Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow and Pop-ups


  • This topic is locked This topic is locked
19 replies to this topic

#1 kanon88

kanon88

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 18 March 2016 - 12:24 PM

I think i got Infected by ads, pop-up appearing and sites being redirected everytime.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Avell (administrator) on AVELL-PC (18-03-2016 14:17:42)
Running from C:\Users\Avell\Desktop
Loaded Profiles: Avell & UpdatusUser (Available Profiles: Avell & UpdatusUser)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Português (Brasil)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Egis Technology Inc. ) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Motorola Solutions, Inc.) C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
(Motorola Solutions, Inc.) C:\Program Files\Motorola\Bluetooth\audiosrv.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(VideoPlugin Services) C:\Program Files\VideoPlugin\BrowserService\VideoPlugin.BrowserService.exe
(VideoPlugin Services) C:\Program Files\VideoPlugin\UpdateService\VideoPlugin.UpdateService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Motorola Solutions, Inc.) C:\Program Files\Motorola\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(TODO: <Company name>) C:\Program Files (x86)\BTOPtm\BTOptm.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.1.12\deploy\LoLLauncher.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.52\deploy\LoLPatcher.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Program Files\VideoPlugin\FilterService\VideoPlugin.FilterService.exe
(VideoPlugin Services) C:\Program Files\VideoPlugin\FilterService\VideoPlugin.FilterServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.188\deploy\LolClient.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_182.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_182.exe
(Piriform Ltd) C:\Program Files (x86)\CCleaner\CCleaner64.exe
(Farbar) C:\Users\Avell\Desktop\EnglishFRST64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13353064 2012-01-12] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2816816 2012-03-11] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-15] (Intel Corporation)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [418672 2011-06-22] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202608 2011-06-22] (Egis Technology Inc.)
HKLM-x32\...\Run: [BTOptm] => C:\Program Files (x86)\BTOPtm\BTOptm.exe [1907056 2012-03-09] (TODO: <Company name>)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-08-09] (InstallShield Software Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2014-07-31] (Banco do Brasil)
HKU\S-1-5-21-2315785857-4177499487-4149518941-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-08-09] (InstallShield Software Corporation)
HKU\S-1-5-21-2315785857-4177499487-4149518941-1000\...\Run: [SteelSeries Engine] => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [87040 2014-10-09] (SteelSeries ApS)
HKU\S-1-5-21-2315785857-4177499487-4149518941-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2315785857-4177499487-4149518941-1000\...\Run: [CCleaner Monitoring] => C:\Program Files (x86)\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-2315785857-4177499487-4149518941-1000\...\Policies\Explorer: [TaskbarNoNotification] 1
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll [1754664 2014-07-31] (Banco do Brasil)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6362CEAB-E522-4659-81BF-FBDB80662937}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2315785857-4177499487-4149518941-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.br/
SearchScopes: HKU\S-1-5-21-2315785857-4177499487-4149518941-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-11-12] (Microsoft Corporation)
BHO: EgisPBIE Sign-in Helper -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll [2011-10-26] (Egis Technology Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-11-12] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-08-02] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-10-18] (Oracle Corporation)
BHO-x32: Auxiliar de Conexão de Conta da Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-10-14] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Avell\AppData\Roaming\Mozilla\Firefox\Profiles\zu003tzj.default-1445535691884
FF Homepage: hxxps://www.google.com.br/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll [2016-03-15] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll [2012-08-02] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40620.0\npctrl.dll [2015-06-20] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-15] ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [2014-05-26] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-10-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-05-21] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40620.0\npctrl.dll [2015-06-19] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2012-06-28] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2012-06-28] (NVIDIA Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Avell\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2013-03-30] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2315785857-4177499487-4149518941-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Avell\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-2315785857-4177499487-4149518941-1000: gastecnologia.com.br/sf/cef64 -> C:\Users\Avell\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll [2015-07-14] (GAS Tecnologia)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-05-21] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Avell\AppData\Roaming\mozilla\plugins\np-mswmp.dll [2009-09-25] (Microsoft Corporation)
FF Extension: Adblock Plus - C:\Users\Avell\AppData\Roaming\Mozilla\Firefox\Profiles\zu003tzj.default-1445535691884\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-23]
FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files (x86)\EgisTec BioExcess\FFExt
FF Extension: Online Accounts Extension - C:\Program Files (x86)\EgisTec BioExcess\FFExt [2012-08-01] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{d4da7309-b89a-45ec-8ebb-cfb2ae13618b}] - C:\Program Files (x86)\EgisTec BioExcess\FFExt20
FF Extension: Online Accounts Extension - C:\Program Files (x86)\EgisTec BioExcess\FFExt20 [2012-08-01] [not signed]
FF HKU\S-1-5-21-2315785857-4177499487-4149518941-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886D}] - C:\Users\Avell\AppData\Local\GAS Tecnologia\GBBD\cef\xpi
FF Extension: GBBD Caixa Economica Federal - C:\Users\Avell\AppData\Local\GAS Tecnologia\GBBD\cef\xpi [2015-07-14] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com.br/
CHR StartupUrls: Default -> "hxxp://www.google.com.br/"
CHR Profile: C:\Users\Avell\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Apresentações) - C:\Users\Avell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-16]
CHR Extension: (Google Docs) - C:\Users\Avell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-16]
CHR Extension: (Google Drive) - C:\Users\Avell\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (AdBlock Plus) - C:\Users\Avell\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhbihjkbifdakjlfjkpfeadmgefejcdk [2014-10-20]
CHR Extension: (YouTube) - C:\Users\Avell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Avell\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-04]
CHR Extension: (Planilhas do Google) - C:\Users\Avell\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-16]
CHR Extension: (Documentos Google off-line) - C:\Users\Avell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Online Accounts Extension ) - C:\Users\Avell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ladimmjldcgbeamniagencjbodhnmgen [2014-10-19]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Avell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-30]
CHR Extension: (Gmail) - C:\Users\Avell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-16]
CHR HKLM-x32\...\Chrome\Extension: [ladimmjldcgbeamniagencjbodhnmgen] - C:\Program Files (x86)\EgisTec BioExcess\ChromeEx\EgisPBChromeExt.crx [2011-10-26]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433688 2016-01-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413208 2016-01-07] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [859672 2016-01-07] (BlueStack Systems, Inc.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [239376 2015-10-23] (EasyAntiCheat Ltd)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [647680 2012-08-01] (Macrovision Europe Ltd.) [File not signed]
R3 FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [1028096 2012-08-01] (Macrovision Europe Ltd.) [File not signed]
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2015-11-03] (Hi-Rez Studios) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [271920 2007-05-16] (Nero AG)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5070784 2013-08-01] (INCA Internet Co., Ltd.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-16] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-04] ()
R2 VideoPlugin.BrowserService; C:\Program Files\VideoPlugin\BrowserService\VideoPlugin.BrowserService.exe [138752 2016-03-14] (VideoPlugin Services) [File not signed]
R2 VideoPlugin.FilterService; C:\Program Files\VideoPlugin\FilterService\VideoPlugin.FilterService.exe [104968 2016-03-14] ()
R2 VideoPlugin.UpdateService; C:\Program Files\VideoPlugin\UpdateService\VideoPlugin.UpdateService.exe [52736 2016-03-14] (VideoPlugin Services) [File not signed]
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [154680 2016-01-07] (BlueStack Systems)
S3 danewFltr; C:\Windows\System32\drivers\danew.sys [12032 2010-03-23] (Razer (Asia-Pacific) Pte Ltd) [File not signed]
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-25] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 ENTECH64; C:\Windows\system32\DRIVERS\ENTECH64.sys [12744 2008-09-17] (EnTech Taiwan)
S0 GbpKm; C:\Windows\SysWOW64\drivers\GbpKm.sys [49536 2013-05-08] (GAS Tecnologia)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-15] (Visicom Media Inc.)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35440 2014-05-13] (Visicom Media Inc.)
S3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [43720 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-09-22] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
S3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [44232 2015-08-13] (Razer Inc)
R3 SAlphamHid; C:\Windows\System32\DRIVERS\SAlpham64.sys [39168 2014-12-23] (SteelSeries Corporation)
R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2014-06-07] (Sony Ericsson Mobile Communications)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-20] (Anchorfree Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-01-12] ()
R2 VideoPlugin.FilterDriver; C:\Program Files\VideoPlugin\FilterService\VideoPlugin.FilterDriver.sys [13392 2016-03-14] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-18 14:17 - 2016-03-18 14:18 - 00022194 _____ C:\Users\Avell\Desktop\FRST.txt
2016-03-18 13:31 - 2016-03-18 13:31 - 02374144 _____ (Farbar) C:\Users\Avell\Desktop\EnglishFRST64.exe
2016-03-18 13:29 - 2016-03-18 13:45 - 00000000 ____D C:\Users\Avell\Desktop\virus remotion
2016-03-14 23:28 - 2016-03-14 23:32 - 00000000 ____D C:\Users\Avell\Downloads\Yu-Gi-Oh 1-50
2016-03-14 22:25 - 2016-03-14 22:25 - 00000000 ____D C:\Users\Avell\AppData\Local\Geckofx
2016-03-14 22:21 - 2016-03-14 22:21 - 00000000 ____D C:\Users\Todos os Usuários\VideoPlugin-1601.0-BrowserService-Assets
2016-03-14 22:21 - 2016-03-14 22:21 - 00000000 ____D C:\Users\Avell\AppData\Roaming\ssn
2016-03-14 22:21 - 2016-03-14 22:21 - 00000000 ____D C:\ProgramData\VideoPlugin-1601.0-BrowserService-Assets
2016-03-14 22:20 - 2016-03-14 22:21 - 00000000 ____D C:\Users\Todos os Usuários\VideoPlugin
2016-03-14 22:20 - 2016-03-14 22:21 - 00000000 ____D C:\ProgramData\VideoPlugin
2016-03-14 22:20 - 2016-03-14 22:21 - 00000000 ____D C:\Program Files\VideoPlugin
2016-03-14 21:56 - 2016-03-14 22:00 - 00000000 ____D C:\Users\Avell\Downloads\Project Zomboid (Patch 2.1.0.3) (GOG)
2016-03-14 18:21 - 2016-03-14 18:21 - 00001791 _____ C:\Users\Avell\Desktop\Project Zomboid.lnk
2016-03-14 15:59 - 2016-03-14 18:21 - 00001791 _____ C:\Users\UpdatusUser\Desktop\Project Zomboid Build 33.20.lnk
2016-03-13 18:58 - 2016-03-14 18:19 - 00000000 ____D C:\Games
2016-03-13 10:59 - 2016-03-13 11:05 - 00000000 ____D C:\Users\Avell\Desktop\Deadpool 2016 720p HD-TS x264 AAC-CPG
2016-03-12 23:18 - 2016-03-11 14:25 - 00116485 ____R C:\Users\Avell\Desktop\Mesmo.Se.Nada.Der.Certo.2014.1080p.Dual-WOLVERDONFILMES.COM.srt
2016-03-12 23:15 - 2016-03-11 15:08 - 2108490346 ____R C:\Users\Avell\Desktop\Mesmo.Se.Nada.Der.Certo.2014.1080p.Dual-WOLVERDONFILMES.COM.mkv
2016-03-11 15:24 - 2016-03-11 15:24 - 00000000 ____D C:\Users\Avell\AppData\Roaming\7DaysToDie
2016-03-08 20:47 - 2016-03-09 16:00 - 00000000 ____D C:\Users\Avell\Documents\Zafehouse Diaries
2016-03-08 20:43 - 2016-03-08 20:44 - 00000000 ____D C:\Program Files (x86)\Zafehouse Diaries
2016-03-08 20:43 - 2016-03-08 20:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zafehouse Diaries
2016-03-07 17:37 - 2016-03-07 17:37 - 00000000 ____D C:\Users\Avell\AppData\Roaming\com.sarahnorthway.rebuild3
2016-03-07 17:33 - 2016-03-15 22:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2016-03-07 16:48 - 2016-03-14 22:16 - 00000000 ____D C:\GOG Games
2016-03-06 05:24 - 2016-03-06 05:24 - 00000000 ____D C:\Users\Avell\AppData\Local\Introversion
2016-03-06 03:19 - 2016-03-06 03:48 - 00000000 ____D C:\Program Files (x86)\GOG.com
2016-03-06 00:37 - 2016-03-06 00:37 - 00000000 ____D C:\Program Files (x86)\Firaxis Games
2016-03-01 14:47 - 2016-03-01 14:47 - 04785980 _____ C:\Users\Avell\Desktop\20160301094819.mp4
2016-02-29 17:26 - 2016-02-29 17:28 - 00000000 ____D C:\Users\Avell\AppData\Local\Hero_Siege
2016-02-28 06:31 - 2016-02-28 06:31 - 00000000 ____D C:\Users\Avell\Documents\Klei
2016-02-27 17:29 - 2016-03-14 20:29 - 00000000 ____D C:\Users\Avell\Desktop\Songs
2016-02-26 21:00 - 2016-02-26 21:00 - 00000000 ____D C:\Users\Avell\Documents\System Files
2016-02-25 14:21 - 2016-02-25 14:21 - 00071575 _____ C:\Users\Avell\Desktop\legendas_tv_20160225124327000000.rar
2016-02-25 00:36 - 2016-02-25 01:53 - 00000000 ____D C:\Users\Avell\Desktop\Creed 2015 1080p BluRay x264 DTS-JYK
2016-02-18 19:56 - 2016-02-19 16:16 - 00000000 ____D C:\Users\Avell\AppData\Roaming\PSPDocMaker
2016-02-17 18:45 - 2016-02-17 18:45 - 00000000 ____D C:\Users\Avell\AppData\Roaming\SmartSteamEmu
2016-02-17 18:45 - 2016-02-17 18:45 - 00000000 ____D C:\Users\Avell\AppData\LocalLow\Bloober Team

