[psychson]

I have some annoying spyware/virus/malware, a very pesky and no antivirus has been able to remove it.

I used Trend Micro 2014, latest Malware Bytes , Spybot and the list goes on. All of the programs will find some things and quarantine it and it all looks fine.  I also run in Safe Mode some of the virus removal program

When I open an specific website, a news website,  and scroll down there is an add, a very pornographic one staring at me  

It happens only at this specific website, it is not a game, torrent or nay triple X website, it's a respected news website that would not put such animation. If I hoover over the animation with the mouse, it shows a very long link that starts with main.exoclick.

I am using chrome and I clicked in Developer Tool for the fun and I removed the animation, but it only last a few seconds and a new one appeared.

So, I'm out of luck  and I can't figure out how to remove that animation.

Any ideas?

 

 

[Advertisements]

Greetings psychson and

My nickname is Ruggie and I will be assisting you in cleaning your computer.
Please be aware I am currently in the final stages of training right now and all my work will be checked by an instructor so there may be a slight delay between posts. The added benefit to this is that you will have 2 sets of eyes looking at your problem so you can be assured you will get the best possible help.

• Malware removal can be a long process and will at times get complicated with multiple steps to perform to ensure that your system is no longer infected.
• When we start the process, the list of instructions must be followed closely, it may seem difficult at times but it is important that you stay with me until your computer is declared clean.
• If you are receiving help elsewhere, please let me know so we can close this thread and help someone else.

Before going any further, I recommend that you print out (or save to a file) these guidelines and also the instructions when I post them, as part of the repair process may involve going into safe mode and therefore you will not have internet access.

The following guidelines are important but the ones highlighted in RED are of the highest importance and must not be skipped.

Please be aware, the fixes we perform are specific to this machine, at this moment in time. They must not be used on another computer or unsupervised at another time. This can render your computer unbootable.

If at all possible, Make backups of all your important files, whilst we will do our best to ensure that no files are lost or damaged, sometimes things can go wrong.

I will do everything in my power to ensure that this clean is successful, but occasionally failure hits us all. In this event, please have your original installation disks to hand and be prepared to have to format and reinstall your computer.

Refrain from using any tool that hasn't been instructed as it could alter the process that we are working through and cause further problems. Also only use the tools I instruct in the manner provided as they are very powerful and if not used properly can cause even more problems. It is best if you can avoid using the computer at all, apart from to perform the cleaning steps to ensure that any infections aren't spread.

Please stick with me until the end. malware removal is difficult and time consuming. We have to analyse hundreds of lines in log files. This takes time which we give freely so I ask that you do us the courtesy of seeing it through.

Only paste the contents of log files into your reply, DO NOT attach any log files unless requested to do so.

If you have any questions or get stuck, stop and ask....I am here to help you make this go as smoothly as possible.

If you do not reply within 3 days, your topic will be closed. It can be reopened if you ask. But if you plan on being gone for a longer period, just let me know and I will hold it open for you.

Ready? Now lets get to work

Initial FRST Scan

Please download Farbar Recovery Scan Tool and save it to your Desktop. There will be 2 versions offered, if you know which version is the one you need, download that one, if not, download both, only one will work on your computer, that is the one you need.

• Right click to run as administrator. >> Windows 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
• When the tool opens click Yes to the disclaimer.
• Ensure that the following are ticked as in the image below

Drivers MD5
Addition.txt

• Press Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste log back here.
• This will also generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Items I need to see in your next post:

• FRST and Addition Log
   

[ruggie_uk]

Greetings psychson and

My nickname is Ruggie and I will be assisting you in cleaning your computer.
Please be aware I am currently in the final stages of training right now and all my work will be checked by an instructor so there may be a slight delay between posts. The added benefit to this is that you will have 2 sets of eyes looking at your problem so you can be assured you will get the best possible help.

• Malware removal can be a long process and will at times get complicated with multiple steps to perform to ensure that your system is no longer infected.
• When we start the process, the list of instructions must be followed closely, it may seem difficult at times but it is important that you stay with me until your computer is declared clean.
• If you are receiving help elsewhere, please let me know so we can close this thread and help someone else.

Before going any further, I recommend that you print out (or save to a file) these guidelines and also the instructions when I post them, as part of the repair process may involve going into safe mode and therefore you will not have internet access.

The following guidelines are important but the ones highlighted in RED are of the highest importance and must not be skipped.

Please be aware, the fixes we perform are specific to this machine, at this moment in time. They must not be used on another computer or unsupervised at another time. This can render your computer unbootable.

If at all possible, Make backups of all your important files, whilst we will do our best to ensure that no files are lost or damaged, sometimes things can go wrong.

I will do everything in my power to ensure that this clean is successful, but occasionally failure hits us all. In this event, please have your original installation disks to hand and be prepared to have to format and reinstall your computer.

Refrain from using any tool that hasn't been instructed as it could alter the process that we are working through and cause further problems. Also only use the tools I instruct in the manner provided as they are very powerful and if not used properly can cause even more problems. It is best if you can avoid using the computer at all, apart from to perform the cleaning steps to ensure that any infections aren't spread.

Please stick with me until the end. malware removal is difficult and time consuming. We have to analyse hundreds of lines in log files. This takes time which we give freely so I ask that you do us the courtesy of seeing it through.

Only paste the contents of log files into your reply, DO NOT attach any log files unless requested to do so.

If you have any questions or get stuck, stop and ask....I am here to help you make this go as smoothly as possible.

If you do not reply within 3 days, your topic will be closed. It can be reopened if you ask. But if you plan on being gone for a longer period, just let me know and I will hold it open for you.

Ready? Now lets get to work

Initial FRST Scan

Please download Farbar Recovery Scan Tool and save it to your Desktop. There will be 2 versions offered, if you know which version is the one you need, download that one, if not, download both, only one will work on your computer, that is the one you need.

• Right click to run as administrator. >> Windows 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
• When the tool opens click Yes to the disclaimer.
• Ensure that the following are ticked as in the image below

Drivers MD5
Addition.txt

• Press Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste log back here.
• This will also generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Items I need to see in your next post:

• FRST and Addition Log
   

[psychson]

Hi.

Thanks a lot for the detailed help.

I downloaded the tool you asked and I CANNOT make it run. It is on my desktop and once I click the icon, it flashes and does not let me SCAN. I can barely see the window , it does not stay on my desktop, it flashes and disappears, not allowing me to run and scan.

Should I try on Safe Mode?

 

Thanks again

[ruggie_uk]

Let's try something else first

Rkill

Please download Rkill by Grinler and save it to your desktop.

• Link 1
• Link 2
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
• When the scan is done Notepad will open with rKill log. Please copy and past that in your reply.

[psychson]

Thanks.

Here's is the log file:

 

Rkill 2.6.8 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2014 BleepingComputer.com

More Information about Rkill can be found at this link:

 http://www.bleepingc...opic308364.html

 

Program started at: 11/13/2014 01:39:09 PM in x86 mode.

Windows Version: Windows 7 Starter Service Pack 1

 

Checking for Windows services to stop:

 

 * No malware services found to stop.

 

Checking for processes to terminate:

 

 * C:\Users\Suzie\AppData\Local\Nike\Nike+ Connect\Nike+ Connect daemon.exe (PID: 3768) [UP-HEUR]

 

1 proccess terminated!

