Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Probably infected and hacked =(


  • This topic is locked This topic is locked
11 replies to this topic

#1 billiebr

billiebr

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 04 February 2016 - 10:57 AM

Hello guys! This is my first time posting here. I'd like to say this forum is awesome and the work you do helping people from everywhere is so much appreciated. I wish we had more initiatives like this in other areas as well.

Recently, I am being unable to open some programs and some even close unexpectedly. While trying to figure out what may be happening, I tried to install Process Hacker2, which couldn't open and popped this window:

 

EFGstCb.jpg

 

This happened everytime except when I logged in safe mode, and with another program as well. Those programs I can't use also work on safe mode only (and safe mode with network support).

Here is my hijackthis log:

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 1:55:55 PM, on 2/4/2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18098)
 
FIREFOX: 39.0.3 (x86 pt-BR)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Windows\System32\TiltWheelMouse.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Users\William\RebusDrop\App\RebusDrop.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\William\Downloads\HijackThis.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\prevhost.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [ADSKAppManager] "C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe" -showminimized -checkautorun
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Rootkit (cleanup)] "C:\ProgramData\Malwarebytes' Anti-Malware (portable)\mbamdor.exe" "C:\ProgramData\Malwarebytes' Anti-Malware (portable)"
O4 - HKCU\..\Run: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
O4 - Startup: RebusDrop.lnk = William\RebusDrop\App\RebusDrop.exe
O4 - Global Startup: Content Manager Assistant for PlayStation®.lnk = C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
O4 - Global Startup: Network Server.lnk = C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: http://www.bb.com.br
O15 - Trusted Zone: imagem.caixa.gov.br
O15 - Trusted Zone: internetbanking.caixa.gov.br
O15 - Trusted Zone: www.caixa.gov.br
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O20 - Winlogon Notify:  GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll
O23 - Service: Autodesk Application Manager Service (AdAppMgrSvc) - Autodesk Inc. - C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
O23 - Service: BlueStacks Updater Service (BstHdUpdaterSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Kinoni Remote Desktop (KinoniRemoteDesktop) - Unknown owner - C:\Program Files (x86)\Kinoni\Remote Desktop\service.exe
O23 - Service: Kaspersky Security Scan Service (KSS) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: mental ray Satellite for Autodesk 3ds Max 2014 64-bit (mi-raysat_3dsmax2014_64) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - PowerUp Software, LLC - C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Corel License Validation Service V2 x64, Powered by arvato (PSI_SVC_2_x64) - arvato digital services llc - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WibuKey Server (WkSvw32.exe) - WIBU-SYSTEMS AG - C:\Program Files (x86)\WIBUKEY\Server\WkSvw32.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wacom Consumer Service (WTabletServiceCon) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
 
--
End of file - 15087 bytes
 
 
I say I've been hacked because of a change in an old e-mail account which I didn't do. Unfortunately, this e-mail provider didn't do anything to help, and couldn't even tell me when this change happened or from where the user was connected.
Thank you very much for your help and sorry about my poor english.
 
Edit: forgot to say my OS version is Windows 7 Home Premium

Edited by billiebr, 04 February 2016 - 11:03 AM.


BC AdBot (Login to Remove)

 


#2 billiebr

billiebr
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 04 February 2016 - 11:50 AM

