Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Clicked and downloaded an email link and computer goes crazy


  • Please log in to reply
10 replies to this topic

#1 Voltzin

Voltzin

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 23 July 2015 - 11:39 PM

Hi all. I clicked on link that I received by email, telling that I have received a message from whatsapp. When I opened the link, a new tab opened with nothing but a blank screen. I also downloaded AND executed a file received by email, with name DSC01381.JPEG (SANYO).vbe

Now my computer are taking so much time to startup and to execute any kind of program. Typing is a pain, I type the whole sentence, and after a while the words show up on the screen. Google Chrome sometimes closes without reason too and I have troubles trying to run control panel. And the mouse pointer sometimes disappears from the screen.

 

Farbar Log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015
Ran by Danielle (administrator) on DANI on 24-07-2015 00:50:29
Running from C:\Users\Danielle\Desktop\Farbar
Loaded Profiles: Danielle (Available Profiles: Danielle)
Platform: Windows 8.1 Single Language (X64) OS Language: Português (Brasil)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(McAfee, Inc.) C:\Program Files\mcafee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ASUS VivoBook\vivokey.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.5.450.0\McCSPServiceHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe\glcnd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\FileManager\PhotosApp.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [79376 2013-07-31] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13657304 2013-10-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1360600 2013-10-21] (Realtek Semiconductor)
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [847160 2014-09-06] (GAS Tecnologia LTDA)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-06-26] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-04-25] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [719272 2015-04-02] (McAfee, Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-06-02] (Banco do Brasil)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [131712 2013-01-25] (Atheros Communications)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2880175846-2467202337-614637544-1001\...\Run: [EPLTarget\P0000000000000002] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATII4E.EXE [283232 2014-07-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2880175846-2467202337-614637544-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATII4E.EXE [283232 2014-07-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [372400 2014-10-29] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2880175846-2467202337-614637544-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2880175846-2467202337-614637544-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
SearchScopes: HKU\S-1-5-21-2880175846-2467202337-614637544-1001 -> DefaultScope {7320593E-83CD-4B62-BCE7-9558CA51BFC8} URL = https://br.search.yahoo.com/search?fr=mcafee&type=C011BR1045D20141109&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2880175846-2467202337-614637544-1001 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = 
SearchScopes: HKU\S-1-5-21-2880175846-2467202337-614637544-1001 -> {7320593E-83CD-4B62-BCE7-9558CA51BFC8} URL = https://br.search.yahoo.com/search?fr=mcafee&type=C011BR1045D20141109&p={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-06-25] (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2013-01-25] (Qualcomm Atheros Commnucations)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-06-02] (Banco do Brasil)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-07-03] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-07-03] (McAfee, Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-07-03] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-07-03] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll [2015-04-07] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-04-07] (McAfee, Inc.)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll [1889664 2015-06-02] (Banco do Brasil)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{858B66FF-2FD8-47ED-BBEC-B9E23F597C39}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{922BB749-665C-4BB0-8297-22B903B9C694}: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-04-07] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-31] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-31] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-04-07] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2880175846-2467202337-614637544-1001: gastecnologia.com.br/sf/bb -> C:\Users\Danielle\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll [2015-03-06] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-2880175846-2467202337-614637544-1001: gastecnologia.com.br/sf/bb64 -> C:\Users\Danielle\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll [2015-03-06] (GAS Tecnologia)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-11-09]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
 