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-18 14:17 - 2015-01-08 12:04 - 00000000 ____D C:\FRST
2016-03-18 14:17 - 2013-08-19 02:58 - 00000000 ___RD C:\Users\Avell\Desktop\Aulas e Etc
2016-03-18 13:50 - 2013-03-15 13:45 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2315785857-4177499487-4149518941-1000UA.job
2016-03-18 13:50 - 2013-03-15 13:45 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2315785857-4177499487-4149518941-1000Core.job
2016-03-18 13:49 - 2015-01-13 19:54 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-18 13:31 - 2013-05-30 14:11 - 09923584 ___SH C:\Users\Avell\Desktop\Thumbs.db
2016-03-18 13:28 - 2016-02-11 19:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-18 10:21 - 2015-08-18 14:49 - 00000000 ____D C:\Users\Todos os Usuários\BlueStacksSetup
2016-03-18 10:21 - 2015-08-18 14:49 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-03-18 10:09 - 2012-01-09 18:01 - 00000024 _____ C:\Users\Todos os Usuários\BTOptm.ini
2016-03-18 10:09 - 2012-01-09 18:01 - 00000024 _____ C:\ProgramData\BTOptm.ini
2016-03-18 08:17 - 2012-08-02 03:09 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{735F6201-B70F-4D5B-AA89-EDA8CDA60315}
2016-03-18 01:49 - 2015-01-13 19:54 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-17 22:51 - 2016-02-16 16:21 - 00000000 ____D C:\Users\Avell\Desktop\MDD.By.ColdFire_DownloadsMusicas.com
2016-03-17 18:34 - 2013-03-02 19:58 - 00000000 ____D C:\Users\Avell\AppData\Roaming\uTorrent
2016-03-17 18:34 - 2013-03-02 19:00 - 00000000 ____D C:\Users\Avell\AppData\Roaming\TS3Client
2016-03-17 18:34 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2016-03-17 15:30 - 2013-03-05 21:32 - 15458164 _____ C:\IFRToolLog.txt
2016-03-17 15:25 - 2012-08-02 03:19 - 00000832 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2016-03-17 10:24 - 2009-07-14 01:45 - 00030864 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-17 10:24 - 2009-07-14 01:45 - 00030864 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-17 10:17 - 2013-03-15 21:19 - 00000430 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2016-03-17 10:17 - 2012-08-02 03:19 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2016-03-17 10:16 - 2012-08-01 16:38 - 00000000 ____D C:\Users\Todos os Usuários\NVIDIA
2016-03-17 10:16 - 2012-08-01 16:38 - 00000000 ____D C:\ProgramData\NVIDIA
2016-03-17 10:16 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-15 22:26 - 2009-07-14 02:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-03-15 17:20 - 2012-08-01 16:40 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-15 17:20 - 2012-08-01 16:40 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-15 14:05 - 2013-03-02 19:00 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2016-03-15 11:22 - 2014-04-14 17:06 - 00000000 ___RD C:\Users\Avell\Desktop\Seriados - Filmes Shows - Animes
2016-03-14 22:30 - 2012-08-02 03:07 - 00000000 ____D C:\Users\Avell
2016-03-14 20:32 - 2013-03-02 17:34 - 00000000 ____D C:\Program Files (x86)\Steam
2016-03-14 19:52 - 2015-01-13 19:55 - 00002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-14 14:45 - 2011-04-12 10:40 - 00706008 _____ C:\Windows\system32\prfh0416.dat
2016-03-14 14:45 - 2011-04-12 10:40 - 00147848 _____ C:\Windows\system32\prfc0416.dat
2016-03-14 14:45 - 2009-07-14 02:13 - 01635826 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-13 19:03 - 2013-10-09 19:55 - 00000000 ____D C:\Users\Avell\AppData\Roaming\vlc
2016-03-13 17:29 - 2013-11-02 21:48 - 00156704 ____H C:\Windows\SysWOW64\mlfcache.dat
2016-03-13 05:54 - 2013-03-03 23:22 - 00000000 ____D C:\Users\Avell\AppData\Local\ElevatedDiagnostics
2016-03-12 22:36 - 2015-01-14 00:13 - 00000000 ____D C:\Users\Avell\AppData\Local\CrashDumps
2016-03-09 15:03 - 2013-03-09 15:11 - 00000000 ____D C:\PS2
2016-03-08 18:32 - 2013-11-19 14:48 - 00000000 ___RD C:\Users\Avell\Desktop\Musicas
2016-03-08 18:01 - 2015-07-01 17:24 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-06 17:12 - 2013-11-18 11:16 - 00000000 ____D C:\Users\Avell\AppData\Roaming\DAEMON Tools Lite
2016-03-06 03:32 - 2013-03-01 11:00 - 00000000 ____D C:\Users\Avell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-03-06 02:37 - 2013-03-01 10:41 - 00000000 ____D C:\Users\Avell\Documents\My Games
2016-03-06 02:37 - 2012-08-02 03:16 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-02-27 23:48 - 2015-01-14 00:13 - 00000000 ____D C:\Program Files (x86)\sXe Injected
2016-02-27 19:09 - 2013-03-15 17:50 - 00000000 ____D C:\Users\Avell\AppData\Roaming\Skype
2016-02-26 19:46 - 2013-07-28 14:32 - 00000000 ___RD C:\Users\Avell\Desktop\PlayListGame

==================== Files in the root of some directories =======

2015-06-13 00:36 - 2015-06-13 00:38 - 1762689113 _____ () C:\Program Files\Coisas.rar
2013-03-15 23:09 - 2013-03-29 00:04 - 0045270 _____ () C:\Users\Avell\AppData\Roaming\room_v3.dat
2015-10-11 10:29 - 2015-10-11 10:29 - 0007602 _____ () C:\Users\Avell\AppData\Local\Resmon.ResmonCfg
2012-01-09 18:01 - 2016-03-18 10:09 - 0000024 _____ () C:\ProgramData\BTOptm.ini
2015-10-21 23:10 - 2015-10-21 23:10 - 0000016 _____ () C:\ProgramData\mntemp

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-10 11:03

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Avell (2016-03-18 14:18:09)
Running from C:\Users\Avell\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2012-08-02 06:07:43)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-2315785857-4177499487-4149518941-500 - Administrator - Disabled)
Avell (S-1-5-21-2315785857-4177499487-4149518941-1000 - Administrator - Enabled) => C:\Users\Avell
Convidado (S-1-5-21-2315785857-4177499487-4149518941-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2315785857-4177499487-4149518941-1003 - Limited - Enabled)
UpdatusUser (S-1-5-21-2315785857-4177499487-4149518941-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2315785857-4177499487-4149518941-1000\...\uTorrent) (Version: 3.4.5.41865 - BitTorrent Inc.)
Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.241 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Alan Wake (HKLM-x32\...\Steam App 108710) (Version: - Remedy Entertainment)
Alcor Micro Smart Card Reader Driver (HKLM-x32\...\SZCCID) (Version: 1.7.21.0 - Alcor Micro Corp.)
Alcor Micro Smart Card Reader Driver (x32 Version: 1.7.21.0 - Alcor Micro Corp.) Hidden
Atualizações da NVIDIA 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
aTube Catcher (HKLM-x32\...\aTube Catcher) (Version: 3.8.7943 - DsNET Corp)
aTube Catcher versão 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
AuthenTec WinBio FingerPrint Software (HKLM\...\{4BDCF60D-EAAB-4595-B571-283F529F6AFA}) (Version: 3.2.2.1072 - AuthenTec, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)
BioExcess (HKLM-x32\...\InstallShield_{596DEDA5-FE48-4078-96E0-E449DF5D08B2}) (Version: 7.1.5.13 - Egis Technology Inc.)
BioExcess (Version: 7.1.5.13 - Egis Technology Inc.) Hidden
BioExcess (x32 Version: 7.1.5.13 - Egis Technology Inc.) Hidden
BlueStacks App Player (HKLM-x32\...\{4047E0FE-CBD8-4915-BBB1-45F6CBF417AC}) (Version: 2.0.4.5627 - BlueStack Systems, Inc.)
BTOptm (HKLM-x32\...\InstallShield_{4FFCF08D-DA25-4291-9080-AB00D58C756D}) (Version: 0.0.0.4 - ##COMPANY_NAME##)
BTOptm (x32 Version: 0.0.0.4 - ##COMPANY_NAME##) Hidden
Castle Crashers (HKLM-x32\...\Steam App 204360) (Version: - The Behemoth)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version: - Valve)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
EasyAntiCheat eSports (HKLM-x32\...\Steam App 282660) (Version: - EasyAntiCheat Ltd)
EMSC (x32 Version: 0.0.0.23C - Compal Electronics, Inc.) Hidden
ETDWare PS/2-X64 10.10.2.5_WHQL (HKLM\...\Elantech) (Version: 10.10.2.5 - ELAN Microelectronic Corp.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 3.20.1.2 - Futuremark Corporation)
Galeria de Fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Guitar Pro 6 (HKLM-x32\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version: - Arobas Music)
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java™ 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Java™ 7 Update 2 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417002FF}) (Version: 7.0.20 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
K-Lite Codec Pack 10.1.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.1.5 - )
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
ManyCam 4.1.0 (HKLM-x32\...\ManyCam) (Version: 4.1.0 - Visicom Media Inc.)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office Language Pack 2013 - Portuguese/Português (Brasil) (HKLM\...\Office15.OMUI.pt-br) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40620.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Módulo de Segurança - Banco do Brasil (HKLM-x32\...\{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1) (Version: GBBD Banco do Brasil - )
Motorola Bluetooth (HKLM\...\1DF1F719-D43A-46E8-950F-65A8D96C678A.MBT_is1) (Version: 3.0.13.307 - Motorola Solutions, Inc.)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 44.0.2 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 pt-BR)) (Version: 44.0.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Ultra Edition (HKLM-x32\...\{293C9DF5-7669-4826-BBB2-E1F182D71046}) (Version: 7.02.8631 - Nero AG)
NVIDIA Driver de áudio HD 1.3.17.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.17.0 - NVIDIA Corporation)
NVIDIA Driver de gráficos 304.79 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 304.79 - NVIDIA Corporation)
NVIDIA Driver do 3D Vision 304.79 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 304.79 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft .NET Framework 4.5 - Português (Brasil) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1046) (Version: 4.5.50709 - Microsoft Corporation)
Painel de controle da NVIDIA 304.79 (Version: 304.79 - NVIDIA Corporation) Hidden
Panda USB Vaccine 1.0.1.4 (HKLM-x32\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version: - Panda Security)
PDF Rider 0.6.1 (HKLM-x32\...\{6DF94034-2D3C-4D67-ABE7-1C728399B963}_is1) (Version: - Francesco Tonucci)
Power USB (HKLM-x32\...\InstallShield_{CE1BE487-1BDC-4AC1-B6EF-85BF0E0DC9FF}) (Version: 0.0.0.1 - )
Power USB (x32 Version: 0.0.0.1 - ) Hidden
Project Zomboid (HKLM-x32\...\1453298883_is1) (Version: 2.0.0.2 - GOG.com)
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
PSP ISO Compressor (HKLM-x32\...\{D47087E7-AA15-4D1D-8C0A-60F7E446D597}) (Version: 1.4.0 - danny_kay1710)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.28188 - Nome de sua empresa:)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6505 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7601.39025 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.0180 - REALTEK Semiconductor Corp.)
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