I've just seen in another topic that hijackthis isn't updated to work on 64 bit systems, so I did a Farbar scan:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by William (administrator) on H4CKPWN (04-02-2016 14:41:49)
Running from C:\Users\William\Downloads
Loaded Profiles: William (Available Profiles: William)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\Program Files (x86)\Kinoni\Remote Desktop\service.exe
() C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Kinoni) C:\Program Files (x86)\Kinoni\Remote Desktop\WindowsServer.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\WIBUKEY\Server\WkSvW32.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Highresolution Enterprises) C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(Sony Computer Entertainment Inc.) C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Users\William\RebusDrop\App\RebusDrop.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Sony Computer Entertainment Inc.) C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\William\Downloads\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [595840 2012-03-02] ()
HKLM\...\Run: [ThpSrv] => C:\Windows\system32\thpsrv /logon
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2611112 2012-09-04] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-11] (Synaptics Incorporated)
HKLM\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-06] (Autodesk, Inc.)
HKLM\...\Run: [XMouseButtonControl] => C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe [1261712 2014-04-30] (Highresolution Enterprises)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2757424 2015-11-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10867816 2010-06-08] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2092648 2010-06-08] (Realtek Semiconductor)
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [904928 2015-11-04] (GAS Tecnologia LTDA)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [493960 2014-12-05] (Autodesk Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-09-24] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-12-22] (Oracle Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Rootkit (cleanup)] => C:\ProgramData\Malwarebytes' Anti-Malware (portable)\mbamdor.exe [54072 2015-09-10] (Malwarebytes Corporation)
Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-11-04] (Banco do Brasil)
Winlogon\Notify\ GbPluginCef: C:\Program Files (x86)\GbPlugin\gbiehCef.dll [2014-05-09] (Caixa Economica Federal)
HKU\S-1-5-21-592414810-991457841-4206131153-1000\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-06-16] (Kaspersky Lab ZAO)
HKU\S-1-5-21-592414810-991457841-4206131153-1000\...\Policies\Explorer: [] 
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll [1583432 2014-05-09] (Caixa Economica Federal)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll [1945472 2015-11-04] (Banco do Brasil)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2012-02-06] (Autodesk, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Content Manager Assistant for PlayStation®.lnk [2015-02-20]
ShortcutTarget: Content Manager Assistant for PlayStation®.lnk -> C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe (Sony Computer Entertainment Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Network Server.lnk [2014-08-08]
ShortcutTarget: Network Server.lnk -> C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe (WIBU-SYSTEMS AG)
Startup: C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RebusDrop.lnk [2016-02-04]
ShortcutTarget: RebusDrop.lnk -> C:\Users\William\RebusDrop\App\RebusDrop.exe ()
BootExecute: autocheck autochk /p \??\C:autocheck autochk * 
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{079DCB6F-91AB-4846-A405-BECCD9629F07}: [DhcpNameServer] 192.168.25.1
Tcpip\..\Interfaces\{8D696AD1-0B61-425B-B3B8-856DC4D7E0F3}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{99ADD536-FAA2-4962-BF07-A57D62EE8106}: [DhcpNameServer] 189.4.0.158 189.4.0.153
Tcpip\..\Interfaces\{CF44A7AB-5A74-483E-9A78-B2F1B506E8C9}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{F6F44B90-5D2B-48E9-B025-5BD1F56DEB34}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-592414810-991457841-4206131153-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-592414810-991457841-4206131153-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-592414810-991457841-4206131153-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll [2016-02-02] (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll [2015-11-04] (Banco do Brasil)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\Program Files (x86)\GbPlugin\gbiehcef.dll [2014-05-09] (Caixa Economica Federal)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-02-02] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-592414810-991457841-4206131153-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\ah2zkum9.default-1430420177501
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-19] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-19] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-02-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-02-02] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2013-04-19] ( )
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-08-17] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-08-17] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin HKU\S-1-5-21-592414810-991457841-4206131153-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\William\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-592414810-991457841-4206131153-1000: @talk.google.com/O1DPlugin -> C:\Users\William\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-592414810-991457841-4206131153-1000: @tools.google.com/Google Update;version=3 -> C:\Users\William\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-592414810-991457841-4206131153-1000: @tools.google.com/Google Update;version=9 -> C:\Users\William\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-592414810-991457841-4206131153-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\William\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-30] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-592414810-991457841-4206131153-1000: autodesk.com/Autodesk123D -> C:\Users\William\AppData\Roaming\Autodesk\Autodesk123D32\1.0.6\npAutodesk123D32.dll [2013-03-13] (Autodesk)
FF Plugin HKU\S-1-5-21-592414810-991457841-4206131153-1000: autodesk.com/Autodesk123DCNC -> C:\Users\William\AppData\Local\Autodesk\123DPlugins\Autodesk 123D CNC Utility321.0.7\npAutodesk123DCNC32.dll [2013-04-05] (Autodesk)
FF Plugin HKU\S-1-5-21-592414810-991457841-4206131153-1000: gastecnologia.com.br/sf/bb64 -> C:\Users\William\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll [No File]
FF Plugin HKU\S-1-5-21-592414810-991457841-4206131153-1000: gastecnologia.com.br/sf/cef -> C:\Users\William\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll [2014-12-09] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-592414810-991457841-4206131153-1000: gastecnologia.com.br/sf/cef64 -> C:\Users\William\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll [2014-12-09] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-592414810-991457841-4206131153-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-02-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-02-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-02-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-02-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-02-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\William\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\William\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\buscape.xml [2015-05-26]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolivre.xml [2015-05-26]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-10-15] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [search-snacks@search-snacks.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\search-snacks@search-snacks.com => not found
FF HKU\S-1-5-21-592414810-991457841-4206131153-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886D}] - C:\Users\William\AppData\Local\GAS Tecnologia\GBBD\cef\xpi
FF Extension: GBBD Caixa Economica Federal - C:\Users\William\AppData\Local\GAS Tecnologia\GBBD\cef\xpi [2015-04-17] [not signed]
FF HKU\S-1-5-21-592414810-991457841-4206131153-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886C}] - C:\Users\William\AppData\Local\GAS Tecnologia\GBBD\bb\xpi => not found
 
