 23:29 - 2014-04-11 02:18 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-01-09 23:29 - 2014-04-11 02:18 - 00385352 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-01-09 23:29 - 2014-04-11 02:18 - 00075080 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2015-01-09 23:29 - 2014-04-11 02:18 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-01-09 19:47 - 2014-04-11 02:18 - 04173527 _____ () C:\Windows\system32\nvcoproc.bin
2015-01-02 15:31 - 2014-09-29 18:46 - 00000000 ____D () C:\Users\Diogo Paraíso\AppData\Local\TempSWBackupDirectory
2015-01-02 12:28 - 2014-09-29 18:38 - 00000000 ____D () C:\Users\Diogo Paraíso\AppData\Local\SolidWorks

==================== Files in the root of some directories =======

2014-09-28 13:31 - 2014-09-28 13:31 - 0000000 _____ () C:\Users\Diogo Paraíso\AppData\Roaming\gdfw.log
2014-09-28 13:31 - 2014-11-03 20:31 - 0001558 _____ () C:\Users\Diogo Paraíso\AppData\Roaming\gdscan.log
2014-09-27 16:14 - 2014-12-11 22:15 - 0007632 _____ () C:\Users\Diogo Paraíso\AppData\Local\Resmon.ResmonCfg

Some content of TEMP:
====================
C:\Users\Diogo Paraíso\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Diogo Paraíso\AppData\Local\Temp\SetupO365HomePremRetail.x86.pt-PT_O365HomePremRetail_6W7PV-N2F6D-9GW9J-GMQYJ-Q67JR_act_1_.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-20 15:47

==================== End Of Log ============================

- Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by Diogo Paraíso at 2015-02-01 16:43:07
Running from C:\Users\Diogo Paraíso\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: G Data InternetSecurity (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: G Data InternetSecurity (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G Data Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

„Windows Live Essentials“ (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Actualizações da NVIDIA 17.12.8 (Version: 17.12.8 - NVIDIA Corporation) Hidden
Andy OS (HKLM-x32\...\ANDY OS) (Version: 0.41 - Andy OS, Inc)
Anomaly Warzone Earth (HKLM-x32\...\Steam App 91200) (Version:  - 11 bit studios)
Battery Calibration (HKLM-x32\...\{619FA785-489B-4D22-911F-82D6EDF5BDB0}) (Version: 1.0.1402.2101 - Micro-Star International Co., Ltd.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Boot Configure (HKLM\...\{5DEFD958-7239-4FA0-8B4E-3B532D7A14BF}) (Version: 10.014.02075 - Application)
BurnRecovery (HKLM-x32\...\{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}) (Version: 4.0.1309.301 - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.1.0 - Canon Inc.)
Canon MG3500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3500_series) (Version: 1.01 - Canon Inc.)
Canon MG3500 series On-screen Manual (HKLM-x32\...\Canon MG3500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.4.1 - Canon Inc.)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Day of Defeat (HKLM-x32\...\Steam App 30) (Version:  - Valve)
Defy Gravity (HKLM-x32\...\Steam App 96100) (Version:  - Fish Factory Games)
DLC Quest (HKLM-x32\...\Steam App 230050) (Version:  - Going Loud Studios)
Dragon Gaming Center (HKLM-x32\...\InstallShield_{965B16C7-0778-4C45-B7D1-83A59E6FBBCB}) (Version: 1.0.1403.0501 - Micro-Star International Co., Ltd.)
Dragon Gaming Center (x32 Version: 1.0.1403.0501 - Micro-Star International Co., Ltd.) Hidden
ETDWare PS/2-X64 11.13.7.5_WHQL (HKLM\...\Elantech) (Version: 11.13.7.5 - ELAN Microelectronic Corp.)
Euro Truck Simulator (HKLM-x32\...\Steam App 232010) (Version:  - SCS Software)
Fotoattēlu galerija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogaléria (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalerii (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Foto-galerija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalleri (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalleriet (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotoğraf Galerisi (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version:  - Subset Games)
G Data InternetSecurity (HKLM-x32\...\{85203592-3610-4FB9-AA11-15B2255B5A12}) (Version: 25.0.1.2 - G Data Software AG)
Galeria de Fotografias (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria de Fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria fotografii (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerija fotografija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 17.0.1405.3) (HKLM\...\{302600C1-6BDF-4FD1-1312-148929CC1385}) (Version: 17.0.1312.0414 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{86b86e21-7c9b-4baa-b284-69ce4a918661}) (Version: 16.10.0 - Intel Corporation)
KB9X Radio Switch Driver (HKLM\...\5AADE1068CF70DD983F763B20CF2CAAB72883915) (Version: 1.1.0.0 - ENE TECHNOLOGY INC.)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
MAGIX MX Suite (HKLM-x32\...\MAGIX_{43136332-880B-458A-966C-900C18752B66}) (Version: 1.13.0.121 - MAGIX AG)
MAGIX MX Suite (Version: 1.13.0.121 - MAGIX AG) Hidden
Malwarebytes Anti-Malware versão 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office 365 - pt-pt (HKLM\...\O365HomePremRetail - pt-pt) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2158951120-1777611874-3846038393-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSI Social Media Collection (HKLM-x32\...\{7ADEC426-BE95-48EF-84D4-086BD0F4D331}) (Version: 1.14.2251 - Micro-Star International Co., Ltd.)
NVIDIA Controlador gráfico 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.25 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA O software do sistema PhysX 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 4.3.18 (HKLM\...\{74B7E6F9-DCAC-4ADB-B2D0-EEFDD1B5AC25}) (Version: 4.3.18 - Oracle Corporation)
Painel de controlo da NVIDIA 347.25 (Version: 347.25 - NVIDIA Corporation) Hidden
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version:  - OVERKILL Software)
Podstawowe programy Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.1.38.1037 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (Version: 1.1.38.1037 - Qualcomm Atheros) Hidden
Qualcomm Atheros Network Manager (Version: 1.1.38.1037 - Qualcomm Atheros) Hidden
Qualcomm Atheros Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.38.1037 - Qualcomm Atheros)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21249 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7179 - Realtek Semiconductor Corp.)
Registro do usuário Canon MG3500 series (HKLM-x32\...\Registro do usuário Canon MG3500 series) (Version:  - ‭Canon Inc.)
Sanctum 2 (HKLM-x32\...\Steam App 210770) (Version:  - Coffee Stain Studios)
SCM (HKLM\...\{6692DCAF-A445-4C6B-AF31-3DD85FC06FBA}) (Version: 13.014.01026 - Application)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Sid Meier's Civilization: Beyond Earth (HKLM-x32\...\Steam App 65980) (Version:  - Firaxis Games)
Sizing Options (HKLM-x32\...\InstallShield_{DFAB6DE8-E45F-4D5D-95C0-E54C58993F9F}) (Version: 1.0.1401.1001 - Application)
Sizing Options (x32 Version: 1.0.1401.1001 - Application) Hidden
SolidWorks 2014 x64 Edition SP02 (HKLM-x32\...\SolidWorks Installation Manager 20140-40200-1100-100) (Version: 22.2.0.40 - SolidWorks Corporation)
SolidWorks 2014 x64 Edition SP02 (Version: 22.120.40 - SolidWorks) Hidden
SolidWorks Composer Player 2014 SP02 x64 Edition (Version: 22.20.40 - Dassault Systemes SolidWorks) Hidden
SolidWorks eDrawings 2014 x64 Edition SP02 (Version: 14.2.116 - Dassault Systèmes SolidWorks Corp) Hidden
SolidWorks Flow Simulation 2014 SP02 x64 Edition  (Version: 22.20.41 - SolidWorks Corporation) Hidden
SolidWorks Plastics 2014 SP02 x64 Edition (Version: 22.20.40 - SolidWorks Corporation) Hidden
Sound Blaster Cinema 2 (HKLM-x32\...\{B4F6F8CC-2C61-42CC-A4CC-76621F25BDC7}) (Version: 1.00.05 - Creative Technology Limited)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine (HKLM\...\SteelSeries Engine) (Version: 2.8.427.1242 - SteelSeries)
SUPER CHARGER (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.024 - MSI)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKU\S-1-5-21-2158951120-1777611874-3846038393-1001\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Train Simulator 2015 (HKLM-x32\...\Steam App 24010) (Version:  - RailSimulator.com)
Valokuvavalikoima (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
Συλλογή φωτογραφιών (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Основи Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Фотоальбом (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Фотогалерия (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Фотографии (общедоступная версия) (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Фотоколекція (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
גלריית התמונות (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2158951120-1777611874-3846038393-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2158951120-1777611874-3846038393-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Diogo Paraíso\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2158951120-1777611874-3846038393-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Diogo Paraíso\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2158951120-1777611874-3846038393-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Diogo Paraíso\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2158951120-1777611874-3846038393-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Diogo Paraíso\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

