Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hijack logs - windows explorer and some other problems


  • This topic is locked This topic is locked
17 replies to this topic

#1 Mollag

Mollag

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 24 April 2015 - 03:30 AM

i've used some sh*t programs to change windows 7 theme and these sort of things for a few time and now i got some problems like windows explorer never opening if i close it, will send hijackthis logs and a print screen of that error. any help would be appreciated. thanks in advance.

 

explorer error : http://imgur.com/pER5X1v

 

hijackthis logs:

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 05:29:34, on 24/04/2015
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
C:\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
O23 - Service: Connectify - Connectify - C:\Program Files (x86)\Connectify\ConnectifyService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Integrated Clock Controller Service - Intel® ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Razer Game Scanner (Razer Game Scanner Service) - Unknown owner - C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: RzKLService - Razer Inc. - C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6283 bytes
 



BC AdBot (Login to Remove)

 


#2 Mollag

Mollag
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 26 April 2015 - 04:03 PM

help please



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,731 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:57 AM

Posted 29 April 2015 - 03:35 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/574239 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 Mollag

Mollag
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 03 May 2015 - 02:25 PM

i've found bitcoin miner and trojan with antivirus but i still having issues with explorer.exe. Will attach the new logs. thanks in advance.   Attached File  Addition.txt   40.48KB   1 downloads 
                 Attached File  FRST.txt   22.37KB   1 downloads

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2015
Ran by Caio (administrator) on BARÃO on 03-05-2015 16:19:04
Running from C:\Users\Caio\Downloads
Loaded Profiles: Caio (Available profiles: Caio & Convidado)
Platform: Windows 7 Ultimate (X64) OS Language: Português (Brasil)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Connectify) C:\Program Files (x86)\Connectify\ConnectifyService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\main.exe
(Connectify) C:\Program Files (x86)\Connectify\Connectifyd.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3987\Agent.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.5669\Battle.net.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13213840 2012-10-26] (Realtek Semiconductor)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3723728 2015-03-25] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5511352 2015-03-18] (Avast Software s.r.o.)
HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe [98256 2015-03-12] (Razer Inc.)
HKU\S-1-5-21-1689685332-202345006-199689843-1000\...\MountPoints2: {2ccb3fc2-5040-11e4-b76d-902b34ff3d61} - G:\SETUP.EXE
HKU\S-1-5-21-1689685332-202345006-199689843-1000\...\MountPoints2: {d8b1e860-6750-11e4-81ed-026cdb1d2e89} - F:\LGAutoRun.exe
HKU\S-1-5-21-1689685332-202345006-199689843-1000\...\Winlogon: [Shell] C:\Windows\expstart.exe [925184 2014-12-13] () <==== ATTENTION
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-03-12] (Avast Software s.r.o.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1689685332-202345006-199689843-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKU\S-1-5-21-1689685332-202345006-199689843-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pt-br/?ocid=iehp
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-03-12] (Avast Software s.r.o.)
Toolbar: HKU\S-1-5-21-1689685332-202345006-199689843-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-11-13] (Google Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://active.macromedia.com/flash4/cabs/swflash.cab
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.100.100