Chrome: 
=======
CHR Profile: C:\Users\William\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Apresentações) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-20]
CHR Extension: (Google Docs) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-20]
CHR Extension: (Google Drive) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-20]
CHR Extension: (YouTube) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-20]
CHR Extension: (Pesquisa do Google) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-20]
CHR Extension: (Planilhas do Google) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-20]
CHR Extension: (Skype Click to Call) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-03-20]
CHR Extension: (Google Wallet) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-20]
CHR Extension: (Gmail) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-20]
CHR Profile: C:\Users\William\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Apresentações) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-22]
CHR Extension: (Google Docs) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-22]
CHR Extension: (Google Drive) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26]
CHR Extension: (YouTube) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (PanicButton) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\faminaibgiklngmfpfbhmokfmnglamcm [2015-04-30]
CHR Extension: (Planilhas do Google) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-22]
CHR Extension: (Word Online) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fiombgjlkfpdpkbhfioofeeinbehmajg [2015-05-18]
CHR Extension: (Documentos Google off-line) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Skype) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-21]
CHR Extension: (GBBD Banco do Brasil) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mkeabchhfifpaaoefpockjhaphjmoapp [2015-04-15]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR Extension: (Alerta de senha) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\noondiphcddnnabmjcihcjfbhfklnnep [2015-08-17]
CHR Extension: (GBBD Caixa Economica Federal) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pbcaplhfkihhldmlbjhgajdeghjdbffi [2015-12-31]
CHR Extension: (Bitdefender QuickScan) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2015-06-10]
CHR Extension: (Gmail) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [599944 2014-12-05] (Autodesk Inc.)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2015-03-03] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2015-03-03] (BlueStack Systems, Inc.)
S2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [794328 2015-03-03] (BlueStack Systems, Inc.)
S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S4 DAZContentManagementService; C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [22528 2011-05-05] () [File not signed]
S4 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2014-08-14] () [File not signed]
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [593120 2015-11-04] (GAS Tecnologia)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156400 2015-11-12] (NVIDIA Corporation)
R2 KinoniRemoteDesktop; C:\Program Files (x86)\Kinoni\Remote Desktop\service.exe [73216 2015-02-03] () [File not signed]
R2 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-06-16] (Kaspersky Lab ZAO)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 mi-raysat_3dsmax2014_64; C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe [86016 2011-09-15] () [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872688 2015-11-12] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8133424 2015-11-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5915440 2015-11-12] (NVIDIA Corporation)
S2 PinnacleUpdateSvc; C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe [438272 2014-01-12] (PowerUp Software, LLC) [File not signed]
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [904928 2015-11-04] (GAS Tecnologia LTDA)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WkSvw32.exe; C:\Program Files (x86)\WIBUKEY\Server\WkSvw32.exe [657800 2014-08-08] (WIBU-SYSTEMS AG)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [627992 2014-01-13] (Wacom Technology, Corp.)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 appliand; C:\Windows\System32\DRIVERS\appliand.sys [30304 2013-02-06] (Applian Technologies Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2015-03-03] (BlueStack Systems)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)
S3 CEDRIVER60; C:\Program Files (x86)\Cheat Engine 6.4\dbk64.sys [64064 2014-06-20] ()
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S1 gbpddfac; C:\Windows\System32\drivers\gbpddfac64.sys [28888 2016-01-12] (GAS Tecnologia)
S1 gbpddfac; C:\Windows\SysWOW64\drivers\gbpddfac64.sys [28888 2015-09-22] (GAS Tecnologia)
S0 gbpddreg; C:\Windows\SysWOW64\drivers\gbpddreg64.sys [29816 2015-09-22] (GAS Tecnologia)