28-01-2015 13:23:37 Ponto de Verificação Agendado

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 13:25 - 2013-08-22 13:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2A35C8FC-E770-4B67-93A9-F250A7BA6CA9} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.9.0.14\SymErr.exe
Task: {2C5B84C9-2980-4A63-89DF-AA7AC8A6AB23} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.0.0.100\SymErr.exe
Task: {2FFBC893-0341-497E-A607-587D9A39163D} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.9.0.14\SymErr.exe
Task: {534C775C-57CB-4BC4-9146-1EA706D0E155} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {553E5773-B0CE-4AE0-BBBA-B04BAAA914AD} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.0.0.100\WSCStub.exe
Task: {84B7FF25-312F-4F2F-8998-EFA7C54B1566} - System32\Tasks\MSI_Dragon Gaming Center => C:\Program Files (x86)\MSI\Dragon Gaming Center\mDispatch.exe [2014-01-23] (TODO: <公司名稱>)
Task: {8B13720C-4958-4E77-B73B-A1F314EDBBB5} - System32\Tasks\{13AD7FE8-D59A-45B2-8BA8-C7294C09CA51} => pcalua.exe -a D:\Programas\lol.launcher.exe -d D:\Programas
Task: {8B4495EF-D97C-4D26-A863-50E94A4FEAFA} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.0.0.100\SymErr.exe
Task: {9D058D81-44AF-45F7-A870-0FA36A081566} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-28] (Google Inc.)
Task: {AB40A733-0BEF-4F20-94B9-EA024C5BCA1F} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {B99145C9-6EA2-47CD-83D1-489905D33B86} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-01-14] (Microsoft Corporation)
Task: {BD2C49DF-CF94-45E2-89A9-D0A84027713A} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {C7DD2C3A-EBF3-465C-9682-CCE4E1CA391F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-12] (Microsoft Corporation)
Task: {DCE2398D-DF62-47EA-AA16-9C092E3377A8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-28] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-09-28 14:17 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-10-21 19:50 - 2013-05-14 17:50 - 00140936 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2013-12-19 02:42 - 2013-12-19 02:42 - 00350840 ____N () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll
2014-04-11 02:18 - 2015-01-09 23:29 - 00117392 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-04-11 02:31 - 2014-01-27 17:51 - 00089600 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL
2014-04-11 02:31 - 2014-01-27 17:49 - 00364032 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2014-02-06 22:41 - 2014-02-06 22:41 - 00801792 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SSEngineLib.dll
2014-02-06 22:41 - 2014-02-06 22:41 - 00175104 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DBUtils.dll
2014-09-27 10:58 - 2014-09-27 10:58 - 00089915 _____ () C:\Users\Diogo Paraíso\AppData\Local\Temp\c27469af-935f-41c3-b166-34b0034ae492\CliSecureRT64.dll
2014-02-06 22:41 - 2014-02-06 22:41 - 00289792 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DriverCommunication.dll
2014-02-06 22:41 - 2014-02-06 22:41 - 00140288 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\ISSPlugin.dll
2014-02-06 22:41 - 2014-02-06 22:41 - 00148480 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\Localization.dll
2014-02-06 22:41 - 2014-02-06 22:41 - 00145408 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\Utilities.dll
2013-01-10 05:46 - 2013-01-10 05:46 - 00047616 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesDrivers\x2api.dll
2014-02-06 22:41 - 2014-02-06 22:41 - 09674240 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SSEngineWinGui.dll
2013-01-10 05:46 - 2013-01-10 05:46 - 01102336 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\System.Data.SQLite.dll
2014-02-06 22:41 - 2014-02-06 22:41 - 00209408 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\CustomWPFColorPicker.dll
2014-02-06 22:41 - 2014-02-06 22:41 - 00349696 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\MousePlugin.dll
2014-02-06 22:41 - 2014-02-06 22:41 - 00171008 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\D3MousePlugin.dll
2014-02-06 22:41 - 2014-02-06 22:41 - 00173056 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\KKMousePlugin.dll
2014-02-06 22:41 - 2014-02-06 22:41 - 00171008 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SRawPlugin.dll
2014-02-06 22:41 - 2014-02-06 22:41 - 00307200 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\MLGSenseiPlugin.dll
2014-02-06 22:41 - 2014-02-06 22:41 - 00154624 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoWGoldPlugin.dll
2014-02-06 22:41 - 2014-02-06 22:41 - 00170496 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\GW2MousePlugin.dll
2014-02-06 22:41 - 2014-02-06 22:41 - 00169472 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\CSGOMousePlugin.dll
2014-02-06 22:41 - 2014-02-06 22:41 - 00169984 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DOTA2MousePlugin.dll
2014-02-06 22:41 - 2014-02-06 22:41 - 00157184 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoWWirelessPlugin.dll
2014-02-06 22:41 - 2014-02-06 22:41 - 00170496 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\CODMousePlugin.dll
2014-02-06 22:41 - 2014-02-06 22:41 - 00169984 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoTMousePlugin.dll
2014-01-22 17:44 - 2014-01-22 17:44 - 00075912 _____ () C:\Program Files (x86)\MSI\Dragon Gaming Center\WinIo64.dll
2013-05-23 16:15 - 2013-05-23 16:15 - 00025600 _____ () C:\Program Files (x86)\MSI\Dragon Gaming Center\CoreAudioApi.dll
2013-12-09 22:12 - 2013-12-09 22:12 - 00300544 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
2014-01-11 19:06 - 2014-01-11 19:06 - 00276008 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\sldBodyDiffu.dll
2014-04-11 02:15 - 2013-12-09 22:26 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Diogo Paraíso\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "IJNetworkScannerSelectorEX"
HKLM\...\StartupApproved\Run32: => "CanonQuickMenu"
HKLM\...\StartupApproved\Run32: => "Andy"

