Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IDM Rogue Extension Keeps Reinstalling Itself in Chrome


  • This topic is locked This topic is locked
16 replies to this topic

#1 dreamhouse

dreamhouse

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 07 November 2015 - 11:07 AM

Hi,

 

I lost my legit IDM extension and decided to get one from Chrome Web Store. Chose IDM Integration Extension Module  0.1.3.2. After installing it my home page was hijacked by hao123. When trashing it, a new unrelated page opened and hao123 came back again. So I got it´s ID using Developer´s Mode in Chrome´s extension page and uninstalled it from Chrome´s extension folder. Thought that was it; but after a reboot it came back again...and is coming back ever since no matter what I do. Used many cleaning programs to no avail. Please advise me. Thank you, in advance!

 

Here goes the FRST.txt and the addition.txt attachment (NOTE: this line {(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe} refers to my banking security software....a threat on it´s own hahahahah!)

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-11-2015
Ran by Clarita Maia (administrator) on CLARITAMAIA-PC (07-11-2015 13:21:34)
Running from C:\Users\Clarita Maia\Desktop
Loaded Profiles: Clarita Maia (Available Profiles: Clarita Maia)
Platform: Windows 10 Pro (X64) Language: Português (Brasil)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper\ABService.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe
() C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1026.13580.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1510.13020.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.15081.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16407296 2015-10-25] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6133520 2015-11-06] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc.)
Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-08-19] (Banco do Brasil)
HKU\S-1-5-21-718468114-2348770635-4178057941-1007\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2014-11-18] (Siber Systems)
HKU\S-1-5-21-718468114-2348770635-4178057941-1007\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [48145024 2015-10-14] (Skype Technologies S.A.)
HKU\S-1-5-21-718468114-2348770635-4178057941-1007\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3907152 2015-11-02] (Tonec Inc.)
HKU\S-1-5-21-718468114-2348770635-4178057941-1007\...\RunOnce: [Uninstall C:\Users\Clarita Maia\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Clarita Maia\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-718468114-2348770635-4178057941-1007\...\RunOnce: [Uninstall C:\Users\Clarita Maia\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Clarita Maia\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
HKU\S-1-5-21-718468114-2348770635-4178057941-1007\...\MountPoints2: {72053eb7-5f12-11e4-8250-902b3422dcd2} - "I:\HPLauncher.exe" 
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll [1896320 2015-08-19] (Banco do Brasil)
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-10-03] (AVAST Software)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
GroupPolicyScripts: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 72.4.146.248 8.8.8.8
Tcpip\..\Interfaces\{b5e599a8-7b32-411b-8497-4172db635a48}: [DhcpNameServer] 72.4.146.248 8.8.8.8
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-718468114-2348770635-4178057941-1007\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-718468114-2348770635-4178057941-1007\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-09-28] (Internet Download Manager, Tonec Inc.)
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-08-25] (IObit)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2014-11-18] (Siber Systems Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-27] (AVAST Software)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-15] (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-09-28] (Internet Download Manager, Tonec Inc.)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2014-11-18] (Siber Systems Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-20] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-27] (AVAST Software)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll [2015-08-19] (Banco do Brasil)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-20] (Oracle Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2014-11-18] (Siber Systems Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2014-11-18] (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-718468114-2348770635-4178057941-1007 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2014-11-18] (Siber Systems Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Clarita Maia\AppData\Roaming\Mozilla\Firefox\Profiles\dw3j63h0.default-1437004879997
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-20] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2014-05-19] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-718468114-2348770635-4178057941-1007: eagleget.com/EagleGet64 -> C:\Program Files (x86)\EagleGet\npEagleget64.dll [No File]
FF Plugin HKU\S-1-5-21-718468114-2348770635-4178057941-1007: gastecnologia.com.br/sf/bb -> C:\Users\Clarita Maia\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll [2015-03-06] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-718468114-2348770635-4178057941-1007: gastecnologia.com.br/sf/bb64 -> C:\Users\Clarita Maia\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll [2015-03-06] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-718468114-2348770635-4178057941-1007: gastecnologia.com.br/sf/gas64 -> C:\Users\Clarita Maia\AppData\Local\GAS Tecnologia\GBBD\npsf_gas_64.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-10-03] [not signed]
FF HKU\S-1-5-21-718468114-2348770635-4178057941-1007\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886C}] - C:\Users\Clarita Maia\AppData\Local\GAS Tecnologia\GBBD\bb\xpi
FF Extension: GBBD Banco do Brasil - C:\Users\Clarita Maia\AppData\Local\GAS Tecnologia\GBBD\bb\xpi [2015-08-16] [not signed]
FF HKU\S-1-5-21-718468114-2348770635-4178057941-1007\...\Firefox\Extensions: [xdmff@xdman.sourceforge.net] - C:\Users\Clarita Maia\AppData\Local\XDM\xdmff => not found
FF HKU\S-1-5-21-718468114-2348770635-4178057941-1007\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: IDM integration - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2015-10-02]
FF HKU\S-1-5-21-718468114-2348770635-4178057941-1007\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-718468114-2348770635-4178057941-1007\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Clarita Maia\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Clarita Maia\AppData\Roaming\IDM\idmmzcc5 [2015-11-07] [not signed]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Tradutor) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-09-12]
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2014-11-03]
CHR Extension: (Google Docs) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (HelloFax: 50 páginas gratuitas de fax) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm [2015-02-25]
CHR Extension: (Facebook) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2014-10-30]
CHR Extension: (Adblock Plus) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-09-22]
CHR Extension: (Spotify - Music for every moment) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2014-11-22]
CHR Extension: (Google Search) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Tampermonkey) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-11-06]
CHR Extension: (Google Agenda) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-10-12]
CHR Extension: (Skype Links) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\epbmllnadbdnppblcebkkmapkinkdchd [2015-08-14]
CHR Extension: (Conversor de Medidas) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbiicdapcioonpclifmhmcnhhdegnpke [2015-10-26]
CHR Extension: (Readium) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl [2015-07-27]
CHR Extension: (Compressor de PDF - Smallpdf.com) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gealeehfjeflamgnohlhabaefbfjfjgc [2014-10-30]
CHR Extension: (Musixmatch) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfenjblodoldnbiddmggcbkcapiolbig [2015-09-15]
CHR Extension: (Documentos Google off-line) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04]
CHR Extension: (Hola -  Proxy livre VPN) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-11-06]
CHR Extension: (Avast Online Security) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-02]
CHR Extension: (Timer) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhclmngbkkejbdfjmicnkmoggfpehein [2015-10-27]
CHR Extension: (Checker Plus for Google Calendar™) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkhggnncdpfibdhinjiegagmopldibha [2015-11-02]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-10-30]
CHR Extension: (The Weather Channel for Chrome) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop [2014-10-30]
CHR Extension: (NEnhancer) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijanohecbcpdgnpiabdfehfjgcapepbm [2015-11-02]
CHR Extension: (SoundCloud) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipebkipbeggmmkjjljenoblnfaenambp [2015-07-12]
CHR Extension: (Botão do Google Acadêmico) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldipcbpaocekfooobnbcddclnhejkcpn [2015-11-01]
CHR Extension: (Skype Click to Call) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-10-13]
CHR Extension: (Google Maps) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-09-18]
CHR Extension: (Verificador de mensagens do Google) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2014-10-30]
CHR Extension: (GBBD Banco do Brasil) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkeabchhfifpaaoefpockjhaphjmoapp [2015-03-16]
CHR Extension: (Ghostery) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-09-18]
CHR Extension: (Sunrise Calendar) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\mojepfklcankkmikonjlnidiooanmpbb [2015-10-31]
CHR Extension: (IDM Integration Module) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2015-11-02]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-23]
CHR Extension: (WeVideo - Criador e Editor de Vídeos) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\okgjbfikepgflmlelgfgecmgjnmnmnnb [2015-10-12]
CHR Extension: (Desktop Client for Viber™) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\olamheimegmegknankiijehcgocchdph [2014-10-30]
CHR Extension: (Gmail) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
CHR Extension: (RoboForm Password Manager) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2015-11-03]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-10-16]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-11-18]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-04-01]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-01]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-10-16]
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-11-18]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-07-15] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-10-03] (AVAST Software)
R2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [29912 2015-09-15] (AOMEI Tech Co., Ltd.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [587576 2015-08-12] (GAS Tecnologia)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-29] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe [230920 2014-05-19] (Nitro PDF Software)
R2 NitroUpdateService; C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [417800 2014-05-19] ()
U2 OneSyncSvc_Session11; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
U2 OneSyncSvc_Session11; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_Session11; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_Session11; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5447952 2015-03-25] (TeamViewer GmbH)
U3 UnistoreSvc_Session11; C:\WINDOWS\System32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
U3 UnistoreSvc_Session11; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
U3 UserDataSvc_Session11; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
U3 UserDataSvc_Session11; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [858424 2015-06-19] (GAS Tecnologia LTDA)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [30648 2015-02-26] () [File not signed]
R0 amdide64; C:\Windows\System32\drivers\amdide64.sys [11944 2015-03-27] (Advanced Micro Devices Inc.)
R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [151480 2015-02-26] () [File not signed]
R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [17848 2015-02-26] () [File not signed]
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-10-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-10-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-10-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-10-03] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-10-03] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-10-03] (AVAST Software)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-10-25] (Advanced Micro Devices)
S1 gbpddfac; C:\Windows\System32\drivers\gbpddfac64.sys [0 2015-11-02] () <==== ATTENTION (zero byte File/Folder)
R3 GBPRCM; C:\PROGRAM FILES (X86)\GBPLUGIN\gbprcm64.sys [21720 2015-04-29] (GAS Tecnologia)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2014-12-29] (REALiX™)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-07] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
S0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [290520 2015-02-12] (IBM Corp.)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-01-20] (GAS Tecnologia LTDA)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
R4 WinDivert1.1; C:\Program Files\Diebold\Warsaw\WinDivert64.sys [38104 2015-04-01] (Basil)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-07 13:21 - 2015-11-07 13:22 - 00030079 _____ C:\Users\Clarita Maia\Desktop\FRST.txt
2015-11-07 13:21 - 2015-11-07 13:21 - 00000000 ____D C:\FRST
2015-11-07 13:15 - 2015-11-07 13:15 - 02198528 _____ (Farbar) C:\Users\Clarita Maia\Desktop\FRST64.exe
2015-11-07 12:57 - 2015-11-07 12:57 - 00000000 ___RD C:\Users\Clarita Maia\3D Objects
2015-11-07 12:46 - 2015-11-07 12:46 - 00016148 _____ C:\WINDOWS\system32\CLARITAMAIA-PC_Clarita Maia_HistoryPrediction.bin
2015-11-06 10:06 - 2015-11-06 10:06 - 00001083 _____ C:\Users\Public\Desktop\SMPlayer.lnk
2015-11-06 10:06 - 2015-11-06 10:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SMPlayer
2015-11-06 09:57 - 2015-11-06 09:57 - 00000000 ____D C:\Users\Clarita Maia\AppData\Local\CEF
2015-11-06 09:52 - 2015-11-06 09:52 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-06 09:52 - 2015-11-06 09:52 - 00002131 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-11-03 21:37 - 2015-11-06 09:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-03 11:53 - 2015-11-03 11:53 - 00001829 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-11-03 11:53 - 2015-11-03 11:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-11-03 11:53 - 2015-11-03 11:53 - 00000000 ____D C:\Program Files\iTunes
2015-11-03 11:53 - 2015-11-03 11:53 - 00000000 ____D C:\Program Files\iPod
2015-11-03 11:53 - 2015-11-03 11:53 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-11-02 22:47 - 2015-11-02 22:47 - 00000981 _____ C:\Users\Public\Desktop\AIMP3.lnk
2015-11-02 22:47 - 2015-11-02 22:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3
2015-11-02 13:24 - 2015-11-02 13:24 - 00000000 ____D C:\Users\Clarita Maia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2015-11-02 13:24 - 2015-11-02 13:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2015-11-02 12:49 - 2015-11-02 12:49 - 00000000 ____D C:\Users\Clarita Maia\AppData\Roaming\Subhra Das Gupta
2015-11-02 12:41 - 2015-11-03 15:21 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2015-11-02 12:41 - 2015-11-02 20:16 - 00000000 ____D C:\Users\Clarita Maia\AppData\Roaming\IDM
2015-11-02 09:34 - 2015-11-02 09:39 - 00000000 ____D C:\Users\Clarita Maia\AppData\Local\CatalinaGroup
2015-11-02 09:18 - 2015-11-02 09:18 - 00000000 _____ C:\WINDOWS\system32\Drivers\gbpddfac64.sys
2015-10-31 17:11 - 2015-10-31 17:11 - 00000000 ____D C:\Users\Clarita Maia\.cache
2015-10-30 07:42 - 2015-10-27 21:38 - 21871616 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-10-30 07:42 - 2015-10-27 21:16 - 18801664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-10-30 07:42 - 2015-10-21 10:45 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-10-30 07:42 - 2015-10-21 10:44 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-10-30 07:42 - 2015-10-21 10:43 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-10-30 07:42 - 2015-10-21 10:39 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-10-30 07:42 - 2015-10-21 10:00 - 24595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-10-30 07:42 - 2015-10-21 10:00 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-10-30 07:42 - 2015-10-21 09:59 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2015-10-30 07:42 - 2015-10-21 09:57 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-10-30 07:42 - 2015-10-21 09:52 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-10-30 07:42 - 2015-10-21 09:50 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-10-30 07:42 - 2015-10-21 09:48 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-10-30 07:42 - 2015-10-21 09:47 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-10-30 07:42 - 2015-10-21 09:46 - 02179584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-10-30 07:42 - 2015-10-21 09:46 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-10-30 07:42 - 2015-10-21 09:44 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-10-30 07:42 - 2015-10-21 09:44 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-10-30 07:42 - 2015-10-21 09:43 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2015-10-30 07:42 - 2015-10-21 09:42 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-10-30 07:42 - 2015-10-21 09:41 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-10-30 07:42 - 2015-10-21 09:40 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2015-10-30 07:42 - 2015-10-21 09:38 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2015-10-30 07:42 - 2015-10-21 03:53 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-10-30 07:42 - 2015-10-21 03:49 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-10-30 07:42 - 2015-10-21 03:13 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-10-30 07:42 - 2015-10-21 03:11 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-10-30 07:42 - 2015-10-21 03:08 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-10-30 07:42 - 2015-10-21 03:05 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-10-30 07:42 - 2015-10-21 03:03 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-10-30 07:42 - 2015-10-21 03:03 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2015-10-30 07:42 - 2015-10-21 02:58 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2015-10-30 07:42 - 2015-10-21 02:58 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-10-30 07:42 - 2015-10-21 02:55 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2015-10-28 17:06 - 2015-10-28 17:06 - 00001107 _____ C:\Users\Clarita Maia\Desktop\ExtractNow.lnk
