Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have some malware on my PC!


  • This topic is locked This topic is locked
2 replies to this topic

#1 felelo1

felelo1

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 23 May 2015 - 06:56 PM

Hey guys, I've always had malwares before, but MalwareBytes always solved the problem... but now its not working...
 
I have the following problems:
 
    Search Engine on Google Chrome has and administrator lock to it(it is in portuguese, but it is easy to understand...)
1_zpsu8hipzea.png
    There's a software called "MaxComputerCleanner" it is certainly a malware, it is not possible to uninstall it, and it keeps loading up an install wizard, that cannot be closed.
 
     And I've notice that since the problems begun, two days ago, I cannot use my keyboard on my bios, or to boot on safe mode, I had to get a PS/2 keyboard.
 
    I've downloaded Farbar, but I don't know how to write a fixlist, the log is down here, I'd be happy if anyone could help me with that!
 
    I do not know how to annex files here, so I'll just paste the log!
 
 
    Thanks very much!
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-05-2015 01
Ran by Felipe (administrator) on FELIPE_QUARTOPC on 23-05-2015 20:55:31
Running from C:\Users\Felipe\Desktop
Loaded Profiles: Felipe (Available Profiles: Felipe & Convidado)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Português (Brasil)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\System32\PnkBstrA.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(BitTorrent Inc.) C:\Users\Felipe\AppData\Roaming\uTorrent\uTorrent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Spotify Ltd) C:\Users\Felipe\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Felipe\AppData\Roaming\Spotify\Spotify.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
(Corsair Components Inc) D:\Arquivos de Programas\HeadsetControlPanel.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Spotify Ltd) C:\Users\Felipe\AppData\Roaming\Spotify\SpotifyCrashService.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(Spotify Ltd) C:\Users\Felipe\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Felipe\AppData\Roaming\Spotify\Spotify.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [CAHS1Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CAHS1.dll,CMICtrlWnd
HKLM-x32\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-03-13] (NVIDIA Corporation)
HKLM-x32\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [847160 2014-09-06] (GAS Tecnologia LTDA)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [BambooCore] => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [Corsair Headset Software] => D:\Arquivos de Programas\HeadsetControlPanel.exe [3161088 2013-08-16] (Corsair Components Inc)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\ GbPluginUni: C:\Program Files (x86)\GbPlugin\gbiehUni.dll [2014-08-12] (Banco Itaú Unibanco)
HKU\S-1-5-21-2453375784-368361852-872276595-1000\...\Run: [Facebook Update] => "C:\Users\Felipe\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-2453375784-368361852-872276595-1000\...\Run: [Steam] => D:\Arquivos de Programas\Steam\steam.exe [2888384 2015-05-14] (Valve Corporation)
HKU\S-1-5-21-2453375784-368361852-872276595-1000\...\Run: [Hoolapp Android] => "C:\Users\Felipe\AppData\Roaming\HOOLAP~1\Hoolapp.exe" /Minimized
HKU\S-1-5-21-2453375784-368361852-872276595-1000\...\Run: [Google Update] => "C:\Users\Felipe\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-2453375784-368361852-872276595-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2453375784-368361852-872276595-1000\...\Run: [uTorrent] => C:\Users\Felipe\AppData\Roaming\uTorrent\uTorrent.exe [1694560 2015-05-06] (BitTorrent Inc.)
HKU\S-1-5-21-2453375784-368361852-872276595-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-2453375784-368361852-872276595-1000\...\Run: [Spotify Web Helper] => C:\Users\Felipe\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2022968 2015-05-21] (Spotify Ltd)
HKU\S-1-5-21-2453375784-368361852-872276595-1000\...\Run: [Spotify] => C:\Users\Felipe\AppData\Roaming\Spotify\Spotify.exe [7298616 2015-05-21] (Spotify Ltd)
HKU\S-1-5-21-2453375784-368361852-872276595-1000\...\Run: [GoogleChromeAutoLaunch_3598036481B262A4AE210A3CE1B03E37] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-13] (Google Inc.)
HKU\S-1-5-21-2453375784-368361852-872276595-1000\...\MountPoints2: {26a7d919-c7de-11e3-b880-c860009bd907} - F:\Autorun.exe
AppInit_DLLs: C:\ProgramData\Fast And Safe\FastAndSafe_x64.dll => C:\ProgramData\Fast And Safe\FastAndSafe_x64.dll File not found
AppInit_DLLs-x32: c:\progra~2\wsbeb1~1.ena => "c:\progra~2\wsbeb1~1.ena" File not found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk [2013-09-08]
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
Startup: C:\Users\Felipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitorar alertas de tinta - HP Deskjet 2540 series.lnk [2014-09-11]
ShortcutTarget: Monitorar alertas de tinta - HP Deskjet 2540 series.lnk -> C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.navegaki.com/?bd=hp&oem=Cube&uid=CorsairXForceX3XSSD_12306504000013400145&version=2.3.0.8724&pid=414031160&tid=428
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.navegaki.com/?bd=hp&oem=Cube&uid=CorsairXForceX3XSSD_12306504000013400145&version=2.3.0.8724&pid=414031160&tid=428
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.navegaki.com/?bd=ds&oem=Cube&uid=CorsairXForceX3XSSD_12306504000013400145&version=2.3.0.8724&pid=414031160&tid=428&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://search.navegaki.com/?bd=ds&oem=Cube&uid=CorsairXForceX3XSSD_12306504000013400145&version=2.3.0.8724&pid=414031160&tid=428&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.navegaki.com/?bd=hp&oem=Cube&uid=CorsairXForceX3XSSD_12306504000013400145&version=2.3.0.8724&pid=414031160&tid=428
