Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IDM Rogue Extension Keeps Reinstalling Itself in Chrome


  • This topic is locked This topic is locked
2 replies to this topic

#1 dreamhouse

dreamhouse

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:01:42 PM

Posted 07 November 2015 - 10:40 AM

Hi,

 

I lost my IDM extension in Chrome and decided to install one from the Chrome Web store and after installing it, I had hao123 hijacking Chrome´s homepage. I realized it was bogus it´s name is IDM Integration Module Extension 0.1.3.2, so I uninstalled it going to Chrome´s extension folder after getting it´s ID in Developer mode, but to no avail because it keeps reinstalling itself after  some hours of use. If I simply throw it in the trashcan when deleting it calls for a diffferent page and it is then that hao123 is installed. I´ve tried every cleaning method you can name and no use, it keeps coming back....ah, I installed no new programs!

 

Here goes the FRST.txt and attached addition.txt (NOTE: this line { (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe} refers to my bank software which is usually read as a malware, but it´s not obviously! It´s just a piece of junk programming hahahah!  THANK YOU IN ADVANCE!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-11-2015
Ran by Clarita Maia (administrator) on CLARITAMAIA-PC (07-11-2015 13:21:34)
Running from C:\Users\Clarita Maia\Desktop
Loaded Profiles: Clarita Maia (Available Profiles: Clarita Maia)
Platform: Windows 10 Pro (X64) Language: Português (Brasil)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper\ABService.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe
() C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1026.13580.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1510.13020.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.15081.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16407296 2015-10-25] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6133520 2015-11-06] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc.)
Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-08-19] (Banco do Brasil)
HKU\S-1-5-21-718468114-2348770635-4178057941-1007\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2014-11-18] (Siber Systems)
HKU\S-1-5-21-718468114-2348770635-4178057941-1007\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [48145024 2015-10-14] (Skype Technologies S.A.)
HKU\S-1-5-21-718468114-2348770635-4178057941-1007\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3907152 2015-11-02] (Tonec Inc.)
HKU\S-1-5-21-718468114-2348770635-4178057941-1007\...\RunOnce: [Uninstall C:\Users\Clarita Maia\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Clarita Maia\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-718468114-2348770635-4178057941-1007\...\RunOnce: [Uninstall C:\Users\Clarita Maia\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Clarita Maia\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
HKU\S-1-5-21-718468114-2348770635-4178057941-1007\...\MountPoints2: {72053eb7-5f12-11e4-8250-902b3422dcd2} - "I:\HPLauncher.exe" 
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll [1896320 2015-08-19] (Banco do Brasil)
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-10-03] (AVAST Software)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
GroupPolicyScripts: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 72.4.146.248 8.8.8.8
Tcpip\..\Interfaces\{b5e599a8-7b32-411b-8497-4172db635a48}: [DhcpNameServer] 72.4.146.248 8.8.8.8
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-718468114-2348770635-4178057941-1007\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-718468114-2348770635-4178057941-1007\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-09-28] (Internet Download Manager, Tonec Inc.)
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-08-25] (IObit)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2014-11-18] (Siber Systems Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-27] (AVAST Software)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-15] (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-09-28] (Internet Download Manager, Tonec Inc.)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2014-11-18] (Siber Systems Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-20] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-27] (AVAST Software)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll [2015-08-19] (Banco do Brasil)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-20] (Oracle Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2014-11-18] (Siber Systems Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2014-11-18] (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-718468114-2348770635-4178057941-1007 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2014-11-18] (Siber Systems Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Clarita Maia\AppData\Roaming\Mozilla\Firefox\Profiles\dw3j63h0.default-1437004879997
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-20] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2014-05-19] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-718468114-2348770635-4178057941-1007: eagleget.com/EagleGet64 -> C:\Program Files (x86)\EagleGet\npEagleget64.dll [No File]