FireFox:
========
FF ProfilePath: C:\Users\Caio\AppData\Roaming\Mozilla\Firefox\Profiles\1uul1p4t.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Caio\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-12-23] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-13] (Google Inc.)
FF user.js: detected! => C:\Users\Caio\AppData\Roaming\Mozilla\Firefox\Profiles\1uul1p4t.default\user.js [2015-03-12]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\buscape.xml [2014-11-11]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolivre.xml [2014-11-11]
FF Extension: Adblock Plus - C:\Users\Caio\AppData\Roaming\Mozilla\Firefox\Profiles\1uul1p4t.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-13]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-03-12]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CHR Profile: C:\Users\Caio\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Free Slots) - C:\Users\Caio\AppData\Local\Google\Chrome\User Data\Default\Extensions\gncgkjfgbkncmgekiidabkngldhokoio [2014-12-13]
CHR Extension: (clickit) - C:\ProgramData\honhnicaeaclhjepfnakiiemcgdcfgbk\ []
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-03-12] (Avast Software s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3416016 2015-03-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [309232 2015-03-25] (AVG Technologies CZ, s.r.o.)
R2 Connectify; C:\Program Files (x86)\Connectify\ConnectifyService.exe [487936 2014-12-26] (Connectify) [File not signed]
S3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-07] (Electronic Arts)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-03-10] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [129168 2015-03-12] (Razer Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-17] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.2; C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver2.sys [57512 2012-09-24] (Advanced Micro Devices)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-03-12] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-03-12] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-03-12] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-03-12] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-03-12] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [441728 2015-03-12] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-03-12] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [268640 2015-03-12] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [281056 2015-03-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [341472 2015-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [133088 2015-02-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [284128 2015-02-25] (AVG Technologies CZ, s.r.o.)
R1 cnnctfy3; C:\Windows\System32\DRIVERS\cnnctfy3.sys [42152 2014-12-30] (Connectify)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-10] (Disc Soft Ltd)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2015-01-24] ()
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-03-10] (Razer, Inc.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2015-03-12] ()
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-03 16:19 - 2015-05-03 16:19 - 00013537 _____ () C:\Users\Caio\Downloads\FRST.txt
2015-05-03 16:16 - 2015-05-03 16:19 - 00000000 ____D () C:\FRST
2015-05-03 16:15 - 2015-05-03 16:16 - 02101248 _____ (Farbar) C:\Users\Caio\Downloads\FRST64.exe
2015-05-03 16:01 - 2015-05-03 16:01 - 00018709 _____ () C:\Users\Caio\Desktop\ZA-Scan.txt
2015-05-03 16:00 - 2015-05-03 16:00 - 00018706 _____ () C:\ZA-Scan.txt
2015-05-03 16:00 - 2015-05-03 15:55 - 00018756 _____ () C:\zoek-results2015-05-03-185519.log
2015-05-03 15:54 - 2015-05-03 15:52 - 00019400 _____ () C:\zoek-results2015-05-03-185201.log
2015-05-03 15:47 - 2015-05-03 15:47 - 00000000 ____D () C:\zoek_backup
2015-05-03 15:46 - 2015-05-03 15:46 - 01365504 _____ () C:\Users\Caio\Desktop\ZA-Scan.exe
2015-04-27 05:00 - 2015-04-29 03:17 - 00000000 ____D () C:\Users\Caio\Desktop\Documents\Heroes of the Storm
2015-04-26 20:58 - 2015-04-26 20:58 - 00001189 _____ () C:\Users\Public\Desktop\Heroes of the Storm.lnk
2015-04-26 20:58 - 2015-04-26 20:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2015-04-26 19:27 - 2015-05-03 02:28 - 00000000 ____D () C:\Program Files (x86)\Heroes of the Storm
2015-04-23 20:11 - 2015-05-03 15:40 - 00000000 ____D () C:\HijackThis
2015-04-23 19:48 - 2015-04-23 19:48 - 00000000 ____D () C:\Users\Caio\AppData\Local\Razer_Inc
2015-04-23 19:47 - 2015-04-23 19:47 - 00000000 ____D () C:\Users\Caio\Desktop\Documents\Razer
2015-04-23 19:46 - 2015-04-23 19:46 - 00001252 _____ () C:\Users\Public\Desktop\Razer Cortex.lnk
2015-04-23 19:46 - 2015-04-23 19:46 - 00000000 ____D () C:\Users\Caio\AppData\Local\Razer
2015-04-23 19:46 - 2015-04-23 19:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2015-04-23 19:45 - 2015-04-23 19:46 - 00000000 ____D () C:\Users\Todos os Usuários\Razer
2015-04-23 19:45 - 2015-04-23 19:46 - 00000000 ____D () C:\ProgramData\Razer
2015-04-23 19:45 - 2015-04-23 19:46 - 00000000 ____D () C:\Program Files (x86)\Razer
2015-04-23 19:45 - 2015-03-10 15:18 - 00037184 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpmgrk.sys
2015-04-23 19:33 - 2015-04-23 19:38 - 22768704 _____ (Razer Inc. ) C:\Users\Caio\Downloads\RazerCortexSetup_5.4.15.0.exe
2015-04-23 19:30 - 2015-04-24 18:31 - 00000069 _____ () C:\Users\Caio\Desktop\settings.sav
2015-04-23 19:29 - 2015-04-23 19:29 - 00014037 _____ () C:\Users\Caio\Downloads\laa_2_0_4.zip
2015-04-23 19:29 - 2010-03-21 23:18 - 00041984 _____ (Lee 'FordGT90Concept' Glasser) C:\Users\Caio\Desktop\Large Address Aware.exe
2015-04-23 19:27 - 2015-04-23 19:27 - 00000000 ____D () C:\Users\Caio\Desktop\Leatrix
2015-04-23 18:59 - 2015-04-23 18:59 - 04956875 _____ () C:\Users\Caio\Downloads\Leatrix_Latency_Fix_3.00.zip
2015-04-22 17:08 - 2015-04-22 17:08 - 00064328 _____ () C:\Users\Caio\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-22 17:05 - 2015-05-03 15:19 - 00002464 _____ () C:\Windows\setupact.log
2015-04-22 17:05 - 2015-04-22 17:05 - 00297880 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-22 17:05 - 2015-04-22 17:05 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-22 04:46 - 2015-04-22 04:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-19 15:36 - 2015-04-19 15:41 - 36340384 _____ () C:\Users\Caio\Desktop\Meus Filmes.mdx
2015-04-19 15:33 - 2015-04-19 15:41 - 85828344 _____ (Nero AG) C:\Users\Caio\Downloads\Nero_BurningROM2015_setup-16.0.02000_3p_trial.exe
2015-04-07 18:57 - 2015-04-07 18:58 - 03081784 _____ (Blizzard Entertainment) C:\Users\Caio\Downloads\Heroes-of-the-Storm-Setup-ptBR.exe
2015-04-07 04:57 - 2015-04-07 05:08 - 111145672 _____ (Oracle Corporation) C:\Users\Caio\Downloads\VirtualBox-4.3.26-98988-Win.exe
2015-04-05 13:54 - 2015-04-13 18:59 - 00000000 ____D () C:\Users\Caio\Desktop\Documents\StarCraft II
2015-04-05 13:54 - 2015-04-05 13:54 - 00001093 _____ () C:\Users\Public\Desktop\StarCraft II.lnk
2015-04-05 13:54 - 2015-04-05 13:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2015-04-05 13:51 - 2015-04-06 02:03 - 00000000 ____D () C:\Program Files (x86)\StarCraft II

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-03 16:18 - 2014-11-07 02:53 - 00000000 ____D () C:\Users\Caio\AppData\Local\Battle.net
2015-05-03 16:01 - 2014-10-12 03:33 - 00000902 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-03 15:56 - 2014-11-12 13:44 - 00001070 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-03 15:46 - 2014-12-13 13:57 - 00000000 ____D () C:\Users\Todos os Usuários\MFAData
2015-05-03 15:46 - 2014-12-13 13:57 - 00000000 ____D () C:\ProgramData\MFAData
2015-05-03 15:30 - 2009-07-14 01:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-03 15:30 - 2009-07-14 01:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-03 15:25 - 2014-10-09 23:55 - 01739000 _____ () C:\Windows\WindowsUpdate.log
2015-05-03 15:19 - 2014-11-12 13:44 - 00001066 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-03 15:19 - 2009-07-14 02:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-27 16:50 - 2015-03-12 02:44 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-04-27 05:01 - 2014-11-07 02:53 - 00000000 ____D () C:\Users\Todos os Usuários\Blizzard Entertainment
2015-04-27 05:01 - 2014-11-07 02:53 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2015-04-25 13:20 - 2009-07-14 00:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-23 20:13 - 2014-10-09 23:54 - 00000000 ____D () C:\Users\Caio\AppData\Local\VirtualStore
2015-04-22 17:05 - 2014-10-10 01:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-22 05:20 - 2015-03-11 01:54 - 00000000 ____D () C:\Users\Caio\AppData\Roaming\TeamViewer
2015-04-22 05:20 - 2014-10-10 02:52 - 00000000 ____D () C:\Users\Caio\AppData\Roaming\DAEMON Tools Lite
2015-04-22 05:19 - 2014-11-12 15:51 - 00000000 ____D () C:\Users\Caio\AppData\Local\CrashDumps
2015-04-22 05:19 - 2014-10-26 01:24 - 00000000 ____D () C:\Windows\Minidump
2015-04-20 15:14 - 2014-11-15 23:51 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2015-04-19 05:14 - 2014-10-12 15:49 - 00000000 ____D () C:\Users\Caio\AppData\Roaming\Skype
2015-04-17 14:39 - 2014-12-13 17:53 - 00000000 ____D () C:\Program Files (x86)\AVG
2015-04-17 12:55 - 2014-12-13 14:31 - 00000000 ____D () C:\Program Files (x86)\RocketDock
2015-04-15 18:06 - 2014-10-12 03:33 - 00003840 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-15 18:05 - 2014-10-11 23:12 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-15 18:05 - 2014-10-11 23:12 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-14 17:23 - 2014-11-07 03:24 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2015-04-13 15:04 - 2015-04-01 17:29 - 00000070 _____ () C:\Users\Caio\Desktop\lol.txt
2015-04-12 02:45 - 2015-03-12 02:45 - 00000000 ____D () C:\Windows\System32\Tasks\AVAST Software
2015-04-07 04:29 - 2014-11-25 20:46 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2015-04-06 23:31 - 2014-11-07 02:53 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-04-03 01:26 - 2014-10-24 01:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Voobly
2015-04-03 01:26 - 2014-10-24 01:45 - 00000000 ____D () C:\Program Files (x86)\Voobly