2015-10-28 17:06 - 2015-10-28 17:06 - 00000000 ____D C:\Users\Clarita Maia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ExtractNow
2015-10-28 17:06 - 2015-10-28 17:06 - 00000000 ____D C:\Users\Clarita Maia\AppData\Local\ExtractNow
2015-10-28 17:06 - 2015-10-28 17:06 - 00000000 ____D C:\Program Files (x86)\ExtractNow
2015-10-28 14:26 - 2015-10-28 14:31 - 00000000 ____D C:\Users\Clarita Maia\AppData\Roaming\Azureus
2015-10-28 14:26 - 2015-10-28 14:26 - 00001924 _____ C:\Users\Public\Desktop\Vuze.lnk
2015-10-28 14:26 - 2015-10-28 14:26 - 00001924 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2015-10-28 14:26 - 2015-10-28 14:26 - 00000000 ____D C:\Users\Clarita Maia\.swt
2015-10-28 14:26 - 2015-10-28 14:26 - 00000000 ____D C:\Program Files (x86)\Vuze
2015-10-28 14:05 - 2015-10-28 14:05 - 00000000 ____D C:\Users\Clarita Maia\AppData\LocalLow\uTorrent
2015-10-25 10:07 - 2015-10-25 10:29 - 00002230 _____ C:\Users\Public\Desktop\Driver Booster 3.lnk
2015-10-25 10:07 - 2015-10-25 10:09 - 00003426 _____ C:\WINDOWS\System32\Tasks\Driver Booster Scheduler
2015-10-25 10:07 - 2015-10-25 10:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 3
2015-10-25 10:05 - 2015-10-25 10:05 - 00103424 _____ (Advanced Micro Devices) C:\WINDOWS\system32\DelayAPO.dll
2015-10-25 10:04 - 2015-10-25 10:04 - 03951402 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2015-10-25 10:04 - 2015-10-25 10:04 - 03271912 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2015-10-25 10:04 - 2015-10-25 10:04 - 02997504 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2015-10-25 10:04 - 2015-10-25 10:04 - 02893568 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2015-10-25 10:04 - 2015-10-25 10:04 - 02028672 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2015-10-25 10:04 - 2015-10-25 10:04 - 01352000 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2015-10-25 10:04 - 2015-10-25 10:04 - 00689888 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2015-10-25 10:04 - 2015-10-25 10:04 - 00532384 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2015-10-25 10:04 - 2015-10-25 10:04 - 00387320 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2015-10-25 10:04 - 2015-10-25 10:04 - 00343712 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2015-10-25 10:04 - 2015-10-25 10:04 - 00321720 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2015-10-25 10:04 - 2015-10-25 10:04 - 00321720 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2015-10-25 10:04 - 2015-10-25 10:04 - 00221976 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll
2015-10-25 10:04 - 2015-10-25 10:04 - 00214840 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2015-10-25 10:04 - 2015-10-25 10:04 - 00209544 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll
2015-10-25 10:04 - 2015-10-25 10:04 - 00195192 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2015-10-25 10:04 - 2015-10-25 10:04 - 00166208 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2015-10-25 10:04 - 2015-10-25 10:04 - 00110992 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2015-10-25 10:04 - 2015-10-25 10:04 - 00088352 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2015-10-25 10:03 - 2015-10-25 10:03 - 03278416 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll
2015-10-25 10:03 - 2015-10-25 10:03 - 02050184 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioEQ64.dll
2015-10-25 10:03 - 2015-10-25 10:03 - 00914024 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBAPO64.dll
2015-10-25 10:03 - 2015-10-25 10:03 - 00768824 _____ (Creative Technology Ltd.) C:\WINDOWS\SysWOW64\MBAPO32.dll
2015-10-25 10:03 - 2015-10-25 10:03 - 00574760 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
2015-10-25 10:03 - 2015-10-25 10:03 - 00330568 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO20.dll
2015-10-25 10:03 - 2015-10-25 10:03 - 00122328 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2015-10-25 10:03 - 2015-10-25 10:03 - 00118600 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll
2015-10-25 10:03 - 2015-10-25 10:03 - 00074608 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBppld64.dll
2015-10-25 10:03 - 2015-10-25 10:03 - 00069928 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBPPCn64.dll
2015-10-24 11:48 - 2015-10-24 11:48 - 00001006 _____ C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk
2015-10-19 13:15 - 2015-10-23 08:55 - 00000000 ____D C:\Users\Clarita Maia\Desktop\SERPLAN - pneus
2015-10-17 19:49 - 2015-10-17 19:49 - 00000000 ____D C:\Users\Clarita Maia\AppData\Local\AMD
2015-10-16 10:29 - 2015-06-12 00:00 - 00197616 _____ (Tonec Inc.) C:\WINDOWS\system32\Drivers\idmwfp.sys
2015-10-14 17:13 - 2015-10-06 01:03 - 16708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-10-14 17:13 - 2015-10-01 02:00 - 08020320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-10-14 17:13 - 2015-09-25 01:56 - 22322624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-10-14 17:13 - 2015-09-25 01:26 - 20858360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-10-14 17:13 - 2015-09-25 01:09 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-10-14 17:13 - 2015-09-25 01:02 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-10-14 17:13 - 2015-09-25 00:36 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-10-14 17:12 - 2015-10-10 05:12 - 00078528 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-10-14 17:12 - 2015-10-06 00:46 - 13027840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-10-14 17:12 - 2015-10-01 02:01 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-10-14 17:12 - 2015-10-01 02:01 - 01123400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-10-14 17:12 - 2015-10-01 02:01 - 01018568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-10-14 17:12 - 2015-10-01 02:01 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-10-14 17:12 - 2015-10-01 01:03 - 00757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-10-14 17:12 - 2015-09-25 02:01 - 02573768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-10-14 17:12 - 2015-09-25 02:01 - 00498016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-10-14 17:12 - 2015-09-25 01:52 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2015-10-14 17:12 - 2015-09-25 01:33 - 01997336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-10-14 17:12 - 2015-09-25 01:11 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2015-10-14 17:12 - 2015-09-25 01:11 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2015-10-14 17:12 - 2015-09-25 01:07 - 01276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-10-14 17:12 - 2015-09-25 01:04 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-10-14 17:12 - 2015-09-25 01:04 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2015-10-14 17:12 - 2015-09-25 01:03 - 00796160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2015-10-14 17:12 - 2015-09-25 01:03 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-10-14 17:12 - 2015-09-25 01:02 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-10-14 17:12 - 2015-09-25 01:02 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2015-10-14 17:12 - 2015-09-25 01:01 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-10-14 17:12 - 2015-09-25 01:01 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-10-14 17:12 - 2015-09-25 01:00 - 01423872 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2015-10-14 17:12 - 2015-09-25 01:00 - 01382400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-10-14 17:12 - 2015-09-25 01:00 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2015-10-14 17:12 - 2015-09-25 01:00 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2015-10-14 17:12 - 2015-09-25 00:59 - 01205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-10-14 17:12 - 2015-09-25 00:59 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2015-10-14 17:12 - 2015-09-25 00:59 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2015-10-14 17:12 - 2015-09-25 00:59 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2015-10-14 17:12 - 2015-09-25 00:59 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2015-10-14 17:12 - 2015-09-25 00:59 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2015-10-14 17:12 - 2015-09-25 00:58 - 01871360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-10-14 17:12 - 2015-09-25 00:47 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2015-10-14 17:12 - 2015-09-25 00:47 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2015-10-14 17:12 - 2015-09-25 00:38 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-10-14 17:12 - 2015-09-25 00:38 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-10-14 17:12 - 2015-09-25 00:38 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2015-10-14 17:12 - 2015-09-25 00:38 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-10-14 17:12 - 2015-09-25 00:37 - 00766976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-10-14 17:12 - 2015-09-25 00:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2015-10-14 17:12 - 2015-09-25 00:37 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2015-10-14 17:12 - 2015-09-25 00:36 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-10-14 17:12 - 2015-09-25 00:34 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-10-14 17:12 - 2015-09-25 00:34 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2015-10-14 17:12 - 2015-09-25 00:34 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2015-10-14 17:12 - 2015-09-25 00:34 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2015-10-14 17:12 - 2015-09-25 00:34 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2015-10-14 17:12 - 2015-09-25 00:33 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2015-10-14 17:12 - 2015-09-25 00:32 - 01594368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-10-14 17:12 - 2015-09-25 00:32 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2015-10-08 22:28 - 2015-10-08 22:28 - 00000000 ____D C:\$WINDOWS.~BT
2015-10-08 17:54 - 2015-10-08 17:54 - 00000000 ___HD C:\$Windows.~WS
2015-10-08 16:34 - 2015-10-08 16:34 - 00001137 _____ C:\Users\Public\Desktop\AOMEI Backupper Standard.lnk
2015-10-08 16:34 - 2015-10-08 16:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Backupper
2015-10-08 16:33 - 2015-10-08 16:34 - 00000000 ____D C:\Program Files (x86)\AOMEI Backupper
2015-10-08 11:34 - 2015-10-08 11:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ Disk Image Freeware
2015-10-08 11:34 - 2015-10-08 11:34 - 00000000 ____D C:\Program Files\LSoft Technologies
2015-10-08 10:54 - 2015-10-08 10:54 - 00000000 ____D C:\Users\Todos os Usuários\IsolatedStorage
2015-10-08 10:54 - 2015-10-08 10:54 - 00000000 ____D C:\Users\Clarita Maia\AppData\Roaming\IsolatedStorage
2015-10-08 10:54 - 2015-10-08 10:54 - 00000000 ____D C:\ProgramData\IsolatedStorage
2015-10-08 10:53 - 2015-10-08 10:53 - 00000000 ____D C:\Spacekace
2015-10-08 10:39 - 2015-10-08 10:39 - 00002642 _____ C:\Users\Public\Desktop\Skype.lnk
2015-10-08 10:39 - 2015-10-08 10:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-07 13:21 - 2014-10-30 18:42 - 00000000 ____D C:\Users\Clarita Maia\AppData\Roaming\DMCache
2015-11-07 13:17 - 2014-11-11 15:53 - 00000000 ____D C:\Users\Clarita Maia\AppData\Roaming\Skype
2015-11-07 13:03 - 2015-06-01 11:09 - 00001100 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-07 12:57 - 2015-08-05 10:24 - 00000000 ____D C:\Users\Clarita Maia
2015-11-07 12:36 - 2015-08-05 10:21 - 00095341 _____ C:\WINDOWS\system32\lvcoinst.log
2015-11-07 12:34 - 2015-04-28 10:30 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-11-07 12:34 - 2014-10-29 09:21 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-11-07 12:32 - 2015-07-10 10:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-07 12:32 - 2015-06-01 11:09 - 00001096 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-07 12:32 - 2014-10-29 19:00 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2015-11-07 12:31 - 2015-08-05 10:18 - 00042210 _____ C:\WINDOWS\PFRO.log
2015-11-07 12:31 - 2015-07-10 10:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-07 09:01 - 2015-07-10 09:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-07 09:00 - 2014-10-30 17:58 - 00004194 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{ED696453-A901-4BDC-B0E6-EDAA578599B5}
2015-11-07 08:58 - 2015-07-10 09:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-11-06 21:12 - 2015-09-03 12:30 - 00000000 ____D C:\Users\Clarita Maia\Desktop\Multas
2015-11-06 17:03 - 2015-07-12 11:24 - 00449992 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-11-06 17:03 - 2015-04-28 10:30 - 01059656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2015-11-06 15:02 - 2014-10-29 19:20 - 00000000 ____D C:\Users\Todos os Usuários\firebird
2015-11-06 15:02 - 2014-10-29 19:20 - 00000000 ____D C:\ProgramData\firebird
2015-11-06 10:06 - 2014-10-29 19:47 - 00000000 ____D C:\Program Files (x86)\SMPlayer
2015-11-06 09:58 - 2014-10-30 16:55 - 00000000 ____D C:\Users\Clarita Maia\AppData\Roaming\Adobe
2015-11-06 09:57 - 2014-10-30 18:55 - 00000000 ____D C:\Users\Clarita Maia\AppData\Local\Adobe
2015-11-06 09:52 - 2015-06-01 14:04 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-11-06 09:52 - 2014-10-29 21:11 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-11-06 09:51 - 2014-10-29 21:10 - 00000000 ____D C:\Users\Todos os Usuários\Adobe
2015-11-06 09:51 - 2014-10-29 21:10 - 00000000 ____D C:\ProgramData\Adobe
2015-11-06 08:57 - 2014-10-30 16:55 - 00000000 ____D C:\Users\Clarita Maia\AppData\Local\Packages
2015-11-06 08:27 - 2015-07-15 13:39 - 00000322 _____ C:\WINDOWS\Tasks\Uninstaller_SkipUac_Clarita_Maia.job
2015-11-06 07:58 - 2015-04-23 18:15 - 00002536 _____ C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_Clarita_Maia
2015-11-05 13:15 - 2015-07-15 14:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-05 13:14 - 2015-07-10 07:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-11-04 07:14 - 2014-10-29 08:47 - 00000000 ____D C:\Users\Todos os Usuários\Skype
2015-11-04 07:14 - 2014-10-29 08:47 - 00000000 ____D C:\ProgramData\Skype
2015-11-03 15:23 - 2014-10-29 09:46 - 00000000 ____D C:\Users\Todos os Usuários\ProductData
2015-11-03 15:23 - 2014-10-29 09:46 - 00000000 ____D C:\ProgramData\ProductData
2015-11-03 11:53 - 2014-11-18 13:55 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-11-03 09:55 - 2015-07-10 09:04 - 00000000 ____D C:\WINDOWS\rescache
2015-11-02 22:50 - 2014-11-01 17:57 - 00000000 ____D C:\Users\Clarita Maia\AppData\Roaming\AIMP3
2015-11-02 22:46 - 2014-10-29 15:45 - 00000000 ____D C:\Program Files (x86)\AIMP3
2015-11-02 16:31 - 2015-03-23 17:51 - 00000000 ____D C:\KMPlayer
2015-11-02 12:02 - 2014-10-29 19:00 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin
2015-11-02 12:02 - 2014-10-29 19:00 - 00000000 ____D C:\ProgramData\GbPlugin
2015-11-02 11:43 - 2015-03-22 08:48 - 00000000 ____D C:\Users\Clarita Maia\Desktop\Soltos
2015-10-31 10:41 - 2015-04-27 15:09 - 00000000 ____D C:\Users\Clarita Maia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativos do Google Chrome
2015-10-31 09:38 - 2015-08-05 10:23 - 02001980 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-31 09:38 - 2015-07-10 14:36 - 00849720 _____ C:\WINDOWS\system32\prfh0416.dat
2015-10-31 09:38 - 2015-07-10 14:36 - 00181818 _____ C:\WINDOWS\system32\prfc0416.dat
2015-10-31 09:29 - 2015-07-10 09:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-10-30 17:31 - 2015-07-10 08:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-10-28 14:31 - 2014-12-06 15:12 - 00000000 ____D C:\Users\Clarita Maia\AppData\Roaming\uTorrent
2015-10-27 14:17 - 2015-07-10 09:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-10-25 10:53 - 2014-11-15 14:46 - 00000000 ____D C:\Users\Clarita Maia\AppData\Roaming\calibre
2015-10-25 10:09 - 2015-05-05 09:08 - 00003088 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (Clarita Maia)
2015-10-25 10:06 - 2015-07-10 10:20 - 00020912 _____ C:\WINDOWS\setupact.log
2015-10-25 10:05 - 2015-05-28 08:00 - 00102912 _____ (Advanced Micro Devices) C:\WINDOWS\system32\Drivers\AtihdWT6.sys
2015-10-25 10:04 - 2015-08-05 10:20 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2015-10-25 10:04 - 2015-06-24 23:59 - 02958904 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2015-10-25 10:04 - 2015-06-24 23:57 - 04613888 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2015-10-25 10:04 - 2015-06-24 23:57 - 00023704 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2015-10-25 10:03 - 2015-06-24 23:59 - 00410032 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBWrp64.dll
2015-10-24 11:48 - 2014-11-15 14:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2015-10-24 11:48 - 2014-11-15 14:45 - 00000000 ____D C:\Program Files\Calibre2
2015-10-24 10:48 - 2015-10-04 13:30 - 00000736 _____ C:\Users\Clarita Maia\Desktop\compra vap.txt
2015-10-23 09:24 - 2014-10-30 17:39 - 00000000 ____D C:\Users\Clarita Maia\AppData\Local\Windows Live
2015-10-16 10:57 - 2014-10-29 18:02 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help
2015-10-16 10:57 - 2014-10-29 18:02 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-10-16 10:55 - 2015-07-21 13:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-10-16 10:55 - 2013-08-22 11:25 - 00000229 _____ C:\WINDOWS\win.ini
2015-10-16 10:51 - 2014-10-29 09:53 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-10-16 10:42 - 2014-10-29 09:53 - 143481208 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-10-16 01:10 - 2015-10-01 21:09 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-10-16 01:10 - 2015-10-01 21:09 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-15 18:24 - 2014-11-11 15:53 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-10-15 09:05 - 2014-10-29 09:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-15 09:05 - 2014-10-29 09:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-12 10:49 - 2014-10-29 19:00 - 00000000 ____D C:\Users\Todos os Usuários\GAS Tecnologia
2015-10-12 10:49 - 2014-10-29 19:00 - 00000000 ____D C:\ProgramData\GAS Tecnologia
2015-10-10 12:46 - 2015-05-04 13:47 - 00004096 _____ C:\Users\Clarita Maia\Desktop\thyroid - what to watch for.txt
2015-10-08 22:28 - 2015-08-05 10:17 - 00000000 ___DC C:\WINDOWS\Panther
2015-10-08 19:45 - 2015-04-05 14:00 - 00001024 ____H C:\SYSTAG.BIN
2015-10-08 19:45 - 2014-11-11 17:49 - 00000082 _____ C:\WINDOWS\SysWOW64\winsevr.dat
2015-10-08 16:35 - 2014-11-11 17:49 - 00000000 ____D C:\Users\Todos os Usuários\AomeiBR
2015-10-08 16:35 - 2014-11-11 17:49 - 00000000 ____D C:\ProgramData\AomeiBR
 