FF Plugin HKU\S-1-5-21-718468114-2348770635-4178057941-1007: gastecnologia.com.br/sf/bb -> C:\Users\Clarita Maia\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll [2015-03-06] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-718468114-2348770635-4178057941-1007: gastecnologia.com.br/sf/bb64 -> C:\Users\Clarita Maia\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll [2015-03-06] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-718468114-2348770635-4178057941-1007: gastecnologia.com.br/sf/gas64 -> C:\Users\Clarita Maia\AppData\Local\GAS Tecnologia\GBBD\npsf_gas_64.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-10-03] [not signed]
FF HKU\S-1-5-21-718468114-2348770635-4178057941-1007\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886C}] - C:\Users\Clarita Maia\AppData\Local\GAS Tecnologia\GBBD\bb\xpi
FF Extension: GBBD Banco do Brasil - C:\Users\Clarita Maia\AppData\Local\GAS Tecnologia\GBBD\bb\xpi [2015-08-16] [not signed]
FF HKU\S-1-5-21-718468114-2348770635-4178057941-1007\...\Firefox\Extensions: [xdmff@xdman.sourceforge.net] - C:\Users\Clarita Maia\AppData\Local\XDM\xdmff => not found
FF HKU\S-1-5-21-718468114-2348770635-4178057941-1007\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: IDM integration - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2015-10-02]
FF HKU\S-1-5-21-718468114-2348770635-4178057941-1007\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-718468114-2348770635-4178057941-1007\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Clarita Maia\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Clarita Maia\AppData\Roaming\IDM\idmmzcc5 [2015-11-07] [not signed]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Tradutor) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-09-12]
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2014-11-03]
CHR Extension: (Google Docs) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (HelloFax: 50 páginas gratuitas de fax) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm [2015-02-25]
CHR Extension: (Facebook) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2014-10-30]
CHR Extension: (Adblock Plus) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-09-22]
CHR Extension: (Spotify - Music for every moment) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2014-11-22]
CHR Extension: (Google Search) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Tampermonkey) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-11-06]
CHR Extension: (Google Agenda) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-10-12]
CHR Extension: (Skype Links) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\epbmllnadbdnppblcebkkmapkinkdchd [2015-08-14]
CHR Extension: (Conversor de Medidas) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbiicdapcioonpclifmhmcnhhdegnpke [2015-10-26]
CHR Extension: (Readium) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl [2015-07-27]
CHR Extension: (Compressor de PDF - Smallpdf.com) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gealeehfjeflamgnohlhabaefbfjfjgc [2014-10-30]
CHR Extension: (Musixmatch) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfenjblodoldnbiddmggcbkcapiolbig [2015-09-15]
CHR Extension: (Documentos Google off-line) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04]
CHR Extension: (Hola -  Proxy livre VPN) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-11-06]
CHR Extension: (Avast Online Security) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-02]
CHR Extension: (Timer) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhclmngbkkejbdfjmicnkmoggfpehein [2015-10-27]
CHR Extension: (Checker Plus for Google Calendar™) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkhggnncdpfibdhinjiegagmopldibha [2015-11-02]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-10-30]
CHR Extension: (The Weather Channel for Chrome) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop [2014-10-30]
CHR Extension: (NEnhancer) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijanohecbcpdgnpiabdfehfjgcapepbm [2015-11-02]
CHR Extension: (SoundCloud) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipebkipbeggmmkjjljenoblnfaenambp [2015-07-12]
CHR Extension: (Botão do Google Acadêmico) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldipcbpaocekfooobnbcddclnhejkcpn [2015-11-01]
CHR Extension: (Skype Click to Call) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-10-13]
CHR Extension: (Google Maps) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-09-18]
CHR Extension: (Verificador de mensagens do Google) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2014-10-30]
CHR Extension: (GBBD Banco do Brasil) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkeabchhfifpaaoefpockjhaphjmoapp [2015-03-16]
CHR Extension: (Ghostery) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-09-18]
CHR Extension: (Sunrise Calendar) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\mojepfklcankkmikonjlnidiooanmpbb [2015-10-31]
CHR Extension: (IDM Integration Module) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2015-11-02]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-23]
CHR Extension: (WeVideo - Criador e Editor de Vídeos) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\okgjbfikepgflmlelgfgecmgjnmnmnnb [2015-10-12]
CHR Extension: (Desktop Client for Viber™) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\olamheimegmegknankiijehcgocchdph [2014-10-30]
CHR Extension: (Gmail) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