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.navegaki.com/?bd=hp&oem=Cube&uid=CorsairXForceX3XSSD_12306504000013400145&version=2.3.0.8724&pid=414031160&tid=428
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.navegaki.com/?bd=ds&oem=Cube&uid=CorsairXForceX3XSSD_12306504000013400145&version=2.3.0.8724&pid=414031160&tid=428&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.navegaki.com/?bd=ds&oem=Cube&uid=CorsairXForceX3XSSD_12306504000013400145&version=2.3.0.8724&pid=414031160&tid=428&q={searchTerms}
HKU\S-1-5-21-2453375784-368361852-872276595-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.navegaki.com/?bd=hp&oem=Cube&uid=CorsairXForceX3XSSD_12306504000013400145&version=2.3.0.8724&pid=414031160&tid=428
HKU\S-1-5-21-2453375784-368361852-872276595-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
HKU\S-1-5-21-2453375784-368361852-872276595-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.navegaki.com/?bd=hp&oem=Cube&uid=CorsairXForceX3XSSD_12306504000013400145&version=2.3.0.8724&pid=414031160&tid=428
SearchScopes: HKLM -> DefaultScope {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = 
SearchScopes: HKU\S-1-5-21-2453375784-368361852-872276595-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-04-05] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-05] (Oracle Corporation)
BHO: No Name -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} ->  No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-04-05] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\Program Files (x86)\GbPlugin\gbiehuni.dll [2014-08-12] (Banco Itaú Unibanco)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-05] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2012-10-02] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-10-02] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll [1760312 2014-08-12] (Banco Itaú Unibanco)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.15.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\78znarzo.default
FF DefaultSearchEngine: navegaki
FF SelectedSearchEngine: navegaki
FF Homepage: hxxp://www.navegaki.com/?bd=hp&oem=Cube&uid=CorsairXForceX3XSSD_12306504000013400145&version=2.3.0.8724&pid=414031160&tid=428
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-05] (Oracle Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll [2013-01-30] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-05] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll [2013-01-24] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-11-24] (Pando Networks)
FF Plugin-x32: @raidcall.br/RCplugin -> C:\Users\Felipe\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-05-26] (Raidcall)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Felipe\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-05-26] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2453375784-368361852-872276595-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Felipe\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin HKU\S-1-5-21-2453375784-368361852-872276595-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Felipe\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2453375784-368361852-872276595-1000: @talk.google.com/O1DPlugin -> C:\Users\Felipe\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2453375784-368361852-872276595-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Felipe\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2453375784-368361852-872276595-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Felipe\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2453375784-368361852-872276595-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Felipe\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-05-26] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2453375784-368361852-872276595-1000: gastecnologia.com.br/sf/uni -> C:\Users\Felipe\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll No File
FF Plugin HKU\S-1-5-21-2453375784-368361852-872276595-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-11-24] (Pando Networks)
FF Plugin HKU\S-1-5-21-2453375784-368361852-872276595-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-01-03] (The Happy Cloud)
FF Plugin HKU\S-1-5-21-2453375784-368361852-872276595-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-06-27] ()
FF Plugin HKU\S-1-5-21-2453375784-368361852-872276595-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF user.js: detected! => C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\78znarzo.default\user.js [2015-05-21]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Felipe\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Felipe\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\buscape.xml [2015-04-03]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolivre.xml [2015-04-03]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\navegaki.xml [2015-05-21]
FF Extension: mediaplayerconnectivity - C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\78znarzo.default\Extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6} [2015-04-08]
FF HKU\S-1-5-21-2453375784-368361852-872276595-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E8873}] - C:\Users\Felipe\AppData\Local\GAS Tecnologia\GBBD\uni\xpi
FF Extension: No Name - C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\78znarzo.default\extensions\searchffv2@gmail.com [not found]
FF Extension: No Name - C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\78znarzo.default\extensions\sweetsearch@gmail.com [not found]
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.navegaki.com/?bd=sc&oem=Cube&uid=CorsairXForceX3XSSD_12306504000013400145&version=2.3.0.8724&pid=414031160&tid=428
 