S0 GbpKm; C:\Windows\SysWOW64\drivers\GbpKm.sys [47192 2012-12-04] (GAS Tecnologia)
R3 GBPRCM; C:\PROGRAM FILES (X86)\GBPLUGIN\gbprcm64.sys [29912 2015-09-22] (GAS Tecnologia)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [27456 2012-07-31] (Intel Corporation)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2016-02-04] (Malwarebytes)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [121416 2012-05-12] (MotioninJoy) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19760 2015-11-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
S3 RivaTuner64; C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [19952 2013-12-01] ()
U0 rjaty; C:\Windows\System32\drivers\imofugc.sys [79064 2016-02-04] (Malwarebytes Corporation)
S3 RTL8187B; C:\Windows\System32\DRIVERS\rtl8187B.sys [450048 2010-03-31] (Realtek Semiconductor Corporation                           )
S3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1460808 2013-05-02] (Realtek Semiconductor Corporation                           )
R3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()
R3 voxaldriver; C:\Windows\System32\DRIVERS\voxaldriverx64.sys [34512 2015-09-23] ()
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2014-10-31] (GAS Tecnologia LTDA)
R2 WIBUKEY; C:\Windows\System32\DRIVERS\WibuKey64.sys [105008 2014-08-08] (WIBU-SYSTEMS AG)
R4 WinDivert1.1; C:\Program Files\Diebold\Warsaw\WinDivert64.sys [38104 2015-07-07] (Basil)
S1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [101080 2016-02-03] (GAS Tecnologia)
R1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [103640 2015-03-18] (GAS Tecnologia)
S1 Bfilter; \??\C:\Windows\System32\drivers\Bfilter.sys [X]
S1 Bfmon; \??\C:\Windows\System32\drivers\Bfmon.sys [X]
S1 Bnbase; System32\drivers\bnbasex64.sys [X]
S1 Bndef; \??\C:\Windows\System32\drivers\bndef64.sys [X]
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X]
S1 ssnfd; system32\drivers\ssnfd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-04 14:41 - 2016-02-04 14:41 - 02370560 _____ (Farbar) C:\Users\William\Downloads\FRST64 (1).exe
2016-02-04 13:55 - 2016-02-04 13:55 - 00000000 ____D C:\Users\William\Downloads\backups
2016-02-04 12:50 - 2016-02-04 12:50 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\imofugc.sys
2016-02-04 12:47 - 2016-02-04 12:47 - 00388608 _____ (Trend Micro Inc.) C:\Users\William\Downloads\HijackThis (1).exe
2016-02-04 10:44 - 2016-02-04 12:51 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-02-04 10:42 - 2016-02-04 10:43 - 00000000 ____D C:\Users\William\Desktop\mbar
2016-02-04 10:39 - 2016-02-04 10:41 - 16563352 _____ (Malwarebytes Corp.) C:\Users\William\Downloads\mbar-1.09.3.1001.exe
2016-02-04 09:32 - 2016-02-04 09:32 - 00000000 ____D C:\KVRT_Data
2016-02-04 09:25 - 2016-02-04 09:32 - 90855320 _____ (Kaspersky Lab ZAO) C:\Users\William\Downloads\KVRT.exe
2016-02-04 08:39 - 2016-02-04 08:39 - 00003024 _____ C:\Windows\System32\Tasks\EVGAPrecision
2016-02-04 02:52 - 2016-02-04 02:59 - 00070202 _____ C:\Users\William\Downloads\Addition.txt
2016-02-04 02:48 - 2016-02-04 14:41 - 00036894 _____ C:\Users\William\Downloads\FRST.txt
2016-02-04 02:48 - 2016-02-04 14:41 - 00000000 ____D C:\FRST
2016-02-04 02:47 - 2016-02-04 02:47 - 02370560 _____ (Farbar) C:\Users\William\Downloads\FRST64.exe
2016-02-04 02:14 - 2016-02-04 02:14 - 00104072 _____ C:\Users\William\Downloads\1.bmp
2016-02-04 02:14 - 2016-02-04 02:14 - 00041080 _____ C:\Users\William\Downloads\2.bmp
2016-02-04 02:09 - 2016-02-04 02:10 - 00000794 _____ C:\Users\William\Desktop\unhide.txt
2016-02-04 02:09 - 2016-02-04 02:09 - 00380416 _____ C:\Users\William\Downloads\pzh2h2g0.exe
2016-02-04 02:08 - 2016-02-04 02:08 - 00398752 _____ (Bleeping Computer, LLC) C:\Users\William\Downloads\unhide.exe
2016-02-04 01:44 - 2016-02-04 01:44 - 00030346 _____ C:\ComboFix.txt
2016-02-04 00:53 - 2016-02-04 00:53 - 05656479 ____R (Swearware) C:\Users\William\Downloads\ComboFix.exe
2016-02-04 00:44 - 2016-02-04 00:44 - 00000000 ____D C:\Users\William\AppData\Roaming\Process Hacker 2
2016-02-04 00:26 - 2016-02-04 00:26 - 00001924 _____ C:\Users\William\Desktop\Process Hacker 2.lnk
2016-02-04 00:26 - 2016-02-04 00:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
2016-02-04 00:26 - 2016-02-04 00:26 - 00000000 ____D C:\Program Files\Process Hacker 2
2016-02-03 23:28 - 2016-02-03 23:28 - 00025412 _____ C:\Users\William\tasklista.txt
2016-02-03 23:17 - 2016-02-03 23:18 - 02145696 _____ (wj32 ) C:\Users\William\Downloads\processhacker-2.37-setup.exe
2016-02-03 23:17 - 2016-02-03 23:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2016-02-03 22:00 - 2016-02-03 22:00 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\64C22900.sys
2016-02-03 21:51 - 2016-02-03 21:53 - 18348472 _____ (Adobe Systems Inc.) C:\Users\William\Downloads\AdobeAIRInstaller.exe
2016-02-03 00:15 - 2016-02-03 00:15 - 00000213 _____ C:\Users\William\Desktop\lista.txt
