Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with trojan and heavy slow down


  • This topic is locked This topic is locked
5 replies to this topic

#1 Erganth

Erganth

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:46 PM

Posted 01 November 2015 - 03:42 PM

TOPIC, besides some heavy ads.

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-10-2015
Ran by Juliana Nunes (administrator) on JULIANANUNES-NT (01-11-2015 17:33:57)
Running from C:\Users\Juliana Nunes\Desktop
Loaded Profiles: Juliana Nunes (Available Profiles: Juliana Nunes)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: Português (Brasil)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(SoftBrain Technologies Ltd.) C:\Users\Juliana Nunes\AppData\Local\SmartWeb\SmartWebHelper.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Agent.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
(Advanced Micro Devices Inc.) C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe
(SoftBrain Technologies Ltd.) C:\Users\Juliana Nunes\AppData\Local\SmartWeb\SmartWebApp.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-UpdaterService.exe
(Advanced Micro Devices Inc.) C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe
(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
() C:\Program Files\IObit\LiveUpdate\IObitLauncher.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [570664 2008-05-28] (Nero AG)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [935288 2009-09-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2258216 2011-04-29] (Synaptics Incorporated)
HKLM\...\Run: [SmartWeb] => C:\Users\Juliana Nunes\AppData\Local\SmartWeb\SmartWebHelper.exe [270368 2015-02-17] (SoftBrain Technologies Ltd.)
HKLM\...\Run: [gmsd_br_554] => [X]
HKLM\...\Run: [StartCCC] => C:\Program Files\AMD\ATI.ACE\Core-Static\x86\CLIStart.exe [748744 2015-07-15] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [BlueStacks Agent] => C:\Program Files\BlueStacks\HD-Agent.exe [904824 2015-08-19] (BlueStack Systems, Inc.)
HKU\S-1-5-21-3077596206-342208924-60660658-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [17880752 2012-11-09] (Skype Technologies S.A.)
HKU\S-1-5-21-3077596206-342208924-60660658-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2008-01-22] (Nero AG)
HKU\S-1-5-21-3077596206-342208924-60660658-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [3579120 2015-05-21] (Disc Soft Ltd)
HKU\S-1-5-21-3077596206-342208924-60660658-1000\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-3077596206-342208924-60660658-1000\...\MountPoints2: {2d54807b-047c-11e5-8f86-80ee7348d75a} - E:\setup.exe
HKU\S-1-5-21-3077596206-342208924-60660658-1000\...\MountPoints2: {6f9b41d8-3de6-11e5-9458-80ee7348d75a} - F:\setup.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2015-05-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Juliana Nunes\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Juliana Nunes\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Juliana Nunes\AppData\Local\MEGAsync\ShellExtX32.dll No File
Startup: C:\Users\Juliana Nunes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-06-02]
ShortcutTarget: SmartWeb.lnk -> C:\Users\Juliana Nunes\AppData\Local\SmartWeb\SmartWebHelper.exe (SoftBrain Technologies Ltd.)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1318FCC1-261A-420F-9857-386B31A02C8D}: [DhcpNameServer] 5.39.219.6 187.19.145.29
Tcpip\..\Interfaces\{2BED533C-F1B8-4E36-B0D5-D4399689DC6A}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=pt&pid=N360&pvid=21.7.0.11
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=pt&pid=N360&pvid=21.7.0.11
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=pt&pid=N360&pvid=21.7.0.11
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=pt&pid=N360&pvid=21.7.0.11
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-21-3077596206-342208924-60660658-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=pt&pid=n360&pvid=21.7.0.11
HKU\S-1-5-21-3077596206-342208924-60660658-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\S-1-5-21-3077596206-342208924-60660658-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3077596206-342208924-60660658-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3077596206-342208924-60660658-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
URLSearchHook: [S-1-5-21-3077596206-342208924-60660658-1000] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = www.google.com.br
SearchScopes: HKLM -> {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = www.google.com.br
SearchScopes: HKU\S-1-5-21-3077596206-342208924-60660658-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NSBU&chn=retail&geo=BR&ver=22&locale=pt_BR&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-3077596206-342208924-60660658-1000 -> {D0A3FC8D-1075-4536-B935-5BDD5AECD617} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=ST500LM012XHN-M500MBB_S2S7J9KD109617&ts=1433264570&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3077596206-342208924-60660658-1000 -> {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=ST500LM012XHN-M500MBB_S2S7J9KD109617&ts=1433264570&type=default&q={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll => No File
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: No Name -> {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> No File
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-10-02] (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-3077596206-342208924-60660658-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-10-02] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.oursurfing.com/?type=sc&ts=1432747185&z=98398a6e8bada317f888b15gfz3cco2m3z2m3g2b8t&from=smt&uid=ST500LM012XHN-M500MBB_S2S7J9KD109617

