Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SysWOW64 during the startup (w8.1)


  • Please log in to reply
13 replies to this topic

#1 fressato

fressato

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brazil
  • Local time:11:09 PM

Posted 15 March 2015 - 05:10 PM

Hello,

 

When I start my computer, a window opens trying to execute C:\Windows\SysWOW64\net.exe. It doesn`t matter if I open the file or not, the message will always show when I turn my computer on. Is it a malware? What cleaning process should I use?

I'm using Windows 8.1, avast! antivirus and IOrbit malware fighter.

 

Thanks you!


Edited by fressato, 15 March 2015 - 05:14 PM.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:09 PM

Posted 15 March 2015 - 06:26 PM

Download Autoruns for Windows: http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
No installation required.
Simply unzip Autoruns.zip file, and double click on autoruns.exe file to run the program.
Go File>Save, and save it as Autoruns.txt file to know location.
You must select Text from drop-down menu as a file type:

p4436801.gif

Paste content of Autoruns.txt file into your next reply.


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 fressato

fressato
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brazil
  • Local time:11:09 PM

Posted 15 March 2015 - 06:53 PM

Result from autoruns:

 

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"    ""    ""    ""    "10/24/2014 3:10 PM"    ""
+ "HotKeysCmds"    ""    ""    "File not found: C:\WINDOWS\system32\hkcmd.exe"    ""    ""
+ "IAStorIcon"    "Delayed launcher"    "Intel Corporation"    "c:\program files\intel\intel® rapid storage technology\iastoriconlaunch.exe"    "8/31/2013 1:19 AM"    ""
+ "IgfxTray"    ""    ""    "c:\windows\system32\igfxtray.exe"    "1/5/2015 5:26 PM"    ""
+ "Persistence"    ""    ""    "File not found: C:\WINDOWS\system32\igfxpers.exe"    ""    ""
+ "RtHDVBg"    "HD Audio Background Process"    "Realtek Semiconductor"    "c:\program files\realtek\audio\hda\ravbg64.exe"    "5/13/2014 9:24 AM"    ""
+ "RtHDVBg_PushButton"    "HD Audio Background Process"    "Realtek Semiconductor"    "c:\program files\realtek\audio\hda\ravbg64.exe"    "5/13/2014 9:24 AM"    ""
+ "RTHDVCPL"    "Realtek HD Audio Manager"    "Realtek Semiconductor"    "c:\program files\realtek\audio\hda\rtkngui64.exe"    "5/14/2014 3:03 AM"    ""
+ "SynTPEnh"    "Synaptics TouchPad Enhancements"    "Synaptics Incorporated"    "c:\program files\synaptics\syntp\syntpenh.exe"    "3/5/2013 3:51 PM"    ""
+ "WavesSvc"    "Waves MaxxAudio Service Application"    "Waves Audio Ltd."    "c:\program files\realtek\audio\hda\wavessvc64.exe"    "4/10/2014 5:56 AM"    ""
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run"    ""    ""    ""    "3/16/2015 10:31 AM"    ""
+ "Adobe ARM"    "Adobe Reader and Acrobat Manager"    "Adobe Systems Incorporated"    "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe"    "12/19/2014 1:43 PM"    ""
+ "AvastUI.exe"    "avast! Antivirus"    "Avast Software s.r.o."    "c:\program files\avast software\avast\avastui.exe"    "3/12/2015 12:03 PM"    ""
+ "Diebold - Warsaw"    "GAS Tecnologia - Core"    "GAS Tecnologia LTDA"    "c:\program files (x86)\diebold\warsaw\core.exe"    "7/12/2014 10:36 AM"    ""
+ "GrooveMonitor"    "GrooveMonitor Utility"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\groovemonitor.exe"    "10/27/2006 3:53 AM"    ""
+ "IObit Malware Fighter"    "IObit Malware Fighter"    "IObit"    "c:\program files (x86)\iobit\iobit malware fighter\imf.exe"    "4/21/2014 1:45 AM"    ""
+ "iTunesHelper"    "iTunesHelper"    "Apple Inc."    "c:\program files (x86)\itunes\ituneshelper.exe"    "5/26/2014 10:38 PM"    ""
+ "Raptr"    "Raptr Desktop App"    "Raptr, Inc"    "c:\program files (x86)\raptr\raptrstub.exe"    "4/7/2010 10:29 PM"    ""
+ "RzWizard"    "Razer Wizard"    "Razer Inc."    "c:\program files (x86)\razer\rzwizard\rzwizard.exe"    "5/20/2014 4:48 AM"    ""
+ "StartCCC"    "Catalyst® Control Center Launcher"    "Advanced Micro Devices, Inc."    "c:\program files (x86)\amd\ati.ace\core-static\amd64\clistart.exe"    "11/20/2014 11:19 PM"    ""
"HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"    ""    ""    ""    "11/19/2014 8:02 AM"    ""
+ "Advanced SystemCare 7"    "Advanced SystemCare 7"    "IObit"    "c:\program files (x86)\iobit\advanced systemcare 7\asctray.exe"    "2/11/2014 3:16 AM"    ""
+ "DAEMON Tools Lite"    "DAEMON Tools Lite"    "Disc Soft Ltd"    "c:\program files (x86)\daemon tools lite\dtlite.exe"    "3/4/2014 6:19 AM"    ""
+ "DellSystemDetect"    "Dell System Detect"    "Dell"    "c:\users\baratabaratabarata\appdata\local\apps\2.0\dkxtgz6m.b19\oa07gkgl.8gh\dell..tion_e30b47f5d4a30e9e_0005.000c_1df9a4898fae00de\dellsystemdetect.exe"    "10/16/2014 6:44 AM"    ""
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup"    ""    ""    ""    "10/16/2014 10:31 AM"    ""
+ "Bluetooth.lnk"    "Bluetooth Tray Application"    "Broadcom Corporation."    "c:\program files\widcomm\bluetooth software\bttray.exe"    "9/4/2013 11:48 PM"    ""
"C:\Users\BARATABARATABARATA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup"    ""    ""    ""    "3/16/2015 9:36 AM"    ""
+ "Dropbox.lnk"    "Dropbox"    "Dropbox, Inc."    "c:\users\baratabaratabarata\appdata\roaming\dropbox\bin\dropbox.exe"    "6/4/2014 8:05 PM"    ""
+ "Monitorar alertas de tinta - HP Deskjet 1510 series.lnk"    "Print Driver Status Business Logic"    "Hewlett-Packard Co."    "c:\program files\hp\hp deskjet 1510 series\bin\hpstatusbl.dll"    "3/6/2014 6:10 PM"    ""
+ "MyPC Backup.lnk"    "MyPC Backup"    "MyPCBackup.com"    "c:\program files (x86)\mypc backup\mypc backup.exe"    "11/13/2014 6:59 AM"    ""
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components"    ""    ""    ""    "10/16/2014 10:19 AM"    ""
+ "Microsoft Windows"    "Windows Mail"    "Microsoft Corporation"    "c:\program files\windows mail\winmail.exe"    "8/22/2013 7:29 AM"    ""
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components"    ""    ""    ""    "3/15/2015 8:42 PM"    ""
+ "Microsoft Windows"    "Windows Mail"    "Microsoft Corporation"    "c:\program files (x86)\windows mail\winmail.exe"    "8/22/2013 12:13 AM"    ""
"HKLM\SOFTWARE\Classes\Protocols\Filter"    ""    ""    ""    "10/16/2014 10:29 AM"    ""
+ "text/xml"    "Microsoft Office XML MIME Filter"    "Microsoft Corporation"    "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"    "10/27/2006 12:32 AM"    ""
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks"    ""    ""    ""    "11/6/2014 12:32 AM"    ""
+ "GbPlugin ShlObj"    "Gbieh Module"    "Banco Itaú Unibanco"    "c:\program files (x86)\gbplugin\gbiehuni.dll"    "3/17/2014 12:01 PM"    ""
+ "Groove GFS Stub Execution Hook"    "GrooveShellExtensions Module"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"    "10/27/2006 4:20 AM"    ""
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers"    ""    ""    ""    "3/15/2015 8:46 PM"    ""
+ "Advanced SystemCare"    "ASCExtMenu Module"    "IObit"    "c:\program files (x86)\iobit\advanced systemcare 7\ascextmenu_64.dll"    "11/26/2013 12:00 AM"    ""
+ "avast"    "avast! Shell Extension"    "Avast Software s.r.o."    "c:\program files\avast software\avast\ashsha64.dll"    "3/2/2015 9:29 AM"    ""
+ "IObit Malware Fighter"    "BlueBirdShellExt Module"    "IObit"    "c:\program files (x86)\iobit\iobit malware fighter\imfshellext.dll"    "11/4/2013 11:23 PM"    ""
+ "MPCBContextMenu"    ""    ""    "File not found: :/Program Files (x86)/MyPC Backup/MPCBContextMenu.DLL"    ""    ""
+ "SmartDefragExtension"    "IObit Smart Defrag Extension"    "IObit"    "c:\windows\system32\iobitsmartdefragextension.dll"    "1/8/2014 4:54 AM"    ""
+ "UnLockerMenu"    "IObitUnlockerExtension"    "IObit"    "c:\program files (x86)\iobit\iobit uninstaller\uninstallmenuright64.dll"    "1/8/2014 3:37 AM"    ""
+ "WinRAR"    "WinRAR shell extension"    "Alexander Roshal"    "c:\program files\winrar\rarext.dll"    "12/1/2013 5:08 AM"    ""
+ "WinZip"    "WinZip Shell Extension DLL"    "WinZip Computing, S.L."    "c:\program files\winzip\wzshls64.dll"    "10/23/2013 10:32 AM"    ""
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers"    ""    ""    ""    "3/15/2015 8:46 PM"    ""
+ "avast"    "avast! Shell Extension"    "Avast Software s.r.o."    "c:\program files\avast software\avast\ashshell.dll"    "3/2/2015 9:13 AM"    ""
+ "MPCBContextMenu"    ""    ""    "File not found: :/Program Files (x86)/MyPC Backup/MPCBContextMenu.DLL"    ""    ""
+ "WinRAR32"    "WinRAR shell extension"    "Alexander Roshal"    "c:\program files\winrar\rarext32.dll"    "12/1/2013 5:08 AM"    ""
+ "WinZip"    "WinZip Shell Extension DLL"    "WinZip Computing, S.L."    "c:\program files\winzip\wzshlstb.dll"    "10/23/2013 10:26 AM"    ""
+ "XXX Groove GFS Context Menu Handler XXX"    "GrooveShellExtensions Module"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"    "10/27/2006 4:20 AM"    ""
"HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers"    ""    ""    ""    "10/16/2014 10:29 AM"    ""
+ "Advanced SystemCare"    "ASCExtMenu Module"    "IObit"    "c:\program files (x86)\iobit\advanced systemcare 7\ascextmenu_64.dll"    "11/26/2013 12:00 AM"    ""
"HKLM\Software\Classes\*\ShellEx\PropertySheetHandlers"    ""    ""    ""    "10/24/2014 2:37 PM"    ""
+ "TheAdvOSPropPage Class"    "igfxOSP Module"    "Intel Corporation"    "c:\windows\system32\igfxosp.dll"    "1/5/2015 5:26 PM"    ""
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers"    ""    ""    ""    "10/16/2014 10:29 AM"    ""
+ "00avast"    "avast! Shell Extension"    "Avast Software s.r.o."    "c:\program files\avast software\avast\ashsha64.dll"    "3/2/2015 9:29 AM"    ""
"HKLM\Software\Wow6432Node\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers"    ""    ""    ""    "10/16/2014 10:29 AM"    ""
+ "00avast"    "avast! Shell Extension"    "Avast Software s.r.o."    "c:\program files\avast software\avast\ashshell.dll"    "3/2/2015 9:13 AM"    ""
+ "XXX Groove GFS Context Menu Handler XXX"    "GrooveShellExtensions Module"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"    "10/27/2006 4:20 AM"    ""
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers"    ""    ""    ""    "10/16/2014 10:29 AM"    ""
+ "Advanced SystemCare"    "ASCExtMenu Module"    "IObit"    "c:\program files (x86)\iobit\advanced systemcare 7\ascextmenu_64.dll"    "11/26/2013 12:00 AM"    ""
+ "IObit Malware Fighter"    "BlueBirdShellExt Module"    "IObit"    "c:\program files (x86)\iobit\iobit malware fighter\imfshellext.dll"    "11/4/2013 11:23 PM"    ""
+ "UnLockerMenu"    "IObitUnlockerExtension"    "IObit"    "c:\program files (x86)\iobit\iobit uninstaller\uninstallmenuright64.dll"    "1/8/2014 3:37 AM"    ""
+ "WinZip"    "WinZip Shell Extension DLL"    "WinZip Computing, S.L."    "c:\program files\winzip\wzshls64.dll"    "10/23/2013 10:32 AM"    ""
"HKLM\Software\Wow6432Node\Classes\Directory\ShellEx\ContextMenuHandlers"    ""    ""    ""    "10/16/2014 10:29 AM"    ""
+ "WinZip"    "WinZip Shell Extension DLL"    "WinZip Computing, S.L."    "c:\program files\winzip\wzshlstb.dll"    "10/23/2013 10:26 AM"    ""