========================= Accounts: ==========================

Administrador (S-1-5-21-2158951120-1777611874-3846038393-500 - Administrator - Disabled)
Convidado (S-1-5-21-2158951120-1777611874-3846038393-501 - Limited - Disabled)
Diogo Paraíso (S-1-5-21-2158951120-1777611874-3846038393-1001 - Administrator - Enabled) => C:\Users\Diogo Paraíso

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/01/2015 04:41:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: O programa chrome.exe versão 40.0.2214.93 deixou de interagir com o Windows e foi fechado. Para verificar se existem mais informações disponíveis sobre o problema, consulte o histórico de problemas no painel de controlo do Centro de Ação.

ID do Processo: 1490

Hora de Início: 01d03e34d3c75446

Hora de Cessação: 29553

Caminho da Aplicação: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

ID do Relatório: 27f7238e-aa31-11e4-828c-448a5b6fdc10

Nome completo do pacote com falha: 

ID da aplicação relativa ao pacote com falha:

Error: (01/29/2015 10:17:14 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: O volume WinRE tools não foi otimizado, porque foi encontrado um erro: O parâmetro está incorreto. (0x80070057)

Error: (01/26/2015 04:29:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7797

Error: (01/26/2015 04:29:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7797

Error: (01/26/2015 04:29:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/26/2015 04:29:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6641

Error: (01/26/2015 04:29:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6641

Error: (01/26/2015 04:29:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/26/2015 04:29:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5578

Error: (01/26/2015 04:29:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5578


System errors:
=============
Error: (01/29/2015 00:44:20 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: Um alerta fatal foi gerado e enviado para o ponto final remoto. Isto poderá originar a terminação da ligação. O código de erro fatal definido pelo protocolo TLS é 70. O estado de erro SChannel do Windows é 105.

Error: (01/24/2015 09:37:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: O serviço Steam Client Service falhou o arranque devido ao seguinte erro: 
%%1053

Error: (01/24/2015 09:37:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Foi atingido o tempo limite (30000 milissegundos) ao aguardar pela ligação do serviço Steam Client Service.

Error: (01/24/2015 03:14:31 PM) (Source: DCOM) (EventID: 10000) (User: DIOGOPARAISO)
Description: "C:\Program Files\SolidWorks Corp\SolidWorks\sldShellExtServer.exe" -Embedding577{56E6EF3C-99CA-497C-9989-83564E2A3C3A}

Error: (01/23/2015 11:27:51 AM) (Source: volsnap) (EventID: 36) (User: )
Description: As cópias sombra do volume C: foram abortadas porque não foi possível aumentar o armazenamento de cópias sombra devido a um limite imposto pelo utilizador.

Error: (01/20/2015 08:45:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: O serviço Steam Client Service falhou o arranque devido ao seguinte erro: 
%%1053

Error: (01/20/2015 08:45:26 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Foi atingido o tempo limite (30000 milissegundos) ao aguardar pela ligação do serviço Steam Client Service.

Error: (01/17/2015 10:57:15 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: O anterior encerramento do sistema, ‎17/‎01/‎2015 às 22:17:35, foi inesperado.