CHR Extension: (RoboForm Password Manager) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2015-11-03]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-10-16]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-11-18]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-04-01]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-01]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-10-16]
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-11-18]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-07-15] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-10-03] (AVAST Software)
R2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [29912 2015-09-15] (AOMEI Tech Co., Ltd.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [587576 2015-08-12] (GAS Tecnologia)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-29] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe [230920 2014-05-19] (Nitro PDF Software)
R2 NitroUpdateService; C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [417800 2014-05-19] ()
U2 OneSyncSvc_Session11; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
U2 OneSyncSvc_Session11; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_Session11; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_Session11; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5447952 2015-03-25] (TeamViewer GmbH)
U3 UnistoreSvc_Session11; C:\WINDOWS\System32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
U3 UnistoreSvc_Session11; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
U3 UserDataSvc_Session11; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
U3 UserDataSvc_Session11; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [858424 2015-06-19] (GAS Tecnologia LTDA)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [30648 2015-02-26] () [File not signed]
R0 amdide64; C:\Windows\System32\drivers\amdide64.sys [11944 2015-03-27] (Advanced Micro Devices Inc.)
R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [151480 2015-02-26] () [File not signed]
R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [17848 2015-02-26] () [File not signed]
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-10-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-10-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-10-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-10-03] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-10-03] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-10-03] (AVAST Software)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-10-25] (Advanced Micro Devices)
S1 gbpddfac; C:\Windows\System32\drivers\gbpddfac64.sys [0 2015-11-02] () <==== ATTENTION (zero byte File/Folder)
R3 GBPRCM; C:\PROGRAM FILES (X86)\GBPLUGIN\gbprcm64.sys [21720 2015-04-29] (GAS Tecnologia)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2014-12-29] (REALiX™)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-07] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
S0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [290520 2015-02-12] (IBM Corp.)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-01-20] (GAS Tecnologia LTDA)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
R4 WinDivert1.1; C:\Program Files\Diebold\Warsaw\WinDivert64.sys [38104 2015-04-01] (Basil)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-07 13:21 - 2015-11-07 13:22 - 00030079 _____ C:\Users\Clarita Maia\Desktop\FRST.txt
2015-11-07 13:21 - 2015-11-07 13:21 - 00000000 ____D C:\FRST
2015-11-07 13:15 - 2015-11-07 13:15 - 02198528 _____ (Farbar) C:\Users\Clarita Maia\Desktop\FRST64.exe
2015-11-07 12:57 - 2015-11-07 12:57 - 00000000 ___RD C:\Users\Clarita Maia\3D Objects
2015-11-07 12:46 - 2015-11-07 12:46 - 00016148 _____ C:\WINDOWS\system32\CLARITAMAIA-PC_Clarita Maia_HistoryPrediction.bin
2015-11-06 10:06 - 2015-11-06 10:06 - 00001083 _____ C:\Users\Public\Desktop\SMPlayer.lnk
2015-11-06 10:06 - 2015-11-06 10:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SMPlayer
2015-11-06 09:57 - 2015-11-06 09:57 - 00000000 ____D C:\Users\Clarita Maia\AppData\Local\CEF
2015-11-06 09:52 - 2015-11-06 09:52 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-06 09:52 - 2015-11-06 09:52 - 00002131 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-11-03 21:37 - 2015-11-06 09:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-03 11:53 - 2015-11-03 11:53 - 00001829 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-11-03 11:53 - 2015-11-03 11:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-11-03 11:53 - 2015-11-03 11:53 - 00000000 ____D C:\Program Files\iTunes
2015-11-03 11:53 - 2015-11-03 11:53 - 00000000 ____D C:\Program Files\iPod
2015-11-03 11:53 - 2015-11-03 11:53 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-11-02 22:47 - 2015-11-02 22:47 - 00000981 _____ C:\Users\Public\Desktop\AIMP3.lnk
2015-11-02 22:47 - 2015-11-02 22:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3
2015-11-02 13:24 - 2015-11-02 13:24 - 00000000 ____D C:\Users\Clarita Maia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2015-11-02 13:24 - 2015-11-02 13:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2015-11-02 12:49 - 2015-11-02 12:49 - 00000000 ____D C:\Users\Clarita Maia\AppData\Roaming\Subhra Das Gupta
2015-11-02 12:41 - 2015-11-03 15:21 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2015-11-02 12:41 - 2015-11-02 20:16 - 00000000 ____D C:\Users\Clarita Maia\AppData\Roaming\IDM
2015-11-02 09:34 - 2015-11-02 09:39 - 00000000 ____D C:\Users\Clarita Maia\AppData\Local\CatalinaGroup