save serp now (HKU\S-1-5-21-2315785857-4177499487-4149518941-1000\...\ssn) (Version: 1.22 - save serp now Corp) <==== ATTENTION
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0100-0416-1000-0000000FF1CE}_Office15.OMUI.pt-br_{8ECA38FB-BA64-4DF3-A770-936F18495B2C}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.109 - Skype Technologies S.A.)
Smite (HKLM-x32\...\{323362B5-F82D-4340-91B3-302AF8B9100F}_is1) (Version: 1.1.24.049 - Level Up)
Speccy (HKLM\...\Speccy) (Version: 1.24 - Piriform)
Spotify (HKU\S-1-5-21-2315785857-4177499487-4149518941-1000\...\Spotify) (Version: 1.0.14.124.g4dfabc51 - Spotify AB)
SRS Premium Sound Control Panel (HKLM\...\{75A43A49-A6A1-4FCB-A41E-02D76E166691}) (Version: 1.12.1200 - SRS Labs, Inc.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SteelSeries Engine (HKLM\...\SteelSeries Engine) (Version: 2.9.2014.1 - SteelSeries)
sXe Injected (HKLM-x32\...\sXe Injected) (Version: 15.6.0.0 - Alejandro Cortés)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
The Sims 4 (HKLM-x32\...\{B78DD3A6-BF20-431D-89D2-CEA355BE7772}) (Version: 1.0.797.20 - Electronic Arts)
The Sims 4 Get Together Addon Pack (HKLM-x32\...\VGhlU2ltczQ=_is1) (Version: 1 - )
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
The Sims™ 3 Ambições (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
The Sims™ 3 Volta ao Mundo (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.13.104.1010 - Electronic Arts Inc.)
TweetDeck (HKLM-x32\...\{C4ADB67B-C908-4D94-B85E-585D2F3F9118}) (Version: 3.3.7 - Twitter)
Video Plugin (HKLM\...\VideoPlugin) (Version: 1601.0 - VideoPlugin Services)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 4.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wireless enable/disable (HKLM-x32\...\InstallShield_{2ED24418-A58C-45C5-B93E-A9EF60B85D89}) (Version: 0.0.0.13C - )
WSED (x32 Version: 0.0.0.13C - ) Hidden
Zafehouse: Diaries version 1.1.2 (HKLM-x32\...\{3DDB6987-B1D5-4500-BC0E-97AB81075486}_is1) (Version: 1.1.2 - Screwfly Studios)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2315785857-4177499487-4149518941-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0007}\InprocServer32 -> C:\Users\Avell\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-2315785857-4177499487-4149518941-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0007}\InprocServer32 -> C:\Users\Avell\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-2315785857-4177499487-4149518941-1000_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\crypt32.dll => No File <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {106A23D7-0764-4719-8564-9ADED59C0ACB} - System32\Tasks\{B455438D-DC43-495C-8F04-AF117C6F20FE} => pcalua.exe -a "C:\Users\Avell\Desktop\AP Guitar Tuner Afinador de Violão e Guitarra\apguitargsetup.exe" -d "C:\Users\Avell\Desktop\AP Guitar Tuner Afinador de Violão e Guitarra"
Task: {1317D7F9-82C0-4388-AE59-EA18CC82E412} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {200F5D88-24A2-4FFA-A724-6808F2111EEC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {2670ECE0-FE65-46DC-94AA-1FCA8B45FAA3} - System32\Tasks\elbyExecuteWithUAC => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ExecuteWithUAC.exe
Task: {2C544927-00E9-4BE7-8309-5FC10F57B4C7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {49FDAED5-EA22-437E-880D-6205F72CE0C2} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {599872CE-39B4-467D-9EC1-376BB59EC9B5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {5B12EDFA-F04A-4C12-8ABF-BB01C0FE41C8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {6C018D85-2E4D-4849-B5E3-6048C5653D0A} - System32\Tasks\{7908B657-1DB3-425F-9F79-4FEA386DEDF5} => pcalua.exe -a "C:\Program Files (x86)\LeveUp! Games\RagnarokOnline\Setup.exe" -d "C:\Program Files (x86)\LeveUp! Games\RagnarokOnline"
Task: {6D15C270-4A80-412B-85FA-9989A42712D1} - System32\Tasks\{9D67971A-74D4-4D1F-AA63-2268541D587A} => pcalua.exe -a C:\Users\Avell\Desktop\tibia860.exe -d C:\Users\Avell\Desktop
Task: {7F924602-2116-4A3F-8E14-C31A6ACA520F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2315785857-4177499487-4149518941-1000UA => C:\Users\Avell\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-15] (Facebook Inc.)
Task: {9093DF74-EF3F-4690-9697-D67094F16225} - System32\Tasks\SRS Premium Sound => C:\Program Files\SRS Labs\SRS Control Panel\srspanel_64.exe [2012-03-09] (SRS Labs, Inc.)
Task: {94E5D605-5398-4958-9231-F9F22E6AB2DA} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {B97A1E6C-1E06-427E-854E-3F622B94DC7D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {D2921BB5-321D-458E-86BD-690CE5F05E76} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {DA529AFB-FF00-4AD3-AAA1-A605D4F211BE} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2315785857-4177499487-4149518941-1000Core => C:\Users\Avell\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-15] (Facebook Inc.)
Task: {DC95C8CE-E640-4BDC-AECE-4F794B8ACA78} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe [2009-09-23] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2315785857-4177499487-4149518941-1000Core.job => C:\Users\Avell\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2315785857-4177499487-4149518941-1000UA.job => C:\Users\Avell\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2012-08-01 16:53 - 2012-06-28 20:55 - 00087400 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-08-02 03:18 - 2012-02-21 12:29 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2014-06-16 02:36 - 2014-06-16 02:41 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-11-04 21:11 - 2015-11-04 21:12 - 00188072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2009-01-21 16:45 - 2009-01-21 16:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec BioExcess\x64\LIBEAY32.dll
2014-10-09 16:44 - 2014-10-09 16:44 - 00504832 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SSEngineLib.dll
2014-10-09 16:44 - 2014-10-09 16:44 - 09315328 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SSEngineWinGui.dll
2014-10-09 16:44 - 2014-10-09 16:44 - 00015872 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\Localization.dll
2014-10-09 16:43 - 2014-10-09 16:43 - 00011264 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\ISSPlugin.dll
2014-10-09 16:44 - 2014-10-09 16:44 - 00011264 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\Utilities.dll
2014-10-09 16:44 - 2014-10-09 16:44 - 00115200 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DriverCommunication.dll
2014-10-08 12:30 - 2014-10-08 12:30 - 00047616 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesDrivers\x2api.dll
2014-10-09 16:44 - 2014-10-09 16:44 - 00034304 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DBUtils.dll
2014-10-08 12:30 - 2014-10-08 12:30 - 01102336 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\System.Data.SQLite.dll
2014-10-09 16:44 - 2014-10-09 16:44 - 00189440 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\MousePlugin.dll
2014-10-09 16:44 - 2014-10-09 16:44 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\D3MousePlugin.dll
2014-10-09 16:44 - 2014-10-09 16:44 - 00031744 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\KKMousePlugin.dll
2014-10-09 16:44 - 2014-10-09 16:44 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SRawPlugin.dll
2014-10-09 16:44 - 2014-10-09 16:44 - 00159744 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\MLGSenseiPlugin.dll
2014-10-09 16:44 - 2014-10-09 16:44 - 00020992 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoWGoldPlugin.dll
2014-10-09 16:44 - 2014-10-09 16:44 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\GW2MousePlugin.dll
2014-10-09 16:44 - 2014-10-09 16:44 - 00029696 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\CSGOMousePlugin.dll
2014-10-09 16:44 - 2014-10-09 16:44 - 00030208 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DOTA2MousePlugin.dll
2014-10-09 16:44 - 2014-10-09 16:44 - 00023040 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoWWirelessPlugin.dll
2014-10-09 16:44 - 2014-10-09 16:44 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\CODMousePlugin.dll
2014-10-09 16:44 - 2014-10-09 16:44 - 00030208 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoTMousePlugin.dll
2014-12-08 10:54 - 2014-12-08 10:54 - 01294336 _____ () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
2016-03-09 23:25 - 2016-03-09 23:25 - 02330112 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.1.12\deploy\LoLLauncher.exe
2016-03-09 23:26 - 2016-03-09 23:26 - 04232192 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.52\deploy\LoLPatcher.exe
2016-03-14 22:21 - 2016-03-14 22:21 - 00104968 _____ () C:\Program Files\VideoPlugin\FilterService\VideoPlugin.FilterService.exe
2014-03-07 11:59 - 2014-03-07 11:59 - 00074752 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.188\deploy\LolClient.exe
2014-12-12 19:25 - 2014-12-12 19:25 - 00050688 _____ () C:\Program Files (x86)\CCleaner\lang\lang-1046.dll
2010-04-07 14:19 - 2010-04-07 14:19 - 00935936 _____ () C:\Windows\system32\EMSC.dll
2016-03-09 23:26 - 2016-03-09 23:26 - 01430016 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.52\deploy\RiotLauncher.dll
2015-01-13 20:36 - 2015-01-13 20:36 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1eeea3ab8d69ec722bdcb28b8eb8dd75\IsdiInterop.ni.dll
2012-08-02 03:19 - 2012-02-01 16:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-08-02 03:18 - 2012-02-21 12:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2015-10-09 09:09 - 2015-10-09 09:09 - 04885152 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.188\deploy\Adobe AIR\Versions\1.0\Resources\WebKit.dll
2013-12-17 12:41 - 2013-11-14 15:00 - 01235456 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\avformat-lav-55.dll
2013-12-17 12:41 - 2013-11-14 15:00 - 08113152 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\avcodec-lav-55.dll
2013-12-17 12:41 - 2013-11-14 15:00 - 00358912 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\avutil-lav-52.dll
2013-12-17 12:41 - 2013-11-14 15:00 - 00235008 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\libbluray.dll
2013-12-17 12:41 - 2013-11-14 15:00 - 03502592 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow\ffdshow.ax
2013-12-17 12:41 - 2013-11-14 15:00 - 00385024 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\swscale-lav-2.dll
2013-12-17 12:41 - 2013-11-14 15:00 - 00212480 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\avfilter-lav-3.dll
2013-12-17 12:41 - 2013-11-14 15:00 - 00120832 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\avresample-lav-1.dll
2016-03-15 17:20 - 2016-03-15 17:20 - 19397824 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2315785857-4177499487-4149518941-1000\...\bancobrasil.com.br -> www.bancobrasil.com.br
IE trusted site: HKU\S-1-5-21-2315785857-4177499487-4149518941-1000\...\bb.com.br -> hxxps://seg.bb.com.br