Chrome: 
=======
CHR Profile: C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-25]
CHR Extension: (Google Docs) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-25]
CHR Extension: (Google Drive) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-25]
CHR Extension: (YouTube) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-25]
CHR Extension: (Google Search) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-25]
CHR Extension: (Google Sheets) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-25]
CHR Extension: (SiteAdvisor) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-11-09]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-20]
CHR Extension: (Google Wallet) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-25]
CHR Extension: (Gmail) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-25]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-07-06]
CHR HKLM\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2880175846-2467202337-614637544-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-07-06]
CHR HKLM-x32\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - https://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 0216891437619461mcinstcleanup; C:\WINDOWS\TEMP\021689~1.EXE [883024 2015-05-04] (McAfee, Inc.)
R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-08-29] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227456 2013-01-25] (Qualcomm Atheros Commnucations) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [83032 2013-07-31] (Intel Corporation)
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [100032 2013-07-31] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [84568 2013-07-31] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [92864 2013-07-31] (Intel Corporation)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [579896 2015-04-29] (GAS Tecnologia)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-09] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-31] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-05-31] (Intel Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-07-03] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [753768 2015-04-07] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.5.450.0\McCSPServiceHost.exe [207344 2015-04-08] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [612688 2015-04-09] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-02-17] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [372144 2015-04-06] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [250672 2015-02-17] (McAfee, Inc.)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [977088 2014-03-02] () [File not signed]
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [847160 2014-09-06] (GAS Tecnologia LTDA)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-01-25] (Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [70416 2013-09-04] (ASUS Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-25] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [68784 2015-02-17] (McAfee, Inc.)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [68072 2013-07-31] (Intel Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [57216 2013-07-31] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [120256 2013-07-31] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [200808 2013-07-31] (Intel Corporation)
U3 dtscsidrv; C:\Windows\System32\Drivers\dtscsidrv.sys [309248 2014-12-22] (Disc Soft Ltd)
R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [21720 2015-04-29] (GAS Tecnologia)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99800 2013-05-31] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [401736 2015-02-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [337888 2015-02-17] (McAfee, Inc.)
R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [101872 2015-02-17] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80160 2015-02-13] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [488000 2015-02-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [864072 2015-02-17] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [482600 2015-01-16] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100720 2015-01-16] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340448 2015-02-17] (McAfee, Inc.)
R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [14136 2013-08-29] (Windows ® Win 7 DDK provider)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-12-22] (Duplex Secure Ltd.)
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-01-20] (GAS Tecnologia LTDA)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R4 WinDivert1.1; C:\Program Files\Diebold\Warsaw\WinDivert64.sys [38104 2015-04-01] (Basil)
S3 AthBTPort; \SystemRoot\system32\DRIVERS\btath_flt.sys [X]
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S1 gbpddfac; system32\drivers\gbpddfac64.sys [X]
S1 {bb7b7a60-f574-47c2-8a0b-4c56f2da9802}Gw64; system32\drivers\{bb7b7a60-f574-47c2-8a0b-4c56f2da9802}Gw64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-24 00:49 - 2015-07-24 00:50 - 00000000 ____D C:\Users\Danielle\Desktop\Farbar
2015-07-24 00:49 - 2015-07-24 00:50 - 00000000 ____D C:\FRST
2015-07-22 23:51 - 2015-07-22 23:51 - 00000642 _____ C:\Users\Danielle\Downloads\Posso colocar essa sua foto no face rrrsss.zip
2015-07-22 23:42 - 2015-07-22 23:42 - 01418192 _____ C:\Users\Danielle\Downloads\WhatsApp Chat Amor.txt
2015-07-22 23:39 - 2015-07-22 23:39 - 01398048 _____ C:\Users\Danielle\Downloads\Look at this Snapchat (2).zip
2015-07-22 23:39 - 2015-07-22 23:39 - 00218943 _____ C:\Users\Danielle\Downloads\Look at this Snapchat (1).zip
2015-07-22 23:38 - 2015-07-22 23:38 - 01123682 _____ C:\Users\Danielle\Downloads\snap.mp4
2015-07-22 23:38 - 2015-07-22 23:38 - 00164283 _____ C:\Users\Danielle\Downloads\Look at this Snapchat.zip
2015-07-22 23:32 - 2015-07-22 23:32 - 02124355 _____ C:\Users\Danielle\Downloads\WhatsApp Chat with Amor.zip
2015-07-22 10:19 - 2015-07-13 18:10 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-07-22 10:19 - 2015-07-13 18:10 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-21 20:06 - 2015-07-21 20:06 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-21 20:00 - 2015-07-14 11:14 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-07-21 20:00 - 2015-07-14 11:14 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-07-21 20:00 - 2015-07-14 11:14 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-07-21 20:00 - 2015-07-14 11:13 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-07-18 01:52 - 2015-07-18 01:52 - 00000356 _____ C:\Users\Danielle\Desktop\Nefro.txt
2015-07-15 15:56 - 2015-06-29 19:43 - 00026288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-07-15 15:56 - 2015-06-29 12:07 - 01145856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-07-15 15:56 - 2015-06-29 12:07 - 01084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-07-15 15:56 - 2015-06-29 12:07 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-07-15 15:56 - 2015-06-29 12:07 - 00433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-07-15 15:56 - 2015-06-29 12:07 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-07-15 15:56 - 2015-06-28 02:07 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2015-07-15 15:56 - 2015-06-28 02:07 - 00178008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-07-15 15:56 - 2015-06-28 02:06 - 01311960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-07-15 15:56 - 2015-06-28 02:06 - 00332120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2015-07-15 15:56 - 2015-06-27 13:42 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-07-15 15:56 - 2015-06-27 00:13 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-07-15 15:56 - 2015-06-27 00:12 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-07-15 15:56 - 2015-06-27 00:12 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2015-07-15 15:56 - 2015-06-26 23:40 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-07-15 15:56 - 2015-06-26 23:05 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-07-15 15:56 - 2015-06-26 23:00 - 00989184 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-07-15 15:56 - 2015-06-26 22:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-07-15 15:56 - 2015-06-26 22:26 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-07-15 15:56 - 2015-06-26 20:21 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-07-15 15:56 - 2015-06-26 20:21 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-07-15 15:56 - 2015-06-24 23:31 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-07-15 15:56 - 2015-06-15 19:41 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-07-15 15:56 - 2015-06-15 19:24 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-07-15 15:56 - 2015-06-15 18:16 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2015-07-15 15:56 - 2015-06-15 18:09 - 03607552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-07-15 15:56 - 2015-06-15 17:50 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-07-15 15:56 - 2015-06-15 16:57 - 02460160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-07-15 15:56 - 2015-05-11 15:17 - 01201664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-07-15 15:56 - 2015-05-07 14:50 - 22292672 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-07-15 15:56 - 2015-05-07 14:00 - 03109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2015-07-15 15:56 - 2015-05-07 13:53 - 19734960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-07-15 15:56 - 2015-05-07 13:12 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2015-07-15 15:56 - 2015-05-07 12:21 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2015-07-15 15:56 - 2015-05-07 12:05 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll
2015-07-15 15:56 - 2015-05-02 21:39 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-07-15 15:56 - 2015-04-29 20:22 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2015-07-15 15:56 - 2015-04-24 23:25 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-07-15 15:56 - 2014-11-04 16:25 - 00059712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdclass.sys
2015-07-15 15:56 - 2014-11-04 16:25 - 00051008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouclass.sys
2015-07-15 15:56 - 2014-11-04 03:55 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sermouse.sys
2015-07-15 15:56 - 2014-11-04 03:54 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys
2015-07-15 15:56 - 2014-11-04 03:54 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2015-07-15 15:56 - 2014-11-04 03:54 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys
2015-07-15 15:55 - 2015-07-09 16:51 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-07-15 15:55 - 2015-07-09 15:40 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-07-15 15:55 - 2015-07-09 13:03 - 03701760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-07-15 15:55 - 2015-07-09 12:54 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-07-15 15:55 - 2015-07-09 12:53 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-07-15 15:55 - 2015-07-09 12:50 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-07-15 15:55 - 2015-07-09 12:50 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-07-15 15:55 - 2015-07-09 12:48 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-07-15 15:55 - 2015-07-09 12:46 - 02229248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-07-15 15:55 - 2015-07-09 12:38 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-07-15 15:55 - 2015-07-09 12:37 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-07-15 15:55 - 2015-07-09 12:35 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-07-15 15:55 - 2015-07-09 12:34 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-07-15 15:55 - 2015-06-27 00:08 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-07-15 15:55 - 2015-06-27 00:08 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-07-15 15:55 - 2015-06-26 23:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-07-15 15:55 - 2015-06-15 19:39 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-07-15 15:55 - 2015-06-15 19:38 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-07-15 15:55 - 2015-06-15 19:26 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-07-15 15:55 - 2015-06-15 19:24 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-07-15 15:55 - 2015-06-15 19:02 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2015-07-15 15:55 - 2015-06-15 18:58 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-07-15 15:55 - 2015-06-15 18:57 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-07-15 15:55 - 2015-06-15 18:56 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-07-15 15:55 - 2015-06-15 18:55 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-07-15 15:55 - 2015-06-15 18:49 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-07-15 15:55 - 2015-06-15 18:41 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-07-15 15:55 - 2015-06-15 18:38 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-07-15 15:55 - 2015-06-15 18:36 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-07-15 15:55 - 2015-06-15 18:17 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-07-15 15:55 - 2015-06-15 18:16 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-07-15 15:55 - 2015-06-15 18:15 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-07-15 15:55 - 2015-06-15 18:13 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-07-15 15:55 - 2015-06-15 18:04 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-07-15 15:55 - 2015-06-15 18:03 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-07-15 15:55 - 2015-06-15 17:52 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-07-15 15:55 - 2015-06-15 17:47 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2015-07-15 15:55 - 2015-06-15 17:44 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2015-07-15 15:55 - 2015-06-15 17:43 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-07-15 15:55 - 2015-06-15 17:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-07-15 15:55 - 2015-06-15 17:41 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-07-15 15:55 - 2015-06-15 17:37 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-07-15 15:55 - 2015-06-15 17:32 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-07-15 15:55 - 2015-06-15 17:31 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-07-15 15:55 - 2015-06-15 17:30 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-07-15 15:55 - 2015-06-15 17:30 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-07-15 15:55 - 2015-06-15 17:17 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-07-15 15:55 - 2015-06-15 17:07 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-07-15 15:55 - 2015-06-15 17:02 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-07-15 15:55 - 2015-05-30 18:18 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-07-15 15:55 - 2015-05-30 16:36 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-07-15 15:55 - 2015-05-30 16:35 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-07-15 15:54 - 2015-07-02 18:21 - 19877376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-07-15 15:54 - 2015-07-02 17:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-07-15 15:54 - 2015-07-02 17:49 - 25193984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-07-15 15:54 - 2015-07-02 17:23 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-07-15 15:54 - 2015-07-02 17:19 - 12855296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-07-15 15:54 - 2015-07-02 16:55 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-07-15 15:54 - 2015-07-02 16:20 - 14453248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-07-15 15:54 - 2015-07-02 15:59 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-07-15 15:54 - 2015-07-01 19:08 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-07-15 15:54 - 2015-07-01 18:14 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-07-15 15:54 - 2015-06-16 02:36 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2015-07-15 15:54 - 2015-06-16 02:36 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2015-07-15 15:54 - 2015-06-11 00:49 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-07-15 15:54 - 2015-06-10 13:13 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-07-15 15:54 - 2015-05-12 10:19 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-07-15 15:54 - 2015-05-11 13:34 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2015-07-15 15:54 - 2015-05-07 13:47 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2015-07-15 15:54 - 2015-05-03 12:09 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-15 15:54 - 2015-05-03 12:07 - 07784448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2015-07-15 15:54 - 2015-05-03 11:58 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-15 15:54 - 2015-05-03 11:57 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2015-07-15 15:54 - 2015-05-03 11:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-07-15 15:54 - 2015-05-03 11:49 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-07-15 15:54 - 2015-05-01 20:33 - 00410739 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-07-15 15:54 - 2015-04-28 10:13 - 00513480 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-07-15 15:54 - 2015-04-28 10:13 - 00513480 _____ C:\WINDOWS\system32\locale.nls
2015-07-15 15:54 - 2015-04-23 12:47 - 03084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-07-15 15:54 - 2015-04-23 12:16 - 02471424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-07-09 15:39 - 2015-07-09 15:39 - 00000000 ___RD C:\Users\Danielle\ODBA