 

Checking Registry for malware related settings:

 

 * No issues found in the Registry.

 

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

 

Performing miscellaneous checks:

 

 * Windows Defender Disabled

 

   [HKLM\SOFTWARE\Microsoft\Windows Defender]

   "DisableAntiSpyware" = dword:00000001

 

Checking Windows Service Integrity: 

 

 * Windows Defender (WinDefend) is not Running.

   Startup Type set to: Manual

 

 * SensrSvc [Missing Service]

 

Searching for Missing Digital Signatures: 

 

 * No issues found.

 

Checking HOSTS File: 

 

 * HOSTS file entries found: 

 

  127.0.0.1       localhost

 

Program finished at: 11/13/2014 01:40:31 PM

Execution time: 0 hours(s), 1 minute(s), and 21 seconds(s)

[ruggie_uk]

Does FRST now run?

[psychson]

Sorry, I forgot to mention.

Nothing changed, it only flickers at the screen as before.

Any other idea?

 

Thanks

[ruggie_uk]

Hi, as that didn't work, reboot to safe mode please and try again from there.

[psychson]

Hi again,

I just tried and nothing happens.

It does not run on Safe Mode either. It continues to flickers and I cannot see the window to be able to SCAN.

I use ctrl-alt-del combination to see if it open and hidden and finds nothing. 

If I click 1, 10 or 20 times , the icon will appear briefly in the notification area as many time as I clicked and disappear one by one when I check.

Other ideas?

Other tool?

[ruggie_uk]

Yup, lets try this
 
Step 1
 
ASWmbr Scan

Download aswMBR.exe ( 511KB ) to your desktop. If you already have this application, this is a new version I need you to download.

Double click the aswMBR.exe to run it



Click the "Scan" button to start scan

If your computer supports Virtualization Technology, select Yes to use it for rootkit detection. When it offers to download the virus database allow that as well



On completion of the scan click Save Log, save it to your desktop and post in your next reply



The tool will also produce a copy of the mbrdump labeled MBR.dat. Please do not delete this file until we have completed.
 
Step 2
 
OTL Scan

OTL

• Please download OTL from http://oldtimer.geekstogo.com/OTL.exe and save it to your desktop.
• Double Click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.

When the scan completes, it will open a notepad window containing OTL.Txt. This is saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of this file, and paste it into your reply.
 
There will also be another file opened at the same time called extras.txt. Please also paste the content of this file.
 
Items I need to see in your next post:

• ASW Scan
• OTL Report

[ruggie_uk]

Sorry I forgot to add, could you please select the check box in OTL that says Extra Registry > Use Safelist.

[psychson]

Hi and thanks again,

Looking forward to knowing your option and fix  

I could see an INFECTED file, but I won't delete until you say so.

 

Bellow is the items you said you need:

 

ASW SCAN

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software

Run date: 2014-11-15 04:14:06

-----------------------------

04:14:06.268    OS Version: Windows 6.1.7601 Service Pack 1

04:14:06.268    Number of processors: 2 586 0x170A

04:14:06.269    ComputerName: SUZIE-MEGA  UserName: Suzie

04:14:10.602    Initialize success

04:14:10.703    VM: initialized successfully

04:14:10.704    VM: Intel CPU supported 

04:14:13.444    VM: supported disk I/O ataport.SYS

04:16:52.805    AVAST engine defs: 14111400

04:17:18.903    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2

04:17:18.909    Disk 0 Vendor: ST3320418AS CC44 Size: 305245MB BusType: 3

04:17:19.018    VM: Disk 0 MBR read successfully

04:17:19.025    Disk 0 MBR scan

04:17:19.035    Disk 0 Windows 7 default MBR code

04:17:19.052    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       305243 MB offset 2048

04:17:19.059    Disk 0 default boot code

04:17:19.070    Disk 0 scanning sectors +625139712

04:17:19.129    Disk 0 scanning C:\Windows\system32\drivers

04:17:30.775    Service scanning

04:17:37.000    Service FXDrv32 D:\FXDrv32.sys **LOCKED** 21

04:17:37.087    Service GbpKm C:\Windows\system32\drivers\gbpkm.sys **LOCKED** 32

04:17:53.972    Modules scanning

04:17:53.983    Disk 0 trace - called modules:

04:17:54.015    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys 

04:17:54.028    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85e23848]

04:17:54.039    3 CLASSPNP.SYS[88f5359e] -> nt!IofCallDriver -> [0x85d2c918]

04:17:54.050    5 ACPI.sys[88aa83d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x85d26908]

04:17:58.286    AVAST engine scan C:\Windows

04:18:02.096    AVAST engine scan C:\Windows\system32

04:21:46.187    AVAST engine scan C:\Windows\system32\drivers

04:22:01.625    AVAST engine scan C:\Users\Suzie

04:26:22.638    File: C:\Users\Suzie\Downloads\DownloadFileSetup_248z5.exe  **INFECTED** Win32:Adware-gen [Adw]

04:26:43.117    AVAST engine scan C:\ProgramData

04:29:26.292    Disk 0 statistics 3472682/0/270 @ 3,70 MB/s

04:29:26.307    Scan finished successfully

04:33:14.767    Disk 0 MBR has been saved successfully to "C:\Users\Suzie\Desktop\MBR.dat"

04:33:14.776    The log file has been saved successfully to "C:\Users\Suzie\Desktop\aswMBR.txt"

 

--------------------------------

OTL REPORT

 

OTL logfile created on: 15/11/2014 04:42:44 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Suzie\Downloads

 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.17420)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

 

1,93 Gb Total Physical Memory | 1,23 Gb Available Physical Memory | 63,42% Memory free

3,87 Gb Paging File | 2,60 Gb Available in Paging File | 67,24% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 298,09 Gb Total Space | 115,06 Gb Free Space | 38,60% Space Free | Partition Type: NTFS

Drive F: | 30,03 Gb Total Space | 0,24 Gb Free Space | 0,79% Space Free | Partition Type: FAT32

 

Computer Name: SUZIE-MEGA | User Name: Suzie | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2014/11/15 04:34:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Suzie\Downloads\OTL.exe

PRC - [2014/10/17 15:24:20 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Arquivos de Programas\Common Files\Apple\Internet Services\iCloudServices.exe

PRC - [2014/10/17 15:24:04 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Arquivos de Programas\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

PRC - [2014/10/09 12:50:57 | 000,382,000 | ---- | M] (Trend Micro Inc.) -- C:\Arquivos de Programas\Trend Micro\Titanium\plugin\Pt\PtWatchDog.exe

PRC - [2014/10/09 12:50:56 | 001,078,832 | ---- | M] (Trend Micro Inc.) -- C:\Arquivos de Programas\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe

PRC - [2014/10/09 12:50:56 | 000,963,632 | ---- | M] (Trend Micro Inc.) -- C:\Arquivos de Programas\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe

PRC - [2014/10/07 13:49:44 | 000,060,744 | ---- | M] (Apple Inc.) -- C:\Arquivos de Programas\Common Files\Apple\Mobile Device Support\SyncServer.exe

