Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Explorer.exe and AV Scan not working [Solved]

Started by Habelaumus , Feb 16 2014 11:00 PM

  • This topic is locked This topic is locked

#1
Habelaumus
Posted 16 February 2014 - 11:00 PM

Habelaumus

    Member

  • Member
  • PipPip
  • 13 posts
Hello there and thanks in advance,

I think I got infected due to a porn file but I can't be sure. Problems arose next time I booted the PC.
My SO is Windows 7 Professional, 32 bits. I had McAfee at the time and the problem was that it would pop a warning saying its real-time protection was disabled, its Firewall was disabled as well and I wasn't able to scan (it'd say it found an error). I'd click to activate and done. Last month the problem got worse and clicking on activate wouldn't activate anything. I tried reinstalling but nothing would work so I got rid of McAfee and started using Avira alongside Windows Firewall. In an attempt to resolve those problems I ran Farbar's Quick Scan at request of another Forum. Farbar is said to be unobtrusive on scans and so I believe nothing was modified.

Avira worked properly for a few days then it started giving the same warnings, clicking on activate would activate it. Now Saturday night I downloaded and ran several files into my PC, including an executable, videos, images and music files. I have no idea wether this new problem is related to the old one or just some new infection I managed to get but when booting up my PC on Sunday (next day) the taskbar wouldn't pop up, the background is black and shows no icons, as if explorer.exe wasn't running, plus I got an error message from Avira saying it had failed to access a certain value in some position of memory. I restarted the PC and got the same problem.

Now, I was unable to access anything except ctrl+alt+del, using this I can access Task Manager and it has an option to run a new task and through this I can run .exes in my pc. Explorer.exe shows up as running normally in task manager and I can finish it and then run it again but when I run it again the taskbar will appear just to disappear in a sec. I ran CCleaner.exe and unninstalled Avira thinking that its failure was causing the errors but whilst the Avira warning has stopped the Explorer.exe is still unresponsive.

I ran Control.exe (Control Panel) and although it'll open some options (sound and keyboard, for exemple) it'll not open "Backup and Restoration" nor "Recovery", using the address bar on Control Panel I can access My Computer but the Drives (C: and D:) are nameless, their names and any info like size or used space won't show up, checking their properties they're ok. Opening folders through the left menu (like Images or Documents) shows as if they were empty (even though they are not and content hasn't been deleted as you'll see later). Using Notepad.exe and clicking either Open or Save As won't show any window and I'm still unable to see my folders and files.

I tried updating CCleaner (through Chrome.exe) and fixing the Registry but nothing. Whenever I fix the Registry I save a backup so I used Cmd.exe to restore a 1 month old backup and although it restored successfully the problem persists. I've since rerestored it to the state it was yesterday. Through Cmd.exe I can check that my files weren't deleted and I still can open them. Below follows the OTL Log:


OTL logfile created on: 16/02/2014 23:34:36 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Danilo\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

1,60 Gb Total Physical Memory | 0,89 Gb Available Physical Memory | 55,62% Memory free
3,21 Gb Paging File | 1,45 Gb Available in Paging File | 45,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 254,14 Gb Total Space | 155,28 Gb Free Space | 61,10% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 11,46 Gb Free Space | 39,53% Space Free | Partition Type: NTFS

Computer Name: DANILO-PC | User Name: Danilo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/16 23:33:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Danilo\Downloads\OTL.exe
PRC - [2014/01/02 21:46:10 | 030,714,328 | ---- | M] (Dropbox, Inc.) -- C:\Users\Danilo\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/11/22 23:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/12/10 11:51:50 | 000,095,584 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2011/03/28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011/03/28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2011/03/02 12:20:58 | 000,224,256 | ---- | M] () -- C:\Arquivos de Programas\GNU\GnuPG\dirmngr.exe
PRC - [2011/02/25 02:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/26 01:00:32 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/01/26 01:00:04 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/01/25 23:46:48 | 000,284,160 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Arquivos de Programas\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2011/01/06 18:47:54 | 005,646,272 | ---- | M] (Lenovo(beijing) Limited) -- C:\Arquivos de Programas\Lenovo\Energy Management\utility.exe
PRC - [2011/01/06 18:47:18 | 008,951,744 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Arquivos de Programas\Lenovo\Energy Management\Energy Management.exe
PRC - [2010/12/24 11:19:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Arquivos de Programas\Lenovo\YouCam\YCMMirage.exe
PRC - [2010/11/20 18:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe
PRC - [2010/06/17 06:23:34 | 000,140,224 | ---- | M] (Advanced Micro Devices) -- C:\Arquivos de Programas\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
PRC - [2009/07/13 22:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IgrsSvcs.exe
PRC - [2008/05/20 20:19:54 | 000,075,016 | ---- | M] (CA) -- C:\Arquivos de Programas\CA\SharedComponents\CA_LIC\LogWatNT.exe
PRC - [2008/05/20 20:19:40 | 000,029,960 | ---- | M] (CA) -- C:\Arquivos de Programas\CA\SharedComponents\CA_LIC\lic98Service.exe
PRC - [2007/03/09 18:00:18 | 001,167,360 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Arquivos de Programas\Lenovo\EnergyCut\EnergyCut.exe
PRC - [2006/02/01 23:49:14 | 000,204,800 | ---- | M] () -- C:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE
PRC - [2006/02/01 23:43:44 | 059,064,320 | ---- | M] (Oracle Corporation) -- c:\oraclexe\app\oracle\product\10.2.0\server\BIN\oracle.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/01 20:42:37 | 013,616,456 | ---- | M] () -- C:\Users\Danilo\AppData\Local\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll
MOD - [2014/02/01 20:42:37 | 000,399,688 | ---- | M] () -- C:\Users\Danilo\AppData\Local\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
MOD - [2014/02/01 20:42:35 | 004,055,368 | ---- | M] () -- C:\Users\Danilo\AppData\Local\Google\Chrome\Application\32.0.1700.107\pdf.dll
MOD - [2014/02/01 20:41:45 | 000,715,592 | ---- | M] () -- C:\Users\Danilo\AppData\Local\Google\Chrome\Application\32.0.1700.107\libglesv2.dll
MOD - [2014/02/01 20:41:45 | 000,100,168 | ---- | M] () -- C:\Users\Danilo\AppData\Local\Google\Chrome\Application\32.0.1700.107\libegl.dll
MOD - [2014/02/01 20:41:43 | 001,634,632 | ---- | M] () -- C:\Users\Danilo\AppData\Local\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
MOD - [2014/01/02 21:45:04 | 003,558,400 | ---- | M] () -- C:\Users\Danilo\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/10/18 20:55:02 | 025,100,288 | ---- | M] () -- C:\Users\Danilo\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2008/12/20 03:20:50 | 000,063,304 | ---- | M] () -- C:\Arquivos de Programas\Lenovo\Energy Management\KbdHook.dll
MOD - [2008/12/20 03:20:08 | 000,051,016 | ---- | M] () -- C:\Arquivos de Programas\Lenovo\Energy Management\HookLib.dll
MOD - [2005/06/24 18:05:02 | 000,045,056 | ---- | M] () -- C:\Arquivos de Programas\Lenovo\EnergyCut\HookLib.dll


========== Services (SafeList) ==========

SRV - [2014/02/06 06:47:18 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/02/05 13:34:34 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/05 16:21:56 | 000,174,488 | ---- | M] (McAfee, Inc.) [Unavailable | Unknown] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2013/05/27 01:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de Programas\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/04/10 03:56:49 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/28 22:48:58 | 000,118,520 | ---- | M] (Riverbed Technology, Inc.) [On_Demand | Stopped] -- C:\Arquivos de Programas\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2012/04/21 03:01:59 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/12/10 11:51:50 | 000,095,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de Programas\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2011/03/28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011/03/02 12:20:58 | 000,224,256 | ---- | M] () [Auto | Running] -- C:\Arquivos de Programas\GNU\GnuPG\dirmngr.exe -- (DirMngr)
SRV - [2011/01/26 01:00:04 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/01/25 23:46:48 | 000,284,160 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2010/12/28 00:44:32 | 000,578,912 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Arquivos de Programas\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc)
SRV - [2010/12/28 00:44:16 | 000,509,280 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Arquivos de Programas\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc)
SRV - [2010/11/20 18:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010/06/17 06:23:34 | 000,140,224 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Arquivos de Programas\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV - [2009/07/16 18:12:42 | 000,276,296 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Arquivos de Programas\Lenovo\ReadyComm\PS_MDP.dll -- (PS_MDP)
SRV - [2009/07/15 05:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Arquivos de Programas\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS)
SRV - [2009/07/15 05:27:20 | 000,103,688 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Arquivos de Programas\Lenovo\ReadyComm\common\router.dll -- (ReadyComm.DirectRouter)
SRV - [2009/07/13 22:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 22:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 22:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2008/05/20 20:19:54 | 000,075,016 | ---- | M] (CA) [Auto | Running] -- C:\Arquivos de Programas\CA\SharedComponents\CA_LIC\LogWatNT.exe -- (LogWatch)
SRV - [2006/02/01 23:51:06 | 000,045,056 | ---- | M] () [On_Demand | Stopped] -- C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe -- (OracleXEClrAgent)
SRV - [2006/02/01 23:49:14 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE -- (OracleXETNSListener)
SRV - [2006/02/01 23:47:28 | 000,057,616 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe -- (OracleMTSRecoveryService)
SRV - [2006/02/01 23:44:06 | 000,102,400 | ---- | M] () [Disabled | Stopped] -- c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe -- (OracleJobSchedulerXE)
SRV - [2006/02/01 23:43:44 | 059,064,320 | ---- | M] (Oracle Corporation) [Auto | Running] -- c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE -- (OracleServiceXE)
SRV - [2003/07/28 08:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2013/12/05 16:16:44 | 000,572,688 | ---- | M] (McAfee, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2013/12/05 16:12:06 | 000,133,992 | ---- | M] (McAfee, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2013/07/04 16:38:20 | 000,188,176 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2013/07/04 16:37:08 | 000,115,984 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2013/07/04 16:37:08 | 000,104,720 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2013/07/04 16:37:08 | 000,094,480 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2013/02/28 22:48:42 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2013/02/24 23:07:47 | 000,231,760 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2013/02/02 20:45:18 | 000,015,616 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2011/09/23 16:36:20 | 000,232,512 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/02/14 01:42:26 | 001,283,200 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2011/01/26 02:50:02 | 006,575,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/01/26 00:22:56 | 000,229,888 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/12/24 11:19:56 | 000,027,632 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\clwvd.sys -- (clwvd)
DRV - [2010/11/29 05:50:40 | 000,035,968 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2010/11/24 11:30:40 | 002,128,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010/11/20 18:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 18:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 18:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 18:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 18:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 18:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 18:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 18:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/21 07:05:44 | 000,196,352 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vm331avs.sys -- (vm331avs)
DRV - [2010/09/30 05:44:32 | 000,218,624 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV - [2010/08/16 06:28:50 | 000,005,888 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmuvcflt.sys -- (vmuvcflt)
DRV - [2010/06/24 23:33:28 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010/05/14 19:04:14 | 000,062,592 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amd_sata.sys -- (amd_sata)
DRV - [2010/05/14 19:04:14 | 000,024,192 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amd_xata.sys -- (amd_xata)
DRV - [2010/02/18 09:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2010/01/15 18:08:42 | 000,032,352 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\LhdX86.sys -- (LHDmgr)
DRV - [2009/07/28 05:09:38 | 000,063,240 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdbridge.sys -- (Bridge0)
DRV - [2009/07/21 21:14:58 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wsvd.sys -- (wsvd)
DRV - [2009/07/15 20:37:16 | 000,011,792 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WDMirror.sys -- (wdmirror)
DRV - [2009/07/13 20:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 20:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2008/11/16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007/04/09 18:07:48 | 000,011,776 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2007/01/18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/
IE - HKCU\..\SearchScopes,DefaultScope = {62CB8808-0EAA-4724-A910-77B798653904}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{62CB8808-0EAA-4724-A910-77B798653904}: "URL" = http://br.search.yah...p={SearchTerms}
IE - HKCU\..\SearchScopes\{BC2C7794-A351-4F22-B31E-0391D1908B4E}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Pesquisa Segura"
FF - prefs.js..browser.startup.homepage: "http://www.google.com.br/"
FF - prefs.js..extensions.enabledAddons: %7B4ED1F68A-5463-4931-9384-8FFF5ED91D92%7D:3.6.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - prefs.js..keyword.URL: "http://br.search.yah...h?fr=mcafee&p="
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..browser.search.defaultenginename: "Pesquisa Segura"
FF - prefs.js..browser.search.order.1: "Pesquisa Segura"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.5: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Danilo\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Danilo\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Danilo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/09/23 18:28:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danilo\AppData\Roaming\mozilla\Extensions
[2014/01/27 16:42:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danilo\AppData\Roaming\mozilla\Firefox\Profiles\1lw49e0c.default\extensions
[2014/01/27 16:42:12 | 000,000,000 | ---D | M] (McAfee SafeKey) -- C:\Users\Danilo\AppData\Roaming\mozilla\Firefox\Profiles\1lw49e0c.default\extensions\{072844D3-7DEE-45F6-A406-E87F76302E4B}
File not found (No name found) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: Google Wallet = C:\Users\Danilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\