Chrome: 
=======
CHR Profile: C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-23]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-23]
CHR Extension: (Skype Click to Call) - C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-05-23]
CHR Extension: (Google Wallet) - C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-23]
CHR HKLM\...\Chrome\Extension: [dmibjfmphcpfoacbchialfobiohmhged] - C:\Users\Felipe\AppData\Roaming\PRINTA~1\printatreeChrome.crx [Not Found]
CHR HKU\S-1-5-21-2453375784-368361852-872276595-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dmibjfmphcpfoacbchialfobiohmhged] - C:\Users\Felipe\AppData\Roaming\PRINTA~1\printatreeChrome.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [bacmhbpcpggpejckjicbghlgdlhgelbc] - C:\Program Files (x86)\ZappAddon\chrome\ZappAddon.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dmibjfmphcpfoacbchialfobiohmhged] - C:\Users\Felipe\AppData\Roaming\PRINTA~1\printatreeChrome.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-10-02]
CHR HKLM-x32\...\Chrome\Extension: [obneapcmdojdbokehdkjfcebdllnlfpn] - C:\Users\Felipe\AppData\Roaming\1.crx [Not Found]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [441216 2015-05-08] ()
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-02-06] (BitRaider, LLC)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [174112 2014-10-31] (EasyAntiCheat Ltd)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2014-06-20] (Macrovision Europe Ltd.) []
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [546104 2014-09-29] (GAS Tecnologia)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-03-13] (NVIDIA Corporation)
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2012-10-18] () []
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-03-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-03-13] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1930608 2015-03-31] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-03-31] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2015-03-15] ()
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) []
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [847160 2014-09-06] (GAS Tecnologia LTDA)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.)
S2 1a34a8e0; "C:\Windows\system32\rundll32.exe" "c:\progra~2\WSSvc.dll",service
S4 DisplayFusionService; "C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-03] ()
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-08-30] (AVAST Software)
R1 Bfilter; C:\Windows\System32\drivers\Bfilter.sys [52032 2013-11-29] (Baidu, Inc.)
R1 Bfmon; C:\Windows\System32\drivers\Bfmon.sys [34624 2013-09-25] (Baidu, Inc.)
R1 Bprotect; C:\Windows\System32\drivers\Bprotect.sys [121312 2013-11-29] (Baidu, Inc.)
S3 BRDriver64; C:\ProgramData\BitRaider\BRDriver64.sys [75048 2014-02-07] (BitRaider)
S3 CorsairAudioFilter; C:\Windows\System32\DRIVERS\corsveng2kamd64.sys [101376 2013-07-30] (Corsair)
S3 CorsairCAHS1; C:\Windows\System32\drivers\CAHS164.sys [1308160 2011-06-16] (C-Media Electronics Inc)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-23] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-17] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-03-13] (NVIDIA Corporation)
S3 tapSF0901; C:\Windows\System32\DRIVERS\tapSF0901.sys [39104 2013-07-08] (Spotflux, Inc.)
S3 vjoy; C:\Windows\System32\DRIVERS\vjoy.sys [36824 2012-10-31] (Shaul Eizikovich)
R4 WinDivert1.1; C:\Program Files\Diebold\Warsaw\WinDivert64.sys [38104 2015-04-01] (Basil)