2015-11-02 09:18 - 2015-11-02 09:18 - 00000000 _____ C:\WINDOWS\system32\Drivers\gbpddfac64.sys
2015-10-31 17:11 - 2015-10-31 17:11 - 00000000 ____D C:\Users\Clarita Maia\.cache
2015-10-30 07:42 - 2015-10-27 21:38 - 21871616 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-10-30 07:42 - 2015-10-27 21:16 - 18801664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-10-30 07:42 - 2015-10-21 10:45 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-10-30 07:42 - 2015-10-21 10:44 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-10-30 07:42 - 2015-10-21 10:43 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-10-30 07:42 - 2015-10-21 10:39 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-10-30 07:42 - 2015-10-21 10:00 - 24595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-10-30 07:42 - 2015-10-21 10:00 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-10-30 07:42 - 2015-10-21 09:59 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2015-10-30 07:42 - 2015-10-21 09:57 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-10-30 07:42 - 2015-10-21 09:52 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-10-30 07:42 - 2015-10-21 09:50 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-10-30 07:42 - 2015-10-21 09:48 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-10-30 07:42 - 2015-10-21 09:47 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-10-30 07:42 - 2015-10-21 09:46 - 02179584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-10-30 07:42 - 2015-10-21 09:46 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-10-30 07:42 - 2015-10-21 09:44 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-10-30 07:42 - 2015-10-21 09:44 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-10-30 07:42 - 2015-10-21 09:43 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2015-10-30 07:42 - 2015-10-21 09:42 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-10-30 07:42 - 2015-10-21 09:41 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-10-30 07:42 - 2015-10-21 09:40 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2015-10-30 07:42 - 2015-10-21 09:38 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2015-10-30 07:42 - 2015-10-21 03:53 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-10-30 07:42 - 2015-10-21 03:49 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-10-30 07:42 - 2015-10-21 03:13 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-10-30 07:42 - 2015-10-21 03:11 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-10-30 07:42 - 2015-10-21 03:08 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-10-30 07:42 - 2015-10-21 03:05 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-10-30 07:42 - 2015-10-21 03:03 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-10-30 07:42 - 2015-10-21 03:03 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2015-10-30 07:42 - 2015-10-21 02:58 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2015-10-30 07:42 - 2015-10-21 02:58 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-10-30 07:42 - 2015-10-21 02:55 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2015-10-28 17:06 - 2015-10-28 17:06 - 00001107 _____ C:\Users\Clarita Maia\Desktop\ExtractNow.lnk
2015-10-28 17:06 - 2015-10-28 17:06 - 00000000 ____D C:\Users\Clarita Maia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ExtractNow
2015-10-28 17:06 - 2015-10-28 17:06 - 00000000 ____D C:\Users\Clarita Maia\AppData\Local\ExtractNow
2015-10-28 17:06 - 2015-10-28 17:06 - 00000000 ____D C:\Program Files (x86)\ExtractNow
2015-10-28 14:26 - 2015-10-28 14:31 - 00000000 ____D C:\Users\Clarita Maia\AppData\Roaming\Azureus
2015-10-28 14:26 - 2015-10-28 14:26 - 00001924 _____ C:\Users\Public\Desktop\Vuze.lnk
2015-10-28 14:26 - 2015-10-28 14:26 - 00001924 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2015-10-28 14:26 - 2015-10-28 14:26 - 00000000 ____D C:\Users\Clarita Maia\.swt
2015-10-28 14:26 - 2015-10-28 14:26 - 00000000 ____D C:\Program Files (x86)\Vuze
2015-10-28 14:05 - 2015-10-28 14:05 - 00000000 ____D C:\Users\Clarita Maia\AppData\LocalLow\uTorrent
2015-10-25 10:07 - 2015-10-25 10:29 - 00002230 _____ C:\Users\Public\Desktop\Driver Booster 3.lnk
2015-10-25 10:07 - 2015-10-25 10:09 - 00003426 _____ C:\WINDOWS\System32\Tasks\Driver Booster Scheduler
2015-10-25 10:07 - 2015-10-25 10:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 3
2015-10-25 10:05 - 2015-10-25 10:05 - 00103424 _____ (Advanced Micro Devices) C:\WINDOWS\system32\DelayAPO.dll
2015-10-25 10:04 - 2015-10-25 10:04 - 03951402 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2015-10-25 10:04 - 2015-10-25 10:04 - 03271912 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2015-10-25 10:04 - 2015-10-25 10:04 - 02997504 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2015-10-25 10:04 - 2015-10-25 10:04 - 02893568 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2015-10-25 10:04 - 2015-10-25 10:04 - 02028672 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2015-10-25 10:04 - 2015-10-25 10:04 - 01352000 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2015-10-25 10:04 - 2015-10-25 10:04 - 00689888 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2015-10-25 10:04 - 2015-10-25 10:04 - 00532384 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2015-10-25 10:04 - 2015-10-25 10:04 - 00387320 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2015-10-25 10:04 - 2015-10-25 10:04 - 00343712 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2015-10-25 10:04 - 2015-10-25 10:04 - 00321720 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2015-10-25 10:04 - 2015-10-25 10:04 - 00321720 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2015-10-25 10:04 - 2015-10-25 10:04 - 00221976 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll
2015-10-25 10:04 - 2015-10-25 10:04 - 00214840 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2015-10-25 10:04 - 2015-10-25 10:04 - 00209544 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll
2015-10-25 10:04 - 2015-10-25 10:04 - 00195192 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2015-10-25 10:04 - 2015-10-25 10:04 - 00166208 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2015-10-25 10:04 - 2015-10-25 10:04 - 00110992 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2015-10-25 10:04 - 2015-10-25 10:04 - 00088352 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2015-10-25 10:03 - 2015-10-25 10:03 - 03278416 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll
2015-10-25 10:03 - 2015-10-25 10:03 - 02050184 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioEQ64.dll
2015-10-25 10:03 - 2015-10-25 10:03 - 00914024 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBAPO64.dll
2015-10-25 10:03 - 2015-10-25 10:03 - 00768824 _____ (Creative Technology Ltd.) C:\WINDOWS\SysWOW64\MBAPO32.dll
2015-10-25 10:03 - 2015-10-25 10:03 - 00574760 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
2015-10-25 10:03 - 2015-10-25 10:03 - 00330568 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO20.dll
2015-10-25 10:03 - 2015-10-25 10:03 - 00122328 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2015-10-25 10:03 - 2015-10-25 10:03 - 00118600 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll
2015-10-25 10:03 - 2015-10-25 10:03 - 00074608 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBppld64.dll
2015-10-25 10:03 - 2015-10-25 10:03 - 00069928 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBPPCn64.dll
2015-10-24 11:48 - 2015-10-24 11:48 - 00001006 _____ C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk
2015-10-19 13:15 - 2015-10-23 08:55 - 00000000 ____D C:\Users\Clarita Maia\Desktop\SERPLAN - pneus
2015-10-17 19:49 - 2015-10-17 19:49 - 00000000 ____D C:\Users\Clarita Maia\AppData\Local\AMD
2015-10-16 10:29 - 2015-06-12 00:00 - 00197616 _____ (Tonec Inc.) C:\WINDOWS\system32\Drivers\idmwfp.sys
2015-10-14 17:13 - 2015-10-06 01:03 - 16708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-10-14 17:13 - 2015-10-01 02:00 - 08020320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-10-14 17:13 - 2015-09-25 01:56 - 22322624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-10-14 17:13 - 2015-09-25 01:26 - 20858360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-10-14 17:13 - 2015-09-25 01:09 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-10-14 17:13 - 2015-09-25 01:02 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-10-14 17:13 - 2015-09-25 00:36 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-10-14 17:12 - 2015-10-10 05:12 - 00078528 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-10-14 17:12 - 2015-10-06 00:46 - 13027840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-10-14 17:12 - 2015-10-01 02:01 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-10-14 17:12 - 2015-10-01 02:01 - 01123400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-10-14 17:12 - 2015-10-01 02:01 - 01018568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-10-14 17:12 - 2015-10-01 02:01 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-10-14 17:12 - 2015-10-01 01:03 - 00757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-10-14 17:12 - 2015-09-25 02:01 - 02573768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-10-14 17:12 - 2015-09-25 02:01 - 00498016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-10-14 17:12 - 2015-09-25 01:52 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2015-10-14 17:12 - 2015-09-25 01:33 - 01997336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-10-14 17:12 - 2015-09-25 01:11 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2015-10-14 17:12 - 2015-09-25 01:11 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2015-10-14 17:12 - 2015-09-25 01:07 - 01276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-10-14 17:12 - 2015-09-25 01:04 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-10-14 17:12 - 2015-09-25 01:04 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2015-10-14 17:12 - 2015-09-25 01:03 - 00796160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2015-10-14 17:12 - 2015-09-25 01:03 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-10-14 17:12 - 2015-09-25 01:02 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-10-14 17:12 - 2015-09-25 01:02 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2015-10-14 17:12 - 2015-09-25 01:01 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-10-14 17:12 - 2015-09-25 01:01 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-10-14 17:12 - 2015-09-25 01:00 - 01423872 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2015-10-14 17:12 - 2015-09-25 01:00 - 01382400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-10-14 17:12 - 2015-09-25 01:00 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2015-10-14 17:12 - 2015-09-25 01:00 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2015-10-14 