Error: (01/17/2015 00:35:50 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: O anterior encerramento do sistema, ‎17/‎01/‎2015 às 01:50:30, foi inesperado.

Error: (01/17/2015 00:35:43 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
Description: 32212256841142304


Microsoft Office Sessions:
=========================
Error: (02/01/2015 04:41:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe40.0.2214.93149001d03e34d3c7544629553C:\Program Files (x86)\Google\Chrome\Application\chrome.exe27f7238e-aa31-11e4-828c-448a5b6fdc10

Error: (01/29/2015 10:17:14 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: WinRE toolsO parâmetro está incorreto. (0x80070057)

Error: (01/26/2015 04:29:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7797

Error: (01/26/2015 04:29:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7797

Error: (01/26/2015 04:29:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/26/2015 04:29:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6641

Error: (01/26/2015 04:29:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6641

Error: (01/26/2015 04:29:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/26/2015 04:29:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5578

Error: (01/26/2015 04:29:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5578


CodeIntegrity Errors:
===================================
  Date: 2015-01-24 15:14:31.670
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\SolidWorks Corp\SolidWorks\sldShellExtServer.exe that did not meet the Microsoft signing level requirements.

  Date: 2015-01-16 17:59:01.168
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\SolidWorks Corp\SolidWorks\sldShellExtServer.exe that did not meet the Microsoft signing level requirements.

  Date: 2015-01-16 17:59:01.067
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\SolidWorks Corp\SolidWorks\sldShellExtServer.exe that did not meet the Microsoft signing level requirements.

  Date: 2015-01-16 17:59:00.962
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\SolidWorks Corp\SolidWorks\sldShellExtServer.exe that did not meet the Microsoft signing level requirements.

  Date: 2014-12-30 23:27:49.252
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\SolidWorks Corp\SolidWorks\sldShellExtServer.exe that did not meet the Microsoft signing level requirements.

  Date: 2014-12-30 23:27:49.178
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\SolidWorks Corp\SolidWorks\sldShellExtServer.exe that did not meet the Microsoft signing level requirements.

  Date: 2014-12-30 23:27:49.103
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\SolidWorks Corp\SolidWorks\sldShellExtServer.exe that did not meet the Microsoft signing level requirements.

  Date: 2014-12-28 22:18:53.631
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\SolidWorks Corp\SolidWorks\sldShellExtServer.exe that did not meet the Microsoft signing level requirements.

  Date: 2014-12-28 22:18:53.555
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\SolidWorks Corp\SolidWorks\sldShellExtServer.exe that did not meet the Microsoft signing level requirements.

  Date: 2014-12-28 22:18:53.481
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\SolidWorks Corp\SolidWorks\sldShellExtServer.exe that did not meet the Microsoft signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
Percentage of memory in use: 21%
Total physical RAM: 16303.02 MB
Available physical RAM: 12826.16 MB
Total Pagefile: 18735.02 MB
Available Pagefile: 14874.69 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (OS_Install) (Fixed) (Total:118.24 GB) (Free:23.66 GB) NTFS
Drive d: (Data) (Fixed) (Total:913.27 GB) (Free:809.12 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 3870B0CF)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 3870B0ED)

Partition: GPT Partition Type.

==================== End Of Log ============================

Attached Files



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:55 PM

Posted 01 February 2015 - 05:02 PM

Greetings and thank you for the information. Could you please tell me your router manufacturer and model number.

Please do these things.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
Tcpip\Parameters: [DhcpNameServer] 91.212.124.159 8.8.8.8
CMD: netsh int ip reset c:\resetlog.txt
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Reboot your computer
===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure only the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Router information
  • Fixlog
  • Result.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#8 iParadase

iParadase
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 01 February 2015 - 05:22 PM

Hi again Gary, thank you for the quick replies! 

I use a D-Link DSL-2740R router (after having this problem and reading about it and before asking for help i reset the router, the problem continued, i don't know if that's relevant; also, the router firmware is not up to date).

 

Here are the logs:

 

-Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2015
Ran by Diogo Paraíso at 2015-02-01 22:07:14 Run:1
Running from C:\Users\Diogo Paraíso\Desktop
Loaded Profiles: Diogo Paraíso (Available profiles: Diogo Paraíso)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
Tcpip\Parameters: [DhcpNameServer] 91.212.124.159 8.8.8.8
CMD: netsh int ip reset c:\resetlog.txt
*****************

"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
EagleX64 => Service deleted successfully.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer => value deleted successfully.

=========  netsh int ip reset c:\resetlog.txt =========

Resetting Global, OK!
Resetting Interface, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Route, OK!
Resetting , failed.
Acesso negado.

Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


==== End of Fixlog 22:07:15 ====

- Result.txt:  (I ran MiniToolBox after i used the fixlist, not sure if that's what i was supposed to do :/ )

MiniToolBox by Farbar  Version: 30-11-2014
Ran by Diogo Paraíso (administrator) on 01-02-2015 at 22:11:45
Running from "C:\Users\Diogo Paraíso\Desktop"
Microsoft Windows 8.1  (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ============================== 

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================



========================= IP Configuration: ================================

Intel(R) Dual Band Wireless-AC 7260 = Wi-Fi (Connected)
VirtualBox Host-Only Ethernet Adapter = VirtualBox Host-Only Network (Hardware not present)
Killer e2200 Gigabit Ethernet Controller (NDIS 6.30) = Ethernet (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : DiogoParaiso
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Killer e2200 Gigabit Ethernet Controller (NDIS 6.30)
   Physical Address. . . . . . . . . : 44-8A-5B-6F-DC-10
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Liga��o de �rea Local* 3:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : E8-2A-EA-3B-97-D8
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Intel(R) Dual Band Wireless-AC 7260
   Physical Address. . . . . . . . . : E8-2A-EA-3B-97-D7
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::394b:6cc8:5101:7520%3(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.5(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 1 de fevereiro de 2015 22:08:31
   Lease Expires . . . . . . . . . . : 4 de fevereiro de 2015 22:08:40
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 65546986
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-10-6B-D0-44-8A-5B-6F-DC-10
   DNS Servers . . . . . . . . . . . : 91.212.124.159
                                       8.8.8.8
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:cdc:23cf:3f57:fefa(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::cdc:23cf:3f57:fefa%7(Preferred) 
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 402653184
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-10-6B-D0-44-8A-5B-6F-DC-10
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{EFC0FB0E-47F8-4BD0-A086-84A639C554EF}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Placa Microsoft ISATAP #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  91.212.124.159