2016-02-02 16:51 - 2016-02-02 16:51 - 00000048 _____ C:\Users\William\Desktop\net bosta.txt
2016-02-02 12:09 - 2016-02-02 12:09 - 00019308 _____ C:\Users\William\Downloads\boleto_020216120612.pdf
2016-02-02 12:08 - 2016-02-02 12:08 - 00019320 _____ C:\Users\William\Downloads\boleto_020216120526.pdf
2016-02-02 12:08 - 2016-02-02 12:08 - 00019308 _____ C:\Users\William\Downloads\boleto_020216120523.pdf
2016-02-02 12:07 - 2016-02-02 12:07 - 00019320 _____ C:\Users\William\Downloads\boleto_020216120353.pdf
2016-02-02 12:07 - 2016-02-02 12:07 - 00019308 _____ C:\Users\William\Downloads\boleto_020216120433.pdf
2016-02-02 04:04 - 2016-02-02 04:04 - 00000000 ____D C:\Users\William\Documents\League of Legends
2016-02-02 01:38 - 2016-02-03 23:17 - 00001613 _____ C:\Users\Public\Desktop\League of Legends.lnk
2016-02-02 01:38 - 2016-02-02 01:38 - 00000000 ____D C:\Riot Games
2016-02-02 01:37 - 2016-02-02 01:38 - 27864920 _____ (Riot Games) C:\Users\William\Downloads\LeagueofLegends_NA_Installer_9_15_2014.exe
2016-02-02 01:07 - 2016-02-02 01:08 - 02018808 _____ (wj32 ) C:\Users\William\Downloads\processhacker-2.36-setup.exe
2016-02-02 01:00 - 2016-02-02 01:00 - 00000048 _____ C:\Users\William\Desktop\limparjavaws.bat
2016-01-30 02:52 - 2016-01-30 02:54 - 00282360 _____ C:\Users\William\Downloads\RAFTools.jar
2016-01-30 02:10 - 2016-01-30 02:10 - 00033932 _____ C:\Users\William\Downloads\skn2obj113.zip
2016-01-22 14:24 - 2016-01-22 14:24 - 00000088 _____ C:\Users\William\Desktop\modelagi.txt
2016-01-19 16:09 - 2016-01-19 16:09 - 00000000 ____D C:\Users\William\AppData\Roaming\WTablet
2016-01-18 21:32 - 2016-01-18 21:32 - 00081052 _____ C:\Users\William\Downloads\1895788468304221.pdf
2016-01-18 16:26 - 2016-01-18 16:26 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom
2016-01-18 16:26 - 2016-01-18 16:26 - 00000000 ____D C:\Program Files\TabletPlugins
2016-01-18 16:26 - 2016-01-18 16:26 - 00000000 ____D C:\Program Files (x86)\TabletPlugins
2016-01-18 16:26 - 2013-11-11 22:16 - 00090424 _____ (Wacom Technology) C:\Windows\system32\Drivers\wachidrouter.sys
2016-01-18 16:26 - 2013-11-11 22:16 - 00015160 _____ (Wacom Technology) C:\Windows\system32\Drivers\wacomrouterfilter.sys
2016-01-18 16:26 - 2013-11-11 22:16 - 00014136 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\hidkmdf.sys
2016-01-18 16:25 - 2016-01-18 16:26 - 00000000 ____D C:\Program Files\Tablet
2016-01-18 16:25 - 2014-01-13 14:24 - 01913624 _____ (Wacom Technology, Corp.) C:\Windows\system32\Pen_Tablet.dll
2016-01-18 16:25 - 2014-01-13 14:24 - 01906968 _____ (Wacom Technology, Corp.) C:\Windows\system32\Pen_Touch_Tablet.dll
2016-01-18 16:25 - 2014-01-13 14:24 - 01780504 _____ (Wacom Technology, Corp.) C:\Windows\system32\WacomMT.dll
2016-01-18 16:25 - 2014-01-13 14:24 - 01778968 _____ (Wacom Technology, Corp.) C:\Windows\system32\Wintab32.dll
2016-01-18 16:25 - 2014-01-13 14:24 - 01551640 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Pen_Tablet.dll
2016-01-18 16:25 - 2014-01-13 14:24 - 01544472 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Pen_Touch_Tablet.dll
2016-01-18 16:25 - 2014-01-13 14:24 - 01432344 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\WacomMT.dll
2016-01-18 16:25 - 2014-01-13 14:24 - 01428248 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wintab32.dll
2016-01-18 16:08 - 2016-01-18 16:12 - 38967952 _____ C:\Users\William\Downloads\PenTablet_533-3.exe
2016-01-14 23:31 - 2016-01-14 23:31 - 00000238 _____ C:\Users\William\Desktop\aluguel niver ale.txt
2016-01-14 13:44 - 2016-01-14 13:44 - 00262192 _____ C:\Windows\Minidump\011416-57938-01.dmp
2016-01-12 10:02 - 2016-01-12 10:02 - 00262192 _____ C:\Windows\Minidump\011216-54756-01.dmp
2016-01-10 18:28 - 2016-01-10 18:28 - 00599552 _____ C:\Users\William\Downloads\lol2dae-v1.3.exe
2016-01-10 18:12 - 2016-01-10 18:12 - 00001080 _____ C:\Users\William\Downloads\Universal Autodesk Keygen 2015 (--- - ---).torrent
2016-01-10 03:20 - 2016-01-14 00:55 - 00000000 ____D C:\Wooxy
2016-01-10 03:20 - 2016-01-10 03:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wooxy
2016-01-10 03:19 - 2016-01-10 03:20 - 05287594 _____ C:\Users\William\Downloads\Wooxy_1_2_0_0_Setup (1).zip
2016-01-10 03:19 - 2016-01-10 03:19 - 05287594 _____ C:\Users\William\Downloads\Wooxy_1_2_0_0_Setup.zip
2016-01-07 18:23 - 2016-01-07 18:23 - 02128956 _____ C:\Users\William\Downloads\20160105150549-5114-013-5518746-4130273005-00-688439.wma
2016-01-07 18:20 - 2016-01-07 18:20 - 00068035 _____ C:\Users\William\Downloads\884614816339.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-04 14:22 - 2009-07-14 02:45 - 00023568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-04 14:22 - 2009-07-14 02:45 - 00023568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-04 14:16 - 2013-01-15 01:23 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-04 14:11 - 2013-04-12 23:48 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-592414810-991457841-4206131153-1000UA.job