2015-07-08 23:56 - 2015-07-08 23:56 - 00000000 ____D C:\Users\Danielle\AppData\Local\GWX
2015-07-08 23:03 - 2015-07-12 16:17 - 00004998 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for DANI-Danielle Dani
2015-07-05 19:08 - 2015-07-05 19:08 - 00002073 _____ C:\Users\Danielle\Desktop\Youda Sushi Chef 2 [Update]              .lnk
2015-07-05 19:08 - 2015-07-05 19:08 - 00000000 ____D C:\Users\Danielle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Youda Sushi Chef 2 [Update]
2015-07-05 19:07 - 2015-07-05 19:07 - 00000000 ____D C:\Program Files (x86)\Youda Sushi Chef 2
2015-07-05 19:04 - 2015-07-05 19:06 - 93469089 _____ C:\Users\Danielle\Downloads\Youda Sushi Chef 2 - (Www.ApunKaGames.Net).zip
2015-07-05 18:26 - 2015-07-05 18:26 - 00001024 _____ C:\.rnd
2015-07-05 18:26 - 2015-07-05 18:26 - 00000000 ___HD C:\Program Files (x86)\GAS Tecnologia
2015-07-05 18:26 - 2015-07-05 18:26 - 00000000 ___HD C:\Program Files (x86)\Diebold
2015-07-05 18:26 - 2015-07-05 18:26 - 00000000 ____D C:\Program Files\Diebold
2015-07-05 18:25 - 2015-07-22 16:56 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin
2015-07-05 18:25 - 2015-07-22 16:56 - 00000000 ____D C:\ProgramData\GbPlugin
2015-07-05 18:25 - 2015-07-22 10:18 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2015-07-05 18:23 - 2015-07-05 18:25 - 00000000 ____D C:\Users\Todos os Usuários\GAS Tecnologia
2015-07-05 18:23 - 2015-07-05 18:25 - 00000000 ____D C:\ProgramData\GAS Tecnologia
2015-07-05 18:23 - 2015-07-05 18:24 - 00017196 _____ C:\Users\Danielle\AppData\Roaming\unins000.dat
2015-07-05 18:23 - 2015-07-05 18:23 - 00815826 _____ C:\Users\Danielle\AppData\Roaming\unins000.exe
2015-07-05 18:23 - 2015-07-05 18:23 - 00000000 ____D C:\Users\Todos os Usuários\boost_interprocess
2015-07-05 18:23 - 2015-07-05 18:23 - 00000000 ____D C:\Users\Danielle\AppData\Local\GAS Tecnologia
2015-07-05 18:23 - 2015-07-05 18:23 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-06-29 21:21 - 2015-06-29 21:21 - 00000000 ____D C:\Users\Danielle\AppData\Local\Popcorn-Time
2015-06-29 21:20 - 2015-06-29 21:20 - 00000000 ____D C:\Users\Danielle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time
2015-06-29 21:19 - 2015-06-29 21:20 - 00000000 ____D C:\Users\Danielle\AppData\Local\Popcorn Time
2015-06-28 17:55 - 2015-05-25 10:23 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-06-28 17:55 - 2015-05-25 10:07 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-06-28 17:55 - 2015-04-16 03:17 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-06-28 17:55 - 2015-04-13 19:37 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-06-28 17:55 - 2015-04-13 19:34 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-06-28 17:55 - 2015-04-09 21:40 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-06-28 17:55 - 2015-04-09 21:17 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-06-28 17:55 - 2015-04-08 19:41 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-06-28 17:55 - 2015-04-01 01:21 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-06-28 17:55 - 2015-04-01 01:18 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-06-28 17:55 - 2015-04-01 01:17 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-06-28 17:55 - 2015-04-01 01:08 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-06-28 17:55 - 2015-04-01 00:46 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-06-28 17:55 - 2015-04-01 00:17 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-06-28 17:55 - 2015-04-01 00:17 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-06-28 17:55 - 2015-03-31 23:53 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-06-28 17:55 - 2015-03-31 23:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-06-28 17:55 - 2015-03-31 23:45 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-06-28 17:55 - 2015-03-31 23:45 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-06-28 17:55 - 2015-03-31 23:14 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-06-28 17:55 - 2015-03-31 23:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-06-28 17:55 - 2015-03-20 00:49 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-06-28 17:55 - 2015-03-20 00:08 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-06-28 17:55 - 2015-03-19 23:37 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-06-28 17:55 - 2015-03-19 23:07 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-06-28 17:55 - 2015-03-01 22:43 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-06-28 17:55 - 2015-03-01 22:21 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-24 00:51 - 2015-01-06 21:39 - 01371167 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-24 00:33 - 2014-09-25 23:02 - 00001086 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-24 00:33 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-23 22:16 - 2014-09-25 21:08 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2880175846-2467202337-614637544-1001
2015-07-23 22:07 - 2015-05-23 21:47 - 00003474 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2015-07-23 22:07 - 2015-05-23 21:47 - 00003464 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2015-07-23 22:06 - 2014-10-11 19:18 - 00003938 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{123DD348-7242-4ABC-9127-D9133C14D81F}
2015-07-22 23:43 - 2014-11-09 16:16 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-07-22 15:34 - 2014-09-25 19:52 - 00000074 _____ C:\Users\Danielle\AppData\Roaming\sp_data.sys
2015-07-22 10:21 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-22 10:20 - 2014-10-10 21:52 - 00000000 __RDO C:\Users\Danielle\OneDrive
2015-07-22 10:20 - 2014-09-25 23:02 - 00001082 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-22 10:18 - 2015-06-12 19:47 - 00409904 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-07-22 10:18 - 2015-06-08 22:46 - 00003025 _____ C:\WINDOWS\setupact.log
2015-07-22 10:18 - 2013-08-22 11:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-21 22:43 - 2013-08-22 10:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-07-21 22:40 - 2014-12-15 15:33 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-07-21 22:40 - 2014-09-24 13:49 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-07-21 22:40 - 2013-08-22 12:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-07-21 22:40 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\WinStore
2015-07-21 22:39 - 2012-07-26 04:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-21 20:08 - 2013-08-22 10:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-07-21 20:06 - 2013-04-25 19:42 - 00000000 ____D C:\Users\Todos os Usuários\McAfee
2015-07-21 20:06 - 2013-04-25 19:42 - 00000000 ____D C:\ProgramData\McAfee
2015-07-18 12:51 - 2015-06-12 19:45 - 00008586 _____ C:\WINDOWS\PFRO.log
2015-07-18 02:02 - 2014-09-25 22:15 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-07-18 02:02 - 2014-09-25 22:10 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help
2015-07-18 02:02 - 2014-09-25 22:10 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-16 19:01 - 2014-12-22 15:37 - 00002041 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2015-07-16 19:01 - 2013-04-25 19:39 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-07-16 19:00 - 2015-06-04 11:51 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-07-16 18:51 - 2015-06-05 17:13 - 00000000 ____D C:\Program Files\CCleaner
2015-07-16 02:28 - 2014-09-25 23:02 - 00004058 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-16 02:28 - 2014-09-25 23:02 - 00003822 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-15 16:04 - 2014-09-25 22:31 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-07-15 15:51 - 2015-04-04 16:45 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-07-15 15:51 - 2015-04-04 16:45 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-07-09 15:39 - 2014-10-10 15:36 - 00000000 ____D C:\Users\Danielle
2015-07-05 19:08 - 2015-06-18 16:09 - 00000000 ____D C:\Users\Danielle\AppData\Roaming\YoudaGames
2015-07-05 18:32 - 2014-12-04 19:11 - 00000000 __SHD C:\Users\Danielle\AppData\Local\EmieBrowserModeList
2015-07-05 18:32 - 2014-10-21 16:20 - 00000000 __SHD C:\Users\Danielle\AppData\Local\EmieUserList
2015-07-05 18:32 - 2014-10-21 16:20 - 00000000 __SHD C:\Users\Danielle\AppData\Local\EmieSiteList
2015-07-05 18:26 - 2013-10-27 06:07 - 00000000 ____D C:\Users\Todos os Usuários\Temp
2015-07-05 18:26 - 2013-10-27 06:07 - 00000000 ____D C:\ProgramData\Temp
2015-07-05 16:37 - 2014-11-15 20:43 - 00000000 ____D C:\Users\Danielle\AppData\Roaming\uTorrent
2015-07-03 08:43 - 2014-09-25 22:31 - 130333168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-07-02 23:23 - 2014-09-26 00:03 - 00002275 _____ C:\Users\Danielle\Desktop\Google Chrome.lnk
2015-06-29 21:15 - 2015-01-12 20:17 - 00000000 ____D C:\Users\Danielle\AppData\Local\node-webkit
 