FireFox:
========
FF ProfilePath: C:\Users\Juliana Nunes\AppData\Roaming\Mozilla\Firefox\Profiles\ushr81db.default
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: mystartsearch
FF SelectedSearchEngine: mystartsearch
FF Homepage: hxxp://www.google.com.br/
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2008-09-10] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2008-09-10] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-22] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-22] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF user.js: detected! => C:\Users\Juliana Nunes\AppData\Roaming\Mozilla\Firefox\Profiles\ushr81db.default\user.js [2015-06-07]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2009-02-27] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2008-09-10] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2008-09-10] (RealNetworks, Inc.)
FF SearchPlugin: C:\Users\Juliana Nunes\AppData\Roaming\Mozilla\Firefox\Profiles\ushr81db.default\searchplugins\mystartsearch.xml [2015-11-01]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\buscape.xml [2015-05-14]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mercadolivre.xml [2015-05-14]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\navegaki.xml [2015-06-02]
FF Extension: QuickSearch - C:\Users\Juliana Nunes\AppData\Roaming\Mozilla\Firefox\Profiles\ushr81db.default\Extensions\searchffv2@gmail.com [2015-06-02] [not signed]
FF Extension: Search Enginer - C:\Users\Juliana Nunes\AppData\Roaming\Mozilla\Firefox\Profiles\ushr81db.default\Extensions\sweetsearch@gmail.com [2015-05-27] [not signed]
FF Extension: Slick Savings - C:\Users\Juliana Nunes\AppData\Roaming\Mozilla\Firefox\Profiles\ushr81db.default\Extensions\{205ecfa1-e167-42f5-8d02-58724b1c974d} [2015-05-30] [not signed]
FF Extension: Start Page - C:\Users\Juliana Nunes\AppData\Roaming\Mozilla\Firefox\Profiles\ushr81db.default\Extensions\{d184bb9a-da59-4370-8e68-7e763aecf1cb} [2015-05-30] [not signed]
FF Extension: Video DownloadHelper - C:\Users\Juliana Nunes\AppData\Roaming\Mozilla\Firefox\Profiles\ushr81db.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-11-01]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-06-08] [not signed]
FF HKLM\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\Juliana Nunes\AppData\Roaming\Mozilla\Firefox\Profiles\ushr81db.default\extensions\sweetsearch@gmail.com
FF HKLM\...\Firefox\Extensions: [searchffv2@gmail.com] - C:\Users\Juliana Nunes\AppData\Roaming\Mozilla\Firefox\Profiles\ushr81db.default\extensions\searchffv2@gmail.com

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\Juliana Nunes\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Apresentações) - C:\Users\Juliana Nunes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-08]
CHR Extension: (Google Docs) - C:\Users\Juliana Nunes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-08]
CHR Extension: (Google Drive) - C:\Users\Juliana Nunes\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\Juliana Nunes\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Norton Security Toolbar) - C:\Users\Juliana Nunes\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-10-08]
CHR Extension: (Google Search) - C:\Users\Juliana Nunes\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Planilhas do Google) - C:\Users\Juliana Nunes\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-08]
CHR Extension: (Documentos Google off-line) - C:\Users\Juliana Nunes\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-06]
CHR Extension: (Hola -  Proxy livre VPN) - C:\Users\Juliana Nunes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-10-23]
CHR Extension: (Norton Identity Safe) - C:\Users\Juliana Nunes\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-06-09]
CHR Extension: (Skype Click to Call) - C:\Users\Juliana Nunes\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-10-18]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Juliana Nunes\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-30]
CHR Extension: (Gmail) - C:\Users\Juliana Nunes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-08]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-10-02]
CHR HKLM\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASC_GhromePlugin.crx <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [276992 2015-07-15] (Advanced Micro Devices, Inc.) [File not signed]
S3 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [437880 2015-08-19] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [413304 2015-08-19] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [839288 2015-08-19] (BlueStack Systems, Inc.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1026288 2015-05-21] (Disc Soft Ltd)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-31] (IObit)
R2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 AdvancedSystemCareService7; no ImagePath