Pinging google.com [195.8.12.55] with 32 bytes of data:
Reply from 195.8.12.55: bytes=32 time=59ms TTL=60
Reply from 195.8.12.55: bytes=32 time=35ms TTL=60

Ping statistics for 195.8.12.55:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 35ms, Maximum = 59ms, Average = 47ms
Server:  UnKnown
Address:  91.212.124.159


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=212ms TTL=51
Reply from 206.190.36.45: bytes=32 time=185ms TTL=51

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 185ms, Maximum = 212ms, Average = 198ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  5...44 8a 5b 6f dc 10 ......Killer e2200 Gigabit Ethernet Controller (NDIS 6.30)
  4...e8 2a ea 3b 97 d8 ......Microsoft Wi-Fi Direct Virtual Adapter
  3...e8 2a ea 3b 97 d7 ......Intel(R) Dual Band Wireless-AC 7260
  1...........................Software Loopback Interface 1
  7...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 12...00 00 00 00 00 00 00 e0 Placa Microsoft ISATAP #4
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.5     41
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      169.254.0.0      255.255.0.0         On-link       192.168.1.5    321
  169.254.255.255  255.255.255.255         On-link       192.168.1.5    296
      192.168.1.0    255.255.255.0         On-link       192.168.1.5    296
      192.168.1.5  255.255.255.255         On-link       192.168.1.5    296
    192.168.1.255  255.255.255.255         On-link       192.168.1.5    296
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.5    296
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.5    296
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  7    306 ::/0                     On-link
  1    306 ::1/128                  On-link
  7    306 2001::/32                On-link
  7    306 2001:0:9d38:6ab8:cdc:23cf:3f57:fefa/128
                                    On-link
  3    296 fe80::/64                On-link
  7    306 fe80::/64                On-link
  7    306 fe80::cdc:23cf:3f57:fefa/128
                                    On-link
  3    296 fe80::394b:6cc8:5101:7520/128
                                    On-link
  1    306 ff00::/8                 On-link
  3    296 ff00::/8                 On-link
  7    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [55296] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [50688] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [69120] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30720] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)

**** End of log ****


Edited by iParadase, 01 February 2015 - 05:24 PM.


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:55 PM

Posted 01 February 2015 - 05:42 PM

Hi Diogo,

You did it in the right order, and thanks for your quick replies as well. It makes it easier for me to review if the information is not in a code box.
 

i reset the router, the problem continued, i don't know if that's relevant

Very relevant, thanks.

I am assuming you rebooted after running the fixlist and before running MiniToolBox.

Please do this now.

===================================================

Farbar's MiniRegTool

--------------------
  • Please download MiniRegTool.zip (for 32 bit systems) or MiniRegTool64.zip (for 64 bit systems) and save it to your desktop
  • Unzip the folder and double click the icon
  • When you run the tool this is what you will see
  • Copy and paste the following into the white box:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

  • Check the Export keys radio button.
  • Press the Go button and post the result.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • MiniRegTool report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#10 iParadase

iParadase
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 01 February 2015 - 05:51 PM

Me again :)

Yes, i rebooted my system before running MiniToolBox.

 

And i'm sorry, i thought it would make it easier in code boxes, my bad...

 

MiniRegTool report:

 

Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"ICSDomain"="mshome.net"
"SyncDomainWithMembership"=dword:00000001
"NV Hostname"="DiogoParaiso"
"DataBasePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
  00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,65,00,74,00,63,00,00,00
"NameServer"=""
"ForwardBroadcasts"=dword:00000000
"Domain"=""
"Hostname"="DiogoParaiso"
"SearchList"=""
"UseDomainNameDevolution"=dword:00000001
"DeadGWDetectDefault"=dword:00000001
"DontAddDefaultGatewayDefault"=dword:00000000
"DhcpDomain"=""
"DhcpNameServer"="91.212.124.159 8.8.8.8"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{0972B7DA-8210-45AE-9B20-49A7C5A165BA}]
"LLInterface"=""
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
  6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
  00,61,00,63,00,65,00,73,00,5c,00,7b,00,30,00,39,00,37,00,32,00,42,00,37,00,\
  44,00,41,00,2d,00,38,00,32,00,31,00,30,00,2d,00,34,00,35,00,41,00,45,00,2d,\
  00,39,00,42,00,32,00,30,00,2d,00,34,00,39,00,41,00,37,00,43,00,35,00,41,00,\
  31,00,36,00,35,00,42,00,41,00,7d,00,00,00,00,00
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{3E2CECC5-347E-4F83-B375-386D640B7039}]
"LLInterface"=""
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
  6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
  00,61,00,63,00,65,00,73,00,5c,00,7b,00,33,00,45,00,32,00,43,00,45,00,43,00,\
  43,00,35,00,2d,00,33,00,34,00,37,00,45,00,2d,00,34,00,46,00,38,00,33,00,2d,\
  00,42,00,33,00,37,00,35,00,2d,00,33,00,38,00,36,00,44,00,36,00,34,00,30,00,\
  42,00,37,00,30,00,33,00,39,00,7d,00,00,00,00,00
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{8718928D-CBEB-45EA-A621-800A9249001D}]
"LLInterface"=""
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
  6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
  00,61,00,63,00,65,00,73,00,5c,00,7b,00,38,00,37,00,31,00,38,00,39,00,32,00,\
  38,00,44,00,2d,00,43,00,42,00,45,00,42,00,2d,00,34,00,35,00,45,00,41,00,2d,\
  00,41,00,36,00,32,00,31,00,2d,00,38,00,30,00,30,00,41,00,39,00,32,00,34,00,\
  39,00,30,00,30,00,31,00,44,00,7d,00,00,00,00,00
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{A2AA7E6D-AB92-4250-9F69-BA221C9ED1ED}]
"LLInterface"=""
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
  6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
  00,61,00,63,00,65,00,73,00,5c,00,7b,00,41,00,32,00,41,00,41,00,37,00,45,00,\
  36,00,44,00,2d,00,41,00,42,00,39,00,32,00,2d,00,34,00,32,00,35,00,30,00,2d,\
  00,39,00,46,00,36,00,39,00,2d,00,42,00,41,00,32,00,32,00,31,00,43,00,39,00,\
  45,00,44,00,31,00,45,00,44,00,7d,00,00,00,00,00
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{EFC0FB0E-47F8-4BD0-A086-84A639C554EF}]
"LLInterface"=""
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
  6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
  00,61,00,63,00,65,00,73,00,5c,00,7b,00,45,00,46,00,43,00,30,00,46,00,42,00,\
  30,00,45,00,2d,00,34,00,37,00,46,00,38,00,2d,00,34,00,42,00,44,00,30,00,2d,\
  00,41,00,30,00,38,00,36,00,2d,00,38,00,34,00,41,00,36,00,33,00,39,00,43,00,\
  35,00,35,00,34,00,45,00,46,00,7d,00,00,00,00,00
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0972B7DA-8210-45AE-9B20-49A7C5A165BA}]
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"DhcpIPAddress"="192.168.1.2"
"DhcpSubnetMask"="255.255.255.0"
"DhcpServer"="192.168.1.1"
"Lease"=dword:0003f480
"LeaseObtainedTime"=dword:54ca7ac4
"T1"=dword:54cc7504
"T2"=dword:54cdf0b4
"LeaseTerminatesTime"=dword:54ce6f44
"AddressType"=dword:00000000
"IsServerNapAware"=dword:00000000
"DhcpConnForceBroadcastFlag"=dword:00000000
"DhcpNameServer"="192.168.1.1"
"DhcpDefaultGateway"=hex(7):31,00,39,00,32,00,2e,00,31,00,36,00,38,00,2e,00,31,\
  00,2e,00,31,00,00,00,00,00
"DhcpDomain"=""
"DhcpSubnetMaskOpt"=hex(7):32,00,35,00,35,00,2e,00,32,00,35,00,35,00,2e,00,32,\
  00,35,00,35,00,2e,00,30,00,00,00,00,00
"DhcpInterfaceOptions"=hex:fc,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,44,\
  cc,cb,54,79,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,44,cc,cb,54,2f,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,44,cc,cb,54,2e,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,44,cc,cb,54,2c,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,44,cc,cb,54,2b,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,44,\
  cc,cb,54,21,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,44,cc,cb,54,1f,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,44,cc,cb,54,36,00,00,00,00,00,00,\
  00,04,00,00,00,00,00,00,00,44,6f,ce,54,c0,a8,01,01,33,00,00,00,00,00,00,00,\
  04,00,00,00,00,00,00,00,44,6f,ce,54,00,03,f4,80,3b,00,00,00,00,00,00,00,04,\
  00,00,00,00,00,00,00,44,6f,ce,54,00,03,75,f0,3a,00,00,00,00,00,00,00,04,00,\
  00,00,00,00,00,00,44,6f,ce,54,00,01,fa,40,06,00,00,00,00,00,00,00,04,00,00,\
  00,00,00,00,00,44,6f,ce,54,c0,a8,01,01,03,00,00,00,00,00,00,00,04,00,00,00,\
  00,00,00,00,44,6f,ce,54,c0,a8,01,01,0f,00,00,00,00,00,00,00,01,00,00,00,00,\
  00,00,00,44,6f,ce,54,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,00,00,00,\
  00,00,44,6f,ce,54,ff,ff,ff,00,35,00,00,00,00,00,00,00,01,00,00,00,00,00,00,\
  00,44,6f,ce,54,05,00,00,00
"DhcpGatewayHardware"=hex:c0,a8,01,01,06,00,00,00,f0,7d,68,72,09,c6
"DhcpGatewayHardwareCount"=dword:00000001
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3E2CECC5-347E-4F83-B375-386D640B7039}]
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}]
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A2AA7E6D-AB92-4250-9F69-BA221C9ED1ED}]
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000000
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"DhcpServer"="255.255.255.255"
"Lease"=dword:00000000
"LeaseObtainedTime"=dword:00000000
"T1"=dword:00000000
"T2"=dword:00000000
"LeaseTerminatesTime"=dword:00000000
"AddressType"=dword:00000000
"IsServerNapAware"=dword:00000000
"DhcpConnForceBroadcastFlag"=dword:00000000
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{bbed3e08-0b41-11e3-8249-806e6f6e6963}]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EFC0FB0E-47F8-4BD0-A086-84A639C554EF}]
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"DhcpIPAddress"="192.168.1.5"
"DhcpSubnetMask"="255.255.255.0"
"DhcpServer"="192.168.1.1"
"Lease"=dword:0003f480
"LeaseObtainedTime"=dword:54cea632
"T1"=dword:54d0a072
"T2"=dword:54d21c22
"LeaseTerminatesTime"=dword:54d29ab2
"AddressType"=dword:00000000
"IsServerNapAware"=dword:00000000
"DhcpConnForceBroadcastFlag"=dword:00000000
"DhcpNetworkHint"="475637475613"
"DhcpInterfaceOptions"=hex:fc,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,b2,\
  f7,cf,54,79,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,b2,f7,cf,54,2f,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,b2,f7,cf,54,2e,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,b2,f7,cf,54,2c,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,b2,f7,cf,54,2b,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,b2,\