==================== Files in the root of some directories =======
 
2014-09-25 19:52 - 2015-07-22 15:34 - 0000074 _____ () C:\Users\Danielle\AppData\Roaming\sp_data.sys
2015-07-05 18:23 - 2015-07-05 18:24 - 0017196 _____ () C:\Users\Danielle\AppData\Roaming\unins000.dat
2015-07-05 18:23 - 2015-07-05 18:23 - 0815826 _____ () C:\Users\Danielle\AppData\Roaming\unins000.exe
2014-09-26 13:27 - 2014-09-26 13:27 - 0007602 _____ () C:\Users\Danielle\AppData\Local\Resmon.ResmonCfg
2014-09-25 23:38 - 2014-09-25 23:38 - 0000152 _____ () C:\ProgramData\bc.ini
2014-10-10 15:30 - 2014-10-10 15:30 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-04-25 19:39 - 2012-09-07 08:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2013-04-25 19:39 - 2009-07-22 07:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2013-04-25 19:39 - 2012-09-07 08:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
2014-09-25 22:32 - 2014-09-25 22:37 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2014-09-25 22:31 - 2014-09-25 22:31 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
 
Files to move or delete:
====================
C:\ProgramData\SetStretch.VBS
C:\Users\Todos os Usuários\SetStretch.VBS
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-22 15:40
 
==================== End of log ============================
 

Attached Files


Edited by Voltzin, 24 July 2015 - 12:05 AM.


BC AdBot (Login to Remove)

 


m

#2 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:12:41 PM

Posted 25 July 2015 - 07:20 PM

hi Voltzin

 

We will use FRST to remove some items. Iam only online once or twice per day so you may not get a reply back from me until the next day.

 

copy/paste whats below in the box into notepad. Save it as fixlist.txt in the same location you have FRST. Start FRST like before except this time click on the fix button once. Machine may reboot. When done you will find a fixlog.txt file in the same location as FRST. Please post the fixlog.txt in your reply.

ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2014-09-25 23:38 - 2014-09-25 23:38 - 0000152 _____ () C:\ProgramData\bc.ini
2014-10-10 15:30 - 2014-10-10 15:30 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-04-25 19:39 - 2012-09-07 08:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2013-04-25 19:39 - 2009-07-22 07:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2013-04-25 19:39 - 2012-09-07 08:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
C:\ProgramData\SetStretch.VBS
C:\Users\Todos os Usuários\SetStretch.VBS
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ir_14_40_ie&cd=2XzuyEtN2Y1L1Qzu0DzzyDtD0EyC0E0B0B0BzztC0D0EtAzytN0D0Tzu0SzyzyzytN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyC0AtAtCtDyEyD0AtG0BtDtC0FtGtCtAtB0AtGyD0D0CzztGtBtByB0F0AyB0BtCzytCtDtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FzzyBzzyEtDyEtBtG0DtDyC0FtGyEtC0C0FtGzyyE0CtDtGzztD0DtD0AtBtBtA0C0EyC0B2Q&cr=1580672469&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ir_14_40_ie&cd=2XzuyEtN2Y1L1Qzu0DzzyDtD0EyC0E0B0B0BzztC0D0EtAzytN0D0Tzu0SzyzyzytN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyC0AtAtCtDyEyD0AtG0BtDtC0FtGtCtAtB0AtGyD0D0CzztGtBtByB0F0AyB0BtCzytCtDtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FzzyBzzyEtDyEtBtG0DtDyC0FtGyEtC0C0FtGzyyE0CtDtGzztD0DtD0AtBtBtA0C0EyC0B2Q&cr=1580672469&ir=
SearchScopes: HKU\S-1-5-21-2880175846-2467202337-614637544-1001 -> DefaultScope {7320593E-83CD-4B62-BCE7-9558CA51BFC8} URL = https://br.search.yahoo.com/search?fr=mcafee&type=C011BR1045D20141109&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2880175846-2467202337-614637544-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ir_14_40_ie&cd=2XzuyEtN2Y1L1Qzu0DzzyDtD0EyC0E0B0B0BzztC0D0EtAzytN0D0Tzu0SzyzyzytN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyC0AtAtCtDyEyD0AtG0BtDtC0FtGtCtAtB0AtGyD0D0CzztGtBtByB0F0AyB0BtCzytCtDtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FzzyBzzyEtDyEtBtG0DtDyC0FtGyEtC0C0FtGzyyE0CtDtGzztD0DtD0AtBtBtA0C0EyC0B2Q&cr=1580672469&ir=
SearchScopes: HKU\S-1-5-21-2880175846-2467202337-614637544-1001 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = 
SearchScopes: HKU\S-1-5-21-2880175846-2467202337-614637544-1001 -> {7320593E-83CD-4B62-BCE7-9558CA51BFC8} URL = https://br.search.yahoo.com/search?fr=mcafee&type=C011BR1045D20141109&p={searchTerms}
EmptyTemp:

You can also get and keep Malwarebytes:

Please download Malwarebytes Anti-Malware 2.0.3.1025 Final to your desktop.

     http://data-cdn.mbamupdates.com/v2/mbam/consumer/data/mbam-setup-2.0.3.1025.exe
 
    Double-click mbam-setup-2.0.3.1025.exe and follow the prompts to install the program.
    At the end, be sure a checkmark is placed next to the following:
        Launch Malwarebytes Anti-Malware
        A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish  the scanning and   removal capabilities of the program.
    Click Finish.
    On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
    Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
    A Threat Scan will begin.
    With some infections, you may see this message box.
        'Could not load DDA driver'
    Click 'Yes' to this message, to allow the driver to load after a restart.
    Allow the computer to restart. Continue with the rest of these instructions.
    When the scan is complete, click Apply Actions.
    Wait for the prompt to restart the computer to appear, then click on Yes.
    After the restart once you are back at your desktop, open MBAM once more.
    Click on the History tab > Application Logs.
    Double click on the scan log which shows the Date and time of the scan just performed.
    Click 'Copy to Clipboard'
    Paste the contents of the clipboard into your reply.

 

 


How Can I Reduce My Risk to Malware?


#3 Voltzin

Voltzin
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 25 July 2015 - 11:24 PM

Thanks for your reply.

 

Log from Farbar:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:25-07-2015
Ran by Danielle at 2015-07-26 00:07:45 Run:1
Running from C:\Users\Danielle\Desktop\Farbar
Loaded Profiles: Danielle (Available Profiles: Danielle)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2014-09-25 23:38 - 2014-09-25 23:38 - 0000152 _____ () C:\ProgramData\bc.ini
2014-10-10 15:30 - 2014-10-10 15:30 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-04-25 19:39 - 2012-09-07 08:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2013-04-25 19:39 - 2009-07-22 07:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2013-04-25 19:39 - 2012-09-07 08:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
C:\ProgramData\SetStretch.VBS
C:\Users\Todos os Usuários\SetStretch.VBS
SearchScopes: HKU\S-1-5-21-2880175846-2467202337-614637544-1001 -> DefaultScope {7320593E-83CD-4B62-BCE7-9558CA51BFC8} URL = https://br.search.yahoo.com/search?fr=mcafee&type=C011BR1045D20141109&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2880175846-2467202337-614637544-1001 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = 
SearchScopes: HKU\S-1-5-21-2880175846-2467202337-614637544-1001 -> {7320593E-83CD-4B62-BCE7-9558CA51BFC8} URL = https://br.search.yahoo.com/search?fr=mcafee&type=C011BR1045D20141109&p={searchTerms}
EmptyTemp:
*****************
 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. 
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
C:\ProgramData\bc.ini => moved successfully.
C:\ProgramData\DP45977C.lfl => moved successfully.
C:\ProgramData\SetStretch.cmd => moved successfully.
C:\ProgramData\SetStretch.exe => moved successfully.
C:\ProgramData\SetStretch.VBS => moved successfully.
"C:\ProgramData\SetStretch.VBS" => File/Folder not found.
"C:\Users\Todos os Usuários\SetStretch.VBS" => File/Folder not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKU\S-1-5-21-2880175846-2467202337-614637544-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-2880175846-2467202337-614637544-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
"HKU\S-1-5-21-2880175846-2467202337-614637544-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => key removed successfully
HKCR\CLSID\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} => key not found. 
"HKU\S-1-5-21-2880175846-2467202337-614637544-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7320593E-83CD-4B62-BCE7-9558CA51BFC8}" => key removed successfully
HKCR\CLSID\{7320593E-83CD-4B62-BCE7-9558CA51BFC8} => key not found. 
EmptyTemp: => 794.8 MB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 00:08:18 ====
 