+ "XXX Groove GFS Context Menu Handler XXX"    "GrooveShellExtensions Module"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"    "10/27/2006 4:20 AM"    ""
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers"    ""    ""    ""    "10/16/2014 10:29 AM"    ""
+ "WinZip"    "WinZip Shell Extension DLL"    "WinZip Computing, S.L."    "c:\program files\winzip\wzshls64.dll"    "10/23/2013 10:32 AM"    ""
"HKLM\Software\Wow6432Node\Classes\Directory\Shellex\DragDropHandlers"    ""    ""    ""    "10/16/2014 10:29 AM"    ""
+ "WinZip"    "WinZip Shell Extension DLL"    "WinZip Computing, S.L."    "c:\program files\winzip\wzshlstb.dll"    "10/23/2013 10:26 AM"    ""
"HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers"    ""    ""    ""    "11/6/2014 12:32 AM"    ""
+ "Monitor"    "BTNCopy Module"    "Broadcom Corporation."    "c:\program files\widcomm\bluetooth software\btncopy.dll"    "9/4/2013 11:55 PM"    ""
"HKLM\Software\Wow6432Node\Classes\Directory\Shellex\CopyHookHandlers"    ""    ""    ""    "11/6/2014 12:32 AM"    ""
+ "GbExplorerPersistObj"    "Gbieh Module"    "Banco Itaú Unibanco"    "c:\program files (x86)\gbplugin\gbiehuni.dll"    "3/17/2014 12:01 PM"    ""
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers"    ""    ""    ""    "3/3/2015 8:18 AM"    ""
+ "ACE"    "AMD Desktop Control Panel"    "Advanced Micro Devices, Inc."    "c:\program files (x86)\amd\ati.ace\core-static\atiacm64.dll"    "11/20/2014 11:20 PM"    ""
+ "igfxcui"    ""    ""    "File not found: C:\WINDOWS\system32\igfxpph.dll"    ""    ""
+ "igfxDTCM"    "igfxDTCM Module"    "Intel Corporation"    "c:\windows\system32\igfxdtcm.dll"    "1/5/2015 5:26 PM"    ""
+ "igfxOSP"    "igfxOSP Module"    "Intel Corporation"    "c:\windows\system32\igfxosp.dll"    "1/5/2015 5:26 PM"    ""
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers"    ""    ""    ""    "3/3/2015 8:18 AM"    ""
+ "XXX Groove GFS Context Menu Handler XXX"    "GrooveShellExtensions Module"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"    "10/27/2006 4:20 AM"    ""
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers"    ""    ""    ""    "10/16/2014 10:29 AM"    ""
+ "PDF Shell Extension"    "PDF Shell Extension"    "Adobe Systems, Inc."    "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"    "5/11/2013 6:34 AM"    ""
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers"    ""    ""    ""    "3/15/2015 8:46 PM"    ""
+ "avast"    "avast! Shell Extension"    "Avast Software s.r.o."    "c:\program files\avast software\avast\ashsha64.dll"    "3/2/2015 9:29 AM"    ""
+ "IObit Malware Fighter"    "BlueBirdShellExt Module"    "IObit"    "c:\program files (x86)\iobit\iobit malware fighter\imfshellext.dll"    "11/4/2013 11:23 PM"    ""
+ "MPCBContextMenu"    ""    ""    "File not found: :/Program Files (x86)/MyPC Backup/MPCBContextMenu.DLL"    ""    ""
+ "SmartDefragExtension"    "IObit Smart Defrag Extension"    "IObit"    "c:\windows\system32\iobitsmartdefragextension.dll"    "1/8/2014 4:54 AM"    ""
+ "UnLockerMenu"    "IObitUnlockerExtension"    "IObit"    "c:\program files (x86)\iobit\iobit uninstaller\uninstallmenuright64.dll"    "1/8/2014 3:37 AM"    ""
+ "WinRAR"    "WinRAR shell extension"    "Alexander Roshal"    "c:\program files\winrar\rarext.dll"    "12/1/2013 5:08 AM"    ""
+ "WinZip"    "WinZip Shell Extension DLL"    "WinZip Computing, S.L."    "c:\program files\winzip\wzshls64.dll"    "10/23/2013 10:32 AM"    ""
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers"    ""    ""    ""    "3/15/2015 8:46 PM"    ""
+ "avast"    "avast! Shell Extension"    "Avast Software s.r.o."    "c:\program files\avast software\avast\ashshell.dll"    "3/2/2015 9:13 AM"    ""
+ "MPCBContextMenu"    ""    ""    "File not found: :/Program Files (x86)/MyPC Backup/MPCBContextMenu.DLL"    ""    ""
+ "WinRAR32"    "WinRAR shell extension"    "Alexander Roshal"    "c:\program files\winrar\rarext32.dll"    "12/1/2013 5:08 AM"    ""
+ "WinZip"    "WinZip Shell Extension DLL"    "WinZip Computing, S.L."    "c:\program files\winzip\wzshlstb.dll"    "10/23/2013 10:26 AM"    ""
+ "XXX Groove GFS Context Menu Handler XXX"    "GrooveShellExtensions Module"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"    "10/27/2006 4:20 AM"    ""
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers"    ""    ""    ""    "10/16/2014 10:29 AM"    ""
+ "WinRAR"    "WinRAR shell extension"    "Alexander Roshal"    "c:\program files\winrar\rarext.dll"    "12/1/2013 5:08 AM"    ""
+ "WinZip"    "WinZip Shell Extension DLL"    "WinZip Computing, S.L."    "c:\program files\winzip\wzshls64.dll"    "10/23/2013 10:32 AM"    ""
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\DragDropHandlers"    ""    ""    ""    "10/16/2014 10:29 AM"    ""
+ "WinRAR32"    "WinRAR shell extension"    "Alexander Roshal"    "c:\program files\winrar\rarext32.dll"    "12/1/2013 5:08 AM"    ""
+ "WinZip"    "WinZip Shell Extension DLL"    "WinZip Computing, S.L."    "c:\program files\winzip\wzshlstb.dll"    "10/23/2013 10:26 AM"    ""
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers"    ""    ""    ""    "10/16/2014 10:30 AM"    ""
+ "00avast"    "avast! Shell Extension"    "Avast Software s.r.o."    "c:\program files\avast software\avast\ashsha64.dll"    "3/2/2015 9:29 AM"    ""
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers"    ""    ""    ""    "10/16/2014 10:31 AM"    ""
+ "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"    "GrooveShellExtensions Module"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"    "10/27/2006 4:20 AM"    ""
+ "Groove Explorer Icon Overlay 2 (GFS Stub)"    "GrooveShellExtensions Module"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"    "10/27/2006 4:20 AM"    ""
+ "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"    "GrooveShellExtensions Module"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"    "10/27/2006 4:20 AM"    ""
+ "Groove Explorer Icon Overlay 3 (GFS Folder)"    "GrooveShellExtensions Module"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"    "10/27/2006 4:20 AM"    ""
+ "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"    "GrooveShellExtensions Module"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"    "10/27/2006 4:20 AM"    ""
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects"    ""    ""    ""    "10/18/2014 6:18 PM"    ""
+ "ExplorerWnd Helper"    "Uninstall for explorer"    "IObit"    "c:\program files (x86)\iobit\iobit uninstaller\uninstallexplorer64.dll"    "1/1/2014 11:46 PM"    ""
+ "Java™ Plug-In 2 SSV Helper"    "Java™ Platform SE binary"    "Oracle Corporation"    "c:\program files\java\jre7\bin\jp2ssv.dll"    "8/10/2012 1:42 AM"    ""
+ "Java™ Plug-In SSV Helper"    "Java™ Platform SE binary"    "Oracle Corporation"    "c:\program files\java\jre7\bin\ssv.dll"    "8/10/2012 1:42 AM"    ""
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects"    ""    ""    ""    "2/27/2015 8:06 AM"    ""
+ "Advanced SystemCare Browser Protection"    "Advanced SystemCare 7  ASCPlugin_Protection"    "IObit"    "c:\program files (x86)\iobit\surfing protection\browerprotect\ascplugin_protection.dll"    "2/19/2014 11:43 PM"    ""
+ "GbIehObj Class"    "Gbieh Module"    "Banco Itaú Unibanco"    "c:\program files (x86)\gbplugin\gbiehuni.dll"    "3/17/2014 12:01 PM"    ""
+ "Groove GFS Browser Helper"    "GrooveShellExtensions Module"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"    "10/27/2006 4:20 AM"    ""
+ "Java™ Plug-In 2 SSV Helper"    "Java™ Platform SE binary"    "Oracle Corporation"    "c:\program files (x86)\java\jre7\bin\jp2ssv.dll"    "7/25/2014 3:45 PM"    ""
+ "Java™ Plug-In SSV Helper"    "Java™ Platform SE binary"    "Oracle Corporation"    "c:\program files (x86)\java\jre7\bin\ssv.dll"    "7/25/2014 3:45 PM"    ""
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions"    ""    ""    ""    "10/16/2014 10:31 AM"    ""
+ "S&end to OneNote"    "Microsoft Office OneNote Internet Explorer Add-in"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\onbttnie.dll"    "10/27/2006 12:32 AM"    ""
"Task Scheduler"    ""    ""    ""    ""    ""
+ "\Apple\AppleSoftwareUpdate"    "Apple Software Update"    "Apple Inc."    "c:\program files (x86)\apple software update\softwareupdate.exe"    "6/1/2011 9:46 PM"    ""
+ "\ASC7_PerformanceMonitor"    "Advanced SystemCare 7 Monitor"    "IObit"    "c:\program files (x86)\iobit\advanced systemcare 7\monitor.exe"    "2/10/2014 5:50 AM"    ""
+ "\ASC7_SkipUac_BARATABARATABARATA"    "Advanced SystemCare 7"    "IObit"    "c:\program files (x86)\iobit\advanced systemcare 7\asc.exe"    "3/10/2014 5:03 AM"    ""
+ "\Driver Booster Scan"    "Driver Booster Scheduler"    "IObit"    "c:\program files (x86)\iobit\driver booster\scheduler.exe"    "1/30/2015 5:35 AM"    ""
+ "\Driver Booster SkipUAC (BARATABARATABARATA)"    "Driver Booster 2"    "IObit"    "c:\program files (x86)\iobit\driver booster\driverbooster.exe"    "2/5/2015 5:53 AM"    ""
+ "\Driver Booster Update"    "Driver Booster Updater"    "IObit"    "c:\program files (x86)\iobit\driver booster\autoupdate.exe"    "2/5/2015 8:18 AM"    ""
+ "\LaunchApp"    "MyPC Backup"    "MyPCBackup.com"    "c:\program files (x86)\mypc backup\mypc backup.exe"    "11/13/2014 6:59 AM"    ""
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo"    ""    ""    "c:\windows\system32\gathernetworkinfo.vbs"    "7/18/2013 12:53 PM"    ""
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary"    "Windows Media Player Network Sharing Service Configuration Application"    "Microsoft Corporation"    "c:\program files\windows media player\wmpnscfg.exe"    "8/22/2013 8:15 AM"    ""
+ "\PCDEventLauncherTask"    "PC-Doctor Module"    "PC-Doctor, Inc."    "c:\program files\my dell\sessionchecker.exe"    "1/10/2014 5:22 AM"    ""
+ "\SmartDefrag3_Startup"    "Smart Defrag v3"    "IObit"    "c:\program files (x86)\iobit\smart defrag 3\smartdefrag.exe"    "11/4/2014 4:43 AM"    ""
+ "\SmartDefrag3_Update"    "Smart Defrag Updater"    "IObit"    "c:\program files (x86)\iobit\smart defrag 3\autoupdate.exe"    "7/23/2014 3:00 AM"    ""
+ "\StartMenuAutoupdate"    "StartMenu Updater"    "IObit"    "c:\program files (x86)\iobit\start menu 8\autoupdate.exe"    "12/30/2014 11:52 PM"    ""
+ "\Uninstaller_SkipUac_Administrator"    "Uninstall Programs"    "IObit"    "c:\program files (x86)\iobit\iobit uninstaller\iobituninstaler.exe"    "2/13/2014 12:03 AM"    ""
+ "\{1E4C1E28-1638-425E-99FB-96155C98AE66}"    ""    ""    "File not found: c:\program files (x86)\google\chrome\application\chrome.exe"    ""    ""
"HKLM\System\CurrentControlSet\Services"    ""    ""    ""    "3/15/2015 8:46 PM"    ""
+ "AdobeARMservice"    "Adobe Acrobat Updater keeps your Adobe software up to date."    "Adobe Systems Incorporated"    "c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe"    "11/20/2014 3:03 PM"    ""
+ "AERTFilters"    "Andrea filters APO access service (64-bit)"    "Andrea Electronics Corporation"    "c:\program files\realtek\audio\hda\aertsr64.exe"    "11/17/2009 1:17 PM"    ""