==================== Files in the root of some directories =======

2014-11-01 15:11 - 2014-11-01 15:11 - 0285478 ____H () C:\Program Files\569084471418571142779919224811710121830587.ico
2014-11-01 15:11 - 2014-11-01 15:11 - 0285478 ____H () C:\Program Files (x86)\44873372144719116123611015199532141106218.ico
2014-11-29 02:52 - 2010-07-01 22:24 - 0035048 _____ () C:\Users\Caio\AppData\Roaming\UserOrb.bmp

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-25 13:38

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-05-2015
Ran by Caio at 2015-05-03 16:19:48
Running from C:\Users\Caio\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-1689685332-202345006-199689843-500 - Administrator - Disabled)
Caio (S-1-5-21-1689685332-202345006-199689843-1000 - Administrator - Enabled) => C:\Users\Caio
Convidado (S-1-5-21-1689685332-202345006-199689843-501 - Limited - Disabled) => C:\Users\Convidado

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.30 - GIGABYTE)
µTorrent (HKU\S-1-5-21-1689685332-202345006-199689843-1000\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Age of Mythology Gold (HKLM-x32\...\Age of Mythology Expansion Pack 1.0) (Version: 1.0 - Microsoft)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AutoGreen B12.1220.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
AutoGreen B12.1220.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2214 - AVAST Software)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5863 - AVG Technologies)
AVG 2015 (Version: 15.0.4339 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5863 - AVG Technologies) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
CodeBlocks (HKU\S-1-5-21-1689685332-202345006-199689843-1000\...\CodeBlocks) (Version: 13.12 - The Code::Blocks Team)
Connectify (HKLM\...\Connectify) (Version: 9.3.1.33921 - Connectify)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Easy Tune 6 B13.0125.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B13.0125.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Folder Colorizer version 1.3.3 (HKLM\...\{A133E9CD-2879-4F30-87D4-1604AFD5C5CC}_is1) (Version: 1.3.3 - Softorino)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
LOOT (HKLM-x32\...\LOOT) (Version: 0.6.0 - LOOT Development Team)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Português do Brasil) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1046) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Word 2010 (HKLM\...\Office14.WORD) (Version: 14.0.4763.1000 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 pt-BR)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.52.3 - Black Tree Gaming)
ON_OFF Charge B12.1025.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Origin (HKLM-x32\...\Origin) (Version: 9.5.1.571 - Electronic Arts, Inc.)
RaidCall (HKLM-x32\...\RaidCall) (Version: 9.0.4-1.0.2688.511 - raidcall.com.br)
Raptr (HKLM-x32\...\Raptr) (Version: - )
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 5.4.15.0 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.88.617.2014 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6650 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6767 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.107 - Skype Technologies S.A.)
Sleeping Dogs + DLC v1.8.432268 / RePack by Baracuda (HKLM-x32\...\Sleeping Dogs + DLC_is1) (Version: - )
Sleeping Dogs Limited Edition 1.8 version SKIDROW (HKLM-x32\...\{249B8B8F-C49D-4E92-8795-35FDFDE748D9}}_is1) (Version: SKIDROW - © Square Enix)
SlimDrivers (HKLM-x32\...\{A5457401-D56A-43F2-9524-78E54A7FC07A}) (Version: 2.2.32705 - SlimWare Utilities, Inc.)
Spotify (HKU\S-1-5-21-1689685332-202345006-199689843-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-1689685332-202345006-199689843-1000\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.39052 - TeamViewer)
TP-LINK TL-WN721N_TL-WN722N Driver (HKLM-x32\...\{86A7EED0-02D0-4D91-8183-8D2F23F5E6AE}) (Version: 1.3.1 - TP-LINK)
Tukui Client (HKLM-x32\...\{BAD6EBBD-A6A9-41C9-898A-8C868A552E4C}) (Version: 2.4.6 - Tukui)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Voobly (HKLM-x32\...\Voobly_is1) (Version: Voobly - Voobly)
WinRAR 5.20 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.1 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

14-04-2015 15:01:40 Ponto de Verificação Agendado
17-04-2015 12:51:18 Removido AVG PC TuneUp 2014
17-04-2015 12:52:43 Removido AVG PC TuneUp 2014 (pt-BR)
25-04-2015 13:45:44 Ponto de Verificação Agendado