R3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-23 20:38 - 2015-05-23 20:38 - 00000000 ____H () C:\Users\Todos os Usuários\cm-lock
2015-05-23 20:38 - 2015-05-23 20:38 - 00000000 ____H () C:\ProgramData\cm-lock
2015-05-23 20:25 - 2015-05-23 20:25 - 00000671 _____ () C:\Users\Felipe\Desktop\Search.txt
2015-05-23 20:14 - 2015-05-23 20:14 - 00000000 _____ () C:\Users\Felipe\Desktop\Novo Documento de Texto (2).txt
2015-05-23 19:58 - 2015-05-23 20:55 - 00028945 _____ () C:\Users\Felipe\Desktop\FRST.txt
2015-05-23 19:58 - 2015-05-23 20:55 - 00000000 ____D () C:\FRST
2015-05-23 19:58 - 2015-05-23 19:59 - 00124781 _____ () C:\Users\Felipe\Desktop\Addition.txt
2015-05-23 19:52 - 2015-05-23 19:52 - 02108416 _____ (Farbar) C:\Users\Felipe\Desktop\FRST64.exe
2015-05-23 19:48 - 2015-05-23 19:48 - 02224640 _____ () C:\Users\Felipe\Downloads\adwcleaner-4-202-multi-win.exe
2015-05-23 18:16 - 2015-05-23 18:16 - 00000000 ____D () C:\Users\Felipe\AppData\Local\NVIDIA Corporation
2015-05-23 18:15 - 2015-05-23 20:40 - 00000000 ____D () C:\Users\Felipe\AppData\Local\Spotify
2015-05-23 18:15 - 2015-05-23 18:15 - 00254032 _____ () C:\Users\Felipe\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-23 18:15 - 2015-05-23 18:15 - 00000000 ____D () C:\Users\Felipe\AppData\Local\Steam
2015-05-23 18:15 - 2015-05-23 18:15 - 00000000 ____D () C:\Users\Felipe\AppData\Local\Google
2015-05-23 18:15 - 2015-05-23 18:15 - 00000000 ____D () C:\Users\Felipe\AppData\Local\Adobe
2015-05-23 18:14 - 2015-05-23 18:14 - 00000000 ____D () C:\Users\Felipe\AppData\Local\NVIDIA
2015-05-23 16:00 - 2015-05-23 16:01 - 00010855 _____ () C:\Users\Felipe\Desktop\Novo Documento de Texto.txt
2015-05-23 15:56 - 2015-05-23 15:56 - 00001818 _____ () C:\Users\Felipe\Downloads\software_removal_tool.log
2015-05-23 15:56 - 2015-05-23 15:56 - 00000099 _____ () C:\Users\Felipe\Downloads\debug.log
2015-05-21 20:04 - 2015-05-21 20:04 - 00002256 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-21 20:04 - 2015-05-21 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-21 19:20 - 2015-05-21 19:20 - 00001105 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-21 19:20 - 2015-05-21 19:20 - 00000008 _____ () C:\END
2015-05-18 00:31 - 2006-12-03 13:18 - 00245760 _____ (Feersum's ArmA tools) C:\Users\Felipe\Desktop\ArmAUnPBO.exe
2015-05-13 21:45 - 2015-05-13 21:46 - 00000000 ____D () C:\Users\Felipe\Documents\Iron Front
2015-05-13 21:45 - 2015-05-13 21:45 - 00000000 ____D () C:\Users\Felipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AWAR
2015-05-12 11:54 - 2015-05-12 11:54 - 00000000 ____D () C:\Users\Public\Documents\Sys
2015-05-12 11:54 - 2015-05-12 11:54 - 00000000 ____D () C:\Users\Felipe\Documents\VAC
2015-05-12 11:54 - 2015-05-12 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Voice Activated Commands
2015-05-12 11:54 - 2015-05-12 11:54 - 00000000 ____D () C:\Program Files (x86)\VAC System
2015-05-12 00:33 - 2015-05-12 00:33 - 00038104 _____ (Basil) C:\Windows\system32\WinDivert64.sys
2015-05-12 00:32 - 2015-05-12 00:32 - 00034104 _____ (Basil) C:\Windows\system32\WinDivert.dll
2015-05-12 00:22 - 2015-05-12 00:22 - 00000000 ____D () C:\Program Files\Diebold
2015-05-12 00:22 - 2015-05-12 00:22 - 00000000 ____D () C:\Program Files (x86)\GAS Tecnologia
2015-05-10 19:43 - 2015-05-10 19:43 - 00002282 _____ () C:\Users\Felipe\Desktop\Play withSIX.lnk
2015-05-10 19:43 - 2015-05-10 19:43 - 00000000 ____D () C:\Users\Felipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SIX Networks
