Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My pc is working in a very weird way


  • Please log in to reply
15 replies to this topic

#1 jadesick

jadesick

  • Members
  • 21 posts
  • OFFLINE
  •  

Posted 22 December 2016 - 04:16 PM

Hello ,my name is Kari and I'm new here 

 

So, my pc is quite weird now... my mouse sometimes works , sometimes don't (double clicking, no response, cursor jumping) proxy server is always been enable even if i disable by the registry and removing the server. Another thing that happen a lot is freezing... the last time i scanned my computer with MBAM it had 7,500 threats(i had only antivirus and it was not working anymore).  I cannot lie about this but i was getting paranoid about crackers invading my pc when it started to happen often. My pc belongs to my dad so i can't just remove everything in this PC. I tried to install AVG , it didn't work , and then AVAST didn't work either. My pc usage and memory was really high even if i didn't open any program. I don't know what's going on.. please help.

 

(sorry if there are too many problems)

 

here's a log (hijackthis):

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 18:19:26, on 22/12/2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18057)
CHROME: 55.0.2883.87
 
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files (x86)\Launch Manager\LManager.EXE
C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
C:\Program Files (x86)\IObit\Driver Booster\4.1.0\UninstMon\PubMonitor.exe
C:\Program Files (x86)\WinRAR\WinRAR.exe
C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.1.34\deploy\LoLLauncher.exe
C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.74\deploy\LoLPatcher.exe
C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.74\deploy\LoLPatcherUx.exe
C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.74\deploy\LoLPatcherUx.exe
C:\Users\User\Downloads\HijackThis.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:50305
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files (x86)\Scpad\scpsssh2.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~2\IDM\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll (file missing)
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - (no file)
O2 - BHO: G-Buster Browser Defense ISG - {C41A1C0E-EA6C-11D4-B1B8-444553540015} - C:\PROGRA~2\GbPlugin\gbiehisg.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12222016141937984\..\Run: [MP3 Skype Recorder] C:\Program Files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe (User '?')
O4 - HKUS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12222016142034927\..\Run: [MP3 Skype Recorder] C:\Program Files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe (User '?')
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12222016141938336\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12222016141938336\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12222016142035951\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12222016142035951\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12222016141938665\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12222016141938665\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O4 - HKUS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12222016142037067\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12222016142037067\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O4 - HKUS\S-1-5-21-2436930393-3190665335-3880980104-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12222016141938965\..\Run: [Google Update] "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c (User '?')
O4 - HKUS\S-1-5-21-2436930393-3190665335-3880980104-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12222016142038199\..\Run: [Google Update] "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c (User '?')
O4 - HKUS\S-1-5-18\..\Run: [MP3 Skype Recorder] C:\Program Files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MP3 Skype Recorder] C:\Program Files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe (User 'Default user')
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: Samsung Drive Manager Real-Time.lnk = ?
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (file missing)
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: http://www.bb.com.br
O15 - Trusted Zone: http://www.caixa.gov.br
O15 - Trusted Zone: http://www.infoseg.gov.br
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GBPCEF.CAB
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399015} (GbPluginObj Class) - https://www5.infoseg.gov.br/Install/GbPluginIsg.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7324DCB8-4A97-4053-966B-63E438E34A63}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (file missing)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (file missing)
O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll (file missing)
O20 - Winlogon Notify:  GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll (file missing)
O20 - Winlogon Notify:  GbPluginIsg - C:\PROGRA~2\GbPlugin\gbiehIsg.dll (file missing)
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files (x86)\Scpad\scpLIB.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Service (avgsvc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Desura Install Service - Desura Net Pty Ltd - C:\Program Files (x86)\Common Files\Desura\desura_service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: scpVista - Banco Bradesco S.A. - C:\Program Files (x86)\Scpad\scpVista.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
 
--
End of file - 15929 bytes
 


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:10 AM

Posted 23 December 2016 - 09:20 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===

Please post the logs for my review.

p.s.
HijackThis is no longer supported and not ready for your Operating system.
I suggest your remove via the Control panel > Programs > Programs and Features Applet.
Use the Farbar tool from now on to report problems.
<<<>>>

#3 jadesick

jadesick
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  

Posted 23 December 2016 - 09:07 PM

Hello nasdaq, thanks for replying my topic  :)

 