==================== Files in the root of some directories =======
 
2015-07-15 21:57 - 2015-07-15 21:56 - 0815826 _____ () C:\Users\Clarita Maia\AppData\Roaming\unins000.exe
2015-08-16 12:46 - 2015-08-16 12:46 - 0018508 _____ () C:\Users\Clarita Maia\AppData\Roaming\unins001.dat
2015-08-16 12:46 - 2015-08-16 12:46 - 0815826 _____ () C:\Users\Clarita Maia\AppData\Roaming\unins001.exe
2014-10-30 20:06 - 2015-07-28 18:31 - 0000600 _____ () C:\Users\Clarita Maia\AppData\Roaming\winscp.rnd
2014-10-30 22:34 - 2014-10-30 22:58 - 0000600 _____ () C:\Users\Clarita Maia\AppData\Local\PUTTY.RND
2014-12-01 10:47 - 2014-12-01 10:47 - 0000057 _____ () C:\ProgramData\Ament.ini
 
Files to move or delete:
====================
C:\Users\Public\SkypeSetupFull.exe
 
 
Some files in TEMP:
====================
C:\Users\Clarita Maia\AppData\Local\Temp\i4jdel0.exe
C:\Users\Clarita Maia\AppData\Local\Temp\Opera_NI_stable.exe
 
 
Some zero byte size files/folders:
==========================
C:\Windows\System32\Drivers\gbpddfac64.sys
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-28 17:19
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,284 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:05:40 PM

Posted 11 November 2015 - 11:23 AM

Hi, dreamhouse! I'm going to try to help you out. :)

Before we get started, here are some things I need you to remember:

  • Please don't make any changes to your computer, or run programs, without asking me first! This will make it practically impossible for me to assist you.
  • Always read my posts completely before doing anything, and follow the instructions in the order I give them to you, unless stated otherwise.
  • If you're getting help elsewhere, or have already resolved the problem, please let me know so I can close this thread.
  • Please respond to me within five days of me replying to you. If you need more time, please let me know. I will close topics that I have not received a response from within five days.
  • Please be patient with me. I need some time to analyze your logs and responses so I can correctly help you. I should respond to you within two days, but if I haven't, please send me a PM! I may have missed your response. Bribing me with candy for faster replies is not advised.
  • If something goes wrong, you don't understand something, or you don't know what to do, please stop and ask me before proceeding with any further steps!

Now then, let's get to work!

 

AdwCleaner

I need you to run AdwCleaner to see what it will remove. Hopefully, this will take care of any baddies plaguing Chrome!

  • Download AdwCleaner from here, and save it to your desktop.
  • Close all open programs.
  • Open the file on your desktop, and click the Scan button. Once it's done scanning, hit the Cleaning button. Accept any prompts you receive from the program, including prompts to reboot. Once it's finished, a text file will be made. Please copy and paste it into your reply.

Farbar Recovery Scan Tool

Next, I need you to run a fix with FRST. This will mostly get rid of some junk.

  • Open up Notepad, and copy and paste the text in the following box into the Notepad text field:
    HKU\S-1-5-21-718468114-2348770635-4178057941-1007\...\MountPoints2: {72053eb7-5f12-11e4-8250-902b3422dcd2} - "I:\HPLauncher.exe"
    GroupPolicyScripts: Restriction <======= ATTENTION
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-718468114-2348770635-4178057941-1007\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    FF Plugin HKU\S-1-5-21-718468114-2348770635-4178057941-1007: eagleget.com/EagleGet64 -> C:\Program Files (x86)\EagleGet\npEagleget64.dll [No File]
    FF HKU\S-1-5-21-718468114-2348770635-4178057941-1007\...\Firefox\Extensions: [xdmff@xdman.sourceforge.net] - C:\Users\Clarita Maia\AppData\Local\XDM\xdmff => not found
    S1 gbpddfac; C:\Windows\System32\drivers\gbpddfac64.sys [0 2015-11-02] () <==== ATTENTION (zero byte File/Folder)
    S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
    C:\Users\Clarita Maia\AppData\Roaming\unins000.exe
    C:\Users\Clarita Maia\AppData\Roaming\unins001.dat
    C:\Users\Clarita Maia\AppData\Roaming\unins001.exe
    C:\ProgramData\Ament.ini
    C:\Users\Public\SkypeSetupFull.exe
    C:\Users\Clarita Maia\AppData\Local\Temp\i4jdel0.exe
    C:\Users\Clarita Maia\AppData\Local\Temp\Opera_NI_stable.exe
    C:\Windows\System32\drivers\gbpddfac64.sys

    Save it to the same location as FRST as fixlist.txt.

  • Open up FRST, and click the Fix button. If it asks you to reboot in order to complete the fix, please do so.
  • Once it's done fixing things, it will create Fixlog.txt in the same folder. Please copy and paste it into your reply.

After all this, please run a new scan with FRST and post the results in your response. However, please make sure the Addition.txt option is checked, and to include the contents of said file in your reply as well. It seems you didn't post it the first time, so now's a good time to get a fresh one. :)

 

How did this all go? Are things running any better?

 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#3 dreamhouse

dreamhouse
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 14 November 2015 - 06:51 AM

Hi Gunto,

 

Thank you for coming to my help and sorry to take so long to answer but your message was in my trash folder, for some unknowm reason. AdwCleaner cleaned some things, but the rogue extension was the first thing to pop up after I opened Chrome. But here goes it´s report:

 

# AdwCleaner v5.020 - Relatório criado 14/11/2015 às 09:01:42
# Atualizado 13/11/2015 por Xplode
# Banco de dados : 2015-11-13.3 [Servidor]
# Sistema operacional : Windows 10 Pro  (x64)
# Usuário : Clarita Maia - CLARITAMAIA-PC
# Executando de : C:\Users\Clarita Maia\Desktop\adwcleaner_5.020.exe
# Opção : Limpar
 
***** [ Serviços ] *****
 
 
***** [ Pastas ] *****
 
[-] Pasta Excluído : C:\ProgramData\apn
[-] Pasta Excluído : C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfenjblodoldnbiddmggcbkcapiolbig
[-] Pasta Excluído : C:\Users\Public\Documents\pc faster
 
***** [ Arquivos ] *****
 
[-] Arquivo Excluído : C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gfenjblodoldnbiddmggcbkcapiolbig_0.localstorage
[-] Arquivo Excluído : C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gfenjblodoldnbiddmggcbkcapiolbig_0.localstorage-journal
[-] Arquivo Excluído : C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.movshare.net_0.localstorage
[-] Arquivo Excluído : C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.movshare.net_0.localstorage-journal
 
***** [ DLLs ] *****
 
 
***** [ Atalhos ] *****
 
 
***** [ Tarefas agendadas ] *****
 
 
***** [ Registro ] *****
 
[-] Chave Excluída : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
[-] Chave Excluída : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Chave Excluída : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Chave Excluída : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Chave Excluída : HKCU\Software\tinydm.com
[-] Chave Excluída : HKCU\Software\Appscion
 
***** [ Navegadores ] *****
 
[-] [C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Excluído : greenfish-subtitle-player.en.softonic.com
[-] [C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Excluído : justsubsplayer.en.softonic.com
[-] [C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Excluído : br.ask.com
[-] [C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Excluído : gfenjblodoldnbiddmggcbkcapiolbig
 
*************************
 
:: Chaves "Tracing" excluídas
 
 
 
And now the fixlog.txt from FRST:
 
Fix result of Farbar Recovery Scan Tool (x64) Version:05-11-2015
Ran by Clarita Maia (2015-11-14 09:17:01) Run:1
Running from C:\Users\Clarita Maia\Desktop
Loaded Profiles: Clarita Maia (Available Profiles: Clarita Maia)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKU\S-1-5-21-718468114-2348770635-4178057941-1007\...\MountPoints2: {72053eb7-5f12-11e4-8250-902b3422dcd2} - "I:\HPLauncher.exe"
GroupPolicyScripts: Restriction <======= ATTENTION
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-718468114-2348770635-4178057941-1007\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin HKU\S-1-5-21-718468114-2348770635-4178057941-1007: eagleget.com/EagleGet64 -> C:\Program Files (x86)\EagleGet\npEagleget64.dll [No File]
FF HKU\S-1-5-21-718468114-2348770635-4178057941-1007\...\Firefox\Extensions: [xdmff@xdman.sourceforge.net] - C:\Users\Clarita Maia\AppData\Local\XDM\xdmff => not found
S1 gbpddfac; C:\Windows\System32\drivers\gbpddfac64.sys [0 2015-11-02] () <==== ATTENTION (zero byte File/Folder)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
C:\Users\Clarita Maia\AppData\Roaming\unins000.exe
C:\Users\Clarita Maia\AppData\Roaming\unins001.dat
C:\Users\Clarita Maia\AppData\Roaming\unins001.exe
C:\ProgramData\Ament.ini
C:\Users\Public\SkypeSetupFull.exe
C:\Users\Clarita Maia\AppData\Local\Temp\i4jdel0.exe
C:\Users\Clarita Maia\AppData\Local\Temp\Opera_NI_stable.exe
C:\Windows\System32\drivers\gbpddfac64.sys
*****************
 
"HKU\S-1-5-21-718468114-2348770635-4178057941-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{72053eb7-5f12-11e4-8250-902b3422dcd2}" => key removed successfully
HKCR\CLSID\{72053eb7-5f12-11e4-8250-902b3422dcd2} => key not found. 
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-718468114-2348770635-4178057941-1007\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-718468114-2348770635-4178057941-1007\Software\MozillaPlugins\eagleget.com/EagleGet64" => key removed successfully
C:\Program Files (x86)\EagleGet\npEagleget64.dll => not found.
HKU\S-1-5-21-718468114-2348770635-4178057941-1007\Software\Mozilla\Firefox\Extensions\\xdmff@xdman.sourceforge.net => value removed successfully
gbpddfac => service removed successfully
wfpcapture => service removed successfully
C:\Users\Clarita Maia\AppData\Roaming\unins000.exe => moved successfully
C:\Users\Clarita Maia\AppData\Roaming\unins001.dat => moved successfully
C:\Users\Clarita Maia\AppData\Roaming\unins001.exe => moved successfully
C:\ProgramData\Ament.ini => moved successfully
C:\Users\Public\SkypeSetupFull.exe => moved successfully
"C:\Users\Clarita Maia\AppData\Local\Temp\i4jdel0.exe" => not found.
"C:\Users\Clarita Maia\AppData\Local\Temp\Opera_NI_stable.exe" => not found.
C:\Windows\System32\drivers\gbpddfac64.sys => moved successfully
 
The FRST.txt:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-11-2015
Ran by Clarita Maia (administrator) on CLARITAMAIA-PC (14-11-2015 09:47:14)
Running from C:\Users\Clarita Maia\Desktop
Loaded Profiles: Clarita Maia (Available Profiles: Clarita Maia)
Platform: Windows 10 Pro (X64) Language: Português (Brasil)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper\ABService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe
() C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16407296 2015-10-25] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6133520 2015-11-06] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc.)
Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-08-19] (Banco do Brasil)
HKU\S-1-5-21-718468114-2348770635-4178057941-1007\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2014-11-18] (Siber Systems)
HKU\S-1-5-21-718468114-2348770635-4178057941-1007\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [48145024 2015-10-14] (Skype Technologies S.A.)
HKU\S-1-5-21-718468114-2348770635-4178057941-1007\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3907152 2015-11-02] (Tonec Inc.)
HKU\S-1-5-21-718468114-2348770635-4178057941-1007\...\RunOnce: [Uninstall C:\Users\Clarita Maia\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Clarita Maia\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-718468114-2348770635-4178057941-1007\...\RunOnce: [Uninstall C:\Users\Clarita Maia\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Clarita Maia\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll [1896320 2015-08-19] (Banco do Brasil)
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-10-03] (AVAST Software)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 72.4.146.248 8.8.8.8
Tcpip\..\Interfaces\{b5e599a8-7b32-411b-8497-4172db635a48}: [DhcpNameServer] 72.4.146.248 8.8.8.8
 