O1 HOSTS File: ([2013/05/26 19:02:45 | 000,000,849 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de Programas\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de Programas\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [Energy Management] C:\Arquivos de Programas\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyCut] C:\Arquivos de Programas\Lenovo\EnergyCut\EnergyCut.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jaureg.exe (Oracle Corporation)
O4 - Startup: C:\Users\Danilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Danilo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: safekey - file://C:\Users\Danilo\AppData\LocalLow\safekey\context.html?cmd=lastpass File not found
O8 - Extra context menu item: SafeKey Fill Forms - file://C:\Users\Danilo\AppData\LocalLow\safekey\context.html?cmd=fillforms File not found
O9 - Extra Button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Arquivos de Programas\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7F9E1A4-504D-420F-A592-AC4F66CE413B}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de Programas\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de Programas\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Arquivos de Programas\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Arquivos de Programas\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/16 05:03:56 | 000,000,000 | ---D | C] -- C:\FRST
[2014/02/12 16:00:37 | 000,000,000 | R--D | C] -- C:\Users\Danilo\Searches
[2014/01/27 15:34:27 | 000,174,488 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
[2014/01/20 16:15:57 | 000,000,000 | ---D | C] -- C:\Users\Danilo\AppData\Local\DOSBox
[2014/01/20 16:15:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74
[2014/01/20 16:15:34 | 000,000,000 | ---D | C] -- C:\Program Files\DOSBox-0.74
[2013/09/02 01:00:06 | 026,838,560 | ---- | C] (McAfee) -- C:\Program Files\Common Files\lpuninstall.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/02/16 23:33:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/16 22:57:03 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3440027988-2761262164-3458294289-1000UA.job
[2014/02/16 22:11:55 | 000,031,312 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/16 22:11:55 | 000,031,312 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/16 22:09:02 | 000,717,994 | ---- | M] () -- C:\Windows\System32\prfh0416.dat
[2014/02/16 22:09:02 | 000,666,224 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/02/16 22:09:02 | 000,152,872 | ---- | M] () -- C:\Windows\System32\prfc0416.dat
[2014/02/16 22:09:02 | 000,127,234 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/02/16 22:07:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/16 22:03:11 | 000,000,022 | ---- | M] () -- C:\Windows\S.dirmngr
[2014/02/16 22:02:41 | 1292,029,952 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/16 04:57:00 | 000,001,030 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3440027988-2761262164-3458294289-1000Core.job
[2014/02/12 02:40:57 | 001,048,819 | ---- | M] () -- C:\Users\Danilo\Desktop\favoritos_12_02_14.html
[2014/01/27 16:42:21 | 026,838,560 | ---- | M] (McAfee) -- C:\Program Files\Common Files\lpuninstall.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/02/16 21:57:59 | 000,000,022 | ---- | C] () -- C:\Windows\S.dirmngr
[2014/02/12 02:40:56 | 001,048,819 | ---- | C] () -- C:\Users\Danilo\Desktop\favoritos_12_02_14.html
[2013/11/05 20:54:03 | 1073,741,823 | ---- | C] () -- C:\Users\Danilo\Zword
[2013/10/09 23:57:52 | 000,007,666 | ---- | C] () -- C:\Users\Danilo\AppData\Local\Resmon.ResmonCfg
[2013/07/20 14:34:28 | 000,030,002 | ---- | C] () -- C:\Windows\System32\drivers\fvstore.dat
[2013/07/13 22:33:55 | 000,000,170 | ---- | C] () -- C:\Users\Danilo\.packettracer
[2013/05/29 00:07:15 | 000,000,076 | ---- | C] () -- C:\Users\Danilo\.gitconfig
[2013/02/28 22:47:36 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2013/02/19 19:43:58 | 000,000,407 | ---- | C] () -- C:\Users\Danilo\AppData\Roaming\Checksum.ini
[2013/02/01 16:30:09 | 000,015,616 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2012/10/01 14:04:48 | 000,154,112 | ---- | C] () -- C:\Windows\System32\Tngremov.exe
[2011/11/27 17:32:15 | 000,011,126 | ---- | C] () -- C:\Users\Danilo\gsview32.ini
[2011/11/07 19:51:34 | 000,000,036 | ---- | C] () -- C:\Users\Danilo\.org.eclipse.epp.usagedata.recording.userId
[2011/10/29 20:42:04 | 000,000,094 | ---- | C] () -- C:\Users\Danilo\AppData\Local\fusioncache.dat
[2011/09/23 16:06:01 | 000,001,412 | ---- | C] () -- C:\ProgramData\profile.xml

========== ZeroAccess Check ==========

[2009/07/14 01:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 22:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 18:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 22:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/09/01 16:20:56 | 000,000,000 | ---D | M] -- C:\Users\Danilo\AppData\Roaming\.minecraft
[2011/11/05 20:43:38 | 000,000,000 | ---D | M] -- C:\Users\Danilo\AppData\Roaming\Blender Foundation
[2013/12/09 03:11:36 | 000,000,000 | ---D | M] -- C:\Users\Danilo\AppData\Roaming\DAEMON Tools Lite
[2013/10/12 22:29:16 | 000,000,000 | ---D | M] -- C:\Users\Danilo\AppData\Roaming\Dev-Cpp
[2014/02/16 22:11:45 | 000,000,000 | ---D | M] -- C:\Users\Danilo\AppData\Roaming\Dropbox
[2013/05/01 17:37:27 | 000,000,000 | ---D | M] -- C:\Users\Danilo\AppData\Roaming\Foxit Software
[2013/02/21 19:39:33 | 000,000,000 | ---D | M] -- C:\Users\Danilo\AppData\Roaming\gnupg
[2012/08/09 15:33:19 | 000,000,000 | ---D | M] -- C:\Users\Danilo\AppData\Roaming\JabRef 2.8.1
[2011/09/23 15:09:04 | 000,000,000 | ---D | M] -- C:\Users\Danilo\AppData\Roaming\Lenovo
[2011/10/28 00:39:43 | 000,000,000 | ---D | M] -- C:\Users\Danilo\AppData\Roaming\LibreOffice
[2014/01/02 21:47:34 | 000,000,000 | ---D | M] -- C:\Users\Danilo\AppData\Roaming\Rags
[2012/10/10 15:51:53 | 000,000,000 | ---D | M] -- C:\Users\Danilo\AppData\Roaming\Sublime Text 2
[2012/11/13 15:22:31 | 000,000,000 | ---D | M] -- C:\Users\Danilo\AppData\Roaming\Subversion
[2013/11/24 17:10:20 | 000,000,000 | ---D | M] -- C:\Users\Danilo\AppData\Roaming\TrueCrypt
[2014/02/12 02:33:47 | 000,000,000 | ---D | M] -- C:\Users\Danilo\AppData\Roaming\uTorrent
[2013/07/20 13:03:56 | 000,000,000 | ---D | M] -- C:\Users\Danilo\AppData\Roaming\Wireshark

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:425759C6
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:7ADB695A

< End of report >
  • 0

Advertisements

#2
JSntgRvr
Posted 21 February 2014 - 07:36 AM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Hi and :welcome:

Please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Plug the flash drive into the infected PC.
  • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
  • Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
    To make a repair disk on Windows 7 consult: http://www.sevenforu...isc-create.html


    To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt

    Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

  • 0

#3
Habelaumus
Posted 22 February 2014 - 03:07 PM

Habelaumus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Sorry for taking so long, ran into some non related problemas but here is the log. Thanks.
Also, not sure if it is of any help but the problem occurs in Safe Mode and Memory Diag (the one you can access through Advanced Boot Options) came up ok.



Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-02-2014
Ran by SISTEMA on MININT-G2A53AS on 22-02-2014 17:27:58
Running from G:\
Windows 7 Professional Service Pack 1 (X86) OS Language: Portuguese Brazilian
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Energy Management] - C:\Program Files\Lenovo\Energy Management\Energy Management.exe [8951744 2011-01-06] (Lenovo (Beijing) Limited)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1877288 2010-09-03] (Synaptics Incorporated)
HKLM\...\Run: [EnergyCut] - C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe [1167360 2007-03-09] (Lenovo (Beijing) Limited)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jaureg.exe [234872 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-27] ()
HKU\Danilo\...\Run: [Google Update] - C:\Users\Danilo\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-09-23] (Google Inc.)
Startup: C:\Users\Danilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

========================== Services (Whitelisted) =================

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [284160 2011-01-25] (Advanced Micro Devices, Inc.)
S2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [140224 2010-06-17] (Advanced Micro Devices)
S2 DirMngr; C:\Program Files\GNU\GnuPG\dirmngr.exe [224256 2011-03-02] ()
S3 IGRS; C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-15] (Lenovo Group Limited)
S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509280 2010-12-28] (Lenovo Group Limited)
S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [578912 2010-12-28] (Lenovo Group Limited)
S2 LogWatch; C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe [75016 2008-05-20] (CA)
S4 OracleJobSchedulerXE; c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe [102400 2006-02-01] ()
S3 OracleMTSRecoveryService; C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe [57616 2006-02-01] (Oracle Corporation)
S2 OracleServiceXE; c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE [59064320 2006-02-01] (Oracle Corporation)
S3 OracleXEClrAgent; C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe [45056 2006-02-01] ()
S2 OracleXETNSListener; C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe [204800 2006-02-01] ()
S3 PS_MDP; C:\Program Files\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-16] (Lenovo Group Limited)
S2 ReadyComm.DirectRouter; C:\Program Files\Lenovo\ReadyComm\common\router.dll [103688 2009-07-15] (Lenovo Group Limited)
S2 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]
S4 McMPFSvc; "C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