2016-02-04 14:11 - 2013-04-09 15:39 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-04 10:44 - 2014-07-16 19:38 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-04 10:43 - 2014-07-16 19:38 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-02-04 10:11 - 2013-04-09 15:39 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-04 08:46 - 2014-07-14 21:24 - 00000000 ____D C:\Users\William\AppData\Local\Adobe
2016-02-04 08:38 - 2013-05-04 13:40 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2016-02-04 08:37 - 2015-03-21 00:44 - 00119296 _____ C:\Windows\SysWOW64\zlib.dll
2016-02-04 08:37 - 2014-05-19 00:29 - 00017920 _____ C:\Windows\SysWOW64\rpcnetp.dll
2016-02-04 08:36 - 2009-07-14 03:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-04 08:35 - 2014-05-19 00:17 - 00017920 _____ C:\Windows\SysWOW64\rpcnetp.exe
2016-02-04 08:35 - 2014-05-19 00:17 - 00017920 _____ C:\Windows\system32\rpcnetp.exe
2016-02-04 08:35 - 2013-01-14 20:08 - 00000000 ____D C:\ProgramData\NVIDIA
2016-02-04 03:58 - 2015-05-02 16:56 - 00000000 ____D C:\Users\William\AppData\Local\CrashDumps
2016-02-04 02:10 - 2015-04-18 12:09 - 00950226 _____ C:\Windows\ntbtlog.txt
2016-02-04 01:45 - 2013-06-19 02:48 - 00000000 ____D C:\Qoobox
2016-02-04 01:40 - 2009-07-14 00:34 - 00000215 _____ C:\Windows\system.ini
2016-02-04 01:38 - 2013-01-14 19:55 - 00000000 ____D C:\Users\William
2016-02-04 01:22 - 2015-12-23 10:51 - 00000000 ____D C:\ProgramData\Temp
2016-02-03 23:55 - 2014-07-16 19:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-03 23:53 - 2013-03-06 22:29 - 00007607 _____ C:\Users\William\AppData\Local\Resmon.ResmonCfg
2016-02-03 23:52 - 2014-07-16 19:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-03 23:39 - 2015-12-23 10:54 - 00101080 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys
2016-02-03 23:11 - 2013-04-12 23:48 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-592414810-991457841-4206131153-1000Core.job
2016-02-03 22:38 - 2014-01-17 02:10 - 00000000 ____D C:\tmp
2016-02-03 22:00 - 2015-06-02 23:15 - 00002441 _____ C:\Users\Public\Desktop\AntiMicro.lnk
2016-02-03 22:00 - 2015-06-02 23:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AntiMicro
2016-02-02 10:06 - 2013-04-09 15:39 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-02 10:06 - 2013-04-09 15:39 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-02 09:38 - 2015-05-21 21:46 - 255304790 _____ C:\Windows\MEMORY.DMP
2016-02-02 01:32 - 2013-12-01 22:20 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2016-02-02 01:04 - 2015-11-26 11:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-02 01:04 - 2014-08-12 00:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2016-02-02 01:04 - 2013-06-26 02:02 - 00000000 ____D C:\Program Files (x86)\Java
2016-02-02 01:03 - 2015-11-26 11:28 - 00000000 ____D C:\Users\William\.oracle_jre_usage
2016-02-02 01:01 - 2015-11-26 11:37 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-02-01 23:06 - 2013-04-12 23:48 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-592414810-991457841-4206131153-1000UA
2016-02-01 23:06 - 2013-04-12 23:48 - 00003494 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-592414810-991457841-4206131153-1000Core
2016-01-30 02:43 - 2013-04-08 19:40 - 00000000 ____D C:\Users\William\AppData\Roaming\vlc
2016-01-29 02:57 - 2015-02-20 03:11 - 00000000 ____D C:\Users\William\AppData\Local\fontconfig
2016-01-29 02:01 - 2015-03-20 19:44 - 00002210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-01-29 02:01 - 2015-03-20 19:44 - 00002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-27 23:58 - 2014-07-21 03:12 - 00000000 ____D C:\Users\William\Documents\maya
2016-01-25 04:05 - 2015-02-10 00:00 - 00000125 _____ C:\Users\William\Desktop\limpiexp.bat
2016-01-22 17:34 - 2009-07-14 03:08 - 00032630 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-01-21 02:41 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\system32\NDF
2016-01-19 18:16 - 2013-01-15 01:23 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-19 18:16 - 2013-01-15 01:23 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-19 18:16 - 2013-01-15 01:23 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-18 16:26 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\inf
2016-01-14 13:44 - 2014-05-19 00:27 - 00000000 ____D C:\Windows\Minidump
2016-01-13 20:35 - 2014-12-23 12:30 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-13 20:34 - 2015-11-18 17:30 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-12 10:02 - 2013-05-04 13:40 - 00000000 ____D C:\ProgramData\GbPlugin
2016-01-12 10:01 - 2015-12-25 02:49 - 00028888 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpddfac64.sys
2016-01-10 18:19 - 2013-01-15 16:29 - 00000000 ____D C:\Users\William\AppData\Roaming\uTorrent
2016-01-06 04:59 - 2013-01-14 15:39 - 00000000 ____D C:\Users\William\AppData\Local\ElevatedDiagnostics
 