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 23:34 - 2015-10-23 09:10 - 00000517 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
255.255.255.255 easyanticheat.se # misleading site
255.255.255.255 www.easyanticheat.se # misleading site
255.255.255.255 easyanticheat.com # misleading site
255.255.255.255 www.easyanticheat.com # misleading site
255.255.255.255 easyanticheat.info # misleading site
255.255.255.255 www.easyanticheat.info # misleading site
255.255.255.255 easyanticheat.org # misleading site
255.255.255.255 www.easyanticheat.org # misleading site

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2315785857-4177499487-4149518941-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Avell\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Avell^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Curse.lnk => C:\Windows\pss\Curse.lnk.Startup
MSCONFIG\startupreg: ATDworks => C:\Users\Avell\AppData\Local\ATDworks\TMPAFA3.exe
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: BTMTrayAgent => rundll32.exe "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files (x86)\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Razer Synapse => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
MSCONFIG\startupreg: Spotify => "C:\Users\Avell\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Avell\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: VitaKeyTSR => C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe /run

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{179181BF-8E57-446F-81DD-2B3F93FDCAC7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{FBFCE90A-6325-49E4-B199-40389CD6E683}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [TCP Query User{D3C8F18E-58B9-4380-AF48-E3D32FC4CEEE}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe
FirewallRules: [UDP Query User{7F1E1292-083F-4B0F-9BD9-1932041828C0}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe
FirewallRules: [{BCCA28F0-83BB-4BD3-8C44-F90C47170FF6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5498022E-F32C-4018-9861-FCBEB6008F0B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3C9E4BDD-577C-4A42-B933-0BE58B52BB4A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{8A5842BB-09F1-4FA8-81DD-4323B6824218}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{27AA37C7-8CB4-48FD-9605-4DB9EB942470}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{0D904264-A8C0-4D94-82F3-411D0458AE9E}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{5423F152-EE71-41A9-AF80-7E562905C3DB}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{78C47B2A-F09B-47AC-8FA6-552C04CA47A2}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{FB08126A-801A-4DC6-AC6F-01FF6C9E39BC}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{4CC0C1AA-8FF3-4145-B5EC-C9AF36CDDBA8}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{8A79353F-5648-4A62-A012-1994129A6A9C}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{8EB3902C-2988-497A-ABA4-B3B45B346823}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{53C4BF3E-6ADF-4608-9ABA-60405DA78D57}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{EDAAB914-55AC-4B45-907D-3CF11C0EBB79}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{526AB7EE-0226-45D6-8145-C2CBB38187FB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{F62CBA39-F918-4AA9-902F-DFBA45DAB2CE}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{0753DACE-3E21-446E-A9BD-4B3E8C045697}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{777F3147-D27A-4A55-8681-CABA13BFEBC3}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{FEB3F3FE-62FF-4CC8-9E40-37EA114438BF}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{0E381471-5435-42C4-AA97-D76B9811BD48}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{B4D625D9-4127-4A6C-92F5-02E8075FB0B5}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{BC050B29-E878-47A6-8DD2-FC1B68882239}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{F2E8C426-154B-4099-B2D1-EAFB4A12F13A}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{712D5DAE-CD38-499B-8141-A9FBCD8B6515}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{00C5DDC0-6D33-4E1C-ACBE-CBCDD5C8617A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5CA8908F-DA4C-4547-A453-4002892EE865}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exe
FirewallRules: [{402D6ACC-BC20-4FA6-8EBA-5A07D3C97FEB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exe
FirewallRules: [{4C135FFC-F64D-41E1-83C5-DD2083A3F1D6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{D7150894-C934-4305-A407-BD8AE8FEFEFC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{062897BE-9225-417F-AF7A-B60CB6A45BBA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{6BADAED3-0DCE-4984-8E78-361C1B4B1371}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{37777BD2-7CED-48ED-943A-029769FFF6C5}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{224B41FC-BDE6-47A6-901E-853D89B66D30}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{E7F6D59C-4246-4396-95F3-7889BE45DA27}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{68FB12CF-F639-4105-9253-3AA5F3E37760}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{0AD62149-625B-4813-9210-6398265AFCD3}] => (Allow) C:\Program Files (x86)\ManyCam\ManyCam.exe
FirewallRules: [{D3B400E0-5636-4CEC-AD70-C9CCB3D0CBF6}] => (Allow) C:\Program Files (x86)\ManyCam\ManyCam.exe
FirewallRules: [{BD02611A-0482-4910-8D05-62811540D576}] => (Allow) C:\Program Files (x86)\ManyCam\ToolbarCleaner.exe
FirewallRules: [{63A9B308-0489-4529-98ED-A17F49B6F9AE}] => (Allow) C:\Program Files (x86)\ManyCam\ToolbarCleaner.exe
FirewallRules: [{239FFCE1-E7C6-447B-B697-DC60BBC63B34}] => (Allow) C:\ProgramData\EmailNotifier\EmailNotifier.exe
FirewallRules: [{4061D8A8-367D-4E02-85AF-789902E8844C}] => (Allow) C:\ProgramData\EmailNotifier\EmailNotifier.exe
FirewallRules: [{A0F85024-2D1A-4947-8F8C-0A6D540AFD9F}] => (Allow) C:\Users\Avell\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{9049E1AA-4D18-4A93-87C0-9284BFA06CDE}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{D2260471-DFC3-4D5B-9258-8FFFD7DB3AEC}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{AE42CC27-4EA7-40A7-9F4E-D21F53ED3B47}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{1083D1D2-62FC-454A-BA23-B6DAC587FF35}] => (Allow) LPort=2869
FirewallRules: [{BDB63152-172F-47DB-95B6-772734CFE774}] => (Allow) LPort=1900
FirewallRules: [{EA5BF7B0-85FA-492E-A114-D1E5A7DD3D91}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{3407AEBD-1E7F-4CE5-90B3-73A09FB747EF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{59984E9D-EF83-4815-995A-6C0FA87CC2DD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [TCP Query User{13DF353E-DC80-4BA2-A8D3-D87A9DB0708F}C:\level up\smite\binaries\win32\smite.exe] => (Allow) C:\level up\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{824EF103-19F6-4CAD-9B0E-FA6F1291B709}C:\level up\smite\binaries\win32\smite.exe] => (Allow) C:\level up\smite\binaries\win32\smite.exe
FirewallRules: [{7030DB39-B581-424C-B84B-77BECEE3EC9F}] => (Allow) C:\Program Files (x86)\Mozilla Firefoxe\firefox.exe
FirewallRules: [{27ED4979-BE54-4F57-BA66-2F2AA8EC53F2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{344EF4A3-01AE-4E95-84D2-D6118639A943}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{20B952B0-7276-403D-BD1D-4B709250FF6C}] => (Allow) C:\Users\Avell\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E9801FC9-1ED5-428F-AE0B-9597DE7A3BFD}] => (Allow) C:\Users\Avell\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{4606CE42-D7C4-4597-92BD-3D1A26BA2AE3}C:\users\avell\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\avell\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{277A5880-54C0-4E4E-ABD5-D62A941D51FB}C:\users\avell\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\avell\appdata\roaming\spotify\spotify.exe
FirewallRules: [{D6254A26-AF94-4854-AA66-534874533D48}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{D9CBD0C3-16D9-470F-AE73-1D27C9C66857}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{BC39DA89-C66F-45BC-9A3A-4C04C28770CC}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{69EFB708-370D-492D-BA17-40EF3DCACEC2}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{9C875C4D-B3ED-43ED-923B-91ECC0D49C87}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{41289262-F828-4BB7-9C50-1E9FC7E698C1}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [TCP Query User{CD91C578-BAD5-48E7-9701-ECE864C14C77}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Allow) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [UDP Query User{602A0027-CBB0-4033-9BFB-DAEC8E6E156E}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Allow) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [TCP Query User{8B7DE290-F8A3-47B8-8AEB-D455A4E53245}C:\users\avell\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\avell\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{D5D02AF6-9C9D-46D5-A687-90AB3F9FC02B}C:\users\avell\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\avell\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{B4A8A3EC-B9F2-4B07-A0C9-F84F29F67E23}C:\level up\smite\174bdb70-9837-4640-9737-533b276c21c3\c4671e0070fc31ea2c40e9a15d0dbdb4\aria2c.exe] => (Block) C:\level up\smite\174bdb70-9837-4640-9737-533b276c21c3\c4671e0070fc31ea2c40e9a15d0dbdb4\aria2c.exe
FirewallRules: [UDP Query User{84078A2F-124B-442F-B4F1-36D9115C3BFB}C:\level up\smite\174bdb70-9837-4640-9737-533b276c21c3\c4671e0070fc31ea2c40e9a15d0dbdb4\aria2c.exe] => (Block) C:\level up\smite\174bdb70-9837-4640-9737-533b276c21c3\c4671e0070fc31ea2c40e9a15d0dbdb4\aria2c.exe
FirewallRules: [TCP Query User{54A97D25-BA33-494E-A8FA-98F0DBA45C07}C:\program files (x86)\popcorn time\popcorntimedesktop.exe] => (Allow) C:\program files (x86)\popcorn time\popcorntimedesktop.exe
FirewallRules: [UDP Query User{1BEB8B95-DC07-4221-BB22-FA0FA14D41DD}C:\program files (x86)\popcorn time\popcorntimedesktop.exe] => (Allow) C:\program files (x86)\popcorn time\popcorntimedesktop.exe
FirewallRules: [TCP Query User{36F77811-A0B8-47D9-898A-1680E8B70CA1}C:\windows\syswow64\svchost.exe] => (Allow) C:\windows\syswow64\svchost.exe
FirewallRules: [UDP Query User{C934EED3-6A0A-46BE-BBCF-DC752E2BA568}C:\windows\syswow64\svchost.exe] => (Allow) C:\windows\syswow64\svchost.exe
FirewallRules: [{2D5CCB01-9934-4162-B39A-6163209C9D4D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Alan Wake\AlanWake.exe
FirewallRules: [{2F647763-B9D1-48FA-9BDE-EFB9F30FD56C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Alan Wake\AlanWake.exe
FirewallRules: [{F08C59A5-8B93-4D95-81A4-74AA231A705C}] => (Block) %ProgramFiles% (x86)\Electronic Arts\The Sims 3\Game\Bin\TS3W.exe
FirewallRules: [{2D6BA728-017C-40D4-8351-E6EA83EADFA2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\EasyAntiCheat\EasyAntiCheat.exe
FirewallRules: [{A5ED3FF0-03CF-4560-927E-B99C7EBB6E50}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\EasyAntiCheat\EasyAntiCheat.exe
FirewallRules: [TCP Query User{34A43564-39AA-4A4A-BC04-6088355409FE}C:\program files (x86)\the park\atlanticislandpark\binaries\win64\thepark.exe] => (Block) C:\program files (x86)\the park\atlanticislandpark\binaries\win64\thepark.exe
FirewallRules: [UDP Query User{E36DD126-73AC-4F77-BC36-0AD8CD8A474C}C:\program files (x86)\the park\atlanticislandpark\binaries\win64\thepark.exe] => (Block) C:\program files (x86)\the park\atlanticislandpark\binaries\win64\thepark.exe
FirewallRules: [{BA5ABE0D-24FE-414D-9F7D-C3EA07CC31BB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AADA72B3-E148-454B-A5FE-B54AADB552B0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B577D3D6-E498-4141-B999-D31A77A314F7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\CastleCrashers\castle.exe
FirewallRules: [{6C3FFBF9-5866-446C-AD62-5187C9994998}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\CastleCrashers\castle.exe
FirewallRules: [{C0A97E0B-EE06-4E67-8EC1-3B19B7A029ED}] => (Allow) C:\Program Files (x86)\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{61041DE2-4A6B-429D-B947-B775FD806D15}] => (Allow) C:\Program Files (x86)\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{3046EC14-E7EF-4A3F-A4BF-FB4FDE03CAA3}] => (Allow) C:\Program Files (x86)\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [{556506D3-CB1A-4087-966A-352A159D0CBA}] => (Allow) C:\Program Files (x86)\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [TCP Query User{75EBD129-B333-4C15-83FF-90627D8FC753}C:\program files (x86)\kodi\kodi.exe] => (Block) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{EE64A80E-4667-4CA1-8E4E-9CE661D1C8AB}C:\program files (x86)\kodi\kodi.exe] => (Block) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{99535CC4-AD8C-4418-9B8A-9062E7C02149}C:\games\layers of fear\layers of fear.exe] => (Block) C:\games\layers of fear\layers of fear.exe
FirewallRules: [UDP Query User{552656F0-80D0-4BA4-BE9B-92FCAF475145}C:\games\layers of fear\layers of fear.exe] => (Block) C:\games\layers of fear\layers of fear.exe
FirewallRules: [{D61F506E-65EB-4296-B140-CF39042F7CA6}] => (Allow) C:\Program Files (x86)\GOG.com\Unreal Tournament 2004\System\UT2004.exe
FirewallRules: [{BF3B7DD1-0AF5-4A1C-A76F-550547DA84C1}] => (Allow) C:\Program Files (x86)\GOG.com\Unreal Tournament 2004\System\UT2004.exe
FirewallRules: [TCP Query User{5F00F935-2EDF-4AEF-8092-B66AF8844200}C:\ps2\roms\7 days to die\7daystodie.exe] => (Block) C:\ps2\roms\7 days to die\7daystodie.exe
FirewallRules: [UDP Query User{116556FD-8981-4BD9-904D-97D3FD7A0E77}C:\ps2\roms\7 days to die\7daystodie.exe] => (Block) C:\ps2\roms\7 days to die\7daystodie.exe
FirewallRules: [TCP Query User{64DAF47F-DDAC-4E25-894C-97DF7F6AB36E}C:\ps2\roms\7daystodie.exe] => (Block) C:\ps2\roms\7daystodie.exe
FirewallRules: [UDP Query User{E40BF667-9D83-4FCC-82A5-FFEB3E424533}C:\ps2\roms\7daystodie.exe] => (Block) C:\ps2\roms\7daystodie.exe
FirewallRules: [TCP Query User{19DF0237-00C6-44E0-93C9-A139FFF4A581}C:\gog games\project zomboid\jre64\bin\java.exe] => (Block) C:\gog games\project zomboid\jre64\bin\java.exe
FirewallRules: [UDP Query User{E3EBF1C2-45BB-4844-9E51-5D4D3E18086B}C:\gog games\project zomboid\jre64\bin\java.exe] => (Block) C:\gog games\project zomboid\jre64\bin\java.exe
FirewallRules: [{91120418-6F54-4890-B05D-AB69E0B8D211}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{A8DF5C52-63C7-49FB-A545-40C485B81F81}] => (Allow) 㩃啜敳獲䅜敶汬䅜灰慄慴剜慯業杮獜湳獜湳攮數
FirewallRules: [{C65629F5-5A2F-4234-98CA-DE2C85A2EC4C}] => (Allow) C:\Program Files\VideoPlugin\FilterService\VideoPlugin.FilterServer.exe
FirewallRules: [{807E3C3D-7EE9-4D52-BE5C-8C727E363705}] => (Allow) 㩃啜敳獲䅜敶汬䅜灰慄慴剜慯業杮獜湳獜癡略⹰硥e

==================== Restore Points =========================

ATTENTION: System Restore is disabled
17-03-2016 08:36:21 Ponto de Verificação Agendado

==================== Faulty Device Manager Devices =============

Name: %TsUsbGD.DeviceDesc.Generic% (redirecionado)
Description: %TsUsbGD.DeviceDesc.Generic%
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: %StdMfg%
Service: TsUsbGD
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Bluetooth Module
Description: Bluetooth Module
Class Guid: {a173b237-6a34-4bb5-aa63-2561160fa200}
Manufacturer: Motorola Solutions, Inc.
Service: BTMUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/18/2016 11:47:20 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Falha na geração de contexto de ativação para "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Erro no arquivo de manifesto ou de diretiva "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2", na linhaC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.
Os componentes conflitantes são:.
Componente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Componente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (03/18/2016 01:09:30 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154

Error: (03/17/2016 11:37:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: O programa rads_user_kernel.exe versão 0.0.0.0 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações.

ID de Processo: e30

Hora de Início: 01d180bf28f457ce

Hora de Término: 2

Caminho do Aplicativo: C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe

Id do Relatório: 6b34e381-ecb2-11e5-a4ce-b888e3ce7454

Error: (03/17/2016 11:36:58 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: O programa rads_user_kernel.exe versão 0.0.0.0 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações.

ID de Processo: 1b68

Hora de Início: 01d1805a716343e0

Hora de Término: 2

Caminho do Aplicativo: C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe

Id do Relatório: b2e7a8c2-ec4d-11e5-a4ce-b888e3ce7454

Error: (03/17/2016 10:25:29 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: O programa rads_user_kernel.exe versão 0.0.0.0 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações.

ID de Processo: 16f4

Hora de Início: 01d18050724b4f31

Hora de Término: 2

Caminho do Aplicativo: C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe

Id do Relatório: b60d0248-ec43-11e5-a4ce-b888e3ce7454

Error: (03/17/2016 10:18:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/17/2016 08:30:48 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Falha na geração de contexto de ativação para "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Erro no arquivo de manifesto ou de diretiva "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2", na linhaC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.
Os componentes conflitantes são:.
Componente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Componente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (03/17/2016 03:10:04 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154

Error: (03/16/2016 08:41:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/16/2016 01:07:19 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154


System errors:
=============
Error: (03/14/2016 10:22:12 PM) (Source: volsnap) (EventID: 36) (User: )
Description: As cópias de sombra do volume C: foram anuladas porque o armazenamento de cópia de sombra não pôde crescer devido a um limite imposto pelo usuário.

Error: (03/12/2016 10:05:07 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (03/10/2016 07:28:01 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (03/10/2016 06:35:17 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (03/08/2016 05:59:56 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (03/08/2016 05:59:55 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (03/08/2016 12:08:55 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (03/08/2016 12:08:00 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (03/07/2016 11:48:18 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (03/02/2016 11:30:47 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0


CodeIntegrity:
===================================
Date: 2016-01-21 23:58:03.099
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvd3dumx.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-21 23:58:03.054
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvd3dumx.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-24 03:46:30.031
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvd3dumx.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-24 03:46:29.955
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvd3dumx.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-11-11 00:59:02.195
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvd3dumx.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-11-11 00:59:02.116
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvd3dumx.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-12-30 15:25:54.757
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-12-30 15:25:54.726
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-12-23 13:29:58.147
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SAlpham64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-12-23 13:29:58.120
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SAlpham64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 71%
Total physical RAM: 4066.36 MB
Available physical RAM: 1142.94 MB
Total Virtual: 8130.9 MB
Available Virtual: 3465.54 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:698.54 GB) (Free:32.54 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 63F41232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=698.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 18 March 2016 - 03:47 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,596 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:02 PM

Posted 18 March 2016 - 04:05 PM

Greetings kanon88 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Uninstalling a Program using Add/Remove Program

--------------------

I recommend the uninstalling of the below listed program(s). If you desire to keep the program I would ask that you reinstall it following our efforts here.
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

save serp now

  • Reboot your computer
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Click Format and check Word Wrap
  • Please copy and paste the contents of the below code box into the open notepad and save it to your Desktop as fixlist.txt. If FRST.exe is not on your Deskptop please move it to that location. (<<<Important)
CreateRestorePoint:
CloseProcesses:
C:\Users\Avell\AppData\Local\ATDworks
FirewallRules: [{A8DF5C52-63C7-49FB-A545-40C485B81F81}] => (Allow) 㩃啜敳獲䅜敶汬䅜灰慄慴剜慯業杮獜湳獜湳攮數
FirewallRules: [{807E3C3D-7EE9-4D52-BE5C-8C727E363705}] => (Allow) 㩃啜敳獲䅜敶汬䅜灰慄慴剜慯業杮獜湳獜癡略⹰硥e
hosts:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
CMD: ipconfig /release
CMD: ipconfig /renew
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed youi will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool

------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did save serp now uninstall?
  • Fixlog
  • AdwCleaner log
  • Junkware log
  • System Summary Information
  • Update on computer behavior

Edited by Oh My!, 18 March 2016 - 04:08 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 kanon88

kanon88
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 18 March 2016 - 04:53 PM

There was no save serp now program to be deleted at the programs list (maybe because i only tried to uninstall it after i used every program you said to use) , pop-ups still showing and sites being redirected.