+ "AMD External Events Utility"    "AMD External Events Service Module"    "AMD"    "c:\windows\system32\atiesrxx.exe"    "11/20/2014 11:12 PM"    ""
+ "Apple Mobile Device"    "Provides the interface to Apple mobile devices."    "Apple Inc."    "c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe"    "2/11/2014 10:26 AM"    ""
+ "avast! Antivirus"    "Gerencia e implementa os serviços do Avast antivírus neste computador. Isto inclui os Módulos residentes, a Quarentena e o Agendador de tarefas."    "Avast Software s.r.o."    "c:\program files\avast software\avast\avastsvc.exe"    "3/2/2015 9:19 AM"    ""
+ "AvastVBoxSvc"    "AvastVirtualBox Interface"    "Avast Software"    "c:\program files\avast software\avast\ng\vbox\avastvboxsvc.exe"    "2/18/2015 2:21 PM"    ""
+ "BackupStack"    "Backup Stack"    "Just Develop It"    "c:\program files (x86)\mypc backup\backupstack.exe"    "11/13/2014 6:59 AM"    ""
+ "Bonjour Service"    "Permite que os dispositivos de hardware e os serviços de software se configurem automaticamente na rede e comuniquem a sua presença."    "Apple Inc."    "c:\program files\bonjour\mdnsresponder.exe"    "8/31/2011 2:52 AM"    ""
+ "cphs"    "Intel® Content Protection HECI Service - enables communication with the Content Protection FW"    "Intel Corporation"    "c:\windows\syswow64\intelcphecisvc.exe"    "12/22/2011 3:45 AM"    ""
+ "FLEXnet Licensing Service"    "This service performs licensing functions on behalf of FLEXnet enabled products."    "Flexera Software, Inc."    "c:\program files (x86)\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe"    "5/26/2011 7:37 AM"    ""
+ "GbpSv"    "Service for G-Buster Browser Defense"    "GAS Tecnologia"    "c:\program files (x86)\gbplugin\gbpsv.exe"    "3/14/2014 7:19 PM"    ""
+ "IAStorDataMgrSvc"    "Provides storage event notification and manages communication between the storage driver and user space applications."    "Intel Corporation"    "c:\program files\intel\intel® rapid storage technology\iastordatamgrsvc.exe"    "8/28/2013 7:05 PM"    ""
+ "ICCS"    "Intel® Integrated Clock Controller Service - Intel® ICCS"    "Intel Corporation"    "c:\program files (x86)\intel\intel® integrated clock controller service\iccproxy.exe"    "4/24/2012 5:46 PM"    ""
+ "igfxCUIService1.0.0.0"    "Service for Intel® HD Graphics Control Panel"    "Intel Corporation"    "c:\windows\system32\igfxcuiservice.exe"    "1/5/2015 5:24 PM"    ""
+ "Intel® Capability Licensing Service Interface"    "Version: 1.31.8.1"    "Intel® Corporation"    "c:\program files\intel\icls client\heciserver.exe"    "8/27/2013 9:32 AM"    ""
+ "Intel® Capability Licensing Service TCP IP Interface"    "Version: 1.31.8.1"    "Intel® Corporation"    "c:\program files\intel\icls client\socketheciserver.exe"    "8/27/2013 9:32 AM"    ""
+ "iPod Service"    "Serviços de gerenciamento de hardware do iPod"    "Apple Inc."    "c:\program files\ipod\bin\ipodservice.exe"    "5/26/2014 10:38 PM"    ""
+ "jhi_service"    "Intel® Dynamic Application Loader Host Interface Service - Allows applications to access the local Intel ® DAL"    "Intel Corporation"    "c:\program files (x86)\intel\intel® management engine components\dal\jhi_service.exe"    "7/16/2013 11:50 PM"    ""
+ "LMS"    "Intel® Management and Security Application Local Management Service - Provides OS-related Intel® ME functionality."    "Intel Corporation"    "c:\program files (x86)\intel\intel® management engine components\lms\lms.exe"    "6/26/2013 7:39 PM"    ""
+ "Microsoft Office Groove Audit Service"    "Groove Audit Service"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\grooveauditservice.exe"    "10/27/2006 3:44 AM"    ""
+ "MozillaMaintenance"    "O Serviço de Manutenção da Mozilla assegura que você possui em seu computador a versão mais segura e recente do Mozilla Firefox. Manter o Firefox atualizado é muito importante para sua segurança online e a Mozilla recomenda enfaticamente que você deixe este serviço ativado."    "Mozilla Foundation"    "c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe"    "3/5/2015 8:51 AM"    ""
+ "odserv"    "Run portions of Microsoft Office Diagnostics."    "Microsoft Corporation"    "c:\program files (x86)\common files\microsoft shared\office12\odserv.exe"    "10/26/2006 11:48 PM"    ""
+ "ose"    "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports."    "Microsoft Corporation"    "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe"    "10/26/2006 6:00 PM"    ""
+ "RtkAudioService"    "For cooperation with Realtek audio driver."    "Realtek Semiconductor"    "c:\program files\realtek\audio\hda\rtkaudioservice64.exe"    "1/8/2014 3:09 AM"    ""
+ "SkypeUpdate"    "Enables the detection, download and installation of updates for Skype."    "Skype Technologies"    "c:\program files (x86)\skype\updater\updater.exe"    "4/3/2014 4:16 PM"    ""
+ "Warsaw Technology"    "GAS Tecnologia - Core"    "GAS Tecnologia LTDA"    "c:\program files (x86)\diebold\warsaw\core.exe"    "7/12/2014 10:36 AM"    ""
+ "WdNisSvc"    "Ajuda a proteger contra tentativas de intrusão, abordando vulnerabilidades conhecidas e recentemente descobertas em protocolos de rede"    "Microsoft Corporation"    "c:\program files\windows defender\nissrv.exe"    "8/22/2014 7:10 PM"    ""
+ "WinDefend"    "Ajudar a proteger os usuários contra malware e outros softwares potencialmente indesejados"    "Microsoft Corporation"    "c:\program files\windows defender\msmpeng.exe"    "8/22/2014 7:09 PM"    ""
+ "WMPNetworkSvc"    "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play"    "Microsoft Corporation"    "c:\program files\windows media player\wmpnetwk.exe"    "2/22/2014 7:06 AM"    ""
"HKLM\System\CurrentControlSet\Services"    ""    ""    ""    "3/15/2015 8:46 PM"    ""
+ "3ware"    "LSI 3ware SCSI Storport Driver"    "LSI"    "c:\windows\system32\drivers\3ware.sys"    "4/11/2013 7:49 PM"    ""
+ "ADP80XX"    "PMC-Sierra Storport  Driver For SPC8x6G SAS/SATA controller"    "PMC-Sierra"    "c:\windows\system32\drivers\adp80xx.sys"    "7/12/2013 6:47 PM"    ""
+ "amdkmdag"    "ATI Radeon Kernel Mode Driver"    "Advanced Micro Devices, Inc."    "c:\windows\system32\drivers\atikmdag.sys"    "11/20/2014 11:30 PM"    ""
+ "amdkmdap"    "AMD multi-vendor Miniport Driver"    "Advanced Micro Devices, Inc."    "c:\windows\system32\drivers\atikmpag.sys"    "11/20/2014 11:08 PM"    ""
+ "amdkmpfd"    "AMD PCI Root Bus Lower Filter"    "Advanced Micro Devices, Inc."    "c:\windows\system32\drivers\amdkmpfd.sys"    "10/27/2014 8:26 PM"    ""
+ "amdsata"    "AHCI 1.3 Device Driver"    "Advanced Micro Devices"    "c:\windows\system32\drivers\amdsata.sys"    "7/8/2013 7:54 PM"    ""
+ "amdsbs"    "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform"    "AMD Technologies Inc."    "c:\windows\system32\drivers\amdsbs.sys"    "12/11/2012 6:21 PM"    ""
+ "amdxata"    "Storage Filter Driver"    "Advanced Micro Devices"    "c:\windows\system32\drivers\amdxata.sys"    "7/8/2013 7:45 PM"    ""
+ "arcsas"    "Adaptec SAS RAID WS03 Driver"    "PMC-Sierra, Inc."    "c:\windows\system32\drivers\arcsas.sys"    "7/8/2013 9:50 PM"    ""
+ "aswHwid"    "avast! HardwareID"    ""    "c:\windows\system32\drivers\aswhwid.sys"    "3/2/2015 9:15 AM"    ""
+ "aswMonFlt"    "avast! mini-filter driver (aswMonFlt)"    "Avast Software s.r.o."    "c:\windows\system32\drivers\aswmonflt.sys"    "3/2/2015 9:14 AM"    ""
+ "aswRdr"    "avast! WFP Redirect driver"    "Avast Software s.r.o."    "c:\windows\system32\drivers\aswrdr2.sys"    "3/2/2015 9:15 AM"    ""
+ "aswRvrt"    ""    ""    "c:\windows\system32\drivers\aswrvrt.sys"    "3/2/2015 9:14 AM"    ""
+ "aswSnx"    "avast! virtualization driver (aswSnx)"    "Avast Software s.r.o."    "c:\windows\system32\drivers\aswsnx.sys"    "3/2/2015 9:15 AM"    ""
+ "aswSP"    "avast! Self Protection"    "Avast Software s.r.o."    "c:\windows\system32\drivers\aswsp.sys"    "3/2/2015 9:28 AM"    ""
+ "aswStm"    "avast! StreamFilter Callout Driver"    "Avast Software s.r.o."    "c:\windows\system32\drivers\aswstm.sys"    "3/2/2015 9:31 AM"    ""
+ "aswVmm"    "avast! VM Monitor"    ""    "c:\windows\system32\drivers\aswvmm.sys"    "3/2/2015 9:28 AM"    ""
+ "athr"    "Qualcomm Atheros Extensible Wireless LAN device driver"    "Qualcomm Atheros Communications, Inc."    "c:\windows\system32\drivers\athw8x.sys"    "8/8/2013 12:41 AM"    ""
+ "b06bdrv"    "Broadcom NetXtreme II GigE VBD"    "Broadcom Corporation"    "c:\windows\system32\drivers\bxvbda.sys"    "2/4/2013 4:47 PM"    ""
+ "bcmfn2"    "BCM Function 2  Device Driver"    "Windows ® Win 7 DDK provider"    "c:\windows\system32\drivers\bcmfn2.sys"    "8/2/2013 8:59 PM"    ""
+ "BtFilter"    "Qualcomm Atheros BtFilter Driver"    "Qualcomm Atheros"    "c:\windows\system32\drivers\btfilter.sys"    "9/18/2013 5:42 AM"    ""
+ "DellRbtn"    "Airplane Mode Switch Driver"    "OSR Open Systems Resources, Inc."    "c:\windows\system32\drivers\dellrbtn.sys"    "8/3/2012 6:32 PM"    ""
+ "dg_ssudbus"    "SAMSUNG USB Composite Device Driver (MSS Ver.3)"    "DEVGURU Co., LTD.(www.devguru.co.kr)"    "c:\windows\system32\drivers\ssudbus.sys"    "1/2/2014 6:51 AM"    ""
+ "ebdrv"    "Broadcom NetXtreme II 10 GigE VBD"    "Broadcom Corporation"    "c:\windows\system32\drivers\evbda.sys"    "4/8/2013 11:30 AM"    ""
+ "FileMonitor"    "File Filter driver of IMF"    "IObit"    "c:\program files (x86)\iobit\iobit malware fighter\drivers\win7_amd64\filemonitor.sys"    "2/28/2013 11:45 PM"    ""
+ "GEARAspiWDM"    "CD DVD Filter"    "GEAR Software Inc."    "c:\windows\system32\drivers\gearaspiwdm.sys"    "5/3/2012 4:56 PM"    ""
+ "HpSAMD"    "Smart Array SAS/SATA Controller Media Driver"    "Hewlett-Packard Company"    "c:\windows\system32\drivers\hpsamd.sys"    "3/26/2013 6:36 PM"    ""
+ "HWiNFO32"    "HWiNFO AMD64 Kernel Driver"    "REALiX™"    "c:\windows\syswow64\drivers\hwinfo64a.sys"    "11/23/2014 1:24 PM"    ""
+ "iaLPSSi_GPIO"    "Intel® Serial IO GPIO Controller Driver"    "Intel Corporation"    "c:\windows\system32\drivers\ialpssi_gpio.sys"    "6/26/2013 11:22 AM"    ""
+ "iaLPSSi_I2C"    "Intel® Serial IO I2C Controller Driver"    "Intel Corporation"    "c:\windows\system32\drivers\ialpssi_i2c.sys"    "6/26/2013 11:22 AM"    ""
+ "iaStorA"    "Intel Rapid Storage Technology driver - x64"    "Intel Corporation"    "c:\windows\system32\drivers\iastora.sys"    "8/28/2013 7:13 PM"    ""
+ "iaStorAV"    "Intel Rapid Storage Technology driver (inbox) - x64"    "Intel Corporation"    "c:\windows\system32\drivers\iastorav.sys"    "7/31/2013 9:00 PM"    ""
+ "iaStorV"    "Intel Matrix Storage Manager driver - x64"    "Intel Corporation"    "c:\windows\system32\drivers\iastorv.sys"    "4/11/2011 3:48 PM"    ""
+ "igfx"    "Intel Graphics Kernel Mode Driver"    "Intel Corporation"    "c:\windows\system32\drivers\igdkmd64.sys"    "1/5/2015 5:29 PM"    ""
+ "intaud_WaveExtensible"    "Intel® WiDi Solution"    "Intel Corporation"    "c:\windows\system32\drivers\intelaud.sys"    "10/3/2014 9:31 PM"    ""
+ "IntcAzAudAddService"    "Realtek® High Definition Audio Function Driver"    "Realtek Semiconductor Corp."    "c:\windows\system32\drivers\rtkvhd64.sys"    "5/14/2014 7:28 AM"    ""