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [71880 2014-09-23] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [36040 2014-09-23] (Advanced Micro Devices)
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [132216 2015-08-19] (BlueStack Systems)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [25016 2015-05-27] (Disc Soft Ltd)
S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [204432 2012-06-05] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1334856 2013-05-02] (Realtek Semiconductor Corporation                           )
S3 netr28u; system32\DRIVERS\netr28u.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-01 17:33 - 2015-11-01 17:34 - 00021804 _____ C:\Users\Juliana Nunes\Desktop\FRST.txt
2015-11-01 17:33 - 2015-11-01 17:34 - 00000000 ____D C:\FRST
2015-11-01 17:31 - 2015-11-01 17:31 - 01701888 _____ (Farbar) C:\Users\Juliana Nunes\Desktop\FRST.exe
2015-11-01 17:21 - 2015-11-01 17:21 - 00000961 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-11-01 17:21 - 2015-11-01 17:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-11-01 17:21 - 2015-11-01 17:21 - 00000000 ____D C:\Program Files\CCleaner
2015-11-01 17:20 - 2015-11-01 17:20 - 06762072 _____ (Piriform Ltd) C:\Users\Juliana Nunes\Downloads\ccsetup511.exe
2015-10-27 19:07 - 2015-10-27 19:07 - 00344064 _____ C:\Users\Juliana Nunes\Documents\Banco de dados1.accdb
2015-10-27 18:36 - 2015-10-27 19:32 - 01966080 _____ C:\Users\Juliana Nunes\Downloads\Fornecedores JULIANA CONT.accdb
2015-10-22 14:36 - 2015-10-22 14:36 - 00061277 ____H C:\Users\Juliana Nunes\Desktop\~WRL3970.tmp
2015-10-18 11:15 - 2015-09-18 14:47 - 00023384 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-10-18 11:15 - 2015-09-18 14:44 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-10-18 11:15 - 2015-09-18 14:44 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-10-18 11:15 - 2015-09-18 14:44 - 00587776 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-10-18 11:15 - 2015-09-18 14:44 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-10-18 11:15 - 2015-09-18 14:44 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-10-18 11:15 - 2015-09-18 14:35 - 00999936 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-10-13 23:44 - 2015-09-18 15:58 - 00345688 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-10-13 23:44 - 2015-09-16 00:58 - 20357632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-13 23:44 - 2015-09-16 00:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-10-13 23:44 - 2015-09-16 00:45 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-10-13 23:44 - 2015-09-16 00:33 - 00504832 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-13 23:44 - 2015-09-16 00:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-10-13 23:44 - 2015-09-16 00:32 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-10-13 23:44 - 2015-09-16 00:32 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-10-13 23:44 - 2015-09-16 00:31 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-10-13 23:44 - 2015-09-16 00:28 - 02279936 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-13 23:44 - 2015-09-16 00:26 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-10-13 23:44 - 2015-09-16 00:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-10-13 23:44 - 2015-09-16 00:24 - 00480256 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-10-13 23:44 - 2015-09-16 00:23 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-10-13 23:44 - 2015-09-16 00:23 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-10-13 23:44 - 2015-09-16 00:22 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-13 23:44 - 2015-09-16 00:22 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-10-13 23:44 - 2015-09-16 00:18 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-10-13 23:44 - 2015-09-16 00:15 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-10-13 23:44 - 2015-09-16 00:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-10-13 23:44 - 2015-09-16 00:07 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-10-13 23:44 - 2015-09-16 00:06 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-13 23:44 - 2015-09-16 00:05 - 04527616 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-13 23:44 - 2015-09-16 00:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-10-13 23:44 - 2015-09-16 00:04 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-10-13 23:44 - 2015-09-15 23:58 - 12853760 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-13 23:44 - 2015-09-15 23:58 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-10-13 23:44 - 2015-09-15 23:56 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-10-13 23:44 - 2015-09-15 23:56 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-10-13 23:44 - 2015-09-15 23:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-10-13 23:44 - 2015-09-15 23:55 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-10-13 23:44 - 2015-09-15 23:37 - 02011136 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-13 23:44 - 2015-09-15 23:34 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-13 23:44 - 2015-09-15 23:32 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-10-13 23:43 - 2015-09-29 00:05 - 03990976 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-10-13 23:43 - 2015-09-29 00:05 - 03936192 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-13 23:43 - 2015-09-29 00:02 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-10-13 23:43 - 2015-09-28 23:59 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-10-13 23:43 - 2015-09-28 23:59 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-10-13 23:43 - 2015-09-28 23:59 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-10-13 23:43 - 2015-09-28 23:59 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-10-13 23:43 - 2015-09-28 23:59 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-10-13 23:43 - 2015-09-28 23:59 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-10-13 23:43 - 2015-09-28 23:59 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-10-13 23:43 - 2015-09-28 23:58 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-10-13 23:43 - 2015-09-28 23:58 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-10-13 23:43 - 2015-09-28 23:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-10-13 23:43 - 2015-09-28 23:58 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-10-13 23:43 - 2015-09-28 23:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-10-13 23:43 - 2015-09-28 23:58 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-10-13 23:43 - 2015-09-28 23:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-10-13 23:43 - 2015-09-28 23:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-10-13 23:43 - 2015-09-28 23:49 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-10-13 23:43 - 2015-09-28 23:49 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-10-13 23:43 - 2015-09-28 22:43 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-10-13 23:43 - 2015-09-28 22:43 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-10-13 23:43 - 2015-09-28 22:43 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-10-13 23:43 - 2015-09-15 14:42 - 00139096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-10-13 23:43 - 2015-09-15 14:42 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-10-13 23:43 - 2015-09-15 14:36 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-10-13 23:43 - 2015-09-15 14:36 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-10-13 23:43 - 2015-09-15 14:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-10-13 23:43 - 2015-09-15 14:36 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-10-13 23:43 - 2015-09-15 14:36 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-10-13 23:43 - 2015-09-15 14:36 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-10-13 23:43 - 2015-09-15 14:35 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-10-13 23:43 - 2015-07-18 10:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-10-13 23:43 - 2015-07-18 10:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-13 23:43 - 2015-07-18 10:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-13 23:43 - 2015-07-18 10:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-13 23:43 - 2015-07-18 10:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-13 23:43 - 2015-07-18 10:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-13 23:43 - 2015-07-18 10:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-13 23:43 - 2015-07-18 10:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-13 23:43 - 2015-07-18 10:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-13 23:43 - 2015-07-18 10:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-10-13 23:43 - 2015-07-18 10:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-13 23:43 - 2015-07-18 10:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-13 23:43 - 2015-07-18 10:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-13 23:43 - 2015-07-18 10:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-13 23:43 - 2015-07-18 10:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-13 23:43 - 2015-07-18 10:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-13 23:43 - 2015-07-18 10:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-13 23:43 - 2015-07-18 10:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-10-13 23:43 - 2015-07-18 10:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-13 23:43 - 2015-07-18 10:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-13 23:43 - 2015-07-18 10:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-13 23:43 - 2015-07-18 10:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-10-13 23:43 - 2015-07-18 10:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-10-13 23:43 - 2015-07-18 10:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-10-13 23:42 - 2015-10-01 14:50 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-10-13 23:42 - 2015-10-01 14:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-10-13 23:42 - 2015-10-01 14:50 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-10-13 23:42 - 2015-10-01 14:50 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-10-13 23:42 - 2015-10-01 14:50 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-10-13 23:42 - 2015-10-01 13:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-10-13 23:42 - 2015-09-25 14:59 - 02955776 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-10-13 23:42 - 2015-09-25 14:59 - 02061824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-10-13 23:42 - 2015-09-25 14:59 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-10-13 23:42 - 2015-09-25 14:59 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-10-13 23:42 - 2015-09-25 14:59 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-10-13 23:42 - 2015-09-25 14:59 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-10-13 23:42 - 2015-09-25 14:59 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-10-13 23:42 - 2015-09-25 14:58 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-10-13 23:42 - 2015-09-25 14:58 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-10-13 23:42 - 2015-09-25 14:58 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-10-13 23:42 - 2015-09-25 14:58 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-10-13 23:42 - 2015-08-06 14:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-13 23:42 - 2015-08-06 14:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-10-13 18:12 - 2015-11-01 17:07 - 00000000 ____D C:\Users\Juliana Nunes\AppData\LocalLow\uTorrent
2015-10-13 17:22 - 2015-10-13 17:22 - 00000000 ____D C:\Users\Todos os Usuários\{126CFB2A-3098-4C8B-A9BB-8D922A069FE0}
2015-10-13 17:22 - 2015-10-13 17:22 - 00000000 ____D C:\ProgramData\{126CFB2A-3098-4C8B-A9BB-8D922A069FE0}
2015-10-11 14:52 - 2015-02-19 19:19 - 00061133 ____N C:\Users\Juliana Nunes\Downloads\How To Get Away with Murder - 01x11 - Best Christmas Ever.LOL.Portuguese (Brazilian).C.updated.Addic7ed.com.srt
2015-10-11 13:54 - 2015-10-11 13:54 - 00021516 _____ C:\Users\Juliana Nunes\Downloads\How-To-Get-Away-with-Murder-01x11-Best-Christmas-Ever-LOL-Portuguese-Brazilian-C-updated-Addic7ed-com-35834164.zip
2015-10-11 13:51 - 2015-03-10 15:24 - 00053963 ____N C:\Users\Juliana Nunes\Downloads\How to Get Away with Murder S01E11 HDTV.XviD-AFG.srt
2015-10-08 13:34 - 2015-10-08 13:34 - 00002063 _____ C:\Users\Juliana Nunes\Desktop\Popcorn Time.lnk
2015-10-08 13:27 - 2015-10-08 13:27 - 00000000 ____D C:\Users\Juliana Nunes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time
2015-10-07 12:33 - 2015-10-07 12:33 - 00002719 _____ C:\Users\Public\Desktop\Windows Device Recovery Tool.lnk
2015-10-07 12:33 - 2015-10-07 12:33 - 00000000 ____D C:\Users\Todos os Usuários\HTC
2015-10-07 12:33 - 2015-10-07 12:33 - 00000000 ____D C:\ProgramData\HTC