Internet Explorer:
==================
HKU\S-1-5-21-718468114-2348770635-4178057941-1007\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-09-28] (Internet Download Manager, Tonec Inc.)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2014-11-18] (Siber Systems Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-27] (AVAST Software)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-09-28] (Internet Download Manager, Tonec Inc.)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2014-11-18] (Siber Systems Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-20] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-27] (AVAST Software)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll [2015-08-19] (Banco do Brasil)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-20] (Oracle Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2014-11-18] (Siber Systems Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2014-11-18] (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-718468114-2348770635-4178057941-1007 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2014-11-18] (Siber Systems Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Clarita Maia\AppData\Roaming\Mozilla\Firefox\Profiles\dw3j63h0.default-1437004879997
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-20] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2014-05-19] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-718468114-2348770635-4178057941-1007: gastecnologia.com.br/sf/bb -> C:\Users\Clarita Maia\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll [2015-03-06] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-718468114-2348770635-4178057941-1007: gastecnologia.com.br/sf/bb64 -> C:\Users\Clarita Maia\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll [2015-03-06] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-718468114-2348770635-4178057941-1007: gastecnologia.com.br/sf/gas64 -> C:\Users\Clarita Maia\AppData\Local\GAS Tecnologia\GBBD\npsf_gas_64.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-10-03] [not signed]
FF HKU\S-1-5-21-718468114-2348770635-4178057941-1007\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886C}] - C:\Users\Clarita Maia\AppData\Local\GAS Tecnologia\GBBD\bb\xpi
FF Extension: GBBD Banco do Brasil - C:\Users\Clarita Maia\AppData\Local\GAS Tecnologia\GBBD\bb\xpi [2015-08-16] [not signed]
FF HKU\S-1-5-21-718468114-2348770635-4178057941-1007\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: IDM integration - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2015-10-02]
FF HKU\S-1-5-21-718468114-2348770635-4178057941-1007\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-718468114-2348770635-4178057941-1007\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Clarita Maia\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Clarita Maia\AppData\Roaming\IDM\idmmzcc5 [2015-11-14] [not signed]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Tradutor) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-09-12]
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2014-11-03]
CHR Extension: (Google Docs) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-13]
CHR Extension: (YouTube) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-13]
CHR Extension: (HelloFax: 50 páginas gratuitas de fax) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm [2015-02-25]
CHR Extension: (Facebook) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2014-10-30]
CHR Extension: (Adblock Plus) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-09-22]
CHR Extension: (Spotify - Music for every moment) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2014-11-22]
CHR Extension: (IDM Integration Module Extension) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnlojoclkbpmfhakhaagjpjfifbaoadf [2015-11-09]
CHR Extension: (Google Search) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Tampermonkey) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-11-06]
CHR Extension: (Gmail Off-line) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2015-11-13]
CHR Extension: (Google Agenda) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-10-12]
CHR Extension: (Skype Links) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\epbmllnadbdnppblcebkkmapkinkdchd [2015-08-14]
CHR Extension: (Conversor de Medidas) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbiicdapcioonpclifmhmcnhhdegnpke [2015-10-26]
CHR Extension: (Readium) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl [2015-07-27]
CHR Extension: (Compressor de PDF - Smallpdf.com) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gealeehfjeflamgnohlhabaefbfjfjgc [2014-10-30]
CHR Extension: (Musixmatch) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfenjblodoldnbiddmggcbkcapiolbig [2015-11-14]
CHR Extension: (Documentos Google off-line) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04]
CHR Extension: (Lembretes) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gklelabcnmojaikonejpecffihnpcpoc [2015-11-13]
CHR Extension: (Hola -  Proxy livre VPN) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-11-06]
CHR Extension: (Avast Online Security) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-02]
CHR Extension: (Timer) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhclmngbkkejbdfjmicnkmoggfpehein [2015-10-27]
CHR Extension: (Checker Plus for Google Calendar™) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkhggnncdpfibdhinjiegagmopldibha [2015-11-09]
CHR Extension: (Google Keep - notas e listas) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2015-11-13]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-10-30]
CHR Extension: (The Weather Channel for Chrome) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop [2014-10-30]
CHR Extension: (NEnhancer) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijanohecbcpdgnpiabdfehfjgcapepbm [2015-11-02]
CHR Extension: (SoundCloud) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipebkipbeggmmkjjljenoblnfaenambp [2015-07-12]
CHR Extension: (Botão do Google Acadêmico) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldipcbpaocekfooobnbcddclnhejkcpn [2015-11-01]
CHR Extension: (Skype Click to Call) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-10-13]
CHR Extension: (Google Maps) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-09-18]
CHR Extension: (Verificador de mensagens do Google) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2014-10-30]
CHR Extension: (GBBD Banco do Brasil) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkeabchhfifpaaoefpockjhaphjmoapp [2015-03-16]
CHR Extension: (Ghostery) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-09-18]
CHR Extension: (Sunrise Calendar) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\mojepfklcankkmikonjlnidiooanmpbb [2015-10-31]
CHR Extension: (IDM Integration Module) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2015-11-02]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-23]
CHR Extension: (WeVideo - Criador e Editor de Vídeos) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\okgjbfikepgflmlelgfgecmgjnmnmnnb [2015-10-12]
CHR Extension: (Desktop Client for Viber™) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\olamheimegmegknankiijehcgocchdph [2014-10-30]
CHR Extension: (RoboForm Password Manager) - C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2015-11-09]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-10-16]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-11-18]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-04-01]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-01]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-10-16]
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-11-18]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-07-15] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-10-03] (AVAST Software)
R2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [29912 2015-09-15] (AOMEI Tech Co., Ltd.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [587576 2015-08-12] (GAS Tecnologia)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-29] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe [230920 2014-05-19] (Nitro PDF Software)
R2 NitroUpdateService; C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [417800 2014-05-19] ()
U2 OneSyncSvc_Session11; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
U2 OneSyncSvc_Session11; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_Session11; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_Session11; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5447952 2015-03-25] (TeamViewer GmbH)
U3 UnistoreSvc_Session11; C:\WINDOWS\System32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
U3 UnistoreSvc_Session11; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
U3 UserDataSvc_Session11; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
U3 UserDataSvc_Session11; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [858424 2015-06-19] (GAS Tecnologia LTDA)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [30648 2015-02-26] () [File not signed]
R0 amdide64; C:\Windows\System32\drivers\amdide64.sys [11944 2015-03-27] (Advanced Micro Devices Inc.)
R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [151480 2015-02-26] () [File not signed]
R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [17848 2015-02-26] () [File not signed]
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-10-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-10-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-10-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-10-03] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-10-03] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-10-03] (AVAST Software)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-10-25] (Advanced Micro Devices)
R3 GBPRCM; C:\PROGRAM FILES (X86)\GBPLUGIN\gbprcm64.sys [21720 2015-04-29] (GAS Tecnologia)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2014-12-29] (REALiX™)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-14] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
S0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [290520 2015-02-12] (IBM Corp.)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-01-20] (GAS Tecnologia LTDA)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
R4 WinDivert1.1; C:\Program Files\Diebold\Warsaw\WinDivert64.sys [38104 2015-04-01] (Basil)
S1 gbpddfac; system32\drivers\gbpddfac64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-14 09:46 - 2015-11-14 09:47 - 00029664 _____ C:\Users\Clarita Maia\Desktop\FRST.txt
2015-11-14 09:19 - 2015-11-14 09:19 - 00016148 _____ C:\WINDOWS\system32\CLARITAMAIA-PC_Clarita Maia_HistoryPrediction.bin
2015-11-14 08:57 - 2015-11-14 09:01 - 00000000 ____D C:\AdwCleaner
2015-11-14 08:53 - 2015-11-14 08:53 - 01729536 _____ C:\Users\Clarita Maia\Desktop\adwcleaner_5.020.exe
2015-11-13 17:27 - 2015-11-13 17:27 - 00000000 ___HD C:\$WINDOWS.~BT
2015-11-12 11:55 - 2015-11-05 03:13 - 00577888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-12 11:55 - 2015-11-05 02:20 - 21873664 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-11-12 11:55 - 2015-11-05 02:18 - 24597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-12 11:55 - 2015-11-05 01:47 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-12 11:54 - 2015-11-05 03:15 - 08020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-12 11:54 - 2015-11-05 03:15 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-11-12 11:54 - 2015-11-05 03:14 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-11-12 11:54 - 2015-11-05 03:11 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-11-12 11:54 - 2015-11-05 03:06 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-12 11:54 - 2015-11-05 03:06 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-11-12 11:54 - 2015-11-05 03:01 - 00607408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-11-12 11:54 - 2015-11-05 02:56 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-11-12 11:54 - 2015-11-05 02:56 - 00116064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-12 11:54 - 2015-11-05 02:56 - 00025280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-11-12 11:54 - 2015-11-05 02:30 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-11-12 11:54 - 2015-11-05 02:24 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-12 11:54 - 2015-11-05 02:23 - 00762888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-11-12 11:54 - 2015-11-05 02:23 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2015-11-12 11:54 - 2015-11-05 02:18 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-11-12 11:54 - 2015-11-05 02:18 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-11-12 11:54 - 2015-11-05 02:17 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-11-12 11:54 - 2015-11-05 02:12 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2015-11-12 11:54 - 2015-11-05 02:11 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-11-12 11:54 - 2015-11-05 02:10 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-12 11:54 - 2015-11-05 02:10 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-11-12 11:54 - 2015-11-05 02:07 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-11-12 11:54 - 2015-11-05 02:06 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-11-12 11:54 - 2015-11-05 02:05 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-12 11:54 - 2015-11-05 02:05 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-12 11:54 - 2015-11-05 02:03 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-11-12 11:54 - 2015-11-05 02:03 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-11-12 11:54 - 2015-11-05 02:01 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-12 11:54 - 2015-11-05 02:01 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-11-12 11:54 - 2015-11-05 02:01 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-11-12 11:54 - 2015-11-05 01:59 - 03587072 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-11-12 11:54 - 2015-11-05 01:59 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2015-11-12 11:54 - 2015-11-05 01:58 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-11-12 11:54 - 2015-11-05 01:58 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-11-12 11:54 - 2015-11-05 01:56 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-11-12 11:54 - 2015-11-05 01:55 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2015-11-12 11:54 - 2015-11-05 01:54 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2015-11-12 11:54 - 2015-11-05 01:42 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-11-12 11:54 - 2015-11-05 01:40 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-11-12 11:54 - 2015-11-05 01:35 - 18803712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-11-12 11:54 - 2015-11-05 01:35 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-11-12 11:54 - 2015-11-05 01:34 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2015-11-12 11:54 - 2015-11-05 01:33 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-12 11:54 - 2015-11-05 01:33 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-12 11:54 - 2015-11-05 01:30 - 00767488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-12 11:54 - 2015-11-05 01:28 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-12 11:54 - 2015-11-05 01:27 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2015-11-12 11:54 - 2015-11-05 01:27 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-11-12 11:54 - 2015-11-05 01:23 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2015-11-08 09:29 - 2015-11-08 09:29 - 00003631 _____ C:\Users\Clarita Maia\Desktop\me seminars.txt
2015-11-08 08:53 - 2015-11-08 08:53 - 00002605 _____ C:\Users\Clarita Maia\Desktop\me ----semi9nar.txt
2015-11-07 13:21 - 2015-11-14 09:47 - 00000000 ____D C:\FRST
2015-11-07 13:15 - 2015-11-07 13:15 - 02198528 _____ (Farbar) C:\Users\Clarita Maia\Desktop\FRST64.exe
2015-11-07 12:57 - 2015-11-07 12:57 - 00000000 ___RD C:\Users\Clarita Maia\3D Objects
2015-11-06 10:06 - 2015-11-06 10:06 - 00001083 _____ C:\Users\Public\Desktop\SMPlayer.lnk
2015-11-06 10:06 - 2015-11-06 10:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SMPlayer
2015-11-06 09:57 - 2015-11-06 09:57 - 00000000 ____D C:\Users\Clarita Maia\AppData\Local\CEF
2015-11-06 09:52 - 2015-11-09 11:33 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-06 09:52 - 2015-11-06 09:52 - 00002131 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-11-03 21:37 - 2015-11-06 09:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-03 11:53 - 2015-11-03 11:53 - 00001829 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-11-03 11:53 - 2015-11-03 11:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-11-03 11:53 - 2015-11-03 11:53 - 00000000 ____D C:\Program Files\iTunes
2015-11-03 11:53 - 2015-11-03 11:53 - 00000000 ____D C:\Program Files\iPod
2015-11-03 11:53 - 2015-11-03 11:53 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-11-02 22:47 - 2015-11-02 22:47 - 00000981 _____ C:\Users\Public\Desktop\AIMP3.lnk
2015-11-02 22:47 - 2015-11-02 22:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3
2015-11-02 13:24 - 2015-11-02 13:24 - 00000000 ____D C:\Users\Clarita Maia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2015-11-02 13:24 - 2015-11-02 13:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2015-11-02 12:49 - 2015-11-02 12:49 - 00000000 ____D C:\Users\Clarita Maia\AppData\Roaming\Subhra Das Gupta
2015-11-02 12:41 - 2015-11-03 15:21 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2015-11-02 12:41 - 2015-11-02 20:16 - 00000000 ____D C:\Users\Clarita Maia\AppData\Roaming\IDM
2015-11-02 09:34 - 2015-11-02 09:39 - 00000000 ____D C:\Users\Clarita Maia\AppData\Local\CatalinaGroup
2015-10-31 17:11 - 2015-10-31 17:11 - 00000000 ____D C:\Users\Clarita Maia\.cache
2015-10-28 17:06 - 2015-10-28 17:06 - 00001107 _____ C:\Users\Clarita Maia\Desktop\ExtractNow.lnk
2015-10-28 17:06 - 2015-10-28 17:06 - 00000000 ____D C:\Users\Clarita Maia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ExtractNow
2015-10-28 17:06 - 2015-10-28 17:06 - 00000000 ____D C:\Users\Clarita Maia\AppData\Local\ExtractNow
2015-10-28 17:06 - 2015-10-28 17:06 - 00000000 ____D C:\Program Files (x86)\ExtractNow
2015-10-28 14:26 - 2015-10-28 14:31 - 00000000 ____D C:\Users\Clarita Maia\AppData\Roaming\Azureus
2015-10-28 14:26 - 2015-10-28 14:26 - 00001924 _____ C:\Users\Public\Desktop\Vuze.lnk
2015-10-28 14:26 - 2015-10-28 14:26 - 00001924 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2015-10-28 14:26 - 2015-10-28 14:26 - 00000000 ____D C:\Users\Clarita Maia\.swt
2015-10-28 14:26 - 2015-10-28 14:26 - 00000000 ____D C:\Program Files (x86)\Vuze
2015-10-28 14:05 - 2015-10-28 14:05 - 00000000 ____D C:\Users\Clarita Maia\AppData\LocalLow\uTorrent
2015-10-25 10:07 - 2015-10-25 10:29 - 00002230 _____ C:\Users\Public\Desktop\Driver Booster 3.lnk
2015-10-25 10:07 - 2015-10-25 10:09 - 00003426 _____ C:\WINDOWS\System32\Tasks\Driver Booster Scheduler
2015-10-25 10:07 - 2015-10-25 10:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 3
2015-10-25 10:05 - 2015-10-25 10:05 - 00103424 _____ (Advanced Micro Devices) C:\WINDOWS\system32\DelayAPO.dll
2015-10-25 10:04 - 2015-10-25 10:04 - 03951402 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2015-10-25 10:04 - 2015-10-25 10:04 - 03271912 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2015-10-25 10:04 - 2015-10-25 10:04 - 02997504 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2015-10-25 10:04 - 2015-10-25 10:04 - 02893568 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2015-10-25 10:04 - 2015-10-25 10:04 - 02028672 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2015-10-25 10:04 - 2015-10-25 10:04 - 01352000 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2015-10-25 10:04 - 2015-10-25 10:04 - 00689888 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2015-10-25 10:04 - 2015-10-25 10:04 - 00532384 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2015-10-25 10:04 - 2015-10-25 10:04 - 00387320 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2015-10-25 10:04 - 2015-10-25 10:04 - 00343712 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2015-10-25 10:04 - 2015-10-25 10:04 - 00321720 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2015-10-25 10:04 - 2015-10-25 10:04 - 00321720 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2015-10-25 10:04 - 2015-10-25 10:04 - 00221976 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll
2015-10-25 10:04 - 2015-10-25 10:04 - 00214840 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2015-10-25 10:04 - 2015-10-25 10:04 - 00209544 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll
2015-10-25 10:04 - 2015-10-25 10:04 - 00195192 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2015-10-25 10:04 - 2015-10-25 10:04 - 00166208 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2015-10-25 10:04 - 2015-10-25 10:04 - 00110992 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2015-10-25 10:04 - 2015-10-25 10:04 - 00088352 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2015-10-25 10:03 - 2015-10-25 10:03 - 03278416 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll
2015-10-25 10:03 - 2015-10-25 10:03 - 02050184 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioEQ64.dll
2015-10-25 10:03 - 2015-10-25 10:03 - 00914024 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBAPO64.dll
2015-10-25 10:03 - 2015-10-25 10:03 - 00768824 _____ (Creative Technology Ltd.) C:\WINDOWS\SysWOW64\MBAPO32.dll
2015-10-25 10:03 - 2015-10-25 10:03 - 00574760 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
2015-10-25 10:03 - 2015-10-25 10:03 - 00330568 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO20.dll
2015-10-25 10:03 - 2015-10-25 10:03 - 00122328 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2015-10-25 10:03 - 2015-10-25 10:03 - 00118600 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll
2015-10-25 10:03 - 2015-10-25 10:03 - 00074608 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBppld64.dll
2015-10-25 10:03 - 2015-10-25 10:03 - 00069928 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBPPCn64.dll
2015-10-24 11:48 - 2015-10-24 11:48 - 00001006 _____ C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk
2015-10-19 13:15 - 2015-11-08 09:30 - 00000000 ____D C:\Users\Clarita Maia\Desktop\SERPLAN - pneus
2015-10-17 19:49 - 2015-10-17 19:49 - 00000000 ____D C:\Users\Clarita Maia\AppData\Local\AMD
2015-10-16 10:29 - 2015-06-12 00:00 - 00197616 _____ (Tonec Inc.) C:\WINDOWS\system32\Drivers\idmwfp.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-14 09:47 - 2014-11-11 15:53 - 00000000 ____D C:\Users\Clarita Maia\AppData\Roaming\Skype
2015-11-14 09:26 - 2015-08-05 10:21 - 00002909 _____ C:\WINDOWS\system32\lvcoinst.log
2015-11-14 09:20 - 2014-10-29 09:21 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-11-14 09:19 - 2015-06-01 11:09 - 00001096 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-14 09:18 - 2015-08-06 12:08 - 00000008 __RSH C:\Users\Todos os Usuários\ntuser.pol
2015-11-14 09:18 - 2015-08-06 12:08 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-11-14 09:18 - 2015-07-10 10:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-14 09:18 - 2015-07-10 10:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-14 09:18 - 2014-10-29 19:00 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2015-11-14 09:17 - 2015-07-10 09:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-11-14 09:17 - 2015-07-10 07:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-11-14 09:17 - 2013-08-22 13:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-11-14 08:26 - 2014-10-30 17:58 - 00004194 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{ED696453-A901-4BDC-B0E6-EDAA578599B5}
2015-11-13 23:31 - 2014-11-01 17:57 - 00000000 ____D C:\Users\Clarita Maia\AppData\Roaming\AIMP3
2015-11-13 23:31 - 2014-10-30 18:42 - 00000000 ____D C:\Users\Clarita Maia\AppData\Roaming\DMCache
2015-11-13 23:03 - 2015-06-01 11:09 - 00001100 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-13 20:22 - 2015-07-10 09:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-13 18:35 - 2015-07-10 09:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-11-13 17:27 - 2015-08-05 10:17 - 00000000 ___DC C:\WINDOWS\Panther
2015-11-13 17:07 - 2014-10-30 19:08 - 00001178 _____ C:\Users\Clarita Maia\Desktop\Calculator.lnk
2015-11-13 11:39 - 2015-04-27 15:09 - 00000000 ____D C:\Users\Clarita Maia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativos do Google Chrome
2015-11-12 15:48 - 2015-08-05 10:24 - 00000000 ____D C:\Users\Clarita Maia
2015-11-12 12:30 - 2015-07-10 08:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-12 09:52 - 2015-08-05 10:23 - 02001980 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-12 09:52 - 2015-07-10 14:36 - 00849720 _____ C:\WINDOWS\system32\prfh0416.dat
2015-11-12 09:52 - 2015-07-10 14:36 - 00181818 _____ C:\WINDOWS\system32\prfc0416.dat
2015-11-12 09:51 - 2015-07-10 10:20 - 00023462 _____ C:\WINDOWS\setupact.log
2015-11-11 22:26 - 2015-07-21 13:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-11-11 22:26 - 2014-10-29 18:02 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help
2015-11-11 22:26 - 2014-10-29 18:02 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-11 22:19 - 2014-10-29 09:53 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-11 22:12 - 2014-10-29 09:53 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-11 22:11 - 2013-08-22 11:25 - 00000229 _____ C:\WINDOWS\win.ini
2015-11-11 20:24 - 2015-04-28 10:30 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-11-11 20:24 - 2014-10-29 09:46 - 00000000 ____D C:\Users\Todos os Usuários\ProductData
2015-11-11 20:24 - 2014-10-29 09:46 - 00000000 ____D C:\ProgramData\ProductData
2015-11-10 10:48 - 2014-12-01 10:47 - 00000000 ____D C:\Users\Clarita Maia\AppData\Roaming\HpUpdate
2015-11-10 09:36 - 2015-09-03 12:30 - 00000000 ____D C:\Users\Clarita Maia\Desktop\Multas
2015-11-09 08:36 - 2014-10-30 16:55 - 00000000 ____D C:\Users\Clarita Maia\AppData\Local\Microsoft Help
2015-11-09 08:19 - 2015-07-13 15:25 - 00000000 ____D C:\Users\Clarita Maia\AppData\Roaming\Nitro PDF
2015-11-07 12:31 - 2015-08-05 10:18 - 00042210 _____ C:\WINDOWS\PFRO.log
2015-11-06 17:03 - 2015-07-12 11:24 - 00449992 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-11-06 17:03 - 2015-04-28 10:30 - 01059656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2015-11-06 15:02 - 2014-10-29 19:20 - 00000000 ____D C:\Users\Todos os Usuários\firebird
2015-11-06 15:02 - 2014-10-29 19:20 - 00000000 ____D C:\ProgramData\firebird
2015-11-06 10:06 - 2014-10-29 19:47 - 00000000 ____D C:\Program Files (x86)\SMPlayer
2015-11-06 09:58 - 2014-10-30 16:55 - 00000000 ____D C:\Users\Clarita Maia\AppData\Roaming\Adobe
2015-11-06 09:57 - 2014-10-30 18:55 - 00000000 ____D C:\Users\Clarita Maia\AppData\Local\Adobe
2015-11-06 09:52 - 2015-06-01 14:04 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-11-06 09:52 - 2014-10-29 21:11 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-11-06 09:51 - 2014-10-29 21:10 - 00000000 ____D C:\Users\Todos os Usuários\Adobe
2015-11-06 09:51 - 2014-10-29 21:10 - 00000000 ____D C:\ProgramData\Adobe
2015-11-06 08:57 - 2014-10-30 16:55 - 00000000 ____D C:\Users\Clarita Maia\AppData\Local\Packages
2015-11-06 08:27 - 2015-07-15 13:39 - 00000322 _____ C:\WINDOWS\Tasks\Uninstaller_SkipUac_Clarita_Maia.job
2015-11-06 07:58 - 2015-04-23 18:15 - 00002536 _____ C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_Clarita_Maia
2015-11-05 13:15 - 2015-07-15 14:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-04 07:14 - 2014-10-29 08:47 - 00000000 ____D C:\Users\Todos os Usuários\Skype
2015-11-04 07:14 - 2014-10-29 08:47 - 00000000 ____D C:\ProgramData\Skype
2015-11-03 16:20 - 2015-10-01 21:09 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-03 16:20 - 2015-10-01 21:09 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-03 11:53 - 2014-11-18 13:55 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-11-03 09:55 - 2015-07-10 09:04 - 00000000 ____D C:\WINDOWS\rescache
2015-11-02 22:46 - 2014-10-29 15:45 - 00000000 ____D C:\Program Files (x86)\AIMP3
2015-11-02 16:31 - 2015-03-23 17:51 - 00000000 ____D C:\KMPlayer
2015-11-02 12:02 - 2014-10-29 19:00 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin
2015-11-02 12:02 - 2014-10-29 19:00 - 00000000 ____D C:\ProgramData\GbPlugin
2015-11-02 11:43 - 2015-03-22 08:48 - 00000000 ____D C:\Users\Clarita Maia\Desktop\Soltos
2015-10-28 14:31 - 2014-12-06 15:12 - 00000000 ____D C:\Users\Clarita Maia\AppData\Roaming\uTorrent
2015-10-27 14:17 - 2015-07-10 09:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-10-25 10:53 - 2014-11-15 14:46 - 00000000 ____D C:\Users\Clarita Maia\AppData\Roaming\calibre
2015-10-25 10:09 - 2015-05-05 09:08 - 00003088 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (Clarita Maia)
2015-10-25 10:05 - 2015-05-28 08:00 - 00102912 _____ (Advanced Micro Devices) C:\WINDOWS\system32\Drivers\AtihdWT6.sys
2015-10-25 10:04 - 2015-08-05 10:20 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2015-10-25 10:04 - 2015-06-24 23:59 - 02958904 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2015-10-25 10:04 - 2015-06-24 23:57 - 04613888 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2015-10-25 10:04 - 2015-06-24 23:57 - 00023704 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2015-10-25 10:03 - 2015-06-24 23:59 - 00410032 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBWrp64.dll
2015-10-24 11:48 - 2014-11-15 14:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2015-10-24 11:48 - 2014-11-15 14:45 - 00000000 ____D C:\Program Files\Calibre2
2015-10-23 09:24 - 2014-10-30 17:39 - 00000000 ____D C:\Users\Clarita Maia\AppData\Local\Windows Live
2015-10-15 18:24 - 2014-11-11 15:53 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-10-15 09:05 - 2014-10-29 09:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-15 09:05 - 2014-10-29 09:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
 