==================== Files in the root of some directories =======
 
2013-08-19 02:15 - 2015-08-07 06:10 - 0000132 _____ () C:\Users\William\AppData\Roaming\Adobe BMP Format CS6 Prefs
2014-07-24 02:07 - 2014-07-24 02:07 - 0000132 _____ () C:\Users\William\AppData\Roaming\Adobe IllExport Filter CS6 Prefs
2013-01-25 20:17 - 2015-05-29 22:09 - 0000132 _____ () C:\Users\William\AppData\Roaming\Adobe OpenEXR Format CS6 Prefs
2013-03-26 17:47 - 2014-11-24 22:51 - 0000132 _____ () C:\Users\William\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-02-28 18:09 - 2015-02-28 18:09 - 0000645 _____ () C:\Users\William\AppData\Roaming\Tecnomatix Plant Simulation 3D 11.0.inf
2015-09-23 19:46 - 2015-09-23 19:46 - 0001181 _____ () C:\Users\William\AppData\Roaming\trace_FilterInstaller.txt
2015-09-23 19:46 - 2015-09-23 19:46 - 0000000 _____ () C:\Users\William\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2015-04-17 21:26 - 2015-04-17 21:26 - 0017696 _____ () C:\Users\William\AppData\Roaming\unins002.dat
2015-04-17 21:26 - 2015-04-17 21:26 - 0728225 _____ () C:\Users\William\AppData\Roaming\unins002.exe
2014-10-22 21:38 - 2014-10-22 21:38 - 0001456 _____ () C:\Users\William\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-04-19 04:08 - 2015-04-19 04:08 - 0258577 _____ () C:\Users\William\AppData\Local\ars.cache
2015-04-19 04:08 - 2015-04-19 04:08 - 0468095 _____ () C:\Users\William\AppData\Local\census.cache
2013-02-01 02:26 - 2015-12-18 03:39 - 0052224 _____ () C:\Users\William\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-19 03:47 - 2015-04-19 03:47 - 0000036 _____ () C:\Users\William\AppData\Local\housecall.guid.cache
2015-09-24 04:14 - 2015-10-15 02:34 - 0000600 _____ () C:\Users\William\AppData\Local\PUTTY.RND
2013-03-06 22:29 - 2016-02-03 23:53 - 0007607 _____ () C:\Users\William\AppData\Local\Resmon.ResmonCfg
2015-04-19 04:00 - 2015-04-19 04:00 - 0000010 _____ () C:\Users\William\AppData\Local\sponge.last.runtime.cache
2013-12-15 15:43 - 2015-10-03 19:24 - 0000085 ___SH () C:\ProgramData\.zreglib
2013-01-15 10:22 - 2013-01-15 10:22 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-06-22 20:35 - 2013-06-22 20:35 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-01-29 22:27
 
==================== End of FRST.txt ============================


#3 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,736 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:10:15 PM

Posted 06 February 2016 - 12:19 PM

I am working on this now. I should have something for you in the next 24 to 48 hours.
To err is Human. To blame it on someone else is even more Human.

#4 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,736 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:10:15 PM

Posted 07 February 2016 - 09:56 AM

Thank you for your patience. Before we get to work here are a few things to keep in mind:
  • Please do not run any tools on your own while we solve this. Some are rather powerful, and using one at the wrong moment can have catastrophic effects. Also please refrain from seeking help for this problem elsewhere. Too many cooks spoils the broth.
  • Next, it is important that the instructions given be performed in the order given. We may need one tool to finish its job before another one starts.
  • If at any time my instructions are not clear stop and ask for clarification.
  • Rather than attach any logs to your post it is better that you copy and paste them instead, except if instructed otherwise.
  • Any program that I ask you run should only be run once.
  • As soon as your computer is clean I will let you know.
  • Please try to complete any tasks and reply in 24 hours. I will try to do likewise.
  • If you have any pirated software on your system I must ask that you remove them. No need for you to tell me if you do. Many times such programs are the source of many an infection, which makes cleaning a sick computer just that more difficult. And it's also against BleepingComputer's rules.
  • Lastly, do not make any changes to your computer from here on out until you get an "All Clear from me.
Next:

Going over your logs I noticed that you have uTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.

Now this:

You have already run Combofix. Please do not do that again, unless instructed to. It is a very powerful program. Anyways it did produce a log at:
C:\ComboFix.txt
Post that and post the log found here:
C:\Users\William\Downloads\Addition.txt

Next:

For now I need you to upload some files so they can be scanned.virustotal.jpg
  • Please go to Virustotal
  • Select Choose File
  • Navigate to the following file, double click on it so the file name is populated, then click Scan it!

    C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
  • Once completed, highlight the information in the address bar and copy then paste the link in your reply
Repeat the above upload instructions for the following files:

C:\Users\William\Downloads\pzh2h2g0.exe
C:\Windows\SysWOW64\zlib.dll

Moving on

I noticed a few services and extensions dealing with banks, such as Banco do Brasil, Caixa Economica Federal and this one called GAS Tecnologia LTDA, an anti fraud program. I just need you to tell me if you are aware of them.

Also your Internet Explorer and Chrome browsers have some restrictions imposed on them. Was this something that you did purposely?

One thing I would like you to try. Run Process Hacker again, this time right click on the desktop icon and choose Run as administrator option. Tell me if that helps at all.

Lastly, for now:

Now I need to touch on a rather delicate subject.
Your log showed the presence of a cracked copy of Autodesk. I'm not going to preach about the morality of software acquired this way. I will tell you that if something is too good to be true, then it is. It takes some work to set up pirated software to work, hard to imagine going through all that trouble without some ulterior motive. It's a nice way to insert trojans, key loggers and who knows what else. As long as you're using such software I cannot, with a good conscience, ever know if your computer is truly clean. Here is some more information:
http://www.bleepingcomputer.com/forums/t/520787/concerning-cracked-files-in-illegally-distributed-software/#entry3259816

So if you wish to continue please:
1) Post those requested logs
2) Have those files scanned
3) Answer those questions about those banking programs and browser policy restrictions
4) If using the "Run as administrator" helps with "Process Hacker"

Any questions, bring them to my attention.
To err is Human. To blame it on someone else is even more Human.