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Avell (2016-03-18 18:24:59) Run:5
Running from C:\Users\Avell\Desktop
Loaded Profiles: Avell & UpdatusUser (Available Profiles: Avell & UpdatusUser)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
C:\Users\Avell\AppData\Local\ATDworks
FirewallRules: [{A8DF5C52-63C7-49FB-A545-40C485B81F81}] => (Allow) 㩃啜敳獲䅜敶汬䅜灰慄慴剜慯業杮獜湳獜湳攮數
FirewallRules: [{807E3C3D-7EE9-4D52-BE5C-8C727E363705}] => (Allow) 㩃啜敳獲䅜敶汬䅜灰慄慴剜慯業杮獜湳獜癡略⹰硥e
hosts:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
CMD: ipconfig /release
CMD: ipconfig /renew
*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.
C:\Users\Avell\AppData\Local\ATDworks => moved successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A8DF5C52-63C7-49FB-A545-40C485B81F81} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{807E3C3D-7EE9-4D52-BE5C-8C727E363705} => value removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= ipconfig /flushdns =========


Configura��o de IP do Windows

Libera��o do Cache do DNS Resolver bem-sucedida.

========= End of CMD: =========


========= netsh winsock reset =========


Cat�logo Winsock redefinido com �xito.
Reinicie o computador para concluir a redefini��o.


========= End of CMD: =========


========= ipconfig /release =========


Configura��o de IP do Windows


Adaptador de Rede sem Fio NET:

Sufixo DNS espec�fico de conex�o. . . . . . :
Endere�o IPv6 de link local . . . . . . . . : fe80::80a3:afc1:f880:6024%14
Gateway Padr�o. . . . . . . . . . . . . . . :

Adaptador Ethernet Conex�o local:

Estado da m�dia. . . . . . . . . . . . . . : m�dia desconectada
Sufixo DNS espec�fico de conex�o. . . . . . :

Adaptador de t�nel isatap.{44E81E60-6F61-4748-859D-4C9F8DF9CDE7}:

Estado da m�dia. . . . . . . . . . . . . . : m�dia desconectada
Sufixo DNS espec�fico de conex�o. . . . . . :

Adaptador de t�nel isatap.local:

Estado da m�dia. . . . . . . . . . . . . . : m�dia desconectada
Sufixo DNS espec�fico de conex�o. . . . . . :

Adaptador de t�nel Conex�o Local*:

Estado da m�dia. . . . . . . . . . . . . . : m�dia desconectada
Sufixo DNS espec�fico de conex�o. . . . . . :

========= End of CMD: =========


========= ipconfig /renew =========


Configura��o de IP do Windows

Nenhuma opera��o pode ser executada em Conex�o local enquanto a
m�dia estiver desconectada.

Adaptador de Rede sem Fio NET:

Sufixo DNS espec�fico de conex�o. . . . . . : local
Endere�o IPv6 de link local . . . . . . . . : fe80::80a3:afc1:f880:6024%14
Endere�o IPv4. . . . . . . . . . . . . . . : 192.168.1.7
M�scara de Sub-rede . . . . . . . . . . . . : 255.255.255.0
Gateway Padr�o. . . . . . . . . . . . . . . : 192.168.1.1

Adaptador Ethernet Conex�o local:

Estado da m�dia. . . . . . . . . . . . . . : m�dia desconectada
Sufixo DNS espec�fico de conex�o. . . . . . :

Adaptador de t�nel isatap.{44E81E60-6F61-4748-859D-4C9F8DF9CDE7}:

Estado da m�dia. . . . . . . . . . . . . . : m�dia desconectada
Sufixo DNS espec�fico de conex�o. . . . . . :

Adaptador de t�nel isatap.local:

Estado da m�dia. . . . . . . . . . . . . . : m�dia desconectada
Sufixo DNS espec�fico de conex�o. . . . . . : local

Adaptador de t�nel Conex�o Local*:

Estado da m�dia. . . . . . . . . . . . . . : m�dia desconectada
Sufixo DNS espec�fico de conex�o. . . . . . :

========= End of CMD: =========



The system needed a reboot.

==== End of Fixlog 18:25:11 ====
# AdwCleaner v5.102 - Logfile created 18/03/2016 at 18:34:24
# Updated 13/03/2016 by Xplode
# Database : 2016-03-18.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Avell - AVELL-PC
# Running from : C:\Users\Avell\Desktop\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[#] Folder Deleted : C:\ProgramData\mntemp
[-] Folder Deleted : C:\Users\Avell\AppData\Roaming\Easeware
[-] Folder Deleted : C:\Users\Avell\AppData\Roaming\SSN

***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A2159D33-3CE2-401B-8967-1B270628A311}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A2159D33-3CE2-401B-8967-1B270628A311}
[-] Key Deleted : HKCU\Software\Download4windows
[-] Key Deleted : HKCU\Software\ssn
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ssn
[-] Key Deleted : HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\The weDownload Manager
[-] Key Deleted : HKU\S-1-5-21-2315785857-4177499487-4149518941-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\The weDownload Manager
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{BD02611A-0482-4910-8D05-62811540D576}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{63A9B308-0489-4529-98ED-A17F49B6F9AE}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{239FFCE1-E7C6-447B-B697-DC60BBC63B34}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{4061D8A8-367D-4E02-85AF-789902E8844C}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{BC39DA89-C66F-45BC-9A3A-4C04C28770CC}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{69EFB708-370D-492D-BA17-40EF3DCACEC2}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [TCP Query User{CD91C578-BAD5-48E7-9701-ECE864C14C77}C:\program files (x86)\popcorn time\chromecast\node.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [UDP Query User{602A0027-CBB0-4033-9BFB-DAEC8E6E156E}C:\program files (x86)\popcorn time\chromecast\node.exe]

***** [ Web browsers ] *****

[-] [C:\Users\Avell\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : br.ask.com

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

*************************

C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [3162 bytes] - [18/03/2016 18:34:24]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [4187 bytes] - [18/03/2016 18:30:48]

########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [3348 bytes] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.4 (03.14.2016)
Operating System: Windows 7 Ultimate x64
Ran by Avell (Administrator) on 18/03/2016 at 18:38:16,45
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 33

Successfully deleted: C:\Users\Avell\AppData\Roaming\dg (Folder)
Successfully deleted: C:\Users\Avell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\20KZ28HB (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Avell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3V8101PG (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Avell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5XB988DM (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Avell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKQZFML2 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Avell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYCBMZBV (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Avell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FPW2RB7S (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Avell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GF601GW4 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Avell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYT7A4AH (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Avell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LEFZ5XDO (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Avell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LSCB0ODC (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Avell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O1Y132ZG (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Avell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QW5KU1V5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Avell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SS7BJFN6 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Avell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W177OMI2 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Avell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W3ESJ6FN (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Avell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X3MP56WS (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\20KZ28HB (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3V8101PG (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5XB988DM (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKQZFML2 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYCBMZBV (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FPW2RB7S (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GF601GW4 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYT7A4AH (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LEFZ5XDO (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LSCB0ODC (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O1Y132ZG (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QW5KU1V5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SS7BJFN6 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W177OMI2 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W3ESJ6FN (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X3MP56WS (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18/03/2016 at 18:40:50,84
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Attached Files


Edited by Oh My!, 18 March 2016 - 06:31 PM.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,596 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:02 PM

Posted 18 March 2016 - 06:44 PM

Greetings,

It is important that you run the steps in the order I list them. Also, please copy and paste your information in your reply unless asked to attach a file.

What popups are you seeing and what web sites are you being redirected to?

Do you have other computers accessing the web through the same wireless router? If so, any similar issues?

Which browser(s) is this happening with?

Please do this.

===================================================

Running Combofix in Vista/7

--------------------
  • Please download ComboFix and save it to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Note: If after disabling Combofix warns you an Antivirus program is still running ignore the warning and run Combofix.
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouse click while the program is running or it may stall.
  • Patiently allow the program to run. At times it may appear nothing is happening
  • Copy and paste the report in your reply
  • If Combofix fails to run completely stop and let me know
===================================================

Zoek by Smeenk - Scan and Automatic Cleanup

--------------------
  • Download Zoek and save it to your Desktop
  • Right click the icon, select Run as Admistrator, and wait for the Program to appear on your Desktop (may take 15 seconds or so)
  • Verify Scan All Users is selected then click Run Script
  • Type 4 in the lower box to Do a Deep Scan and Automated Cleanup then click OK
  • Wait patiently for the program to run
  • Do not use your computer while the scan is running
  • When completed a zoek-results.txt report will appear on your desktop. Copy and paste the contents in your reply
===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • Right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • The program will conduct a prescan and when finished you wlll see Prescan Finished. Please hit the scan button
  • Click Scan
  • If, during the scan, you receive a request to upload a file to Virustotal please click Yes
  • A report should open and a copy of the report will be placed on your desktop. If not, hit the Report button.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure only the following options are checked:

Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List IP configuration
List Winsock Entries

  • Click Go and once the scan is completed a MTB.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Reply to questions
  • Combofix log
  • Zoek report
  • RogueKiller report
  • MiniToolBox report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 kanon88

kanon88
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 20 March 2016 - 12:47 PM

What popups are you seeing and what web sites are you being redirected to?

 

For example just by clicking on any blank space here on bleeping computer or any other site , another tab opens redirecting me to another sites, i grabbed a few links, here are them :

 

http://m.link-rise.com/82L?YWVkZ2VuY3kuODIuTElOSy4u&&aff_sub=JFC1388_dMzoQyPUFs-PbfpBWnPPZP

 

http://tracking.toroadvertising.com/aff_r?offer_id=9484&aff_id=3929&url=https%3A%2F%2Fall2lnk.com%2F%3Fl%3D68cd0fa892b058ea9df4eac9dd1c9b20%26adwpl%3D3929%26transaction_id%3D102cf40fffb752b19411b22a676055%26param%3D1&urlauth=792889727617964711323279716157

 

And the other redirections are going to survey and merchandise websites.

 

Do you have other computers accessing the web through the same wireless router? If so, any similar issues?

 

No for both questions.

 

Which browser(s) is this happening with?

 

I only use Firefox and i tested on Chrome to see if i had the same issues i had here on Firefox, and the answer is that only Firefox is having those problems apparently.

 

Extra Info : Some programs ran in english but they log appeared in my native language if you have any problem with it, please let me know if i can help. Also thanks for your help Gary.

 

 

 

ComboFix Log :

 