==================== Files in the root of some directories =======
 
2014-10-30 20:06 - 2015-07-28 18:31 - 0000600 _____ () C:\Users\Clarita Maia\AppData\Roaming\winscp.rnd
2014-10-30 22:34 - 2014-10-30 22:58 - 0000600 _____ () C:\Users\Clarita Maia\AppData\Local\PUTTY.RND
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-11-07 15:40
 
==================== End of FRST.txt ============================
 
The Addition.txt:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-11-2015
Ran by Clarita Maia (2015-11-14 09:47:56)
Running from C:\Users\Clarita Maia\Desktop
Windows 10 Pro (X64) (2015-08-05 12:51:35)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrador (S-1-5-21-718468114-2348770635-4178057941-500 - Administrator - Disabled)
Clarita Maia (S-1-5-21-718468114-2348770635-4178057941-1007 - Administrator - Enabled) => C:\Users\Clarita Maia
Convidado (S-1-5-21-718468114-2348770635-4178057941-501 - Limited - Disabled)
DefaultAccount (S-1-5-21-718468114-2348770635-4178057941-503 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-718468114-2348770635-4178057941-1046 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-718468114-2348770635-4178057941-1007\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.)
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version:  - )
Active@ Disk Image Freeware 7.0 (HKLM\...\{FDA6D82-BB07-407D-91A7-6B804E15A8BB}_is1) (Version: 7.0 - LSoft Technologies Inc)
Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 15.009.20077 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.213 - Adobe Systems Incorporated)
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Dreamweaver CS4 (HKLM-x32\...\Adobe_acce07fd2c8fe7f9e3f26243e626578) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Advanced HTML Editor 0.8 (HKLM-x32\...\036E5EF9-6240-4213-B23E-DCBDBCFA68CE_is1) (Version: 0.8.0 - eDisplay)
AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.60.1503, 26.09.2015 - AIMP DevTeam)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AOMEI Backupper Standard (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536C09F}_is1) (Version:  - AOMEI Technology Co., Ltd.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
aTube Catcher versão 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
Auslogics Duplicate File Finder (HKLM-x32\...\{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1) (Version: 4.0.2.0 - Auslogics Labs Pty Ltd)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.4.2233 - AVAST Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
calibre 64bit (HKLM\...\{DBF2A8AA-9EE9-454D-8958-F74F1FCB0789}) (Version: 2.41.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 2.16 - NCH Software)
Dicionário eletrônico Houaiss 3.0 (HKLM-x32\...\Dicionário eletrônico Houaiss da língua portuguesa_is1) (Version:  - Editora Objetiva)
Driver Booster 3.0 (HKLM-x32\...\Driver Booster_is1) (Version: 3.0 - IObit)
Duplicate File Finder (HKLM-x32\...\{0670E1C9-84EF-4C85-B030-CF0A5A76B212}_is1) (Version: 5.4 - Ashisoft)
Express Burn Disc Burning Software (HKLM-x32\...\ExpressBurn) (Version: 4.84 - NCH Software)
ExtractNow (HKLM-x32\...\ExtractNow) (Version: 4.8.2.0 - Nathan Moinvaziri)
Galeria de Fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
HP Deskjet 4610 series Ajuda (HKLM-x32\...\{9117682E-523F-4A6F-8630-26C1CCE77D49}) (Version: 6.0.0 - Hewlett Packard)
HP Deskjet 4610 series Software básico do dispositivo (HKLM\...\{5CDD3759-47C9-42F2-99F6-FAF8273B1784}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Icecream Ebook Reader versão 1.53 (HKLM-x32\...\{B8C30F0F-1F23-49E1-A3ED-44DE17660EE2}_is1) (Version: 1.53 - Icecream Apps)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 5.0.3.171 - IObit)
IRPF2015 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM-x32\...\IRPF2015) (Version: 1.2 - Receita Federal do Brasil)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.9.1.135 - PandoraTV)
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.10 - Magical Jelly Bean)
MailStore Home 8.2.1.10082 (HKLM-x32\...\MailStore Home_universal1) (Version: 8.2.1.10082 - MailStore Software GmbH)
Malwarebytes Anti-Malware versão 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Network Monitor 3.4 (HKLM\...\{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}) (Version: 3.4.2350.0 - Microsoft Corporation)
Microsoft Network Monitor: NetworkMonitor Parsers 3.4 (HKLM\...\{963E5FEB-1367-46B9-851D-A957F1A3747F}) (Version: 3.4.2350.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Módulo de Segurança - Banco do Brasil (HKLM-x32\...\{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1) (Version: 3.12.1.2 - )
Morphyre (HKLM-x32\...\Morphyre) (Version:  - )
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 41.0.2 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 pt-BR)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)
Nitro Pro 9 (HKLM\...\{6DC0850D-DCCA-4E75-8A4A-E374EB38C2B4}) (Version: 9.5.1.5 - Nitro)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.5 - Notepad++ Team)
OJIA4610FWUpdateAlert (x32 Version: 1.00.0000 - HP) Hidden
Otimizador de PDF - TRT14 versão 35 (HKLM-x32\...\{D65829C9-DA0B-43A2-BD5D-4E4F5956615F}_is1) (Version: 35 - TRT 14)
Pacote de Idiomas do Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - Português (Brasil) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PTB) (Version: 10.0.50903 - Microsoft Corporation)
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Q-Dir (HKLM\...\Q-Dir) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7628 - Realtek Semiconductor Corp.)
Receitanet (HKLM-x32\...\ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5) (Version: 1.07 - Serpro - Serviço Federal de Processamento de Dados)
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
RoboForm 7-9-11-1 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-11-1 - Siber Systems)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14113.3 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14113.3 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
SendBlaster 3 (HKLM-x32\...\{486575DF-CC13-4F89-8636-C2CC5BDA7246}) (Version: 003.001.00006 - eDisplay srl)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.)
SMPlayer 15.9.0 (HKLM-x32\...\SMPlayer) (Version: 15.9.0 - Ricardo Villalba)
SoftSkies (HKLM-x32\...\SoftSkies) (Version: 2.0.1 - SoundSpectrum)
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Suporte para Aplicativos Apple (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Suporte para Aplicativos Apple Apple (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 4.65 - NCH Software)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.40642 - TeamViewer)
TrackReports Helper 2.0 (HKLM-x32\...\8D064D2E-FBC7-4169-B376-0C0589248CDD_is1) (Version: 2.0.0 - eDisplay)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.4.0 - Tweaking.com)
Update for Skype for Business 2015 (KB2889853) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0416-0000-0000000FF1CE}_Office15.PROPLUS_{B36586AD-3256-47B6-8AE7-FA0D8727D7C2}) (Version:  - Microsoft)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 3.89 - NCH Software)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.6.2.0 - Azureus Software, Inc.)
Warsaw 1.8.0.10356 64 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.8.0.10356 - GAS Tecnologia)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 6.11 - NCH Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.00 beta 7 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.7 - win.rar GmbH)
WinSCP 5.5.6 (HKLM-x32\...\winscp3_is1) (Version: 5.5.6 - Martin Prikryl)
Wise Auto Shutdown 1.44 (HKLM-x32\...\Wise Auto Shutdown_is1) (Version: 1.44 - WiseCleaner.com, Inc.)
Wondershare MobileTrans ( Version 6.0.4 ) (HKLM-x32\...\{18CDCEAA-A9E4-4A4C-AC0E-C15E87C30EA5}_is1) (Version: 6.0.4 - Wondershare)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-718468114-2348770635-4178057941-1007_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0000}\InprocServer32 -> C:\Users\Clarita Maia\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-718468114-2348770635-4178057941-1007_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0000}\InprocServer32 -> C:\Users\Clarita Maia\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll (GAS Tecnologia)
 