PRC - [2014/09/26 00:40:40 | 000,195,240 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Microsoft Office 15\root\office15\ONENOTEM.EXE

PRC - [2014/09/25 01:18:20 | 001,669,296 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Microsoft Office 15\ClientX86\officeclicktorun.exe

PRC - [2014/09/12 16:14:56 | 004,812,048 | ---- | M] (TeamViewer GmbH) -- c:\Arquivos de Programas\TeamViewer\Version9\TeamViewer_Desktop.exe

PRC - [2014/09/12 16:14:55 | 013,559,056 | ---- | M] (TeamViewer GmbH) -- C:\Arquivos de Programas\TeamViewer\Version9\TeamViewer.exe

PRC - [2014/09/12 16:14:55 | 004,799,760 | ---- | M] (TeamViewer GmbH) -- C:\Arquivos de Programas\TeamViewer\Version9\TeamViewer_Service.exe

PRC - [2014/09/12 16:00:53 | 000,229,648 | ---- | M] (TeamViewer GmbH) -- C:\Arquivos de Programas\TeamViewer\Version9\tv_w32.exe

PRC - [2014/08/29 05:47:26 | 000,263,296 | ---- | M] (Trend Micro Inc.) -- C:\Arquivos de Programas\Trend Micro\TMIDS\PwmSvc.exe

PRC - [2014/08/19 04:41:10 | 000,448,856 | ---- | M] (DivX, LLC) -- C:\Arquivos de Programas\DivX\DivX Media Server\DivXMediaServer.exe

PRC - [2014/07/21 12:23:58 | 000,546,104 | ---- | M] (GAS Tecnologia) -- C:\Arquivos de Programas\GbPlugin\gbpsv.exe

PRC - [2014/07/20 17:04:37 | 000,165,976 | ---- | M] (Trend Micro Inc.) -- C:\Arquivos de Programas\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe

PRC - [2014/04/09 13:37:32 | 000,071,680 | ---- | M] (Nike) -- C:\Users\Suzie\AppData\Local\Nike\Nike+ Connect\Nike+ Connect daemon.exe

PRC - [2014/04/09 13:37:32 | 000,071,680 | ---- | M] (Nike) -- C:\Arquivos de Programas\Nike\Nike+ Connect\Nike+ Connect daemon.exe

PRC - [2014/01/10 03:26:44 | 001,861,968 | ---- | M] () -- C:\Arquivos de Programas\DivX\DivX Update\DivXUpdate.exe

PRC - [2013/12/11 07:52:04 | 001,564,528 | ---- | M] (Samsung) -- C:\Arquivos de Programas\Samsung\Kies\Kies.exe

PRC - [2013/10/09 17:58:06 | 002,858,992 | ---- | M] (Moyeamedia Software Co., Ltd.) -- C:\Arquivos de Programas\Leawo\Video Converter\VideoConverter.exe

PRC - [2013/08/14 16:19:22 | 000,039,056 | ---- | M] () -- C:\Arquivos de Programas\RealNetworks\RealDownloader\rndlresolversvc.exe

PRC - [2013/08/01 22:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2013/06/26 20:23:04 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2013/06/26 20:23:00 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2013/05/26 04:04:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2013/04/22 11:02:06 | 000,822,504 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

PRC - [2011/02/25 03:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010/11/20 10:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe

PRC - [2010/11/20 10:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Windows Sidebar\sidebar.exe

PRC - [2010/09/23 01:47:30 | 004,240,760 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Windows Live\Messenger\msnmsgr.exe

PRC - [2010/09/23 00:28:10 | 000,025,456 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Windows Live\Contacts\wlcomm.exe

PRC - [2010/09/21 15:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

PRC - [2010/09/21 15:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

PRC - [2010/07/04 17:51:26 | 000,017,408 | ---- | M] () -- C:\Arquivos de Programas\Unlocker\UnlockerAssistant.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2014/11/12 04:00:21 | 002,139,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\fa9fce470bc233c28161db3a362cc16c\Kies.ni.exe

MOD - [2014/11/12 03:20:32 | 000,805,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\11650ce4aad4575fc146aa66a575bcb7\System.Runtime.Remoting.ni.dll

MOD - [2014/10/17 00:37:43 | 014,971,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\6af4e6849c5245d553c7f3ad01d0a01c\Kies.Theme.ni.dll

MOD - [2014/10/17 00:37:24 | 000,236,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\6815ff93472d008087880a6462931188\ASF_cSharpAPI.ni.dll

MOD - [2014/10/17 00:37:23 | 000,064,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\470ecf6c6d038a5c7ce02e9a6ab53615\Kies.Common.AllShare.ni.dll

MOD - [2014/10/17 00:36:55 | 002,199,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common23b84511#\b83bbba485dcd4dbb2269e62718e0d7f\Kies.Common.Multimedia.ni.dll

MOD - [2014/10/17 00:36:52 | 000,186,368 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Commonc65c5a95#\05139c8c59a94faa7592e7d20a46d2c3\Kies.Common.DeviceServiceLib.Interface.ni.dll

MOD - [2014/10/17 00:36:38 | 000,310,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\42fa087ef5c2e4202513a152404843ce\Kies.Common.Util.ni.dll

MOD - [2014/10/17 00:36:37 | 001,702,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\9e002ea85e2a4fe1c261fe4c8006a6cd\Kies.Locale.ni.dll

MOD - [2014/10/17 00:36:36 | 001,842,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\68d88b510a9cf63ee392b2f8723d4e2e\Kies.UI.ni.dll

MOD - [2014/10/17 00:36:36 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\781622d2d2f65de56982ebb61ee0eab2\Kies.MVVM.ni.dll

MOD - [2014/10/17 00:36:32 | 001,251,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\147a0cefee04f7e21fe4f17148a4f92e\Kies.Interface.ni.dll

MOD - [2014/10/16 13:15:34 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\3646375313dd2b8e3afecbf945960336\PresentationFramework.ni.dll

MOD - [2014/10/16 13:15:15 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\006d28e7c86f3e70db90ce06ea2f33fb\PresentationCore.ni.dll

MOD - [2014/10/16 13:15:09 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\8b133e0d94535a7534719f70873ca7fe\System.Xaml.ni.dll

MOD - [2014/10/16 13:15:04 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\94bbd298ec8575f3c6151a59538a109c\WindowsBase.ni.dll

MOD - [2014/10/16 13:14:42 | 007,668,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7147fa233a070283dba824da40089bf1\System.Xml.ni.dll

MOD - [2014/10/16 13:14:39 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\691c1ad89d16f49d80e84fa06a79089a\System.Core.ni.dll

MOD - [2014/10/16 13:14:34 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0648dbecb7e3fb9523565107e04a5caf\System.Configuration.ni.dll

MOD - [2014/10/16 13:14:31 | 000,223,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\902843918d037f5f3511d679bf1e2216\System.ServiceProcess.ni.dll

MOD - [2014/10/16 13:14:30 | 010,100,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\17a393b77ae757f0768501fb95ff5af6\System.ni.dll

MOD - [2014/10/11 13:05:58 | 001,044,776 | ---- | M] () -- C:\Arquivos de Programas\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2014/10/11 13:05:58 | 000,237,352 | ---- | M] () -- C:\Arquivos de Programas\Common Files\Apple\Apple Application Support\libxslt.dll