17:12 - 2015-09-25 00:59 - 01205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-10-14 17:12 - 2015-09-25 00:59 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2015-10-14 17:12 - 2015-09-25 00:59 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2015-10-14 17:12 - 2015-09-25 00:59 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2015-10-14 17:12 - 2015-09-25 00:59 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2015-10-14 17:12 - 2015-09-25 00:59 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2015-10-14 17:12 - 2015-09-25 00:58 - 01871360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-10-14 17:12 - 2015-09-25 00:47 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2015-10-14 17:12 - 2015-09-25 00:47 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2015-10-14 17:12 - 2015-09-25 00:38 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-10-14 17:12 - 2015-09-25 00:38 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-10-14 17:12 - 2015-09-25 00:38 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2015-10-14 17:12 - 2015-09-25 00:38 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-10-14 17:12 - 2015-09-25 00:37 - 00766976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-10-14 17:12 - 2015-09-25 00:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2015-10-14 17:12 - 2015-09-25 00:37 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2015-10-14 17:12 - 2015-09-25 00:36 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-10-14 17:12 - 2015-09-25 00:34 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-10-14 17:12 - 2015-09-25 00:34 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2015-10-14 17:12 - 2015-09-25 00:34 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2015-10-14 17:12 - 2015-09-25 00:34 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2015-10-14 17:12 - 2015-09-25 00:34 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2015-10-14 17:12 - 2015-09-25 00:33 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2015-10-14 17:12 - 2015-09-25 00:32 - 01594368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-10-14 17:12 - 2015-09-25 00:32 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2015-10-08 22:28 - 2015-10-08 22:28 - 00000000 ____D C:\$WINDOWS.~BT
2015-10-08 17:54 - 2015-10-08 17:54 - 00000000 ___HD C:\$Windows.~WS
2015-10-08 16:34 - 2015-10-08 16:34 - 00001137 _____ C:\Users\Public\Desktop\AOMEI Backupper Standard.lnk
2015-10-08 16:34 - 2015-10-08 16:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Backupper
2015-10-08 16:33 - 2015-10-08 16:34 - 00000000 ____D C:\Program Files (x86)\AOMEI Backupper
2015-10-08 11:34 - 2015-10-08 11:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ Disk Image Freeware
2015-10-08 11:34 - 2015-10-08 11:34 - 00000000 ____D C:\Program Files\LSoft Technologies
2015-10-08 10:54 - 2015-10-08 10:54 - 00000000 ____D C:\Users\Todos os Usuários\IsolatedStorage
2015-10-08 10:54 - 2015-10-08 10:54 - 00000000 ____D C:\Users\Clarita Maia\AppData\Roaming\IsolatedStorage
2015-10-08 10:54 - 2015-10-08 10:54 - 00000000 ____D C:\ProgramData\IsolatedStorage
2015-10-08 10:53 - 2015-10-08 10:53 - 00000000 ____D C:\Spacekace
2015-10-08 10:39 - 2015-10-08 10:39 - 00002642 _____ C:\Users\Public\Desktop\Skype.lnk
2015-10-08 10:39 - 2015-10-08 10:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-07 13:21 - 2014-10-30 18:42 - 00000000 ____D C:\Users\Clarita Maia\AppData\Roaming\DMCache
2015-11-07 13:17 - 2014-11-11 15:53 - 00000000 ____D C:\Users\Clarita Maia\AppData\Roaming\Skype
2015-11-07 13:03 - 2015-06-01 11:09 - 00001100 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-07 12:57 - 2015-08-05 10:24 - 00000000 ____D C:\Users\Clarita Maia
2015-11-07 12:36 - 2015-08-05 10:21 - 00095341 _____ C:\WINDOWS\system32\lvcoinst.log
2015-11-07 12:34 - 2015-04-28 10:30 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-11-07 12:34 - 2014-10-29 09:21 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-11-07 12:32 - 2015-07-10 10:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-07 12:32 - 2015-06-01 11:09 - 00001096 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-07 12:32 - 2014-10-29 19:00 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2015-11-07 12:31 - 2015-08-05 10:18 - 00042210 _____ C:\WINDOWS\PFRO.log
2015-11-07 12:31 - 2015-07-10 10:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-07 09:01 - 2015-07-10 09:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-07 09:00 - 2014-10-30 17:58 - 00004194 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{ED696453-A901-4BDC-B0E6-EDAA578599B5}
2015-11-07 08:58 - 2015-07-10 09:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-11-06 21:12 - 2015-09-03 12:30 - 00000000 ____D C:\Users\Clarita Maia\Desktop\Multas
2015-11-06 17:03 - 2015-07-12 11:24 - 00449992 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-11-06 17:03 - 2015-04-28 10:30 - 01059656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2015-11-06 15:02 - 2014-10-29 19:20 - 00000000 ____D C:\Users\Todos os Usuários\firebird
2015-11-06 15:02 - 2014-10-29 19:20 - 00000000 ____D C:\ProgramData\firebird
2015-11-06 10:06 - 2014-10-29 19:47 - 00000000 ____D C:\Program Files (x86)\SMPlayer
2015-11-06 09:58 - 2014-10-30 16:55 - 00000000 ____D C:\Users\Clarita Maia\AppData\Roaming\Adobe
2015-11-06 09:57 - 2014-10-30 18:55 - 00000000 ____D C:\Users\Clarita Maia\AppData\Local\Adobe