2015-05-10 00:09 - 2015-05-10 00:09 - 00000000 ____D () C:\Program Files (x86)\FFmpeg for Audacity
2015-05-09 09:59 - 2015-05-09 09:59 - 00000046 ____H () C:\Users\Public\Documents\msdrls.dat
2015-05-09 07:35 - 2015-05-12 21:11 - 00000000 ____D () C:\Users\Felipe\Documents\Arma 3
2015-05-09 07:35 - 2015-05-09 07:35 - 00000000 ____D () C:\Users\Todos os Usuários\Bohemia Interactive
2015-05-09 07:35 - 2015-05-09 07:35 - 00000000 ____D () C:\ProgramData\Bohemia Interactive
2015-05-06 12:18 - 2015-05-06 12:18 - 00002224 _____ () C:\Users\Felipe\Desktop\Popcorn Time.lnk
2015-05-06 12:18 - 2015-05-06 12:18 - 00000000 ____D () C:\Users\Felipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time
2015-05-05 20:47 - 2015-05-05 20:53 - 315491468 _____ () C:\Users\Felipe\Desktop\Portfolio.ai
2015-05-05 13:34 - 2015-05-09 18:32 - 00000080 _____ () C:\Users\Felipe\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2015-04-28 04:54 - 2015-04-28 04:54 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2015-04-28 04:54 - 2015-04-28 04:54 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2015-04-28 04:54 - 2015-04-28 04:54 - 00122904 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2015-04-28 04:54 - 2015-04-28 04:54 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2015-04-28 04:54 - 2015-04-28 04:54 - 00001195 _____ () C:\Users\Public\Desktop\Battle Brothers - Pre-Alpha Combat Demo.lnk
2015-04-28 04:54 - 2015-04-28 04:54 - 00000000 ____D () C:\Users\Todos os Usuários\Overhype Studios
2015-04-28 04:54 - 2015-04-28 04:54 - 00000000 ____D () C:\ProgramData\Overhype Studios
2015-04-28 04:54 - 2015-04-28 04:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle Brothers - Pre-Alpha Combat Demo
2015-04-28 04:54 - 2015-04-28 04:54 - 00000000 ____D () C:\Program Files (x86)\OpenAL
2015-04-28 04:54 - 2015-04-28 04:54 - 00000000 ____D () C:\Program Files (x86)\Battle Brothers
2015-04-26 18:52 - 2015-04-26 18:52 - 00000047 _____ () C:\Windows\SysWOW64\local.cfg
2015-04-23 19:31 - 2015-04-23 19:39 - 00000000 ____D () C:\Users\Felipe\Documents\GTA3 User Files
2015-04-23 19:27 - 2015-04-23 19:27 - 00002235 _____ () C:\Users\Convidado.Felipe_QuartoPC\Desktop\Microsoft Age of Empires II Trial.lnk
2015-04-23 19:27 - 2015-04-23 19:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
2015-04-23 19:26 - 2015-04-23 19:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-23 20:53 - 2012-10-18 19:40 - 00000000 ____D () C:\Users\Felipe\AppData\Roaming\uTorrent
2015-05-23 20:44 - 2013-08-06 21:12 - 00001082 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2453375784-368361852-872276595-1000UA.job
2015-05-23 20:44 - 2013-03-14 17:39 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2453375784-368361852-872276595-1000UA.job
2015-05-23 20:43 - 2012-10-18 20:11 - 00001070 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-23 20:43 - 2010-11-21 06:37 - 00718648 _____ () C:\Windows\system32\prfh0416.dat
2015-05-23 20:43 - 2010-11-21 06:37 - 00153954 _____ () C:\Windows\system32\prfc0416.dat
2015-05-23 20:43 - 2009-07-14 02:13 - 01673528 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-23 20:38 - 2014-08-20 11:26 - 00000000 ____D () C:\Users\Felipe\AppData\Roaming\Spotify
2015-05-23 20:37 - 2015-04-09 15:31 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-23 20:37 - 2014-11-11 18:28 - 00057692 _____ () C:\Windows\setupact.log
2015-05-23 20:37 - 2012-10-18 20:11 - 00001066 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-23 20:36 - 2014-11-18 13:07 - 00252576 _____ () C:\Windows\PFRO.log