  f7,cf,54,21,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,b2,f7,cf,54,1f,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,b2,f7,cf,54,36,00,00,00,00,00,00,\
  00,04,00,00,00,00,00,00,00,b2,9a,d2,54,c0,a8,01,01,33,00,00,00,00,00,00,00,\
  04,00,00,00,00,00,00,00,b2,9a,d2,54,00,03,f4,80,3b,00,00,00,00,00,00,00,04,\
  00,00,00,00,00,00,00,b2,9a,d2,54,00,03,75,f0,3a,00,00,00,00,00,00,00,04,00,\
  00,00,00,00,00,00,b2,9a,d2,54,00,01,fa,40,06,00,00,00,00,00,00,00,08,00,00,\
  00,00,00,00,00,b2,9a,d2,54,5b,d4,7c,9f,08,08,08,08,03,00,00,00,00,00,00,00,\
  04,00,00,00,00,00,00,00,b2,9a,d2,54,c0,a8,01,01,0f,00,00,00,00,00,00,00,01,\
  00,00,00,00,00,00,00,b2,9a,d2,54,00,00,00,00,01,00,00,00,00,00,00,00,04,00,\
  00,00,00,00,00,00,b2,9a,d2,54,ff,ff,ff,00,35,00,00,00,00,00,00,00,01,00,00,\
  00,00,00,00,00,b2,9a,d2,54,05,00,00,00
"DhcpNameServer"="91.212.124.159 8.8.8.8"
"DhcpDefaultGateway"=hex(7):31,00,39,00,32,00,2e,00,31,00,36,00,38,00,2e,00,31,\
  00,2e,00,31,00,00,00,00,00
"DhcpDomain"=""
"DhcpSubnetMaskOpt"=hex(7):32,00,35,00,35,00,2e,00,32,00,35,00,35,00,2e,00,32,\
  00,35,00,35,00,2e,00,30,00,00,00,00,00
"DhcpGatewayHardware"=hex:c0,a8,01,01,06,00,00,00,f0,7d,68,72,09,c6
"DhcpGatewayHardwareCount"=dword:00000001
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EFC0FB0E-47F8-4BD0-A086-84A639C554EF}\46D66607]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"DhcpIPAddress"="192.168.43.240"
"DhcpSubnetMask"="255.255.255.0"
"DhcpServer"="192.168.43.1"
"Lease"=dword:00015180
"LeaseObtainedTime"=dword:54b6fbba
"T1"=dword:54b7a47a
"T2"=dword:54b8230a
"LeaseTerminatesTime"=dword:54b84d3a
"AddressType"=dword:00000000
"IsServerNapAware"=dword:00000000
"DhcpConnForceBroadcastFlag"=dword:00000000
"DhcpNetworkHint"="46D66607"
"DhcpNameServer"="192.168.43.1"
"DhcpDefaultGateway"=hex(7):31,00,39,00,32,00,2e,00,31,00,36,00,38,00,2e,00,34,\
  00,33,00,2e,00,31,00,00,00,00,00
"DhcpSubnetMaskOpt"=hex(7):32,00,35,00,35,00,2e,00,32,00,35,00,35,00,2e,00,32,\
  00,35,00,35,00,2e,00,30,00,00,00,00,00
"DhcpInterfaceOptions"=hex:fc,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,7a,\
  a4,b7,54,79,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,7a,a4,b7,54,2f,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,7a,a4,b7,54,2e,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,7a,a4,b7,54,2c,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,7a,a4,b7,54,2b,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,7a,\
  a4,b7,54,21,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,7a,a4,b7,54,1f,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,7a,a4,b7,54,0f,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,7a,a4,b7,54,51,00,00,00,00,00,00,00,0f,00,00,00,\
  00,00,00,00,3a,4d,b8,54,03,ff,ff,44,69,6f,67,6f,50,61,72,61,69,73,6f,00,06,\
  00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,3a,4d,b8,54,c0,a8,2b,01,03,00,\
  00,00,00,00,00,00,04,00,00,00,00,00,00,00,3a,4d,b8,54,c0,a8,2b,01,1c,00,00,\
  00,00,00,00,00,04,00,00,00,00,00,00,00,3a,4d,b8,54,c0,a8,2b,ff,01,00,00,00,\
  00,00,00,00,04,00,00,00,00,00,00,00,3a,4d,b8,54,ff,ff,ff,00,3b,00,00,00,00,\
  00,00,00,04,00,00,00,00,00,00,00,3a,4d,b8,54,00,01,27,50,3a,00,00,00,00,00,\
  00,00,04,00,00,00,00,00,00,00,3a,4d,b8,54,00,00,a8,c0,33,00,00,00,00,00,00,\
  00,04,00,00,00,00,00,00,00,3a,4d,b8,54,00,01,51,80,36,00,00,00,00,00,00,00,\
  04,00,00,00,00,00,00,00,3a,4d,b8,54,c0,a8,2b,01,35,00,00,00,00,00,00,00,01,\
  00,00,00,00,00,00,00,3a,4d,b8,54,05,00,00,00
"DhcpGatewayHardware"=hex:c0,a8,2b,01,06,00,00,00,20,54,76,d1,c8,9d
"DhcpGatewayHardwareCount"=dword:00000001
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EFC0FB0E-47F8-4BD0-A086-84A639C554EF}\66A62607]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"DhcpIPAddress"="192.168.1.2"
"DhcpSubnetMask"="255.255.255.0"
"DhcpServer"="192.168.1.1"
"Lease"=dword:0003f480
"LeaseObtainedTime"=dword:54ca6f45
"T1"=dword:54cc6985
"T2"=dword:54cde535
"LeaseTerminatesTime"=dword:54ce63c5
"AddressType"=dword:00000000
"IsServerNapAware"=dword:00000000
"DhcpConnForceBroadcastFlag"=dword:00000000
"DhcpNetworkHint"="66A62607"
"DhcpInterfaceOptions"=hex:fc,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,c5,\
  c0,cb,54,79,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,c5,c0,cb,54,2f,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,c5,c0,cb,54,2e,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,c5,c0,cb,54,2c,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,c5,c0,cb,54,2b,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,c5,\
  c0,cb,54,21,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,c5,c0,cb,54,1f,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,c5,c0,cb,54,36,00,00,00,00,00,00,\
  00,04,00,00,00,00,00,00,00,c5,63,ce,54,c0,a8,01,01,33,00,00,00,00,00,00,00,\
  04,00,00,00,00,00,00,00,c5,63,ce,54,00,03,f4,80,3b,00,00,00,00,00,00,00,04,\
  00,00,00,00,00,00,00,c5,63,ce,54,00,03,75,f0,3a,00,00,00,00,00,00,00,04,00,\
  00,00,00,00,00,00,c5,63,ce,54,00,01,fa,40,06,00,00,00,00,00,00,00,08,00,00,\
  00,00,00,00,00,c5,63,ce,54,5b,d4,7c,9f,08,08,08,08,03,00,00,00,00,00,00,00,\
  04,00,00,00,00,00,00,00,c5,63,ce,54,c0,a8,01,01,0f,00,00,00,00,00,00,00,01,\
  00,00,00,00,00,00,00,c5,63,ce,54,00,00,00,00,01,00,00,00,00,00,00,00,04,00,\
  00,00,00,00,00,00,c5,63,ce,54,ff,ff,ff,00,35,00,00,00,00,00,00,00,01,00,00,\
  00,00,00,00,00,c5,63,ce,54,05,00,00,00
"DhcpNameServer"=" 8.8.8.8"
"DhcpDefaultGateway"=hex(7):31,00,39,00,32,00,2e,00,31,00,36,00,38,00,2e,00,31,\
  00,2e,00,31,00,00,00,00,00
"DhcpDomain"=""
"DhcpSubnetMaskOpt"=hex(7):32,00,35,00,35,00,2e,00,32,00,35,00,35,00,2e,00,32,\
  00,35,00,35,00,2e,00,30,00,00,00,00,00
"DhcpGatewayHardware"=hex:c0,a8,01,01,06,00,00,00,f0,7d,68,72,09,c6
"DhcpGatewayHardwareCount"=dword:00000001
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NsiObjectSecurity]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Winsock]
"MaxSockAddrLength"=dword:00000010
"MinSockAddrLength"=dword:00000010
"HelperDllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,\
  6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,\
  00,77,00,73,00,68,00,74,00,63,00,70,00,69,00,70,00,2e,00,64,00,6c,00,6c,00,\
  00,00
"Mapping"=hex:08,00,00,00,03,00,00,00,02,00,00,00,01,00,00,00,06,00,00,00,02,\
  00,00,00,01,00,00,00,00,00,00,00,02,00,00,00,00,00,00,00,06,00,00,00,02,00,\
  00,00,02,00,00,00,11,00,00,00,02,00,00,00,02,00,00,00,00,00,00,00,02,00,00,\
  00,00,00,00,00,11,00,00,00,02,00,00,00,03,00,00,00,ff,00,00,00,02,00,00,00,\
  03,00,00,00,00,00,00,00
"UseDelayedAcceptance"=dword:00000000
 