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 23:34 - 2015-03-16 12:43 - 00000826 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {30AB5E7B-4BD7-4935-83DA-0CBE58AEFC74} - System32\Tasks\{8886FD98-A102-4D9A-9CCE-A2CE7DBDBE53} => C:\Riot Games\League of Legends\lol.launcher.admin.exe [2014-01-21] ()
Task: {33EA796B-2C42-4ED6-92F0-356A95A49D17} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {427C1C42-B8E7-4C18-A6A7-F0C7A9383795} - System32\Tasks\{EE1C5873-8210-44E5-A5B6-A8E8FB9A04E1} => pcalua.exe -a C:\Users\Caio\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe -c /uninstall
Task: {455939B3-7584-41B5-B471-45E7300626FD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {90C0DBE5-0269-4EDE-A0E0-A6FC215CA25A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-03-12] (Avast Software s.r.o.)
Task: {AC4F56B1-0260-4B68-A73F-6D73E8B698D5} - System32\Tasks\SlimDrivers Startup => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe [2013-09-24] (SlimWare Utilities, Inc.)
Task: {ACA8F3BA-7AD6-42F7-9C16-2F55617E7556} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {BDD09928-0A5B-4784-926A-E08AFF8B8053} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-13] (Google Inc.)
Task: {EB87D0F0-6C1F-4ECD-A5F8-8FC10B62BE8B} - System32\Tasks\saf => C:\Windows\System32\shutdown.exe [2009-07-13] (Microsoft Corporation)
Task: {ECBDE7F1-09CC-4751-BA53-E2AB5DB960F1} - System32\Tasks\{6834C5D2-C874-4593-8888-539480255969} => pcalua.exe -a C:\Users\Caio\Downloads\Programs\GameRangerSetup.exe -d C:\Users\Caio\AppData\Roaming\IDM
Task: {EF67BD61-D001-44B6-98B7-E037CBD6C980} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1689685332-202345006-199689843-1000
Task: {FEB22EA4-3A74-4CF3-9F2C-70DA9F737B77} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-13] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SlimDrivers Startup.job => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe

==================== Loaded Modules (whitelisted) ==============

2014-11-20 22:23 - 2014-11-20 22:23 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2015-03-10 15:20 - 2015-03-10 15:20 - 00187072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2015-03-12 02:39 - 2015-03-12 02:39 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-03-12 02:39 - 2015-03-12 02:39 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-05-02 19:12 - 2015-05-02 19:12 - 02926592 _____ () C:\Program Files\AVAST Software\Avast\defs\15050202\algo.dll
2015-05-03 15:21 - 2015-05-03 15:21 - 02926592 _____ () C:\Program Files\AVAST Software\Avast\defs\15050300\algo.dll
2015-05-03 16:19 - 2015-05-03 16:19 - 02926592 _____ () C:\Program Files\AVAST Software\Avast\defs\15050301\algo.dll
2015-03-12 02:40 - 2015-03-12 02:40 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-12-30 21:52 - 2014-12-26 13:17 - 00378104 _____ () C:\Program Files (x86)\Connectify\NativeLibrary.dll
2014-12-30 21:52 - 2014-12-26 13:17 - 00713976 _____ () C:\Program Files (x86)\Connectify\log4cplus.dll
2015-04-23 19:46 - 2015-03-12 13:04 - 00264192 _____ () C:\Program Files (x86)\Razer\Razer Cortex\D3DX8Wrapper.dll
2014-12-30 21:52 - 2014-12-26 13:17 - 03566328 _____ () C:\Program Files (x86)\Connectify\ConnectifyNAT.dll
2014-12-30 21:52 - 2014-12-26 13:17 - 00354040 _____ () C:\Program Files (x86)\Connectify\LibDispatch.dll
2015-03-12 02:40 - 2015-03-12 02:40 - 01359872 _____ () C:\Program Files\AVAST Software\Avast\libglesv2.dll
2015-03-12 02:40 - 2015-03-12 02:40 - 00212992 _____ () C:\Program Files\AVAST Software\Avast\libegl.dll
2015-04-15 18:05 - 2015-04-15 18:05 - 16863920 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll
2015-04-06 21:51 - 2015-04-06 21:51 - 26065408 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5669\libcef.dll
2015-04-06 21:51 - 2015-04-06 21:51 - 00739840 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5669\libGLESv2.dll
2015-04-06 21:51 - 2015-04-06 21:51 - 00908288 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5669\platforms\qwindows.dll
2015-04-06 21:51 - 2015-04-06 21:51 - 00130048 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5669\libEGL.dll
2015-04-06 21:51 - 2015-04-06 21:51 - 00020992 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5669\imageformats\qgif.dll
2015-04-06 21:51 - 2015-04-06 21:51 - 00021504 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5669\imageformats\qico.dll
2015-04-06 21:51 - 2015-04-06 21:51 - 00205312 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5669\imageformats\qjpeg.dll
2015-04-06 21:51 - 2015-04-06 21:51 - 00225792 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5669\imageformats\qmng.dll
2015-04-06 21:51 - 2015-04-06 21:51 - 00015872 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5669\imageformats\qsvg.dll
2015-04-06 21:51 - 2015-04-06 21:51 - 00312832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5669\imageformats\qtiff.dll
2015-04-06 21:51 - 2015-04-06 21:51 - 00010240 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5669\qml\QtQuick.2\qtquick2plugin.dll
2015-04-06 21:51 - 2015-04-06 21:51 - 00054272 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5669\qml\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-04-06 21:51 - 2015-04-06 21:51 - 00010240 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5669\qml\QtQml\Models.2\modelsplugin.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1689685332-202345006-199689843-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Caio\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.100.100