2015-05-23 20:36 - 2012-10-18 17:28 - 00000000 ____D () C:\Users\Todos os Usuários\NVIDIA
2015-05-23 20:36 - 2012-10-18 17:28 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-23 20:36 - 2009-07-14 02:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-23 20:35 - 2009-07-14 01:45 - 00020832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-23 20:35 - 2009-07-14 01:45 - 00020832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-23 20:28 - 2014-02-07 00:23 - 00000902 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-23 15:01 - 2014-08-08 14:30 - 00000000 ____D () C:\Users\Todos os Usuários\GbPlugin
2015-05-23 15:01 - 2014-08-08 14:30 - 00000000 ____D () C:\ProgramData\GbPlugin
2015-05-23 15:01 - 2014-08-08 14:30 - 00000000 ____D () C:\Program Files (x86)\GbPlugin
2015-05-21 20:03 - 2012-10-18 20:11 - 00000000 ____D () C:\Program Files (x86)\Google
2015-05-21 19:20 - 2015-04-09 15:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-21 19:20 - 2015-04-09 15:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-21 19:19 - 2014-02-01 18:02 - 00002626 __RSH () C:\Users\Todos os Usuários\ntuser.pol
2015-05-21 19:19 - 2014-02-01 18:02 - 00002626 __RSH () C:\ProgramData\ntuser.pol
2015-05-21 17:44 - 2013-03-14 17:39 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2453375784-368361852-872276595-1000Core.job
2015-05-19 20:19 - 2013-11-23 12:56 - 00000000 ____D () C:\Users\Felipe\AppData\Roaming\TS3Client
2015-05-19 00:44 - 2013-08-06 21:12 - 00001030 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2453375784-368361852-872276595-1000Core.job
2015-05-17 00:39 - 2013-08-06 21:12 - 00004058 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2453375784-368361852-872276595-1000UA
2015-05-17 00:39 - 2013-08-06 21:12 - 00003662 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2453375784-368361852-872276595-1000Core
2015-05-15 23:38 - 2012-10-18 20:11 - 00004066 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-15 23:38 - 2012-10-18 20:11 - 00003814 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-13 21:39 - 2015-01-16 15:40 - 00102505 _____ () C:\Windows\DirectX.log
2015-05-12 10:06 - 2009-07-14 01:45 - 05239872 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-11 20:38 - 2015-01-18 04:18 - 00000000 ____D () C:\Users\Felipe\AppData\Roaming\Mumble
2015-05-11 18:01 - 2013-06-08 03:04 - 00000000 ____D () C:\Users\Felipe\AppData\Roaming\Mp3tag
2015-05-11 13:57 - 2015-01-23 19:23 - 00000000 ____D () C:\Users\Felipe\AppData\Roaming\NavalAction
2015-05-11 09:11 - 2014-08-08 14:30 - 00000000 ____D () C:\Users\Todos os Usuários\boost_interprocess
2015-05-11 09:11 - 2014-08-08 14:30 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-05-10 23:41 - 2013-11-05 19:58 - 00000000 ____D () C:\Users\Felipe\AppData\Roaming\.minecraft
2015-05-10 00:33 - 2012-10-18 17:45 - 00000000 ____D () C:\Users\Felipe\AppData\Roaming\Audacity
2015-05-07 20:02 - 2013-10-21 04:07 - 00029539 _____ () C:\Users\Felipe\AppData\Roaming\XFLR5.ini
2015-05-05 19:44 - 2013-08-13 18:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-05-05 15:44 - 2009-07-14 02:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-05-05 11:29 - 2009-07-14 00:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-04-29 22:21 - 2009-07-14 02:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-04-23 19:31 - 2012-10-18 20:29 - 00000000 ____D () C:\Users\Felipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
 