 
Log of Malwarebytes:
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Data da verificação: 26/07/2015
Hora da verificação: 00:22
Arquivo de registro: 
Administrador: Sim
 
Versão: 2.1.8.1057
Banco de dados de malware: v2015.07.25.04
Banco de dados de rootkit: v2015.07.22.01
Licença: Gratuita
Proteção contra malware: Desabilitado
Proteção contra website malicioso: Desabilitado
Autoproteção: Desabilitado
 
Sistema operacional: Windows 8.1
CPU: x64
Sistema de arquivos: NTFS
Usuário: Danielle
 
Tipo de verificação: Verificação da ameaça
Resultado: Concluído
Objetos verificados: 351586
Tempo decorrido: 37 min, 49 seg
 
Memória: Habilitado
Inicialização: Habilitado
Sistema de arquivos: Habilitado
Arquivos compactados: Habilitado
Rootkits: Habilitado
Verificação detalhada de rootkit: Habilitado
Heurística: Habilitado
PUP: Habilitado
PUM: Habilitado
 
Processos: 0
(Nenhum item malicioso detectado)
 
Módulos: 0
(Nenhum item malicioso detectado)
 
Chaves de registro: 7
PUP.Optional.Astromenda.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pfkfdlcdbajamklbneflfbcmfgddmpae, Quarentena, [cc2c21c40981cc6a1b9bd1b5768e857b], 
PUP.Optional.Astromenda.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pfkfdlcdbajamklbneflfbcmfgddmpae, Quarentena, [9a5e13d231593303ab0bc0c6659fa25e], 
PUP.Optional.SystemSpeedup, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\ssd, Quarentena, [df19f8edf09a4bebf7c6b97f659e4cb4], 
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{bb7b7a60-f574-47c2-8a0b-4c56f2da9802}Gw64, Quarentena, [28d0a3428307c076502d8998f2110000], 
PUP.Optional.InstallCore.C, HKU\S-1-5-21-2880175846-2467202337-614637544-1001\SOFTWARE\InstallCore, Quarentena, [58a07570038739fd65a00c8f0400936d], 
PUP.Optional.Astromenda.A, HKU\S-1-5-21-2880175846-2467202337-614637544-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pfkfdlcdbajamklbneflfbcmfgddmpae, Quarentena, [45b3a73e9febc1758a2d7511c83c7d83], 
PUP.Optional.SystemSpeedup, HKU\S-1-5-21-2880175846-2467202337-614637544-1001\SOFTWARE\SYSTWEAK\ssd, Quarentena, [6c8c875ecac082b4ad0f73c5739007f9], 
 
Valores de registro: 1
PUP.Optional.Astromenda.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Astromenda\\, Quarentena, [49af945175152511cae5b756e61dc838]
 
Dados de registro: 0
(Nenhum item malicioso detectado)
 
Pastas: 0
(Nenhum item malicioso detectado)
 
Arquivos: 1
PUP.Optional.RegCleanerPro, C:\Windows\System32\Tasks\ASP, Quarentena, [3bbd41a4e2a862d47e32f83a768d6997], 
 
Setores físicos: 0
(Nenhum item malicioso detectado)
 
 
(end)


#4 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:12:41 PM

Posted 26 July 2015 - 07:37 AM

Ok good. We will get one more download based on what Malwarebytes removed. Its called Adwcleaner and targets adware. Lets see if it digs up anything.

 

 

 Please download adwcleaner and save to your desktop.

    http://www.bleepingcomputer.com/download/adwcleaner/

    Right click AdwCleaner.exe and select "run as admin"
    Accept the disclaimer
    Click on the Scan button.
    Once the scan is done, Click the Clean button
    Press OK when asked to close all programs and follow the onscreen prompts.
    Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically
    Copy and paste the contents of that logfile in your next reply.
    A copy of that logfile will also be saved in the C:\AdwCleaner folder.
 

 


How Can I Reduce My Risk to Malware?


#5 Voltzin

Voltzin
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 26 July 2015 - 12:14 PM

Here is the log:

 

# AdwCleaner v4.208 - Relatório criado 26/07/2015 às 14:10:25
# Atualizado 09/07/2015 por Xplode
# Base de dados : 2015-07-26.2 [Servidor]
# Sistema operacional : Windows 8.1 Single Language  (x64)
# Usuário : Danielle - DANI
# Executando de : C:\Users\Danielle\Desktop\AdwCleaner.exe
# Opção : Limpar
 
***** [ Serviços ] *****
 
 
***** [ Arquivos / Pastas ] *****
 
Pasta Excluído : C:\Users\Danielle\AppData\Roaming\Systweak
Arquivo Excluído : C:\WINDOWS\System32\roboot64.exe
 
***** [ Tarefas agendadas ] *****
 
Tarefa Apagado : ASP
 
***** [ Atalhos ] *****
 
 
***** [ Registro ] *****
 
Chave Apagado : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Apagado : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Chave Apagado : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Chave Apagado : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Chave Apagado : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Chave Apagado : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Chave Apagado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Chave Apagado : HKCU\Software\systweak
Chave Apagado : HKLM\SOFTWARE\systweak
 