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: AVG_UI => "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
MSCONFIG\startupreg: Connectify Dispatch => C:\Program Files (x86)\Connectify\DispatchUI.exe autorun
MSCONFIG\startupreg: Connectify Hotspot => C:\Program Files (x86)\Connectify\Connectify.exe autorun
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: IDMan => C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr\raptrstub.exe --startup
MSCONFIG\startupreg: Spotify => "C:\Users\Caio\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Caio\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: uTorrent => "C:\Users\Caio\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [{DCE298D8-C48E-4F09-BC31-34C611761BCA}] => (Allow) C:\Users\Caio\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{28CC0391-666D-4EAF-9F6D-0E5C732B4576}] => (Allow) C:\Users\Caio\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E17E213D-C778-4C7A-BA76-A4CE0CA557A7}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{E6F07335-DA51-4EA0-BC8C-491363437840}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{A76A49E1-7580-4D31-AADE-49C12F9331AA}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{56B1234E-B520-47EE-84BF-FB3B694BE5A9}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{3F225FE7-B67C-4694-8746-5D45EDBBD174}] => (Allow) D:\Steam\steamapps\Common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{97620066-C607-4E09-821F-1E92F7418069}] => (Allow) D:\Steam\steamapps\Common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{7BA6A56E-E3F3-454D-99EE-30F76639364F}] => (Allow) D:\Steam\steamapps\Common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{58DAB66B-14BE-4584-8E48-B0657024DF11}] => (Allow) D:\Steam\steamapps\Common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{6328D9D9-CA75-4C6B-8657-9B912462178B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{A2E6C722-434F-49E0-A56B-55BCE5EE8AB6}C:\users\caio\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\caio\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{A9785658-4DEB-48D8-A9FD-BEF288BD026D}C:\users\caio\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\caio\appdata\roaming\spotify\spotify.exe
FirewallRules: [{6CB74BD2-AE4C-4CAD-BBC4-9AA7D6912C11}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Mythology\aomx.exe
FirewallRules: [{5C183036-0ADC-48D7-8675-B6D7B3D36F53}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Mythology\aomx.exe
FirewallRules: [TCP Query User{0B678DF3-0C8D-4C6C-A79E-05902BD0A98F}C:\program files (x86)\voobly\voobly.exe] => (Allow) C:\program files (x86)\voobly\voobly.exe
FirewallRules: [UDP Query User{6355992B-ED5D-428C-B40D-EA390C16388D}C:\program files (x86)\voobly\voobly.exe] => (Allow) C:\program files (x86)\voobly\voobly.exe
FirewallRules: [TCP Query User{CE844711-751A-4F4E-9336-A0D11B9A7314}C:\program files (x86)\microsoft games\age of mythology\aomxnocd.exe] => (Allow) C:\program files (x86)\microsoft games\age of mythology\aomxnocd.exe
FirewallRules: [UDP Query User{F0501FD6-CE14-4B7E-AC2F-1D6665C37654}C:\program files (x86)\microsoft games\age of mythology\aomxnocd.exe] => (Allow) C:\program files (x86)\microsoft games\age of mythology\aomxnocd.exe
FirewallRules: [{340E8309-3004-473B-994A-0134DC7A3295}] => (Allow) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
FirewallRules: [{ECE5EA4A-9E7D-4A65-841C-DB58DCE79911}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{C350648C-EB0C-4FBF-94AA-1F611C001805}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{028CF266-9BA1-4744-803E-76DFCA85E79E}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{423E4765-1A8A-414F-9C71-310920217F39}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{8615658B-919B-49E5-9FA2-287D6EE5FD69}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{099F8E0B-1F74-458A-9C54-D17393D23996}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{C3FE0067-7C23-497B-B8C6-9899E3563BCA}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [TCP Query User{C5923684-4AF9-4E8B-83C8-E7D291756856}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{CCA3E9CC-4A0D-4F8D-ACC8-AFB24BA46C67}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{724EFC47-CD08-4AB3-ABC9-7E3F69C8D192}C:\program files (x86)\connectify\connectify.exe] => (Allow) C:\program files (x86)\connectify\connectify.exe
FirewallRules: [UDP Query User{BFCF8380-20DC-4D9C-B294-C279D055C0F1}C:\program files (x86)\connectify\connectify.exe] => (Allow) C:\program files (x86)\connectify\connectify.exe
FirewallRules: [{5B3BDB0A-AF1B-45EB-B828-A8F4B6179CAF}] => (Allow) C:\Program Files (x86)\Connectify\Connectify.exe
FirewallRules: [{5E4B9B5D-23A2-46D4-87B4-23C2DED6991E}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{AE8E1A80-7502-4EF2-9505-37876C97C970}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{9DED86B7-0AF3-4208-AF6F-AA1993A54D5A}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{AF799FC5-1F40-4EA1-BB39-41B20DFAFA22}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{27479218-F252-47BC-A62B-1ED28A6118FE}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{21D574E6-6531-4206-9015-E96C26A1F981}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{17CAAC8F-DEE1-4D4D-B503-55A9A955DD03}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{C524224A-4576-4D9E-BF6D-899677991F47}C:\users\caio\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\caio\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{0861FF71-BAC2-4B5F-870E-CC10CE0877D6}C:\users\caio\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\caio\appdata\roaming\spotify\spotify.exe
FirewallRules: [{4694B578-AD06-4509-8791-12B1CA50275E}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{75639DA8-D984-41D6-BAC1-CBA3DDDFE003}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{CD679BFD-608D-48AC-B4A9-1B905DC20574}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{FE026064-46CA-44FF-8BD6-9501400D8D55}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{943207F0-9ED6-4DDA-9304-E5ED57D9F422}] => (Allow) C:\Program Files (x86)\RaidCall.BR\raidcall.exe
FirewallRules: [{732C699A-B303-4E44-B995-9DA1D5A35989}] => (Allow) C:\Program Files (x86)\RaidCall.BR\raidcall.exe
FirewallRules: [{A3375636-522B-464D-BA2C-039E00DC8B0E}] => (Allow) C:\Program Files (x86)\RaidCall.BR\raidcall.exe
FirewallRules: [{949F8092-2B0D-4ECC-810C-655343635D29}] => (Allow) C:\Program Files (x86)\RaidCall.BR\raidcall.exe
FirewallRules: [TCP Query User{46AD8143-F646-451B-9C51-1F7981DF1279}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{8A4BA66E-8F59-4544-938D-2DB8053F4459}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{E94FCEDD-285A-4073-A434-46D66A8BE601}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{BF1752C9-0CB8-4709-8153-95D3BBEB4972}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{DF5529F2-BBD5-495E-8182-E4AD29871257}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{12ADA7AA-740C-4468-8403-1C39AA3588CC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{CBBC2595-BB57-415A-89F6-B2C15C68F553}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{5F9D6500-6CC5-4A34-AC51-7D40E3A2DC4C}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{F13CAA23-C99D-422A-B847-B4875030133D}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{A0DAB057-5D1C-4335-9DEC-9A9A581567A2}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{2E8F05F0-74F9-4563-B2A4-2C1FB7A5C660}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{BB3AFB3F-68D0-417F-ACCD-A7E89DEF4A31}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{C4B8CF64-9201-43FF-8C7E-EE626E8A89E9}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{E76137A1-E76A-40A7-9DD1-BC8FC4B6BAEC}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [TCP Query User{AF2272D6-8A2B-4840-9C2B-8299B60C83C3}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [UDP Query User{79518CE9-1E3A-442F-A50B-B80455BA84E4}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [TCP Query User{53C6FE7F-54CC-4868-9F6D-A00AFA543D9E}C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{84966704-CC9E-40DC-A0F2-EF44985F76C5}C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe

==================== Faulty Device Manager Devices =============

Name: AODDriver4.2.0
Description: AODDriver4.2.0
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AODDriver4.2.0
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/03/2015 03:43:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Falha na recuperação de atualização automática do certificado raiz de terceiros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3679CA35668772304D30A5FB873B0FA77BB70D54.crt> com erro: O servidor especificado não pode executar a operação solicitada.
.

Error: (05/03/2015 03:43:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Falha na recuperação de atualização automática do certificado raiz de terceiros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3679CA35668772304D30A5FB873B0FA77BB70D54.crt> com erro: Esta operação foi retornada porque o tempo limite expirou.
.

Error: (05/03/2015 03:46:10 AM) (Source: ConnectifySvc) (EventID: 0) (User: )
Description: ConnectifySvc error: 0Terminating ConnectifyD

Error: (04/30/2015 01:41:24 AM) (Source: ConnectifySvc) (EventID: 0) (User: )
Description: ConnectifySvc error: 6Failed to SetServiceStatus

Error: (04/24/2015 08:20:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: O programa Wow-64.exe versão 6.1.2.19865 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações.

ID de Processo: 1b4c

Hora de Início: 01d07ed60137b3bc

Hora de Término: 0

Caminho do Aplicativo: C:\Program Files (x86)\World of Warcraft\Wow-64.exe

Id do Relatório:

Error: (04/19/2015 08:50:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: plugin-container.exe, versão: 37.0.1.5570, carimbo de hora: 0x551e23ee
Nome do módulo de falhas: mozalloc.dll, versão: 37.0.1.5570, carimbo de hora: 0x551e1536
Código de exceção: 0x80000003
Deslocamento com falha: 0x00001aa1
Identificação do processo com falha: 0x14f4
Hora de início do aplicativo com falha: 0xplugin-container.exe0
Caminho do aplicativo com falha: plugin-container.exe1
FCaminho do módulo de falhas: plugin-container.exe2
Identificação do Relatório: plugin-container.exe3

Error: (04/19/2015 08:32:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: FlashPlayerPlugin_17_0_0_169.exe, versão: 17.0.0.169, carimbo de hora: 0x5529da64
Nome do módulo de falhas: unknown, versão: 0.0.0.0, carimbo de hora: 0x00000000
Código de exceção: 0xc0000005
Deslocamento com falha: 0x00000000
Identificação do processo com falha: 0xeec
Hora de início do aplicativo com falha: 0xFlashPlayerPlugin_17_0_0_169.exe0
Caminho do aplicativo com falha: FlashPlayerPlugin_17_0_0_169.exe1
FCaminho do módulo de falhas: FlashPlayerPlugin_17_0_0_169.exe2
Identificação do Relatório: FlashPlayerPlugin_17_0_0_169.exe3

Error: (04/18/2015 07:03:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: plugin-container.exe, versão: 37.0.1.5570, carimbo de hora: 0x551e23ee
Nome do módulo de falhas: mozalloc.dll, versão: 37.0.1.5570, carimbo de hora: 0x551e1536
Código de exceção: 0x80000003
Deslocamento com falha: 0x00001aa1
Identificação do processo com falha: 0x620
Hora de início do aplicativo com falha: 0xplugin-container.exe0
Caminho do aplicativo com falha: plugin-container.exe1
FCaminho do módulo de falhas: plugin-container.exe2
Identificação do Relatório: plugin-container.exe3

Error: (04/17/2015 01:45:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Falha na recuperação de atualização automática do certificado raiz de terceiros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/EE869387FFFD8349AB5AD14322588789A457B012.crt> com erro: Esta operação foi retornada porque o tempo limite expirou.
.

Error: (04/09/2015 07:22:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: rads_user_kernel.exe, versão: 0.0.0.0, carimbo de hora: 0x4e65c1ac
Nome do módulo de falhas: rads_user_kernel.exe, versão: 0.0.0.0, carimbo de hora: 0x4e65c1ac
Código de exceção: 0xc0000005
Deslocamento com falha: 0x000b8554
Identificação do processo com falha: 0x7f8
Hora de início do aplicativo com falha: 0xrads_user_kernel.exe0
Caminho do aplicativo com falha: rads_user_kernel.exe1
FCaminho do módulo de falhas: rads_user_kernel.exe2
Identificação do Relatório: rads_user_kernel.exe3


System errors:
=============
Error: (05/03/2015 03:24:41 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Serviço Windows Update suspenso ao iniciar.

Error: (05/03/2015 03:19:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço AODDriver4.2.0 devido ao seguinte erro:
%%3

Error: (05/02/2015 03:04:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço AODDriver4.2.0 devido ao seguinte erro:
%%3

Error: (05/01/2015 01:31:42 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Serviço Windows Update suspenso ao iniciar.

Error: (05/01/2015 01:26:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço AODDriver4.2.0 devido ao seguinte erro:
%%3

Error: (04/30/2015 02:00:58 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Serviço Windows Update suspenso ao iniciar.

Error: (04/30/2015 01:55:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço AODDriver4.2.0 devido ao seguinte erro:
%%3

Error: (04/29/2015 10:52:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço AODDriver4.2.0 devido ao seguinte erro:
%%3

Error: (04/29/2015 03:41:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço AODDriver4.2.0 devido ao seguinte erro:
%%3

Error: (04/29/2015 00:13:06 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Serviço Windows Update suspenso ao iniciar.


Microsoft Office Sessions:
=========================
Error: (05/03/2015 03:43:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3679CA35668772304D30A5FB873B0FA77BB70D54.crtO servidor especificado não pode executar a operação solicitada.