S3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [11776 2007-04-09] (Lenovo Corporation)
S0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [62592 2010-05-14] (Advanced Micro Devices)
S0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [24192 2010-05-14] (Advanced Micro Devices)
S3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [63240 2009-07-28] (Lenovo)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S4 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [232512 2011-09-23] (DT Soft Ltd)
S0 LHDmgr; C:\Windows\System32\DRIVERS\LhdX86.sys [32352 2010-01-15] (Lenovo.)
S2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [133992 2013-12-05] (McAfee, Inc.)
S2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [572688 2013-12-05] (McAfee, Inc.)
S2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 RSUSBVSTOR; C:\Windows\System32\Drivers\RtsUVStor.sys [218624 2010-09-30] (Realtek Semiconductor Corp.)
S3 TrueSight; C:\Windows\system32\drivers\TrueSight.sys [15616 2013-02-02] ()
S3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [196352 2010-10-21] (Vimicro Corporation)
S3 vmuvcflt; C:\Windows\System32\Drivers\vmuvcflt.sys [5888 2010-08-16] (Vimicro Corporation)
S3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11792 2009-07-15] (Windows ® Codename Longhorn DDK provider)
S3 wsvd; C:\Windows\System32\DRIVERS\wsvd.sys [81704 2009-07-21] (CyberLink)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-22 17:27 - 2014-02-22 17:27 - 00000000 ____D () C:\FRST
2014-02-22 02:52 - 2014-02-22 02:52 - 01142784 _____ (Farbar) C:\Users\Danilo\Downloads\FRST.exe
2014-02-21 18:20 - 2014-02-21 02:52 - 00722789 _____ () C:\Users\Danilo\Desktop\Bookmarks
2014-02-19 21:29 - 2014-02-19 21:29 - 01061567 _____ () C:\Users\Danilo\Desktop\favoritos_19_02_14.html
2014-02-19 18:59 - 2014-02-19 18:59 - 00000000 ____D () C:\Users\Danilo\Downloads\explorer++_1.3.5_x86
2014-02-16 23:59 - 2014-02-16 23:59 - 00062214 _____ () C:\Users\Danilo\Downloads\Extras.Txt
2014-02-16 23:50 - 2014-02-16 23:50 - 00068352 _____ () C:\Users\Danilo\Downloads\OTL.Txt
2014-02-16 23:33 - 2014-02-16 23:33 - 00602112 _____ (OldTimer Tools) C:\Users\Danilo\Downloads\OTL.exe
2014-02-13 01:21 - 2014-02-06 07:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-02-13 01:21 - 2014-02-06 07:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-02-13 01:21 - 2014-02-06 07:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-02-13 01:21 - 2014-02-06 07:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-02-13 01:21 - 2014-02-06 06:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-02-13 01:21 - 2014-02-06 06:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-02-13 01:21 - 2014-02-06 06:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-02-13 01:21 - 2014-02-06 06:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-02-13 01:21 - 2014-02-06 06:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-02-13 01:21 - 2014-02-06 06:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-02-13 01:21 - 2014-02-06 06:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-02-13 01:21 - 2014-02-06 06:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-02-13 01:21 - 2014-02-06 06:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-02-13 01:21 - 2014-02-06 06:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-02-13 01:21 - 2014-02-06 06:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-02-13 01:21 - 2014-02-06 05:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-02-13 01:21 - 2014-02-06 05:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-02-13 01:21 - 2014-02-06 05:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-02-13 01:20 - 2014-02-06 07:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-02-13 01:20 - 2014-02-06 06:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-02-13 01:20 - 2014-02-06 06:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-02-13 01:13 - 2013-12-21 05:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-02-12 16:53 - 2013-12-31 20:05 - 00420008 _____ () C:\Windows\System32\locale.nls
2014-02-12 16:53 - 2013-12-05 23:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2014-02-12 16:53 - 2013-12-05 23:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2014-02-12 16:51 - 2013-12-24 20:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2014-02-12 16:51 - 2013-12-03 23:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\System32\secproc.dll
2014-02-12 16:51 - 2013-12-03 23:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\System32\secproc_isv.dll
2014-02-12 16:51 - 2013-12-03 23:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\System32\secproc_ssp_isv.dll
2014-02-12 16:51 - 2013-12-03 23:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\System32\secproc_ssp.dll
2014-02-12 16:51 - 2013-12-03 23:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\System32\msdrm.dll
2014-02-12 16:51 - 2013-12-03 22:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\System32\RMActivate_isv.exe
2014-02-12 16:51 - 2013-12-03 22:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\System32\RMActivate.exe
2014-02-12 16:51 - 2013-12-03 22:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\System32\RMActivate_ssp.exe
2014-02-12 16:51 - 2013-12-03 22:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\System32\RMActivate_ssp_isv.exe
2014-02-12 16:51 - 2013-11-26 05:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2014-02-09 17:01 - 2014-02-09 17:01 - 00000784 _____ () C:\Users\Danilo\Desktop\Forms of.txt
2014-01-27 15:34 - 2013-12-05 16:21 - 00174488 _____ (McAfee, Inc.) C:\Windows\System32\mfevtps.exe

==================== One Month Modified Files and Folders =======

2014-02-22 17:27 - 2014-02-22 17:27 - 00000000 ____D () C:\FRST
2014-02-22 06:01 - 2011-09-23 03:28 - 01102718 _____ () C:\Windows\WindowsUpdate.log
2014-02-22 06:01 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\System32\LogFiles
2014-02-22 05:06 - 2012-10-19 22:03 - 00000000 ___RD () C:\Users\Danilo\Dropbox
2014-02-22 05:06 - 2011-10-29 22:15 - 00000000 ____D () C:\Users\Danilo\AppData\Roaming\Dropbox
2014-02-22 04:37 - 2012-04-15 05:37 - 00000000 ____D () C:\Users\Danilo\Downloads\Programas
2014-02-22 04:27 - 2009-07-14 01:34 - 00031312 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-22 04:27 - 2009-07-14 01:34 - 00031312 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-22 03:15 - 2011-04-12 01:47 - 00717994 _____ () C:\Windows\System32\prfh0416.dat
2014-02-22 03:15 - 2011-04-12 01:47 - 00152872 _____ () C:\Windows\System32\prfc0416.dat
2014-02-22 03:15 - 2010-11-20 18:01 - 01670658 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-02-22 02:52 - 2014-02-22 02:52 - 01142784 _____ (Farbar) C:\Users\Danilo\Downloads\FRST.exe
2014-02-22 02:39 - 2011-10-01 03:43 - 00000000 ____D () C:\Users\Danilo\AppData\Roaming\Media Player Classic
2014-02-21 02:52 - 2014-02-21 18:20 - 00722789 _____ () C:\Users\Danilo\Desktop\Bookmarks
2014-02-21 01:34 - 2012-12-07 15:25 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2014-02-21 01:34 - 2011-09-23 18:38 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2014-02-19 21:29 - 2014-02-19 21:29 - 01061567 _____ () C:\Users\Danilo\Desktop\favoritos_19_02_14.html
2014-02-19 19:22 - 2011-11-09 23:04 - 00000000 ____D () C:\Users\Danilo\Documents\Backup do Registro
2014-02-19 18:59 - 2014-02-19 18:59 - 00000000 ____D () C:\Users\Danilo\Downloads\explorer++_1.3.5_x86
2014-02-17 17:40 - 2013-09-21 12:17 - 00000000 ____D () C:\Users\Danilo\AppData\Roaming\uTorrent
2014-02-17 00:20 - 2011-09-23 16:34 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-16 23:59 - 2014-02-16 23:59 - 00062214 _____ () C:\Users\Danilo\Downloads\Extras.Txt
2014-02-16 23:50 - 2014-02-16 23:50 - 00068352 _____ () C:\Users\Danilo\Downloads\OTL.Txt
2014-02-16 23:33 - 2014-02-16 23:33 - 00602112 _____ (OldTimer Tools) C:\Users\Danilo\Downloads\OTL.exe
2014-02-15 17:02 - 2011-11-09 23:00 - 00000000 ____D () C:\Windows\pss
2014-02-15 01:23 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\rescache
2014-02-14 19:21 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-13 01:20 - 2013-07-18 17:41 - 00000000 ____D () C:\Windows\System32\MRT
2014-02-13 01:13 - 2011-09-30 23:20 - 85946576 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-02-13 01:11 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\System32\pt-BR
2014-02-12 16:00 - 2011-09-23 11:46 - 00000000 ____D () C:\users\Danilo
2014-02-09 23:15 - 2012-04-04 15:13 - 00000000 ____D () C:\Users\Danilo\AppData\Local\CrashDumps
2014-02-09 17:01 - 2014-02-09 17:01 - 00000784 _____ () C:\Users\Danilo\Desktop\Forms of.txt
2014-02-06 07:38 - 2014-02-13 01:20 - 17103872 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-02-06 07:20 - 2014-02-13 01:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-02-06 07:19 - 2014-02-13 01:21 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 07:01 - 2014-02-13 01:21 - 00061952 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-02-06 07:00 - 2014-02-13 01:21 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-02-06 06:57 - 2014-02-13 01:21 - 02168320 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-02-06 06:52 - 2014-02-13 01:21 - 00043008 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-02-06 06:52 - 2014-02-13 01:21 - 00032768 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-02-06 06:49 - 2014-02-13 01:21 - 00440832 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-02-06 06:47 - 2014-02-13 01:21 - 00112128 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-02-06 06:47 - 2014-02-13 01:21 - 00108032 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-02-06 06:46 - 2014-02-13 01:21 - 00553472 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-02-06 06:34 - 2014-02-13 01:21 - 00208896 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-02-06 06:25 - 2014-02-13 01:21 - 00164864 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-02-06 06:25 - 2014-02-13 01:20 - 04244480 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-02-06 06:13 - 2014-02-13 01:21 - 00524288 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-02-06 06:09 - 2014-02-13 01:21 - 01964032 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-02-06 06:03 - 2014-02-13 01:20 - 11266048 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-02-06 05:41 - 2014-02-13 01:21 - 01820160 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-02-06 05:36 - 2014-02-13 01:21 - 01156096 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-02-06 05:34 - 2014-02-13 01:21 - 00703488 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-01-27 22:31 - 2012-09-02 18:44 - 00000000 ____D () C:\Program Files\Common Files\Mcafee
2014-01-27 22:31 - 2012-09-02 18:43 - 00000000 ____D () C:\Program Files\McAfee
2014-01-27 22:31 - 2011-09-23 14:20 - 00000000 ____D () C:\Users\Todos os Usuários\McAfee
2014-01-27 22:31 - 2011-09-23 14:20 - 00000000 ____D () C:\ProgramData\McAfee
2014-01-27 20:23 - 2012-08-01 15:32 - 00000000 ____D () C:\Users\Danilo\Documents\McAfee Vaults
2014-01-27 16:42 - 2013-09-02 01:00 - 26838560 _____ (McAfee) C:\Program Files\Common Files\lpuninstall.exe
2014-01-27 16:42 - 2013-09-02 00:58 - 00000000 ____D () C:\Program Files\SafeKey
2014-01-27 15:31 - 2012-10-16 22:57 - 00000230 _____ () C:\Users\Danilo\Desktop\email sites.txt
2014-01-26 20:25 - 2012-03-04 00:45 - 00000000 ____D () C:\Users\Danilo\Documents\Fotos

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2014-02-13 01:10:47
Restore point made on: 2014-02-16 21:10:00
Restore point made on: 2014-02-19 18:37:31
Restore point made on: 2014-02-19 21:43:54
Restore point made on: 2014-02-21 22:12:00

==================== Memory info ===========================

Percentage of memory in use: 26%
Total physical RAM: 1642.9 MB
Available physical RAM: 1208.01 MB
Total Pagefile: 1642.9 MB
Available Pagefile: 1205.91 MB
Total Virtual: 2047.88 MB
Available Virtual: 1940.65 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:254.14 GB) (Free:150.44 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:11.46 GB) NTFS
Drive g: (DANILO) (Removable) (Total:7.45 GB) (Free:0.07 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: () (Fixed) (Total:0.2 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 015ED6FA)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=254 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=15 GB) - (Type=12)

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.


LastRegBack: 2014-02-19 00:52

==================== End Of Log ============================

Edited by Habelaumus, 22 February 2014 - 03:08 PM.

  • 0

#4
JSntgRvr
Posted 22 February 2014 - 06:48 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Does it happen also in Normal Mode? I see not issues in that report.

Please download ComboFix from Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • Install the Recovery Console if prompted.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" .
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.
  • 0

#5
Habelaumus
Posted 22 February 2014 - 08:05 PM

Habelaumus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Yes, it happens in Normal Mode as well, I'll run ComboFix, will be back later with the results.
  • 0

#6
Habelaumus
Posted 22 February 2014 - 10:59 PM

Habelaumus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
When ComboFix prompted the screen saying: "Searching for infected files. It usually takes less than 10 minutes but may easily take double if ...etc" I checked the time and it has been 2:50 hours ago, ComboFix is still running, I'm posting from another computer.

I was going to stop it but after reading this thread I've decided not to. I'm going to return within some hours to update you on what's happening.

By the way, I'm without an antivirus at the moment (after McAfee and Avira not working, I though it'd be better to get rid of the infection before installing a new one).

Edit: Some time ago I also tried running that DDS.com (at request) but it froze at every atempt.

Edited by Habelaumus, 22 February 2014 - 11:00 PM.

  • 0

#7
JSntgRvr
Posted 23 February 2014 - 07:26 AM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Any progress?
  • 0

#8
Habelaumus
Posted 23 February 2014 - 09:38 AM

Habelaumus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
ComboFix is running for 13 hours, no disk activity for at least the last 10 hours as far as I've seen. However it (or something else) is still running as my pc isn't blocking for inactivity.

The way I see it, FarBar and OTL finish their scans but show nothing of note. ComboFix and DDS don't finish their scans. Is there something in commom between ComboFix and DDS that FarBar and OTL lack?
Or is there something that both ComboFix and DDS do that FarBar and OTL don't?
  • 0

#9
JSntgRvr
Posted 23 February 2014 - 12:41 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
RKill is a program developed at BleepingComputer.com that was originally designed for the use in our virus removal guides. It was created so that we could have an easy to use tool that kills known processes and remove Windows Registry entries that stop a user from using their normal security applications. Simple as that. Nothing fancy. Just kill known malware processes and clean up some Registry keys so that your security programs can do their job.