2015-11-06 09:52 - 2015-06-01 14:04 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-11-06 09:52 - 2014-10-29 21:11 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-11-06 09:51 - 2014-10-29 21:10 - 00000000 ____D C:\Users\Todos os Usuários\Adobe
2015-11-06 09:51 - 2014-10-29 21:10 - 00000000 ____D C:\ProgramData\Adobe
2015-11-06 08:57 - 2014-10-30 16:55 - 00000000 ____D C:\Users\Clarita Maia\AppData\Local\Packages
2015-11-06 08:27 - 2015-07-15 13:39 - 00000322 _____ C:\WINDOWS\Tasks\Uninstaller_SkipUac_Clarita_Maia.job
2015-11-06 07:58 - 2015-04-23 18:15 - 00002536 _____ C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_Clarita_Maia
2015-11-05 13:15 - 2015-07-15 14:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-05 13:14 - 2015-07-10 07:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-11-04 07:14 - 2014-10-29 08:47 - 00000000 ____D C:\Users\Todos os Usuários\Skype
2015-11-04 07:14 - 2014-10-29 08:47 - 00000000 ____D C:\ProgramData\Skype
2015-11-03 15:23 - 2014-10-29 09:46 - 00000000 ____D C:\Users\Todos os Usuários\ProductData
2015-11-03 15:23 - 2014-10-29 09:46 - 00000000 ____D C:\ProgramData\ProductData
2015-11-03 11:53 - 2014-11-18 13:55 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-11-03 09:55 - 2015-07-10 09:04 - 00000000 ____D C:\WINDOWS\rescache
2015-11-02 22:50 - 2014-11-01 17:57 - 00000000 ____D C:\Users\Clarita Maia\AppData\Roaming\AIMP3
2015-11-02 22:46 - 2014-10-29 15:45 - 00000000 ____D C:\Program Files (x86)\AIMP3
2015-11-02 16:31 - 2015-03-23 17:51 - 00000000 ____D C:\KMPlayer
2015-11-02 12:02 - 2014-10-29 19:00 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin
2015-11-02 12:02 - 2014-10-29 19:00 - 00000000 ____D C:\ProgramData\GbPlugin
2015-11-02 11:43 - 2015-03-22 08:48 - 00000000 ____D C:\Users\Clarita Maia\Desktop\Soltos
2015-10-31 10:41 - 2015-04-27 15:09 - 00000000 ____D C:\Users\Clarita Maia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativos do Google Chrome
2015-10-31 09:38 - 2015-08-05 10:23 - 02001980 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-31 09:38 - 2015-07-10 14:36 - 00849720 _____ C:\WINDOWS\system32\prfh0416.dat
2015-10-31 09:38 - 2015-07-10 14:36 - 00181818 _____ C:\WINDOWS\system32\prfc0416.dat
2015-10-31 09:29 - 2015-07-10 09:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-10-30 17:31 - 2015-07-10 08:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-10-28 14:31 - 2014-12-06 15:12 - 00000000 ____D C:\Users\Clarita Maia\AppData\Roaming\uTorrent
2015-10-27 14:17 - 2015-07-10 09:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-10-25 10:53 - 2014-11-15 14:46 - 00000000 ____D C:\Users\Clarita Maia\AppData\Roaming\calibre
2015-10-25 10:09 - 2015-05-05 09:08 - 00003088 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (Clarita Maia)
2015-10-25 10:06 - 2015-07-10 10:20 - 00020912 _____ C:\WINDOWS\setupact.log
2015-10-25 10:05 - 2015-05-28 08:00 - 00102912 _____ (Advanced Micro Devices) C:\WINDOWS\system32\Drivers\AtihdWT6.sys
2015-10-25 10:04 - 2015-08-05 10:20 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2015-10-25 10:04 - 2015-06-24 23:59 - 02958904 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2015-10-25 10:04 - 2015-06-24 23:57 - 04613888 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2015-10-25 10:04 - 2015-06-24 23:57 - 00023704 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2015-10-25 10:03 - 2015-06-24 23:59 - 00410032 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBWrp64.dll
2015-10-24 11:48 - 2014-11-15 14:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2015-10-24 11:48 - 2014-11-15 14:45 - 00000000 ____D C:\Program Files\Calibre2
2015-10-24 10:48 - 2015-10-04 13:30 - 00000736 _____ C:\Users\Clarita Maia\Desktop\compra vap.txt
2015-10-23 09:24 - 2014-10-30 17:39 - 00000000 ____D C:\Users\Clarita Maia\AppData\Local\Windows Live
2015-10-16 10:57 - 2014-10-29 18:02 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help
2015-10-16 10:57 - 2014-10-29 18:02 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-10-16 10:55 - 2015-07-21 13:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-10-16 10:55 - 2013-08-22 11:25 - 00000229 _____ C:\WINDOWS\win.ini
2015-10-16 10:51 - 2014-10-29 09:53 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-10-16 10:42 - 2014-10-29 09:53 - 143481208 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-10-16 01:10 - 2015-10-01 21:09 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-10-16 01:10 - 2015-10-01 21:09 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-15 18:24 - 2014-11-11 15:53 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-10-15 09:05 - 2014-10-29 09:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-15 09:05 - 2014-10-29 09:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-12 10:49 - 2014-10-29 19:00 - 00000000 ____D C:\Users\Todos os Usuários\GAS Tecnologia
2015-10-12 10:49 - 2014-10-29 19:00 - 00000000 ____D C:\ProgramData\GAS Tecnologia
2015-10-10 12:46 - 2015-05-04 13:47 - 00004096 _____ C:\Users\Clarita Maia\Desktop\thyroid - what to watch for.txt
2015-10-08 22:28 - 2015-08-05 10:17 - 00000000 ___DC C:\WINDOWS\Panther
2015-10-08 19:45 - 2015-04-05 14:00 - 00001024 ____H C:\SYSTAG.BIN
2015-10-08 19:45 - 2014-11-11 17:49 - 00000082 _____ C:\WINDOWS\SysWOW64\winsevr.dat
2015-10-08 16:35 - 2014-11-11 17:49 - 00000000 ____D C:\Users\Todos os Usuários\AomeiBR
2015-10-08 16:35 - 2014-11-11 17:49 - 00000000 ____D C:\ProgramData\AomeiBR
 