==================== Restore Points =========================
 
11-11-2015 22:08:46 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-09-12 13:30 - 2015-11-14 09:17 - 00000027 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {01E67F3E-A015-4158-BD6F-AABAC7038489} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {07665440-A775-45D4-8EF5-B058BC98B554} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-11-11] (Microsoft Corporation)
Task: {0F2BB219-D1DD-4AA4-AE54-DA04CA3130DA} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-08-25] (IObit)
Task: {16B6548B-E291-48AA-BA11-A06F3C434451} - System32\Tasks\{1B7752B0-FD85-4415-8ECC-2DDB65E7F556} => Chrome.exe hxxp://ui.skype.com/ui/0/7.8.0.102/pt/abandoninstall?source=lightinstaller&amp;page=tsInstall
Task: {18C776A4-D6E5-4043-9F44-CB0F3DF4FA9F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {1D480BB9-9BEC-423A-9360-EBE7E59DC2EE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {360471C8-13B2-4F49-9145-39E7A81C953B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {60888CAA-8999-44A0-B8DF-181C9E689FE2} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {661F14CA-DD73-43AA-AEF7-CD4B7EA94030} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {67D64C6D-2778-493A-A52A-372F30C0D5FA} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {7535ED3B-01ED-4D45-BF5C-B5C6EA991EF1} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {786743B9-9F65-4F51-9CE8-02BDE7F9048D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {7FAAF498-7A60-49EE-9B64-9720F66000E7} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {839EA2AD-D241-4B22-8957-CF3CB8E30362} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {8D61AABE-8B6C-4036-8B2A-662BD87DECDC} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {958E237E-3123-4508-99E1-FC98B50DFA93} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {9870AE53-0FCC-4364-9030-BDC867EAA9D4} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2014-11-18] (Siber Systems)
Task: {9A03133F-3847-40E0-AD32-9F94461B4B30} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {9F1C3A02-C9F3-4E72-851A-64013014E41A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {A02D597F-431D-4919-94A3-8E54B2B5F87D} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2015-09-14] (IObit)
Task: {AB73F975-B95E-4EC3-BF8C-82B379644D5A} - System32\Tasks\Uninstaller_SkipUac_Clarita_Maia => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-08-25] (IObit)
Task: {C69AE164-5AB3-4466-ACB0-D80476B32F0B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {D7C3B935-B413-4D92-8E65-6280CC0CA261} - System32\Tasks\{3B897FB3-5F99-45C6-BFC6-21AB797D0A08} => Chrome.exe hxxp://ui.skype.com/ui/0/7.4.0.102/pt/go/help.faq.installer?LastError=1601
Task: {E278AC93-4893-4DB7-AF92-D52E7877BAE9} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMOLJMKLNMGMNLJMPMCNKMPMHMKMCNHMKMGMPMCNNMIMLLGMCNNLLLPMNMHMIMMMKMPMOMIMJLJNJICMIMCNGMCNOMOMFMOMOMCNPMCNGMJMPMPMFMJMCNMMCNGMJMPMPMCNNMJNPICMPMFMEKMICNJJCKFMOMLMOMIMJNHICMEKMICNJJCKJNBJCMMLDJOJNIGJLIOJPNCLOJGJOJJNKJCMJNNICMJNDJCMNJNIJNMJCMOMFMOMLMOMFMKMJNFICMGJLJKJBJLIGJLIGJKJMIBNKJHIKJ"
Task: {E8F3527F-6082-46A4-A14B-6F110DA86E2B} - System32\Tasks\Driver Booster SkipUAC (Clarita Maia) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2015-09-18] (IObit)
Task: {EBCB76D5-677A-4961-9BFE-7F1AAC8EEBB0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {EBF31C12-772D-4E06-950A-D4136331D1B8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {FB385ECE-DA92-4CDF-AE63-1A075C1BFBA9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {FFDB46AC-DB1F-40F5-BB51-E0DE5C72517B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-10-03] (AVAST Software)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Clarita_Maia.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-08-05 10:14 - 2015-08-05 10:14 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-20 19:06 - 2015-08-11 07:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-07-15 22:39 - 2015-07-15 22:39 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 08:08 - 2014-02-11 08:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-02-11 08:08 - 2014-02-11 08:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-19 14:27 - 2014-05-19 14:27 - 00417800 _____ () C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
2015-10-01 19:40 - 2015-09-17 04:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-01 19:40 - 2015-09-17 03:43 - 02028544 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesService.dll
2015-10-01 19:39 - 2015-09-17 03:42 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-01 19:39 - 2015-09-17 03:42 - 00619008 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SignalsManager.dll
2015-10-01 19:40 - 2015-09-17 04:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2014-05-12 07:49 - 2014-05-12 07:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-10-01 19:39 - 2015-09-17 03:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-10 08:59 - 2015-07-10 08:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-10-01 19:40 - 2015-09-17 03:44 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-01 19:39 - 2015-09-17 03:42 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-01 19:40 - 2015-09-17 03:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 09:00 - 2015-07-10 14:49 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-10-03 17:02 - 2015-10-03 17:02 - 00103376 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-10-03 17:02 - 2015-10-03 17:02 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-11-14 09:05 - 2015-11-14 09:05 - 02991104 _____ () C:\Program Files\AVAST Software\Avast\defs\15111400\algo.dll
2015-10-08 16:33 - 2015-09-15 18:56 - 00306904 _____ () C:\Program Files (x86)\AOMEI Backupper\UiLogic.dll
2015-10-08 16:33 - 2015-09-15 18:56 - 00241368 _____ () C:\Program Files (x86)\AOMEI Backupper\diskmgr.dll
2015-10-08 16:33 - 2015-09-15 18:56 - 00290520 _____ () C:\Program Files (x86)\AOMEI Backupper\Comn.dll
2015-10-08 16:33 - 2015-09-15 18:56 - 00122584 _____ () C:\Program Files (x86)\AOMEI Backupper\FuncLogic.dll
2015-10-08 16:33 - 2015-09-15 18:56 - 00347864 _____ () C:\Program Files (x86)\AOMEI Backupper\ImgFile.dll
2015-10-08 16:33 - 2015-09-15 18:56 - 00028376 _____ () C:\Program Files (x86)\AOMEI Backupper\Encrypt.dll
2015-10-08 16:33 - 2015-09-15 18:56 - 00483032 _____ () C:\Program Files (x86)\AOMEI Backupper\EnumFolder.dll
2015-10-08 16:33 - 2015-09-15 18:56 - 00069336 _____ () C:\Program Files (x86)\AOMEI Backupper\Compress.dll
2015-10-08 16:33 - 2015-09-15 18:56 - 00102104 _____ () C:\Program Files (x86)\AOMEI Backupper\BrLog.dll
2015-10-08 16:33 - 2015-09-15 18:56 - 00691928 _____ () C:\Program Files (x86)\AOMEI Backupper\Sync.dll
2015-10-08 16:33 - 2015-09-15 18:56 - 00282328 _____ () C:\Program Files (x86)\AOMEI Backupper\Clone.dll
2015-10-08 16:33 - 2015-09-15 18:56 - 00118488 _____ () C:\Program Files (x86)\AOMEI Backupper\Backup.dll
2015-10-08 16:33 - 2015-09-15 18:56 - 00155352 _____ () C:\Program Files (x86)\AOMEI Backupper\FlBackup.dll
2015-10-08 16:33 - 2015-09-15 18:56 - 00077528 _____ () C:\Program Files (x86)\AOMEI Backupper\Ldm.dll
2015-10-08 16:33 - 2015-09-15 18:56 - 00061144 _____ () C:\Program Files (x86)\AOMEI Backupper\Device.dll
2015-10-08 16:33 - 2015-09-15 18:56 - 00282328 _____ () C:\Program Files (x86)\AOMEI Backupper\BrFat.dll
2015-10-08 16:33 - 2015-09-15 18:56 - 00962264 _____ () C:\Program Files (x86)\AOMEI Backupper\BrNtfs.dll
2015-10-08 16:33 - 2015-02-26 01:00 - 02403504 _____ () C:\Program Files (x86)\AOMEI Backupper\QtCore4.dll
2015-10-08 16:33 - 2015-09-15 18:56 - 00102104 _____ () C:\Program Files (x86)\AOMEI Backupper\BrVol.dll
2015-10-08 16:33 - 2015-09-15 18:56 - 00253656 _____ () C:\Program Files (x86)\AOMEI Backupper\GptBcd.dll
2015-10-08 16:33 - 2015-09-15 18:56 - 00175832 _____ () C:\Program Files (x86)\AOMEI Backupper\DeviceMgr.dll
2014-10-29 09:46 - 2014-10-30 18:24 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2015-08-29 11:25 - 2015-08-25 15:54 - 00348960 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2015-08-29 11:25 - 2015-08-25 15:54 - 00183584 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2015-08-29 11:25 - 2015-08-25 15:54 - 00050976 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2015-10-03 17:02 - 2015-10-03 17:03 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-11-12 10:05 - 2015-11-07 02:36 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libglesv2.dll
2015-11-12 10:05 - 2015-11-07 02:36 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg==
AlternateDataStreams: C:\WINDOWS\System32:0EB5450A_Bb.gbp
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-718468114-2348770635-4178057941-1007\...\bancobrasil.com.br -> www.bancobrasil.com.br
IE trusted site: HKU\S-1-5-21-718468114-2348770635-4178057941-1007\...\bb.com.br -> hxxps://seg.bb.com.br
IE trusted site: HKU\S-1-5-21-718468114-2348770635-4178057941-1007\...\unimedrio.com.br -> hxxp://neo.unimedrio.com.br
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-718468114-2348770635-4178057941-1007\Control Panel\Desktop\\Wallpaper -> C:\Users\Clarita Maia\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 72.4.146.248 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Diebold - Warsaw => c:\program files\diebold\warsaw\core.exe
MSCONFIG\startupreg: iTunesHelper => "c:\program files\itunes\ituneshelper.exe"
MSCONFIG\startupreg: LWS => c:\program files (x86)\logitech\lws\webcam software\lws.exe -hide
MSCONFIG\startupreg: OneDrive => "c:\users\clarita maia\appdata\local\microsoft\onedrive\onedrive.exe" /background
MSCONFIG\startupreg: StartCCC => "c:\program files (x86)\ati technologies\ati.ace\core-static\amd64\clistart.exe" msrun
MSCONFIG\startupreg: Wondershare Helper Compact.exe => 
HKLM\...\StartupApproved\Run: => "Diebold - Warsaw"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "AdobeCS4ServiceManager"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-718468114-2348770635-4178057941-1007\...\StartupApproved\StartupFolder: => "Monitorar alertas de tinta - HP Deskjet 4610 series.lnk"
HKU\S-1-5-21-718468114-2348770635-4178057941-1007\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_E99B25683971D24180DD9FF98327B5D6"
HKU\S-1-5-21-718468114-2348770635-4178057941-1007\...\StartupApproved\Run: => "IDMan"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{1A928968-4D23-4C88-AF6A-952DC5D34C55}F:\downloads\compressed\kms_vl_all_3.7\kms_vl_all\kms-hgm.exe] => (Allow) F:\downloads\compressed\kms_vl_all_3.7\kms_vl_all\kms-hgm.exe
FirewallRules: [TCP Query User{5F5DA30B-E20B-419C-977E-15CEFC807A1E}F:\downloads\compressed\kms_vl_all_3.7\kms_vl_all\kms-hgm.exe] => (Allow) F:\downloads\compressed\kms_vl_all_3.7\kms_vl_all\kms-hgm.exe
FirewallRules: [{05462804-2F5C-4266-8FD8-AF71D084BA85}] => (Allow) C:\Users\Clarita Maia\AppData\Local\Temp\Temp1_MTKV252.zip\Microsoft Toolkit.exe
FirewallRules: [{24472EC2-B03F-422C-A03B-ECE2BC411250}] => (Allow) C:\Users\Clarita Maia\AppData\Local\Temp\Temp1_MTKV252.zip\Microsoft Toolkit.exe
FirewallRules: [{2E84243F-CE57-42F8-ACD7-17C852F3D847}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D2BDB0D3-1511-4729-9340-D419C844AD95}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9F6155F5-B030-4B3B-B629-DA770924352B}] => (Allow) F:\Downloads\Programs\Microsoft Toolkit 2.5.3 Official Torrent\Microsoft Toolkit.exe
FirewallRules: [{989695ED-E853-4A7A-9A0C-4074B3EA8095}] => (Allow) F:\Downloads\Programs\Microsoft Toolkit 2.5.3 Official Torrent\Microsoft Toolkit.exe
FirewallRules: [UDP Query User{0843405D-E55F-4B3C-ACBD-C331F3D64141}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [TCP Query User{CC9AD28C-E181-4DF5-8EAE-995ED7E27723}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{18EF3B8F-DBB0-4B6E-B286-5E9DFBCBF204}] => (Block) %ProgramFiles%\Nitro\Pro 9\NitroPDF.exe
FirewallRules: [{DCD92FBA-AD98-4DF0-ACFE-92B6D14F08D3}] => (Block) %ProgramFiles%\Nitro\Pro 9\ControlActivation.exe
FirewallRules: [{0602B2A3-FA15-40E7-9863-A69801F3E1A3}] => (Allow) C:\Program Files\Nitro\Pro 9\NitroPDF.exe
FirewallRules: [{9A24F7DB-97ED-4F06-BD76-3790D7AD9B4C}] => (Allow) C:\Program Files\Nitro\Pro 9\NitroPDF.exe
FirewallRules: [{1069C79C-CBFA-4A26-8042-23E3F39BE4FC}] => (Allow) C:\Program Files\Nitro\Pro 9\NitroPDF.exe
FirewallRules: [{B1DB15AE-F7CF-4CB1-994B-CED124B311B4}] => (Allow) C:\Program Files\Nitro\Pro 9\NitroPDF.exe
FirewallRules: [{64F8A6F9-EF38-4AC4-AA1F-F2FA9E9A362B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{A6C46476-A06E-4AD2-A48A-F27F06B13947}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{8319832D-4DA7-490B-9B2F-E56589D5BD3D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{FA8DC899-5DA2-421D-B459-576C2D814E15}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{D1090504-32F9-49DB-A05A-F0CECD25305C}] => (Allow) LPort=1900
FirewallRules: [{6A876B7F-415F-403A-9AEF-5567A51F2C82}] => (Allow) LPort=2869
FirewallRules: [{3A34EFE4-F85F-40A4-B439-657B17C1E640}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [UDP Query User{44082CD7-63DC-4337-8E19-84BF33F9C7C0}F:\downloads\programs\rtlapconf (2014_04_08 16_51_55 utc).exe] => (Allow) F:\downloads\programs\rtlapconf (2014_04_08 16_51_55 utc).exe
FirewallRules: [TCP Query User{2C9B7D8C-8A54-4549-B134-42FA418D7B67}F:\downloads\programs\rtlapconf (2014_04_08 16_51_55 utc).exe] => (Allow) F:\downloads\programs\rtlapconf (2014_04_08 16_51_55 utc).exe
FirewallRules: [UDP Query User{A95D394B-2E21-493D-A8DB-8D3B52C0F28F}F:\downloads\programs\rtlapconf (2014_04_08 16_51_55 utc).exe] => (Allow) F:\downloads\programs\rtlapconf (2014_04_08 16_51_55 utc).exe
FirewallRules: [TCP Query User{2990331D-A4B2-4788-8B97-59FB80EB1C68}F:\downloads\programs\rtlapconf (2014_04_08 16_51_55 utc).exe] => (Allow) F:\downloads\programs\rtlapconf (2014_04_08 16_51_55 utc).exe
FirewallRules: [{4F92694E-CE00-4580-8D2A-38E7BCA06956}] => (Allow) C:\Users\Clarita Maia\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{007C7416-F173-45B4-BC1B-9BE1D52FF0A1}] => (Allow) C:\Users\Clarita Maia\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{42F23F97-58B9-423F-814E-2146723AFF63}] => (Allow) C:\Program Files\HP\HP Deskjet 4610 series\Bin\USBSetup.exe
FirewallRules: [{6E1F9565-F9BA-4FC4-8815-EAECD08A4D0D}] => (Allow) C:\Program Files\HP\HP Deskjet 4610 series\bin\SendAFax.exe
FirewallRules: [{904883EC-B427-414C-BDBA-28B069EB96C4}] => (Allow) C:\Program Files\HP\HP Deskjet 4610 series\bin\DigitalWizards.exe
FirewallRules: [{F242EA5E-392A-4ED0-A35F-2110DCEBBB32}] => (Allow) C:\Program Files\HP\HP Deskjet 4610 series\bin\FaxApplications.exe
FirewallRules: [{19A05424-307C-4F35-A4DB-DBAE0FE61891}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
FirewallRules: [{CA97583A-37D1-48A2-A9A4-052397535002}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
FirewallRules: [{E7FEE1A5-625F-47CE-A673-FB06C89511E1}] => (Allow) LPort=5353
FirewallRules: [{106C53D2-FFE7-48D9-B98F-390C5F4296BF}] => (Allow) C:\Program Files\Diebold\Warsaw\core.exe
FirewallRules: [{173BDE7D-F96D-40C8-A3D5-9DAFD0DDABCC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0C014AA4-9BE5-4BED-B04F-4340BEBC0B4C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F071CC13-43E3-41F3-A5D3-17C3275E1E3C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4D169D47-BCD4-4202-ACE1-DFD9B49BCEED}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{7392E28E-716F-47B1-80B5-6A3B6950E3FA}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{B093641C-05E6-45B5-81D2-8B6C3740FCDC}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{AF418C67-16A8-4FEB-B097-BAD87B126576}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{3884E82D-9412-401D-B5FB-420259D8CEC3}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{8DCB155F-0E72-4C97-BDEA-5D77B8B0CC21}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{A59E92B6-F7BC-4794-9EBD-1184AF3C5856}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/13/2015 11:31:14 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CLARITAMAIA-PC)
Description: Falha na ativação do aplicativo Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI com o erro: -2144927141. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais.
 
Error: (11/13/2015 06:31:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15032
 
Error: (11/13/2015 06:31:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15032
 
Error: (11/13/2015 06:31:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (11/13/2015 01:35:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CLARITAMAIA-PC)
Description: Falha na ativação do aplicativo Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI com o erro: -2144927141. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais.
 
Error: (11/12/2015 08:32:16 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CLARITAMAIA-PC)
Description: Falha na ativação do aplicativo Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI com o erro: -2144927141. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais.
 
Error: (11/12/2015 07:49:14 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CLARITAMAIA-PC)
Description: Falha na ativação do aplicativo Microsoft.Windows.Photos_8wekyb3d8bbwe!App com o erro: -2147023170. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais.
 
Error: (11/12/2015 05:59:36 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CLARITAMAIA-PC)
Description: Falha na ativação do aplicativo Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI com o erro: -2144927141. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais.
 
Error: (11/12/2015 03:47:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CLARITAMAIA-PC)
Description: Falha na ativação do aplicativo Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI com o erro: -2144927141. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais.
 
Error: (11/12/2015 11:25:46 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CLARITAMAIA-PC)
Description: Falha na ativação do aplicativo Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI com o erro: -2144927141. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais.
 