here is the log: 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-12-2016
Ran by User (administrator) on SERVIDOR (23-12-2016 23:07:16)
Running from C:\Users\User\Desktop\FRST64
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Banco Bradesco S.A.) C:\Program Files (x86)\Scpad\scpVista.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
() C:\Windows\SysWOW64\SYSSERVIDOR.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Clarus, Inc.) C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(IObit) C:\Program Files (x86)\IObit\Driver Booster\4.1.0\UninstMon\PubMonitor.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981600 2009-07-23] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [823840 2009-09-30] (Acer Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [847160 2015-02-13] (GAS Tecnologia LTDA)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES/MALWAREBYTES/ANTI-MALWARE\mbamtray.exe [2786768 2016-11-29] (Malwarebytes)
HKLM\...\Run: [Java7 Update] => C:\Windows\SysWOW64\SYSSERVIDOR.exe [98230272 2015-05-28] ()
HKLM\...\Run: [Java Scheduler 7] => C:\Windows\SysWOW64\Java8.exe
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-10] (Egis Technology Inc.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [320000 2009-04-09] (AlcorMicro Co., Ltd.)
HKLM-x32\...\Run: [EgisTecLiveUpdate] => C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [825864 2009-09-24] (Dritek System Inc.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [RemoteControl8] => "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] => "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ GbPluginBb-x32: C:\Program Files (x86)\GbPlugin\gbieh.dll [X]
Winlogon\Notify\ GbPluginCef-x32: C:\Program Files (x86)\GbPlugin\gbiehCef.dll [X]
Winlogon\Notify\ GbPluginIsg-x32: C:\PROGRA~2\GbPlugin\gbiehIsg.dll [X]
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\Run: [Google Update] => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-04] (Google Inc.)
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: D - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {1058c245-b56a-11e0-bffb-0024d60cc338} - E:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {19465a96-1831-11e0-aae3-f5ee29e0d8fe} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {19465a9a-1831-11e0-aae3-f5ee29e0d8fe} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {1a0c3164-4bfb-11e0-a0db-f110f8f1d0ff} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {2a90e08b-898b-11e0-90c5-f442b0510be0} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {2d3be28f-c7cb-11df-9058-00269eb3b517} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {30efdc17-cd6c-11df-970e-daebee4f83fd} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {3472172e-1b51-11e0-9a13-aedb2b5f99fe} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {4d09bbca-4000-11e0-a667-fdc36c3233fc} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {59983eeb-c8ce-11df-9969-00269eb3b517} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {59983ef0-c8ce-11df-9969-00269eb3b517} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {59983ef1-c8ce-11df-9969-00269eb3b517} - E:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {715c9946-b489-11e0-bf6a-0024d60cc338} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {715c9948-b489-11e0-bf6a-0024d60cc338} - E:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {715c99cd-b489-11e0-bf6a-00269eb3b517} - E:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {750419c5-4016-11e0-a673-a765483108fc} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {77855ccb-a57b-11e0-a72e-0c6076c93eb1} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {7f7a9628-7cf9-11e0-8a50-be3a0df01995} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {7f7a962b-7cf9-11e0-8a50-be3a0df01995} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {80cd3bb8-3473-11e0-98d9-c0f2388ef7fd} - E:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {80cd3bc9-3473-11e0-98d9-c0f2388ef7fd} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {80cd3bcb-3473-11e0-98d9-c0f2388ef7fd} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {8928058a-1870-11e0-aad1-817194553efe} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {8de94c6f-4e3c-11e0-a480-842d6cb8aae3} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {cbd04a56-28f5-11e2-9e21-00269eb3b517} - E:\digirec.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {df839a7b-32db-11e1-960b-0024d60cc338} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {e31c6ea2-185c-11e0-b3fd-84d4f784b0ff} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {e31c6ea6-185c-11e0-b3fd-84d4f784b0ff} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {e5365e15-185f-11e0-aae2-93f23d24edfe} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {e5365e18-185f-11e0-aae2-93f23d24edfe} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {ef6e5a95-4bd9-11e0-8a90-f841547746fc} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {f7a79a29-32f8-11e1-a2a5-0024d60cc338} - D:\AutoRun.exe
HKU\S-1-5-18\...\Run: [MP3 Skype Recorder] => C:\Program Files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe
SSODL-x32: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files (x86)\Scpad\scpLIB.dll (Banco Bradesco S.A.)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399015} - C:\PROGRA~2\GbPlugin\gbiehisg.dll -> No File
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll -> No File
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll [2009-09-10] (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll [2009-09-10] (Egis Technology Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk [2009-10-29]
ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Drive Manager Real-Time.lnk [2013-05-27]
ShortcutTarget: Samsung Drive Manager Real-Time.lnk -> C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe (Clarus, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [S-1-5-21-2436930393-3190665335-3880980104-1000] => Proxy is enabled.
ProxyServer: [S-1-5-21-2436930393-3190665335-3880980104-1000] => 127.0.0.1:61141
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{568FF4A1-F484-40B0-A3C1-F8B18893B896}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{6E24CF78-6E71-49FE-8976-3139FDF51AA9}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{7324DCB8-4A97-4053-966B-63E438E34A63}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{7324DCB8-4A97-4053-966B-63E438E34A63}: [DhcpNameServer] 8.8.8.8 8.8.4.4
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://br.msn.com/
SearchScopes: HKLM -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2436930393-3190665335-3880980104-1000 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-12-07] (Sun Microsystems, Inc.)
BHO-x32: ssh2 Class -> {2E3C3651-B19C-4DD9-A979-901EC3E930AF} -> C:\Program Files (x86)\Scpad\scpsssh2.dll [2013-02-25] (Banco Bradesco S.A.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO-x32: QUICKfind BHO Object -> {C08DF07A-3E49-4E25-9AB0-D3882835F153} -> C:\Program Files (x86)\IDM\QUICKfind\PlugIns\IEHelp.dll [2007-02-16] (IDM)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\Program Files (x86)\GbPlugin\gbieh.dll => No File
BHO-x32: No Name -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> No File
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540015} -> C:\PROGRA~2\GbPlugin\gbiehisg.dll => No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation)
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {E37CB5F0-51F5-4395-A808-5FA49E399003} hxxps://imagem.caixa.gov.br/cab/GBPCEF.CAB
DPF: HKLM-x32 {E37CB5F0-51F5-4395-A808-5FA49E399015} hxxps://www5.infoseg.gov.br/Install/GbPluginIsg.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll No File
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll No File
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: (RealDownloader) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-27] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-15] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-12-07] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-15] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2013-09-27] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2013-09-27] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2436930393-3190665335-3880980104-1000: @tools.google.com/Google Update;version=3 -> C:\Users\User\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-2436930393-3190665335-3880980104-1000: @tools.google.com/Google Update;version=9 -> C:\Users\User\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-2436930393-3190665335-3880980104-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-10-27] (Unity Technologies ApS)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR DefaultSearchURL: Default -> hxxp://www.google.com/search?q={searchTerms}
CHR DefaultSearchKeyword: Default -> google
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2016-12-23]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-17]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-17]
CHR HKLM\...\Chrome\Extension: [kofkpgiaknijknhajbhnghkodiccblkg] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kofkpgiaknijknhajbhnghkodiccblkg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kofkpgiaknijknhajbhnghkodiccblkg] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.PLFZF6AYM3UAO7LKYCXXLZEXAY - C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-11-29] (Malwarebytes)
S2 MCSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 MCSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [253952 2009-07-10] (Acer Incorporated) [File not signed]
R2 scpVista; C:\Program Files (x86)\Scpad\scpVista.exe [360640 2013-02-24] (Banco Bradesco S.A.) [File not signed]
S2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [847160 2015-02-13] (GAS Tecnologia LTDA)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-08-14] (AVG Technologies)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-06-08] (DT Soft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77408 2016-11-29] ()
R1 EterlogicVirtualSerialDriver; C:\Windows\system32\drivers\VSPE.sys [40928 2013-04-17] ()
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-12-18] (REALiX™)
S3 int15.sys; C:\Windows\System32\OEM\Factory\int15.sys [17952 2008-03-28] (Acer, Inc.)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2016-12-09] (Malwarebytes)
R2 npf; C:\Windows\System32\drivers\npf.sys [47632 2010-01-26] (CACE Technologies, Inc.)
S3 ssudobex; C:\Windows\System32\DRIVERS\ssudobex.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [117768 2015-11-10] (Oracle Corporation)
U0 aswVmm; no ImagePath
S2 ATE_PROCMON; \??\C:\Program Files (x86)\Anti Trojan Elite\ATEPMon.sys [X]
S1 Bfilter; \??\C:\Windows\System32\drivers\Bfilter.sys [X]
S1 Bfmon; \??\C:\Windows\System32\drivers\Bfmon.sys [X]
S1 Bndef; \??\C:\Windows\System32\drivers\bndef64.sys [X]
S1 Bprotect; \??\C:\Windows\System32\drivers\Bprotect.sys [X]
S3 catchme; \??\C:\Windows\TEMP\catchme.sys [X]
U4 ElRawDisk; 0 [X]
S3 Warsaw_PP; \??\C:\PROGRA~2\GbPlugin\wsftprp64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-12-23 22:57 - 2016-12-23 23:07 - 00000000 ____D C:\Users\User\Desktop\FRST64
2016-12-23 22:56 - 2016-12-23 22:56 - 02420736 _____ (Farbar) C:\Users\User\Downloads\FRST64 (1).exe
2016-12-23 22:55 - 2016-12-23 22:55 - 02420736 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2016-12-22 18:19 - 2016-12-22 18:19 - 00015931 _____ C:\Users\User\Desktop\LOGBC
2016-12-22 18:12 - 2016-12-22 18:37 - 00076308 _____ C:\Users\User\Downloads\Addition.txt
2016-12-22 18:00 - 2016-12-22 18:37 - 00065329 _____ C:\Users\User\Downloads\FRST.txt
2016-12-22 17:58 - 2016-12-23 22:58 - 00000000 ____D C:\FRST
2016-12-22 17:57 - 2016-12-22 17:58 - 02420736 _____ (Farbar) C:\Users\User\Downloads\h.exe
2016-12-22 14:37 - 2016-12-22 14:38 - 01304400 _____ C:\Users\User\Downloads\Autoruns.zip
2016-12-20 13:18 - 2016-12-20 13:18 - 00000000 ____D C:\Users\User\AppData\Roaming\Red Giant
2016-12-20 12:03 - 2016-12-20 12:04 - 80840225 _____ C:\Users\User\Downloads\VGA_Intel_8.15.10.1855_W7x64_A.zip
2016-12-20 12:03 - 2016-12-20 12:04 - 34386777 _____ C:\Users\User\Downloads\Wireless LAN_Intel_12.4.1.53_W7x64W7x86_A.zip
2016-12-20 12:02 - 2016-12-20 12:03 - 04669950 _____ C:\Users\User\Downloads\Lan_Acer_1.0.0.20_W7x64W7x86_A.zip
2016-12-20 12:01 - 2016-12-20 12:01 - 02249472 _____ (Acer Inc.) C:\Users\User\Downloads\HWVendorDetection.exe
2016-12-20 12:00 - 2016-12-20 12:00 - 08163862 _____ C:\Users\User\Downloads\Application_Acer_1.02.3502_W7x64W7x86_A.zip
2016-12-20 11:56 - 2016-12-23 22:37 - 00002884 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (User)
2016-12-20 11:56 - 2016-12-20 11:56 - 00003252 _____ C:\Windows\System32\Tasks\Driver Booster Scheduler
2016-12-20 11:56 - 2016-12-20 11:56 - 00000000 ____D C:\ProgramData\ProductData
2016-12-20 11:44 - 2016-12-20 11:44 - 03284464 _____ C:\Users\User\Downloads\Classic Arcade.soundpack
2016-12-20 01:35 - 2016-12-20 01:35 - 03871720 _____ C:\Users\User\Desktop\AvgInstallLog.cab
2016-12-20 01:24 - 2016-12-20 01:24 - 00000984 _____ C:\Users\Public\Desktop\AVG.lnk
2016-12-20 01:24 - 2016-12-20 01:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-12-20 01:22 - 2016-12-23 22:46 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2016-12-20 01:22 - 2016-12-20 20:54 - 00000000 ____D C:\Program Files (x86)\AVG
2016-12-20 01:20 - 2016-12-20 20:53 - 00000000 ____D C:\ProgramData\Avg
2016-12-20 01:20 - 2016-12-20 20:48 - 00000000 ____D C:\Users\User\AppData\Local\AvgSetupLog
2016-12-20 01:20 - 2016-12-20 01:20 - 03312896 _____ (AVG Technologies CZ, s.r.o.) C:\Users\User\Downloads\AVG_Protection_Free_698.exe
2016-12-20 01:20 - 2016-12-20 01:20 - 00000000 ____D C:\Users\User\AppData\Local\Avg
2016-12-19 23:30 - 2016-12-19 23:30 - 00000365 _____ C:\Users\User\AppData\LocalLow\wbkD66D.tmp
2016-12-19 22:22 - 2016-12-19 22:22 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-12-19 22:22 - 2016-12-19 22:22 - 00000000 ____D C:\Program Files\Common Files\AV
2016-12-19 22:19 - 2016-12-20 08:09 - 00000000 ____D C:\ProgramData\AVAST Software
2016-12-19 22:19 - 2016-12-19 22:19 - 06334848 _____ (AVAST Software) C:\Users\User\Downloads\avast_free_antivirus_setup_online.exe
2016-12-19 22:15 - 2016-12-19 22:18 - 87110520 _____ (AhnLab, Inc.) C:\Users\User\Downloads\AhnLab V3 Internet Security 8.0.exe
2016-12-19 19:44 - 2016-12-19 19:44 - 00000000 _____ C:\autoexec.bat
2016-12-19 19:43 - 2016-12-22 22:24 - 00000000 ____D C:\Users\User\AppData\Roaming\Enigma Software Group
2016-12-19 19:43 - 2016-12-19 19:43 - 00000000 ____D C:\sh4ldr
2016-12-19 19:42 - 2016-12-22 22:24 - 00000000 ____D C:\Program Files\Enigma Software Group
2016-12-19 18:07 - 2016-12-19 18:07 - 00002660 _____ C:\Users\User\Desktop\JRT.txt
2016-12-18 15:03 - 2016-12-18 15:13 - 00003360 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2436930393-3190665335-3880980104-1000
2016-12-18 14:24 - 2016-12-18 14:24 - 00000000 ____D C:\Windows\IObit
2016-12-18 14:22 - 2016-12-18 14:28 - 00000000 ____D C:\Users\User\AppData\LocalLow\IObit
2016-12-18 14:22 - 2016-12-18 14:25 - 00000000 ____D C:\ProgramData\IObit
2016-12-18 14:21 - 2016-12-18 14:55 - 00002242 _____ C:\Users\Public\Desktop\Driver Booster 4.lnk
2016-12-18 14:21 - 2016-12-18 14:21 - 00027552 _____ (REALiX™) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
2016-12-18 14:21 - 2016-12-18 14:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 4
2016-12-18 14:11 - 2016-12-18 14:12 - 17156848 _____ (IObit ) C:\Users\User\Downloads\driver_booster_setup.exe
2016-12-18 13:17 - 2016-12-18 13:19 - 01076800 _____ (Slimware Utilities Holdings, Inc.) C:\Users\User\Downloads\SlimDrivers-setup (1).exe
2016-12-18 11:46 - 2016-12-18 11:47 - 51969976 _____ (Malwarebytes ) C:\Users\User\Downloads\mb3-setup-consumer-3.0.4.1269 (2).exe
2016-12-18 11:41 - 2016-12-18 11:41 - 00566128 _____ (Malwarebytes) C:\Users\User\Downloads\mbam-clean-2.3.0.1001 (1).exe
2016-12-18 11:33 - 2016-12-18 11:34 - 51969976 _____ (Malwarebytes ) C:\Users\User\Downloads\mb3-setup-consumer-3.0.4.1269 (1).exe
2016-12-18 11:24 - 2016-12-18 11:24 - 01076800 _____ (Slimware Utilities Holdings, Inc.) C:\Users\User\Downloads\SlimDrivers-setup.exe
2016-12-18 11:07 - 2016-12-18 11:07 - 00566128 _____ (Malwarebytes) C:\Users\User\Downloads\mbam-clean-2.3.0.1001.exe
2016-12-18 10:12 - 2016-12-19 23:29 - 00000000 ____D C:\Users\User\Desktop\PROGRAMAS DESKTOP
2016-12-18 10:08 - 2016-12-18 10:14 - 00000000 ____D C:\Users\User\Desktop\documentos desktop
2016-12-18 10:06 - 2016-12-18 10:12 - 00000000 ____D C:\Users\User\Desktop\fotos desktop
2016-12-18 09:34 - 2016-12-20 08:15 - 00003338 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2436930393-3190665335-3880980104-1000
2016-12-18 09:34 - 2016-12-20 08:15 - 00003202 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2436930393-3190665335-3880980104-1000
2016-12-18 00:48 - 2016-12-18 00:48 - 00000000 ____D C:\Users\User\AppData\Local\Zemana
2016-12-18 00:46 - 2016-12-18 00:47 - 05453544 _____ ( ) C:\Users\User\Downloads\Zemana.AntiMalware.Setup.exe
2016-12-18 00:24 - 2016-12-18 00:25 - 01663040 _____ (Malwarebytes) C:\Users\User\Downloads\JRT.exe
2016-12-11 01:53 - 2016-12-11 01:53 - 00001613 _____ C:\Users\Public\Desktop\League of Legends.lnk
2016-12-11 01:53 - 2016-12-11 01:53 - 00000000 ____D C:\Riot Games
2016-12-11 01:53 - 2016-12-11 01:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2016-12-11 01:51 - 2016-12-11 01:54 - 00000000 ____D C:\Users\User\AppData\Roaming\Riot Games
2016-12-11 01:49 - 2016-12-11 01:50 - 28120008 _____ (Riot Games) C:\Users\User\Downloads\LeagueofLegends_BR_Installer_2016_05_13 (1).exe
2016-12-10 23:52 - 2016-12-10 23:53 - 28120008 _____ (Riot Games) C:\Users\User\Downloads\LeagueofLegends_BR_Installer_2016_05_13.exe
2016-12-10 14:56 - 2016-12-10 14:56 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-12-09 15:31 - 2016-12-09 19:53 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2016-12-09 15:31 - 2016-12-09 19:53 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2016-12-09 15:31 - 2016-12-09 15:31 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2016-12-09 15:30 - 2016-12-18 11:49 - 00001871 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2016-12-09 15:30 - 2016-12-18 11:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2016-12-09 15:30 - 2016-12-09 19:53 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-09 15:30 - 2016-12-09 19:53 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-12-09 15:30 - 2016-12-09 15:30 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-09 15:30 - 2016-12-09 15:30 - 00000000 ____D C:\Program Files\Malwarebytes
2016-12-09 15:30 - 2016-11-29 06:27 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys
2016-12-09 15:29 - 2016-12-09 15:29 - 51969976 _____ (Malwarebytes ) C:\Users\User\Downloads\mb3-setup-consumer-3.0.4.1269.exe
2016-12-08 21:02 - 2016-12-08 21:02 - 03968464 _____ C:\Users\User\Downloads\adwcleaner_6.040.exe
2016-12-03 15:09 - 2016-12-05 10:33 - 00000000 ____D C:\Users\User\AppData\LocalLow\BitTorrent
2016-11-29 12:53 - 2016-11-29 12:53 - 00000000 __SHD C:\found.008
2016-11-28 14:19 - 2016-11-28 14:19 - 00003126 _____ C:\Windows\System32\Tasks\{DA2D9967-4D93-4AB5-AC38-B29C937E9C29}
2016-11-28 12:29 - 2016-12-18 15:13 - 00003224 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2436930393-3190665335-3880980104-1000
2016-11-27 15:50 - 2016-11-27 15:51 - 26205639 _____ C:\Users\User\Downloads\sas-digital-desktop.zip
2016-11-27 15:50 - 2016-11-27 15:50 - 03135238 _____ C:\Users\User\Downloads\sas_digital_manual.pdf
2016-11-25 19:44 - 2016-11-25 19:44 - 00277488 _____ C:\Windows\Minidump\112516_d0619a8c-7621-46ae-b370-c7c0aa2a7325.dmp
2016-11-24 16:08 - 2016-11-24 16:08 - 00000000 _____ C:\Users\Public\Documents\report.dat
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-12-23 23:02 - 2016-07-08 20:31 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-12-23 23:02 - 2009-10-29 00:05 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-12-23 22:47 - 2009-07-14 01:45 - 00018736 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-23 22:47 - 2009-07-14 01:45 - 00018736 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-23 22:45 - 2012-05-25 18:36 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-23 22:34 - 2015-05-28 21:23 - 01690096 _____ (GlavSoft LLC.) C:\Windows\SysWOW64\crov.exe
2016-12-23 22:34 - 2015-05-28 21:23 - 00055632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\makecert.exe
2016-12-23 22:34 - 2015-05-28 21:23 - 00000002 _____ C:\Windows\SysWOW64\SERVIDORX.xml
2016-12-23 22:31 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-21 14:09 - 2012-01-17 15:21 - 00000000 ____D C:\ProgramData\MFAData
2016-12-20 11:10 - 2014-12-15 20:57 - 00000000 ____D C:\Windows\system32\appraiser
2016-12-20 10:52 - 2011-06-01 20:20 - 00000000 ____D C:\Windows\pss
2016-12-20 01:07 - 2010-11-20 09:25 - 00804006 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-12-20 01:07 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2016-12-20 00:44 - 2016-07-01 19:42 - 01703044 _____ C:\Windows\ntbtlog.txt
2016-12-19 23:28 - 2010-09-23 10:43 - 00000000 ____D C:\Users\User\Downloads\Ib6
2016-12-19 23:17 - 2014-09-27 22:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-19 23:02 - 2011-04-24 20:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VDownloader
2016-12-19 18:45 - 2016-09-30 22:58 - 00000000 _____ C:\Users\Public\Documents\temp.dat
2016-12-19 18:16 - 2013-09-24 16:54 - 00000000 ____D C:\AdwCleaner
2016-12-19 12:13 - 2015-08-01 22:48 - 00000000 _____ C:\AILog.txt
2016-12-18 15:09 - 2012-06-14 16:31 - 00000000 ____D C:\Users\User\AppData\Roaming\IObit
2016-12-18 14:20 - 2012-06-14 16:31 - 00000000 ____D C:\Program Files (x86)\IObit
2016-12-18 10:45 - 2014-01-19 00:58 - 00000000 ____D C:\Users\User\AppData\Local\CrashDumps
2016-12-18 10:22 - 2016-10-01 11:16 - 00000000 ____D C:\Users\User\AppData\Local\aridesa
2016-12-17 23:38 - 2009-07-14 02:13 - 00786420 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-16 18:17 - 2014-02-06 16:46 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-16 18:17 - 2014-02-06 16:46 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-16 18:17 - 2010-09-22 21:30 - 00003676 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2436930393-3190665335-3880980104-1000UA
2016-12-16 18:17 - 2010-09-22 21:30 - 00003404 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2436930393-3190665335-3880980104-1000Core
2016-12-16 13:15 - 2016-01-07 00:07 - 00002327 _____ C:\Users\User\Desktop\Google Chrome.lnk
2016-12-16 13:15 - 2015-03-29 17:04 - 00002335 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-15 19:45 - 2016-07-08 20:31 - 00003884 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-12-15 19:45 - 2012-05-25 18:36 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-12-15 19:45 - 2012-05-25 18:36 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-12-15 19:45 - 2011-11-28 23:41 - 00000000 ____D C:\Windows\system32\Macromed
2016-12-15 19:45 - 2011-06-02 14:58 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-11 11:35 - 2009-07-14 02:08 - 00032580 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-12-11 11:07 - 2010-09-17 18:38 - 00116576 _____ C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2016-12-11 11:06 - 2009-07-14 01:45 - 00449560 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-11 01:35 - 2013-02-02 22:21 - 00000000 ____D C:\Program Files (x86)\MP3 Skype Recorder
2016-12-11 01:34 - 2013-07-28 17:48 - 00000000 ____D C:\ProgramData\GAS Tecnologia
2016-12-11 01:33 - 2010-10-05 19:08 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EMS
2016-12-11 01:33 - 2010-10-05 19:08 - 00000000 ____D C:\Program Files (x86)\EMS
2016-12-11 01:32 - 2011-04-09 11:04 - 00000000 ____D C:\Program Files (x86)\VS2011
2016-12-11 01:27 - 2012-01-23 18:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL
2016-12-10 17:08 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\system32\NDF
2016-12-08 21:12 - 2015-03-10 22:43 - 00000000 ____D C:\ProgramData\Lavasoft
2016-12-08 21:11 - 2015-03-10 22:43 - 00000000 ____D C:\Users\User\AppData\Roaming\Lavasoft
2016-12-08 19:44 - 2010-09-27 15:25 - 00000000 ____D C:\Users\User\AppData\LocalLow\Scpad
2016-12-05 10:57 - 2015-12-12 22:25 - 00000000 ____D C:\Users\User\AppData\Roaming\BitTorrent
2016-12-04 00:31 - 2014-05-17 16:31 - 00000290 _____ C:\Users\User\AppData\Roaming\WB.CFG
2016-11-30 19:40 - 2010-12-16 20:13 - 00000000 ____D C:\Windows\Minidump
2016-11-28 14:22 - 2012-03-27 21:33 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2016-11-28 14:18 - 2012-03-27 21:32 - 00000000 ____D C:\ProgramData\Skype
2016-11-27 15:51 - 2016-10-01 11:16 - 00000000 ____D C:\Users\User\AppData\Local\SAS Digital
2016-11-27 15:51 - 2016-10-01 11:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAS Digital
2016-11-27 15:25 - 2013-02-14 10:24 - 00000000 ____D C:\Program Files (x86)\Google
2016-11-27 15:25 - 2009-10-28 23:48 - 00000000 ____D C:\Program Files\Google
2016-11-26 00:51 - 2011-08-12 22:57 - 00000000 ____D C:\Users\User\AppData\Roaming\Octoshape
2016-11-26 00:42 - 2010-09-22 19:38 - 00000000 ____D C:\Users\User\AppData\Local\Google
2016-11-26 00:42 - 2009-10-28 23:47 - 00000000 ____D C:\ProgramData\Google
2016-11-26 00:41 - 2012-11-15 14:29 - 00000000 ____D C:\Users\User\AppData\Roaming\DVDVideoSoft
2016-11-26 00:37 - 2009-10-28 23:00 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-11-25 22:47 - 2015-07-10 10:39 - 00000000 ___HD C:\$Windows.~BT
2016-11-25 19:44 - 2016-07-01 18:04 - 369130303 _____ C:\Windows\MEMORY.DMP
2016-11-23 10:52 - 2016-09-30 22:58 - 00000000 ____D C:\ProgramData\corss
 