+ "IntcDAud"    "Intel® Display Audio Driver"    "Intel® Corporation"    "c:\windows\system32\drivers\intcdaud.sys"    "11/5/2014 6:15 AM"    ""
+ "iwdbus"    "Intel® WiDi Solution"    "Intel Corporation"    "c:\windows\system32\drivers\iwdbus.sys"    "10/3/2014 9:31 PM"    ""
+ "LSI_SAS"    "LSI Fusion-MPT SAS Driver (StorPort)"    "LSI Corporation"    "c:\windows\system32\drivers\lsi_sas.sys"    "3/28/2013 2:42 PM"    ""
+ "LSI_SAS2"    "LSI SAS Gen2 Driver (StorPort)"    "LSI Corporation"    "c:\windows\system32\drivers\lsi_sas2.sys"    "3/28/2013 2:45 PM"    ""
+ "LSI_SAS3"    "LSI SAS Gen3 Driver (StorPort)"    "LSI Corporation"    "c:\windows\system32\drivers\lsi_sas3.sys"    "3/15/2013 8:38 PM"    ""
+ "LSI_SSS"    "LSI SSS PCIe/Flash Driver (StorPort)"    "LSI Corporation"    "c:\windows\system32\drivers\lsi_sss.sys"    "3/15/2013 8:39 PM"    ""
+ "megasas"    "MEGASAS RAID Controller Driver for Windows"    "LSI Corporation"    "c:\windows\system32\drivers\megasas.sys"    "7/23/2013 6:08 PM"    ""
+ "megasr"    "LSI MegaRAID Software RAID Driver"    "LSI Corporation, Inc."    "c:\windows\system32\drivers\megasr.sys"    "6/3/2013 7:02 PM"    ""
+ "MEIx64"    "Intel® Management Engine Interface"    "Intel Corporation"    "c:\windows\system32\drivers\teedriverx64.sys"    "11/27/2013 2:56 PM"    ""
+ "mvumis"    "Marvell Flash Controller Driver"    "Marvell Semiconductor, Inc."    "c:\windows\system32\drivers\mvumis.sys"    "3/20/2013 2:14 PM"    ""
+ "nvraid"    "NVIDIA® nForce™ RAID Driver"    "NVIDIA Corporation"    "c:\windows\system32\drivers\nvraid.sys"    "9/12/2011 9:01 PM"    ""
+ "nvstor"    "NVIDIA® nForce™ Sata Performance Driver"    "NVIDIA Corporation"    "c:\windows\system32\drivers\nvstor.sys"    "9/12/2011 8:53 PM"    ""
+ "RegFilter"    "Registry Filter"    "IObit.com"    "c:\program files (x86)\iobit\iobit malware fighter\drivers\win7_amd64\regfilter.sys"    "11/19/2013 1:39 AM"    ""
+ "RSUSBVSTOR"    "Realtek USB Mass Storage Driver for 2K/XP/Vista/Win7/Win8"    "Realtek Semiconductor Corp."    "c:\windows\system32\drivers\rtsuvstor.sys"    "1/3/2014 12:12 AM"    ""
+ "RTL8168"    "Realtek 8101E/8168/8169 NDIS 6.30 64-bit Driver                "    "Realtek                                            "    "c:\windows\system32\drivers\rt630x64.sys"    "7/15/2014 11:56 PM"    ""
+ "secdrv"    "Macrovision SECURITY Driver"    "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K."    "c:\windows\system32\drivers\secdrv.sys"    "9/13/2006 10:18 AM"    ""
+ "SiSRaid2"    "SiS RAID Stor Miniport Driver"    "Silicon Integrated Systems Corp."    "c:\windows\system32\drivers\sisraid2.sys"    "9/24/2008 3:28 PM"    ""
+ "SiSRaid4"    "SiS AHCI Stor-Miniport Driver"    "Silicon Integrated Systems"    "c:\windows\system32\drivers\sisraid4.sys"    "10/1/2008 6:56 PM"    ""
+ "SmartDefragDriver"    "File driver of SmartDefrag"    "IObit"    "c:\windows\system32\drivers\smartdefragdriver.sys"    "12/23/2013 7:05 AM"    ""
+ "SmbDrvI"    "Synaptics SMBus Driver"    "Synaptics Incorporated"    "c:\windows\system32\drivers\smb_driver_intel.sys"    "1/23/2014 6:59 PM"    ""
+ "ssudmdm"    "@oem32.inf,%ssud.Service.Desc%;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)"    "DEVGURU Co., LTD.(www.devguru.co.kr)"    "c:\windows\system32\drivers\ssudmdm.sys"    "1/2/2014 6:51 AM"    ""
+ "stexstor"    "Promise SuperTrak EX Series Driver for Windows x64"    "Promise Technology, Inc."    "c:\windows\system32\drivers\stexstor.sys"    "11/26/2012 9:02 PM"    ""
+ "SynTP"    "Synaptics Touchpad Driver"    "Synaptics Incorporated"    "c:\windows\system32\drivers\syntp.sys"    "3/5/2013 3:07 PM"    ""
+ "UrlFilter"    "URL Filter"    "IObit.com"    "c:\program files (x86)\iobit\iobit malware fighter\drivers\win7_amd64\urlfilter.sys"    "11/18/2013 6:22 AM"    ""
+ "USBAAPL64"    "Apple Mobile Device USB Driver"    "Apple, Inc."    "c:\windows\system32\drivers\usbaapl64.sys"    "11/27/2012 8:38 PM"    ""
+ "VBoxAswDrv"    "VirtualBox Support Driver"    "Avast Software"    "c:\program files\avast software\avast\ng\vbox\vboxaswdrv.sys"    "2/18/2015 3:13 PM"    ""
+ "viaide"    "VIA Generic PCI IDE Bus Driver"    "VIA Technologies, Inc."    "c:\windows\system32\drivers\viaide.sys"    "8/22/2013 8:40 AM"    ""
+ "vsmraid"    "VIA RAID DRIVER FOR AMD-X86-64"    "VIA Technologies Inc.,Ltd"    "c:\windows\system32\drivers\vsmraid.sys"    "1/23/2013 5:35 PM"    ""
+ "VSTXRAID"    "VIA StorX RAID Controller Driver"    "VIA Corporation"    "c:\windows\system32\drivers\vstxraid.sys"    "1/21/2013 4:00 PM"    ""
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32"    ""    ""    ""    "3/3/2015 8:18 AM"    ""
+ "msacm.l3acm"    "MPEG Layer-3 Audio Codec for MSACM"    "Fraunhofer Institut Integrierte Schaltungen IIS"    "c:\windows\system32\l3codeca.acm"    "8/22/2013 8:32 AM"    ""
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32"    ""    ""    ""    "3/3/2015 8:18 AM"    ""
+ "msacm.l3acm"    "MPEG Layer-3 Audio Codec for MSACM"    "Fraunhofer Institut Integrierte Schaltungen IIS"    "c:\windows\syswow64\l3codeca.acm"    "8/22/2013 1:03 AM"    ""
+ "vidc.cvid"    "Cinepak® Codec"    "Radius Inc."    "c:\windows\syswow64\iccvid.dll"    "8/22/2013 1:03 AM"    ""
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance"    ""    ""    ""    "3/16/2015 10:32 AM"    ""
+ "AMD MJPEG Decoder"    "ATI MPEG Encoder"    "Advanced Micro Devices Inc."    "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"    "11/20/2014 11:36 PM"    ""
+ "ATI MPEG Audio Encoder"    "ATI MPEG Encoder"    "Advanced Micro Devices Inc."    "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"    "11/20/2014 11:36 PM"    ""
+ "ATI MPEG File Writer"    "ATI MPEG Encoder"    "Advanced Micro Devices Inc."    "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"    "11/20/2014 11:36 PM"    ""
+ "ATI MPEG Multiplexer"    "ATI MPEG Encoder"    "Advanced Micro Devices Inc."    "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"    "11/20/2014 11:36 PM"    ""
+ "ATI MPEG Video Decoder"    "ATI MPEG Encoder"    "Advanced Micro Devices Inc."    "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"    "11/20/2014 11:36 PM"    ""
+ "ATI MPEG Video Encoder"    "ATI MPEG Encoder"    "Advanced Micro Devices Inc."    "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"    "11/20/2014 11:36 PM"    ""
+ "ATI Video Rotation Filter"    "ATI MPEG Encoder"    "Advanced Micro Devices Inc."    "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"    "11/20/2014 11:36 PM"    ""
+ "ATI Video Scaler Filter"    "ATI MPEG Encoder"    "Advanced Micro Devices Inc."    "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"    "11/20/2014 11:36 PM"    ""
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance"    ""    ""    ""    "3/16/2015 10:32 AM"    ""
+ "AMD MJPEG Decoder"    "ATI MPEG Encoder"    "Advanced Micro Devices Inc."    "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll"    "11/20/2014 11:34 PM"    ""
+ "ATI MPEG Audio Encoder"    "ATI MPEG Encoder"    "Advanced Micro Devices Inc."    "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll"    "11/20/2014 11:34 PM"    ""
+ "ATI MPEG File Writer"    "ATI MPEG Encoder"    "Advanced Micro Devices Inc."    "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll"    "11/20/2014 11:34 PM"    ""
+ "ATI MPEG Multiplexer"    "ATI MPEG Encoder"    "Advanced Micro Devices Inc."    "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll"    "11/20/2014 11:34 PM"    ""
+ "ATI MPEG Video Decoder"    "ATI MPEG Encoder"    "Advanced Micro Devices Inc."    "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll"    "11/20/2014 11:34 PM"    ""
+ "ATI MPEG Video Encoder"    "ATI MPEG Encoder"    "Advanced Micro Devices Inc."    "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll"    "11/20/2014 11:34 PM"    ""
+ "ATI Ticker"    ""    ""    "c:\program files (x86)\amd\ati.ace\graphics-previews-common\ticker.ax"    "11/20/2014 11:19 PM"    ""
+ "ATI Video Rotation Filter"    "ATI MPEG Encoder"    "Advanced Micro Devices Inc."    "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll"    "11/20/2014 11:34 PM"    ""
+ "ATI Video Scaler Filter"    "ATI MPEG Encoder"    "Advanced Micro Devices Inc."    "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll"    "11/20/2014 11:34 PM"    ""
+ "MMACE Deinterlace"    ""    ""    "c:\program files (x86)\amd\ati.ace\graphics-previews-common\mmacefilters.dll"    "11/20/2014 11:19 PM"    ""
+ "MMACE ProcAmp"    ""    ""    "c:\program files (x86)\amd\ati.ace\graphics-previews-common\mmacefilters.dll"    "11/20/2014 11:19 PM"    ""
+ "MMACE SoftEmu"    ""    ""    "c:\program files (x86)\amd\ati.ace\graphics-previews-common\mmacefilters.dll"    "11/20/2014 11:19 PM"    ""
"HKLM\Software\Classes\CLSID\{7ED96837-96F0-4812-B211-F13C24117ED3}\Instance"    ""    ""    ""    "10/16/2014 10:29 AM"    ""
+ "{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}"    "Microsoft Camera Codec Pack"    "Microsoft Corporation"    "c:\program files\common files\microsoft shared\microsoft camera codec pack\microsoftrawcodec.dll"    "10/2/2014 2:06 AM"    ""
"HKLM\Software\Wow6432Node\Classes\CLSID\{7ED96837-96F0-4812-B211-F13C24117ED3}\Instance"    ""    ""    ""    "10/16/2014 10:30 AM"    ""
+ "{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}"    "Microsoft Camera Codec Pack"    "Microsoft Corporation"    "c:\program files (x86)\common files\microsoft shared\microsoft camera codec pack\microsoftrawcodec.dll"    "10/2/2014 1:34 AM"    ""
"HKLM\SOFTWARE\Classes\Htmlfile\Shell\Open\Command\(Default)"    ""    ""    ""    "10/16/2014 10:45 AM"    ""
+ "C:\Program Files\Internet Explorer\IEXPLORE.EXE"    "Internet Explorer"    "Microsoft Corporation"    "c:\program files\internet explorer\iexplore.exe"    "10/31/2014 12:14 AM"    ""
"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls"    ""    ""    ""    "9/24/2014 5:09 AM"    ""
+ "_Wow64"    ""    ""    "File not found: C:\WINDOWS\syswow64\Wow64.dll"    ""    ""
+ "_Wow64cpu"    ""    ""    "File not found: C:\WINDOWS\syswow64\Wow64cpu.dll"    ""    ""
+ "_Wow64win"    ""    ""    "File not found: C:\WINDOWS\syswow64\Wow64win.dll"    ""    ""
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers"    ""    ""    ""    "10/16/2014 10:30 AM"    ""
+ "BtwCredentialProvider"    "BtwCP DLL"    "Broadcom Corporation."    "c:\program files\widcomm\bluetooth software\btwcp.dll"    "9/4/2013 11:58 PM"    ""
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries"    ""    ""    ""    "10/16/2014 10:34 AM"    ""
+ "mdnsNSP"    "Bonjour Namespace Provider"    "Apple Inc."    "c:\program files (x86)\bonjour\mdnsnsp.dll"    "8/31/2011 2:44 AM"    ""
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64"    ""    ""    ""    "10/16/2014 10:34 AM"    ""
+ "mdnsNSP"    "Bonjour Namespace Provider"    "Apple Inc."    "c:\program files\bonjour\mdnsnsp.dll"    "8/31/2011 2:53 AM"    ""
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors"    ""    ""    ""    "10/19/2014 7:43 PM"    ""
+ "HP c111 Status Monitor"    "Print Status Language Monitor"    "Hewlett-Packard Co."    "c:\windows\system32\hpinkstsc111lm.dll"    "12/16/2012 10:02 AM"    ""
 