 
System errors:
=============
Error: (11/14/2015 09:22:22 AM) (Source: DCOM) (EventID: 10010) (User: AUTORIDADE NT)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}
 
Error: (11/14/2015 09:20:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Warsaw File Access svc devido ao seguinte erro: 
%%2
 
Error: (11/14/2015 09:20:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Warsaw File Access svc devido ao seguinte erro: 
%%2
 
Error: (11/14/2015 09:19:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Warsaw File Access svc devido ao seguinte erro: 
%%2
 
Error: (11/14/2015 09:18:50 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: Este computador foi configurado como membro de
um grupo de trabalho e não como membro de um domínio. Não é necessário
executar o serviço de logon de rede nesta configuração.
 
Error: (11/14/2015 09:17:24 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Acesso a Dados de Usuário_Session1 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço.
 
Error: (11/14/2015 09:17:24 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Armazenamento de Dados de Usuário_Session1 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço.
 
Error: (11/14/2015 09:17:24 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Dados de Contato_Session1 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço.
 
Error: (11/14/2015 09:17:24 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Host de Sincronização_Session1 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço.
 
Error: (11/14/2015 09:07:11 AM) (Source: DCOM) (EventID: 10010) (User: AUTORIDADE NT)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}
 
 
CodeIntegrity:
===================================
  Date: 2015-08-28 12:36:18.136
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-28 12:36:17.959
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-28 12:36:17.237
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-28 12:36:17.080
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-28 12:36:16.820
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-28 12:36:16.695
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-28 12:36:16.554
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-28 12:36:16.253
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-28 12:36:16.045
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-28 12:36:15.798
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD Phenom™ II X4 965 Processor
Percentage of memory in use: 59%
Total physical RAM: 4088.32 MB
Available physical RAM: 1637.09 MB
Total Virtual: 5560.32 MB
Available Virtual: 2320.44 MB
 
==================== Drives ================================
 
Drive c: (SISTEMA) (Fixed) (Total:694.44 GB) (Free:630.45 GB) NTFS
Drive d: (TRABALHOS) (Fixed) (Total:782.23 GB) (Free:699.74 GB) NTFS
Drive e: (AUDIOVISUAL) (Fixed) (Total:633.79 GB) (Free:366.14 GB) NTFS
Drive f: (BUDISMO) (Fixed) (Total:682.62 GB) (Free:575.27 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 2794.5 GB) (Disk ID: 098DFAA2)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
That´s it....thank you again!
 


#4 dreamhouse

dreamhouse
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 14 November 2015 - 07:09 AM

The rogue extension is not the legit one that I have installed again; and after all the procedures you suggested it is still coming back!



#5 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,284 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:05:40 PM

Posted 14 November 2015 - 12:27 PM

Hi,

 

Bummer that that didn't solve it. Still, I've got some more tricks up my sleeve. :)

 

Junkware Removal Tool

I need you to run a scan with Junkware Removal Tool. Perhaps this will find things AdwCleaner missed.

  • Download JRT from here, and save it to your desktop.
  • Double click the file to open it, and hit any key as per the instructions of the popped up window.
  • Once the scan is done, copy and paste the contents of the resulting log into your reply.

Farbar Recovery Scan Tool

Next, I need you to run a fix with FRST. I doubt this will improve your performance, but these things should all be removed regardless.

  • Open up Notepad, and copy and paste the text in the following box into the Notepad text field:
    S1 gbpddfac; system32\drivers\gbpddfac64.sys [X]
    C:\Users\Clarita Maia\AppData\Roaming\Subhra Das Gupta
    Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
    Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Galeria de Fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
    HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
    Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
    Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    OJIA4610FWUpdateAlert (x32 Version: 1.00.0000 - HP) Hidden
    Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
    Revisores de Texto do Microsoft Office 2013 – Português do Brasil (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
    Task: {01E67F3E-A015-4158-BD6F-AABAC7038489} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {16B6548B-E291-48AA-BA11-A06F3C434451} - System32\Tasks\{1B7752B0-FD85-4415-8ECC-2DDB65E7F556} => Chrome.exe hxxp://ui.skype.com/ui/0/7.8.0.102/pt/abandoninstall?source=lightinstaller&amp;page=tsInstall
    Task: {18C776A4-D6E5-4043-9F44-CB0F3DF4FA9F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {60888CAA-8999-44A0-B8DF-181C9E689FE2} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {67D64C6D-2778-493A-A52A-372F30C0D5FA} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {7535ED3B-01ED-4D45-BF5C-B5C6EA991EF1} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {7FAAF498-7A60-49EE-9B64-9720F66000E7} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {8D61AABE-8B6C-4036-8B2A-662BD87DECDC} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {958E237E-3123-4508-99E1-FC98B50DFA93} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {9A03133F-3847-40E0-AD32-9F94461B4B30} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {C69AE164-5AB3-4466-ACB0-D80476B32F0B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {D7C3B935-B413-4D92-8E65-6280CC0CA261} - System32\Tasks\{3B897FB3-5F99-45C6-BFC6-21AB797D0A08} => Chrome.exe hxxp://ui.skype.com/ui/0/7.4.0.102/pt/go/help.faq.installer?LastError=1601
    Task: {EBF31C12-772D-4E06-950A-D4136331D1B8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt
    AlternateDataStreams: C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg==
    AlternateDataStreams: C:\WINDOWS\System32:0EB5450A_Bb.gbp
    IE trusted site: HKU\S-1-5-21-718468114-2348770635-4178057941-1007\...\bancobrasil.com.br -> www.bancobrasil.com.br
    IE trusted site: HKU\S-1-5-21-718468114-2348770635-4178057941-1007\...\bb.com.br -> hxxps://seg.bb.com.br
    IE trusted site: HKU\S-1-5-21-718468114-2348770635-4178057941-1007\...\unimedrio.com.br -> hxxp://neo.unimedrio.com.br
    FirewallRules: [UDP Query User{1A928968-4D23-4C88-AF6A-952DC5D34C55}F:\downloads\compressed\kms_vl_all_3.7\kms_vl_all\kms-hgm.exe] => (Allow) F:\downloads\compressed\kms_vl_all_3.7\kms_vl_all\kms-hgm.exe
    FirewallRules: [TCP Query User{5F5DA30B-E20B-419C-977E-15CEFC807A1E}F:\downloads\compressed\kms_vl_all_3.7\kms_vl_all\kms-hgm.exe] => (Allow) F:\downloads\compressed\kms_vl_all_3.7\kms_vl_all\kms-hgm.exe
    FirewallRules: [{05462804-2F5C-4266-8FD8-AF71D084BA85}] => (Allow) C:\Users\Clarita Maia\AppData\Local\Temp\Temp1_MTKV252.zip\Microsoft Toolkit.exe
    FirewallRules: [{24472EC2-B03F-422C-A03B-ECE2BC411250}] => (Allow) C:\Users\Clarita Maia\AppData\Local\Temp\Temp1_MTKV252.zip\Microsoft Toolkit.exe
    FirewallRules: [UDP Query User{44082CD7-63DC-4337-8E19-84BF33F9C7C0}F:\downloads\programs\rtlapconf (2014_04_08 16_51_55 utc).exe] => (Allow) F:\downloads\programs\rtlapconf (2014_04_08 16_51_55 utc).exe
    FirewallRules: [TCP Query User{2C9B7D8C-8A54-4549-B134-42FA418D7B67}F:\downloads\programs\rtlapconf (2014_04_08 16_51_55 utc).exe] => (Allow) F:\downloads\programs\rtlapconf (2014_04_08 16_51_55 utc).exe
    FirewallRules: [UDP Query User{A95D394B-2E21-493D-A8DB-8D3B52C0F28F}F:\downloads\programs\rtlapconf (2014_04_08 16_51_55 utc).exe] => (Allow) F:\downloads\programs\rtlapconf (2014_04_08 16_51_55 utc).exe
    FirewallRules: [TCP Query User{2990331D-A4B2-4788-8B97-59FB80EB1C68}F:\downloads\programs\rtlapconf (2014_04_08 16_51_55 utc).exe] => (Allow) F:\downloads\programs\rtlapconf (2014_04_08 16_51_55 utc).exe

    Save it to the same location as FRST as fixlist.txt.

  • Open up FRST, and click the Fix button. If it asks you to reboot in order to complete the fix, please do so.
  • Once it's done fixing things, it will create Fixlog.txt in the same folder. Please copy and paste it into your reply.

Uninstall Programs

Now then, I need you to uninstall some programs using either Programs and Features or Revo Uninstaller.

 

I see you have uTorrent and Vuze installed. These are peer-to-peer programs, and although useful for sharing files, they're an extreme security risk. Even if not using them for illegal purposes, you may have your personal information shared without your knowledge, and they can both download and even spread infections without knowing as well. The risk of this greatly increases with the sharing of illegal data. Because of the risks of using these programs, I highly recommend you remove them from your computer. If you still want to keep them, let me know, and don't use them until we're done fixing your computer problems.

 

Do you use any of these programs? If not, please uninstall them:

Adobe Acrobat Reader DC (legitimate, but has insecurities frequently targeted by malware; seeing as you have Nitro Pro, I'd strongly advise getting rid of this)

Adobe AIR (legitimate, but usually useless)

Adobe Media Player (legitimate, but usually useless)

aTube Catcher (questionable; known to bundle/install adware)

Driver Booster (using external driver updating programs is almost always a bad idea; it's better to update your drivers from the programs/websites themselves)

Duplicate File Finder (questionable; seeing as you have Auslogics Duplicate File Finder and CCleaner, this is basically useless anyway)

ExtractNow (questionable; essentially useless, since you have 7-Zip and WinRAR)

Icecream Ebook Reader (questionable; basically useless since you have Calibre)

Java 8 Update 45

Java 8 Update 60 (legitimate, but frequently targeted by malware; if you do want to keep these, please uninstall them anyway so that I may have you update them later)

Magical Jelly Bean KeyFinder (questionable)

Microsoft Silverlight (legitimate, but usually useless)

Switch Sound File Converter

Windows Live Essentials

Wise Auto Shutdown 1.44

If you want to use Programs and Features:

  • Right click on the Windows logo on the left corner of your screen, click Control Panel, and then Uninstall a program.
  • Once it loads all the programs, uninstall the following, if present, one at a time:
    µTorrent

    Adobe Acrobat Reader DC - Português

    Adobe AIR

    Adobe Media Player

    aTube Catcher versão 3.8

    Driver Booster 3.0

    Duplicate File Finder

    ExtractNow

    Icecream Ebook Reader versão 1.53

    Java 8 Update 45

    Java 8 Update 60

    Magical Jelly Bean KeyFinder

    Microsoft Silverlight

    Switch Sound File Converter

    Vuze

    Windows Live Essentials

    Wise Auto Shutdown 1.44
    by clicking Change/Remove, and following the prompts in the uninstaller.

If you have any problems uninstalling a program using Programs and Features, proceed to the below method.

If you want to use Revo Uninstaller (which does a better job at cleaning up):

  • Download Revo from here, and save it to your desktop.
  • Double click the installer on your desktop, and let the program install.
  • Once it's done, double click the Revo Uninstaller shortcut on your desktop to run it. Once it loads all the programs, uninstall the following, if present, one at a time:
    µTorrent

    Adobe Acrobat Reader DC - Português

    Adobe AIR

    Adobe Media Player

    aTube Catcher versão 3.8

    Driver Booster 3.0

    Duplicate File Finder

    ExtractNow

    Icecream Ebook Reader versão 1.53

    Java 8 Update 45

    Java 8 Update 60

    Magical Jelly Bean KeyFinder

    Microsoft Silverlight

    Switch Sound File Converter

    Vuze

    Windows Live Essentials

    Wise Auto Shutdown 1.44

  • Double click the program, and say Yes on the prompt. Ensure the Moderate option is ticked, and click Next.
  • Follow the prompts in the built-in uninstaller, and then click Next in Revo.
  • If any registry remnants are found, check the bold items only. If there is a closed folder visible, click the + to expand it until you find the bold item. Then Delete the remnants.
  • Proceed again, and if any files/folders were found, delete those, too.

MSCONFIG

 

I see you've disabled quite a few things in MSCONFIG:
 

MSCONFIG\startupreg: Diebold - Warsaw => c:\program files\diebold\warsaw\core.exe
MSCONFIG\startupreg: iTunesHelper => "c:\program files\itunes\ituneshelper.exe"
MSCONFIG\startupreg: LWS => c:\program files (x86)\logitech\lws\webcam software\lws.exe -hide
MSCONFIG\startupreg: OneDrive => "c:\users\clarita maia\appdata\local\microsoft\onedrive\onedrive.exe" /background
MSCONFIG\startupreg: StartCCC => "c:\program files (x86)\ati technologies\ati.ace\core-static\amd64\clistart.exe" msrun
MSCONFIG\startupreg: Wondershare Helper Compact.exe => 
HKLM\...\StartupApproved\Run: => "Diebold - Warsaw"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "AdobeCS4ServiceManager"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-718468114-2348770635-4178057941-1007\...\StartupApproved\StartupFolder: => "Monitorar alertas de tinta - HP Deskjet 4610 series.lnk"
HKU\S-1-5-21-718468114-2348770635-4178057941-1007\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_E99B25683971D24180DD9FF98327B5D6"
HKU\S-1-5-21-718468114-2348770635-4178057941-1007\...\StartupApproved\Run: => "IDMan"
 
This is a rather messy method of disabling start-up items, so I'd like for you to re-enable them. I would be happy to re-disable anything you don't want starting at boot with FRST by simply deleting the entry without disturbing the files. Please let me know if you'd like me to (and if you do, if you want me to exclude anything from being disabled; otherwise, I'll just get rid of anything unnecessary). :)
 
Did any of that help the problem?
 
Gunto

Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#6 dreamhouse

dreamhouse
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 15 November 2015 - 07:03 AM

Hi Gunto,

 

JRT just STOPS when reaching "checking Mozzila Firefox" and disappears from screen leaving no logs, no nothing on screen....it just vanishes. I found an explanation here https://forums.malwarebytes.org/index.php?/topic/173960-junkware-removal-tool-jrt-crashes-just-stops/  from thisisu (the developer) himself that says it´s a bug and is already corrected in version 8.0.0 which is not out yet.....so what to do next?

 

As for your fixlist, did you read my first post when I say that C:\Program Files (x86)\GbPlugin\gbpsv.exe} refers to my banking security software, so why do you have it mentioned on the fixlist?

 

And, thank you so for your care in seeing other issues on my computer, but some programs I will want to keep, ok? So here´s a list of the ones I uninstalled with IOBIT uninstaller.  

 

Adobe AIR

Adobe Media Player

aTube Catcher versão 3.8

Driver Booster 3.0

Duplicate File Finder

ExtractNow

Icecream Ebook Reader versão 1.53

Java 8 Update 45

Java 8 Update 60 - (updated it to java 8 update 65 - thanks)

Magical Jelly Bean KeyFinder

Microsoft Silverlight

Vuze

Wise Auto Shutdown 1.44

 

In Windows 10 msconfig will send you to task manager and it is not so detailed.

Thank you so much. I´ll wait for your feedback.



#7 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,284 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:05:40 PM

Posted 15 November 2015 - 01:37 PM

Hi,

 

That's most unfortunate... still, I suppose there's nothing we can do about JRT but wait for thisisu to release the update.

 

Yes, I am aware that that program is your banking software. I'm confused, though; I didn't put it in the fixlist. Unless you are referring to these:

AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg==

These are alternate data streams, and deleting an ADS will not harm the file or folder in question. An ADS is basically a file or command attached to a normal file/folder, but isn't part of the file/folder itself. They're also relatively hidden; not many conventional security tools will even detect them. Naturally, malware can and will use this to its benefit, so unless I am 100% sure an ADS is safe, I will get rid of it. I'm sure you can understand my concern of not wanting a possibly-bad ADS on something as important as banking software. Plus, if a legitimate ADS does get deleted, it can be/will automatically be recreated with no trouble. Nevertheless, if deleting these ADS bothers you, I suppose they can be removed from the script.

 

Regarding the programs, understood. :)

 

About MSCONFIG/Task Manager, right click on any disabled entries and click Enable.

 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#8 dreamhouse

dreamhouse
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 15 November 2015 - 02:42 PM

So concerning the rogue idm extension, what should we do?

 

Thanks.