==================== Files in the root of some directories =======
 
2011-10-02 22:08 - 2011-09-16 15:12 - 0143240 _____ (Ask.com) C:\Program Files (x86)\Common Files\ApnStub.exe
2011-04-24 20:28 - 2011-02-27 11:42 - 0571328 _____ (                                                            ) C:\Program Files (x86)\Common Files\AutoCompleteInstaller-VD.exe
2016-01-07 08:18 - 2016-01-07 08:18 - 0037607 _____ () C:\Program Files (x86)\Common Files\license.rtf
2016-01-07 08:18 - 2016-01-07 08:18 - 0008046 _____ () C:\Program Files (x86)\Common Files\setupBanner.jpg
2011-04-24 20:28 - 2010-01-26 10:11 - 0444283 _____ () C:\Program Files (x86)\Common Files\WinPcapNmap.exe
2012-12-25 21:45 - 2012-12-25 21:45 - 0000288 _____ () C:\Users\User\AppData\Roaming\.backup.dm
2011-03-12 08:35 - 2011-03-12 13:19 - 0002736 _____ () C:\Users\User\AppData\Roaming\41FC.F69
2012-05-10 14:58 - 2012-05-10 15:54 - 0013030 _____ () C:\Users\User\AppData\Roaming\PDOXUSRS.NET
2013-04-20 15:27 - 2014-02-20 22:36 - 0007168 _____ () C:\Users\User\AppData\Roaming\SQLiteManager3.pref
2014-05-17 16:31 - 2016-12-04 00:31 - 0000290 _____ () C:\Users\User\AppData\Roaming\WB.CFG
2011-08-30 19:44 - 2011-08-30 19:44 - 0000000 _____ () C:\Users\User\AppData\Roaming\wklnhst.dat
2011-11-02 15:28 - 2016-09-01 22:15 - 0005120 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-12-20 12:01 - 2016-12-20 12:05 - 0086955 _____ () C:\Users\User\AppData\Local\HWVendorDetection.log
2010-10-07 10:28 - 2011-11-09 16:18 - 0000600 _____ () C:\Users\User\AppData\Local\PUTTY.RND
2014-11-29 18:53 - 2015-09-18 10:24 - 0007606 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg
2014-06-04 21:45 - 2014-06-04 21:46 - 3921764 _____ () C:\Users\User\AppData\Local\SPJKS7.ACU
2014-11-15 22:11 - 2014-11-15 22:11 - 0000000 _____ () C:\Users\User\AppData\Local\{04E6ED3D-6F36-40E9-A712-6020C4CDBAF0}
2013-05-02 19:13 - 2013-05-02 19:13 - 0000000 _____ () C:\ProgramData\3b2c21222636363a_c
2011-04-24 20:28 - 2010-05-28 23:37 - 0015086 _____ () C:\ProgramData\Amazon.ico
2011-04-24 20:28 - 2011-03-03 15:50 - 0009662 _____ () C:\ProgramData\BeRuby.ico
2011-04-24 20:28 - 2010-07-20 13:53 - 0071926 _____ () C:\ProgramData\MercadoLivre.ico
 
Files to move or delete:
====================
C:\Users\User\ntuserdirect_IBManager.dat
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2015-07-16 20:24
 
==================== End of FRST.txt ============================
 
 
 

Attached Files



#4 jadesick

jadesick
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  

Posted 24 December 2016 - 12:44 PM

hi


Edited by jadesick, 24 December 2016 - 11:16 PM.


#5 jadesick

jadesick
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  

Posted 25 December 2016 - 09:08 AM

my computer failed to start and a lot of programs are now corrupted. HELP



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:10 AM

Posted 25 December 2016 - 10:48 AM


I hope you can execute these instructions.

Let me know if you are able to start the computer normally or in Safe mode.

Remove this progam via the Control Panel > Programs > Programs and Features.
SlimDrivers (HKLM-x32\...\{746AB259-6474-4111-8966-1C62F9A6E063}) (Version: 2.3.1 - SlimWare Utilities, Inc.)
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:
hosts:
RemoveProxy:

HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\ChromeHTML: -> "C:\Program Files (x86)\Gofat\Application\chrome.exe" "%1" <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-2436930393-3190665335-3880980104-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
CustomCLSID: HKU\S-1-5-21-2436930393-3190665335-3880980104-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0007}\InprocServer32 -> C:\Users\User\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2436930393-3190665335-3880980104-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0007}\InprocServer32 -> C:\Users\User\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2436930393-3190665335-3880980104-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2436930393-3190665335-3880980104-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2436930393-3190665335-3880980104-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2436930393-3190665335-3880980104-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2436930393-3190665335-3880980104-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2436930393-3190665335-3880980104-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2436930393-3190665335-3880980104-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2436930393-3190665335-3880980104-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2436930393-3190665335-3880980104-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2436930393-3190665335-3880980104-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2436930393-3190665335-3880980104-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2436930393-3190665335-3880980104-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2436930393-3190665335-3880980104-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2436930393-3190665335-3880980104-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
Task: {0B926CF0-CAA0-4CC2-8B11-BC04811A3242} - System32\Tasks\ByteFence Scan => C:\Program Files\ByteFence\ByteFence.exe <==== ATTENTION
Task: {30613E01-69B0-44C2-872B-7BD5E70226B8} - \YourFile DownloaderUpdate -> No File <==== ATTENTION
Task: {57362B3D-94E2-4A78-ADE0-D7B87651BC5D} - \AVG\PC Tuneup 2011\Integrator\Start On User Logon -> No File <==== ATTENTION
Task: {6D08008F-3D32-4115-80EC-01EEF2A8E21D} - \LaunchApp -> No File <==== ATTENTION
Task: {84353EAE-CB33-4355-859A-8FD8674B45DC} - \ByteFence -> No File <==== ATTENTION
Task: {AFD72B69-AC8F-45C8-9085-0C346BEA55F6} - System32\Tasks\{1367C017-B0C9-48F0-A244-BBADB80AD0C0} => pcalua.exe -a C:\Users\User\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=pcm <==== ATTENTION
Task: {D12AEBBA-7105-44DA-9752-05D8315DA799} - System32\Tasks\{2B6952DA-391C-4292-A05E-8452A7E76D96} => pcalua.exe -a C:\Users\User\Downloads\jre-6u25-windows-i586-iftw.exe -d C:\Users\User\Desktop
Task: {E526C4F7-D5AB-4610-8FFD-80F58B8D71E3} - \Funmoods Chat -> No File <==== ATTENTION
Task: {EF86332C-22B1-409E-BCF0-A626671F0CCB} - System32\Tasks\{DA2D9967-4D93-4AB5-AC38-B29C937E9C29} => Chrome.exe hxxps://ui.skype.com/ui/0/7.30.80.105/pt/go/help.faq.installer?LastError=1601
AlternateDataStreams: C:\Windows\System32:0AF43871_Bb.gbp [2]
AlternateDataStreams: C:\Windows\System32:0AF43871_Cef.gbp [2]
AlternateDataStreams: C:\Windows\System32:79EDFAE3_Bb.gbp [2]
AlternateDataStreams: C:\Windows\System32:79EDFAE3_Cef.gbp [2]
AlternateDataStreams: C:\Windows\System32:79EDFAE3_Isg.gbp [2]
AlternateDataStreams: C:\ProgramData\Temp:0B4227B4 [276]
AlternateDataStreams: C:\ProgramData\Temp:373E1720 [119]
AlternateDataStreams: C:\ProgramData\Temp:6DDED7D9 [288]
AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9 [138]
HKLM\...\Run: [Java7 Update] => C:\Windows\SysWOW64\SYSSERVIDOR.exe [98230272 2015-05-28] ()
HKLM\...\Run: [Java Scheduler 7] => C:\Windows\SysWOW64\Java8.exe
Winlogon\Notify\ GbPluginBb-x32: C:\Program Files (x86)\GbPlugin\gbieh.dll [X]
Winlogon\Notify\ GbPluginCef-x32: C:\Program Files (x86)\GbPlugin\gbiehCef.dll [X]
Winlogon\Notify\ GbPluginIsg-x32: C:\PROGRA~2\GbPlugin\gbiehIsg.dll [X]
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: D - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {1058c245-b56a-11e0-bffb-0024d60cc338} - E:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {19465a96-1831-11e0-aae3-f5ee29e0d8fe} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {19465a9a-1831-11e0-aae3-f5ee29e0d8fe} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {1a0c3164-4bfb-11e0-a0db-f110f8f1d0ff} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {2a90e08b-898b-11e0-90c5-f442b0510be0} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {2d3be28f-c7cb-11df-9058-00269eb3b517} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {30efdc17-cd6c-11df-970e-daebee4f83fd} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {3472172e-1b51-11e0-9a13-aedb2b5f99fe} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {4d09bbca-4000-11e0-a667-fdc36c3233fc} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {59983eeb-c8ce-11df-9969-00269eb3b517} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {59983ef0-c8ce-11df-9969-00269eb3b517} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {59983ef1-c8ce-11df-9969-00269eb3b517} - E:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {715c9946-b489-11e0-bf6a-0024d60cc338} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {715c9948-b489-11e0-bf6a-0024d60cc338} - E:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {750419c5-4016-11e0-a673-a765483108fc} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {77855ccb-a57b-11e0-a72e-0c6076c93eb1} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {7f7a9628-7cf9-11e0-8a50-be3a0df01995} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {7f7a962b-7cf9-11e0-8a50-be3a0df01995} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {80cd3bb8-3473-11e0-98d9-c0f2388ef7fd} - E:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {80cd3bc9-3473-11e0-98d9-c0f2388ef7fd} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {80cd3bcb-3473-11e0-98d9-c0f2388ef7fd} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {8928058a-1870-11e0-aad1-817194553efe} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {8de94c6f-4e3c-11e0-a480-842d6cb8aae3} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {cbd04a56-28f5-11e2-9e21-00269eb3b517} - E:\digirec.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {df839a7b-32db-11e1-960b-0024d60cc338} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {e31c6ea2-185c-11e0-b3fd-84d4f784b0ff} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {e31c6ea6-185c-11e0-b3fd-84d4f784b0ff} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {e5365e15-185f-11e0-aae2-93f23d24edfe} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {e5365e18-185f-11e0-aae2-93f23d24edfe} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {ef6e5a95-4bd9-11e0-8a90-f841547746fc} - D:\AutoRun.exe
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399015} - C:\PROGRA~2\GbPlugin\gbiehisg.dll -> No File
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll -> No File
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
ProxyEnable: [S-1-5-21-2436930393-3190665335-3880980104-1000] => Proxy is enabled.
ProxyServer: [S-1-5-21-2436930393-3190665335-3880980104-1000] => 127.0.0.1:61141
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\Program Files (x86)\GbPlugin\gbieh.dll => No File
BHO-x32: No Name -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> No File
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540015} -> C:\PROGRA~2\GbPlugin\gbiehisg.dll => No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll No File
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-17]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-17]
CHR HKLM\...\Chrome\Extension: [kofkpgiaknijknhajbhnghkodiccblkg] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kofkpgiaknijknhajbhnghkodiccblkg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kofkpgiaknijknhajbhnghkodiccblkg] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.PLFZF6AYM3UAO7LKYCXXLZEXAY - C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
U0 aswVmm; no ImagePath
S2 ATE_PROCMON; \??\C:\Program Files (x86)\Anti Trojan Elite\ATEPMon.sys [X]
S1 Bfilter; \??\C:\Windows\System32\drivers\Bfilter.sys [X]
S1 Bfmon; \??\C:\Windows\System32\drivers\Bfmon.sys [X]
S1 Bndef; \??\C:\Windows\System32\drivers\bndef64.sys [X]
S1 Bprotect; \??\C:\Windows\System32\drivers\Bprotect.sys [X]
S3 catchme; \??\C:\Windows\TEMP\catchme.sys [X]
U4 ElRawDisk; 0 [X]
S3 Warsaw_PP; \??\C:\PROGRA~2\GbPlugin\wsftprp64.sys [X]
C:\Windows\SysWOW64\SYSSERVIDOR.exe
C:\Windows\SysWOW64\Java8.exe
C:\Program Files (x86)\Gofat\Application\chrome.exe
C:\Users\User\AppData\Roaming\webssearches

Reboot:


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.
===

When all is well you will need to update these programs and remove the old ones via the Control Panel > Programs > Programs and Features.
I will give you more information in due course.

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java™ 6 Update 27 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416027FF}) (Version: 6.0.270 - Oracle)
Java™ 6 Update 30 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216014FF}) (Version: 6.0.300 - Sun Microsystems, Inc.)

The tool will create a log (Fixlog.txt) please post it to your reply.
===

#7 jadesick

jadesick
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  

Posted 25 December 2016 - 06:18 PM

Sorry for replying late ,  I had to go out.

 

Thanks for replying!

 

My computer repaired itself(window's programs) and it could initialize.

 

Here's the log:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016
Ran by User (25-12-2016 13:15:36) Run:1
Running from C:\Users\User\Desktop\FRST64
Loaded Profiles: User (Available Profiles: User)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
hosts:
RemoveProxy:
 
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\ChromeHTML: -> "C:\Program Files (x86)\Gofat\Application\chrome.exe" "%1" <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-2436930393-3190665335-3880980104-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
CustomCLSID: HKU\S-1-5-21-2436930393-3190665335-3880980104-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0007}\InprocServer32 -> C:\Users\User\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2436930393-3190665335-3880980104-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0007}\InprocServer32 -> C:\Users\User\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2436930393-3190665335-3880980104-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2436930393-3190665335-3880980104-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2436930393-3190665335-3880980104-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2436930393-3190665335-3880980104-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2436930393-3190665335-3880980104-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2436930393-3190665335-3880980104-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2436930393-3190665335-3880980104-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2436930393-3190665335-3880980104-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2436930393-3190665335-3880980104-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2436930393-3190665335-3880980104-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2436930393-3190665335-3880980104-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2436930393-3190665335-3880980104-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2436930393-3190665335-3880980104-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2436930393-3190665335-3880980104-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
Task: {0B926CF0-CAA0-4CC2-8B11-BC04811A3242} - System32\Tasks\ByteFence Scan => C:\Program Files\ByteFence\ByteFence.exe <==== ATTENTION
Task: {30613E01-69B0-44C2-872B-7BD5E70226B8} - \YourFile DownloaderUpdate -> No File <==== ATTENTION
Task: {57362B3D-94E2-4A78-ADE0-D7B87651BC5D} - \AVG\PC Tuneup 2011\Integrator\Start On User Logon -> No File <==== ATTENTION
Task: {6D08008F-3D32-4115-80EC-01EEF2A8E21D} - \LaunchApp -> No File <==== ATTENTION
Task: {84353EAE-CB33-4355-859A-8FD8674B45DC} - \ByteFence -> No File <==== ATTENTION
Task: {AFD72B69-AC8F-45C8-9085-0C346BEA55F6} - System32\Tasks\{1367C017-B0C9-48F0-A244-BBADB80AD0C0} => pcalua.exe -a C:\Users\User\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=pcm <==== ATTENTION
Task: {D12AEBBA-7105-44DA-9752-05D8315DA799} - System32\Tasks\{2B6952DA-391C-4292-A05E-8452A7E76D96} => pcalua.exe -a C:\Users\User\Downloads\jre-6u25-windows-i586-iftw.exe -d C:\Users\User\Desktop
Task: {E526C4F7-D5AB-4610-8FFD-80F58B8D71E3} - \Funmoods Chat -> No File <==== ATTENTION
Task: {EF86332C-22B1-409E-BCF0-A626671F0CCB} - System32\Tasks\{DA2D9967-4D93-4AB5-AC38-B29C937E9C29} => Chrome.exe hxxps://ui.skype.com/ui/0/7.30.80.105/pt/go/help.faq.installer?LastError=1601
AlternateDataStreams: C:\Windows\System32:0AF43871_Bb.gbp [2]
AlternateDataStreams: C:\Windows\System32:0AF43871_Cef.gbp [2]
AlternateDataStreams: C:\Windows\System32:79EDFAE3_Bb.gbp [2]
AlternateDataStreams: C:\Windows\System32:79EDFAE3_Cef.gbp [2]
AlternateDataStreams: C:\Windows\System32:79EDFAE3_Isg.gbp [2]
AlternateDataStreams: C:\ProgramData\Temp:0B4227B4 [276]
AlternateDataStreams: C:\ProgramData\Temp:373E1720 [119]
AlternateDataStreams: C:\ProgramData\Temp:6DDED7D9 [288]
AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9 [138]
HKLM\...\Run: [Java7 Update] => C:\Windows\SysWOW64\SYSSERVIDOR.exe [98230272 2015-05-28] ()
HKLM\...\Run: [Java Scheduler 7] => C:\Windows\SysWOW64\Java8.exe
Winlogon\Notify\ GbPluginBb-x32: C:\Program Files (x86)\GbPlugin\gbieh.dll [X]
Winlogon\Notify\ GbPluginCef-x32: C:\Program Files (x86)\GbPlugin\gbiehCef.dll [X]
Winlogon\Notify\ GbPluginIsg-x32: C:\PROGRA~2\GbPlugin\gbiehIsg.dll [X]
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: D - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {1058c245-b56a-11e0-bffb-0024d60cc338} - E:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {19465a96-1831-11e0-aae3-f5ee29e0d8fe} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {19465a9a-1831-11e0-aae3-f5ee29e0d8fe} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {1a0c3164-4bfb-11e0-a0db-f110f8f1d0ff} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {2a90e08b-898b-11e0-90c5-f442b0510be0} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {2d3be28f-c7cb-11df-9058-00269eb3b517} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {30efdc17-cd6c-11df-970e-daebee4f83fd} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {3472172e-1b51-11e0-9a13-aedb2b5f99fe} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {4d09bbca-4000-11e0-a667-fdc36c3233fc} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {59983eeb-c8ce-11df-9969-00269eb3b517} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {59983ef0-c8ce-11df-9969-00269eb3b517} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {59983ef1-c8ce-11df-9969-00269eb3b517} - E:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {715c9946-b489-11e0-bf6a-0024d60cc338} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {715c9948-b489-11e0-bf6a-0024d60cc338} - E:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {750419c5-4016-11e0-a673-a765483108fc} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {77855ccb-a57b-11e0-a72e-0c6076c93eb1} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {7f7a9628-7cf9-11e0-8a50-be3a0df01995} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {7f7a962b-7cf9-11e0-8a50-be3a0df01995} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {80cd3bb8-3473-11e0-98d9-c0f2388ef7fd} - E:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {80cd3bc9-3473-11e0-98d9-c0f2388ef7fd} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {80cd3bcb-3473-11e0-98d9-c0f2388ef7fd} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {8928058a-1870-11e0-aad1-817194553efe} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {8de94c6f-4e3c-11e0-a480-842d6cb8aae3} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {cbd04a56-28f5-11e2-9e21-00269eb3b517} - E:\digirec.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {df839a7b-32db-11e1-960b-0024d60cc338} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {e31c6ea2-185c-11e0-b3fd-84d4f784b0ff} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {e31c6ea6-185c-11e0-b3fd-84d4f784b0ff} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {e5365e15-185f-11e0-aae2-93f23d24edfe} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {e5365e18-185f-11e0-aae2-93f23d24edfe} - D:\AutoRun.exe
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\...\MountPoints2: {ef6e5a95-4bd9-11e0-8a90-f841547746fc} - D:\AutoRun.exe
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399015} - C:\PROGRA~2\GbPlugin\gbiehisg.dll -> No File
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll -> No File
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
ProxyEnable: [S-1-5-21-2436930393-3190665335-3880980104-1000] => Proxy is enabled.
ProxyServer: [S-1-5-21-2436930393-3190665335-3880980104-1000] => 127.0.0.1:61141
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\Program Files (x86)\GbPlugin\gbieh.dll => No File
BHO-x32: No Name -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> No File
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540015} -> C:\PROGRA~2\GbPlugin\gbiehisg.dll => No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll No File
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-17]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-17]
CHR HKLM\...\Chrome\Extension: [kofkpgiaknijknhajbhnghkodiccblkg] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kofkpgiaknijknhajbhnghkodiccblkg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kofkpgiaknijknhajbhnghkodiccblkg] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.PLFZF6AYM3UAO7LKYCXXLZEXAY - C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
U0 aswVmm; no ImagePath
S2 ATE_PROCMON; \??\C:\Program Files (x86)\Anti Trojan Elite\ATEPMon.sys [X]
S1 Bfilter; \??\C:\Windows\System32\drivers\Bfilter.sys [X]
S1 Bfmon; \??\C:\Windows\System32\drivers\Bfmon.sys [X]
S1 Bndef; \??\C:\Windows\System32\drivers\bndef64.sys [X]
S1 Bprotect; \??\C:\Windows\System32\drivers\Bprotect.sys [X]
S3 catchme; \??\C:\Windows\TEMP\catchme.sys [X]
U4 ElRawDisk; 0 [X]
S3 Warsaw_PP; \??\C:\PROGRA~2\GbPlugin\wsftprp64.sys [X]
C:\Windows\SysWOW64\SYSSERVIDOR.exe
C:\Windows\SysWOW64\Java8.exe
C:\Program Files (x86)\Gofat\Application\chrome.exe
C:\Users\User\AppData\Roaming\webssearches
 