MOD - [2014/10/09 12:50:55 | 000,049,296 | ---- | M] () -- C:\Arquivos de Programas\Trend Micro\Titanium\plugin\Pt\boost_date_time-vc110-mt-1_52.dll

MOD - [2014/10/09 12:50:55 | 000,025,104 | ---- | M] () -- C:\Arquivos de Programas\Trend Micro\Titanium\plugin\Pt\boost_system-vc110-mt-1_52.dll

MOD - [2014/09/26 00:40:11 | 000,316,576 | ---- | M] () -- C:\Arquivos de Programas\Microsoft Office 15\root\office15\appvisvstream32.dll

MOD - [2014/02/12 13:25:46 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll

MOD - [2014/01/20 13:17:04 | 000,073,544 | ---- | M] () -- C:\Arquivos de Programas\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2014/01/10 03:28:18 | 000,100,688 | ---- | M] () -- C:\Arquivos de Programas\DivX\DivX Update\DivXUpdateCheck.dll

MOD - [2014/01/10 03:26:44 | 001,861,968 | ---- | M] () -- C:\Arquivos de Programas\DivX\DivX Update\DivXUpdate.exe

MOD - [2013/09/30 09:33:58 | 001,923,072 | ---- | M] () -- C:\Arquivos de Programas\Leawo\Video Converter\panda.dll

MOD - [2013/09/25 15:24:20 | 012,524,544 | ---- | M] () -- C:\Arquivos de Programas\Leawo\Video Converter\ffbri.dll

MOD - [2013/08/23 17:35:22 | 001,506,304 | ---- | M] () -- C:\Arquivos de Programas\Leawo\Video Converter\profile.dll

MOD - [2013/07/29 15:13:58 | 000,013,312 | ---- | M] () -- C:\Arquivos de Programas\Leawo\Video Converter\mdesu.dll

MOD - [2013/06/20 09:41:30 | 000,092,160 | ---- | M] () -- C:\Arquivos de Programas\Leawo\Video Converter\lang.dll

MOD - [2013/06/20 09:10:12 | 000,689,664 | ---- | M] () -- C:\Arquivos de Programas\Leawo\Video Converter\adlib.dll

MOD - [2013/06/20 09:10:12 | 000,577,536 | ---- | M] () -- C:\Arquivos de Programas\Leawo\Video Converter\libass.dll

MOD - [2013/06/20 09:10:12 | 000,379,904 | ---- | M] () -- C:\Arquivos de Programas\Leawo\Video Converter\snake.dll

MOD - [2013/06/20 09:10:12 | 000,258,048 | ---- | M] () -- C:\Arquivos de Programas\Leawo\Video Converter\SDL.dll

MOD - [2013/06/20 09:10:12 | 000,122,880 | ---- | M] () -- C:\Arquivos de Programas\Leawo\Video Converter\libexpat.dll

MOD - [2013/06/20 09:10:12 | 000,030,208 | ---- | M] () -- C:\Arquivos de Programas\Leawo\Video Converter\qtlib.dll

MOD - [2010/09/23 01:47:30 | 000,074,616 | ---- | M] () -- C:\Arquivos de Programas\Windows Live\Messenger\ShareAnythingControlRes.dll

MOD - [2010/09/23 01:37:38 | 000,010,616 | ---- | M] () -- C:\Arquivos de Programas\Windows Live\Messenger\pt-br\ShareAnythingControllang.dll.mui

MOD - [2010/09/23 00:49:24 | 000,018,792 | ---- | M] () -- C:\Arquivos de Programas\Windows Live\Shared\pt-br\wliduxloc.dll.mui

MOD - [2010/09/23 00:49:04 | 000,024,936 | ---- | M] () -- C:\Arquivos de Programas\Windows Live\Shared\pt-br\uxctlloc.dll.mui

MOD - [2010/07/04 19:32:36 | 000,004,608 | ---- | M] () -- C:\Arquivos de Programas\Unlocker\UnlockerHook.dll

MOD - [2010/07/04 17:51:26 | 000,017,408 | ---- | M] () -- C:\Arquivos de Programas\Unlocker\UnlockerAssistant.exe

 

 

========== Services (SafeList) ==========

 

SRV - File not found [Auto | Stopped] -- C:\Program Files\Baidu Security\Baidu Antivirus\BHipsSvc.exe -- (BHipsSvc)

SRV - File not found [Auto | Stopped] -- C:\Program Files\Baidu Security\Baidu Antivirus\BavSvc.exe -- (BavSvc)

SRV - File not found [Auto | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)

SRV - [2014/11/12 03:44:40 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2014/11/06 00:59:34 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)

SRV - [2014/10/09 12:50:56 | 000,963,632 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Arquivos de Programas\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe -- (Platinum Host Service)

SRV - [2014/10/01 11:09:30 | 000,968,504 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Arquivos de Programas\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2014/10/01 11:09:28 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Arquivos de Programas\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2014/09/25 01:18:20 | 001,669,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe -- (ClickToRunSvc)

SRV - [2014/09/12 16:14:55 | 004,799,760 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Arquivos de Programas\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)

SRV - [2014/08/29 05:47:26 | 000,263,296 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Arquivos de Programas\Trend Micro\TMIDS\PwmSvc.exe -- (PwmSvc)

SRV - [2014/07/21 12:23:58 | 000,546,104 | ---- | M] (GAS Tecnologia) [Auto | Running] -- C:\Arquivos de Programas\GbPlugin\gbpsv.exe -- (GbpSv)

SRV - [2013/10/03 03:33:02 | 004,846,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)

SRV - [2013/10/03 03:33:02 | 000,150,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)

SRV - [2013/08/14 16:19:22 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Arquivos de Programas\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)

SRV - [2013/06/26 20:23:04 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Arquivos de Programas\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2013/06/26 20:23:00 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de Programas\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2013/05/27 02:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2013/04/22 11:02:06 | 000,822,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de Programas\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc)

SRV - [2010/11/20 10:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)

SRV - [2010/09/22 17:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Arquivos de Programas\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV - [2010/09/21 15:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | System | Stopped] -- system32\drivers\pofilterdrv.sys -- (pofilterdrv)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys -- (PCFApiUtil)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\gbpndisrd.sys -- (NdisrdMP)

DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\RaInfo.sys -- (LMIInfo)

DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\jimyljzl.sys -- (jimyljzl)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService)

DRV - File not found [Kernel | On_Demand | Stopped] -- D:\FXDrv32.sys -- (FXDrv32)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Suzie\AppData\Local\Temp\catchme.sys -- (catchme)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BprotectEx.sys -- (BprotectEx)

DRV - File not found [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\BHipsEx.sys -- (BHipsEx)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Baidu Security\Baidu Antivirus\BdCameraProtect.sys -- (BdCameraProtect)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Baidu Security\Baidu Antivirus\BdApiUtil.sys -- (BdApiUtil)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Suzie\AppData\Local\Temp\[email protected]\FileKill_x86.sys -- (Baidu PC Faster FileShredder)

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Suzie\AppData\Local\Temp\aswVmm.sys -- (aswVmm)

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Suzie\AppData\Local\Temp\aswMBR.sys -- (aswMBR)