So in summary, RKill just kills 32-bit and 64-bit malware processes and scans the registry for entries that would not allow you to run various legitimate programs. When scanning the Registry, Rkill will search for malicious Image File Execution Objects, DisallowRuns entries, executable hijacks, and policies that restrict your use of various Windows utilities. When changing Windows Registry entries it will create a backup of these entries and save them in the rkill folder on your desktop. Each registry backup will contain a time stamp so that the backups are not overwritten on subsequent runs of Rkill.

Since RKill only terminates processes and does not remove the offending files, when it is finished you should not reboot your computer. If you do, these malware processes that are set to start automatically, will just start up again. Instead, after running RKill you should scan your computer using your malware removal tool of choice. If there is a problem after running RKill, just reboot your computer and you will be back to where you started before running the program.

RKill can be downloaded from the following location:

http://www.bleepingc...download/rkill/

A report, rkill.log will be created in the root directory, usualy C:\. Post that report on your next reply.

Run Combofix right after Rkill has completed.
  • 0

#10
Habelaumus
Posted 23 February 2014 - 05:08 PM

Habelaumus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Ran RKill, it found nothing. ComboFix is running for 35 minutes now without disk activity, can I close it? I'll post the RKill log when CF is done.
  • 0

Advertisements

#11
Habelaumus
Posted 23 February 2014 - 05:26 PM

Habelaumus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I tried to close ComboFix but it had stalled (like the previous time). There was no rkill.log at C: but there was a RKill.txt at Desktop, I'm pasting its content below.


Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingc...opic308364.html

Program started at: 02/23/2014 07:25:57 PM in x86 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* Conexões de Rede (Netman) is not Running.
Startup Type set to: Manual

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 02/23/2014 07:28:02 PM
Execution time: 0 hours(s), 2 minute(s), and 4 seconds(s)
  • 0

#12
JSntgRvr
Posted 24 February 2014 - 10:46 AM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Open an administrator command prompt. (Press the Windows key type CMD, then press CTRL+SHIFT+ENTER). At the prompt type the following and press Enter:

SFC /SCANNOW

Type Exit and press Enter to return to Windows. Let me know the outcome.

Download aswMBR.exe ( 511KB ) to your desktop. If you already have this application, this is a new version I need you to download.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

The tool will also produce a copy of the mbrdump labeled MBR.dat. Please upload that file here.
  • 0

#13
Habelaumus
Posted 24 February 2014 - 05:18 PM

Habelaumus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I know you said not to download anything but I was unable to access cmd with Admin rights (win+cmd not working, win+r not working) so I downloaded a shortcut for Elevated Prompt from a place I guess is trustable.

Anyway, sfc /scannow found nothing. I ran aswMBR and it asked if I wanted to download Avast! definitions, saying it would make for a better scan, I accepted and after the download a new option appeared on the screen saying: 'AV Scan' and a combobox with the options: Quickscan, C:, [...] and None. I selected C: and clicked Scan, during the process I had the first BSOD in years. As far as I can see aswMBR didn't save any files. I'll try again with Quickscan and post back.


Edit: I ran Quickscan and it didn't give a Blue Screen, it was running for longer than the previous scan and I thought it'd finish but eventually it froze and a screen prompted saying: "avast! Antirootkit has stopped working". Here is a image with the frozen screen (at the bottom you can see the lack of Taskbar).

Last line reads:
Scanning: C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.PolicyMa
The end isn't visible but I guess it's PolicyMaker

Also, whilst ComboFix was running the other day I used another computer in this same network to access this site and post. Now the person who uses that computer said it has been infected and won't do anything she asks, the sound is not working (it isn't here neither) but she still has the Taskbar (which I don't), I haven't seen that computer yet myself. That other computer had Avast!, she said it detected a virus and sent it to quarantine, but the virus got back and Avast! now freezes, she's trying to install Avira. There are other computers using this same network but apparently none of them are infected. She can't remember the name of the virus Avast! found but she thinks it's something nsis. I'll make a thread for the other computer later if that's ok.

I don't think the virus has gone to the other computer because of any links nor files but making use of our network. It's the only other computer so far showing problems and they only started after I used it to post here.

Edited by Habelaumus, 24 February 2014 - 08:08 PM.

  • 0

#14
JSntgRvr
Posted 25 February 2014 - 01:22 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Run FRST in Normal Mode and scan. Post the new FRST.txt and Addition.txt that will be produced. Both logs will be next to FRST.

Download the enclosed file.

Save it in the same location FRST is saved. Run FRST and click on the Fix button.

The tool will make a log on the flashdrive (Fixlog.txt). It will also create a file labeled MBRDUMP.txt. Copy and Paste the contents of the Fixlog.txt in your next reply, but attach the MBRDUMP.txt as it is a hex file.
  • 0

#15
Habelaumus
Posted 25 February 2014 - 02:10 PM

Habelaumus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I'm currently unable to upload MBRDUMP.txt because clicking the Choose file button will show my folders but they'll show up as being empty. Sometime ago I downloaded Explorer++ in order to browse folders and I can see the file was created an is currently on my pendrive but I'm concerned that using this device in a working computer may infect it as well. What do you suggest?

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-02-2014 01
Ran by Danilo (administrator) on DANILO-PC on 25-02-2014 16:52:42
Running from G:\
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Portuguese Brazilian
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Advanced Micro Devices) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
() C:\Program Files\GNU\GnuPG\dirmngr.exe
(CA) C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
(CA) C:\Program Files\CA\SharedComponents\CA_LIC\lic98Service.exe
(Oracle Corporation) c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
() C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
(Microsoft Corporation) C:\Windows\System32\IgrsSvcs.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Energy Management\Energy Management.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo (Beijing) Limited) C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Dropbox, Inc.) C:\Users\Danilo\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink) C:\Program Files\Lenovo\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe
(Google Inc.) C:\Users\Danilo\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Danilo\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\cmd.exe
() C:\Users\Danilo\Downloads\explorer++_1.3.5_x86\Explorer++.exe
(Google Inc.) C:\Users\Danilo\AppData\Local\Google\Chrome\Application\chrome.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Energy Management\Utility.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Energy Management] - C:\Program Files\Lenovo\Energy Management\Energy Management.exe [8951744 2011-01-06] (Lenovo (Beijing) Limited)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1877288 2010-09-03] (Synaptics Incorporated)
HKLM\...\Run: [EnergyCut] - C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe [1167360 2007-03-09] (Lenovo (Beijing) Limited)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jaureg.exe [234872 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-27] ()
HKU\S-1-5-21-3440027988-2761262164-3458294289-1000\...\Run: [Google Update] - C:\Users\Danilo\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-09-23] (Google Inc.)
Startup: C:\Users\Danilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Danilo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/
SearchScopes: HKCU - DefaultScope {62CB8808-0EAA-4724-A910-77B798653904} URL = http://br.search.yah...p={SearchTerms}
SearchScopes: HKCU - {62CB8808-0EAA-4724-A910-77B798653904} URL = http://br.search.yah...p={SearchTerms}
SearchScopes: HKCU - {BC2C7794-A351-4F22-B31E-0391D1908B4E} URL = http://www.google.co...q={searchTerms}
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Danilo\AppData\Roaming\Mozilla\Firefox\Profiles\1lw49e0c.default
FF SelectedSearchEngine: Pesquisa Segura
FF Homepage: hxxp://www.google.com.br/
FF Keyword.URL: hxxp://br.search.yahoo.com/search?fr=mcafee&p=
FF NetworkProxy: "type", 0
FF DefaultSearchEngine: Pesquisa Segura
FF SearchEngineOrder.1: Pesquisa Segura
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/wpi,version=1.5 - C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll (Microsoft Corp)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Danilo\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Danilo\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Danilo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: McAfee SafeKey - C:\Users\Danilo\AppData\Roaming\Mozilla\Firefox\Profiles\1lw49e0c.default\Extensions\{072844D3-7DEE-45F6-A406-E87F76302E4B} [2014-01-27]

Chrome:
=======
CHR DefaultSearchKeyword: google.com.br
CHR Extension: (Google Wallet) - C:\Users\Danilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR HKLM\...\Chrome\Extension: [agbnjankikoaabjkmfbaceggjliabkbn] - C:\Program Files\SafeKey\lpchrome.crx [2013-10-02]
CHR StartMenuInternet: Google Chrome - C:\Users\Danilo\AppData\Local\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [284160 2011-01-25] (Advanced Micro Devices, Inc.)
R2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [140224 2010-06-17] (Advanced Micro Devices)
R2 DirMngr; C:\Program Files\GNU\GnuPG\dirmngr.exe [224256 2011-03-02] ()
S3 IGRS; C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-15] (Lenovo Group Limited)
S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509280 2010-12-28] (Lenovo Group Limited)
S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [578912 2010-12-28] (Lenovo Group Limited)
R2 LogWatch; C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe [75016 2008-05-20] (CA)
S4 OracleJobSchedulerXE; c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe [102400 2006-02-01] ()
S3 OracleMTSRecoveryService; C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe [57616 2006-02-01] (Oracle Corporation)
R2 OracleServiceXE; c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE [59064320 2006-02-01] (Oracle Corporation)
S3 OracleXEClrAgent; C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe [45056 2006-02-01] ()
R2 OracleXETNSListener; C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe [204800 2006-02-01] ()
S3 PS_MDP; C:\Program Files\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-16] (Lenovo Group Limited)
R2 ReadyComm.DirectRouter; C:\Program Files\Lenovo\ReadyComm\common\router.dll [103688 2009-07-15] (Lenovo Group Limited)
S2 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]
S4 McMPFSvc; "C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