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-01 17:20 - 2015-08-24 20:42 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-01 17:15 - 2015-05-23 11:00 - 01637827 _____ C:\Windows\WindowsUpdate.log
2015-11-01 17:13 - 2009-07-14 01:34 - 00014336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-01 17:13 - 2009-07-14 01:34 - 00014336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-01 17:12 - 2015-05-23 15:55 - 01633534 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-01 17:12 - 2009-07-14 05:31 - 00705268 _____ C:\Windows\system32\prfh0416.dat
2015-11-01 17:12 - 2009-07-14 05:31 - 00147108 _____ C:\Windows\system32\prfc0416.dat
2015-11-01 17:09 - 2015-06-08 21:33 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-01 17:07 - 2015-09-21 16:49 - 00000000 ____D C:\Users\Juliana Nunes\AppData\Roaming\uTorrent
2015-11-01 17:06 - 2015-05-24 19:26 - 00000000 ____D C:\Users\Juliana Nunes\AppData\Roaming\Skype
2015-11-01 17:04 - 2015-08-05 18:38 - 00000362 _____ C:\Windows\Tasks\DriverToolkit Autorun.job
2015-11-01 17:04 - 2015-06-08 21:46 - 00053312 _____ C:\Windows\setupact.log
2015-11-01 17:04 - 2015-06-08 21:33 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-01 17:04 - 2015-06-02 13:35 - 00000000 ____D C:\Users\Juliana Nunes\AppData\LocalLow\SmartWeb
2015-11-01 17:04 - 2009-07-14 01:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-01 16:53 - 2015-06-08 21:45 - 00568410 _____ C:\Windows\PFRO.log
2015-11-01 16:53 - 2015-05-24 19:35 - 00000000 ____D C:\Users\Todos os Usuários\Norton
2015-11-01 16:53 - 2015-05-24 19:35 - 00000000 ____D C:\ProgramData\Norton
2015-11-01 16:48 - 2015-07-19 00:20 - 00000000 ____D C:\Users\Juliana Nunes\AppData\Local\MEGAsync
2015-11-01 15:21 - 2009-07-14 01:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-10-31 16:33 - 2015-06-02 12:44 - 00000000 ____D C:\Users\Juliana Nunes\Documents\Luana Nunes
2015-10-31 16:14 - 2015-09-22 08:13 - 00000000 ____D C:\Users\Juliana Nunes\Documents\Wondershare PDF to Word
2015-10-31 16:02 - 2012-12-05 14:20 - 00000000 ____D C:\Users\Juliana Nunes\Desktop\Nova pasta
2015-10-31 15:15 - 2015-07-15 13:03 - 00000000 ____D C:\Users\Juliana Nunes\AppData\Local\Popcorn-Time
2015-10-28 14:42 - 2015-05-27 14:15 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2015-10-27 15:05 - 2015-06-02 14:46 - 00000000 ____D C:\Users\Juliana Nunes\AppData\Local\CrashDumps
2015-10-26 20:56 - 2015-05-30 23:23 - 00000000 ____D C:\Users\Todos os Usuários\ProductData
2015-10-26 20:56 - 2015-05-30 23:23 - 00000000 ____D C:\ProgramData\ProductData
2015-10-20 14:51 - 2015-05-23 17:08 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-10-20 14:51 - 2015-05-23 17:08 - 00000000 ____D C:\Windows\system32\appraiser
2015-10-18 11:38 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\system32\pt-BR
2015-10-18 11:34 - 2015-05-23 17:05 - 00000000 ____D C:\Windows\system32\MRT
2015-10-18 10:48 - 2015-05-23 17:05 - 141105520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-10-18 10:23 - 2015-08-24 20:42 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-10-18 10:23 - 2015-08-24 20:42 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-10-13 18:21 - 2015-08-04 15:07 - 00000000 ____D C:\Users\Juliana Nunes\AppData\Roaming\vlc
2015-10-13 17:22 - 2015-09-02 12:43 - 00000000 ____D C:\Users\Juliana Nunes\AppData\Roaming\AMCPromote
2015-10-11 13:36 - 2015-05-24 22:48 - 00000000 ___SD C:\Windows\system32\GWX
2015-10-10 14:30 - 2015-06-02 13:20 - 00000000 ____D C:\Users\Juliana Nunes\AppData\Roaming\03000200-1433262024-0500-0006-000700080009
2015-10-08 13:27 - 2015-07-15 12:59 - 00000000 ____D C:\Users\Juliana Nunes\AppData\Local\Popcorn Time
2015-10-07 12:33 - 2015-06-16 15:56 - 00000000 ____D C:\Program Files\Microsoft Care Suite
2015-10-07 12:33 - 2015-05-24 09:02 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2015-10-07 12:33 - 2015-05-24 09:02 - 00000000 ____D C:\ProgramData\Package Cache
2015-10-07 12:31 - 2015-06-16 15:46 - 00098968 _____ C:\Windows\DPINST.LOG