DRV - File not found [Kernel | System | Stopped] -- system32\drivers\{f9d2f209-1697-4837-85f2-d88e4c9f7c81}Gw.sys -- ({f9d2f209-1697-4837-85f2-d88e4c9f7c81}Gw)

DRV - [2014/10/01 11:11:24 | 000,051,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl)

DRV - [2014/10/01 11:11:10 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2014/08/29 05:47:29 | 000,061,728 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\kbfilter.sys -- (kbfilter)

DRV - [2014/07/14 05:39:44 | 000,108,072 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)

DRV - [2014/07/14 05:39:40 | 000,089,032 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)

DRV - [2014/07/14 05:39:36 | 000,302,760 | ---- | M] (Trend Micro Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)

DRV - [2014/06/30 09:06:50 | 000,086,840 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmusa.sys -- (tmusa)

DRV - [2014/06/06 23:16:42 | 000,086,888 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)

DRV - [2014/05/29 08:37:00 | 000,090,936 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tmeevw.sys -- (tmeevw)

DRV - [2014/05/24 02:35:07 | 000,128,832 | ---- | M] (Baidu, Inc.) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\BdSandbox.sys -- (BdSandbox)

DRV - [2014/05/24 02:35:06 | 000,070,240 | ---- | M] (Baidu, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Bndef.sys -- (Bndef)

DRV - [2014/05/24 02:35:05 | 000,070,464 | ---- | M] (Baidu, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Bnbasex.sys -- (Bnbase)

DRV - [2014/05/24 02:35:00 | 000,028,992 | ---- | M] (Baidu, Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\Bfmon.sys -- (Bfmon)

DRV - [2014/05/24 02:34:58 | 000,047,424 | ---- | M] (Baidu, Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\Bfilter.sys -- (Bfilter)

DRV - [2014/05/24 02:34:57 | 000,084,576 | ---- | M] (Baidu, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Bhbase.sys -- (Bhbase)

DRV - [2014/04/08 02:09:40 | 000,306,232 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tmnciesc.sys -- (tmnciesc)

DRV - [2014/03/14 21:27:24 | 000,047,192 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gbpkm.sys -- (GbpKm)

DRV - [2014/02/27 22:29:53 | 000,029,400 | ---- | M] (GAS Tecnologia) [Kernel | System | Running] -- C:\Windows\System32\drivers\gbpndisrdn.sys -- (Ndisrd)

DRV - [2013/10/17 13:32:57 | 000,013,304 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TVMonitor.sys -- (MonitorFunction)

DRV - [2013/10/17 13:32:56 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn)

DRV - [2013/10/01 22:42:31 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2013/08/21 02:31:38 | 000,182,680 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudserd.sys -- (ssudserd)

DRV - [2013/08/21 02:31:38 | 000,182,680 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)

DRV - [2013/08/21 02:31:38 | 000,084,248 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)

DRV - [2013/07/25 17:53:46 | 000,018,944 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)

DRV - [2013/07/01 11:08:26 | 000,040,736 | ---- | M] (Trend Micro Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TMEBC32.sys -- (TMEBC)

DRV - [2013/06/26 20:23:04 | 000,020,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)

DRV - [2013/06/26 20:23:00 | 000,197,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)

DRV - [2013/06/26 20:23:00 | 000,024,232 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)

DRV - [2013/06/26 20:22:58 | 000,583,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)

DRV - [2012/11/29 12:56:52 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)

DRV - [2012/11/29 12:56:30 | 000,013,408 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\radpms.sys -- (radpms)

DRV - [2012/08/23 12:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV - [2010/11/20 07:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2010/06/19 00:30:12 | 000,014,848 | ---- | M] (Siliten) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\InputFilter_FlexDef2b.sys -- (InputFilter_Hid_FlexDef2b)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{52db1893-8a90-4192-aede-08e00b8f8473}: "URL" = http://dts.search.as...q={searchTerms}

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = www.google.com

IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

========== FireFox ==========

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.71.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)

FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Suzie\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll File not found

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Suzie\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll File not found

FF - HKCU\Software\MozillaPlugins\gastecnologia.com.br/sf/bb: C:\Users\Suzie\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll (GAS Tecnologia)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/09/04 22:28:50 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/09/04 22:28:50 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\firefoxextension [2014/11/09 02:12:07 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C}: C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension\ [2014/11/09 02:13:00 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2014/11/09 02:10:38 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8197dd50-b252-4b08-a1be-1277f22357bb}: C:\Program Files\Trend Micro\TMIDS\PwmFirefoxExt [2014/11/14 21:43:31 | 000,000,000 | ---D | M]

 

[2013/07/27 02:52:09 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de Programas\Mozilla Firefox\extensions

 

========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},

CHR - plugin: Error reading preferences file

CHR - Extension: Google Docs = C:\Users\Suzie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\

CHR - Extension: Google Docs = C:\Users\Suzie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_1\

CHR - Extension: Google Docs = C:\Users\Suzie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\

CHR - Extension: Google Docs = C:\Users\Suzie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_1\

CHR - Extension: Google Drive = C:\Users\Suzie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\

CHR - Extension: Google Drive = C:\Users\Suzie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_1\

CHR - Extension: Google Drive = C:\Users\Suzie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: Google Drive = C:\Users\Suzie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\

CHR - Extension: YouTube = C:\Users\Suzie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: YouTube = C:\Users\Suzie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\

CHR - Extension: YouTube = C:\Users\Suzie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: YouTube = C:\Users\Suzie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\

CHR - Extension: Pesquisa do Google = C:\Users\Suzie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Pesquisa do Google = C:\Users\Suzie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\

CHR - Extension: Pesquisa do Google = C:\Users\Suzie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: Pesquisa do Google = C:\Users\Suzie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\

CHR - Extension: No name found = C:\Users\Suzie\AppData\Local\Google\Chrome\User Data\Default\Extensions\epkhgmlgiomobdlofllfmoejgjdojknn\3.0.2.0_0\

CHR - Extension: No name found = C:\Users\Suzie\AppData\Local\Google\Chrome\User Data\Default\Extensions\epkhgmlgiomobdlofllfmoejgjdojknn\3.0.2.0_0\.bak

CHR - Extension: No name found = C:\Users\Suzie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkjifoifglkpcdffkenpinlbjgephlo\1.11_0\

CHR - Extension: No name found = C:\Users\Suzie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggfkikjepbfnilidoicegfpoppcpblog\1.2_0\

CHR - Extension: No name found = C:\Users\Suzie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gikhgcaliglmioibbockkmjknfnepbdh\1.6_0\

CHR - Extension: No name found = C:\Users\Suzie\AppData\Local\Google\Chrome\User Data\Default\Extensions\glacllipodbjfijgkcdifnlhmoddlkon\1.6_0\

CHR - Extension: No name found = C:\Users\Suzie\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\3.1.45_0\

CHR - Extension: No name found = C:\Users\Suzie\AppData\Local\Google\Chrome\User Data\Default\Extensions\heapppgcdapgfodlejhjaaokicffghkb\1.0.0_0\

CHR - Extension: No name found = C:\Users\Suzie\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop\1.0.0.4_0\

CHR - Extension: No name found = C:\Users\Suzie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikolalhgedleklomhpmobinimeknppon\0.1.9_0\

CHR - Extension: No name found = C:\Users\Suzie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok\1.6.7_0\

CHR - Extension: No name found = C:\Users\Suzie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkeabchhfifpaaoefpockjhaphjmoapp\3.7.1_0\

CHR - Extension: No name found = C:\Users\Suzie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\

CHR - Extension: Trend Micro Toolbar = C:\Users\Suzie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf\8.0.0.1184_0\

CHR - Extension: Trend Micro Password Manager = C:\Users\Suzie\AppData\Local\Google\Chrome\User Data\Default\Extensions\olmajmomenlhgihenlbjcfbopoghpckg\1.9.0.1112_0\

CHR - Extension: Gmail = C:\Users\Suzie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

CHR - Extension: Gmail = C:\Users\Suzie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

 

O1 HOSTS File: ([2014/11/08 02:12:15 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

O2 - BHO: (Trend Micro Password Manager BHO) - {3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} - C:\Arquivos de Programas\Trend Micro\TMIDS\PwmIEBHO32.dll (Trend Micro Inc.)