#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:09 PM

Posted 15 March 2015 - 06:56 PM

You have some infection there.

 

Also...uninstall Advanced SystemCare.

Registry cleaners/optimizers are not recommended for several reasons:

  • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

    The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  • Not all registry cleaners create a backup of the registry before making changes.  If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

 

Next....

 

p22002970.gif Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

p22002970.gif Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


p22002970.gif Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
  • List Restore Points

Click Go and post the result.

p22002970.gif Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:

    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.



If you already have MBAM 2.0 installed:

  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


How to get logs:
(Export log to save as txt)


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.



(Copy to clipboard for pasting into forum replies or tickets)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.


p22002970.gifDownload 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit (MBAR) to your desktop.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"


NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.

p22002970.gif Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.


If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

NOTE Do NOT wrap your logs in "quote" or "code" brackets.
Do NOT use spoilers.
Do NOT edit your reply to post additional logs. Create new reply. I'll not get any email notifications about edits so I won't know you posted something new.


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#5 fressato

fressato
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brazil
  • Local time:11:09 PM

Posted 15 March 2015 - 09:01 PM

First of all, Advanced SystemCare Uninstalled.

 

Now the logs:

 

Security Check:

 Results of screen317's Security Check version 0.99.98  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Windows Defender   
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 67  
 Java version 32-bit out of Date!
  Java 64-bit 8 Update 31  
 Adobe Reader XI  
 Mozilla Firefox (36.0.1)
 Google Chrome (41.0.2272.89)
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast ng vbox\AvastVBoxSVC.exe
 AVAST Software Avast ng ngservice.exe
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````

 

 

 

 

FSS:

Farbar Service Scanner Version: 17-01-2015
Ran by BARATABARATABARATA (administrator) on 15-03-2015 at 21:06:36
Running from "C:\Users\BARATABARATABARATA\Downloads"
Microsoft Windows 8.1  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

 

 

 

MiniToolBox:

MiniToolBox by Farbar  Version: 09-03-2015
Ran by BARATABARATABARATA (administrator) on 15-03-2015 at 21:20:02
Running from "C:\Users\BARATABARATABARATA\Downloads"
Microsoft Windows 8.1  (X64)
Model: Inspiron 3537 Manufacturer: Dell Inc.
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