***** [ Navegadores ] *****
 
-\\ Internet Explorer v11.0.9600.17840
 
 
-\\ Google Chrome v44.0.2403.107
 
[C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Apagado [Homepage] : hxxp://astromenda.com/?f=1&a=ast_ir_14_40_ie&cd=2XzuyEtN2Y1L1Qzu0DzzyDtD0EyC0E0B0B0BzztC0D0EtAzytN0D0Tzu0SzyzyzytN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyC0AtAtCtDyEyD0AtG0BtDtC0FtGtCtAtB0AtGyD0D0CzztGtBtByB0F0AyB0BtCzytCtDtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FzzyBzzyEtDyEtBtG0DtDyC0FtGyEtC0C0FtGzyyE0CtDtGzztD0DtD0AtBtBtA0C0EyC0B2Q&cr=1580672469&ir=
 
*************************
 
AdwCleaner[R0].txt - [2374 bytes] - [26/07/2015 14:07:37]
AdwCleaner[S0].txt - [2184 bytes] - [26/07/2015 14:10:25]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2243  bytes] ##########


#6 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:12:41 PM

Posted 26 July 2015 - 02:47 PM

OK, so hows it all looking on your end now?


How Can I Reduce My Risk to Malware?


#7 Voltzin

Voltzin
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 26 July 2015 - 03:40 PM

I still got problems when typing, and the pc is still slow. Google Chrome working slow too. Not happening it before the email link and download. The other problems are gone.



#8 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:12:41 PM

Posted 26 July 2015 - 07:05 PM

Hi,

 

ok lets see what this does:

 

We will use FRST again, so like before.

 

copy/paste whats below in the box into notepad.

Save it as fixlist.txt in the same location you have FRST.

Start FRST like before except this time click on the fix button once.

Machine may reboot. When done you will find a fixlog.txt file in the same location as FRST.

Please post the fixlog.txt in your reply.

2014-09-25 19:52 - 2015-07-22 15:34 - 0000074 _____ () C:\Users\Danielle\AppData\Roaming\sp_data.sys
2015-07-05 18:23 - 2015-07-05 18:24 - 0017196 _____ () C:\Users\Danielle\AppData\Roaming\unins000.dat
2015-07-05 18:23 - 2015-07-05 18:23 - 0815826 _____ () C:\Users\Danielle\AppData\Roaming\unins000.exe
2014-09-26 13:27 - 2014-09-26 13:27 - 0007602 _____ () C:\Users\Danielle\AppData\Local\Resmon.ResmonCfg

Next, back up Chromes bookmarks/favorites first by exporting them as HTML file:

https://support.google.com/chrome/answer/96816?hl=en

 

Next, uninstall Chrome, also delete user profile information:

https://support.google.com/chrome/answer/95319?hl=en

 

Last: reinstall Chrome

https://support.google.com/chrome/answer/95346?hl=en

 

I wont be back online for about 16 hours.


How Can I Reduce My Risk to Malware?


#9 Voltzin

Voltzin
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 26 July 2015 - 07:28 PM

Problems didn't solved yet. Typing is still a pain and Chrome still slow. Reinstaled 2 times.

 

 

 

 

Log from FRST

 

Fix result of Farbar Recovery Scan Tool (x64) Version:25-07-2015
Ran by Danielle at 2015-07-26 21:27:23 Run:2
Running from C:\Users\Danielle\Desktop\Farbar
Loaded Profiles: Danielle (Available Profiles: Danielle)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
2014-09-25 19:52 - 2015-07-22 15:34 - 0000074 _____ () C:\Users\Danielle\AppData\Roaming\sp_data.sys
2015-07-05 18:23 - 2015-07-05 18:24 - 0017196 _____ () C:\Users\Danielle\AppData\Roaming\unins000.dat
2015-07-05 18:23 - 2015-07-05 18:23 - 0815826 _____ () C:\Users\Danielle\AppData\Roaming\unins000.exe
2014-09-26 13:27 - 2014-09-26 13:27 - 0007602 _____ () C:\Users\Danielle\AppData\Local\Resmon.ResmonCfg
*****************
 
C:\Users\Danielle\AppData\Roaming\sp_data.sys => moved successfully.
C:\Users\Danielle\AppData\Roaming\unins000.dat => moved successfully.
C:\Users\Danielle\AppData\Roaming\unins000.exe => moved successfully.
C:\Users\Danielle\AppData\Local\Resmon.ResmonCfg => moved successfully.
 
==== End of Fixlog 21:27:25 ====

Edited by Voltzin, 26 July 2015 - 10:14 PM.


#10 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:12:41 PM

Posted 27 July 2015 - 04:27 PM

What are you typing into, the software?  is it MS Word or your browser when on a web site, like this one? If so try it in both your browsers to see if its the same. Does it happen all the time or randomly when you type.

 

Do you know how to boot your machine into safe mode and see if the slow typing is the same in safe mode?

 

Lets see if tasklist will show anything. Other than the e-mail you clicked on have you installed and software lately?

 

You can get a list of running processes like this:

 

Click on Start> and in the search field type in cmd and up at the top of the window under Programs you should see cmd. Right click on that and select "run as admin"

A cmd prompt windows should open and you can copy/ paste in whats below.  Copy the line below then right click anywhere in the black window and select paste.

 It will dump a process.txt file in your local drive C. You can copy paste the results in your reply.

tasklist > C:\process.txt

How Can I Reduce My Risk to Malware?


#11 Voltzin

Voltzin
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 28 July 2015 - 01:46 AM

Hey shelf, I'll be away from this computer until saturday. When I back I post the results, thanks!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users