R3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [11776 2007-04-09] (Lenovo Corporation)
R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [62592 2010-05-14] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [24192 2010-05-14] (Advanced Micro Devices)
S3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [63240 2009-07-28] (Lenovo)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S4 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [232512 2011-09-23] (DT Soft Ltd)
R0 LHDmgr; C:\Windows\System32\DRIVERS\LhdX86.sys [32352 2010-01-15] (Lenovo.)
S2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [133992 2013-12-05] (McAfee, Inc.)
R2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [572688 2013-12-05] (McAfee, Inc.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 RSUSBVSTOR; C:\Windows\System32\Drivers\RtsUVStor.sys [218624 2010-09-30] (Realtek Semiconductor Corp.)
U3 TrueSight; C:\Windows\system32\drivers\TrueSight.sys [15616 2013-02-02] ()
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [196352 2010-10-21] (Vimicro Corporation)
R3 vmuvcflt; C:\Windows\System32\Drivers\vmuvcflt.sys [5888 2010-08-16] (Vimicro Corporation)
R3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11792 2009-07-15] (Windows ® Codename Longhorn DDK provider)
S3 wsvd; C:\Windows\System32\DRIVERS\wsvd.sys [81704 2009-07-21] (CyberLink)
S3 catchme; \??\C:\Users\Danilo\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-25 16:50 - 2014-02-25 16:50 - 00000056 _____ () C:\Users\Danilo\Downloads\fixlist.txt
2014-02-25 14:24 - 2014-02-25 14:24 - 00000022 _____ () C:\Windows\S.dirmngr
2014-02-24 20:21 - 2014-02-24 20:21 - 00000430 _____ () C:\Users\Danilo\Desktop\aswMBR.txt
2014-02-24 20:01 - 2014-02-24 20:02 - 00144320 _____ () C:\Windows\Minidump\022414-29998-01.dmp
2014-02-24 20:01 - 2014-02-24 20:01 - 188855197 _____ () C:\Windows\MEMORY.DMP
2014-02-24 19:40 - 2014-02-24 19:41 - 04745728 _____ (AVAST Software) C:\Users\Danilo\Desktop\aswmbr.exe
2014-02-24 19:10 - 2008-08-20 22:16 - 00000689 _____ () C:\Users\Danilo\Downloads\Elevated Command Prompt.lnk
2014-02-23 19:30 - 2014-02-23 19:34 - 00000000 ___SD () C:\ComboFix
2014-02-23 19:25 - 2014-02-23 19:28 - 00002234 _____ () C:\Users\Danilo\Desktop\Rkill.txt
2014-02-23 18:19 - 2014-02-23 18:19 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Danilo\Downloads\rkill.exe
2014-02-23 14:11 - 2014-02-23 20:14 - 00001104 _____ () C:\Windows\PFRO.log
2014-02-22 23:17 - 2011-06-26 03:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-02-22 23:17 - 2010-11-07 14:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-02-22 23:17 - 2009-04-20 01:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-02-22 23:17 - 2000-08-30 21:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-02-22 23:17 - 2000-08-30 21:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-02-22 23:17 - 2000-08-30 21:00 - 00098816 _____ () C:\Windows\sed.exe
2014-02-22 23:17 - 2000-08-30 21:00 - 00080412 _____ () C:\Windows\grep.exe
2014-02-22 23:17 - 2000-08-30 21:00 - 00068096 _____ () C:\Windows\zip.exe
2014-02-22 23:16 - 2014-02-22 23:17 - 00000000 ____D () C:\Qoobox
2014-02-22 23:15 - 2014-02-22 23:15 - 00000000 ____D () C:\Windows\erdnt
2014-02-22 22:47 - 2014-02-23 19:29 - 05184272 ____R (Swearware) C:\Users\Danilo\Desktop\ComboFix.exe
2014-02-22 17:33 - 2014-02-25 14:24 - 00000336 _____ () C:\Windows\setupact.log
2014-02-22 17:33 - 2014-02-22 17:33 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-22 17:27 - 2014-02-25 16:52 - 00000000 ____D () C:\FRST
2014-02-22 02:52 - 2014-02-22 02:52 - 01142784 _____ (Farbar) C:\Users\Danilo\Downloads\FRST.exe
2014-02-21 18:20 - 2014-02-21 02:52 - 00722789 _____ () C:\Users\Danilo\Desktop\Bookmarks
2014-02-19 21:29 - 2014-02-19 21:29 - 01061567 _____ () C:\Users\Danilo\Desktop\favoritos_19_02_14.html
2014-02-19 18:59 - 2014-02-19 18:59 - 00000000 ____D () C:\Users\Danilo\Downloads\explorer++_1.3.5_x86
2014-02-16 23:59 - 2014-02-16 23:59 - 00062214 _____ () C:\Users\Danilo\Downloads\Extras.Txt
2014-02-16 23:50 - 2014-02-16 23:50 - 00068352 _____ () C:\Users\Danilo\Downloads\OTL.Txt
2014-02-16 23:33 - 2014-02-16 23:33 - 00602112 _____ (OldTimer Tools) C:\Users\Danilo\Downloads\OTL.exe
2014-02-13 01:21 - 2014-02-06 07:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 01:21 - 2014-02-06 07:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-13 01:21 - 2014-02-06 07:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-13 01:21 - 2014-02-06 07:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-13 01:21 - 2014-02-06 06:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 01:21 - 2014-02-06 06:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 01:21 - 2014-02-06 06:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-13 01:21 - 2014-02-06 06:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-13 01:21 - 2014-02-06 06:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-13 01:21 - 2014-02-06 06:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-13 01:21 - 2014-02-06 06:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-13 01:21 - 2014-02-06 06:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-13 01:21 - 2014-02-06 06:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-13 01:21 - 2014-02-06 06:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 01:21 - 2014-02-06 06:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-13 01:21 - 2014-02-06 05:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 01:21 - 2014-02-06 05:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 01:21 - 2014-02-06 05:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-13 01:20 - 2014-02-06 07:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 01:20 - 2014-02-06 06:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-13 01:20 - 2014-02-06 06:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 01:13 - 2013-12-21 05:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 16:53 - 2013-12-31 20:05 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 16:53 - 2013-12-05 23:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 16:53 - 2013-12-05 23:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 16:51 - 2013-12-24 20:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 16:51 - 2013-12-03 23:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 16:51 - 2013-12-03 23:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 16:51 - 2013-12-03 23:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 16:51 - 2013-12-03 23:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 16:51 - 2013-12-03 23:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 16:51 - 2013-12-03 22:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 16:51 - 2013-12-03 22:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 16:51 - 2013-12-03 22:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 16:51 - 2013-12-03 22:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 16:51 - 2013-11-26 05:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-09 17:01 - 2014-02-09 17:01 - 00000784 _____ () C:\Users\Danilo\Desktop\Forms of.txt
2014-01-27 15:34 - 2013-12-05 16:21 - 00174488 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe

==================== One Month Modified Files and Folders =======

2014-02-25 16:52 - 2014-02-22 17:27 - 00000000 ____D () C:\FRST
2014-02-25 16:52 - 2011-04-12 01:47 - 00717994 _____ () C:\Windows\system32\prfh0416.dat
2014-02-25 16:52 - 2011-04-12 01:47 - 00152872 _____ () C:\Windows\system32\prfc0416.dat
2014-02-25 16:52 - 2010-11-20 18:01 - 01670658 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-25 16:50 - 2014-02-25 16:50 - 00000056 _____ () C:\Users\Danilo\Downloads\fixlist.txt
2014-02-25 16:49 - 2011-09-23 03:28 - 01266071 _____ () C:\Windows\WindowsUpdate.log
2014-02-25 16:33 - 2012-12-07 15:25 - 00000902 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-25 15:57 - 2011-09-23 23:23 - 00001082 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3440027988-2761262164-3458294289-1000UA.job
2014-02-25 15:56 - 2012-10-19 22:03 - 00000000 ___RD () C:\Users\Danilo\Dropbox
2014-02-25 15:56 - 2011-10-29 22:15 - 00000000 ____D () C:\Users\Danilo\AppData\Roaming\Dropbox
2014-02-25 14:32 - 2009-07-14 01:34 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-25 14:32 - 2009-07-14 01:34 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-25 14:24 - 2014-02-25 14:24 - 00000022 _____ () C:\Windows\S.dirmngr
2014-02-25 14:24 - 2014-02-22 17:33 - 00000336 _____ () C:\Windows\setupact.log
2014-02-25 14:24 - 2009-07-14 01:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-24 22:54 - 2012-04-04 15:13 - 00000000 ____D () C:\Users\Danilo\AppData\Local\CrashDumps
2014-02-24 20:21 - 2014-02-24 20:21 - 00000430 _____ () C:\Users\Danilo\Desktop\aswMBR.txt
2014-02-24 20:02 - 2014-02-24 20:01 - 00144320 _____ () C:\Windows\Minidump\022414-29998-01.dmp
2014-02-24 20:01 - 2014-02-24 20:01 - 188855197 _____ () C:\Windows\MEMORY.DMP
2014-02-24 20:01 - 2011-09-23 13:27 - 00000000 ____D () C:\Windows\Minidump
2014-02-24 19:41 - 2014-02-24 19:40 - 04745728 _____ (AVAST Software) C:\Users\Danilo\Desktop\aswmbr.exe
2014-02-23 20:14 - 2014-02-23 14:11 - 00001104 _____ () C:\Windows\PFRO.log
2014-02-23 19:34 - 2014-02-23 19:30 - 00000000 ___SD () C:\ComboFix
2014-02-23 19:29 - 2014-02-22 22:47 - 05184272 ____R (Swearware) C:\Users\Danilo\Desktop\ComboFix.exe
2014-02-23 19:28 - 2014-02-23 19:25 - 00002234 _____ () C:\Users\Danilo\Desktop\Rkill.txt
2014-02-23 18:19 - 2014-02-23 18:19 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Danilo\Downloads\rkill.exe
2014-02-22 23:17 - 2014-02-22 23:16 - 00000000 ____D () C:\Qoobox
2014-02-22 23:15 - 2014-02-22 23:15 - 00000000 ____D () C:\Windows\erdnt
2014-02-22 17:33 - 2014-02-22 17:33 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-22 06:01 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-02-22 04:57 - 2011-09-23 23:23 - 00001030 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3440027988-2761262164-3458294289-1000Core.job
2014-02-22 04:37 - 2012-04-15 05:37 - 00000000 ____D () C:\Users\Danilo\Downloads\Programas
2014-02-22 02:52 - 2014-02-22 02:52 - 01142784 _____ (Farbar) C:\Users\Danilo\Downloads\FRST.exe
2014-02-22 02:39 - 2011-10-01 03:43 - 00000000 ____D () C:\Users\Danilo\AppData\Roaming\Media Player Classic
2014-02-21 02:52 - 2014-02-21 18:20 - 00722789 _____ () C:\Users\Danilo\Desktop\Bookmarks
2014-02-21 01:34 - 2012-12-07 15:25 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-21 01:34 - 2011-09-23 18:38 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-19 21:29 - 2014-02-19 21:29 - 01061567 _____ () C:\Users\Danilo\Desktop\favoritos_19_02_14.html
2014-02-19 19:22 - 2011-11-09 23:04 - 00000000 ____D () C:\Users\Danilo\Documents\Backup do Registro
2014-02-19 18:59 - 2014-02-19 18:59 - 00000000 ____D () C:\Users\Danilo\Downloads\explorer++_1.3.5_x86
2014-02-17 17:40 - 2013-09-21 12:17 - 00000000 ____D () C:\Users\Danilo\AppData\Roaming\uTorrent
2014-02-17 00:20 - 2011-09-23 16:34 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-16 23:59 - 2014-02-16 23:59 - 00062214 _____ () C:\Users\Danilo\Downloads\Extras.Txt
2014-02-16 23:50 - 2014-02-16 23:50 - 00068352 _____ () C:\Users\Danilo\Downloads\OTL.Txt
2014-02-16 23:33 - 2014-02-16 23:33 - 00602112 _____ (OldTimer Tools) C:\Users\Danilo\Downloads\OTL.exe
2014-02-15 17:02 - 2011-11-09 23:00 - 00000000 ____D () C:\Windows\pss
2014-02-15 01:23 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\rescache
2014-02-14 19:21 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-13 01:20 - 2013-07-18 17:41 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-13 01:13 - 2011-09-30 23:20 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-13 01:11 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\system32\pt-BR
2014-02-12 16:00 - 2011-09-23 11:46 - 00000000 ____D () C:\Users\Danilo
2014-02-09 17:01 - 2014-02-09 17:01 - 00000784 _____ () C:\Users\Danilo\Desktop\Forms of.txt
2014-02-06 07:38 - 2014-02-13 01:20 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 07:20 - 2014-02-13 01:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 07:19 - 2014-02-13 01:21 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 07:01 - 2014-02-13 01:21 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 07:00 - 2014-02-13 01:21 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 06:57 - 2014-02-13 01:21 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 06:52 - 2014-02-13 01:21 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 06:52 - 2014-02-13 01:21 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 06:49 - 2014-02-13 01:21 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 06:47 - 2014-02-13 01:21 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 06:47 - 2014-02-13 01:21 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 06:46 - 2014-02-13 01:21 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 06:34 - 2014-02-13 01:21 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 06:25 - 2014-02-13 01:21 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 06:25 - 2014-02-13 01:20 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 06:13 - 2014-02-13 01:21 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 06:09 - 2014-02-13 01:21 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 06:03 - 2014-02-13 01:20 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 05:41 - 2014-02-13 01:21 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 05:36 - 2014-02-13 01:21 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 05:34 - 2014-02-13 01:21 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-01-27 22:31 - 2012-09-02 18:44 - 00000000 ____D () C:\Program Files\Common Files\Mcafee
2014-01-27 22:31 - 2012-09-02 18:43 - 00000000 ____D () C:\Program Files\McAfee
2014-01-27 22:31 - 2011-09-23 14:20 - 00000000 ____D () C:\Users\Todos os Usuários\McAfee
2014-01-27 22:31 - 2011-09-23 14:20 - 00000000 ____D () C:\ProgramData\McAfee
2014-01-27 20:23 - 2012-08-01 15:32 - 00000000 ____D () C:\Users\Danilo\Documents\McAfee Vaults
2014-01-27 16:42 - 2013-09-02 01:00 - 26838560 _____ (McAfee) C:\Program Files\Common Files\lpuninstall.exe
2014-01-27 16:42 - 2013-09-02 00:58 - 00000000 ____D () C:\Program Files\SafeKey
2014-01-27 15:31 - 2012-10-16 22:57 - 00000230 _____ () C:\Users\Danilo\Desktop\email sites.txt
2014-01-26 20:25 - 2012-03-04 00:45 - 00000000 ____D () C:\Users\Danilo\Documents\Fotos

Some content of TEMP:
====================
C:\Users\Danilo\AppData\Local\Temp\catchme.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-19 00:52