ComboFix 16-03-19.01 - Avell 19/03/2016  18:43:04.5.8 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.55.1046.18.4066.2813 [GMT -3:00]
Executando de: c:\users\Avell\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Criado um novo ponto de restauração
.
.
(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\sXe Injected
c:\program files (x86)\sXe Injected\ddsxei.sys
c:\program files (x86)\sXe Injected\sXe-I EULA.txt
c:\program files (x86)\sXe Injected\sXe Injected.exe
c:\program files (x86)\sXe Injected\sXe Injected.txt
c:\program files (x86)\sXe Injected\sXe.dll
c:\program files (x86)\sXe Injected\sXeInjectedSetup.15.3.Fix.5.exe
c:\program files (x86)\sXe Injected\sXeInjectedSetup.15.4.exe
c:\program files (x86)\sXe Injected\uninstall.exe
c:\program files (x86)\sXe Injected\uninstall.ini
.
A cópia de c:\windows\System32\csrss.exe foi encontrada e desinfectada
Cópia restaurada de - c:\windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe
.
.
((((((((((((((((   Arquivos/Ficheiros criados de 2016-02-19 to 2016-03-19  ))))))))))))))))))))))))))))
.
.
2016-03-19 21:52 . 2016-03-19 21:52    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2016-03-19 21:52 . 2016-03-19 21:52    --------    d-----w-    c:\users\TEMP\AppData\Local\temp
2016-03-19 21:52 . 2016-03-19 21:52    --------    d-----w-    c:\users\Public\AppData\Local\temp
2016-03-19 21:52 . 2016-03-19 21:52    --------    d-----w-    c:\users\HomeGroupUser$\AppData\Local\temp
2016-03-19 21:52 . 2016-03-19 21:52    --------    d-----w-    c:\users\Default\AppData\Local\temp
2016-03-19 21:52 . 2016-03-19 21:52    --------    d-----w-    c:\users\Convidado\AppData\Local\temp
2016-03-19 21:52 . 2016-03-19 21:52    --------    d-----w-    c:\users\Casa\AppData\Local\temp
2016-03-19 21:52 . 2016-03-19 21:52    --------    d-----w-    c:\users\Administrador\AppData\Local\temp
2016-03-18 21:30 . 2016-03-18 21:34    --------    d-----w-    c:\program files (x86)\AdwCleaner
2016-03-18 20:16 . 2016-03-18 20:58    --------    d-----w-    c:\users\Avell\Zomboid
2016-03-15 01:25 . 2016-03-15 01:25    --------    d-----w-    c:\users\Avell\AppData\Local\Geckofx
2016-03-15 01:21 . 2016-03-15 01:21    --------    d-----w-    c:\programdata\VideoPlugin-1601.0-BrowserService-Assets
2016-03-15 01:20 . 2016-03-15 01:21    --------    d-----w-    c:\program files\VideoPlugin
2016-03-15 01:20 . 2016-03-15 01:21    --------    d-----w-    c:\programdata\VideoPlugin
2016-03-13 21:58 . 2016-03-14 21:19    --------    d-----w-    C:\Games
2016-03-11 18:24 . 2016-03-11 18:24    --------    d-----w-    c:\users\Avell\AppData\Roaming\7DaysToDie
2016-03-08 23:43 . 2016-03-08 23:44    --------    d-----w-    c:\program files (x86)\Zafehouse Diaries
2016-03-07 20:37 . 2016-03-07 20:37    --------    d-----w-    c:\users\Avell\AppData\Roaming\com.sarahnorthway.rebuild3
2016-03-07 19:48 . 2016-03-15 01:16    --------    d-----w-    C:\GOG Games
2016-03-06 08:24 . 2016-03-06 08:24    --------    d-----w-    c:\users\Avell\AppData\Local\Introversion
2016-03-06 06:19 . 2016-03-06 06:48    --------    d-----w-    c:\program files (x86)\GOG.com
2016-03-06 03:37 . 2016-03-06 03:37    --------    d-----w-    c:\program files (x86)\Firaxis Games
2016-02-29 20:26 . 2016-02-29 20:28    --------    d-----w-    c:\users\Avell\AppData\Local\Hero_Siege
2016-02-18 22:56 . 2016-02-19 19:16    --------    d-----w-    c:\users\Avell\AppData\Roaming\PSPDocMaker
.
.
.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-03-15 20:20 . 2012-08-01 19:40    797376    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2016-03-15 20:20 . 2012-08-01 19:40    142528    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-02-08 20:46 . 2016-02-08 20:46    36864    ----a-w-    C:\sotn_fs.exe
2015-12-21 07:55 . 2015-12-21 07:55    9728    ----a-w-    c:\windows\SysWow64\RzStats.IPC.dll
2014-12-17 15:09    104731    --sha-r-    c:\windows\SysWOW64\csrss.exe
.
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184]
"SteelSeries Engine"="c:\program files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe" [2014-10-09 87040]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
"CCleaner Monitoring"="c:\program files (x86)\CCleaner\CCleaner64.exe" [2014-12-12 7394584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-15 291608]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2011-06-22 418672]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2011-06-22 202608]
"BTOptm"="c:\program files (x86)\BTOPtm\BTOptm.exe" [2012-03-09 1907056]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-09-26 271744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2014-07-31 20:37    1754664    ----a-w-    c:\program files (x86)\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys;c:\windows\SYSNATIVE\drivers\GbpKm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\Drivers\btmcom.sys;c:\windows\SYSNATIVE\Drivers\btmcom.sys [x]
R3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys;c:\windows\SYSNATIVE\Drivers\btmusb.sys [x]
R3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys;c:\windows\SYSNATIVE\drivers\danew.sys [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys;c:\windows\SYSNATIVE\DRIVERS\ENTECH64.sys [x]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 rzdaendpt;Razer DeathAdder end point;c:\windows\system32\DRIVERS\rzdaendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzdaendpt.sys [x]
R3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
R3 rzvkeyboard;Razer Virtual Keyboard Driver;c:\windows\system32\DRIVERS\rzvkeyboard.sys;c:\windows\SYSNATIVE\DRIVERS\rzvkeyboard.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\DRIVERS\TsUsbGD.sys;c:\windows\SYSNATIVE\DRIVERS\TsUsbGD.sys [x]
S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS;c:\windows\SYSNATIVE\DRIVERS\EMSC.SYS [x]
S0 iusb3hcs;Driver de comutação do controlador host Intel® USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe;c:\program files\Motorola\Bluetooth\audiosrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe;c:\program files\Motorola\Bluetooth\obexsrv.exe [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
S2 EgisTec Service;EgisTec Service;c:\program files (x86)\EgisTec BioExcess\EgisService.exe;c:\program files (x86)\EgisTec BioExcess\EgisService.exe [x]
S2 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 Razer Game Scanner Service;Razer Game Scanner;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [x]
S2 rzpmgrk;rzpmgrk;c:\windows\system32\drivers\rzpmgrk.sys;c:\windows\SYSNATIVE\drivers\rzpmgrk.sys [x]
S2 rzpnk;rzpnk;c:\windows\system32\drivers\rzpnk.sys;c:\windows\SYSNATIVE\drivers\rzpnk.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 VideoPlugin.BrowserService;Video Plugin Browser Service;c:\program files\VideoPlugin\BrowserService\VideoPlugin.BrowserService.exe;c:\program files\VideoPlugin\BrowserService\VideoPlugin.BrowserService.exe [x]
S2 VideoPlugin.FilterDriver;Video Plugin Filter Driver;c:\program files\VideoPlugin\FilterService\VideoPlugin.FilterDriver.sys;c:\program files\VideoPlugin\FilterService\VideoPlugin.FilterDriver.sys [x]
S2 VideoPlugin.FilterService;Video Plugin Filter Service;c:\program files\VideoPlugin\FilterService\VideoPlugin.FilterService.exe;c:\program files\VideoPlugin\FilterService\VideoPlugin.FilterService.exe [x]
S2 VideoPlugin.UpdateService;Video Plugin Update Service;c:\program files\VideoPlugin\UpdateService\VideoPlugin.UpdateService.exe;c:\program files\VideoPlugin\UpdateService\VideoPlugin.UpdateService.exe [x]
S3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\DRIVERS\ATSwpWDF.sys;c:\windows\SYSNATIVE\DRIVERS\ATSwpWDF.sys [x]
S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [x]
S3 busenum;SteelBusSvc;c:\windows\system32\DRIVERS\SteelBus64.sys;c:\windows\SYSNATIVE\DRIVERS\SteelBus64.sys [x]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
S3 iusb3hub;Driver para hub Intel® USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Driver de controlador host eXtensível Intel® USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv.sys [x]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
S3 SAlphamHid;SteelHIDSvc;c:\windows\system32\DRIVERS\SAlpham64.sys;c:\windows\SYSNATIVE\DRIVERS\SAlpham64.sys [x]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys;c:\windows\SYSNATIVE\DRIVERS\seehcri.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-03-14 22:50    1106072    ----a-w-    c:\program files (x86)\Google\Chrome\Application\49.0.2623.87\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2016-03-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2315785857-4177499487-4149518941-1000Core.job
- c:\users\Avell\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-15 16:45]
.
2016-03-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2315785857-4177499487-4149518941-1000UA.job
- c:\users\Avell\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-15 16:45]
.
2016-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-01-13 19:19]
.
2016-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-01-13 19:19]
.
2016-03-19 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 16:41]
.
2016-03-19 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 16:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-11-12 20:17    2334928    ----a-w-    c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-11-12 20:17    2334928    ----a-w-    c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-11-12 20:17    2334928    ----a-w-    c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-12 13353064]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com.br/
mLocal Page = c:\windows\system32\blank.htm
IE: {{bd707fe6-39f6-4bda-9265-86a76719bdc5} - c:\program files\Motorola\Bluetooth\btmiesend.htm
Trusted Zone: bancobrasil.com.br\www
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bb.com.br\seg
Trusted Zone: bb.com.br\www
TCP: DhcpNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Avell\AppData\Roaming\Mozilla\Firefox\Profiles\zu003tzj.default-1445535691884\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com.br/
.
- - - - ORFÃOS REMOVIDOS - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-ManyCam - c:\program files (x86)\ManyCam\uninstall.exe
AddRemove-sXe Injected - c:\program files (x86)\sXe Injected\uninstall.exe
AddRemove-{323362B5-F82D-4340-91B3-302AF8B9100F}_is1 - c:\level up\Smite\unins000.exe
AddRemove-{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1 - c:\users\Avell\AppData\Roaming\unins000.exe
AddRemove-{7f51bdb9-ee21-49ee-94d6-90afc321780e} - c:\programdata\Package Cache\{7f51bdb9-ee21-49ee-94d6-90afc321780e}\vcredist_x64.exe
AddRemove-{95716cce-fc71-413f-8ad5-56c2892d4b3a} - c:\programdata\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe
AddRemove-{a1909659-0a08-4554-8af1-2175904903a1} - c:\programdata\Package Cache\{a1909659-0a08-4554-8af1-2175904903a1}\vcredist_x64.exe
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\S-1-5-21-2315785857-4177499487-4149518941-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2315785857-4177499487-4149518941-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2315785857-4177499487-4149518941-1000_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32]
@Denied: (C D 2 3 6) (CreatorAuthority-4)
@Denied: (C D 2 3 6) (Everyone)
@Allowed: (Read) (S-1-5-21-2315785857-4177499487-4149518941-1000)
@SACL=(02 0001)
@Ace=(0x11) (1 3) (S-1-16-12288)
"ThreadingModel"="Apartment"
@="c:\\ProgramData\\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\\crypt32.dll"
.
[HKEY_USERS\S-1-5-21-2315785857-4177499487-4149518941-1000_Classes\Drive\ShellEx\FolderExtensions\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}]
@Denied: (C D 2 3 6) (CreatorAuthority-4)
@Denied: (C D 2 3 6) (Everyone)
@Allowed: (Read) (S-1-5-21-2315785857-4177499487-4149518941-1000)
@SACL=(02 0001)
@Ace=(0x11) (1 3) (S-1-16-12288)
"DriveMask"=dword:ffffffff
.
[HKEY_LOCAL_MACHINE\software\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_241_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_241_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32]
@Denied: (C D 2 3 6) (CreatorAuthority-4)
@Denied: (C D 2 3 6) (Everyone)
@SACL=(02 0001)
@Ace=(0x11) (1 3) (S-1-16-12288)
"ThreadingModel"="Apartment"
@="c:\\ProgramData\\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\\crypt32.dll"
.
[HKEY_LOCAL_MACHINE\software\Classes\Drive\shellex\FolderExtensions\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}]
@Denied: (C D 2 3 6) (CreatorAuthority-4)
@Denied: (C D 2 3 6) (Everyone)
@SACL=(02 0001)
@Ace=(0x11) (1 3) (S-1-16-12288)
"DriveMask"=dword:ffffffff
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_241_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_241_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_241.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.18"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_241.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_241.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_241.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Outros Processos em Execução ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Panda USB Vaccine\USBVaccine.exe
c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\ismagent.exe
c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Tempo para conclusão: 2016-03-19  18:59:59 - Máquina reiniciou
ComboFix-quarantined-files.txt  2016-03-19 21:59
ComboFix2.txt  2015-01-06 16:43
ComboFix3.txt  2015-01-05 18:36
ComboFix4.txt  2014-12-31 14:39
ComboFix5.txt  2016-03-19 21:40
.
Pré-execução: 33.537.355.776 bytes disponíveis
Pós execução: 33.420.038.144 bytes disponíveis
.
- - End Of File - - B88A27D671A9421DCA106EA79C1D9DE3
 

 

 

Zoek Log : ( i couldn't finish the zoek log , i tried 3 times and the program kept stuck at the same line while searching FireFox extensions entries (the last time i tried i left zoek running for about 3-4 hours) anyway, here's the very first log that i managed to save:

 

Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Avell on 19/03/2016 at 19:03:31,01.
Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Avell\Desktop\zoek.exe [Scan all users]  [Checkboxes used]

==== Older Logs ======================

C:\zoek-results2014-12-29-162925.log    486 bytes
C:\zoek-results2014-12-29-163514.log    25350 bytes
C:\zoek-results2014-12-30-175615.log    24346 bytes
C:\zoek-results2014-12-31-144203.log    14634 bytes
C:\zoek-results2015-01-06-164637.log    14582 bytes
C:\zoek-results2015-01-08-172632.log    14981 bytes
C:\zoek-results2015-01-12-193709.log    15463 bytes
C:\zoek-results2015-10-21-234526.log    14852 bytes

==== Empty Folders Check ======================

C:\PROGRA~2\GOG.com deleted successfully
C:\Users\Avell\AppData\Roaming\PSPDocMaker deleted successfully
C:\Users\Administrador\AppData\Local\Comodo deleted successfully
C:\Users\Administrador\AppData\Local\Google deleted successfully
C:\Users\Avell\AppData\Local\Comodo deleted successfully
C:\Users\Avell\AppData\Local\CrashDumps deleted successfully
C:\Users\Avell\AppData\Local\Skype deleted successfully
C:\Users\Convidado\AppData\Local\Comodo deleted successfully
C:\Users\Convidado\AppData\Local\Google deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Comodo deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google deleted successfully
C:\Users\UpdatusUser\AppData\Local\Comodo deleted successfully
C:\Users\UpdatusUser\AppData\Local\Google deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Running Processes ======================

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\BTOPtm\BTOptm.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Users\Avell\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\GOG.com not found
C:\sotn_fs.exe deleted
C:\PROGRA~3\Package Cache deleted

==== System Specs ======================

Windows: Windows 7 Ultimate Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 4067 MB
CPU Info: Intel® Core™ i7-3630QM CPU @ 2.40GHz
CPU Speed: 2400,5 MHz
Sound Card: SAMSUNG-3 (NVIDIA High Definiti |
Alto-falantes (Realtek High Def |
Display Adapters: NVIDIA GeForce GT 640M | NVIDIA GeForce GT 640M | NVIDIA GeForce GT 640M | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Monitor Genérico PnP | Monitor Genérico PnP | Monitor Genérico PnP |
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Realtek RTL8188CE Wireless LAN 802.11n COMBO PCI-E NIC | Realtek PCIe GBE Family Controller
CD / DVD Drives: 1x (D: | ) D: DTSOFT  BDROM
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 8 Button Wheel Mouse Present
Hard Disks: C:  698,5GB
Hard Disks - Free: C:  30,8GB
Manufacturer *: Insyde Corp.
BIOS Info: AT/AT COMPATIBLE | 06/05/12 | ACRSYS - 1
Time Zone: Hora oficial do Brasil
Motherboard *: Compal Type2 - Board Product Name1
Country: Brasil
Language: PTB

==== System Specs (Software) ======================

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
Default Browser: Firefox    45.0.1
Internet Explorer Version: 11.0.9600.17501
Mozilla Firefox version: 45.0.1 (x86 pt-BR)
Google Chrome version: 49.0.2623.87
Adobe Reader version: 15.10.20056.167417
Sun Java version: 1.7.0_71 (32-bit)
Sun Java version: 1.7.0_02 (64-bit)
Flash Player version: 21.0.0.182