==================== Files in the root of some directories =======
 
2013-05-22 14:15 - 2013-05-22 14:15 - 9222656 _____ () C:\Program Files\BOINC.msi
2012-11-02 12:55 - 2013-05-22 22:00 - 0002413 _____ () C:\Users\Felipe\AppData\Roaming\ACInitialize.log
2012-11-07 15:42 - 2014-12-03 23:47 - 0000132 _____ () C:\Users\Felipe\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-08-06 09:27 - 2013-08-06 09:27 - 0000057 _____ () C:\Users\Felipe\AppData\Roaming\Camdata.ini
2013-08-06 09:27 - 2013-08-06 09:27 - 0000408 _____ () C:\Users\Felipe\AppData\Roaming\CamLayout.ini
2013-08-06 09:27 - 2013-08-06 09:27 - 0000408 _____ () C:\Users\Felipe\AppData\Roaming\CamShapes.ini
2013-08-06 09:27 - 2013-08-06 09:27 - 0004520 _____ () C:\Users\Felipe\AppData\Roaming\CamStudio.cfg
2013-09-16 10:48 - 2013-10-15 15:35 - 0000040 _____ () C:\Users\Felipe\AppData\Roaming\cdr.ini
2014-05-25 12:03 - 2014-05-25 12:35 - 0000366 _____ () C:\Users\Felipe\AppData\Roaming\LiveSupport.exe_log.txt
2014-05-25 12:03 - 2014-05-25 12:35 - 0000092 _____ () C:\Users\Felipe\AppData\Roaming\regsvr32.exe_log.txt
2014-08-08 14:30 - 2014-08-08 14:35 - 0031200 _____ () C:\Users\Felipe\AppData\Roaming\unins000.dat
2014-08-08 14:35 - 2014-08-08 14:34 - 0720082 _____ () C:\Users\Felipe\AppData\Roaming\unins000.exe
2013-10-21 04:07 - 2015-05-07 20:02 - 0029539 _____ () C:\Users\Felipe\AppData\Roaming\XFLR5.ini
2014-02-09 12:11 - 2010-05-28 21:37 - 0015086 _____ () C:\ProgramData\Amazon.ico
2014-09-11 20:34 - 2014-09-11 20:34 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-05-23 20:38 - 2015-05-23 20:38 - 0000000 ____H () C:\ProgramData\cm-lock
2013-11-22 08:40 - 2013-11-22 08:40 - 0170344 _____ (Baidu, Inc.) C:\ProgramData\FileSplitUpLoad.dll
 
Files to move or delete:
====================
C:\ProgramData\FileSplitUpLoad.dll
C:\Users\Felipe\worldpainter_1.0.3.exe
C:\Users\Felipe\worldpainter_1.2.0.exe
C:\Users\Felipe\worldpainter_1.2.1.exe
C:\Users\Felipe\worldpainter_1.2.5.exe
C:\Users\Felipe\worldpainter_1.5.2.exe
C:\Users\Felipe\worldpainter_1.8.3.exe
C:\Users\Todos os Usuários\FileSplitUpLoad.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-14 00:53
 
==================== End of log ============================

Edit: Topic moved from Am I infected? What do I do? to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:10 PM