#9 dreamhouse

dreamhouse
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 15 November 2015 - 03:12 PM

Fix result of Farbar Recovery Scan Tool (x64) Version:05-11-2015
Ran by Clarita Maia (2015-11-15 18:11:18) Run:2
Running from C:\Users\Clarita Maia\Desktop
Loaded Profiles: Clarita Maia (Available Profiles: Clarita Maia)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
S1 gbpddfac; system32\drivers\gbpddfac64.sys [X]
C:\Users\Clarita Maia\AppData\Roaming\Subhra Das Gupta
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Galeria de Fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
OJIA4610FWUpdateAlert (x32 Version: 1.00.0000 - HP) Hidden
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Task: {01E67F3E-A015-4158-BD6F-AABAC7038489} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {16B6548B-E291-48AA-BA11-A06F3C434451} - System32\Tasks\{1B7752B0-FD85-4415-8ECC-2DDB65E7F556} => Chrome.exe hxxp://ui.skype.com/ui/0/7.8.0.102/pt/abandoninstall?source=lightinstaller&amp;page=tsInstall
Task: {18C776A4-D6E5-4043-9F44-CB0F3DF4FA9F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {60888CAA-8999-44A0-B8DF-181C9E689FE2} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {67D64C6D-2778-493A-A52A-372F30C0D5FA} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {7535ED3B-01ED-4D45-BF5C-B5C6EA991EF1} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {7FAAF498-7A60-49EE-9B64-9720F66000E7} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {8D61AABE-8B6C-4036-8B2A-662BD87DECDC} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {958E237E-3123-4508-99E1-FC98B50DFA93} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {9A03133F-3847-40E0-AD32-9F94461B4B30} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {C69AE164-5AB3-4466-ACB0-D80476B32F0B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {D7C3B935-B413-4D92-8E65-6280CC0CA261} - System32\Tasks\{3B897FB3-5F99-45C6-BFC6-21AB797D0A08} => Chrome.exe hxxp://ui.skype.com/ui/0/7.4.0.102/pt/go/help.faq.installer?LastError=1601
Task: {EBF31C12-772D-4E06-950A-D4136331D1B8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg==
AlternateDataStreams: C:\WINDOWS\System32:0EB5450A_Bb.gbp
FirewallRules: [UDP Query User{1A928968-4D23-4C88-AF6A-952DC5D34C55}F:\downloads\compressed\kms_vl_all_3.7\kms_vl_all\kms-hgm.exe] => (Allow) F:\downloads\compressed\kms_vl_all_3.7\kms_vl_all\kms-hgm.exe
FirewallRules: [TCP Query User{5F5DA30B-E20B-419C-977E-15CEFC807A1E}F:\downloads\compressed\kms_vl_all_3.7\kms_vl_all\kms-hgm.exe] => (Allow) F:\downloads\compressed\kms_vl_all_3.7\kms_vl_all\kms-hgm.exe
FirewallRules: [{05462804-2F5C-4266-8FD8-AF71D084BA85}] => (Allow) C:\Users\Clarita Maia\AppData\Local\Temp\Temp1_MTKV252.zip\Microsoft Toolkit.exe
FirewallRules: [{24472EC2-B03F-422C-A03B-ECE2BC411250}] => (Allow) C:\Users\Clarita Maia\AppData\Local\Temp\Temp1_MTKV252.zip\Microsoft Toolkit.exe
FirewallRules: [UDP Query User{44082CD7-63DC-4337-8E19-84BF33F9C7C0}F:\downloads\programs\rtlapconf (2014_04_08 16_51_55 utc).exe] => (Allow) F:\downloads\programs\rtlapconf (2014_04_08 16_51_55 utc).exe
FirewallRules: [TCP Query User{2C9B7D8C-8A54-4549-B134-42FA418D7B67}F:\downloads\programs\rtlapconf (2014_04_08 16_51_55 utc).exe] => (Allow) F:\downloads\programs\rtlapconf (2014_04_08 16_51_55 utc).exe
FirewallRules: [UDP Query User{A95D394B-2E21-493D-A8DB-8D3B52C0F28F}F:\downloads\programs\rtlapconf (2014_04_08 16_51_55 utc).exe] => (Allow) F:\downloads\programs\rtlapconf (2014_04_08 16_51_55 utc).exe
FirewallRules: [TCP Query User{2990331D-A4B2-4788-8B97-59FB80EB1C68}F:\downloads\programs\rtlapconf (2014_04_08 16_51_55 utc).exe] => (Allow) F:\downloads\programs\rtlapconf (2014_04_08 16_51_55 utc).exe
*****************
 
gbpddfac => service removed successfully
C:\Users\Clarita Maia\AppData\Roaming\Subhra Das Gupta => moved successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8DAA31EB-6830-4006-A99F-4DF8AB24714F}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B29AD377-CC12-490A-A480-1452337C618D}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E09C4DB7-630C-4F06-A631-8EA7239923AF}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9EE1AE8B-4872-41CA-8C9A-C33D899523E0}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\\SystemComponent => value not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{098727E1-775A-4450-B573-3F441F1CA243}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C05F4139-CB6B-4272-A0BF-861FEB667F27}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0C878584-82E6-46C6-B8A8-FED6FEF650A2}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CC75AB5C-2110-4A7F-AF52-708680D22FE8}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001F-0416-0000-0000000FF1CE}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{842B4B72-9E8F-4962-B3C1-1C422A5C4434}\\SystemComponent => value removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{01E67F3E-A015-4158-BD6F-AABAC7038489}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01E67F3E-A015-4158-BD6F-AABAC7038489}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{16B6548B-E291-48AA-BA11-A06F3C434451}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{16B6548B-E291-48AA-BA11-A06F3C434451}" => key removed successfully
C:\WINDOWS\System32\Tasks\{1B7752B0-FD85-4415-8ECC-2DDB65E7F556} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1B7752B0-FD85-4415-8ECC-2DDB65E7F556}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{18C776A4-D6E5-4043-9F44-CB0F3DF4FA9F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{18C776A4-D6E5-4043-9F44-CB0F3DF4FA9F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{60888CAA-8999-44A0-B8DF-181C9E689FE2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60888CAA-8999-44A0-B8DF-181C9E689FE2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{67D64C6D-2778-493A-A52A-372F30C0D5FA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{67D64C6D-2778-493A-A52A-372F30C0D5FA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7535ED3B-01ED-4D45-BF5C-B5C6EA991EF1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7535ED3B-01ED-4D45-BF5C-B5C6EA991EF1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7FAAF498-7A60-49EE-9B64-9720F66000E7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7FAAF498-7A60-49EE-9B64-9720F66000E7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8D61AABE-8B6C-4036-8B2A-662BD87DECDC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D61AABE-8B6C-4036-8B2A-662BD87DECDC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{958E237E-3123-4508-99E1-FC98B50DFA93}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{958E237E-3123-4508-99E1-FC98B50DFA93}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9A03133F-3847-40E0-AD32-9F94461B4B30}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A03133F-3847-40E0-AD32-9F94461B4B30}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C69AE164-5AB3-4466-ACB0-D80476B32F0B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C69AE164-5AB3-4466-ACB0-D80476B32F0B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D7C3B935-B413-4D92-8E65-6280CC0CA261}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7C3B935-B413-4D92-8E65-6280CC0CA261}" => key removed successfully
C:\WINDOWS\System32\Tasks\{3B897FB3-5F99-45C6-BFC6-21AB797D0A08} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3B897FB3-5F99-45C6-BFC6-21AB797D0A08}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EBF31C12-772D-4E06-950A-D4136331D1B8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EBF31C12-772D-4E06-950A-D4136331D1B8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
C:\Program Files (x86)\GbPlugin => ":IncompleteStartProcessProtection.cnt" ADS removed successfully.
C:\Program Files (x86)\GbPlugin => ":u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg==" ADS removed successfully.
C:\WINDOWS\System32 => ":0EB5450A_Bb.gbp" ADS removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{1A928968-4D23-4C88-AF6A-952DC5D34C55}F:\downloads\compressed\kms_vl_all_3.7\kms_vl_all\kms-hgm.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{5F5DA30B-E20B-419C-977E-15CEFC807A1E}F:\downloads\compressed\kms_vl_all_3.7\kms_vl_all\kms-hgm.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{05462804-2F5C-4266-8FD8-AF71D084BA85} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{24472EC2-B03F-422C-A03B-ECE2BC411250} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{44082CD7-63DC-4337-8E19-84BF33F9C7C0}F:\downloads\programs\rtlapconf (2014_04_08 16_51_55 utc).exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{2C9B7D8C-8A54-4549-B134-42FA418D7B67}F:\downloads\programs\rtlapconf (2014_04_08 16_51_55 utc).exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A95D394B-2E21-493D-A8DB-8D3B52C0F28F}F:\downloads\programs\rtlapconf (2014_04_08 16_51_55 utc).exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{2990331D-A4B2-4788-8B97-59FB80EB1C68}F:\downloads\programs\rtlapconf (2014_04_08 16_51_55 utc).exe => value removed successfully
 
==== End of Fixlog 18:11:19 ====


#10 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,284 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:05:40 PM

Posted 15 November 2015 - 04:13 PM

Hi,

 

Thanks for running the fix. :)

 

I'd say it's time to give RogueKiller a whirl.

 

RogueKiller

I need you to run RogueKiller to see what it will remove.

  • Download RogueKiller from here, and save it to your desktop.
  • Close all open programs.
  • Double click the file on your desktop. Accept the disclaimer, and once the automatic check completes, hit the Scan button.
  • Once the full scan has finished, click on the Report button, click Open TXT, and copy and paste its contents into your reply. I will then review what items to delete.

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#11 dreamhouse

dreamhouse
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 17 November 2015 - 06:40 AM

Hi Gunto,

 

JRT 8.0.0 was out and I post the log bellow. But the extension wasn´t touched by it and even if it deleted it in Chrome´s extension folder I have already done that with no succes BECAUSE IT REINSTALLS ITSELF! The idm rogue extension id is ID: cnlojoclkbpmfhakhaagjpjfifbaoadf. 

 

After the JRT,txt I also post the RogueKiller log. Thank you so far!

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.0 (11.12.2015)
Operating System: Windows 10 Pro x64 
Ran by Clarita Maia (Administrator) on 17/11/2015 at  8:14:13,84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 8 
 
Successfully deleted: C:\ProgramData\productdata (Folder) 
Successfully deleted: C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio (Folder) 
Successfully deleted: C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gkojfkhlekighikafcpjkiklfbnlmeio_0.localstorage-journal (File) 
Successfully deleted: C:\Users\Clarita Maia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gkojfkhlekighikafcpjkiklfbnlmeio_0.localstorage (File) 
Successfully deleted: C:\Users\Clarita Maia\AppData\Local\ysearchutil (Folder) 
Successfully deleted: C:\Users\Clarita Maia\AppData\Roaming\productdata (Folder) 
Successfully deleted: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Clarita_Maia.job (Task) 
Successfully deleted: C:\WINDOWS\prefetch\DRIVERBOOSTER.EXE-137BF219.pf (File) 
 
 
 
Registry: 1 
 
Successfully deleted: HKLM\Software\Google\Chrome\Extensions\npdicihegicnhaangkdmcgbjceoemeoo (Registry Key) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17/11/2015 at  8:37:06,35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
RogueKiller V10.11.6.0 [Nov 16 2015] (Free) por Adlice Software
 
Sistema Operacional : Windows 10 (10.0.10240) 64 bits version
Iniciou : Modo normal
Usuário : Clarita Maia [Administrador]
Started from : C:\Users\Clarita Maia\Desktop\RogueKiller.exe
Modo : Escanear -- Data : 11/17/2015 09:37:34
 
¤¤¤ Processos : 0 ¤¤¤
 
¤¤¤ Registro : 4 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 72.4.146.248 8.8.8.8 ([UNITED STATES (US)][-])  -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 72.4.146.248 8.8.8.8 ([UNITED STATES (US)][-])  -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b5e599a8-7b32-411b-8497-4172db635a48} | DhcpNameServer : 72.4.146.248 8.8.8.8 ([UNITED STATES (US)][-])  -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{b5e599a8-7b32-411b-8497-4172db635a48} | DhcpNameServer : 72.4.146.248 8.8.8.8 ([UNITED STATES (US)][-])  -> Encontrado
 
¤¤¤ Tarefas : 0 ¤¤¤
 
¤¤¤ Arquivos : 2 ¤¤¤
[PUP][Pasta] C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} -> Encontrado
[PUP][Pasta] C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} -> Encontrado
 
¤¤¤ Arquivos de hosts : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
 
¤¤¤ Antirootkit : 0 (Driver: Não carregado [0xc000036b]) ¤¤¤
 
¤¤¤ Navegadores : 0 ¤¤¤
 
¤¤¤ Verificação da MBR : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] 1df08c7d7a7986674fe632f623346b93
[BSP] 42eab0954f16c635354bfcf1fc84f5c7 : Empty|VT.Unknown MBR Code
Partition table:
0 - Microsoft reserved partition | Offset (sectors): 34 | Size: 128 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 264192 | Size: 100 MB
2 - Basic data partition | Offset (sectors): 468992 | Size: 711108 MB
3 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 1456818176 | Size: 450 MB
4 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 1457739776 | Size: 450 MB
5 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 1458661376 | Size: 350 MB
6 - Basic data partition | Offset (sectors): 1459378176 | Size: 800999 MB
7 - Basic data partition | Offset (sectors): 3099824128 | Size: 649000 MB
8 - Basic data partition | Offset (sectors): 4428978176 | Size: 699000 MB
User = LL1 ... OK
User = LL2 ... OK

 



#12 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,284 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:05:40 PM

Posted 17 November 2015 - 01:24 PM

Hi,

 

Alright, thanks for running JRT anyway. Man, this extension is something else. :blink:

 

Please open RogueKiller and run another scan as you have previously. This time, though, when it's done scanning, click the Files/Folders tab, and place checks next to these items:

[PUP][Pasta] C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}

[PUP][Pasta] C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}

Once you've done that, click the Delete button. Once RogueKilller is done deleting things, click on the Report button, click Open TXT, and copy and paste its contents into your reply.

 

Unfortunately, I doubt that will fix it, either... if it doesn't, I'm going to need you to do a clean reinstall of Chrome. When uninstalling it, please delete all settings and extensions along with it. I understand it'll be a pain getting all of your legitimate extensions back, but at this point it's highly possible that whatever is recreating the malware is embedded in Chrome other than the extension.

 

Let me know how all of this went.

 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#13 dreamhouse

dreamhouse
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 17 November 2015 - 01:51 PM

Hi Gunto,

 

Well, I tried to remove it once more and it seems that deleting it in C:\User\AppData\Local\Google\Chrome\User Data\Default\Extensions and then in chrome´s extensions page and blocking all adds and NOT  clicking the page that was opening DID THE TRICK....I have restarted my computer for the second time now after doing that and the extension is not coming back so far.

 

I´ll wait one more day and get back you....either after reinstalling Chrome or to tell you it was finally deleted, ok?

 

Thank you so much!



#14 dreamhouse

dreamhouse
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 18 November 2015 - 11:05 AM

It hasn´t reinstalled....it´s gone.....thank you so much for your patience and swift replies! I guess you can close this post!



#15 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,284 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:05:40 PM

Posted 18 November 2015 - 04:18 PM

Hi,

 

Awesome! So glad you fixed it! I apologize for not being able to fix it myself, but what matters is that it's resolved. :thumbup2:

 

However, we're not quite done here yet. I'm gonna have you verify that you're malware-free and do a little cleanup before I close this thread. :)

 

First, if you haven't already, I'd advise using RogueKiller to get rid of those two folders. While they are most likely not related to the IDM infection, they still seem mighty suspicious to me.

 

Malwarebytes

Next, I need you to run a scan with Malwarebytes Anti-Malware to check for leftovers.

  • Double-click the MBAM shortcut on your desktop (or single-click the one in your start menu) to open MBAM.
  • Click Update Now >>, and check for updates. If a new version of MBAM is included in the update, follow the prompts and install it.
  • Once the program is done updating, click Scan at the top of the main interface. Then select the Custom Scan option, and hit the Configure Scan button. On this screen, make sure every box is checked, then start the scan. If there is an update available, allow MBAM to update.
  • Once the scan is finished, click Apply Actions to any found malware. If MBAM asks you to reboot, do so immediately.
  • When done, retrieve the log by clicking History on the main interface, then Application logs. View the log of the scan you just ran, then click the Export button, select Copy to Clipboard, and paste it into your reply.

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users