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Avell\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2016-03-15 01:20:47    --------    d-----w-    C:\Program Files\VideoPlugin
======= C:\PROGRA~2 =====
2016-03-18 21:30:29    --------    d-----w-    C:\PROGRA~2\AdwCleaner
2016-03-08 23:43:48    --------    d-----w-    C:\PROGRA~2\Zafehouse Diaries
2016-03-06 03:37:59    --------    d-----w-    C:\PROGRA~2\Firaxis Games
======= C: =====
====== C:\Users\Avell\AppData\Roaming ======
2016-03-19 22:00:01    --------    d-----w-    C:\Users\USURIO~1\AppData\Local\temp
2016-03-19 22:00:01    --------    d-----w-    C:\Users\UpdatusUser\AppData\Local\temp
2016-03-19 22:00:01    --------    d-----w-    C:\Users\TEMP\AppData\Local\temp
2016-03-19 22:00:01    --------    d-----w-    C:\Users\Public\AppData\Local\temp
2016-03-19 22:00:01    --------    d-----w-    C:\Users\HomeGroupUser$\AppData\Local\temp
2016-03-19 22:00:01    --------    d-----w-    C:\Users\Default\AppData\Local\temp
2016-03-19 22:00:01    --------    d-----w-    C:\Users\Default User\AppData\Local\temp
2016-03-19 22:00:01    --------    d-----w-    C:\Users\Convidado\AppData\Local\temp
2016-03-19 22:00:01    --------    d-----w-    C:\Users\Casa\AppData\Local\temp
2016-03-19 22:00:01    --------    d-----w-    C:\Users\Administrador\AppData\Local\temp
2016-03-15 01:25:18    --------    d-----w-    C:\Users\Avell\AppData\Local\Geckofx
2016-03-11 18:24:27    --------    d-----w-    C:\Users\Avell\AppData\Roaming\7DaysToDie
2016-03-07 20:37:16    --------    d-----w-    C:\Users\Avell\AppData\Roaming\com.sarahnorthway.rebuild3
2016-03-06 08:24:50    --------    d-----w-    C:\Users\Avell\AppData\Local\Introversion
2016-02-29 20:26:15    --------    d-----w-    C:\Users\Avell\AppData\Local\Hero_Siege
====== C:\Users\Avell ======
2016-03-18 20:16:37    --------    d-----w-    C:\Users\Avell\Zomboid
2016-03-15 01:21:23    --------    d-----w-    C:\Users\TODOSO~1\VideoPlugin-1601.0-BrowserService-Assets
2016-03-15 01:21:23    --------    d-----w-    C:\ProgramData\VideoPlugin-1601.0-BrowserService-Assets
2016-03-15 01:20:43    --------    d-----w-    C:\Users\TODOSO~1\VideoPlugin
2016-03-15 01:20:43    --------    d-----w-    C:\ProgramData\VideoPlugin
2016-03-08 23:43:49    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zafehouse Diaries
2016-03-07 20:33:01    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com

====== C: exe-files ==
2016-03-15 01:22:19    F718A2C710853CBA3EE438837E4C734F    415184    ----a-w-    C:\ProgramData\VideoPlugin-1601.0-BrowserService-Assets\Yandex\47.0.2526.2568\Files\47.0.2526.2568\service_update.exe
2016-03-15 01:22:17    221A488E6B8C88D9EC5843483794B958    151944    ----a-w-    C:\ProgramData\VideoPlugin-1601.0-BrowserService-Assets\Yandex\47.0.2526.2568\Files\clidmgr.exe
2016-03-15 01:22:16    EDBE872E56AB8F9E3425D633F12B8DE6    394024    ----a-w-    C:\ProgramData\VideoPlugin-1601.0-BrowserService-Assets\Yandex\47.0.2526.2568\Files\47.0.2526.2568\show-dlg.exe
2016-03-15 01:22:11    C7694CD1B8944702774552FC5E8228C3    2050000    ----a-w-    C:\ProgramData\VideoPlugin-1601.0-BrowserService-Assets\Yandex\47.0.2526.2568\Files\yandex.exe
2016-03-15 01:22:10    7BB91640B0D3D77734AED68FC716F8DC    501032    ----a-w-    C:\ProgramData\VideoPlugin-1601.0-BrowserService-Assets\Yandex\47.0.2526.2568\Files\47.0.2526.2568\yupdate-exec.exe
2016-03-15 01:22:04    069E6AD2FF9585092A1DA1B0FF9CC06E    234960    ----a-w-    C:\ProgramData\VideoPlugin-1601.0-BrowserService-Assets\Yandex\47.0.2526.2568\Files\47.0.2526.2568\suspend_api_check.exe
2016-03-15 01:22:00    446F2364A74D0DB796BC545100EA0156    2184144    ----a-w-    C:\ProgramData\VideoPlugin-1601.0-BrowserService-Assets\Yandex\47.0.2526.2568\Files\47.0.2526.2568\nacl64.exe
2016-03-15 01:21:49    AE1A20BC668AF71D4BAC621E0BB00F3D    404944    ----a-w-    C:\ProgramData\VideoPlugin-1601.0-BrowserService-Assets\Yandex\47.0.2526.2568\Files\47.0.2526.2568\crash_service.exe
2016-03-15 01:21:28    1C16CEDC248B3D1C1EAB21C5A4F70AE6    927184    ----a-w-    C:\ProgramData\VideoPlugin-1601.0-BrowserService-Assets\Yandex\47.0.2526.2568\Files\47.0.2526.2568\Installer\setup.exe
2016-03-15 01:21:22    7CAC3E3A40975C24052986CB38CC44DB    8770890    ----a-w-    C:\Program Files\VideoPlugin\FilterService\VideoPlugin.FilterServer.exe
2016-03-15 01:21:15    FFF0DA5014B21384627540A292D2074F    104968    ----a-w-    C:\Program Files\VideoPlugin\FilterService\VideoPlugin.FilterService.exe
2016-03-15 01:21:15    3B5AFB5F861D8E6A3DBE97E993FF96B3    138752    ----a-w-    C:\Program Files\VideoPlugin\BrowserService\VideoPlugin.BrowserService.exe
2016-03-15 01:20:47    6A781D719BAD74157861CDC7815E6FE4    55808    ----a-w-    C:\Program Files\VideoPlugin\UpdateService\VideoPlugin.Uninstaller.exe
2016-03-15 01:20:47    0659F7A453DC3B74C7B25140C14934A4    52736    ----a-w-    C:\Program Files\VideoPlugin\UpdateService\VideoPlugin.UpdateService.exe
2016-03-15 01:16:32    64852E9C2215176884500899F5344CEC    158208    ----a-w-    C:\GOG Games\Project Zomboid\ProjectZomboid64.exe
2016-03-15 01:16:32    0E10ABCB168E78E4BD3A1C058761E6F5    149504    ----a-w-    C:\GOG Games\Project Zomboid\ProjectZomboid32.exe
2016-03-15 01:16:31    05C6B8730D7E7657228060504A9D823A    1327184    ----a-w-    C:\GOG Games\Project Zomboid\unins000.exe
2016-03-15 01:13:12    A12E62437C825374C063C26DEC22DAE8    598251640    ----a-w-    C:\PS2\Roms\zomboid\Project.Zomboid-GOG\setup_project_zomboid_2.0.0.2.exe
2016-03-14 22:50:42    8CE935AB9FF75A3C13CEDA95C0BE684B    7749208    ----a-w-    C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\49.0.2623.87\49.0.2623.87_48.0.2564.116_chrome_updater.exe
2016-03-14 21:21:20    2165C76D6C09EAB17E4E52EBE1CBF4D4    180711    ----a-w-    C:\Games\Project Zomboid Build 33.20\uninstall.exe
2016-03-13 21:46:17    15ED1AE0B7C07E84022E00FA48907736    577315039    ----a-w-    C:\PS2\Roms\zomboid\Project_Zomboid_Build_33.20_setup.exe
=== C: other files ==
2016-03-18 21:51:09    DC7E8F3E8191040B81F2AA594E4E13A3    66732    ----a-w-    C:\Users\Avell\Desktop\virus remotion\Summary.zip
2016-03-18 20:50:31    85FCACC3D720CA34F209810EEB708AFA    855686    ----a-w-    C:\Games\Project Zomboid Build 33.20\media\maps\Muldraugh, KY\Dreadwood1.7.zip
2016-03-15 01:21:15    EE73D74E469F09C1473469482AACB8D6    13392    ----a-w-    C:\Program Files\VideoPlugin\FilterService\VideoPlugin.FilterDriver.sys
2016-03-15 01:18:48    D78E1E5B2D11E16052C7E9D0A1DE4C90    70    ----a-w-    C:\GOG Games\Project Zomboid\rcon\rcon.bat
2016-03-15 01:18:48    1FF5A00E26FCD4A510037FA3D34E60D0    307    ----a-w-    C:\GOG Games\Project Zomboid\PZServerSettings\PZServerSettings.bat
2016-03-15 01:18:48    0ABA080A604F150714C472A6449D78DC    73    ----a-w-    C:\GOG Games\Project Zomboid\rcon\rcon-gui.bat
2016-03-15 01:16:32    F5571BD59755DE475A6338EBD69B1E7C    306    ----a-w-    C:\GOG Games\Project Zomboid\ProjectZomboid32.bat
2016-03-15 01:16:32    E9194C2DD1CFFCEFF9703608EA5E59B4    247    ----a-w-    C:\GOG Games\Project Zomboid\ProjectZomboidServer.bat
2016-03-15 01:16:32    3A8B5B7374E78D5BB9CC91C41821302D    310    ----a-w-    C:\GOG Games\Project Zomboid\ProjectZomboid64.bat
2016-03-15 01:16:32    16F4A383FC3A9F1592CE8592F90AA23B    237491    ----a-w-    C:\GOG Games\Project Zomboid\webcache.zip
2016-03-14 18:53:46    CAA44BA91E401F0F593BBFE6D7962EC3    325089    ----a-w-    C:\PS2\Roms\zomboid\mods\Hydrocraft 3d Patch.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-2315785857-4177499487-4149518941-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup"
"SteelSeries Engine"="C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe"
"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun"
"CCleaner Monitoring"="C:\Program Files (x86)\CCleaner\CCleaner64.exe /MONITOR"

[HKEY_USERS\S-1-5-21-2315785857-4177499487-4149518941-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2315785857-4177499487-4149518941-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe 60"
"USB3MON"="C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"EgisTecPMMUpdate"="C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
"EgisUpdate"="C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe -d"
"BTOptm"="C:\Program Files (x86)\BTOPtm\BTOptm.exe"
"ISUSScheduler"="C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe -start"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup"
"SteelSeries Engine"="C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe"
"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun"
"CCleaner Monitoring"="C:\Program Files (x86)\CCleaner\CCleaner64.exe /MONITOR"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"ETDCtrl"="%ProgramFiles%\Elantech\ETDCtrl.exe "

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ATDworks]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ATDworks"
"hkey"="HKCU"
"command"="C:\\Users\\Avell\\AppData\\Local\\ATDworks\\TMPAFA3.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BlueStacks Agent]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BlueStacks Agent"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\BlueStacks\\HD-Agent.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BTMTrayAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BTMTrayAgent"
"hkey"="HKLM"
"command"="rundll32.exe \"C:\\Program Files\\Motorola\\Bluetooth\\btmshell.dll\",TrayApp"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CCleaner Monitoring]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CCleaner Monitoring"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\CCleaner\\CCleaner64.exe\" /MONITOR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Razer Synapse]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Razer Synapse"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Razer\\Synapse\\RzSynapse.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Spotify"
"hkey"="HKCU"
"command"="\"C:\\Users\\Avell\\AppData\\Roaming\\Spotify\\Spotify.exe\" -autostart -minimized"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify Web Helper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Spotify Web Helper"
"hkey"="HKCU"
"command"="\"C:\\Users\\Avell\\AppData\\Roaming\\Spotify\\SpotifyWebHelper.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Steam"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VitaKeyTSR]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VitaKeyTSR"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\EgisTec BioExcess\\EgisTSR.exe /run"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Avell^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Curse.lnk]
"path"="C:\\Users\\Avell\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Curse.lnk"
"backup"="C:\\Windows\\pss\\Curse.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\Users\\Avell\\AppData\\Roaming\\CURSEC~1\\Bin\\Curse.exe /startup"
"item"="Curse"


==== Task Scheduler Jobs ======================

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2315785857-4177499487-4149518941-1000Core.job --a------ C:\Users\Avell\AppData\Local\Facebook\Update\FacebookUpdate.exe [15/03/2013 13:45]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2315785857-4177499487-4149518941-1000UA.job --a------ C:\Users\Avell\AppData\Local\Facebook\Update\FacebookUpdate.exe [15/03/2013 13:45]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [28/08/2015 16:19]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [28/08/2015 16:19]
C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job --a------ C:\Program Files (x86)\Intel\IntelR ME FW Recovery Agent\bin\Bootstrap.exe []
C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job --a------ C:\Program Files (x86)\Intel\IntelR ME FW Recovery Agent\bin\Bootstrap.exe []

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files (x86)\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\elbyExecuteWithUAC" [C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ExecuteWithUAC.exe]
"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2315785857-4177499487-4149518941-1000Core" [C:\Users\Avell\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2315785857-4177499487-4149518941-1000UA" [C:\Users\Avell\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d" [C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe]
"C:\Windows\SysNative\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon" [C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe]
"C:\Windows\SysNative\tasks\PandaUSBVaccine" ["C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe"]
"C:\Windows\SysNative\tasks\SRS Premium Sound" [C:\Program Files\SRS Labs\SRS Control Panel\srspanel_64.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{735F6201-B70F-4D5B-AA89-EDA8CDA60315}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Avell\AppData\Roaming\Mozilla\Firefox\Profiles\zu003tzj.default-1445535691884
user_pref("browser.startup.homepage", "https://www.google.com.br/");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{d4da7309-b89a-45ec-8ebb-cfb2ae13618b}"="C:\Program Files (x86)\EgisTec BioExcess\FFExt20" [01/08/2012 17:30]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E886D}"="C:\Users\Avell\AppData\Local\GAS Tecnologia\GBBD\cef\xpi" [14/07/2015 23:52]
 

 

 

Roguekiller log:

 

RogueKiller V12.0.2.0 [Mar 14 2016] (Free) por Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Site : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Iniciou : Modo normal
Usuário : Avell [Administrador]
Started from : C:\Users\Avell\Desktop\RogueKiller.exe
Modo : Escanear -- Data : 03/20/2016 14:32:15

¤¤¤ Processos : 0 ¤¤¤

¤¤¤ Registro : 1 ¤¤¤
[Tr.Rosena] (X64) HKEY_USERS\S-1-5-21-2315785857-4177499487-4149518941-1000\Software\classes\clsid\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A} -> Encontrado

¤¤¤ Tarefas : 0 ¤¤¤

¤¤¤ Arquivos : 0 ¤¤¤

¤¤¤ Arquivos de hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Não carregado [0xc000036b]) ¤¤¤

¤¤¤ Navegadores : 0 ¤¤¤

¤¤¤ Verificação da MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD7500BPKT-00PK4T0 +++++
--- User ---
[MBR] e9330930f315506044f3e319f2ed074b
[BSP] 0e177e21e522ca06a3588111f79f573a : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 715302 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 