O2 - BHO: (Trend Micro Security Toolbar Helper) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Arquivos de Programas\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)

O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de Programas\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (TmIEPlugInBHO Class) - {959A5673-7971-48e6-AF54-58F745AC4ABC} - C:\Arquivos de Programas\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg.dll (Trend Micro Inc.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Arquivos de Programas\Microsoft Office 15\root\office15\urlredir.dll (Microsoft Corporation)

O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Arquivos de Programas\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe32.dll (Trend Micro Inc.)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de Programas\GbPlugin\gbieh.dll (Banco do Brasil)

O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de Programas\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (Trend Micro Password Manager ToolBar) - {9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} - C:\Arquivos de Programas\Trend Micro\TMIDS\PwmIEBHO32.dll (Trend Micro Inc.)

O3 - HKLM\..\Toolbar: (Trend Micro Security Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Arquivos de Programas\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [DivXMediaServer] C:\Arquivos de Programas\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [Nike+ Connect] C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe (Nike)

O4 - HKLM..\Run: [Platinum] C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe (Trend Micro Inc.)

O4 - HKLM..\Run: [PwmConsole.exe] C:\Program Files\Trend Micro\TMIDS\PwmConsole.exe (Trend Micro Inc.)

O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)

O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()

O4 - HKCU..\Run: [iCloudServices] C:\Arquivos de Programas\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)

O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)

O4 - HKCU..\Run: [Nike+ Connect] C:\Users\Suzie\AppData\Local\Nike\Nike+ Connect\Nike+ Connect daemon.exe (Nike)

O4 - HKLM..\RunOnce: [0c4bccd4-4949-4885-9fae-6b0d2abe2e18] REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\olmajmomenlhgihenlbjcfbopoghpckg /f /v update_url /d https://clients2.goo...ice/update2/crx File not found

O4 - HKLM..\RunOnce: [1546dae9-e4e5-45b7-a593-752377b25f53] REG DELETE HKEY_CLASSES_ROOT\CLSID\{C96A30C3-E55D-42E5-BE76-487E17873F1F} /v LocalizedString /f File not found

O4 - HKLM..\RunOnce: [2a90dc2c-7493-40c6-841a-42d3bf3a1556] REG DELETE HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\idkknaphebegndgimgdpfnconcickdfn /f File not found

O4 - HKLM..\RunOnce: [3b2718df-efa3-47f1-98b5-fc0f5ecda8e2] REG DELETE HKEY_CLASSES_ROOT\CLSID\{C96A30C3-E55D-42E5-BE76-487E17873F1F} /v LocalizedString /f File not found

O4 - HKLM..\RunOnce: [54573e81-c600-4a63-9870-7c6963c41a3e] REG ADD HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json" File not found

O4 - HKLM..\RunOnce: [657c5e39-a33c-4758-80d8-d44090a27f26] C:\Arquivos de Programas\Trend Micro\TMIDS\PwmChromeGPOMod.exe ()

O4 - HKLM..\RunOnce: [6c4a761e-d9db-4529-94f4-250e7955cb32] C:\Arquivos de Programas\Trend Micro\TMIDS\PwmChromeGPOMod.exe ()

O4 - HKLM..\RunOnce: [b1fa265d-fc05-4b30-8729-41219952da7f] REG DELETE HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\idkknaphebegndgimgdpfnconcickdfn /f File not found

O4 - HKLM..\RunOnce: [c636c66f-558d-4a38-ab4c-c295d47cf4ba] REG DELETE HKEY_CLASSES_ROOT\CLSID\{3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} /v LocalizedString /f File not found

O4 - HKLM..\RunOnce: [cad5936b-b2ab-4e6f-9eac-c8ca951a3a27] REG DELETE HKEY_CLASSES_ROOT\CLSID\{9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} /v LocalizedString /f File not found

O4 - HKLM..\RunOnce: [cafb5813-fe91-4a6a-8432-9fb6fa96aae6] REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json" File not found

O4 - HKLM..\RunOnce: [d3301056-ee70-44d2-adf3-545261c6541e] REG DELETE HKEY_CLASSES_ROOT\CLSID\{3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} /v LocalizedString /f File not found

O4 - HKLM..\RunOnce: [d46003fd-2b7d-4628-82c6-631377e5534e] REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json" File not found

O4 - HKLM..\RunOnce: [f37a21d9-48e3-4ce9-b867-37979a7fe32a] REG ADD HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json" File not found

O4 - HKLM..\RunOnce: [f6f1ec00-b07c-4ba0-bebd-1199b380e7c4] REG DELETE HKEY_CLASSES_ROOT\CLSID\{9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} /v LocalizedString /f File not found

O4 - HKLM..\RunOnce: [f8b6a34b-79c9-435f-85f2-2290e70669e1] REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\olmajmomenlhgihenlbjcfbopoghpckg /f /v update_url /d https://clients2.goo...ice/update2/crx File not found

O4 - Startup: C:\Users\Suzie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar para o OneNote.lnk = C:\Arquivos de Programas\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Console Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found

O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de Programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de Programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Arquivos de Programas\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www] * in Trusted sites)

O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www14] * in Trusted sites)

O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www14] https in Trusted sites)

O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www2] * in Trusted sites)

O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www2] https in Trusted sites)

O15 - HKCU\..Trusted Domains: bb.com.br ([seg] https in Trusted sites)

O15 - HKCU\..Trusted Domains: bb.com.br ([www] * in Trusted sites)

O15 - HKCU\..Trusted Domains: bb.com.br ([www] http in Trusted sites)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DAE35FE-0ADD-4A7C-9545-A7D47FA4AE01}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC490675-FD03-45B5-B4CC-25DF0BFE305F}: DhcpNameServer = 172.20.10.1

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Arquivos de Programas\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)

O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Arquivos de Programas\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe32.dll (Trend Micro Inc.)

O18 - Protocol\Handler\tmop {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Arquivos de Programas\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg.dll (Trend Micro Inc.)