2.22.139.66    guardiao.itau.com.br      

========================= IP Configuration: ================================

Dell Wireless 1705 802.11b/g/n (2.4GHZ) = Wi-Fi (Connected)
Realtek PCIe FE Family Controller = Ethernet (Media disconnected)
Dispositivo Bluetooth (Rede Pessoal) = Conexão de Rede Bluetooth (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Conex?o Local* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Conex?o de Rede Bluetooth" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Conex?o Local* 12" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="ethernet_3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : BARATA
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Conex?o Local* 12:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Adaptador Virtual Direto Wi-Fi da Microsoft
   Physical Address. . . . . . . . . : 1E-84-DC-CB-BB-1F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Conex?o de Rede Bluetooth:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Dispositivo Bluetooth (Rede Pessoal)
   Physical Address. . . . . . . . . : 0C-84-DC-CB-BB-20
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 74-86-7A-3A-0B-11
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Dell Wireless 1705 802.11b/g/n (2.4GHZ)
   Physical Address. . . . . . . . . : 0C-84-DC-CB-BB-1F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::54a6:6982:2cfd:621a%3(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.111(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, March 15, 2015 8:32:24 PM
   Lease Expires . . . . . . . . . . : Sunday, March 15, 2015 10:31:15 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 386696412
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-0D-AF-5A-74-86-7A-3A-0B-11
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{A5F5CD73-6C8A-4819-8E76-81BB775083F9}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Adaptador do Microsoft ISATAP
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Conex?o Local* 4:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:9:19d3:3f57:fe90(Preferred)
   Link-local IPv6 Address . . . . . : fe80::9:19d3:3f57:fe90%8(Preferred)
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 167772160
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-0D-AF-5A-74-86-7A-3A-0B-11
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  192.168.1.1

Name:    google.com
Addresses:  2800:3f0:4001:801::200e
      189.4.7.173
      189.4.7.143
      189.4.7.170
      189.4.7.185
      189.4.7.155
      189.4.7.181
      189.4.7.147
      189.4.7.177
      189.4.7.151
      189.4.7.157
      189.4.7.162
      189.4.7.172
      189.4.7.187
      189.4.7.158
      189.4.7.166


Pinging google.com [189.4.7.151] with 32 bytes of data:
Reply from 189.4.7.151: bytes=32 time=10ms TTL=60
Reply from 189.4.7.151: bytes=32 time=10ms TTL=60

Ping statistics for 189.4.7.151:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 10ms, Maximum = 10ms, Average = 10ms
Server:  UnKnown
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  98.139.183.24
      206.190.36.45
      98.138.253.109


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=242ms TTL=47
Reply from 206.190.36.45: bytes=32 time=247ms TTL=47

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 242ms, Maximum = 247ms, Average = 244ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  9...1e 84 dc cb bb 1f ......Adaptador Virtual Direto Wi-Fi da Microsoft
  6...0c 84 dc cb bb 20 ......Dispositivo Bluetooth (Rede Pessoal)
  4...74 86 7a 3a 0b 11 ......Realtek PCIe FE Family Controller
  3...0c 84 dc cb bb 1f ......Dell Wireless 1705 802.11b/g/n (2.4GHZ)
  1...........................Software Loopback Interface 1
 10...00 00 00 00 00 00 00 e0 Adaptador do Microsoft ISATAP
  8...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.111     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.111    281
    192.168.1.111  255.255.255.255         On-link     192.168.1.111    281
    192.168.1.255  255.255.255.255         On-link     192.168.1.111    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.111    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.111    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  8    306 ::/0                     On-link
  1    306 ::1/128                  On-link
  8    306 2001::/32                On-link
  8    306 2001:0:9d38:6ab8:9:19d3:3f57:fe90/128
                                    On-link
  3    281 fe80::/64                On-link
  8    306 fe80::/64                On-link
  8    306 fe80::9:19d3:3f57:fe90/128
                                    On-link
  3    281 fe80::54a6:6982:2cfd:621a/128
                                    On-link
  1    306 ff00::/8                 On-link
  3    281 ff00::/8                 On-link
  8    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [53760] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
Catalog5 07 C:\WINDOWS\SysWOW64\wshbth.dll [51200] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30208] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/15/2015 08:57:59 PM) (Source: Application Error) (User: )
Description: Faulting application name: chrome.exe, version: 41.0.2272.89, time stamp: 0x54fa819a
Faulting module name: chrome.dll, version: 41.0.2272.89, time stamp: 0x54fa7de6
Exception code: 0xc0000005
Fault offset: 0x00230ae7
Faulting process id: 0x40c
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5

Error: (03/15/2015 08:57:41 PM) (Source: Application Error) (User: )
Description: Faulting application name: autoruns.exe, version: 13.2.0.0, time stamp: 0x54fc841a
Faulting module name: autoruns.exe, version: 13.2.0.0, time stamp: 0x54fc841a
Exception code: 0xc000041d
Fault offset: 0x0000e3eb
Faulting process id: 0x104c
Faulting application start time: 0xautoruns.exe0
Faulting application path: autoruns.exe1
Faulting module path: autoruns.exe2
Report Id: autoruns.exe3
Faulting package full name: autoruns.exe4
Faulting package-relative application ID: autoruns.exe5

Error: (03/15/2015 08:57:40 PM) (Source: Application Error) (User: )
Description: Faulting application name: autoruns.exe, version: 13.2.0.0, time stamp: 0x54fc841a
Faulting module name: autoruns.exe, version: 13.2.0.0, time stamp: 0x54fc841a
Exception code: 0xc0000005
Fault offset: 0x0000e3eb
Faulting process id: 0x104c
Faulting application start time: 0xautoruns.exe0
Faulting application path: autoruns.exe1
Faulting module path: autoruns.exe2
Report Id: autoruns.exe3
Faulting package full name: autoruns.exe4
Faulting package-relative application ID: autoruns.exe5

Error: (03/15/2015 08:41:04 PM) (Source: Application Error) (User: )
Description: Faulting application name: chrome.exe, version: 41.0.2272.89, time stamp: 0x54fa819a
Faulting module name: chrome.dll, version: 41.0.2272.89, time stamp: 0x54fa7de6
Exception code: 0xc0000005
Fault offset: 0x00230ae7
Faulting process id: 0xbf0
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5

Error: (03/15/2015 08:40:17 PM) (Source: Application Error) (User: )
Description: Faulting application name: chrome.exe, version: 41.0.2272.89, time stamp: 0x54fa819a
Faulting module name: chrome.dll, version: 41.0.2272.89, time stamp: 0x54fa7de6
Exception code: 0xc000041d
Fault offset: 0x00230ae7
Faulting process id: 0xb14
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5

Error: (03/15/2015 08:40:15 PM) (Source: Application Error) (User: )
Description: Faulting application name: chrome.exe, version: 41.0.2272.89, time stamp: 0x54fa819a
Faulting module name: chrome.dll, version: 41.0.2272.89, time stamp: 0x54fa7de6
Exception code: 0xc0000005
Fault offset: 0x00230ae7
Faulting process id: 0xb14
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5

Error: (03/15/2015 08:20:59 PM) (Source: ATIeRecord) (User: )
Description: ATI EEU failed to create a QNode

Error: (03/15/2015 08:20:59 PM) (Source: ATIeRecord) (User: )
Description: ATI EEU failed to create a QNode

Error: (03/15/2015 08:20:59 PM) (Source: ATIeRecord) (User: )
Description: ATI EEU failed to create a QNode

Error: (03/16/2015 10:26:33 AM) (Source: Application Error) (User: )
Description: Faulting application name: CCC.exe, version: 4.5.0.0, time stamp: 0x53ad0dcc
Faulting module name: amdmantle64.dll_unloaded, version: 9.1.10.34, time stamp: 0x5417637b
Exception code: 0xc0000005
Fault offset: 0x000000000042dee0
Faulting process id: 0x818
Faulting application start time: 0xCCC.exe0
Faulting application path: CCC.exe1
Faulting module path: CCC.exe2
Report Id: CCC.exe3
Faulting package full name: CCC.exe4
Faulting package-relative application ID: CCC.exe5


System errors:
=============
Error: (03/15/2015 09:11:21 PM) (Source: DCOM) (User: BARATA)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (03/15/2015 09:10:30 PM) (Source: DCOM) (User: BARATA)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (03/15/2015 09:10:58 PM) (Source: Microsoft-Windows-Kernel-General) (User: AUTORIDADE NT)
Description: 0x8000002a42\SystemRoot\System32\Config\RegBack\SYSTEM

Error: (03/15/2015 08:35:47 PM) (Source: Service Control Manager) (User: )
Description: The Serviço de Compartilhamento de Rede do Windows Media Player service depends on the Windows Search service which failed to start because of the following error:
%%1058

Error: (03/15/2015 08:34:58 PM) (Source: Service Control Manager) (User: )
Description: The Provedor do Grupo Doméstico service depends on the Host de Provedor da Descoberta de Função service which failed to start because of the following error:
%%1058

Error: (03/15/2015 08:32:45 PM) (Source: Service Control Manager) (User: )
Description: The Provedor do Grupo Doméstico service depends on the Host de Provedor da Descoberta de Função service which failed to start because of the following error:
%%1058

Error: (03/15/2015 08:32:30 PM) (Source: NETLOGON) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (03/15/2015 08:27:04 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: AUTORIDADE NT)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: Atualização do Windows 8.1 para sistemas baseados em x64 (KB3025417).

Error: (03/15/2015 08:26:18 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: AUTORIDADE NT)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: Atualização do Windows 8.1 para sistemas baseados em x64 (KB2989930).

Error: (03/15/2015 08:25:13 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: AUTORIDADE NT)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: Atualização do Windows 8.1 para sistemas baseados em x64 (KB3012702).


Microsoft Office Sessions:
=========================
Error: (10/28/2014 02:57:54 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4174 seconds with 3120 seconds of active time.  This session ended with a crash.

Error: (10/22/2014 09:26:34 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 51 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (10/22/2014 09:25:27 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3746 seconds with 2700 seconds of active time.  This session ended with a crash.

Error: (10/18/2014 07:29:18 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 23 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (10/18/2014 07:28:40 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3738 seconds with 2880 seconds of active time.  This session ended with a crash.



@RISK 6.3 (HKLM-x32\...\{6E828A85-DD11-43C7-91E8-7C2C6E8B7B4F}) (Version: 6.3.1 - Palisade Corporation)
=========================== Installed Programs ============================
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.34309 - BitTorrent Inc.)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.30.100.41120 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2014.1120.2123.38423 - Nome de sua empresa:) Hidden
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2214 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2014.1004.1447.24752 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2014.1120.2123.38423 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0704.2133.36938 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.1004.1447.24752 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.1120.2123.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.1004.1446.24752 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.1004.1446.24752 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.1004.1446.24752 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.1004.1446.24752 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.1004.1446.24752 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.1004.1446.24752 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.1004.1446.24752 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.1004.1446.24752 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.1004.1446.24752 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.1004.1446.24752 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.1004.1446.24752 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.1004.1446.24752 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.1004.1446.24752 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.1004.1446.24752 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.1004.1446.24752 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.1004.1446.24752 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.1004.1446.24752 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.1004.1446.24752 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.1004.1446.24752 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.1004.1446.24752 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.1004.1446.24752 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.1004.1446.24752 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dell System Detect (HKCU\...\73f463568823ebbe) (Version: 5.12.0.3 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 16.3.13.5 - Synaptics Incorporated)
Driver Booster 2.2 (HKLM-x32\...\Driver Booster_is1) (Version: 2.2 - IObit)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Guardião - Itaú 30 horas (HKLM-x32\...\{70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1) (Version: 3.10.0.1 - )
HP Deskjet 1510 series Software básico do dispositivo (HKLM\...\{06FD25AF-70F0-4CA9-88EA-490799567F11}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4080 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.8.2.1000 - Intel Corporation) Hidden
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Intel® Trusted Connect Service Client (Version: 1.31.8.1 - Intel Corporation) Hidden
IObit Malware Fighter (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 2.3 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.1.8.2434 - IObit)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 6 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417006FF}) (Version: 7.0.60 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.31119 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.31124 - Microsoft Corporation) Hidden
Mozilla Firefox 36.0.1 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 pt-BR)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
MyPC Backup  (HKLM\...\MyPC Backup) (Version:  - JDi Backup Ltd)
Palisade Language Resources [PT] (HKLM-x32\...\{CF7E4425-6446-4E29-9517-7DB552A3CAA6}) (Version: 6.3.1 - Palisade Corporation)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.10.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Smart Defrag 3 (HKLM-x32\...\Smart Defrag 3_is1) (Version: 3.3 - IObit)
Start Menu 8 (HKLM-x32\...\IObit_StartMenu8_is1) (Version: 1.4.0.0 - IObit)
Suporte para Aplicativos Apple (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
Tibia (HKLM-x32\...\Tibia_is1) (Version: 10.75 - CipSoft GmbH)
USB Vibration Joystick (HKLM-x32\...\{64B27517-3558-4A76-8641-5D161D7C9BE5}) (Version: v3.85 - Dragon rise)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Warsaw 1.3.1 (HKLM-x32\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.3.1 - GAS Tecnologia)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.7850 - Broadcom Corporation)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinZip 18.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DF}) (Version: 18.0.10661 - WinZip Computing, S.L. )
Write-N-Cite (HKLM-x32\...\{F16A0C93-5400-48FB-B18D-A19611DCFB13}) (Version: 4.2.1141 - RefWorks-COS)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 24%
Total physical RAM: 8072.96 MB
Available physical RAM: 6089.88 MB
Total Pagefile: 16264.96 MB
Available Pagefile: 13648.82 MB
Total Virtual: 4095.88 MB
Available Virtual: 3971.37 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:917.14 GB) (Free:209.6 GB) NTFS