 

MiniToolBox log:

 

MiniToolBox by Farbar  Version: 07-02-2016 01
Ran by Avell (administrator) on 20-03-2016 at 14:37:42
Running from "C:\Users\Avell\Desktop"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Model: QAL51 Manufacturer: Compal
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= IP Configuration: ================================

Realtek RTL8188CE Wireless LAN 802.11n COMBO PCI-E NIC = NET (Connected)
Realtek PCIe GBE Family Controller = Conexão local (Media disconnected)


# ----------------------------------
# Configura‡Æo de IPv4
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add address name="ConexÆo local" address=10.0.0.1 mask=255.255.255.0
add address name="NET" address=192.168.137.1 mask=255.255.255.0


popd
# Final da configura‡Æo IPv4



Configura‡Æo de IP do Windows

   Nome do host. . . . . . . . . . . . . . . . : Avell-PC
   Sufixo DNS prim rio . . . . . . . . . . . . :
   Tipo de n¢. . . . . . . . . . . . . . . . . : h¡brido
   Roteamento de IP ativado. . . . . . . . . . : nÆo
   Proxy WINS ativado. . . . . . . . . . . . . : nÆo
   Lista de pesquisa de sufixo DNS . . . . . . : local

Adaptador de Rede sem Fio NET:

   Sufixo DNS espec¡fico de conexÆo. . . . . . : local
   Descri‡Æo . . . . . . . . . . . . . . . . . : Realtek RTL8188CE Wireless LAN 802.11n COMBO PCI-E NIC
   Endere‡o F¡sico . . . . . . . . . . . . . . : DC-85-DE-4A-08-BB
   DHCP Habilitado . . . . . . . . . . . . . . : Sim
   Configura‡Æo Autom tica Habilitada. . . . . : Sim
   Endere‡o IPv6 de link local . . . . . . . . : fe80::80a3:afc1:f880:6024%14(Preferencial)
   Endere‡o IPv4. . . . . . . .  . . . . . . . : 192.168.1.3(Preferencial)
   M scara de Sub-rede . . . . . . . . . . . . : 255.255.255.0
   ConcessÆo Obtida. . . . . . . . . . . . . . : domingo, 20 de mar‡o de 2016 11:19:35
   ConcessÆo Expira. . . . . . . . . . . . . . : domingo, 20 de mar‡o de 2016 16:19:35
   Gateway PadrÆo. . . . . . . . . . . . . . . : 192.168.1.1
   Servidor DHCP . . . . . . . . . . . . . . . : 192.168.1.1
   IAID de DHCPv6. . . . . . . . . . . . . . . : 362077129
   DUID de Cliente DHCPv6. . . . . . . . . . . : 00-01-00-01-17-AB-D3-5C-DC-0E-A1-B5-4D-84
   Servidores DNS. . . . . . . . . . . . . . . : 192.168.1.1
   NetBIOS em Tcpip. . . . . . . . . . . . . . : Habilitado

Adaptador Ethernet ConexÆo local:

   Estado da m¡dia. . . . . . . . . . . . . .  : m¡dia desconectada
   Sufixo DNS espec¡fico de conexÆo. . . . . . :
   Descri‡Æo . . . . . . . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Endere‡o F¡sico . . . . . . . . . . . . . . : B8-88-E3-CE-74-54
   DHCP Habilitado . . . . . . . . . . . . . . : NÆo
   Configura‡Æo Autom tica Habilitada. . . . . : Sim

Adaptador de t£nel isatap.local:

   Estado da m¡dia. . . . . . . . . . . . . .  : m¡dia desconectada
   Sufixo DNS espec¡fico de conexÆo. . . . . . : local
   Descri‡Æo . . . . . . . . . . . . . . . . . : Adaptador do Microsoft ISATAP
   Endere‡o F¡sico . . . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Habilitado . . . . . . . . . . . . . . : NÆo
   Configura‡Æo Autom tica Habilitada. . . . . : Sim

Adaptador de t£nel isatap.{44E81E60-6F61-4748-859D-4C9F8DF9CDE7}:

   Estado da m¡dia. . . . . . . . . . . . . .  : m¡dia desconectada
   Sufixo DNS espec¡fico de conexÆo. . . . . . :
   Descri‡Æo . . . . . . . . . . . . . . . . . : Adaptador do Microsoft ISATAP #2
   Endere‡o F¡sico . . . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Habilitado . . . . . . . . . . . . . . : NÆo
   Configura‡Æo Autom tica Habilitada. . . . . : Sim

Adaptador de t£nel ConexÆo Local*:

   Estado da m¡dia. . . . . . . . . . . . . .  : m¡dia desconectada
   Sufixo DNS espec¡fico de conexÆo. . . . . . :
   Descri‡Æo . . . . . . . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Endere‡o F¡sico . . . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Habilitado . . . . . . . . . . . . . . : NÆo
   Configura‡Æo Autom tica Habilitada. . . . . : Sim
Servidor:  UnKnown
Address:  192.168.1.1

Nome:    google.com
Address:  216.58.222.46


Disparando google.com [216.58.222.46] com 32 bytes de dados:
Resposta de 216.58.222.46: bytes=32 tempo=60ms TTL=55
Resposta de 216.58.222.46: bytes=32 tempo=57ms TTL=55

Estat¡sticas do Ping para 216.58.222.46:
    Pacotes: Enviados = 2, Recebidos = 2, Perdidos = 0 (0% de
             perda),
Aproximar um n£mero redondo de vezes em milissegundos:
    M¡nimo = 57ms, M ximo = 60ms, M‚dia = 58ms
Servidor:  UnKnown
Address:  192.168.1.1

Nome:    yahoo.com
Addresses:  98.138.253.109
      206.190.36.45
      98.139.183.24


Disparando yahoo.com [206.190.36.45] com 32 bytes de dados:
Resposta de 206.190.36.45: bytes=32 tempo=163ms TTL=53
Resposta de 206.190.36.45: bytes=32 tempo=162ms TTL=53

Estat¡sticas do Ping para 206.190.36.45:
    Pacotes: Enviados = 2, Recebidos = 2, Perdidos = 0 (0% de
             perda),
Aproximar um n£mero redondo de vezes em milissegundos:
    M¡nimo = 162ms, M ximo = 163ms, M‚dia = 162ms

Disparando 127.0.0.1 com 32 bytes de dados:
Resposta de 127.0.0.1: bytes=32 tempo<1ms TTL=128
Resposta de 127.0.0.1: bytes=32 tempo<1ms TTL=128

Estat¡sticas do Ping para 127.0.0.1:
    Pacotes: Enviados = 2, Recebidos = 2, Perdidos = 0 (0% de
             perda),
Aproximar um n£mero redondo de vezes em milissegundos:
    M¡nimo = 0ms, M ximo = 0ms, M‚dia = 0ms
===========================================================================
Lista de interfaces
 14...dc 85 de 4a 08 bb ......Realtek RTL8188CE Wireless LAN 802.11n COMBO PCI-E NIC
 13...b8 88 e3 ce 74 54 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 18...00 00 00 00 00 00 00 e0 Adaptador do Microsoft ISATAP
 19...00 00 00 00 00 00 00 e0 Adaptador do Microsoft ISATAP #2
 17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

Tabela de rotas IPv4
===========================================================================
Rotas ativas:
Endere‡o de rede          M scara   Ender. gateway       Interface   Custo
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.3     25
        127.0.0.0        255.0.0.0      No v¡nculo         127.0.0.1    306
        127.0.0.1  255.255.255.255      No v¡nculo         127.0.0.1    306
  127.255.255.255  255.255.255.255      No v¡nculo         127.0.0.1    306
      192.168.1.0    255.255.255.0      No v¡nculo       192.168.1.3    281
      192.168.1.3  255.255.255.255      No v¡nculo       192.168.1.3    281
    192.168.1.255  255.255.255.255      No v¡nculo       192.168.1.3    281
        224.0.0.0        240.0.0.0      No v¡nculo         127.0.0.1    306
        224.0.0.0        240.0.0.0      No v¡nculo       192.168.1.3    281
  255.255.255.255  255.255.255.255      No v¡nculo         127.0.0.1    306
  255.255.255.255  255.255.255.255      No v¡nculo       192.168.1.3    281
===========================================================================
Rotas persistentes:
  Nenhuma

Tabela de rotas IPv6
===========================================================================
Rotas ativas:
 Se destino de rede de m‚trica      Gateway
  1    306 ::1/128                  No v¡nculo
 14    281 fe80::/64                No v¡nculo
 14    281 fe80::80a3:afc1:f880:6024/128
                                    No v¡nculo
  1    306 ff00::/8                 No v¡nculo
 14    281 ff00::/8                 No v¡nculo
===========================================================================
Rotas persistentes:
  Nenhuma
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

**** End of log ****
 


Edited by kanon88, 20 March 2016 - 01:38 PM.


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,596 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:02 PM

Posted 20 March 2016 - 03:33 PM

Thank you for all of the information.

Please do this.

===================================================

RogueKiller Selecting Deletions

--------------------
  • Close any open programs, including Firefox
  • Please disconnect any USB or external drives from the computer before you run the scan
  • Right click on the RogueKiller icon and select Run as Administrator
  • Allow the Prescan to finish
  • Click Scan
  • When the Status box shows Scan Finished place a checkmark in the following and select Delete

[Tr.Rosena] (X64) HKEY_USERS\S-1-5-21-2315785857-4177499487-4149518941-1000\Software\classes\clsid\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}

  • Click Report
  • Copy and paste the contents of the report in your reply
  • Launch Firefox and check the behavior
  • If Firefox is not working correctly please complete the next step
===================================================

Running Firefox in Browser Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Copy and paste the following into the run box and press Enter

firefox --safe-mode

  • Select Start in Safe Mode
  • Please report how Firefox is running
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • RogueKiller log
  • Firefox behavior, if necessary

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 kanon88

kanon88
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 20 March 2016 - 04:11 PM

RogueKiller Log:

 

RogueKiller V12.0.2.0 [Mar 14 2016] (Free) por Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Site : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Iniciou : Modo normal
Usuário : Avell [Administrador]
Started from : C:\Users\Avell\Desktop\RogueKiller.exe
Modo : Deletar -- Data : 03/20/2016 17:58:00

¤¤¤ Processos : 0 ¤¤¤

¤¤¤ Registro : 1 ¤¤¤
[Tr.Rosena] (X64) HKEY_USERS\S-1-5-21-2315785857-4177499487-4149518941-1000\Software\classes\clsid\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A} -> Deletado

¤¤¤ Tarefas : 0 ¤¤¤

¤¤¤ Arquivos : 0 ¤¤¤

¤¤¤ Arquivos de hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Não carregado [0xc000036b]) ¤¤¤

¤¤¤ Navegadores : 0 ¤¤¤

¤¤¤ Verificação da MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD7500BPKT-00PK4T0 +++++
--- User ---
[MBR] e9330930f315506044f3e319f2ed074b
[BSP] 0e177e21e522ca06a3588111f79f573a : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 715302 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 

 

Firefox still the same, pop-ups even here on bleeping computer , thanks in advance.



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,596 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:02 PM

Posted 20 March 2016 - 06:17 PM

Did you try Firefox in Safe Mode?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 kanon88

kanon88
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 20 March 2016 - 06:22 PM

Did you try Firefox in Safe Mode?

 

Yes, also for future references i'm not plugging any usb or external device until we finish.


Edited by kanon88, 20 March 2016 - 06:24 PM.


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,596 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:02 PM

Posted 20 March 2016 - 07:25 PM

Thank you. I just wanted to make sure of that before we reset Firefox.

Please do this.

===================================================

Resetting Firefox

--------------------
  • Please review this information to understand what resetting Firefox will do
  • Click on the Menu button (3 horizontal bars in the top right corner of window)
  • Click the Help button (question mark - ?)
  • Click Troubleshooting Information
  • Click Refresh Firefox then
  • Confirm the Reset
  • Firefox will close
  • Click Finish on the information window and Firefox will restart
  • Check your browser performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 kanon88

kanon88
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 21 March 2016 - 11:46 AM

Refreshed firefox... the issue with pop-ups persists...

 

"http://mmotraffic.com/redirect2.php?go=http%3A%2F%2Fsrv.nwave.de%2Fct.php%3Fhash%3D6a5ae00b2d8ee474aeba3c86363f624d%26aid%3D13213_11583839"

 

"http://blankrefer.com/?http://www.linkconnector.com/ta.php?lc=007949065433004679&atid=0argBitdefenderGenericBlast&lcpf=0"

 

 

links like these are still showing up.


Edited by kanon88, 21 March 2016 - 11:50 AM.


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,596 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:02 PM

Posted 21 March 2016 - 12:15 PM

Are you being redirected to another web page or does it stay on the page and an additional pop up appears?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 kanon88

kanon88
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 21 March 2016 - 12:21 PM

Are you being redirected to another web page or does it stay on the page and an additional pop up appears?

 

Example : I click anywhere on a page and then another tab opens with some of the links above and afterwards it redirect me to another site, most of the time based on any search or site that i visited (adware)



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,596 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:02 PM

Posted 21 March 2016 - 12:32 PM

Thank you.

Please tell me the manufacturer and model number of your Router.

Please run these.

===================================================

Run TDSSKiller by Kaspersky

--------------------
  • Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
  • Right-click on TDSSKiller.exe and select Run As Administrator.
  • When the program opens, click the Start Scan button.

tdss1.png

  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.

tdss2.png

  • Click Continue > Reboot now to finish the cleaning process.<- Important!!

tdss4.png

  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply even if no threats are found.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".

===================================================

aswMBR

--------------------
  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.

aswMBR1.png

  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.

aswMBR2.png

  • Please post the contents of the log in your next reply.
NOTE: aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Router information
  • TDSSKiller log
  • aswMBR report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 kanon88

kanon88
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 21 March 2016 - 08:17 PM

Before the next steps, there's any non-physical way to see what is my router manufacturer and model number? because my router is heavily attached to a wall with wires over it :unsure: , also i remember that back in 2014 i had a similar problem and was solved with a script using farbar (don't know if this info helps in anything) , thanks again.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users