Posted 26 May 2015 - 09:46 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CreateRestorePoint:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2453375784-368361852-872276595-1000\...\Run: [Hoolapp Android] => "C:\Users\Felipe\AppData\Roaming\HOOLAP~1\Hoolapp.exe" /Minimized
HKU\S-1-5-21-2453375784-368361852-872276595-1000\...\Run: [AdobeBridge] => [X]
AppInit_DLLs: C:\ProgramData\Fast And Safe\FastAndSafe_x64.dll => C:\ProgramData\Fast And Safe\FastAndSafe_x64.dll File not found
AppInit_DLLs-x32: c:\progra~2\wsbeb1~1.ena => "c:\progra~2\wsbeb1~1.ena" File not found
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.navegaki.com/?bd=hp&oem=Cube&uid=CorsairXForceX3XSSD_12306504000013400145&version=2.3.0.8724&pid=414031160&tid=428
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.navegaki.com/?bd=hp&oem=Cube&uid=CorsairXForceX3XSSD_12306504000013400145&version=2.3.0.8724&pid=414031160&tid=428
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.navegaki.com/?bd=ds&oem=Cube&uid=CorsairXForceX3XSSD_12306504000013400145&version=2.3.0.8724&pid=414031160&tid=428&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://search.navegaki.com/?bd=ds&oem=Cube&uid=CorsairXForceX3XSSD_12306504000013400145&version=2.3.0.8724&pid=414031160&tid=428&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.navegaki.com/?bd=hp&oem=Cube&uid=CorsairXForceX3XSSD_12306504000013400145&version=2.3.0.8724&pid=414031160&tid=428
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.navegaki.com/?bd=hp&oem=Cube&uid=CorsairXForceX3XSSD_12306504000013400145&version=2.3.0.8724&pid=414031160&tid=428
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.navegaki.com/?bd=ds&oem=Cube&uid=CorsairXForceX3XSSD_12306504000013400145&version=2.3.0.8724&pid=414031160&tid=428&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.navegaki.com/?bd=ds&oem=Cube&uid=CorsairXForceX3XSSD_12306504000013400145&version=2.3.0.8724&pid=414031160&tid=428&q={searchTerms}
HKU\S-1-5-21-2453375784-368361852-872276595-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.navegaki.com/?bd=hp&oem=Cube&uid=CorsairXForceX3XSSD_12306504000013400145&version=2.3.0.8724&pid=414031160&tid=428
HKU\S-1-5-21-2453375784-368361852-872276595-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.navegaki.com/?bd=hp&oem=Cube&uid=CorsairXForceX3XSSD_12306504000013400145&version=2.3.0.8724&pid=414031160&tid=428
BHO: No Name -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} ->  No File
FF DefaultSearchEngine: navegaki
FF SelectedSearchEngine: navegaki
FF Homepage: hxxp://www.navegaki.com/?bd=hp&oem=Cube&uid=CorsairXForceX3XSSD_12306504000013400145&version=2.3.0.8724&pid=414031160&tid=428
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No File
FF Plugin HKU\S-1-5-21-2453375784-368361852-872276595-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Felipe\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin HKU\S-1-5-21-2453375784-368361852-872276595-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Felipe\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2453375784-368361852-872276595-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Felipe\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2453375784-368361852-872276595-1000: gastecnologia.com.br/sf/uni -> C:\Users\Felipe\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll No File
FF user.js: detected! => C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\78znarzo.default\user.js [2015-05-21]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\navegaki.xml [2015-05-21]
FF Extension: No Name - C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\78znarzo.default\extensions\searchffv2@gmail.com [not found]
FF Extension: No Name - C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\78znarzo.default\extensions\sweetsearch@gmail.com [not found]
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.navegaki.com/?bd=sc&oem=Cube&uid=CorsairXForceX3XSSD_12306504000013400145&version=2.3.0.8724&pid=414031160&tid=428
CHR HKLM\...\Chrome\Extension: [dmibjfmphcpfoacbchialfobiohmhged] - C:\Users\Felipe\AppData\Roaming\PRINTA~1\printatreeChrome.crx [Not Found]
CHR HKU\S-1-5-21-2453375784-368361852-872276595-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dmibjfmphcpfoacbchialfobiohmhged] - C:\Users\Felipe\AppData\Roaming\PRINTA~1\printatreeChrome.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [bacmhbpcpggpejckjicbghlgdlhgelbc] - C:\Program Files (x86)\ZappAddon\chrome\ZappAddon.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dmibjfmphcpfoacbchialfobiohmhged] - C:\Users\Felipe\AppData\Roaming\PRINTA~1\printatreeChrome.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [obneapcmdojdbokehdkjfcebdllnlfpn] - C:\Users\Felipe\AppData\Roaming\1.crx [Not Found]
S2 1a34a8e0; "C:\Windows\system32\rundll32.exe" "c:\progra~2\WSSvc.dll",service
S4 DisplayFusionService; "C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe" [X]
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:10 PM

Posted 31 May 2015 - 07:49 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users