O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Arquivos de Programas\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)

O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Arquivos de Programas\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de Programas\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Arquivos de Programas\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Program Files\GbPlugin\gbieh.dll) - C:\Arquivos de Programas\GbPlugin\gbieh.dll (Banco do Brasil)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Arquivos de Programas\GbPlugin\gbieh.dll (Banco do Brasil)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 19:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2014/11/13 04:10:24 | 001,107,968 | ---- | C] (Farbar) -- C:\Users\Suzie\Desktop\FRST.exe

[2014/11/12 01:54:01 | 000,701,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10K.DLL

[2014/11/12 01:53:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll

[2014/11/12 01:53:51 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AUDIOKSE.dll

[2014/11/12 01:53:50 | 000,374,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioEng.dll

[2014/11/12 01:53:50 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDump.dll

[2014/11/12 01:53:50 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll

[2014/11/12 01:53:49 | 002,379,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2014/11/12 01:53:42 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll

[2014/11/12 01:53:38 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll

[2014/11/12 01:53:35 | 000,681,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll

[2014/11/12 01:53:35 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msaudite.dll

[2014/11/12 01:53:23 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe

[2014/11/12 01:53:23 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe

[2014/11/12 01:53:23 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll

[2014/11/12 01:53:23 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll

[2014/11/12 01:53:22 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2014/11/12 01:53:22 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll

[2014/11/12 01:53:22 | 000,341,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2014/11/12 01:53:22 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2014/11/12 01:53:22 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2014/11/12 01:53:22 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2014/11/12 01:53:21 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2014/11/12 01:53:21 | 000,708,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2014/11/12 01:53:21 | 000,688,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2014/11/12 01:53:21 | 000,418,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll

[2014/11/12 01:53:20 | 002,051,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2014/11/12 01:53:20 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll

[2014/11/12 01:53:20 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2014/11/12 01:53:19 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll

[2014/11/12 01:53:19 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll

[2014/11/12 01:53:18 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2014/11/12 01:53:16 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll

[2014/11/12 01:53:16 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll

[2014/11/12 01:53:12 | 004,298,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2014/11/11 06:10:19 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2014/11/11 04:02:10 | 000,114,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys

[2014/11/11 04:01:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

[2014/11/11 04:01:40 | 000,075,480 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys

[2014/11/11 04:01:40 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys

[2014/11/11 04:01:40 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2014/11/11 04:01:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware

[2014/11/11 04:01:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2014/11/09 03:20:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Password Manager

[2014/11/09 02:45:59 | 000,000,000 | ---D | C] -- C:\Users\Suzie\AppData\Roaming\Trend Micro

[2014/11/09 02:28:22 | 000,061,728 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\kbfilter.sys

[2014/11/09 02:28:22 | 000,061,728 | ---- | C] (Trend Micro Inc.) -- C:\kbfilter.sys

[2014/11/09 02:24:56 | 000,214,576 | ---- | C] (Trend Micro Inc.) -- C:\Windows\RegBootClean.exe

[2014/11/09 02:16:51 | 000,000,000 | -H-D | C] -- C:\TMRescueDisk

[2014/11/09 02:13:19 | 000,000,000 | ---D | C] -- C:\Users\Suzie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Maximum Security

[2014/11/09 02:12:31 | 000,090,936 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmeevw.sys

[2014/11/09 02:12:29 | 000,306,232 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmnciesc.sys

[2014/11/09 02:12:17 | 000,302,760 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys

[2014/11/09 02:12:17 | 000,108,072 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmactmon.sys

[2014/11/09 02:12:17 | 000,089,032 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmevtmgr.sys

[2014/11/09 02:12:13 | 000,040,736 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\TMEBC32.sys

[2014/11/09 02:12:09 | 000,086,840 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmusa.sys

[2014/11/09 02:09:48 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2014/11/09 02:09:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro

[2014/11/09 02:06:13 | 000,000,000 | ---D | C] -- C:\Users\Suzie\AppData\Local\Trend Micro

[2014/11/09 01:55:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro Installer

[2014/11/08 03:01:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2014/11/08 01:47:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2014/11/08 01:47:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2014/11/08 01:47:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2014/11/08 01:47:00 | 000,012,568 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Windows\System32\drivers\PROCEXP113.SYS

[2014/11/08 01:46:57 | 000,000,000 | ---D | C] -- C:\Qoobox

[2014/11/08 01:46:26 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2014/11/07 11:50:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud

[2014/10/31 16:02:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2014/10/31 16:01:46 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2014/10/24 23:12:40 | 000,000,000 | ---D | C] -- C:\Users\Suzie\Start Menu

[2014/10/24 23:10:25 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group

[2014/10/22 01:54:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2014/10/22 01:54:10 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2

[2014/10/19 09:36:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2014/10/19 09:35:29 | 000,000,000 | ---D | C] -- C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB

[2014/10/18 14:45:53 | 000,029,160 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Windows\System32\drivers\PROCEXP152.SYS

[2014/10/18 14:37:08 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker

[2014/10/18 02:57:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX

[2014/10/18 02:38:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses

[2014/10/18 00:51:15 | 000,000,000 | ---D | C] -- C:\Users\Suzie\AppData\Local\F-Secure

[2014/10/17 03:00:42 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll

[2014/10/17 03:00:38 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe

[2014/10/17 03:00:36 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys

[2014/10/17 03:00:33 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll

[2014/10/17 03:00:33 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsRdpWebAccess.dll

[2014/10/17 03:00:33 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprtPS.dll

[2014/10/17 03:00:33 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll

[2014/10/17 03:00:32 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdvidcrl.dll

[2014/10/17 03:00:32 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe

[2014/10/17 03:00:32 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWbPrxy.exe

[2013/11/22 09:40:00 | 000,170,344 | ---- | C] (Baidu, Inc.) -- C:\ProgramData\FileSplitUpLoad.dll

[16 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2014/11/15 04:43:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2014/11/15 04:33:14 | 000,000,512 | ---- | M] () -- C:\Users\Suzie\Desktop\MBR.dat

[2014/11/15 03:11:04 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys

[2014/11/14 23:27:57 | 000,006,144 | ---- | M] () -- C:\Users\Suzie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2014/11/14 22:36:27 | 000,706,016 | ---- | M] () -- C:\Windows\System32\prfh0416.dat

[2014/11/14 22:36:27 | 000,654,472 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2014/11/14 22:36:27 | 000,147,598 | ---- | M] () -- C:\Windows\System32\prfc0416.dat

[2014/11/14 22:36:27 | 000,122,086 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2014/11/14 21:51:38 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2014/11/14 21:51:38 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2014/11/14 21:44:40 | 000,000,286 | RHS- | M] () -- C:\ProgramData\ntuser.pol

[2014/11/14 21:44:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2014/11/14 21:43:49 | 1558,110,208 | -HS- | M] () -- C:\hiberfil.sys

[2014/11/13 04:08:04 | 001,107,968 | ---- | M] (Farbar) -- C:\Users\Suzie\Desktop\FRST.exe

[2014/11/12 03:52:43 | 000,436,304 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2014/11/12 03:44:24 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2014/11/12 03:44:24 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2014/11/09 02:43:18 | 000,214,576 | ---- | M] (Trend Micro Inc.) -- C:\Windows\RegBootClean.exe

[2014/11/09 02:13:18 | 000,001,445 | ---- | M] () -- C:\Users\Suzie\Desktop\Trend Micro Maximum Security.lnk