==================== End Of Log ============================

--------------------------------------------------------------------------------------------
Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-02-2014 01
Ran by Danilo at 2014-02-25 16:54:18
Running from G:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
AMD Fuel (Version: 2011.0125.2236.40544 - Nome de sua empresa:) Hidden
Atheros Client Installation Program (HKLM\...\{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}) (Version: 7.0 - Atheros)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.33 - Atheros Communications Inc.)
ATI AVIVO Codecs (Version: 11.6.0.10125 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{A01CC541-B9E1-85C4-8CC9-83B2937A755F}) (Version: 3.0.800.0 - ATI Technologies, Inc.)
Blender (HKLM\...\Blender) (Version: 2.60a-release - Blender Foundation)
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2011.0125.2236.40544 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2011.0125.2236.40544 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2011.0125.2236.40544 - ATI) Hidden
Catalyst Control Center Profiles Mobile (Version: 2011.0125.2236.40544 - ATI) Hidden
CCC Help Chinese Standard (Version: 2011.0125.2235.40544 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2011.0125.2235.40544 - ATI) Hidden
CCC Help Czech (Version: 2011.0125.2235.40544 - ATI) Hidden
CCC Help Danish (Version: 2011.0125.2235.40544 - ATI) Hidden
CCC Help Dutch (Version: 2011.0125.2235.40544 - ATI) Hidden
CCC Help English (Version: 2011.0125.2235.40544 - ATI) Hidden
CCC Help Finnish (Version: 2011.0125.2235.40544 - ATI) Hidden
CCC Help French (Version: 2011.0125.2235.40544 - ATI) Hidden
CCC Help German (Version: 2011.0125.2235.40544 - ATI) Hidden
CCC Help Greek (Version: 2011.0125.2235.40544 - ATI) Hidden
CCC Help Hungarian (Version: 2011.0125.2235.40544 - ATI) Hidden
CCC Help Italian (Version: 2011.0125.2235.40544 - ATI) Hidden
CCC Help Japanese (Version: 2011.0125.2235.40544 - ATI) Hidden
CCC Help Korean (Version: 2011.0125.2235.40544 - ATI) Hidden
CCC Help Norwegian (Version: 2011.0125.2235.40544 - ATI) Hidden
CCC Help Polish (Version: 2011.0125.2235.40544 - ATI) Hidden
CCC Help Portuguese (Version: 2011.0125.2235.40544 - ATI) Hidden
CCC Help Russian (Version: 2011.0125.2235.40544 - ATI) Hidden
CCC Help Spanish (Version: 2011.0125.2235.40544 - ATI) Hidden
CCC Help Swedish (Version: 2011.0125.2235.40544 - ATI) Hidden
CCC Help Thai (Version: 2011.0125.2235.40544 - ATI) Hidden
ccc-core-static (Version: 2011.0125.2236.40544 - Nome de sua empresa:) Hidden
ccc-utility (Version: 2011.0125.2236.40544 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
Cisco Packet Tracer 5.3 (HKLM\...\Cisco Packet Tracer 5.3_is1) (Version: - Cisco Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.1.0 - Conexant)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.41.3.0173 - DT Soft Ltd)
Dev-C++ 5 beta 9 release (4.9.9.2) (HKLM\...\Dev-C++) (Version: - )
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
Energy Management (HKLM\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.0 - Lenovo)
Energy Management (Version: 6.0.2.0 - Lenovo) Hidden
EnergyCut (HKLM\...\{6E127727-CE4B-40E4-9A7D-9D65CDE0A15C}) (Version: 1.00 - Lenovo)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.0.3.524 - Foxit Corporation)
Git version 1.8.1.2-preview20130201 (HKLM\...\Git_is1) (Version: 1.8.1.2-preview20130201 - The Git Development Community)
Google Chrome (HKCU\...\Google Chrome) (Version: 32.0.1700.107 - Google Inc.)
Gpg4win (2.1.0) (HKLM\...\GPG4Win) (Version: 2.1.0 - The Gpg4win Project)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.02) (Version: 9.02 - Artifex Software Inc.)
GSview 4.9 (HKLM\...\GSview 4.9) (Version: - )
GTA: San Andreas RIP PT-BR by TemDono - #GTABrasil - BrasNET (HKLM\...\Grand Theft Auto San Andreas_is1) (Version: - TemDono Design 2005)
Harry Potter e o Enigma do Príncipe™ (HKLM\...\{FD1B1980-8CAB-4474-89F8-1245AF657AD1}) (Version: 1.0.0.0 - Electronic Arts)
IIS 7.5 Express (HKLM\...\{3A30B5F5-F12C-490F-8CD4-D200C75DF7E8}) (Version: 7.5.1190 - Microsoft Corporation)
Java 7 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 10 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170100}) (Version: 1.7.0.100 - Oracle)
Java SE Development Kit 7 Update 11 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170110}) (Version: 1.7.0.110 - Oracle)
Java SE Development Kit 7 Update 13 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170130}) (Version: 1.7.0.130 - Oracle)
Java SE Development Kit 7 Update 25 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170250}) (Version: 1.7.0.250 - Oracle)
Java™ 6 Update 27 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216027FF}) (Version: 6.0.270 - Oracle)
Java™ SE Development Kit 7 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170000}) (Version: 1.7.0.0 - Oracle)
K-Lite Mega Codec Pack 7.7.0 (HKLM\...\KLiteCodecPack_is1) (Version: 7.7.0 - )
Lenovo EasyCamera (HKLM\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 13.10.1020.1 - Vimicro)
Lenovo OneKey Recovery (HKLM\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1628 - CyberLink Corp.) Hidden
Lenovo ReadyComm 5 (HKLM\...\{17542DBF-E17C-4562-BC4D-FA3EF3076C45}) (Version: 5.1.1.25 - Lenovo)
Lenovo ReadyComm 5.0 Service (HKLM\...\{76C66170-C538-4E77-B54D-48E136B5B533}) (Version: 5.0.0.1 - Lenovo Group Limited)
Lenovo YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3623 - CyberLink Corp.)
Lenovo YouCam (Version: 3.1.3623 - CyberLink Corp.) Hidden
LibreOffice 3.4 (HKLM\...\{7821C7B2-7E21-4CF3-925B-58B6A8BC6311}) (Version: 3.4.302 - LibreOffice)
McAfee SafeKey(uninstall only) (HKLM\...\safekey) (Version: - McAfee, Inc.)
Media Player Classic - Home Cinema v1.5.2.3456 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.5.2.3456 - MPC-HC Team)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 4 Client Profile PTB Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Beta (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50131 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Beta (Version: 4.5.50131 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 Beta Multi-Targeting Pack (HKLM\...\{D24E110A-CEDA-3170-A02B-6BB408B6E650}) (Version: 4.5.50131 - Microsoft Corporation)
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft ASP.NET MVC 3 (HKLM\...\{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}) (Version: 3.0.20105.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages (HKLM\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft Blend for Visual Studio ENU resources (HKLM\...\{606D6AB4-B985-43DD-ABA5-469EE9D66AD0}) (Version: 5.0.30129.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edição 2003 (HKLM\...\{90110416-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Portable Library Multi-Targeting Pack Language Pack - enu (Version: 11.0.50214.01 - Microsoft Corporation) Hidden
Microsoft SQL Server 2012 Command Line Utilities RC0 (HKLM\...\{942F0DAA-A4BE-4BD3-8615-0D683CA56CAA}) (Version: 11.0.1913.38 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM\...\{E7BEEE1A-9219-49DA-BD22-34D401A9B708}) (Version: 11.0.2100.55 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB RC0 (HKLM\...\{6B813E39-041B-49B1-8878-560864C6C47C}) (Version: 11.0.1913.38 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects RC0 (HKLM\...\{CC1AC03A-6251-4263-A415-EF69F08E83DB}) (Version: 11.0.1913.38 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client RC0 (HKLM\...\{903D205C-B32E-449E-93E1-73999D95ECB3}) (Version: 11.0.1913.38 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service RC0 (HKLM\...\{124FACB2-ADA3-4527-A192-4D12447597CA}) (Version: 11.0.1913.38 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom RC0 (HKLM\...\{3BDDF353-8F23-434B-9EE3-E1D1F868584D}) (Version: 11.0.1913.38 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service RC0 (HKLM\...\{907FFBDC-8CFC-4C98-AFD1-BE1B6872FC1D}) (Version: 11.0.1913.38 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 ENU CTP1 (HKLM\...\{973805E6-9CDB-43F8-A14E-2161532B56A7}) (Version: 4.0.8854.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities Mar 2012 (HKLM\...\{3BE6FFBC-742A-4AF0-B8C6-F0549AA21DF5}) (Version: 11.1.20204.01 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 RC0 (HKLM\...\{181BD097-A91A-4F59-AA85-3C01B07A5B16}) (Version: 11.0.1913.38 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 11 Developer Preview Language Pack - ENU (Version: 11.0.50214 - ) Hidden
Microsoft Visual Studio 11 LightSwitch Beta CoreRes - ENU (Version: 11.0.50214 - Microsoft Corporation) Hidden
Microsoft Visual Studio 11 Performance Collection Tools Beta - ENU (Version: 11.0.50214 - Microsoft Corporation) Hidden
Microsoft Visual Studio 11 Premium Beta - ENU (Version: 11.0.50214 - Microsoft Corporation) Hidden
Microsoft Visual Studio 11 Professional Beta - ENU (Version: 11.0.50214 - Microsoft Corporation) Hidden
Microsoft Visual Studio 11 SharePoint Developer Tools Beta enu Language Pack (Version: 11.0.50214 - Microsoft Corporation) Hidden
Microsoft Visual Studio 11 Ultimate Beta - ENU (Version: 11.0.50214 - Microsoft Corporation) Hidden
Microsoft Visual Studio 11 Ultimate Beta XAML UI Designer enu Resources (Version: 11.0.50214 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.40303 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.40308 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - PTB (Version: 10.0.40303 - Microsoft Corporation) Hidden
Microsoft Visual Studio Team Foundation Server 11 Beta Object Model Language Pack - ENU (Version: 11.0.50214 - Microsoft Corporation) Hidden
Microsoft Visual Studio Team Foundation Server 11 Beta Storyboarding (Version: 11.0.50214 - Microsoft Corporation) Hidden
Microsoft Visual Studio Team Foundation Server 11 Beta Storyboarding Language Pack - ENU (Version: 11.0.50214 - Microsoft Corporation) Hidden
Microsoft Visual Studio Team Foundation Server 11 Beta Team Explorer Language Pack - ENU (Version: 11.0.50214 - Microsoft Corporation) Hidden
Microsoft Web Deploy 3.0 (HKLM\...\{5A33303E-D4A9-40F4-9495-92EB09DC5EFD}) (Version: 3.1236.1310 - Microsoft Corporation)
Microsoft Web Deploy dbSqlPackage Provider Nov 2011 (HKLM\...\{16B1C956-EA06-4C26-8AE5-A4686804EDD7}) (Version: 10.3.20116.0 - Microsoft Corporation)
Microsoft Web Platform Installer 4.0 (HKLM\...\{048E0EDD-382A-4D62-9BA2-33AF974AE689}) (Version: 4.0.1307 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft® SQL Server Data Tools, RC0 - enu (HKLM\...\{EAD78496-2A02-457A-8564-878006F5433C}) (Version: 11.1.20204.01 - Microsoft Corporation)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mnemosyne 1.2.2 (HKLM\...\Mnemosyne_is1) (Version: - )
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 20.0.1 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetBeans IDE 7.0.1 (HKLM\...\nbi-nb-base-7.0.1.0.0) (Version: 7.0.1 - NetBeans.org)
Oracle Data Provider for .NET Help (HKLM\...\{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}) (Version: 10.2.000 - Oracle Corporation)
Oracle Database 10g Express Edition (HKLM\...\InstallShield_{F0BC0F9E-C4A8-485C-93ED-424DB9EA3F75}) (Version: 10.2.1015 - Oracle Corporation)
Oracle Database 10g Express Edition (Version: 10.2.1015 - Oracle Corporation) Hidden
Oracle VM VirtualBox 4.2.16 (HKLM\...\{3B2A7E23-AC7E-46BB-B725-65C555F8FFC5}) (Version: 4.2.16 - Oracle Corporation)
Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (HKLM\...\Microsoft .NET Framework 4 Client Profile PTB Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Pacote de Idiomas do Microsoft Visual Studio 2010 Tools for Office Runtime (x86) - Português (Brasil) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - PTB) (Version: 10.0.40303 - Microsoft Corporation)
PowerXpressHybrid (Version: 1.00.0000 - ATI) Hidden
Prerequisites for SSDT RC0 (HKLM\...\{C34B429D-BC54-4F04-B1DB-9DE39FB07548}) (Version: 11.0.1913.38 - Microsoft Corporation)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek USB 2.0 Reader Driver (HKLM\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10003 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.47 - Piriform)
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
SQL Server Data Framework Tools (HKLM\...\{1FE5F23D-88B8-40B4-9B6B-2F84F3808BDC}) (Version: 11.1.20204.01 - Microsoft Corporation)
StarUML 5.0.2.1570 (HKLM\...\StarUML_is1) (Version: - Plastic Software, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.12.0 - Synaptics Incorporated)
TeXnicCenter Version 1.0 Stable RC1 (HKLM\...\TeXnicCenter_is1) (Version: Version 1.0 Stable RC1 - TeXnicCenter.org)
TrueCrypt (HKLM\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
vs_devenvLP (Version: 11.0.50214 - Microsoft Corporation) Hidden
vs_minshellres (Version: 11.0.50214 - Microsoft Corporation) Hidden
vslp_finalizer (Version: 11.0.50214 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM\...\{E287CD67-9542-4B20-A091-6BA114861DB2}) (Version: 4.1.61406.0 - Microsoft Corporation)
Weka 3.6.8 (HKLM\...\Weka 3.6.8) (Version: 3.6.8 - Machine Learning Group, University of Waikato, Hamilton, NZ)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Runtime Intellisense Content - English (Version: 8.37.0 - Microsoft Corporation) Hidden
WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wireshark 1.10.0 (32-bit) (HKLM\...\Wireshark) (Version: 1.10.0 - The Wireshark developer community, http://www.wireshark.org)
WMV9/VC-1 Video Playback (Version: 1.0.60125.2304 - ATI Technologies Inc.) Hidden