#5 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,736 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:10:15 PM

Posted 10 February 2016 - 06:14 PM

It has been three days since my last post. Do you still need my help?
To err is Human. To blame it on someone else is even more Human.

#6 billiebr

billiebr
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 10 February 2016 - 10:17 PM

Hello and thank you very much for your patience. Sorry for not being able to answer earlier.

I scanned the files you asked me with Virus Total and they were clean. Later, while performing a scan with malwarebytes' scanner, my computer screen went black brefly then my computer shut down for itself. I turned it on, then tried scanning again and the same happened. I tried it while logging in safe mode but no infection was detected. While trying to log on again, I got a BSOD (something I didnt see for a long time), then did a system restore. That helped me go back to normal booting, and I decided to do a Windows 10 update.

Now I got my system back to normal but since the process seems a bit glitchy (had to try some times to get it done), it was updated properly, but still I'm thinking on doing a fresh install from an ISO.

I am not sure if upgrading my OS is really effective since all my programs migrated, including those you pointed out I shouldn't have cracked. In fact, going through this mess reminded me of these consequences, setting aside every other aspect of taking this path. This surely taught me a lesson and I'm sure not to do it again.

I'm sorry I couldn't answer before but I couldnt use my computer while it all happened and I didn't have the time to reinstall my OS. Again, thank you for your help.



#7 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,736 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:10:15 PM

Posted 12 February 2016 - 11:12 AM

Now I got my system back to normal but since the process seems a bit glitchy (had to try some times to get it done), it was updated properly, but still I'm thinking on doing a fresh install from an ISO.


It is always wiser to do a fresh install rather than an upgrade, IMHO
 

I am not sure if upgrading my OS is really effective since all my programs migrated, including those you pointed out I shouldn't have cracked. In fact, going through this mess reminded me of these consequences, setting aside every other aspect of taking this path. This surely taught me a lesson and I'm sure not to do it again.


And this is one reason for my previous opinion.
 

Again, thank you for your help.


You are most welcome. Will you be needing any help with the install?
To err is Human. To blame it on someone else is even more Human.

#8 billiebr

billiebr
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 13 February 2016 - 08:01 AM

My last question is about the product key for the new system I'm about to install.. Will I need to purchase a Win 10 copy? I'm confused :S



#9 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,736 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:10:15 PM

Posted 14 February 2016 - 06:26 PM

An activation key? Well, the good news is if you were able to upgrade from Windows 7 to Windows 10 then there is a key somewhere. Now if you downloaded Windows 10 and either burned it to a disc, or used a USB, and are installing it that way you can look for the key as such:

Windows 7

The product key is located inside the box that the Windows DVD came in, on the DVD, on the receipt or confirmation page for a digital purchase or in a confirmation e-mail that shows you purchased Windows. If you purchased a digital copy from Microsoft Store, you can locate your product key in your Account under Digital Content. Or you may find it on the computer itself, stamped on a tag. It will look like this, the Xes stand for both letters and numbers: XXXXX-XXXXX-XXXXX-XXXXX-XXXXX. 25 in all.


Since you did upgrade to Windows 10 there is another way to get that "Fresh Install".

:step1: From the Windows 10 Start Menu, click on Settings.

:step2: On the Settings page, click on the button that reads Update & security.

:step3: Now on the update and security page, click on Recovery, then under Reset This PC click on Get Started.

:step4: Choose the provided option to Remove everything.

:step5: You will be presented with the option to Just remove my files or to Remove files and clean the drive. Choose Remove files and clean the drive.

:step6: Now click on the Reset button.

Now. I must warn you that if you choose the second method, it will mean that you can never revert back to Windows 7.

Please let me know which route you took, and how things are afterwards.
To err is Human. To blame it on someone else is even more Human.

#10 billiebr

billiebr
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 18 February 2016 - 10:02 PM

Thank you for all the help. I apologize I couldnt answer earlier.

Now what happens is, this PC is the only one I have and which I use to work. Due to some short deadlines around I won't be able to do this procedure for a while even in the stage things are, but at least the infection that troubled me isn't showing any signs lately.

I plan to do it somewhere in the near future, and really appreciated your help. For now I'll try and work offline, using the internet by demand only.

Thank you and best regards :)

 

PS: Dear God: next time you create a race, include this procedure in their lives. I'd certainly get some use for a "Reset This Life" button.



#11 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,736 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:10:15 PM

Posted 21 February 2016 - 09:29 AM

Nice to know your computer is doing better. What we will do now, to keep things in order, is lock this topic. Don't worry, when your ready, and if you need help, simply start a new topic.

And some further reading I hope you find useful:

So How did I get infected?

Simple and easy ways to keep your computer safe and secure on the Internet
To err is Human. To blame it on someone else is even more Human.

#12 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:15 PM

Posted 21 February 2016 - 12:02 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users