[2014/11/09 02:10:16 | 000,000,059 | ---- | M] () -- C:\Windows\System32\SupportTool.exe.bat

[2014/11/09 02:08:41 | 000,000,036 | ---- | M] () -- C:\Users\Suzie\AppData\Local\housecall.guid.cache

[2014/11/08 02:50:18 | 000,000,079 | ---- | M] () -- C:\Windows\wininit.ini

[2014/11/08 02:18:26 | 000,012,568 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Windows\System32\drivers\PROCEXP113.SYS

[2014/11/08 02:12:15 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2014/11/08 00:56:17 | 000,000,310 | ---- | M] () -- C:\Users\Suzie\AppData\Roaming\WB.CFG

[2014/11/07 17:23:39 | 000,341,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2014/11/06 01:28:20 | 002,724,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2014/11/06 01:28:06 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll

[2014/11/06 01:13:36 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2014/11/06 01:12:44 | 000,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll

[2014/11/06 01:10:58 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll

[2014/11/06 01:04:45 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2014/11/06 01:03:56 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2014/11/06 01:00:56 | 000,478,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2014/11/06 00:59:36 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2014/11/06 00:59:34 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe

[2014/11/06 00:58:38 | 000,620,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll

[2014/11/06 00:51:33 | 000,667,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe

[2014/11/06 00:48:12 | 000,418,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll

[2014/11/06 00:42:36 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll

[2014/11/06 00:37:58 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll

[2014/11/06 00:34:21 | 000,285,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll

[2014/11/06 00:22:26 | 000,683,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2014/11/06 00:22:12 | 000,688,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2014/11/06 00:21:49 | 004,298,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2014/11/06 00:21:25 | 002,051,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2014/11/06 00:20:37 | 001,155,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll

[2014/11/05 23:47:17 | 000,708,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2014/10/31 16:02:03 | 000,001,819 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2014/10/28 06:35:00 | 000,229,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

[2014/10/24 23:32:37 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\packager.dll

[2014/10/19 09:36:28 | 000,001,757 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2014/10/18 14:45:53 | 000,029,160 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Windows\System32\drivers\PROCEXP152.SYS

[2014/10/18 02:58:36 | 000,001,551 | ---- | M] () -- C:\Users\Suzie\Desktop\DivX Movies.lnk

[2014/10/18 02:58:16 | 000,001,036 | ---- | M] () -- C:\Users\Public\Desktop\DivX Player.lnk

[2014/10/18 02:57:45 | 000,001,101 | ---- | M] () -- C:\Users\Public\Desktop\DivX Converter.lnk

[16 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2014/11/15 04:33:14 | 000,000,512 | ---- | C] () -- C:\Users\Suzie\Desktop\MBR.dat

[2014/11/09 02:28:22 | 000,007,707 | ---- | C] () -- C:\kbfilter.cat

[2014/11/09 02:28:22 | 000,002,605 | ---- | C] () -- C:\kbfilter.inf

[2014/11/09 02:28:22 | 000,000,098 | ---- | C] () -- C:\install.bat

[2014/11/09 02:28:22 | 000,000,081 | ---- | C] () -- C:\uninstall.bat

[2014/11/09 02:13:18 | 000,001,445 | ---- | C] () -- C:\Users\Suzie\Desktop\Trend Micro Maximum Security.lnk

[2014/11/09 02:10:16 | 000,000,059 | ---- | C] () -- C:\Windows\System32\SupportTool.exe.bat

[2014/11/09 02:08:41 | 000,000,036 | ---- | C] () -- C:\Users\Suzie\AppData\Local\housecall.guid.cache

[2014/11/08 02:50:00 | 000,000,079 | ---- | C] () -- C:\Windows\wininit.ini

[2014/11/08 01:47:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2014/11/08 01:47:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2014/11/08 01:47:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2014/11/08 01:47:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2014/11/08 01:47:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2014/10/31 16:02:03 | 000,001,819 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2014/10/19 09:36:28 | 000,001,757 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2014/10/18 02:58:36 | 000,001,551 | ---- | C] () -- C:\Users\Suzie\Desktop\DivX Movies.lnk

[2014/10/18 02:58:16 | 000,001,036 | ---- | C] () -- C:\Users\Public\Desktop\DivX Player.lnk

[2014/10/18 02:57:45 | 000,001,101 | ---- | C] () -- C:\Users\Public\Desktop\DivX Converter.lnk

[2014/10/02 00:11:30 | 000,019,434 | ---- | C] () -- C:\Windows\prodsett_copy.ini

[2014/08/06 03:15:56 | 000,000,004 | ---- | C] () -- C:\Users\Suzie\AppData\Roaming\appdataFr2.bin

[2014/06/08 20:06:32 | 000,000,286 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2014/05/09 11:56:00 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat

[2014/04/29 22:53:30 | 000,000,176 | ---- | C] () -- C:\Windows\REC-NET.INI

[2013/12/31 00:51:10 | 000,000,005 | ---- | C] () -- C:\Users\Suzie\AppData\Roaming\WBPU-Q5-TTL.DAT

[2013/12/29 15:04:42 | 000,001,656 | ---- | C] () -- C:\Windows\System32\ASOROSet.bin

[2013/12/01 13:31:06 | 000,006,144 | ---- | C] () -- C:\Users\Suzie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2013/08/07 19:50:22 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll

[2013/08/01 02:51:22 | 000,361,119 | ---- | C] () -- C:\Users\Suzie\AppData\Local\newhb.crx

[2013/07/27 03:51:11 | 000,000,310 | ---- | C] () -- C:\Users\Suzie\AppData\Roaming\WB.CFG

[2013/07/27 03:51:11 | 000,000,005 | ---- | C] () -- C:\Users\Suzie\AppData\Roaming\WBPU-TTL.DAT

[2013/07/27 02:53:30 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2013/07/27 02:53:30 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2013/07/27 02:53:08 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2013/07/27 02:53:06 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll

[2013/07/27 02:53:05 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe

[2013/07/27 02:53:05 | 000,001,786 | ---- | C] () -- C:\Windows\unins000.dat

[2013/07/17 11:21:25 | 000,032,788 | ---- | C] () -- C:\Users\Suzie\AppData\Roaming\unins000.dat

[2013/04/18 20:07:00 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe

[2013/04/18 20:06:46 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll

[2013/04/18 20:06:46 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll

[2013/04/18 20:06:46 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll

[2013/04/18 20:06:46 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll

 

========== ZeroAccess Check ==========

 

[2009/07/14 02:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 23:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 10:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 23:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 208 bytes -> C:\Windows\System32\drivers:GbpKmAp.lst

@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:CB0AACC9

 

< End of report >

[ruggie_uk]

HI, do you also have the extras.txt file?

[ruggie_uk]

And... are you a chinese speaker? There is evidence of Baidu on your system which I will remove if it is not relevant to you.

[psychson]

Hi. 

I'm not Chinese speaker, actually I'm Brazilian-Portuguese speaker.

After I ran the tools you suggested, my computer got even worst. There's still the pornographic animation and a fake Java on my browser and I can barely do anything.

About the extras.txt file, I have to check it.

Thanks.