========================= Users: ========================================

User accounts for \\BARATA

Administrador            BARATABARATABARATA       Convidado                

========================= Restore Points ==================================

19-11-2014 12:53:10 Windows Update
03-03-2015 11:11:37 Intel® Driver Update Utility
15-03-2015 23:05:31 Windows Update
16-03-2015 11:22:55 arrumando wow64

**** End of log ****

 

 

 

 

 

MBMA:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/15/2015
Scan Time: 9:22:55 PM
Logfile: 4 MBMA.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.03.15.06
Rootkit Database: v2015.02.25.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: BARATABARATABARATA

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 379001
Time Elapsed: 25 min, 12 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\BACKUPSTACK.EXE, 3192, Delete-on-Reboot, [2ea464e1c6c41c1a99a1edd47f8401ff]

Modules: 0
(No malicious items detected)

Registry Keys: 15
PUP.Optional.Outbrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}, Quarantined, [429077cea4e69a9c552abda08380ae52],
PUP.Optional.Outbrowse, HKLM\SOFTWARE\CLASSES\TYPELIB\{03771AEF-400D-4A13-B712-25878EC4A3F5}, Quarantined, [429077cea4e69a9c552abda08380ae52],
PUP.Optional.Outbrowse, HKLM\SOFTWARE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, Quarantined, [429077cea4e69a9c552abda08380ae52],
PUP.Optional.Outbrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, Quarantined, [429077cea4e69a9c552abda08380ae52],
PUP.Optional.Outbrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{03771AEF-400D-4A13-B712-25878EC4A3F5}, Quarantined, [429077cea4e69a9c552abda08380ae52],
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-307866236-2149616277-3460058889-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Quarantined, [01d1d2735e2c10266455ee3258ab619f],
PUP.Optional.MyPCBackup.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\BackupStack, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MyPC Backup, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\MyPC Backup, Quarantined, [e5ed4401b2d8f640c52be7d0f2114ab6],
PUP.Optional.MyPCBackup.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\MyPC Backup, Quarantined, [b81a9fa6b1d962d4c72921967b884ab6],
PUP.Optional.SystemSpeedup, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\ssd, Quarantined, [2ea4c67f602aae88917325b2768d17e9],
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-307866236-2149616277-3460058889-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SearchProtectWS, Quarantined, [4b87d174deac49ed76938030946f827e],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-307866236-2149616277-3460058889-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [f3dfc580ed9dda5c941fec0fc83b5fa1],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-307866236-2149616277-3460058889-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [f1e164e15436ec4a6827d53ce71e8d73],
PUP.Optional.SystemSpeedup, HKU\S-1-5-21-307866236-2149616277-3460058889-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\ssd, Quarantined, [01d157eee8a238fe34cff5e239ca9070],

Registry Values: 2
PUP.Optional.MyPCBackup.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\BACKUPSTACK|ImagePath, C:\Program Files (x86)\MyPC Backup\BackupStack.exe, Quarantined, [3d9596afb0da90a646f5635e50b3fc04]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-307866236-2149616277-3460058889-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0M2P0U0F0B1O1O1G, Quarantined, [f1e164e15436ec4a6827d53ce71e8d73]

Registry Data: 0
(No malicious items detected)

Folders: 13
PUP.Optional.MyPCBackup.A, C:\Users\BARATABARATABARATA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup, Quarantined, [ffd3bb8a602acf67e5546c55db281ce4],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MYPC BACKUP, Delete-on-Reboot, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MYPC BACKUP\log, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MYPC BACKUP\Resources, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MYPC BACKUP\Resources\cache, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MYPC BACKUP\Resources\keycache, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MYPC BACKUP\x64, Delete-on-Reboot, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MYPC BACKUP\x86, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MYPC BACKUP\~updates, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MYPC BACKUP\Config, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MYPC BACKUP\Database, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
Rogue.Multiple, C:\ProgramData\374311380, Quarantined, [943e62e3d1b9e650e6ad3a24ee15fe02],
PUP.Optional.SystemSpeedup, C:\Users\BARATABARATABARATA\AppData\Roaming\Systweak\ssd, Quarantined, [fbd76bdae3a7da5c6876bacbc73c7e82],

Files: 123
PUP.Optional.Systweak, C:\Users\BARATABARATABARATA\AppData\Roaming\Systweak\ssd\SSDPTstub.exe, Quarantined, [16bc044199f1d75fcbf99c7e81816c94],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe, Quarantined, [17bb1a2be3a71b1b985002eee21fd12f],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Service Start.exe, Quarantined, [2fa37dc8256591a514d421cf55acdf21],
PUP.Optional.MyPCBackup.A, C:\Windows\Temp\tmp983A.tmp, Quarantined, [468c1431e9a16ec844a4717ff0110df3],
PUP.Optional.OpenCandy, C:\Users\BARATABARATABARATA\Downloads\DTLite4491-0356.exe, Quarantined, [f1e1b293870338fee96a57b9e12514ec],
PUP.Optional.AZLyrics.A, C:\Users\BARATABARATABARATA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\HTTP_WWW.AZLYRICS.COM_0.LOCALSTORAGE, Quarantined, [def42223c5c593a30772279514ef669a],
PUP.Optional.AZLyrics.A, C:\Users\BARATABARATABARATA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\HTTP_WWW.AZLYRICS.COM_0.LOCALSTORAGE-JOURNAL, Quarantined, [e5ed044104861620b6c3813b4cb7758b],
PUP.Optional.MyPCBackup.A, C:\Users\BARATABARATABARATA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MYPC BACKUP.LNK, Quarantined, [6969d96c602ac373a98e89386c972cd4],
PUP.Optional.MyPCBackup.A, C:\Users\BARATABARATABARATA\Desktop\MYPC BACKUP.LNK, Quarantined, [62704df8503a5dd98bad16ab8b78b34d],
PUP.Optional.MyPCBackup.A, C:\Users\BARATABARATABARATA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup\MYPC BACKUP.LNK, Quarantined, [ffd3bb8a602acf67e5546c55db281ce4],
PUP.Optional.MyPCBackup.A, C:\Users\BARATABARATABARATA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup\Uninstall.lnk, Quarantined, [ffd3bb8a602acf67e5546c55db281ce4],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\pt_PT.mo, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\BackupStack.exe, Delete-on-Reboot, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\RegisterExtensionDotNet20_x64.exe, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\aff.conf, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\AlphaFS.dll, Delete-on-Reboot, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\AlphaVSS.51.x86.dll, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\AlphaVSS.52.x64.dll, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\AlphaVSS.52.x86.dll, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\AlphaVSS.60.x64.dll, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\AlphaVSS.60.x86.dll, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\AlphaVSS.Common.dll, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\AWSSDK.dll, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\LogicNP.EZShellExtensions.dll, Delete-on-Reboot, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Microsoft.Win32.TaskScheduler.dll, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\MPCBClient.dll, Delete-on-Reboot, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\MPCBContextMenu.dll, Delete-on-Reboot, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\MPCBIconOverlays.dll, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\mypcbackup.ico, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\NativeHashWrapper.dll, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Newtonsoft.Json.dll, Delete-on-Reboot, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\ObjectListView.dll, Delete-on-Reboot, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\PipeDiff.dll, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\RegisterExtensionDotNet20_x86.exe, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\RegisterExtensionDotNet40_x64.exe, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\RegisterExtensionDotNet40_x86.exe, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\RestartExplorer.exe, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Shared Stack.dll, Delete-on-Reboot, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\SignupWizard.dll, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\spf.dat, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\syncicon.ico, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\syncing.ico, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\System.Data.SQLite.DLL, Delete-on-Reboot, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\tick.ico, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\uninst.exe, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\UnRegisterExtensions.exe, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Updater.exe, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Updater.exe.0.old, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Updater_.dll, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\websocket-sharp.dll, Delete-on-Reboot, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\BackupStackUI.dll, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\BplusDotNet.dll, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Configuration Updater.exe, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Crypto32.dll, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Crypto64.dll, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\debug.txt, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\de_DE.mo, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\diffstack.dll, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\es_ES.mo, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\fr_FR.mo, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\GetText.dll, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\InstMgr.dll, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Ionic.Zip.dll, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\it_IT.mo, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\LinqBridge.dll, Delete-on-Reboot, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\PUSH.log, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\APPLICATION.log, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\APP_CRASH.log, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\AUTH.log, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\BACKOFF.log, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\BACKUP.log, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\CLIENT.log, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\CORE.log, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\EXTERNAL_DRIVE.log, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\FOOTER.log, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\GRID_RECOVERY.log, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\GRID_RECOVERY_INIT.log, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\LICENCE.log, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\NETWORK_SHARES.log, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\REMOTING.log, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\REMOTING_prev.log, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\REQUEST.log, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\RESTORE.log, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\RESTRICTIONS.log, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\SCHEDULE.log, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\SERVER_DECODE_LOG.log, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\SERVICE.log, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\SETTINGS.log, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\SHELL.log, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\SIGNUP_WIZ.log, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\STACK_BASE.log, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\TASKS.log, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\UPDATER.log, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\UPLOAD_GS.log, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\UTC_MIGRATION.log, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\WAIT_HANDLES.log, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_1cc0484f-12cd-42f3-b98e-7ea9fcfb1334_backupKeyCache.block, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_1cc0484f-12cd-42f3-b98e-7ea9fcfb1334_backupKeyCache.tree, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_631b3d8c-aa63-4471-ad08-b96ecf80ec0a_backupKeyCache.block, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_631b3d8c-aa63-4471-ad08-b96ecf80ec0a_backupKeyCache.tree, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_66c79847-99b3-4572-a1c7-03a6b8d77ec8_backupKeyCache.block, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_66c79847-99b3-4572-a1c7-03a6b8d77ec8_backupKeyCache.tree, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_deb26157-a79d-4b33-b71d-9547d6f10cd1_backupKeyCache.block, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_deb26157-a79d-4b33-b71d-9547d6f10cd1_backupKeyCache.tree, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_e4d964a6-c6ea-4e20-aa71-1dc73595d0f8_backupKeyCache.block, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_e4d964a6-c6ea-4e20-aa71-1dc73595d0f8_backupKeyCache.tree, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_f7cdfc98-3a0a-45ea-9450-9477d6052b06_backupKeyCache.block, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\keycache\_f7cdfc98-3a0a-45ea-9450-9477d6052b06_backupKeyCache.tree, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\x64\SQLite.Interop.dll, Delete-on-Reboot, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\x86\SQLite.Interop.dll, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\x86\System.Data.SQLite.dll, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Config\api.cred, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Config\api.ts2, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Database\mpcb_backup_conf.db, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Database\mpcb_backup_id.db, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Database\mpcb_file_cache.db, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Database\mpcb_queues.db, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Database\mpcb_resumable.db, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Database\mpcb_settings.db, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Database\mpcb_sig_cache.db, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Database\mpcb_version_queue.db, Quarantined, [2ea464e1c6c41c1a99a1edd47f8401ff],