Error: (05/03/2015 03:43:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3679CA35668772304D30A5FB873B0FA77BB70D54.crtEsta operação foi retornada porque o tempo limite expirou.

Error: (05/03/2015 03:46:10 AM) (Source: ConnectifySvc) (EventID: 0) (User: )
Description: ConnectifySvc error: 0Terminating ConnectifyD

Error: (04/30/2015 01:41:24 AM) (Source: ConnectifySvc) (EventID: 0) (User: )
Description: ConnectifySvc error: 6Failed to SetServiceStatus

Error: (04/24/2015 08:20:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Wow-64.exe6.1.2.198651b4c01d07ed60137b3bc0C:\Program Files (x86)\World of Warcraft\Wow-64.exe

Error: (04/19/2015 08:50:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe37.0.1.5570551e23eemozalloc.dll37.0.1.5570551e15368000000300001aa114f401d07afb8ca7c5bbC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlle87f4a79-e6ee-11e4-ad4c-902b34ff3d61

Error: (04/19/2015 08:32:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_17_0_0_169.exe17.0.0.1695529da64unknown0.0.0.000000000c000000500000000eec01d07adb8fb62c0dC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exeunknown5bb145d8-e6ec-11e4-ad4c-902b34ff3d61

Error: (04/18/2015 07:03:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe37.0.1.5570551e23eemozalloc.dll37.0.1.5570551e15368000000300001aa162001d07a1965ee876dC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllb00bba0c-e616-11e4-bb93-902b34ff3d61

Error: (04/17/2015 01:45:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/EE869387FFFD8349AB5AD14322588789A457B012.crtEsta operação foi retornada porque o tempo limite expirou.

Error: (04/09/2015 07:22:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rads_user_kernel.exe0.0.0.04e65c1acrads_user_kernel.exe0.0.0.04e65c1acc0000005000b85547f801d07313b83e6944C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exeC:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exefa2fe96e-df06-11e4-9fac-902b34ff3d61


CodeIntegrity Errors:
===================================
Date: 2015-03-15 11:43:35.398
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-15 11:23:53.617
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-15 10:52:16.050
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-15 06:37:05.428
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-15 06:02:16.934
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-15 01:23:44.058
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-14 13:52:54.127
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-14 13:41:35.436
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-14 13:27:21.240
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-14 13:10:28.755
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD FX™-4300 Quad-Core Processor
Percentage of memory in use: 57%
Total physical RAM: 4093.55 MB
Available physical RAM: 1749.58 MB
Total Pagefile: 8185.26 MB
Available Pagefile: 5083.69 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:242.26 GB) (Free:103.23 GB) NTFS
Drive d: (Novo volume) (Fixed) (Total:223.41 GB) (Free:193.8 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 75F09D8C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=242.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=223.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Edited by Oh My!, 03 May 2015 - 07:55 PM.


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:57 AM

Posted 03 May 2015 - 08:05 PM

Greetings Mollag and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please move FRST.exe from your Downloads folder onto the Desktop.

Running from C:\Users\Caio\Downloads


Please consider and do this.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKU\S-1-5-21-1689685332-202345006-199689843-1000\...\Winlogon: [Shell] C:\Windows\expstart.exe [925184 2014-12-13] () <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
FF user.js: detected! => C:\Users\Caio\AppData\Roaming\Mozilla\Firefox\Profiles\1uul1p4t.default\user.js [2015-03-12]
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed youi will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • AdwCleaner log
  • Junkware log
  • System Summary Information
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#6 Mollag

Mollag
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 04 May 2015 - 02:14 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.6.7 (04.30.2015:1)
OS: Windows 7 Ultimate x64
Ran by Caio on 04/05/2015 at  4:00:00,07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\SlimDrivers Startup
Successfully deleted: [Task] C:\Windows\tasks\SlimDrivers Startup.job



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Caio\AppData\Roaming\mozilla\firefox\profiles\1uul1p4t.default\minidumps [49 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04/05/2015 at  4:03:41,16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 - update on system perfomance:

 

Its so much better and im so happy right now, few hours ago i was like "no hope for my computer" but now its so much better, even the windows orb is looking better. only one "problem" i have noticed is "documents" icon still with a 'padlock' in it. here a link where u can see that "error" : http://imgur.com/ZAJ50QI

Attached Files



#7 Mollag

Mollag
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 04 May 2015 - 02:16 AM

- Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-05-2015
Ran by Caio at 2015-05-04 03:36:33 Run:1
Running from C:\Users\Caio\Desktop
Loaded Profiles: Caio (Available profiles: Caio & Convidado)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-1689685332-202345006-199689843-1000\...\Winlogon: [Shell] C:\Windows\expstart.exe [925184 2014-12-13] () <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
FF user.js: detected! => C:\Users\Caio\AppData\Roaming\Mozilla\Firefox\Profiles\1uul1p4t.default\user.js [2015-03-12]
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
*****************

HKU\S-1-5-21-1689685332-202345006-199689843-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
C:\Users\Caio\AppData\Roaming\Mozilla\Firefox\Profiles\1uul1p4t.default\user.js => Moved successfully.
AODDriver4.2.0 => Service deleted successfully.

==== End of Fixlog 03:36:33 ====

- AdwCleaner log:
# AdwCleaner v4.202 - Relatório criado 04/05/2015 às 03:45:04
# Atualizado 23/04/2015 por Xplode
# Base de dados : 2015-05-02.1 [Servidor]
# Sistema operacional : Windows 7 Ultimate  (x64)
# Usuário : Caio - BARÃO
# Executando de : C:\Users\Caio\Desktop\adwcleaner_4.202.exe
# Opção : Limpar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****

[!] Pasta Excluído : C:\ProgramData\Trusted Publisher
[!] Pasta Excluído : C:\ProgramData\Innovative Solutions
[!] Pasta Excluído : C:\ProgramData\85763196be4242ff
[!] Pasta Excluído : C:\ProgramData\9616928577803141887
[!] Pasta Excluído : C:\Program Files (x86)\BuyNsave
[!] Pasta Excluído : C:\Program Files (x86)\BuyNsave
[!] Pasta Excluído : C:\Users\Caio\AppData\Local\Innovative Solutions
[!] Pasta Excluído : C:\ProgramData\lcifkgjabhgmegljoieeldgdmkpmgkpa

***** [ Tarefas agendadas ] *****


***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Apagado : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Chave Apagado : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Chave Apagado : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Chave Apagado : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Chave Apagado : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Chave Apagado : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}

***** [ Navegadores ] *****

-\\ Internet Explorer v8.0.7600.16385


-\\ Mozilla Firefox v37.0.2 (x86 pt-BR)

[1uul1p4t.default\prefs.js] - Linha Apagado : user_pref("extensions.63Fiksv3rtjfKQaO.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[1uul1p4t.default\prefs.js] - Linha Apagado : user_pref("extensions.FWsCqmADRfZ6U4ww.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[1uul1p4t.default\prefs.js] - Linha Apagado : user_pref("extensions.NIJyICQRuzCHxXuW.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[1uul1p4t.default\prefs.js] - Linha Apagado : user_pref("extensions.q76hF2sG0d1wPnih.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[vrwqauxa.default\prefs.js] - Linha Apagado : user_pref("extensions.63Fiksv3rtjfKQaO.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]

-\\ Google Chrome v39.0.2171.71

[C:\Users\Caio\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Apagado [Search Provider] : hxxp://br.ask.com/web?q={searchTerms}
[C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Apagado [Search Provider] : hxxp://br.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [3429 bytes] - [04/05/2015 03:43:38]
AdwCleaner[S0].txt - [3253 bytes] - [04/05/2015 03:45:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3312  bytes] ##########



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:57 AM

Posted 04 May 2015 - 08:52 AM

Sounds like we have made some progress, :thumbsup2:

Please do this.

===================================================

GrantPerms by Farbar

--------------------
  • Download GrantPerms for either 32 bit or 64 bit systems and save it to your desktop
  • Unzip the file and launch the program
  • Copy and paste the following in the edit box:

C:\Users\Caio\Documents

  • Click Unlock. When it is done click OK
  • Click List Permissions and copy/paste the results of the Perms.txt document in your reply
  • Check your access to the folder/file
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Perms.txt
  • Is your Documents folder unlocked?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#9 Mollag

Mollag
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 04 May 2015 - 04:44 PM

GrantPerms by Farbar
Ran by Caio (administrator) at 2015-05-04 18:35:32

===============================================
ERROR: Parsing the SD of <\\?\C:\Users\Caio\Documents> failed with: O sistema não pode encontrar o arquivo especificado.


Operating system error message: O sistema não pode encontrar o arquivo especificado.

================ End Of List ================

 

Is your Documents folder unlocked?

 

yes and no. in the desktop i can see it unlocked but it still locked here: http://imgur.com/uhNy5dv



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:57 AM

Posted 04 May 2015 - 06:19 PM

Please run GrantPerms with this.

===================================================

GrantPerms by Farbar

--------------------
  • Launch GrantPerms
  • Copy and paste the following in the edit box:

C:\Users\Caio\My Documents

  • Click Unlock. When it is done click OK
  • Click List Permissions and copy/paste the results of the Perms.txt document in your reply
  • Check your access to the folder/file
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Perms.txt
  • Is your Documents folder unlocked?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#11 Mollag

Mollag
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 04 May 2015 - 06:34 PM

GrantPerms by Farbar
Ran by Caio (administrator) at 2015-05-04 20:33:39

===============================================
ERROR: Parsing the SD of <\\?\C:\Users\Caio\My Documents> failed with: O sistema não pode encontrar o arquivo especificado.


Operating system error message: O sistema não pode encontrar o arquivo especificado.

================ End Of List ================

 

 

still locked.



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:57 AM

Posted 04 May 2015 - 06:46 PM

Sorry, the translation is throwing me off a bit.

I want you to run GrantPerms again. In the screen shot you provided there is a "Public" folder that is in Spanish. Please type that entire line in GrantPerms then Unlock it. See if that works.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#13 Mollag

Mollag
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 04 May 2015 - 11:31 PM

GrantPerms by Farbar
Ran by Caio (administrator) at 2015-05-05 01:30:31

===============================================
\\?\C:\Users\Public\Documents

   Owner: BUILTIN\Administradores

   DACL(NP)(AI):
   BUILTIN\Usuários   READ/EXECUTE   ALLOW   (CI)(OI)
   BUILTIN\Administradores   FULL   ALLOW   (CI)(OI)(I)
   PROPRIETÁRIO CRIADOR   FULL   ALLOW   (CI)(OI)(IO)(I)
   AUTORIDADE NT\SISTEMA   FULL   ALLOW   (CI)(OI)(I)
   AUTORIDADE NT\INTERATIVO   change+FILE_DELETE_CHILD   ALLOW   (CI)(OI)(I)
   AUTORIDADE NT\SERVIÇO   change+FILE_DELETE_CHILD   ALLOW   (CI)(OI)(I)
   AUTORIDADE NT\EM LOTES   change+FILE_DELETE_CHILD   ALLOW   (CI)(OI)(I)



================ End Of List ================

 

diferent return now but i still seeing a padlock in the folder exactly how it was in the screenshot



#14 Mollag

Mollag
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 05 May 2015 - 12:57 AM

and the language is portuguese because im brazlian. sorry abou that, it explain my bad (horrible) english too



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:57 AM

Posted 05 May 2015 - 01:27 PM

My fault on the language, Google told me it was Portuguese.

Please do this.

===================================================

Establishing Permissions on a Folder

--------------------
  • Right click on Start and select Open Windows Explorer
  • Navigate to and right click on C:\Users\Public\Documents
  • Select Properties
  • Select the Security Tab
  • Click the Advanced Button
  • Click the Change Permissions
  • Click Add...
  • Click Advanced
  • Click Find Now
  • Under Search results: Scroll thu the list and find Everyone
  • Left click on the entry then press OK 2 times
  • Under Permissions: place a checkmark in Full control - Allow
  • Press OK 2 times
  • Click Yes on the Windows Security screen
  • Press OK on any Error pop up screens
  • Once completed close any open windows, reboot your computer, and attempt to access the C:\Users\Public\Documents folder
===================================================

Things I would like to see in your next reply. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users