==================== Files in the root of some directories =======

2015-05-23 21:22 - 2015-05-23 21:44 - 6103040 _____ () C:\Program Files\GUT4D84.tmp
2015-09-21 15:44 - 2015-09-21 15:44 - 6420480 _____ () C:\Program Files\GUT4EB8.tmp
2015-05-23 22:10 - 2015-05-23 22:10 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Juliana Nunes\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Juliana Nunes\AppData\Local\Temp\update.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-22 07:37

==================== End of FRST.txt ============================



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,330 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:46 AM

Posted 01 November 2015 - 04:26 PM

:welcome:

Hello Erganth,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
Do you have a log / warning about a trojan? Please give us details!
 

***


Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 Erganth

Erganth
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:46 PM

Posted 02 November 2015 - 04:09 PM

I was presuming that my pc was infected with trojan because i'm having a lot of pop up ads and suddently it goes all real slow.

 

Anyway here's the securitycheck log:

 

 Results of screen317's Security Check version 1.009  
 Windows 7 Service Pack 1 x86 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 CCleaner     
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox (41.0.2)
 Google Chrome (46.0.2490.71)
 Google Chrome (46.0.2490.80)
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
 

 

 

 

 



#4 Jo*

Jo*

  • Malware Response Team
  • 3,330 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:46 AM

Posted 02 November 2015 - 04:37 PM

Hello Erganth,

Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 Jo*

Jo*

  • Malware Response Team
  • 3,330 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:46 AM

Posted 05 November 2015 - 03:34 AM

Hi,

it has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you are having problems and still need help.

Note: Threads will be closed if no response after 3 days.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#6 Jo*

Jo*

  • Malware Response Team
  • 3,330 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:46 AM

Posted 08 November 2015 - 11:05 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users