==================== Restore Points =========================

13-02-2014 04:10:11 Windows Update
17-02-2014 00:08:34 Windows Update
19-02-2014 21:37:00 Installed Microsoft RichCopy 4.0
20-02-2014 00:43:35 Removed Microsoft RichCopy 4.0
22-02-2014 01:11:22 Windows Update

==================== Hosts content: ==========================

2009-07-13 23:04 - 2013-05-26 19:02 - 00000849 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1826A8D1-C7BE-49B4-9995-64D320B168ED} - System32\Tasks\{B1D13233-AA97-4C07-B4FB-D5685E551950} => C:\Users\Danilo\Downloads\A Jornada\jornada.exe
Task: {1ADE9A6D-3ACB-4C5D-B3F1-63C587DDD8CB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3440027988-2761262164-3458294289-1000UA => C:\Users\Danilo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-23] (Google Inc.)
Task: {1F8E2DC5-D04E-4689-BBEC-47E60AB23977} - System32\Tasks\{67D54DFB-2847-4F10-A76E-F4BABAB9BD99} => C:\Users\Danilo\Downloads\A Jornada\jornada.exe
Task: {2E155E7A-255C-4039-BF65-963C780FFFBE} - System32\Tasks\{C27178AA-D4E5-4BDA-BC80-64A7F089D8C0} => C:\Users\Danilo\Downloads\A Jornada\jornada.exe
Task: {3AE32B46-96E7-41E6-B377-2C354E08BFF4} - System32\Tasks\{613A9DB4-9506-43E5-9483-38171444EC49} => Chrome.exe http://ui.skype.com/...;page=tsInstall
Task: {4B4C9EC8-9213-4860-A09A-5A8853CED3D1} - System32\Tasks\{F8D6E2FD-37FF-4B54-85A8-0C66A5D9D5BB} => C:\Users\Danilo\Downloads\A Jornada\jornada.exe
Task: {5503C719-8400-4642-963B-7EFE3DA2F14A} - System32\Tasks\{C76B1124-1D48-4583-AE05-88D4DE52D93A} => C:\Users\Danilo\Downloads\A Jornada\jornada.exe
Task: {60813FD5-B82B-4526-843C-D53D48DE70B8} - System32\Tasks\{AC902805-B628-4C67-8759-AABD53C21CB9} => C:\Users\Danilo\Downloads\A Jornada\jornada.exe
Task: {656DDC70-7B0E-4E54-AD5D-09659D96A6F6} - System32\Tasks\{AFF2AFD6-09CD-484F-B08C-7A4EEAB19E2E} => C:\Users\Danilo\Downloads\A Jornada\jornada.exe
Task: {70775244-26A3-4D5D-A8B5-16AD1268B06E} - System32\Tasks\{9F7E6D19-93E9-4C3E-9458-1CFAE2898B67} => C:\Users\Danilo\Downloads\A Jornada\jornada.exe
Task: {74638FF8-420B-466F-B76B-619BE7B39BAC} - System32\Tasks\{8CE8DFD0-A5AF-4043-95BE-F07F7562BAAB} => C:\Users\Danilo\Downloads\A Jornada\jornada.exe
Task: {79FC2416-76A6-4688-809B-A451C0D27E59} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3440027988-2761262164-3458294289-1000Core => C:\Users\Danilo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-23] (Google Inc.)
Task: {80093977-86E6-4241-B06B-BEA4F0FB576F} - System32\Tasks\MirageAgent => C:\Program Files\Lenovo\YouCam\YCMMirage.exe [2010-12-24] (CyberLink)
Task: {B698216B-CE82-44F6-8F20-C1614425EA3A} - System32\Tasks\{ABB91121-36E5-4EA4-BD52-98429C167B46} => C:\Users\Danilo\Downloads\A Jornada\jornada.exe
Task: {B9C4F79A-B253-46BC-A2AB-973E9E2F4E95} - System32\Tasks\{C4D0A0C5-BF61-44E0-92FF-B69FF86D0E62} => C:\Users\Danilo\Downloads\A Jornada\jornada.exe
Task: {B9E8E012-FE87-43DA-AB86-0A43A05D59B6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {C71EED1D-698F-4ABD-9B8A-DFF4FB22F5AB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21] (Adobe Systems Incorporated)
Task: {CD5184F1-2166-4FCA-BDC2-EBBBE59DDAD9} - System32\Tasks\{176D1974-EDCF-4DC8-B43D-502012E426E8} => C:\Users\Danilo\Downloads\A Jornada\jornada.exe
Task: {CF57F626-229E-4F14-808A-27D49C6F7E46} - System32\Tasks\{E949CCEA-6158-4ABB-A55C-7340322A95C7} => C:\Users\Danilo\Downloads\A Jornada\jornada.exe
Task: {D10B7DAE-EEF8-4CE1-ABFF-52454D505044} - System32\Tasks\{D5BAB0F2-7125-45CF-9C2C-F951431E2986} => C:\Users\Danilo\Downloads\A Jornada\jornada.exe
Task: {DE085595-E2E6-41F0-8585-D64A919D9B19} - System32\Tasks\{AE750502-BE38-47AA-9D47-FC804FFF28CF} => C:\Users\Danilo\Downloads\A Jornada\jornada.exe
Task: {E8186658-5E1E-4F57-8321-8C04104D4444} - System32\Tasks\{F3099E57-81E9-4FA3-9062-D944ABA875BA} => C:\Users\Danilo\Downloads\A Jornada\jornada.exe
Task: {FC8F232A-783E-4667-AC82-48A71CFE4830} - System32\Tasks\{44C08BF2-420C-4632-BE8B-7184A673EF7F} => C:\Users\Danilo\Downloads\A Jornada\jornada.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3440027988-2761262164-3458294289-1000Core.job => C:\Users\Danilo\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3440027988-2761262164-3458294289-1000UA.job => C:\Users\Danilo\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-03-02 12:20 - 2011-03-02 12:20 - 00224256 _____ () C:\Program Files\GNU\GnuPG\dirmngr.exe
2011-03-02 12:16 - 2011-03-02 12:16 - 00208384 _____ () C:\Program Files\GNU\GnuPG\libksba-8.dll
2011-03-02 12:13 - 2011-03-02 12:13 - 00048640 _____ () C:\Program Files\GNU\GnuPG\libgpg-error-0.dll
2011-03-02 12:11 - 2011-03-02 12:11 - 00038400 _____ () C:\Program Files\GNU\GnuPG\libw32pth-0.dll
2011-03-02 12:16 - 2011-03-02 12:16 - 00073216 _____ () C:\Program Files\GNU\GnuPG\libassuan-0.dll
2011-03-02 12:17 - 2011-03-02 12:17 - 00603136 _____ () C:\Program Files\GNU\GnuPG\libgcrypt-11.dll
2006-02-01 23:43 - 2006-02-01 23:43 - 00006144 _____ () c:\oraclexe\app\oracle\product\10.2.0\server\bin\orajox10.dll
2006-02-01 23:49 - 2006-02-01 23:49 - 00204800 _____ () C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
2006-02-01 23:47 - 2006-02-01 23:47 - 00057344 _____ () C:\oraclexe\app\oracle\product\10.2.0\server\BIN\onsclient.dll
2011-01-25 23:46 - 2011-01-25 23:46 - 00072192 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Services.dll
2011-01-25 23:46 - 2011-01-25 23:46 - 00065024 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2008-12-20 03:20 - 2008-12-20 03:20 - 00051016 _____ () C:\Program Files\Lenovo\Energy Management\HookLib.dll
2011-10-29 12:51 - 2005-06-24 18:05 - 00045056 _____ () C:\Program Files\Lenovo\EnergyCut\HookLib.dll
2013-10-18 20:55 - 2013-10-18 20:55 - 25100288 _____ () C:\Users\Danilo\AppData\Roaming\Dropbox\bin\libcef.dll
2014-02-04 17:58 - 2014-02-01 20:41 - 00715592 _____ () C:\Users\Danilo\AppData\Local\Google\Chrome\Application\32.0.1700.107\libglesv2.dll
2014-02-04 17:58 - 2014-02-01 20:41 - 00100168 _____ () C:\Users\Danilo\AppData\Local\Google\Chrome\Application\32.0.1700.107\libegl.dll
2014-02-19 18:59 - 2013-02-03 07:13 - 01563136 _____ () C:\Users\Danilo\Downloads\explorer++_1.3.5_x86\Explorer++.exe
2014-02-04 17:58 - 2014-02-01 20:42 - 04055368 _____ () C:\Users\Danilo\AppData\Local\Google\Chrome\Application\32.0.1700.107\pdf.dll
2014-02-04 17:58 - 2014-02-01 20:42 - 00399688 _____ () C:\Users\Danilo\AppData\Local\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
2014-02-04 17:58 - 2014-02-01 20:41 - 01634632 _____ () C:\Users\Danilo\AppData\Local\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
2008-12-20 03:20 - 2008-12-20 03:20 - 00063304 _____ () C:\Program Files\Lenovo\Energy Management\kbdhook.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:425759C6
AlternateDataStreams: C:\ProgramData\Temp:7ADB695A
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:425759C6
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:7ADB695A

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk => C:\Windows\pss\VPN Client.lnk.CommonStartup
MSCONFIG\startupreg: 331BigDog => C:\Program Files\USB Camera\VM331_STI.EXE
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: EnergyUtility => C:\Program Files\Lenovo\EnergyCut\utilty.exe
MSCONFIG\startupreg: StartCCC => "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: UpdatePRCShortCut => "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
MSCONFIG\startupreg: VeriFaceManager => C:\Program Files\Lenovo\VeriFace\PManage.exe
MSCONFIG\startupreg: YouCam Mirage => "C:\Program Files\Lenovo\YouCam\YCMMirage.exe"
MSCONFIG\startupreg: YouCam Tray => "C:\Program Files\Lenovo\YouCam\YouCam.exe" /s

==================== Faulty Device Manager Devices =============

Name: McAfee Inc. mfeapfk
Description: McAfee Inc. mfeapfk
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mfeapfk
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/25/2014 03:26:17 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (02/25/2014 02:25:47 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/24/2014 08:32:24 PM) (Source: Application Error) (User: )
Description: Nome de aplicativo com falha: wmpnetwk.exe, versão: 12.0.7601.17514, carimbo de hora: 0x4ce7a4a7
Nome do módulo de falhas: BlackBox.dll, versão: 11.0.7601.17514, carimbo de hora: 0x4ce7b759
Código de exceção: 0x80000004
Deslocamento com falha: 0x00083629
Identificação do processo com falha: 0xc1c
Hora de início do aplicativo com falha: 0xwmpnetwk.exe0
Caminho do aplicativo com falha: wmpnetwk.exe1
FCaminho do módulo de falhas: wmpnetwk.exe2
Identificação do Relatório: wmpnetwk.exe3