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

 

 

 

 

MBAR:

 

MBAR System-Log:

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.3.9200 Windows 8.1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17690

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 8465113088, free: 6525399040

Downloaded database version: v2015.03.15.06
Downloaded database version: v2015.02.25.01
Downloaded database version: v2015.03.09.01
=======================================
Initializing...
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
=======================================
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
Initializing...
======================
------------ Kernel report ------------
     03/15/2015 22:08:26
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\epppecag.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\amdkmpfd.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\SmartDefragDriver.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\aswSnx.sys
\SystemRoot\system32\drivers\aswSP.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\aswRdr2.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\??\C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\ucx01000.sys
\SystemRoot\system32\DRIVERS\TeeDriverx64.sys
\SystemRoot\system32\DRIVERS\Rt630x64.sys
\SystemRoot\system32\DRIVERS\athw8x.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys
\SystemRoot\System32\drivers\DellRbtn.sys
\SystemRoot\System32\drivers\mshidkmdf.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\iwdbus.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\system32\DRIVERS\btfilter.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\System32\Drivers\RtsUVStor.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\BthLEEnum.sys
\SystemRoot\System32\drivers\rfcomm.sys
\SystemRoot\System32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\aswMonFlt.sys
\SystemRoot\system32\drivers\aswStm.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\aswHwid.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2015.03.15.06
  rootkit: v2015.02.25.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffe001931484d0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe00193147040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe001931484d0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffe00193265120, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe0019329d060, DeviceName: \Device\0000001a\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\1394ohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipagr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpipagr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpipmi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpitime.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpitime.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\AGP440.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\amdk8.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\amdppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\i8042prt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\i8042prt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\intelppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kbdclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdhid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kbdhid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kdnic.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kdnic.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BasicDisplay.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BasicDisplay.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BasicRender.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BasicRender.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\battc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BtaMPM.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthhfenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthhfenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthhfHid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthLEEnum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthLEEnum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthmodem.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthmodem.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthpan.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthpan.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\errdev.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\fdc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\flpydisk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\monitor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mouclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouhid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mouhid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mssmbios.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\MTConfig.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ataport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msiscsi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sbp2port.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\npsvctrig.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\npsvctrig.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\parport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\portcls.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\processr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rdpbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\stornvme.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\swenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\terminpt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\tpm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\TsUsbGD.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\uaspstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\UCX01000.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\uefi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\umbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\umpass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbccgp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbcir.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbd.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbehci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbehci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbhub.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbhub.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBHUB3.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbohci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbprint.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBSTOR.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbuhci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbuhci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbvideo.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbvideo.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBXHCI.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vdrvroot.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vhdmp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\volmgr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vwifibus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\fxppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\HdAudio.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\HdAudio.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidbatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidi2c.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidparse.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sdstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\serenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\serial.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sermouse.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sermouse.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sfloppy.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\spaceport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\spaceport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\cdrom.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\circlass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\CmBatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\CompositeBus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\CompositeBus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\disk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\drmk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\drmk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\drmkaud.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\drmkaud.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msgpiowin32.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msgpiowin32.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msisadrv.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\winusb.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\winusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wmiacpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atapi.sys" is compressed (flags = 1)
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 8A4A6D37

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 174248313
    GPT Header CurrentLba = 1 BackupLba 1953525167
    GPT Header FirstUsableLba 34  LastUsableLba 1953525134
    GPT Header Guid 1a598290-6f83-46df-bb17-253e7fdf8134
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 174248313
    Backup GPT header CurrentLba = 1953525167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 1953525134
    Backup GPT header Guid 1a598290-6f83-46df-bb17-253e7fdf8134
    Backup GPT header Contains 128 partition entries starting at LBA 1953525135
    Backup GPT header Partition entry size = 128

    Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID b8668055-2cd5-4a48-a8b2-9b24553767b1
    FirstLBA 2048  Last LBA 1026047
    Attributes 0
    Partition Name                 EFI system partition

    GPT Partition 0 is bootable
    Partition 1 Type 796badd3-6bbf-4d9f-b631-466eb71a4965
    Partition ID 26651f6a-9765-4138-b85b-a45d52aaeb2
    FirstLBA 1026048  Last LBA 1107967
    Attributes 1
    Partition Name                 Basic data partition

    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID a3be9e31-f5d4-4545-b9cc-eafb0f465e
    FirstLBA 1107968  Last LBA 1370111
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 3 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 8b7ab270-7d1-4070-9e72-f3e8e9a1c1f
    FirstLBA 1370112  Last LBA 2373631
    Attributes 1
    Partition Name                 Basic data partition

    Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID ebe73d1f-3dda-4eab-b2fd-6ef08f792e8
    FirstLBA 2373632  Last LBA 1925748735
    Attributes 0
    Partition Name                 Basic data partition

    Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 3324841c-fbcb-4cd4-9d63-ab63bcf5d82b
    FirstLBA 1925748736  Last LBA 1926670335
    Attributes 1
    Partition Name                                     

    Partition 6 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 3c79bc9b-863a-40b1-9ee3-87b86a322814
    FirstLBA 1926670336  Last LBA 1927591935
    Attributes 1
    Partition Name                                     

    Partition 7 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID a910e407-a2a9-4b51-821a-5e3a2941137
    FirstLBA 1927591936  Last LBA 1953523119
    Attributes 1
    Partition Name         Microsoft recovery partition

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 

 

 

 

MBAR mbar-log-2015-03-15:

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.03.15.06
  rootkit: v2015.02.25.01

Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.17690
BARATABARATABARATA :: BARATA [administrator]

3/15/2015 10:08:34 PM
mbar-log-2015-03-15 (22-08-34).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 389405
Time elapsed: 26 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

 

 

Rkill:

Rkill 2.7.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/15/2015 10:40:23 PM in x64 mode.
Windows Version: Windows 8.1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 



#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:09 PM

Posted 15 March 2015 - 10:21 PM

p22002970.gif Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

p22002970.gif Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


p22002970.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


p22002970.gif Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#7 fressato

fressato
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brazil
  • Local time:11:09 PM

Posted 16 March 2015 - 10:02 AM

Temp File Cleaner cleared nothing.

 

AdwCleaner:

# AdwCleaner v4.112 - Logfile created 16/03/2015 at 09:26:08
# Updated 09/03/2015 by Xplode
# Database : 2015-03-15.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : BARATABARATABARATA - BARATA
# Running from : C:\Users\BARATABARATABARATA\Downloads\adwcleaner_4.112.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\focusbase
Folder Deleted : C:\Program Files (x86)\Optimizer Pro
Folder Deleted : C:\Users\BARATABARATABARATA\AppData\Roaming\Systweak
Folder Deleted : C:\Users\BARATABARATABARATA\Documents\Optimizer Pro
File Deleted : C:\WINDOWS\System32\roboot64.exe
File Deleted : C:\Users\BARATABARATABARATA\AppData\Roaming\LiveSupport.exe_log.txt
File Deleted : C:\Users\BARATABARATABARATA\AppData\Roaming\regsvr32.exe_log.txt
File Deleted : C:\Users\BARATABARATABARATA\Desktop\Sync Folder.lnk
File Deleted : C:\Users\BARATABARATABARATA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
File Deleted : C:\Users\BARATABARATABARATA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage

***** [ Scheduled tasks ] *****

Task Deleted : LaunchApp

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v36.0.1 (x86 pt-BR)


-\\ Google Chrome v41.0.2272.89


*************************

AdwCleaner[R0].txt - [2825 bytes] - [16/03/2015 09:24:54]
AdwCleaner[S0].txt - [2713 bytes] - [16/03/2015 09:26:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2772  bytes] ##########

 

Junkware Removal Tool:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows 8.1 x64
Ran by BARATABARATABARATA on Mon 03/16/2015 at  9:36:59.04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\WINDOWS\prefetch\DRIVERUPDATEUI.EXE-DB70E5FC.pf



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\pcdr"
Successfully deleted: [Folder] "C:\Users\BARATABARATABARATA\AppData\Roaming\pcdr"
Successfully deleted: [Folder] "C:\Users\BARATABARATABARATA\appdata\locallow\pcdr"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 03/16/2015 at  9:40:09.76
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

Sophos also found nothing wrong!



#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:09 PM

Posted 16 March 2015 - 08:35 PM

How is computer doing?

 

Update your Java version here: http://www.java.com/en/download/manual.jsp
Alternate download: http://www.filehippo.com/search?q=java

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#9 fressato

fressato
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brazil
  • Local time:11:09 PM

Posted 16 March 2015 - 11:15 PM

Java updated (both 32 and 64)! I restarted the computer and the same window still pops up!



#10 fressato

fressato
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brazil
  • Local time:11:09 PM

Posted 17 March 2015 - 01:37 PM

What should I do next?

 

Thank you!!



#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:09 PM

Posted 17 March 2015 - 06:56 PM

Go Start>Run (Start Search in Vista/7), type in:
msconfig
Click OK (hit Enter in Vista/7).
Windows 8/8.1 users. Press Windows logo key aa922834-ed43-40f1-8830-d5507badb56c_91. and start typing the following:
msconfig
Press Enter.

Click on Startup tab.
Click Disable all
IMPORTANT! In case of laptop, make sure, you do NOT disable any keyboard, or touchpad entries.

Click Services tab.
Put checkmark in Hide all Microsoft services
Click Disable all.

Click OK.
Restart computer in Normal Mode.

NOTE. If you use different firewall, than Windows firewall, turn Windows firewall on, just for this test, since your regular firewall won't be running.
If you use Windows firewall, you're fine.

Same problem?


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#12 fressato

fressato
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brazil
  • Local time:11:09 PM

Posted 17 March 2015 - 09:55 PM

This time the windows didn't pop up when I restarted! Im attaching pics from the startup tab aswell.



#13 fressato

fressato
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brazil
  • Local time:11:09 PM

Posted 17 March 2015 - 10:01 PM

https://www.dropbox.com/s/tsvh66jgrc7zdis/3.png?dl=0

https://www.dropbox.com/s/kq9lxvgpsnfst5n/4.png?dl=0



#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:09 PM

Posted 17 March 2015 - 10:13 PM

Now you have to investigate.

Go back to "msconfig" and start re-enabling startups and services you previously disabled but only one by one restarting computer each time until you find the culprit.


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users