Reboot:
 
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
Hosts restored successfully.
 
========= RemoveProxy: =========
 
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
"HKU\S-1-5-21-2436930393-3190665335-3880980104-1000_Classes\ChromeHTML" => key removed successfully
"HKU\S-1-5-21-2436930393-3190665335-3880980104-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}" => key removed successfully
"HKU\S-1-5-21-2436930393-3190665335-3880980104-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0007}" => key removed successfully
"HKU\S-1-5-21-2436930393-3190665335-3880980104-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0007}" => key removed successfully
"HKU\S-1-5-21-2436930393-3190665335-3880980104-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => key removed successfully
"HKU\S-1-5-21-2436930393-3190665335-3880980104-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully
"HKU\S-1-5-21-2436930393-3190665335-3880980104-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => key removed successfully
"HKU\S-1-5-21-2436930393-3190665335-3880980104-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}" => key removed successfully
"HKU\S-1-5-21-2436930393-3190665335-3880980104-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}" => key removed successfully
"HKU\S-1-5-21-2436930393-3190665335-3880980104-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully
"HKU\S-1-5-21-2436930393-3190665335-3880980104-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully
"HKU\S-1-5-21-2436930393-3190665335-3880980104-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}" => key removed successfully
"HKU\S-1-5-21-2436930393-3190665335-3880980104-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully
"HKU\S-1-5-21-2436930393-3190665335-3880980104-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
"HKU\S-1-5-21-2436930393-3190665335-3880980104-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}" => key removed successfully
"HKU\S-1-5-21-2436930393-3190665335-3880980104-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully
"HKU\S-1-5-21-2436930393-3190665335-3880980104-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully
"HKU\S-1-5-21-2436930393-3190665335-3880980104-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0B926CF0-CAA0-4CC2-8B11-BC04811A3242}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B926CF0-CAA0-4CC2-8B11-BC04811A3242}" => key removed successfully
C:\Windows\System32\Tasks\ByteFence Scan => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ByteFence Scan" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{30613E01-69B0-44C2-872B-7BD5E70226B8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{30613E01-69B0-44C2-872B-7BD5E70226B8}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YourFile DownloaderUpdate => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{57362B3D-94E2-4A78-ADE0-D7B87651BC5D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{57362B3D-94E2-4A78-ADE0-D7B87651BC5D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG\PC Tuneup 2011\Integrator\Start On User Logon" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6D08008F-3D32-4115-80EC-01EEF2A8E21D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D08008F-3D32-4115-80EC-01EEF2A8E21D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchApp" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{84353EAE-CB33-4355-859A-8FD8674B45DC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84353EAE-CB33-4355-859A-8FD8674B45DC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ByteFence" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AFD72B69-AC8F-45C8-9085-0C346BEA55F6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AFD72B69-AC8F-45C8-9085-0C346BEA55F6}" => key removed successfully
C:\Windows\System32\Tasks\{1367C017-B0C9-48F0-A244-BBADB80AD0C0} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1367C017-B0C9-48F0-A244-BBADB80AD0C0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D12AEBBA-7105-44DA-9752-05D8315DA799}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D12AEBBA-7105-44DA-9752-05D8315DA799}" => key removed successfully
C:\Windows\System32\Tasks\{2B6952DA-391C-4292-A05E-8452A7E76D96} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2B6952DA-391C-4292-A05E-8452A7E76D96}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E526C4F7-D5AB-4610-8FFD-80F58B8D71E3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E526C4F7-D5AB-4610-8FFD-80F58B8D71E3}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Funmoods Chat => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EF86332C-22B1-409E-BCF0-A626671F0CCB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF86332C-22B1-409E-BCF0-A626671F0CCB}" => key removed successfully
C:\Windows\System32\Tasks\{DA2D9967-4D93-4AB5-AC38-B29C937E9C29} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DA2D9967-4D93-4AB5-AC38-B29C937E9C29}" => key removed successfully
C:\Windows\System32 => ":0AF43871_Bb.gbp" ADS removed successfully.
C:\Windows\System32 => ":0AF43871_Cef.gbp" ADS removed successfully.
C:\Windows\System32 => ":79EDFAE3_Bb.gbp" ADS removed successfully.
C:\Windows\System32 => ":79EDFAE3_Cef.gbp" ADS removed successfully.
C:\Windows\System32 => ":79EDFAE3_Isg.gbp" ADS removed successfully.
C:\ProgramData\Temp => ":0B4227B4" ADS removed successfully.
C:\ProgramData\Temp => ":373E1720" ADS removed successfully.
C:\ProgramData\Temp => ":6DDED7D9" ADS removed successfully.
C:\ProgramData\Temp => ":CB0AACC9" ADS removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Java7 Update => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Java Scheduler 7 => value removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb" => key removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginCef" => key removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginIsg" => key removed successfully
"HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D" => key removed successfully
"HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1058c245-b56a-11e0-bffb-0024d60cc338}" => key removed successfully
HKCR\CLSID\{1058c245-b56a-11e0-bffb-0024d60cc338} => key not found. 
"HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19465a96-1831-11e0-aae3-f5ee29e0d8fe}" => key removed successfully
HKCR\CLSID\{19465a96-1831-11e0-aae3-f5ee29e0d8fe} => key not found. 
"HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19465a9a-1831-11e0-aae3-f5ee29e0d8fe}" => key removed successfully
HKCR\CLSID\{19465a9a-1831-11e0-aae3-f5ee29e0d8fe} => key not found. 
"HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1a0c3164-4bfb-11e0-a0db-f110f8f1d0ff}" => key removed successfully
HKCR\CLSID\{1a0c3164-4bfb-11e0-a0db-f110f8f1d0ff} => key not found. 
"HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a90e08b-898b-11e0-90c5-f442b0510be0}" => key removed successfully
HKCR\CLSID\{2a90e08b-898b-11e0-90c5-f442b0510be0} => key not found. 
"HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d3be28f-c7cb-11df-9058-00269eb3b517}" => key removed successfully
HKCR\CLSID\{2d3be28f-c7cb-11df-9058-00269eb3b517} => key not found. 
"HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{30efdc17-cd6c-11df-970e-daebee4f83fd}" => key removed successfully
HKCR\CLSID\{30efdc17-cd6c-11df-970e-daebee4f83fd} => key not found. 
"HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3472172e-1b51-11e0-9a13-aedb2b5f99fe}" => key removed successfully
HKCR\CLSID\{3472172e-1b51-11e0-9a13-aedb2b5f99fe} => key not found. 
"HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d09bbca-4000-11e0-a667-fdc36c3233fc}" => key removed successfully
HKCR\CLSID\{4d09bbca-4000-11e0-a667-fdc36c3233fc} => key not found. 
"HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59983eeb-c8ce-11df-9969-00269eb3b517}" => key removed successfully
HKCR\CLSID\{59983eeb-c8ce-11df-9969-00269eb3b517} => key not found. 
"HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59983ef0-c8ce-11df-9969-00269eb3b517}" => key removed successfully
HKCR\CLSID\{59983ef0-c8ce-11df-9969-00269eb3b517} => key not found. 
"HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59983ef1-c8ce-11df-9969-00269eb3b517}" => key removed successfully
HKCR\CLSID\{59983ef1-c8ce-11df-9969-00269eb3b517} => key not found. 
"HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{715c9946-b489-11e0-bf6a-0024d60cc338}" => key removed successfully
HKCR\CLSID\{715c9946-b489-11e0-bf6a-0024d60cc338} => key not found. 
"HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{715c9948-b489-11e0-bf6a-0024d60cc338}" => key removed successfully
HKCR\CLSID\{715c9948-b489-11e0-bf6a-0024d60cc338} => key not found. 
"HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{750419c5-4016-11e0-a673-a765483108fc}" => key removed successfully
HKCR\CLSID\{750419c5-4016-11e0-a673-a765483108fc} => key not found. 
"HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77855ccb-a57b-11e0-a72e-0c6076c93eb1}" => key removed successfully
HKCR\CLSID\{77855ccb-a57b-11e0-a72e-0c6076c93eb1} => key not found. 
"HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f7a9628-7cf9-11e0-8a50-be3a0df01995}" => key removed successfully
HKCR\CLSID\{7f7a9628-7cf9-11e0-8a50-be3a0df01995} => key not found. 
"HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f7a962b-7cf9-11e0-8a50-be3a0df01995}" => key removed successfully
HKCR\CLSID\{7f7a962b-7cf9-11e0-8a50-be3a0df01995} => key not found. 
"HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{80cd3bb8-3473-11e0-98d9-c0f2388ef7fd}" => key removed successfully
HKCR\CLSID\{80cd3bb8-3473-11e0-98d9-c0f2388ef7fd} => key not found. 
"HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{80cd3bc9-3473-11e0-98d9-c0f2388ef7fd}" => key removed successfully
HKCR\CLSID\{80cd3bc9-3473-11e0-98d9-c0f2388ef7fd} => key not found. 
"HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{80cd3bcb-3473-11e0-98d9-c0f2388ef7fd}" => key removed successfully
HKCR\CLSID\{80cd3bcb-3473-11e0-98d9-c0f2388ef7fd} => key not found. 
"HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8928058a-1870-11e0-aad1-817194553efe}" => key removed successfully
HKCR\CLSID\{8928058a-1870-11e0-aad1-817194553efe} => key not found. 
"HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8de94c6f-4e3c-11e0-a480-842d6cb8aae3}" => key removed successfully
HKCR\CLSID\{8de94c6f-4e3c-11e0-a480-842d6cb8aae3} => key not found. 
"HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cbd04a56-28f5-11e2-9e21-00269eb3b517}" => key removed successfully
HKCR\CLSID\{cbd04a56-28f5-11e2-9e21-00269eb3b517} => key not found. 
"HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df839a7b-32db-11e1-960b-0024d60cc338}" => key removed successfully
HKCR\CLSID\{df839a7b-32db-11e1-960b-0024d60cc338} => key not found. 
"HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e31c6ea2-185c-11e0-b3fd-84d4f784b0ff}" => key removed successfully
HKCR\CLSID\{e31c6ea2-185c-11e0-b3fd-84d4f784b0ff} => key not found. 
"HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e31c6ea6-185c-11e0-b3fd-84d4f784b0ff}" => key removed successfully
HKCR\CLSID\{e31c6ea6-185c-11e0-b3fd-84d4f784b0ff} => key not found. 
"HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5365e15-185f-11e0-aae2-93f23d24edfe}" => key removed successfully
HKCR\CLSID\{e5365e15-185f-11e0-aae2-93f23d24edfe} => key not found. 
"HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5365e18-185f-11e0-aae2-93f23d24edfe}" => key removed successfully
HKCR\CLSID\{e5365e18-185f-11e0-aae2-93f23d24edfe} => key not found. 
"HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ef6e5a95-4bd9-11e0-8a90-f841547746fc}" => key removed successfully
HKCR\CLSID\{ef6e5a95-4bd9-11e0-8a90-f841547746fc} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{E37CB5F0-51F5-4395-A808-5FA49E399015} => value removed successfully
"HKCR\Wow6432Node\CLSID\{E37CB5F0-51F5-4395-A808-5FA49E399015}" => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{E37CB5F0-51F5-4395-A808-5FA49E399F83} => value removed successfully
"HKCR\Wow6432Node\CLSID\{E37CB5F0-51F5-4395-A808-5FA49E399F83}" => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{E37CB5F0-51F5-4395-A808-5FA49E399003} => value removed successfully
"HKCR\Wow6432Node\CLSID\{E37CB5F0-51F5-4395-A808-5FA49E399003}" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully
HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{C41A1C0E-EA6C-11D4-B1B8-444553540000}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540003}" => key removed successfully
HKCR\Wow6432Node\CLSID\{C41A1C0E-EA6C-11D4-B1B8-444553540003} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540015}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{C41A1C0E-EA6C-11D4-B1B8-444553540015}" => key removed successfully
"HKCR\PROTOCOLS\Handler\linkscanner" => key removed successfully
"HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}" => key removed successfully
"HKCR\PROTOCOLS\Handler\livecall" => key removed successfully
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found. 
"HKCR\PROTOCOLS\Handler\msnim" => key removed successfully
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found. 
"HKCR\PROTOCOLS\Handler\wlmailhtml" => key removed successfully
HKCR\CLSID\{03C514A3-1EFB-4856-9F99-10D7BE1653C0} => key not found. 
"HKCR\PROTOCOLS\Handler\wlpg" => key removed successfully
HKCR\CLSID\{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} => key not found. 
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308" => key removed successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\kofkpgiaknijknhajbhnghkodiccblkg" => key removed successfully
"HKU\S-1-5-21-2436930393-3190665335-3880980104-1000\SOFTWARE\Google\Chrome\Extensions\kofkpgiaknijknhajbhnghkodiccblkg" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kofkpgiaknijknhajbhnghkodiccblkg" => key removed successfully
HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome.PLFZF6AYM3UAO7LKYCXXLZEXAY\shell\open\command\\Default => value restored successfully
aswVmm => service removed successfully
ATE_PROCMON => service removed successfully
Bfilter => service removed successfully
Bfmon => service removed successfully
Bndef => service removed successfully
Bprotect => service removed successfully
catchme => service removed successfully
ElRawDisk => service removed successfully
Warsaw_PP => service removed successfully
C:\Windows\SysWOW64\SYSSERVIDOR.exe => moved successfully
"C:\Windows\SysWOW64\Java8.exe" => not found.
"C:\Program Files (x86)\Gofat\Application\chrome.exe" => not found.
"C:\Users\User\AppData\Roaming\webssearches" => not found.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 36205998 B
Java, Flash, Steam htmlcache => 770 B
Windows/system/drivers => 162636015 B
Edge => 0 B
Chrome => 430411551 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 50832281 B
systemprofile32 => 1081945 B
LocalService => 162964 B
NetworkService => 2668174 B
User => 181614501 B
 