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:55 PM

Posted 01 February 2015 - 05:53 PM

No problem, just my preference. While I am reviewing what you posted can you tell me if you reset your router by simply unplugging it or did you do a factory reset by pushing in a reset button?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#12 iParadase

iParadase
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 01 February 2015 - 06:17 PM

I did a factory reset, although, and as i said, that was before i asked here for help, so my pc might have messed it up again...

The procedure was the following: I ran MBAM, which found two Trojan.DNSChanger, i quarantined them and rebooted. I did a reset to the router and connected to it to the wifi, only to find out the problem was still there. (I later found out that no matter how many times i "fixed" the problem with MBAM it would just appear again).

 

P.S.: I just want to let you know that since we started my default browser, Chrome, has frozen twice, and only works again if i reboot the computer. That has never happen, that is why i'm telling you.

 

Thank you again :)



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:55 PM

Posted 01 February 2015 - 06:26 PM

Thanks for the detailed explanation.

Please disable the Wifi on your computer. Following that do another Factor Reset of your router. While still disconnected from the internet run the following.

===================================================

Registry Fix

-------------------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type Notepad and press Enter
  • Copy/paste the following text inside the code box into a new notepad document.
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"DhcpNameServer"="8.8.8.8"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EFC0FB0E-47F8-4BD0-A086-84A639C554EF}]
"DhcpNameServer"="8.8.8.8"
  • Click File, then Save As... .
  • Click Desktop on the left.
  • Under the Save as type dropdown, select All Files.
  • In the box File Name, input dhcp.reg.
  • Click Save.
  • Double click dhcp.reg and answer Yes to the prompts. You should receive the message that the entries have been successfully merged. If not, post back with the error message.
  • Delete dhcp.reg after use.
  • Reboot your computer
  • Reconnect to the router and check your Internet performance, including Chrome
  • Rerun MiniToolBox and post the results
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Factory Reset?
  • Did the registry fix merge properly?
  • Result.txt
  • How is your Internet performance, including Chrome?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#14 iParadase

iParadase
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 01 February 2015 - 06:35 PM

Just a clarification, i have at least two other infected computers (not counting smartphones and tablets, which i heard someone say they could carry the problem too), should i prevent them from connecting to the router after the factory reset?
 
I will also need to connect my computer to the router via ethernet to configure it again, is that okay? Or should i borrow a computer that i know it's not infected to do it?
 
Sorry for my questions, but i don't really know much of this..

Thanks again Gary :)


#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:55 PM

Posted 01 February 2015 - 06:55 PM

Yes, if possible let's isolate the router and your computer. Yes, you can connect to configure after you have done the factory reset and have run the Registry fix.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users