==================== Files in the root of some directories =======
 
2015-07-15 21:57 - 2015-07-15 21:56 - 0815826 _____ () C:\Users\Clarita Maia\AppData\Roaming\unins000.exe
2015-08-16 12:46 - 2015-08-16 12:46 - 0018508 _____ () C:\Users\Clarita Maia\AppData\Roaming\unins001.dat
2015-08-16 12:46 - 2015-08-16 12:46 - 0815826 _____ () C:\Users\Clarita Maia\AppData\Roaming\unins001.exe
2014-10-30 20:06 - 2015-07-28 18:31 - 0000600 _____ () C:\Users\Clarita Maia\AppData\Roaming\winscp.rnd
2014-10-30 22:34 - 2014-10-30 22:58 - 0000600 _____ () C:\Users\Clarita Maia\AppData\Local\PUTTY.RND
2014-12-01 10:47 - 2014-12-01 10:47 - 0000057 _____ () C:\ProgramData\Ament.ini
 
Files to move or delete:
====================
C:\Users\Public\SkypeSetupFull.exe
 
 
Some files in TEMP:
====================
C:\Users\Clarita Maia\AppData\Local\Temp\i4jdel0.exe
C:\Users\Clarita Maia\AppData\Local\Temp\Opera_NI_stable.exe
 
 
Some zero byte size files/folders:
==========================
C:\Windows\System32\Drivers\gbpddfac64.sys
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-28 17:19
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:42 PM

Posted 07 November 2015 - 11:09 AM

stop multi-posting !

go on with your oeriginal Topic, when a helper picks it up.http://www.bleepingcomputer.com/forums/t/595618/idm-rogue-extension-keeps-reinstalling-itself-in-chrome/


Edited by Queen-Evie, 07 November 2015 - 11:49 AM.
edited to change link.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Members
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:11:42 AM

Posted 07 November 2015 - 11:58 AM

14 duplicate FRST log posts deleted.

 

You may have gotten caught by forum glitch which made you think it was not posted the first time and you kept hitting POST, which caused the extras.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users