RecycleBin => 12064048 B
EmptyTemp: => 845.1 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 13:17:20 ====
 
****MY FIREWALL IS BEEN DISABLED EVERYTIME I TURN ON MY PC, THE LOGIN SCREEN IS WHITE WITH BLACK LETTERS, THE THEME CHANGES AERO TO 95 STYLE, MALWAREBYTES IS BEEN DISABLED. I NEED URGENT HELP!!!!!!!!!!!! I'LL TRY TO ATTACH PICTURES.***
 
Still having problems with installing any programs(errors about directories, i think..) like avast , AVG, virtualbox , windows movie maker, network drivers etc ... i feel like something(like a virus, maybe) is blocking some archives of the instalation or some windows archives are corrupted for some reason. What can it be? 

Edited by jadesick, 25 December 2016 - 07:29 PM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:10 AM

Posted 26 December 2016 - 07:50 AM

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

Please Download and run the ComboFix tool.

How to use ComboFix
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Follow the instructions on the page.

Post the content of the C:\ComboFix.txt file for my review.

p.s.
When all is well you can remove the tool by following the Uninstall instructions on the same page.

Pleas e post the logs for my review.

===

While I check the log look for new versions of drivers.

Navigate to this page.
http://learn.flexerasoftware.com/SVM-EVAL-Personal-Software-Inspector

Download and run the Flexera Software Personal Software Inspector.


Update all the suggested drivers.

#9 jadesick

jadesick
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  

Posted 26 December 2016 - 06:15 PM

1- RogueKiller

I tried to run it in the normal mode but it was freezing too much, so i ran it in the safe mode

 

the log after the removal(there is an error in it):

 

RogueKiller V12.9.0.0 (x64) [Dec 26 2016] (Free) por Adlice Software

 
Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Iniciou : Modo de segurança
Usuário : User [Administrador]
Started from : C:\Users\User\Desktop\ROGUEKILLER\RogueKiller\RogueKiller64.exe
Modo : Deletar -- Data : 12/26/2016 15:11:21 (Duration : 03:48:29)
 
¤¤¤ Processos : 0 ¤¤¤
 
¤¤¤ Registro : 32 ¤¤¤
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\Software\SlimWare Utilities, Inc. -> Deletado
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Elex-tech -> Deletado
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\SlimWare Utilities Inc -> Deletado
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\SlimWare Utilities, Inc. -> Deletado
[PUP.Gen1] (X64) HKEY_USERS\.DEFAULT\Software\AVG Secure Search -> Deletado
[PUP.Gen1] (X64) HKEY_USERS\.DEFAULT\Software\elex-tech -> Deletado
[PUP.Gen1] (X86) HKEY_USERS\.DEFAULT\Software\AVG Secure Search -> Deletado
[PUP.Gen1] (X86) HKEY_USERS\.DEFAULT\Software\elex-tech -> Deletado
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-2436930393-3190665335-3880980104-1000\Software\SlimWare Utilities Inc -> Deletado
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-2436930393-3190665335-3880980104-1000\Software\SlimWare Utilities Inc -> Deletado
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-18\Software\AVG Secure Search -> Deletado
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-18\Software\elex-tech -> Deletado
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-18\Software\AVG Secure Search -> Deletado
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-18\Software\elex-tech -> Deletado
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2436930393-3190665335-3880980104-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Substituído (http://search.msn.com/spbasic.htm)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2436930393-3190665335-3880980104-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Substituído (http://search.msn.com/spbasic.htm)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0F9B1873-2037-45E4-B88B-11773B1AAA57} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\User\AppData\Local\Temp\ICReinstall\Facemoods.exe|Name=InstallCore?| [x] -> Deletado
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {F731B446-2791-49CF-8B64-D29DF86FACFC} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\User\AppData\Local\Temp\ICReinstall\Facemoods.exe|Name=InstallCore?| [x] -> Deletado
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{FDD0CDFF-4F5D-4D25-B1D4-1DF8A8DC8537}C:\program files (x86)\1clickdownload\1clickdownloader.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\1clickdownload\1clickdownloader.exe|Name=DownloadAssistant|Desc=DownloadAssistant|Edge=TRUE|Defer=App| [x] -> Deletado
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{83F31692-1EEA-4866-ADD9-0BEEEB40EDD9}C:\program files (x86)\1clickdownload\1clickdownloader.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\1clickdownload\1clickdownloader.exe|Name=DownloadAssistant|Desc=DownloadAssistant|Edge=TRUE|Defer=App| [x] -> Deletado
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {431A48EA-2AA5-42FE-A5FD-838E1D31CD3E} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\ExpressFiles\expressdl.exe|Name=Express Files| [x] -> Deletado
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {8294A77E-E78F-421C-954C-666232F0EEE0} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\ExpressFiles\expressdl.exe|Name=Express Files| [x] -> Deletado
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {2ABE0838-335E-4183-89E8-5E78C252E3AF} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe|Name=Express Files| [x] -> Deletado
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {35C388C0-6164-423B-BA1D-09A8A220EF50} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe|Name=Express Files| [x] -> Deletado
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0F9B1873-2037-45E4-B88B-11773B1AAA57} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\User\AppData\Local\Temp\ICReinstall\Facemoods.exe|Name=InstallCore?| [x] -> Deletado
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {F731B446-2791-49CF-8B64-D29DF86FACFC} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\User\AppData\Local\Temp\ICReinstall\Facemoods.exe|Name=InstallCore?| [x] -> Deletado
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{FDD0CDFF-4F5D-4D25-B1D4-1DF8A8DC8537}C:\program files (x86)\1clickdownload\1clickdownloader.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\1clickdownload\1clickdownloader.exe|Name=DownloadAssistant|Desc=DownloadAssistant|Edge=TRUE|Defer=App| [x] -> Deletado
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{83F31692-1EEA-4866-ADD9-0BEEEB40EDD9}C:\program files (x86)\1clickdownload\1clickdownloader.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\1clickdownload\1clickdownloader.exe|Name=DownloadAssistant|Desc=DownloadAssistant|Edge=TRUE|Defer=App| [x] -> Deletado
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {431A48EA-2AA5-42FE-A5FD-838E1D31CD3E} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\ExpressFiles\expressdl.exe|Name=Express Files| [x] -> Deletado
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {8294A77E-E78F-421C-954C-666232F0EEE0} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\ExpressFiles\expressdl.exe|Name=Express Files| [x] -> Deletado
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {2ABE0838-335E-4183-89E8-5E78C252E3AF} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe|Name=Express Files| [x] -> Deletado
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {35C388C0-6164-423B-BA1D-09A8A220EF50} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe|Name=Express Files| [x] -> Deletado
 
¤¤¤ Tarefas : 0 ¤¤¤
 
¤¤¤ Arquivos : 2 ¤¤¤
[PUP.Gen1][Pasta] C:\ProgramData\SecTaskMan -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_00002109020090400000000000F01FEC -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_00002109020090400000000000F01FEC.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_00002109030000000000000000F01FEC -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_00002109030000000000000000F01FEC.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_000021091A0061400000000000F01FEC -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_000021091A0061400000000000F01FEC.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_00002109440061400000000000F01FEC -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_00002109440061400000000000F01FEC.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_00002109510061400000000000F01FEC -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_00002109510061400000000000F01FEC.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_00002109610061400000000000F01FEC -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_00002109610061400000000000F01FEC.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_00002109810061400000000000F01FEC -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_00002109810061400000000000F01FEC.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_00002109910061400000000000F01FEC -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_00002109910061400000000000F01FEC.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_00002109A10061400000000000F01FEC -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_00002109A10061400000000000F01FEC.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_00002109A20000000100000000F01FEC -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_00002109A20000000100000000F01FEC.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_00002109A20061400100000000F01FEC -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_00002109A20061400100000000F01FEC.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_00002109AB0061400000000000F01FEC -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_00002109AB0061400000000000F01FEC.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_00002109B10061400000000000F01FEC -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_00002109B10061400000000000F01FEC.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_00002109C20061400000000000F01FEC -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_00002109C20061400000000000F01FEC.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_00002109E60061400000000000F01FEC -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_00002109E60061400000000000F01FEC.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_00002109F10061400000000000F01FEC -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_00002109F10061400000000000F01FEC.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_00002109F10090400000000000F01FEC -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_00002109F10090400000000000F01FEC.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_00002109F100A0C00000000000F01FEC -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_00002109F100A0C00000000000F01FEC.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_000021599B0090400100000000F01FEC -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_000021599B0090400100000000F01FEC.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_00004109500200000000000000F01FEC -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_00004109500200000000000000F01FEC.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_032440EF5AC97F34B985A55C2AA8F133 -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_032440EF5AC97F34B985A55C2AA8F133.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_057978BEDBCC3104FB5D20494DADB50D -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_057978BEDBCC3104FB5D20494DADB50D.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_076CFAAAB965F2A4284B2449E5D03EFE -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_076CFAAAB965F2A4284B2449E5D03EFE.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_07E577C8197A8AD4CB3CA67B31F64448 -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_07E577C8197A8AD4CB3CA67B31F64448.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_0AB19942EE0FDA44C98CE55CA0CE6F7B -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_0AB19942EE0FDA44C98CE55CA0CE6F7B.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_0B5B5B2C545249E44BAB45D8B40F1B69 -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_0B5B5B2C545249E44BAB45D8B40F1B69.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_0C776EBEBCBCFBE408892EE7B12517FC -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_0C776EBEBCBCFBE408892EE7B12517FC.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_0D756077321A70C3E844C138CE981581 -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_0D756077321A70C3E844C138CE981581.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_11F12B5E3396B0E42AC597363E0CD711 -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_11F12B5E3396B0E42AC597363E0CD711.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_12342rg -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_12346db -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_12350vi4 -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_1926E8D15D0BCE53481466615F760A7F -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_1926E8D15D0BCE53481466615F760A7F.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_1af2a8da7e60d0b429d7e6453b3d0182 -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_1af2a8da7e60d0b429d7e6453b3d0182.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_1D034B0FAA6BD374B960AAD30DF10D8B -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_1D034B0FAA6BD374B960AAD30DF10D8B.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_1D5E3C0FEDA1E123187686FED06E995A -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_1D5E3C0FEDA1E123187686FED06E995A.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_1FB4B89437DA8AA499BE814D004E4228 -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_1FB4B89437DA8AA499BE814D004E4228.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_21EE4A31AE32173319EEFE3BD6FDFFE3 -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_21EE4A31AE32173319EEFE3BD6FDFFE3.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_22BEFC8F7E2A1793E9ADB411DEFE1C58 -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_22BEFC8F7E2A1793E9ADB411DEFE1C58.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_2395B176E4F61D346B20158627C933AF -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_2395B176E4F61D346B20158627C933AF.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_26CEF00243C306D4C98ECE73E2100CF8 -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_26CEF00243C306D4C98ECE73E2100CF8.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_2DC12CB23508A604086FA96B71714BD9 -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_2DC12CB23508A604086FA96B71714BD9.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_3134DC86D18EE1948B623D996D6F773A -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_3134DC86D18EE1948B623D996D6F773A.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_36C92ABAD22B8F54AB02C7E81FB7E526 -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_36C92ABAD22B8F54AB02C7E81FB7E526.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_37074588665C59840950BE9EE83A7F7C -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_37074588665C59840950BE9EE83A7F7C.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_3AF2CDE243F15E43095885C8E9DFC16C -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_3AF2CDE243F15E43095885C8E9DFC16C.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_3D04254D3B6B9FF42B3445CE3E1E0066 -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_3D04254D3B6B9FF42B3445CE3E1E0066.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_3E2D8E8CA6FED1B40AE9B772BE2E3FEC -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_3E2D8E8CA6FED1B40AE9B772BE2E3FEC.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_3e43b73803c7c394f8a6b2f0402e19c2 -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_3e43b73803c7c394f8a6b2f0402e19c2.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_3E5FFF1680D166F4CA92FE1669F36291 -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_3E5FFF1680D166F4CA92FE1669F36291.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_4314AE291D01A814191EA5403531A183 -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_4314AE291D01A814191EA5403531A183.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_487EA05EEBAFAD641A8FB7B665CD2BE2 -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_487EA05EEBAFAD641A8FB7B665CD2BE2.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_4A45EB3BEFD83954E86665BA17338B21 -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_4A45EB3BEFD83954E86665BA17338B21.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_4A4869755DDD3AC4E98AB77E9D95D34B -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_4A4869755DDD3AC4E98AB77E9D95D34B.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_4A94D9E94FD183147BBDD5788A3980E8 -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_4A94D9E94FD183147BBDD5788A3980E8.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_4A9D4F432C248434EB4F5E358C54947E -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_4A9D4F432C248434EB4F5E358C54947E.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_4AFCE782A91734120AB96D1AD25EE404 -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_4AFCE782A91734120AB96D1AD25EE404.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_4E42866C3BBC1584BBF38EFC6D539032 -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_4E42866C3BBC1584BBF38EFC6D539032.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_4EA42A62D9304AC4784BF238120641FF -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_4EA42A62D9304AC4784BF238120641FF.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_4EA42A62D9304AC4784BF238120754FF -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_4EA42A62D9304AC4784BF238120754FF.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_4EA42A62D9304AC4784BF268140672FF -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_4EA42A62D9304AC4784BF268140672FF.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_50910386AED2EC144A4D8E4B340B99AB -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_50910386AED2EC144A4D8E4B340B99AB.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_52744B0D6663D294EB6F85A741DBB99D -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_52744B0D6663D294EB6F85A741DBB99D.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_53451EB7E3D285B468F7C957EB0D02C8 -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_53451EB7E3D285B468F7C957EB0D02C8.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_5C4834679ACBC703A9CADF44632686A6 -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_5C4834679ACBC703A9CADF44632686A6.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_60EA627A3AAA1D34783E075F0113F440 -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_60EA627A3AAA1D34783E075F0113F440.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_62DBF9290209B993A9A757D1160F9B24 -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_62DBF9290209B993A9A757D1160F9B24.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_67D6ECF5CD5FBA732B8B22BAC8DE1B4D -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_67D6ECF5CD5FBA732B8B22BAC8DE1B4D.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_68AB67CA408033019195008142020502 -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_68AB67CA408033019195008142020502.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_68AB67CA7DA76401B744BA0000000010 -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_68AB67CA7DA76401B744BA0000000010.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_6C2FD2F17F80DB04E8581DC64B637E0F -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_6C2FD2F17F80DB04E8581DC64B637E0F.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_6D331B1297950F74EBC16F6A3B4096F3 -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_6D331B1297950F74EBC16F6A3B4096F3.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_6DED2C82B5237CC489A371778C7FBFBA -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_6DED2C82B5237CC489A371778C7FBFBA.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_6E58EC68CABDDFF39B774E7BF9389C90 -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_6E58EC68CABDDFF39B774E7BF9389C90.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_6E815EB96CCE9A53884E7857C57002F0 -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_6E815EB96CCE9A53884E7857C57002F0.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_6E8A266FCD4F2A1409E1C8110F44DBCE -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_6E8A266FCD4F2A1409E1C8110F44DBCE.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_6E8D947A316B3EB3F8F540C548BE2AB9 -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_6E8D947A316B3EB3F8F540C548BE2AB9.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_6F9E66FF7E38E3A3FA41D89E8A906A4A -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_6F9E66FF7E38E3A3FA41D89E8A906A4A.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_70D17E3E72DCBC644884614DBF92AA31 -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_70D17E3E72DCBC644884614DBF92AA31.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_72564A7FF1FDF0B469738945E7814924 -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_72564A7FF1FDF0B469738945E7814924.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_766F6333940964D4896BC447E3BE5C1B -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_766F6333940964D4896BC447E3BE5C1B.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_77534B3441520EC41BA4E7581CC74035 -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_77534B3441520EC41BA4E7581CC74035.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_775F634D5961F2D4B844CA679CE90020 -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_775F634D5961F2D4B844CA679CE90020.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_7B292C385A83B0447A137070E0186AF4 -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_7B292C385A83B0447A137070E0186AF4.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_7BD4C90EC03660F46A13E87A329932FA -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_7BD4C90EC03660F46A13E87A329932FA.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_7E0BA6F1DDC839B4A832AAE92BEFCF4E -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_7E0BA6F1DDC839B4A832AAE92BEFCF4E.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_7E0DCCC84E65BF543BBFF915382C4F0F -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_7E0DCCC84E65BF543BBFF915382C4F0F.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_7F80AB91827CC964A853FBDB6333EB80 -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_7F80AB91827CC964A853FBDB6333EB80.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_84639D8AF7F9D70419C5264064443CAD -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_84639D8AF7F9D70419C5264064443CAD.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_84b9c17023c712640acaf308593282f8 -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_84b9c17023c712640acaf308593282f8.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_87026B05132D3A64ABC732CDAFE01610 -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_87026B05132D3A64ABC732CDAFE01610.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_88BD991AD22E7EC409CA8BEB93D6B74F -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_88BD991AD22E7EC409CA8BEB93D6B74F.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_93BAD29AC2E44034A96BCB446EB8552E -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_93BAD29AC2E44034A96BCB446EB8552E.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_93DE4664A08C7F8439DCBECDFABAC65C -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_93DE4664A08C7F8439DCBECDFABAC65C.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_9500CD411F0026F4DBA1BA32DC159AE5 -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_9500CD411F0026F4DBA1BA32DC159AE5.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_952BA647474611149866C1269F6A0E36 -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_952BA647474611149866C1269F6A0E36.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_97230E76307FF8044BFB645BCFD807DC -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_97230E76307FF8044BFB645BCFD807DC.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_988D22A5DDBF8EA468CE80D954CF31E3 -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_988D22A5DDBF8EA468CE80D954CF31E3.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_9D0205FAA611CA649A228057293FE79C -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_9D0205FAA611CA649A228057293FE79C.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_A089CE062ADB6BC44A720BA745894BAC -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_A089CE062ADB6BC44A720BA745894BAC.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_ABDA2A3FD7F6E194C8B6D39E694BF29B -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_ABDA2A3FD7F6E194C8B6D39E694BF29B.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_CDD635DB7BA7EE84495E2DD36C2ECC58 -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_CDD635DB7BA7EE84495E2DD36C2ECC58.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_D967F3F84C9E5E24B95328DDEC70091C -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\icm_D967F3F84C9E5E24B95328DDEC70091C.dll -> Deletado
[PUP.Gen1][Arquivo] C:\ProgramData\SecTaskMan\ItemsState.ini -> Deletado
[PUP.Gen1][Pasta] C:\ProgramData\SecTaskMan -> ERROR [3]
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Arquivos de hosts : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Não carregado [0x5]) ¤¤¤
 
¤¤¤ Navegadores : 1 ¤¤¤
[PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.keyword [google] -> Deletado
 
¤¤¤ Verificação da MBR : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] 91ab04e5c559448879cf7f6daaef3612
[BSP] 6195f12276267d1b3fd18e38d9ed1345 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12288 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 25167872 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 25372672 | Size: 292855 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
 
 
(it is in portuguese..  there is a part that says about my antirootkit driver didn't load)
 
2- Combofix
 
Now i did something very stupid, i ran it in a different folder(Downloads) instead of Desktop. I thought it would have some kind of installation but i was wrong. I didn't stop it either. During the process, my computer restarted (i don't know if it was supposed to restart) and combofix prompt was still there loading the log. I don't have any idea what the program really did in my computer , i hope that i didn't messed up all. Anyways, here is the log:
 
ComboFix 16-12-15.01 - User 26/12/2016  19:33:28.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3999.2537 [GMT -3:00]
Running from: c:\users\User\Downloads\ComboFix.exe
SP: Malwarebytes *Disabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\3b2c21222636363a_c
c:\programdata\Amazon.ico
c:\programdata\BeRuby.ico
c:\programdata\MercadoLivre.ico
c:\users\User\AppData\Roaming\41FC.F69
c:\users\User\Documents\~WRL3679.tmp
c:\windows\msdownld.tmp
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
(((((((((((((((((((((((((   Files Created from 2016-11-26 to 2016-12-26  )))))))))))))))))))))))))))))))
.
.
2016-12-26 22:50 . 2016-12-26 22:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-12-26 16:04 . 2016-12-26 16:09 -------- d-----w- c:\programdata\RogueKiller
2016-12-26 01:37 . 2016-12-26 01:37 -------- d-----w- c:\users\User\AppData\Roaming\AVAST Software
2016-12-26 01:33 . 2016-12-26 01:32 391496 ----a-w- c:\windows\system32\aswBoot.exe
2016-12-26 01:32 . 2016-12-26 01:32 53208 ----a-w- c:\windows\avastSS.scr
2016-12-26 01:29 . 2016-12-26 01:29 -------- d-----w- c:\program files\AVAST Software
2016-12-25 16:52 . 2016-12-25 16:52 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2016-12-25 16:47 . 2016-12-25 16:47 -------- d-----w- c:\program files (x86)\Common Files\Java
2016-12-25 16:46 . 2016-12-25 16:46 110144 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2016-12-24 20:50 . 2016-12-24 20:50 -------- d-----w- c:\program files\Oracle
2016-12-22 20:58 . 2016-12-25 16:19 -------- d-----w- C:\FRST
2016-12-20 16:18 . 2016-12-20 16:18 -------- d-----w- c:\users\User\AppData\Roaming\Red Giant
2016-12-20 14:56 . 2016-12-25 19:10 -------- d-----w- c:\programdata\ProductData
2016-12-20 04:20 . 2016-12-24 15:07 -------- d-----w- c:\programdata\Avg
2016-12-20 04:20 . 2016-12-20 04:20 -------- d-----w- c:\users\User\AppData\Local\Avg
2016-12-20 01:22 . 2016-12-20 01:22 -------- d-----w- c:\program files\Common Files\AV
2016-12-20 01:22 . 2016-12-20 01:22 -------- d-----w- c:\program files (x86)\Common Files\AV
2016-12-20 01:19 . 2016-12-26 01:03 -------- d-----w- c:\programdata\AVAST Software
2016-12-19 22:43 . 2016-12-23 01:24 -------- d-----w- c:\users\User\AppData\Roaming\Enigma Software Group
2016-12-19 22:43 . 2016-12-19 22:43 -------- d-----w- C:\sh4ldr
2016-12-19 22:42 . 2016-12-23 01:24 -------- d-----w- c:\program files\Enigma Software Group
2016-12-18 17:24 . 2016-12-18 17:24 -------- d-----w- c:\windows\IObit
2016-12-18 17:22 . 2016-12-25 19:10 -------- d-----w- c:\programdata\IObit
2016-12-18 17:21 . 2016-12-18 17:21 27552 ----a-w- c:\windows\SysWow64\drivers\HWiNFO64A.SYS
2016-12-18 03:48 . 2016-12-18 03:48 -------- d-----w- c:\users\User\AppData\Local\Zemana
2016-12-11 04:53 . 2016-12-11 04:53 -------- d-----w- C:\Riot Games
2016-12-11 04:51 . 2016-12-11 04:54 -------- d-----w- c:\users\User\AppData\Roaming\Riot Games
2016-12-09 18:31 . 2016-12-09 22:53 102856 ----a-w- c:\windows\system32\drivers\farflt.sys
2016-12-09 18:31 . 2016-12-09 18:31 176064 ----a-w- c:\windows\system32\drivers\MBAMChameleon.sys
2016-12-09 18:31 . 2016-12-09 22:53 81696 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-12-09 18:30 . 2016-12-09 22:53 43968 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-12-09 18:30 . 2016-12-09 22:53 250816 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-12-09 18:30 . 2016-11-29 09:27 77408 ----a-w- c:\windows\system32\drivers\mbae64.sys
2016-12-09 18:30 . 2016-12-09 18:30 -------- d-----w- c:\programdata\Malwarebytes
2016-12-09 18:30 . 2016-12-09 18:30 -------- d-----w- c:\program files\Malwarebytes
2016-11-29 15:53 . 2016-11-29 15:53 -------- d-----w- C:\found.008
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-12-25 15:18 . 2015-05-29 00:23 55632 ----a-w- c:\windows\SysWow64\makecert.exe
2016-12-25 15:18 . 2015-05-29 00:23 1690096 ----a-w- c:\windows\SysWow64\crov.exe
2016-12-24 13:45 . 2016-12-24 13:45 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{65E5EECB-A59B-47A3-9AF6-BF683D13F5C3}\offreg.3140.dll
2016-12-20 14:20 . 2016-12-20 14:20 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{65E5EECB-A59B-47A3-9AF6-BF683D13F5C3}\offreg.3688.dll
2016-12-20 01:24 . 2016-12-20 01:24 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{65E5EECB-A59B-47A3-9AF6-BF683D13F5C3}\offreg.2012.dll
2016-12-18 16:24 . 2016-12-18 16:23 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{65E5EECB-A59B-47A3-9AF6-BF683D13F5C3}\offreg.3540.dll
2016-12-18 03:35 . 2016-12-18 03:35 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{65E5EECB-A59B-47A3-9AF6-BF683D13F5C3}\offreg.2376.dll
2016-12-15 22:45 . 2012-05-25 21:36 802904 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-12-15 22:45 . 2011-06-02 17:58 144472 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-12-15 21:08 . 2016-12-15 21:08 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{65E5EECB-A59B-47A3-9AF6-BF683D13F5C3}\offreg.4000.dll
2016-12-04 05:53 . 2016-12-04 05:53 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{65E5EECB-A59B-47A3-9AF6-BF683D13F5C3}\offreg.2456.dll
2016-11-26 01:59 . 2016-11-26 01:59 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{65E5EECB-A59B-47A3-9AF6-BF683D13F5C3}\offreg.3392.dll
2016-11-06 22:29 . 2016-11-06 22:29 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{65E5EECB-A59B-47A3-9AF6-BF683D13F5C3}\offreg.5284.dll
2016-11-02 01:07 . 2016-11-02 01:07 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{65E5EECB-A59B-47A3-9AF6-BF683D13F5C3}\offreg.5892.dll
2016-10-27 23:38 . 2016-10-27 23:38 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{65E5EECB-A59B-47A3-9AF6-BF683D13F5C3}\offreg.6140.dll
2016-10-13 22:46 . 2016-10-13 22:46 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{65E5EECB-A59B-47A3-9AF6-BF683D13F5C3}\offreg.3316.dll
2016-10-08 01:08 . 2016-10-06 20:18 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{65E5EECB-A59B-47A3-9AF6-BF683D13F5C3}\offreg.6008.dll
2016-10-01 18:33 . 2016-10-01 18:33 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{65E5EECB-A59B-47A3-9AF6-BF683D13F5C3}\offreg.3292.dll
2011-09-16 18:12 . 2011-10-03 01:08 143240 ----a-w- c:\program files (x86)\Common Files\ApnStub.exe
2011-02-27 14:42 . 2011-04-24 23:28 571328 ----a-w- c:\program files (x86)\Common Files\AutoCompleteInstaller-VD.exe
2010-01-26 13:11 . 2011-04-24 23:28 444283 ----a-w- c:\program files (x86)\Common Files\WinPcapNmap.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2016-09-02 02:11 223432 ----a-w- c:\users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2016-09-02 02:11 223432 ----a-w- c:\users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2016-09-02 02:11 223432 ----a-w- c:\users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtPending]
@="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}"
[HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}]
2014-05-01 14:15 463360 ----a-w- c:\users\User\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSynced]
@="{05B38830-F4E9-4329-978B-1DD28605D202}"
[HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}]
2014-05-01 14:15 463360 ----a-w- c:\users\User\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSyncing]
@="{0596C850-7BDD-4C9D-AFDF-873BE6890637}"
[HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}]
2014-05-01 14:15 463360 ----a-w- c:\users\User\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R0 aswRvrt;avast! Revert; [x]
R0 aswVmm;avast! VM Monitor; [x]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
R1 VBoxNetAdp;VirtualBox NDIS 6.0 Miniport Service;c:\windows\system32\DRIVERS\VBoxNetAdp6.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp6.sys [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MCSvc;Microsoft Cache Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtection;MBAMProtection;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys;c:\windows\SYSNATIVE\DRIVERS\netr7364.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudobex.sys;c:\windows\SYSNATIVE\DRIVERS\ssudobex.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe;c:\program files (x86)\Common Files\Desura\desura_service.exe [x]
R4 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
R4 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe;c:\program files (x86)\Acer\Registration\GregHSRW.exe [x]
R4 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
R4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
R4 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [x]
R4 scpVista;scpVista;c:\program files (x86)\Scpad\scpVista.exe;c:\program files (x86)\Scpad\scpVista.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
R4 Warsaw Technology;Warsaw Technology;c:\program files\Diebold\Warsaw\core.exe;c:\program files\Diebold\Warsaw\core.exe [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\windows\system32\drivers\mbae64.sys;c:\windows\SYSNATIVE\drivers\mbae64.sys [x]
S1 EterlogicVirtualSerialDriver;EterlogicVirtualSerialDriver;c:\windows\system32\drivers\VSPE.sys;c:\windows\SYSNATIVE\drivers\VSPE.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvs REG_MULTI_SZ   IlS
LocalServiceir REG_MULTI_SZ   MCSvc
.
Contents of the 'Scheduled Tasks' folder
.
2016-12-24 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_186_pepper.exe [2016-12-15 22:45]
.
2016-12-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-25 22:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2016-09-02 02:11 262344 ----a-w- c:\users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2016-09-02 02:11 262344 ----a-w- c:\users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2016-09-02 02:11 262344 ----a-w- c:\users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtPending]
@="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}"
[HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}]
2014-05-01 14:13 470016 ----a-w- c:\users\User\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSynced]
@="{05B38830-F4E9-4329-978B-1DD28605D202}"
[HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}]
2014-05-01 14:13 470016 ----a-w- c:\users\User\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSyncing]
@="{0596C850-7BDD-4C9D-AFDF-873BE6890637}"
[HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}]
2014-05-01 14:13 470016 ----a-w- c:\users\User\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-12-26 01:32 1031520 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: bancobrasil.com.br\www
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bb.com.br\seg
Trusted Zone: bb.com.br\www
Trusted Zone: caixa.gov.br\imagem
Trusted Zone: caixa.gov.br\imagem2
Trusted Zone: caixa.gov.br\internetbanking
Trusted Zone: caixa.gov.br\internetbankingpf
Trusted Zone: caixa.gov.br\www
Trusted Zone: infoseg.gov.br\www
Trusted Zone: infoseg.gov.br\www2
Trusted Zone: infoseg.gov.br\www5
Trusted Zone: serpro.gov.br\infoseg9
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{7324DCB8-4A97-4053-966B-63E438E34A63}: NameServer = 8.8.8.8,8.8.4.4
DPF: {E37CB5F0-51F5-4395-A808-5FA49E399015} - hxxps://www5.infoseg.gov.br/Install/GbPluginIsg.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKU-Default-Run-MP3 Skype Recorder - c:\program files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe
SafeBoot-MBAMChameleon
SafeBoot-MBAMSwissArmy
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-QUICKfind - c:\program files (x86)\IDM\QUICKfind\qf_uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2436930393-3190665335-3880980104-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6F1EC5D0-088B-895E-D165-8A5147049A5D}*]
@Allowed: (Read) (RestrictedCode)
"iagfjoldheeiokpodo"=hex:62,61,69,70,00,b3
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_24_0_0_186_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_24_0_0_186_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_24_0_0_186_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_24_0_0_186_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_186.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.24"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_186.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_186.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_186.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\IObit\Driver Booster\4.1.0\UninstMon\PubMonitor.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
**************************************************************************
.
Completion time: 2016-12-26  20:05:27 - machine was rebooted
ComboFix-quarantined-files.txt  2016-12-26 23:05
.
Pre-Run: 82.974.900.224 bytes free
Post-Run: 82.052.562.944 bytes free
.
- - End Of File - - 6B275FB63D29AE24AF7B0B32688E930A
A36C5E4F47E84449FF07ED3517B43A31
 
*now i saw how much it deleted...Pre-Run: 82.974.900.224 bytes free
Post-Run: 82.052.562.944 bytes free... 


#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:10 AM

Posted 27 December 2016 - 08:32 AM

--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2436930393-3190665335-3880980104-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6F1EC5D0-088B-895E-D165-8A5147049A5D}*]
@Allowed: (Read) (RestrictedCode)
"iagfjoldheeiokpodo"=hex:62,61,69,70,00,b3


How is the computer running.
This Locked Registry key is unknown.

Deleting the Registry key may cause the application that is associated with to fail.

Will leave this for later if reqiuired.

What are the current issues with this computer.

#11 jadesick

jadesick
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  

Posted 27 December 2016 - 04:38 PM

Now my computer can't install any program without failing, including important programs like antivirus and antimalware.
 
Malwarebytes takes too long to open(about 10 minutes) and has a problem about antirootkit dda driver.
 
Avast can't start scans and the error notification appears "Unable to start scan, there are no endpoints available from the endpoint mapper"
 
Tried to install a program called VirtualBox and it appeared a lot of notifications of errors(shows in the pictures)
 
Sometimes is seen a windows notification "Could not connect to all network drivers" and when i click it, it redirects to My computer and nothing more..
 
I can't enable the service IKE and AuthIP IPsec Keying Modules, it says "The system cannot find the path specified"
 
 
 
 
The most important problem is that my computer is not a bit safe for not having a antivirus and antimalware. I noticed some weird actions in my computer that is not normal. 
but I don't have any idea if there's actually a problem in Windows and the drivers(like configurations or corrupted files) or a problem with virus,malware.. I tried sfc/scannow and it was all ok. My internet connection is alright LAN or Wireless. I can play games normally even if my fps is a little low. I attatched pictures about installation problems  or  how some programs are running bad. Should I show how my services are configurated? 

Edited by nasdaq, 28 December 2016 - 11:27 AM.


#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:10 AM

Posted 28 December 2016 - 08:21 AM



Download and run the free version of the Revo Uninstaller.
http://www.revouninstaller.com/

Remove everything referencing AVG.

Restart the computer when done.

Do not reinstall AVG just yet.

Keep me posted on the issues.

#13 jadesick

jadesick
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  

Posted 28 December 2016 - 10:36 AM

i'm sorry but WHAT THE HELL JUST HAPPENED? MY PC IS TOTALLY DIFFERENT .. I THINK I LOST LOTS OF DOCUMENTS..I didn't change anything i swear , you can see in a photo it was full of folders and pictures.. what happened i'm scared. i just turn on it today and it was like this... please help.... URGENTLY..

Attached Files


Edited by jadesick, 28 December 2016 - 10:37 AM.


#14 jadesick

jadesick
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  

Posted 28 December 2016 - 10:47 AM

it's not saved theme , so it's not a Windows feature , someone(hacker) or virus did it.



#15 jadesick

jadesick
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  

Posted 28 December 2016 - 11:20 AM

i gtg now... doctor but please i dont want to lose everything






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users