Error: (02/24/2014 08:31:45 PM) (Source: Application Error) (User: )
Description: Nome de aplicativo com falha: wmpnetwk.exe, versão: 12.0.7601.17514, carimbo de hora: 0x4ce7a4a7
Nome do módulo de falhas: drmv2clt.dll, versão: 11.0.7600.16385, carimbo de hora: 0x4a5bd9f2
Código de exceção: 0x80000004
Deslocamento com falha: 0x0001a2bb
Identificação do processo com falha: 0x9e8
Hora de início do aplicativo com falha: 0xwmpnetwk.exe0
Caminho do aplicativo com falha: wmpnetwk.exe1
FCaminho do módulo de falhas: wmpnetwk.exe2
Identificação do Relatório: wmpnetwk.exe3

Error: (02/24/2014 08:31:01 PM) (Source: Application Error) (User: )
Description: Nome de aplicativo com falha: wmpnetwk.exe, versão: 12.0.7601.17514, carimbo de hora: 0x4ce7a4a7
Nome do módulo de falhas: BlackBox.dll, versão: 11.0.7601.17514, carimbo de hora: 0x4ce7b759
Código de exceção: 0x80000004
Deslocamento com falha: 0x0005b174
Identificação do processo com falha: 0xc98
Hora de início do aplicativo com falha: 0xwmpnetwk.exe0
Caminho do aplicativo com falha: wmpnetwk.exe1
FCaminho do módulo de falhas: wmpnetwk.exe2
Identificação do Relatório: wmpnetwk.exe3

Error: (02/24/2014 08:28:43 PM) (Source: Application Error) (User: )
Description: Nome de aplicativo com falha: aswmbr.exe, versão: 0.9.9.1771, carimbo de hora: 0x5147644e
Nome do módulo de falhas: ntdll.dll, versão: 6.1.7601.18247, carimbo de hora: 0x521ea91c
Código de exceção: 0xc0000005
Deslocamento com falha: 0x00052d37
Identificação do processo com falha: 0xa0c
Hora de início do aplicativo com falha: 0xaswmbr.exe0
Caminho do aplicativo com falha: aswmbr.exe1
FCaminho do módulo de falhas: aswmbr.exe2
Identificação do Relatório: aswmbr.exe3

Error: (02/24/2014 08:03:25 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/24/2014 06:00:06 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (02/24/2014 05:10:23 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2014 08:16:13 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (02/25/2014 02:24:58 PM) (Source: Service Control Manager) (User: )
Description: Não foi possível iniciar o serviço McAfee Inc. mfeapfk devido ao seguinte erro:
%%1306

Error: (02/25/2014 02:24:58 PM) (Source: Service Control Manager) (User: )
Description: O serviço McAfee AP Service depende do seguinte serviço: mfevtp. Esse serviço pode não ter sido instalado.

Error: (02/24/2014 08:32:32 PM) (Source: Service Control Manager) (User: )
Description: O serviço Serviço de Compartilhamento de Rede do Windows Media Player foi encerrado inesperadamente. Isso aconteceu 3 vez(es).

Error: (02/24/2014 08:31:53 PM) (Source: Service Control Manager) (User: )
Description: O serviço Serviço de Compartilhamento de Rede do Windows Media Player foi finalizado inesperadamente. Isto aconteceu 2 vez(es). A seguinte ação corretiva será tomada em 30000 milissegundos: Reiniciar o serviço.

Error: (02/24/2014 08:31:13 PM) (Source: Service Control Manager) (User: )
Description: O serviço Serviço de Compartilhamento de Rede do Windows Media Player foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 30000 milissegundos: Reiniciar o serviço.

Error: (02/24/2014 08:02:18 PM) (Source: BugCheck) (User: )
Description: 0x000000d1 (0x00000001, 0x000000ff, 0x00000008, 0x00000001)C:\Windows\MEMORY.DMP022414-29998-01

Error: (02/24/2014 08:02:01 PM) (Source: Service Control Manager) (User: )
Description: Não foi possível iniciar o serviço McAfee Inc. mfeapfk devido ao seguinte erro:
%%1306

Error: (02/24/2014 08:02:01 PM) (Source: Service Control Manager) (User: )
Description: O serviço McAfee AP Service depende do seguinte serviço: mfevtp. Esse serviço pode não ter sido instalado.

Error: (02/24/2014 08:01:56 PM) (Source: EventLog) (User: )
Description: O desligamento anterior do sistema em 20:00:44 às ‎24/‎02/‎2014 não era esperado.

Error: (02/24/2014 05:08:55 PM) (Source: Service Control Manager) (User: )
Description: Não foi possível iniciar o serviço McAfee Inc. mfeapfk devido ao seguinte erro:
%%1306


Microsoft Office Sessions:
=========================
Error: (02/25/2014 03:26:17 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (02/25/2014 02:25:47 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/24/2014 08:32:24 PM) (Source: Application Error)(User: )
Description: wmpnetwk.exe12.0.7601.175144ce7a4a7BlackBox.dll11.0.7601.175144ce7b7598000000400083629c1c01cf31b8ab8cb4b0C:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\BlackBox.dlle96fa245-9dab-11e3-9297-00235a6cfc1a

Error: (02/24/2014 08:31:45 PM) (Source: Application Error)(User: )
Description: wmpnetwk.exe12.0.7601.175144ce7a4a7drmv2clt.dll11.0.7600.163854a5bd9f2800000040001a2bb9e801cf31b893c26c13C:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\drmv2clt.dlld227f911-9dab-11e3-9297-00235a6cfc1a

Error: (02/24/2014 08:31:01 PM) (Source: Application Error)(User: )
Description: wmpnetwk.exe12.0.7601.175144ce7a4a7BlackBox.dll11.0.7601.175144ce7b759800000040005b174c9801cf31b4bc87b7caC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\BlackBox.dllb852486a-9dab-11e3-9297-00235a6cfc1a

Error: (02/24/2014 08:28:43 PM) (Source: Application Error)(User: )
Description: aswmbr.exe0.9.9.17715147644entdll.dll6.1.7601.18247521ea91cc000000500052d37a0c01cf31b6ffb08811C:\Users\Danilo\Desktop\aswmbr.exeC:\Windows\SYSTEM32\ntdll.dll65e734ca-9dab-11e3-9297-00235a6cfc1a

Error: (02/24/2014 08:03:25 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/24/2014 06:00:06 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (02/24/2014 05:10:23 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2014 08:16:13 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
Date: 2014-02-22 18:15:21.630
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCoreOld\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-02-22 18:15:21.621
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCoreOld\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-02-22 18:15:21.612
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCoreOld\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-02-22 18:15:21.551
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCoreOld\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-02-12 03:17:47.396
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCoreOld\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-02-12 03:17:47.349
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCoreOld\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-02-12 03:17:47.270
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCoreOld\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-02-12 03:17:47.260
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCoreOld\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-01-27 21:27:43.277
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCore_3_8\VSC19D9.tmp\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-01-27 21:27:43.267
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCore_3_8\VSC19D9.tmp\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 48%
Total physical RAM: 1642.9 MB
Available physical RAM: 844.21 MB
Total Pagefile: 3285.8 MB
Available Pagefile: 1651.3 MB
Total Virtual: 2047.88 MB
Available Virtual: 1917.05 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:254.14 GB) (Free:148.63 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:11.46 GB) NTFS
Drive g: (DANILO) (Removable) (Total:7.45 GB) (Free:0.06 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 015ED6FA)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=254 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=15 GB) - (Type=12)

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

--------------------------------------------------------------------------------------------
Fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 24-02-2014 01
Ran by Danilo at 2014-02-25 16:55:48 Run:1
Running from G:\
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
SaveMbr: Drive=0
CMD: bcdedit /enum all /v
End
*****************

MBRDUMP.txt is made successfully.

========= bcdedit /enum all /v =========


Gerenciador de Inicializa��o do Windows
--------------------
identificador {9dea862c-5cdd-4e70-acc1-f32b344d4795}
device partition=\Device\HarddiskVolume1
description Windows Boot Manager
locale pt-BR
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
default {57054f69-a4f8-11e0-96dd-b870f4246846}
resumeobject {57054f68-a4f8-11e0-96dd-b870f4246846}
displayorder {57054f69-a4f8-11e0-96dd-b870f4246846}
toolsdisplayorder {b2721d73-1db4-4c62-bf78-c548a880142d}
timeout 10

Carregador de Inicializa��o do Windows
-------------------
identificador {57054f66-a4f8-11e0-96dd-b870f4246846}
device ramdisk=[C:]\Recovery\57054f66-a4f8-11e0-96dd-b870f4246846\Winre.wim,{57054f67-a4f8-11e0-96dd-b870f4246846}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
osdevice ramdisk=[C:]\Recovery\57054f66-a4f8-11e0-96dd-b870f4246846\Winre.wim,{57054f67-a4f8-11e0-96dd-b870f4246846}
systemroot \windows
nx OptIn
winpe Yes
custom:46000010 Yes

Carregador de Inicializa��o do Windows
-------------------
identificador {57054f69-a4f8-11e0-96dd-b870f4246846}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale pt-BR
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
recoverysequence {57054f6a-a4f8-11e0-96dd-b870f4246846}
truncatememory 0x80000000
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {57054f68-a4f8-11e0-96dd-b870f4246846}
nx OptIn
numproc 2
usefirmwarepcisettings No

Carregador de Inicializa��o do Windows
-------------------
identificador {57054f6a-a4f8-11e0-96dd-b870f4246846}
device ramdisk=[C:]\Recovery\57054f6a-a4f8-11e0-96dd-b870f4246846\Winre.wim,{57054f6b-a4f8-11e0-96dd-b870f4246846}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
osdevice ramdisk=[C:]\Recovery\57054f6a-a4f8-11e0-96dd-b870f4246846\Winre.wim,{57054f6b-a4f8-11e0-96dd-b870f4246846}
systemroot \windows
nx OptIn
winpe Yes
custom:46000010 Yes

Continuar da Hiberna��o
---------------------
identificador {57054f68-a4f8-11e0-96dd-b870f4246846}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale pt-BR
inherit {1afa9c49-16ab-4a5c-901b-212802da9460}
filedevice partition=C:
filepath \hiberfil.sys
pae Yes
debugoptionenabled No

Testador de Mem�ria do Windows
---------------------
identificador {b2721d73-1db4-4c62-bf78-c548a880142d}
device partition=\Device\HarddiskVolume1
path \boot\memtest.exe
description Diagn�stico de Mem�ria do Windows
locale pt-BR
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
badmemoryaccess Yes

Configura��es de EMS
------------
identificador {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
bootems Yes

Configura��es do Depurador
-----------------
identificador {4636856e-540f-4170-a130-a84776f4c654}
debugtype Serial
debugport 1
baudrate 115200

Defeitos de RAM
-----------
identificador {5189b25c-5558-4bf2-bca4-289b11bd29e2}

Configura��es Globais
---------------
identificador {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
inherit {4636856e-540f-4170-a130-a84776f4c654}
{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
{5189b25c-5558-4bf2-bca4-289b11bd29e2}

Configura��es do Carregador de Inicializa��o
--------------------
identificador {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
{7ff607e0-4395-11db-b0de-0800200c9a66}

Configura��es do Hypervisor
-------------------
identificador {7ff607e0-4395-11db-b0de-0800200c9a66}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
Configura��es do Carregador de Retorno
----------------------
identificador {1afa9c49-16ab-4a5c-901b-212802da9460}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

Op��es de dispositivo
--------------
identificador {57054f67-a4f8-11e0-96dd-b870f4246846}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\57054f66-a4f8-11e0-96dd-b870f4246846\boot.sdi

Op��es de dispositivo
--------------
identificador {57054f6b-a4f8-11e0-96dd-b870f4246846}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\57054f6a-a4f8-11e0-96dd-b870f4246846\boot.sdi

========= End of CMD: =========


==== End of Fixlog ====
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP