Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Multiple chrome.exe *32 and also SRWare Iron [Closed]

chrome exe *32 chrome.exe *32 srware iron malware

  • This topic is locked This topic is locked

#31
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Are the *32 still there?


  • 0

Advertisements


#32
hi_helpplease

hi_helpplease

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts

Yes, about 20 of them.  The SRWare iron ones are not anymore


  • 0

#33
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Ok, next step :)

 

FRST.gif Fix with Farbar Recovery Scan Tool



icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.

  • Copy the entire content of the codebox below and paste into the Notepad document:
    start
    
    R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2014-02-28] () [File not signed]
    
    S2 sppsvc; C:\Windows\SysWOW64\sppsvc.exe [0 2014-02-28] () [File not signed]
    
    S3 VaultSvc; C:\Windows\SysWOW64\lsass.exe [0 2014-02-28] () [File not signed]
    
    S3 ProtectedStorage; C:\Windows\SysWOW64\lsass.exe [0 2014-02-28] () [File not signed]
    
    R2 SamSs; C:\Windows\SysWOW64\lsass.exe [0 2014-02-28] () [File not signed]
    
    S3 Netlogon; C:\Windows\SysWOW64\lsass.exe [0 2014-02-28] () [File not signed]
    
    S3 KeyIso; C:\Windows\SysWOW64\lsass.exe [0 2014-02-28] () [File not signed]
    
    R2 EFS; C:\Windows\SysWOW64\lsass.exe [0 2014-02-28] () [File not signed]
    
    2014-10-28 09:25 - 2014-10-28 09:26 - 00898744 _____ () C:\Users\user\Downloads\WebClient (7).exe
    
    2014-10-27 07:37 - 2014-10-27 07:37 - 00898744 _____ () C:\Users\user\Downloads\WebClient (6).exe
    
    2014-10-27 07:34 - 2014-10-27 07:34 - 00898744 _____ () C:\Users\user\Downloads\WebClient (5).exe
    
    2014-10-27 07:33 - 2014-10-27 07:33 - 00898744 _____ () C:\Users\user\Downloads\WebClient (4).exe
    
    2014-11-14 11:01 - 2012-08-03 13:31 - 00000000 ____D () C:\Windows\SysWOW64\webclient
    
    2014-11-04 15:50 - 2011-06-01 15:09 - 00014592 _____ () C:\Windows\SysWOW64\FOXUSER.FPT
    
    C:\Windows\SysWOW64\spoolsv.exe
    
    C:\Windows\SysWOW64\sppsvc.exe
    
    C:\Windows\SysWOW64\lsass.exe
    
    CMD: ipconfig /flushdns
    
    CMD: netsh winsock reset all
    
    CMD: netsh int ipv4 reset
    
    CMD: netsh int ipv6 reset
    
    CMD: bitsadmin /reset /allusers
    
    EmptyTemp:
    
    end
    
    end
  • Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!


  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

 

Also, post a fresh FRST scan please and let me know if the *32's are gone.


  • 0

#34
hi_helpplease

hi_helpplease

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts

Hello, 2 days ago I reverted back the fix.  I had to do that to see if the shared folder would return working properly and it didnt work... Here is the scan after the revert.  I didnt want to do the fix before showing you this.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-12-2014
Ran by user (administrator) on SERVIDOR on 03-12-2014 08:54:06
Running from C:\Users\user\Desktop
Loaded Profiles: user & HomeGroupUser$ & Administrador & Convidado (Available profiles: user & HomeGroupUser$ & Administrador & Convidado)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Português (Brasil)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Seiko Epson Corporation) C:\Program Files (x86)\EPSON\TMCOMUSB\Service\EpsonPE.exe
(Firebird Project) C:\Santander\Gerenciador de Arquivos\Servidor\bin\fbguard.exe
(Banco Bradesco S.A.) C:\Program Files (x86)\Scpad\scpVista.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Firebird Project) C:\Santander\Gerenciador de Arquivos\Servidor\bin\fbserver.exe
(Software 2000 Limited) C:\Windows\System32\spool\drivers\x64\3\HP1006MC.EXE
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(A.E.T. Europe B.V.) C:\Windows\System32\aetcrss1.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(A.E.T. Europe B.V.) C:\Windows\System32\aetcrss1.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DOSPrintUI.exe
(Dropbox, Inc.) C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(ACSN Desenvolvimento de Software do Brasil.) C:\ACSN\CENTRAL\PVD\termpvd.exe
() C:\ACSN\CENTRAL\Rt\acsn.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [CertificateRegistration] => C:\Windows\system32\aetcrss1.exe [191488 2011-04-20] (A.E.T. Europe B.V.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ GbPluginAbn-x32: C:\Program Files (x86)\GbPlugin\gbiehAbn.dll (Banco Real)
HKU\S-1-5-21-2030063666-2984625868-3582313932-1000\...\MountPoints2: {b7b91bcf-48cb-11e1-9ccd-bcaec5e3c768} - F:\SamsungKiesInstaller.exe
HKU\S-1-5-18\...\Run: [WinCalendarV3] => C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe [80416 2012-12-10] (Sapro Systems)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DOSPrintUI.exe ()
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2030063666-2984625868-3582313932-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
HKU\S-1-5-21-2030063666-2984625868-3582313932-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-BR
HKU\S-1-5-21-2030063666-2984625868-3582313932-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x980FFFCF7ACACE01
HKU\S-1-5-21-2030063666-2984625868-3582313932-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2030063666-2984625868-3582313932-500\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE9ENUS/110
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} ->  No File
BHO-x32: ssh2 Class -> {2E3C3651-B19C-4DD9-A979-901EC3E930AF} -> C:\Program Files (x86)\Scpad\scpsssh2.dll (Banco Bradesco S.A.)
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} ->  No File
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540007} -> C:\Program Files (x86)\GbPlugin\gbiehabn.dll (Banco Real)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\Program Files (x86)\GbPlugin\gbiehabn.dll [1861176 2014-07-07] (Banco Real)
Tcpip\Parameters: [DhcpNameServer] 201.6.2.82 201.6.2.172
 
FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\00brm37i.default
FF DefaultSearchEngine: Bing 
FF SearchEngineOrder.3: Bing 
FF SelectedSearchEngine: Bing 
FF Homepage: www.google.com
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2030063666-2984625868-3582313932-1000: @citrixonline.com/appdetectorplugin -> C:\Users\user\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-2030063666-2984625868-3582313932-1000: gastecnologia.com.br/sf/abn -> C:\Users\user\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll (GAS Tecnologia)
FF user.js: detected! => C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\00brm37i.default\user.js
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\00brm37i.default\searchplugins\bingp.xml
FF Extension: Hola Better Internet - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\00brm37i.default\Extensions\[email protected] [2014-10-06]
FF Extension: Classic Theme Restorer - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\00brm37i.default\Extensions\[email protected] [2014-08-05]
FF Extension: Googlebar Lite - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\00brm37i.default\Extensions\{79c50f9a-2ffe-4ee0-8a37-fae4f5dacd4f}.xpi [2014-09-30]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-07-20]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKU\S-1-5-21-2030063666-2984625868-3582313932-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E8874}] - C:\Users\user\AppData\Local\GAS Tecnologia\GBBD\abn\xpi
FF Extension: GBBD Banco Santander (Brasil) S.A. - C:\Users\user\AppData\Local\GAS Tecnologia\GBBD\abn\xpi [2014-09-30]
FF Extension: No Name - C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.gmail.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Lookbook GNT) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeelejgkgaffgcceobnnnmhefjcahedc [2014-09-11]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-11]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2014-11-14]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-15]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-11]
CHR Extension: (Fridgg ~ Food Fanatics) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnebomooiloblcgoffldpopcffbfjfdi [2014-11-14]
CHR Extension: (OneTab) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2014-11-14]
CHR Extension: (SlickTasks) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cilfofbacaplmfmfbdgfdphmfdljnioc [2014-11-14]
CHR Extension: (Zilyo Vacation Rental Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckfjnaaigeenfphdlphgeflalcegahbj [2014-11-14]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-11]
CHR Extension: (Be a Local!) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\diiecohgbcgbehcpofpolcnoipmefgbm [2014-11-14]
CHR Extension: (GBBD Banco Santander (Brasil) S.A.) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\embboanagkhdghdnaekpbpgfckeejmlo [2014-08-27]
CHR Extension: (Find The Cheapest Hotel) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\epmleihjpcljbljlohcnljifdhdgfcnl [2014-11-14]
CHR Extension: (ZenMate) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2014-11-14]
CHR Extension: (Hola Better Internet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-08-15]
CHR Extension: (IE Tab) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2014-11-14]
CHR Extension: (Calendar) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfpkinjnkedlkaeoliioblkmlhppjcfc [2014-11-14]
CHR Extension: (feedly) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2014-09-11]
CHR Extension: (SoundCloud) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipebkipbeggmmkjjljenoblnfaenambp [2014-11-14]
CHR Extension: (ZIP Extractor) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmfcakoljjhncfphlflcedhgogfhpbcd [2014-11-14]
CHR Extension: (Sunrise Calendar) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mojepfklcankkmikonjlnidiooanmpbb [2014-11-14]
CHR Extension: (Save to Pocket) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2014-11-05]
CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-15]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-11]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx []
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [mdebcffgnijbblbinknkbefciofebcda] - C:\Users\user\AppData\Local\CRE\mdebcffgnijbblbinknkbefciofebcda.crx [2012-07-15]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 EpsonPEService; C:\Program Files (x86)\EPSON\TMCOMUSB\Service\EpsonPE.exe [914584 2012-01-30] (Seiko Epson Corporation)
S2 EpsonPuras; C:\Program Files\EPSON\EPuras\EPuras.exe [675840 2010-01-20] (SEIKO EPSON CORPORATION) [File not signed]
R2 FirebirdGuardianSuperCash; C:\Santander\Gerenciador de Arquivos\Servidor\bin\fbguard.exe [81920 2012-12-20] (Firebird Project) [File not signed]
R3 FirebirdServerSuperCash; C:\Santander\Gerenciador de Arquivos\Servidor\bin\fbserver.exe [2723840 2012-12-20] (Firebird Project) [File not signed]
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [553272 2014-06-13] (GAS Tecnologia)
S3 NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [774144 2007-01-15] (Nero AG) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S4 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [266240 2007-01-15] (Nero AG) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 scpVista; C:\Program Files (x86)\Scpad\scpVista.exe [360640 2013-03-11] (Banco Bradesco S.A.) [File not signed]
R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2014-02-28] () [File not signed]
S2 sppsvc; C:\Windows\SysWOW64\sppsvc.exe [0 2014-02-28] () [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [28504 2012-03-06] (AVAST Software)
S3 CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [58368 2011-11-04] (www.winchiphead.com)
R2 EpsCe; C:\Windows\system32\Drivers\EpsCe.sys [90480 2014-01-24] (Seiko Epson Corporation)
S2 EPSON TM Parallel Port Driver; C:\Windows\system32\drivers\tmlpt.sys [21640 2010-01-20] (SEIKO EPSON CORPORATION)
S0 GbpKm; C:\Windows\SysWOW64\drivers\gbpkm.sys [47856 2012-09-18] (GAS Tecnologia)
R3 PciSPorts; C:\Windows\System32\DRIVERS\PciSPorts.sys [122880 2008-12-19] ()
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
S1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 TMUSB; C:\Windows\System32\DRIVERS\TMUSB64.SYS [63096 2014-01-24] (Seiko Epson Corporation)
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [146928 2010-03-13] (CyberLink Corp.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-03 08:54 - 2014-12-03 08:54 - 00020645 _____ () C:\Users\user\Desktop\FRST.txt
2014-12-01 12:35 - 2014-12-01 12:35 - 00000000 ____D () C:\Users\Administrador\AppData\Local\A.E.T. Europe B.V
2014-12-01 12:11 - 2014-12-01 12:11 - 03480040 _____ (McAfee, Inc.) C:\Users\user\Downloads\MCPR.exe
2014-12-01 12:01 - 2014-12-01 12:01 - 00000000 ____D () C:\Users\Administrador\AppData\Roaming\Adobe
2014-12-01 12:01 - 2014-12-01 12:01 - 00000000 ____D () C:\Users\Administrador\AppData\Local\Google
2014-11-29 10:28 - 2014-12-01 11:18 - 00000000 ____D () C:\Users\user\Documents\McAfee Vaults
2014-11-29 10:09 - 2014-12-01 12:20 - 00000000 ____D () C:\Users\Todos os Usuários\McAfee
2014-11-29 10:09 - 2014-12-01 12:20 - 00000000 ____D () C:\ProgramData\McAfee
2014-11-26 15:30 - 2014-11-26 15:30 - 00000000 ____H () C:\Users\user\Documents\Default.rdp
2014-11-24 13:43 - 2014-12-01 12:20 - 00023702 _____ () C:\Windows\PFRO.log
2014-11-24 13:22 - 2014-12-03 08:54 - 00000000 ____D () C:\Users\user\Desktop\FRST-OlderVersion
2014-11-22 08:39 - 2014-12-03 07:50 - 00002248 _____ () C:\Windows\setupact.log
2014-11-22 08:39 - 2014-11-22 08:39 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-21 16:58 - 2014-12-03 08:54 - 00000000 ___DC () C:\FRST
2014-11-21 16:57 - 2014-12-03 08:54 - 02117120 ____C (Farbar) C:\Users\user\Desktop\FRST64.exe
2014-11-21 15:30 - 2014-11-21 15:30 - 00602112 _____ (OldTimer Tools) C:\Users\user\Desktop\OTL.exe
2014-11-21 10:54 - 2014-11-21 10:54 - 00001647 _____ () C:\Users\user\Desktop\malware 21-11-14.txt
2014-11-21 09:15 - 2014-11-21 09:25 - 00000000 ___DC () C:\AdwCleaner
2014-11-21 09:13 - 2014-11-21 09:13 - 02140160 _____ () C:\Users\user\Desktop\adwcleaner_4.101.exe
2014-11-19 14:57 - 2014-11-19 14:57 - 00013822 _____ () C:\Users\user\Desktop\YL_Sfolha_Folha_Incluir_Comprovante.asp
2014-11-19 08:03 - 2014-11-11 00:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 08:03 - 2014-11-11 00:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 08:03 - 2014-11-10 23:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 08:03 - 2014-11-10 23:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-18 11:00 - 2014-11-18 11:00 - 00007605 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg
2014-11-18 08:31 - 2014-11-18 08:31 - 00898744 _____ () C:\Users\user\Downloads\WebClient (13).exe
2014-11-14 15:30 - 2014-11-27 08:57 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium
2014-11-14 15:30 - 2014-11-25 10:22 - 00002279 _____ () C:\Users\user\Desktop\Iron App Launcher.lnk
2014-11-14 14:47 - 2014-11-14 14:47 - 00898744 _____ () C:\Users\user\Downloads\WebClient (12).exe
2014-11-14 14:46 - 2014-11-14 14:46 - 00898744 _____ () C:\Users\user\Downloads\WebClient (11).exe
2014-11-14 14:45 - 2014-11-27 09:07 - 00000000 ____D () C:\Program Files (x86)\SRWare Iron
2014-11-14 14:45 - 2014-11-14 14:45 - 00000000 ____D () C:\Users\user\AppData\Local\Chromium
2014-11-14 11:05 - 2014-11-27 09:06 - 00000000 ____D () C:\Users\user\AppData\Local\IE Tab
2014-11-14 11:02 - 2014-11-27 08:57 - 00000000 ____D () C:\Users\user\Desktop\WebClient
2014-11-14 08:50 - 2014-11-27 08:57 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-14 08:50 - 2014-11-14 08:50 - 00002303 _____ () C:\Users\user\Desktop\Chrome App Launcher.lnk
2014-11-13 16:50 - 2014-11-13 16:50 - 00030208 _____ () C:\Users\user\Desktop\ROMANEIO DE DEVOLUCAO.XLS
2014-11-13 16:43 - 2014-11-13 16:43 - 02347384 _____ (ESET) C:\Users\user\Downloads\esetsmartinstaller_enu-1.exe
2014-11-13 09:50 - 2014-11-27 09:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-13 09:50 - 2014-11-27 07:54 - 00002181 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-13 09:49 - 2014-12-03 08:54 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-13 09:49 - 2014-12-03 07:56 - 00001060 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-13 09:49 - 2014-11-13 09:49 - 00004060 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-13 09:49 - 2014-11-13 09:49 - 00003808 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-13 09:45 - 2014-11-13 09:45 - 00000000 __SHD () C:\Users\user\AppData\Local\EmieBrowserModeList
2014-11-12 08:11 - 2014-09-19 06:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 08:11 - 2014-09-19 06:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 08:11 - 2014-09-19 06:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 08:11 - 2014-09-19 06:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 08:11 - 2014-09-19 06:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 08:11 - 2014-09-19 06:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 08:11 - 2014-09-19 06:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 08:11 - 2014-09-19 06:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 08:11 - 2014-09-19 06:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 08:11 - 2014-09-19 06:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 08:11 - 2014-09-19 06:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 08:11 - 2014-09-19 06:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 08:10 - 2014-10-17 23:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 08:10 - 2014-10-17 22:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 08:10 - 2014-10-13 23:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 08:10 - 2014-10-13 23:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 08:10 - 2014-10-13 23:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 08:10 - 2014-10-13 23:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 08:10 - 2014-10-13 23:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 08:10 - 2014-10-13 22:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 08:10 - 2014-10-13 22:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 08:10 - 2014-10-13 22:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 08:10 - 2014-10-13 22:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 08:09 - 2014-11-07 16:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 08:09 - 2014-11-07 16:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 08:09 - 2014-11-06 01:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 08:09 - 2014-11-06 01:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 08:09 - 2014-11-06 01:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 08:09 - 2014-11-06 00:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 08:09 - 2014-11-06 00:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 08:09 - 2014-11-06 00:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 08:09 - 2014-11-06 00:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 08:09 - 2014-11-06 00:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 08:09 - 2014-11-06 00:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 08:09 - 2014-11-06 00:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 08:09 - 2014-11-06 00:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 08:09 - 2014-11-06 00:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 08:09 - 2014-11-06 00:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 08:09 - 2014-11-06 00:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 08:09 - 2014-11-06 00:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 08:09 - 2014-11-06 00:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 08:09 - 2014-11-06 00:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 08:09 - 2014-11-06 00:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 08:09 - 2014-11-06 00:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 08:09 - 2014-11-06 00:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 08:09 - 2014-11-06 00:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 08:09 - 2014-11-06 00:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 08:09 - 2014-11-06 00:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 08:09 - 2014-11-06 00:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 08:09 - 2014-11-06 00:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 08:09 - 2014-11-06 00:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 08:09 - 2014-11-06 00:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 08:09 - 2014-11-06 00:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 08:09 - 2014-11-06 00:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 08:09 - 2014-11-06 00:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 08:09 - 2014-11-05 23:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 08:09 - 2014-11-05 23:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 08:09 - 2014-11-05 23:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 08:09 - 2014-11-05 23:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 08:09 - 2014-11-05 23:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 08:09 - 2014-11-05 23:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 08:09 - 2014-11-05 23:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 08:09 - 2014-11-05 23:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 08:09 - 2014-11-05 23:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 08:09 - 2014-11-05 23:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 08:09 - 2014-11-05 23:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 08:09 - 2014-11-05 23:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 08:09 - 2014-11-05 23:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 08:09 - 2014-11-05 23:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 08:09 - 2014-11-05 23:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 08:09 - 2014-11-05 23:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 08:09 - 2014-11-05 23:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 08:09 - 2014-11-05 23:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 08:09 - 2014-11-05 23:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 08:09 - 2014-11-05 23:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 08:09 - 2014-11-05 22:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 08:09 - 2014-11-05 22:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 08:09 - 2014-11-05 22:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 08:09 - 2014-11-05 22:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 08:08 - 2014-10-24 22:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 08:08 - 2014-10-24 22:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 08:08 - 2014-10-09 21:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 08:08 - 2014-10-02 23:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 08:08 - 2014-10-02 23:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 08:08 - 2014-10-02 23:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 08:08 - 2014-10-02 23:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 08:08 - 2014-10-02 23:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 08:08 - 2014-10-02 22:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 08:08 - 2014-10-02 22:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 08:08 - 2014-10-02 22:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 08:08 - 2014-08-21 03:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 08:08 - 2014-08-21 03:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 08:08 - 2014-08-21 03:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 08:08 - 2014-08-21 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 08:08 - 2014-08-11 23:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 08:08 - 2014-08-11 22:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 08:07 - 2014-10-13 23:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 08:07 - 2014-10-13 22:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-07 14:52 - 2014-11-07 14:52 - 00023627 _____ () C:\Users\user\Downloads\ComprovanteInclusaoFolha (11).html
2014-11-07 14:48 - 2014-11-07 14:48 - 00023627 _____ () C:\Users\user\Downloads\ComprovanteInclusaoFolha (10).html
2014-11-07 11:29 - 2014-11-07 11:29 - 00000891 ____C () C:\Users\user\Desktop\DrLabel.exe - Atalho.lnk
2014-11-06 12:30 - 2014-11-07 07:59 - 00001013 _____ () C:\Users\Public\Desktop\FCS - Frente de Caixa Store.lnk
2014-11-06 12:30 - 2014-11-06 12:30 - 00000856 _____ () C:\Users\Public\Desktop\FCS - Manutenção do Sistema.lnk
2014-11-05 15:51 - 2014-11-05 15:52 - 00898744 _____ () C:\Users\user\Downloads\WebClient (10).exe
2014-11-05 09:09 - 2014-11-05 09:09 - 38494576 _____ (Apple Inc.) C:\Users\user\Downloads\SafariSetup.exe
2014-11-04 14:29 - 2014-11-04 16:44 - 00003704 _____ () C:\Windows\System32\Tasks\Java™ Platform SE Auto Updater
2014-11-04 08:28 - 2014-11-04 08:28 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-11-04 08:28 - 2014-11-04 08:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-11-04 08:27 - 2014-11-04 08:28 - 00000000 ___DC () C:\Program Files\iTunes
2014-11-04 08:27 - 2014-11-04 08:28 - 00000000 ____D () C:\Users\Todos os Usuários\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-11-04 08:27 - 2014-11-04 08:28 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-11-04 08:27 - 2014-11-04 08:28 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-11-04 08:27 - 2014-11-04 08:27 - 00000000 ___DC () C:\Program Files\iPod
2014-11-03 17:34 - 2014-11-03 17:34 - 00000000 ____D () C:\Users\user\AppData\Local\MFAData
2014-11-03 15:49 - 2014-11-03 15:49 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2014-11-03 15:49 - 2013-04-29 09:17 - 00047632 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2014-11-03 15:48 - 2014-11-03 15:49 - 32518056 _____ (Panda Security ) C:\Users\user\Downloads\PandaCloudCleaner.exe
2014-11-03 15:42 - 2014-11-03 15:42 - 00000512 _____ () C:\Windows\system32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
2014-11-03 15:27 - 2014-11-03 15:48 - 00000312 _____ () C:\Windows\system32\config\afw_hm.conf
2014-11-03 15:27 - 2014-11-03 15:48 - 00000004 _____ () C:\Windows\system32\config\afw_db.conf
2014-11-03 11:28 - 2014-11-03 11:28 - 00000000 ____D () C:\Users\user\AppData\Roaming\QuickScan
2014-11-03 11:23 - 2014-11-03 11:24 - 02347384 _____ (ESET) C:\Users\user\Downloads\esetsmartinstaller_enu.exe
2014-11-03 11:21 - 2014-11-18 08:40 - 00000000 ____D () C:\Users\Todos os Usuários\BullGuard
2014-11-03 11:21 - 2014-11-18 08:40 - 00000000 ____D () C:\ProgramData\BullGuard
2014-11-03 11:21 - 2014-11-03 11:21 - 00325440 _____ () C:\Users\user\Downloads\BullGuardDownloaderVS.exe
2014-11-03 11:20 - 2014-11-03 11:20 - 00000000 ____D () C:\Users\user\AppData\Roaming\Virus Scan
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-03 08:39 - 2012-12-17 10:03 - 00000000 ____D () C:\Users\Todos os Usuários\WinCalendarV3
2014-12-03 08:39 - 2012-12-17 10:03 - 00000000 ____D () C:\ProgramData\WinCalendarV3
2014-12-03 07:57 - 2012-11-16 06:35 - 00000902 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-03 07:57 - 2011-08-31 19:15 - 00000000 ___RD () C:\Users\user\Dropbox
2014-12-03 07:57 - 2011-08-31 19:07 - 00000000 ____D () C:\Users\user\AppData\Roaming\Dropbox
2014-12-03 07:57 - 2009-07-14 01:45 - 00014448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-03 07:57 - 2009-07-14 01:45 - 00014448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-03 07:54 - 2013-03-27 08:35 - 01153768 _____ () C:\Windows\WindowsUpdate.log
2014-12-03 07:50 - 2009-07-14 02:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-02 12:08 - 2011-08-01 15:42 - 00000000 ____D () C:\Users\user\Desktop\XML
2014-12-02 12:07 - 2011-06-02 08:45 - 00000000 ____D () C:\Users\user\AppData\Local\CutePDF Writer
2014-12-02 08:41 - 2013-03-01 14:29 - 00000000 ____D () C:\Users\Todos os Usuários\GAS Tecnologia
2014-12-02 08:41 - 2013-03-01 14:29 - 00000000 ____D () C:\ProgramData\GAS Tecnologia
2014-12-02 08:02 - 2011-06-01 15:09 - 00014592 _____ () C:\Windows\SysWOW64\FOXUSER.FPT
2014-12-01 12:41 - 2009-07-14 00:20 - 00000000 ____D () C:\Windows\registration
2014-12-01 12:01 - 2013-06-11 14:25 - 00001389 _____ () C:\Users\Administrador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-01 12:01 - 2009-07-14 01:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-12-01 11:37 - 2012-01-28 21:17 - 01512448 ___SH () C:\Users\user\Desktop\Thumbs.db
2014-12-01 11:32 - 2014-04-23 11:25 - 00000000 ____D () C:\Users\user\AppData\Roaming\Skype
2014-12-01 09:50 - 2009-07-14 00:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-29 09:57 - 2013-10-30 15:00 - 00000000 ____D () C:\Users\user\AppData\Local\Citrix
2014-11-29 09:42 - 2012-07-23 10:21 - 00000000 ____D () C:\Users\Todos os Usuários\MFAData
2014-11-29 09:42 - 2012-07-23 10:21 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-28 17:35 - 2012-01-28 08:05 - 00000000 ____D () C:\CONTTORNO NETWORK FILES
2014-11-28 17:33 - 2012-12-01 10:37 - 00000000 ____D () C:\Users\user\Desktop\PEDRO EDNA PERSONAL
2014-11-27 12:56 - 2009-07-14 00:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-11-27 09:07 - 2012-05-28 15:38 - 00000000 ___DC () C:\StoneCell
2014-11-27 09:07 - 2011-05-31 12:13 - 00000000 ____D () C:\Program Files (x86)\Scpad
2014-11-27 09:07 - 2009-07-14 04:45 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-11-27 09:06 - 2012-06-01 09:01 - 00000000 ____D () C:\Windows\system32\Macromed
2014-11-27 09:06 - 2011-05-28 23:47 - 00000000 ____D () C:\Users\user\AppData\Local\Microsoft Help
2014-11-27 09:06 - 2009-07-14 00:20 - 00000000 ____D () C:\Windows\AppCompat
2014-11-27 08:57 - 2012-08-03 13:31 - 00000000 ____D () C:\Windows\SysWOW64\webclient
2014-11-27 08:57 - 2011-08-31 19:07 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-26 15:32 - 2011-07-06 08:39 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-11-26 09:57 - 2012-11-16 06:35 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 09:57 - 2012-11-16 06:35 - 00003840 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-26 09:57 - 2011-05-30 08:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-24 14:04 - 2011-05-28 22:47 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-24 07:52 - 2009-07-14 02:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-13 16:32 - 2009-07-14 00:20 - 00000000 ____D () C:\Windows\rescache
2014-11-13 09:50 - 2011-05-30 08:22 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-13 07:57 - 2009-07-14 01:45 - 00442144 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 18:23 - 2011-05-28 23:47 - 00000000 ____D () C:\Users\Todos os Usuários\Microsoft Help
2014-11-12 18:23 - 2011-05-28 23:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-12 18:20 - 2013-08-23 07:52 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 18:13 - 2011-07-13 17:39 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-07 13:49 - 2011-06-15 12:55 - 00000000 ____D () C:\Users\user\AppData\Local\Apple Computer
2014-11-07 02:37 - 2014-07-23 14:02 - 00089192 _____ (Hola Networks Ltd.) C:\Windows\system32\Drivers\hola_mon_drv.sys
2014-11-06 12:32 - 2011-06-01 14:48 - 00000000 ___DC () C:\ACSN
2014-11-06 12:30 - 2011-06-01 14:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACSN
2014-11-05 15:58 - 2014-04-23 11:25 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-11-05 15:58 - 2014-04-23 11:25 - 00000000 ____D () C:\Users\Todos os Usuários\Skype
2014-11-05 15:58 - 2014-04-23 11:25 - 00000000 ____D () C:\ProgramData\Skype
2014-11-05 15:42 - 2011-06-15 12:55 - 00000000 ____D () C:\Users\user\AppData\Roaming\Apple Computer
2014-11-04 12:28 - 2013-10-15 11:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2014-11-04 12:28 - 2011-06-21 13:38 - 00000000 ____D () C:\Users\user\AppData\Roaming\HpUpdate
2014-11-04 12:28 - 2009-07-14 00:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-11-04 11:34 - 2014-03-19 07:54 - 00000000 ____D () C:\Users\user\AppData\Roaming\AVG
2014-11-04 11:31 - 2014-03-25 08:38 - 00000000 ____D () C:\Users\user\AppData\Local\AVG
2014-11-04 11:29 - 2014-03-19 07:52 - 00000000 ____D () C:\Users\Todos os Usuários\AVG
2014-11-04 11:29 - 2014-03-19 07:52 - 00000000 ____D () C:\ProgramData\AVG
2014-11-04 08:27 - 2014-02-27 10:39 - 00000000 ____D () C:\Users\Todos os Usuários\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-11-04 08:27 - 2014-02-27 10:39 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-11-04 08:27 - 2011-06-15 12:54 - 00000000 ___DC () C:\Program Files\Common Files\Apple
2014-11-03 17:12 - 2011-05-30 08:23 - 00000000 ___DC () C:\Program Files\Google
2014-11-03 15:44 - 2011-05-30 08:23 - 00000000 ____D () C:\Users\user\AppData\Local\Google
2014-11-03 15:44 - 2011-05-30 08:22 - 00000000 ____D () C:\Users\Todos os Usuários\Google
2014-11-03 15:44 - 2011-05-30 08:22 - 00000000 ____D () C:\ProgramData\Google
2014-11-03 11:31 - 2014-03-18 14:48 - 00000000 ____D () C:\Users\Todos os Usuários\Package Cache
2014-11-03 11:31 - 2014-03-18 14:48 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-03 10:38 - 2011-08-16 11:43 - 00000000 ____D () C:\Windows\Minidump
2014-11-03 10:07 - 2012-06-01 09:04 - 00000000 ____D () C:\Users\Todos os Usuários\GbPlugin
2014-11-03 10:07 - 2012-06-01 09:04 - 00000000 ____D () C:\ProgramData\GbPlugin
2014-11-03 07:49 - 2014-10-17 12:53 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{FA21A8F3-C198-4FF7-8408-92B64A61299A}
 
Files to move or delete:
====================
C:\Users\user\signver.dll
C:\Users\user\signver1.dll
 
 
Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppyfue2.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-25 14:26
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-12-2014
Ran by user at 2014-12-03 08:54:49
Running from C:\Users\user\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Acrobat X Pro (HKLM-x32\...\{AC76BA86-1033-0000-7760-000000000005}) (Version: 10.0.0 - Adobe Systems)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe PageMaker 7.0 (HKLM-x32\...\Adobe PageMaker 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
Arquivo do WinRAR (HKLM-x32\...\WinRAR archiver) (Version:  - )
Assistente do certificado digital (HKLM-x32\...\{BE72FB31-7A89-44FA-9E32-56E17F3114BD}) (Version: 1.0.0 - Serasa Experian)
Atualização do produto Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{717C9095-8AAE-41CB-B046-BD6E8399F4F3}) (Version:  - Microsoft)
Atualização do produto Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{5016CB22-B9A7-44FB-AA72-AF28B27B15EA}) (Version:  - Microsoft)
Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{BE3A7C0C-0081-4694-B5F9-980DD66BDDF8}) (Version:  - Microsoft)
Atualização do produto Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{7297E3A9-FCD4-4E0E-A306-7A90359E50E3}) (Version:  - Microsoft)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
Crystal Reports Basic Runtime for Visual Studio 2008 (x64) (Version: 10.5.0.0 - Business Objects) Hidden
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1516 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-2030063666-2984625868-3582313932-1000\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
Emissor de Nota Fiscal Eletrônica (NF-e) 2.0 (HKU\S-1-5-21-2030063666-2984625868-3582313932-1000\...\Emissor de Nota Fiscal Eletrônica (NF-e) 2.0) (Version:  - Prodesp)
EPmfd3 (HKLM-x32\...\{13DA709D-EE37-476C-8EE9-D5D92281A7D7}) (Version: 3.0.0 - Epson)
EPmfd3 (HKLM-x32\...\{5AB548FE-3D07-46DC-9E65-035CB3082299}) (Version: 3.2.0 - Epson)
EPSON Advanced Printer Driver 4 (HKLM-x32\...\{11FF6AF6-0141-4EF8-829A-989459A1E5D8}) (Version: 4.09.0017 - EPSON)
EPSON APD4 Point and Print Support (x32 Version: 4.09.0016 - EPSON) Hidden
EPSON TM Virtual Port Driver Ver.8.20a (HKLM-x32\...\{3D7277B3-B0BE-497C-A626-55F063254B5B}) (Version: 8.20.0000 - SEIKO EPSON CORPORATION)
ExtractNow (HKLM-x32\...\ExtractNow) (Version:  - Nathan Moinvaziri)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hola™ 1.5.311 - Better Internet (HKLM\...\Hola) (Version: 1.5.311 - Hola Networks Ltd.)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP LaserJet P1000 series (HKLM-x32\...\HP LaserJet P1000 series) (Version:  - )
HP Update (HKLM-x32\...\{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}) (Version: 5.003.000.004 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
Image Resizer for Windows (64 bit) (Version: 3.0.4802.35565 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson)
Image Resizer Powertoy Clone for Windows (64 bit) (HKLM\...\{80A620C1-B22C-4781-A351-B14B8A37BFE3}) (Version: 2.1 - Brice Lambson)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Interven for Windows (HKLM-x32\...\{5AC8C43A-76EF-427F-82B7-B71FDB4E8C74}) (Version: 1.0.0 - Epson)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.670 - Oracle)
Java SE Development Kit 7 Update 21 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170210}) (Version: 1.7.0.210 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
magicJack (HKU\S-1-5-21-2030063666-2984625868-3582313932-1000\...\magicJack) (Version: 2.0.6073.4413 - magicJack L.P.)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Português do Brasil) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1046) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Módulo de Proteção Banco Santander (Brasil) S.A. (HKLM-x32\...\{83033d93-48d0-48fc-9c5b-82e57e7e0dd6}_is1) (Version: 3.7.1.1 - )
MrvlUsgTracking (HKLM-x32\...\{A82D052A-0806-42DF-80CD-1730A1AC0ED3}) (Version: 1.0.7 - Marvell)
MrvlUsgTracking64 (HKLM\...\{42F0FD29-7EB3-4CAA-AF10-BC2619B96D80}) (Version: 1.0.1 - Marvell Semiconductor Pvt Ltd)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Ultra Edition (HKLM-x32\...\{6A96F672-0D61-4857-B9CE-47EBAE811046}) (Version: 7.02.4720 - Nero AG)
PCI Multi-IO Controller (HKLM\...\MosChip Semiconductor Technology Ltd) (Version:  - )
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.37.1229.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SafeSign 64-bits (HKLM\...\{66913111-2F8A-4950-AA93-51C26182FC35}) (Version: 3.0.45 - A.E.T. Europe B.V.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Software básico do dispositivo HP Officejet Pro 8600 (HKLM\...\{94132E11-94B4-4C75-BB50-7F3797F3EE36}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
Spotify (HKU\S-1-5-21-2030063666-2984625868-3582313932-1000\...\Spotify) (Version: 0.9.12.10.g89b2a4fc - Spotify AB)
Suporte para Aplicativos Apple (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.26038 - TeamViewer)
TED versão 4.3.7 (HKLM-x32\...\{D9589AD9-1908-45AF-ACEE-40E056C22DDA}_is1) (Version:  - Secretaria da Fazenda do Estado do Rio Grande do Sul)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Validador Ficha de Conteúdo de Importação (HKLM-x32\...\{70C09617-6686-4AAC-A397-4D4084281BC8}) (Version: 2.1.0 - Secretaria da Fazenda do Estado de São Paulo)
WebClient (HKLM-x32\...\WebClient) (Version:  - )
WinCalendarV3 (HKLM-x32\...\WinCalendarV3) (Version: 3.46 - Sapro Systems)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2030063666-2984625868-3582313932-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2030063666-2984625868-3582313932-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0001}\InprocServer32 -> C:\Users\user\AppData\Local\GAS Tecnologia\GBBD\npsf_abn_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-2030063666-2984625868-3582313932-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0001}\InprocServer32 -> C:\Users\user\AppData\Local\GAS Tecnologia\GBBD\npsf_abn_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-2030063666-2984625868-3582313932-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2030063666-2984625868-3582313932-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2030063666-2984625868-3582313932-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2030063666-2984625868-3582313932-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2030063666-2984625868-3582313932-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2030063666-2984625868-3582313932-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2030063666-2984625868-3582313932-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2030063666-2984625868-3582313932-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
20-11-2014 06:00:19 Windows Update
27-11-2014 11:52:02 Operação de restauração
29-11-2014 12:31:56 Removed AVG 2015
29-11-2014 12:35:38 Removed AVG 2015
29-11-2014 12:51:57 Removed Visual Studio 2012 x64 Redistributables
29-11-2014 12:53:40 Removed Visual Studio 2008 x64 Redistributables
29-11-2014 12:56:03 Removed Visual C++ 8.0 Runtime Setup Package (x64)
29-11-2014 12:56:52 Removed Citrix Online Launcher
01-12-2014 10:11:08 Removed Visual Studio 2012 x86 Redistributables
01-12-2014 11:20:29 Removed Nero 7 Ultra Edition. Available with Windows Installer version 1.2 and later.
01-12-2014 13:57:12 2014-12-01 backup
02-12-2014 11:03:26 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-10-16 11:08 - 2014-11-04 16:54 - 00000774 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0DB1EEEC-AB43-4C58-AF39-931297167C19} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-13] (Google Inc.)
Task: {1698C549-54FD-4F21-90CF-5CF80C83FDCF} - System32\Tasks\Google Updater and Installer => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {63CECF36-EFCB-4B20-A2D2-8E0216CC4221} - System32\Tasks\Programa de atualização online Adobe => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)
Task: {6F06E2C4-BBD9-4DBC-A34D-A7CD9EECD331} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-26] (Adobe Systems Incorporated)
Task: {75C15F9F-7D0E-4B4D-BD67-F61CCB7A8EC8} - System32\Tasks\DriverEasy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
Task: {801AAB8F-AD89-4B93-9FE6-3898AB83DE1F} - System32\Tasks\{6A18915A-668B-400E-BBAA-40AA3357A892} => Chrome.exe 
Task: {830FB86D-823E-4B4E-A9B0-B03C2236D3FE} - System32\Tasks\{FA7A6DBD-5336-4D53-AC96-270FA4DC0F56} => Chrome.exe 
Task: {8D87ADE5-6F38-420D-9C67-73653EAA7D43} - System32\Tasks\{6FCB191B-6062-4410-A57D-3CA0C8FBA81F} => Chrome.exe 
Task: {A0132935-99BD-4166-8DBC-7BB481B09C55} - System32\Tasks\Java™ Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-07-25] (Oracle Corporation)
Task: {BD2606EC-813F-466E-87A7-F2C598B9669F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-13] (Google Inc.)
Task: {BDF11B3A-3911-403C-A7EC-1E8041033ABE} - System32\Tasks\{A83AA5D5-D95C-42B3-88A1-07A9A012496D} => Chrome.exe 
Task: {DB664753-06EF-402B-870E-8AB298F27FA4} - System32\Tasks\{B201FA74-AEEF-4A13-8C91-5E61E84AB3BF} => Chrome.exe 
Task: {F692E9E9-F706-42DD-B141-885E23289663} - System32\Tasks\{21BC34B3-CE1C-48CC-A1D0-B8DB181D2576} => Chrome.exe 
Task: {FD10D27A-09A2-4B3D-9610-AE79B806A283} - System32\Tasks\Programa de atualização online da HP => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2011-03-24] (Hewlett-Packard)
Task: {FF366E7E-E664-4089-8449-AE428077EB77} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DriverEasy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-06-02 08:44 - 2009-11-05 08:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2011-05-28 04:45 - 2010-12-16 05:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-01-24 10:48 - 2003-03-03 11:09 - 00048128 _____ () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DOSPrintUI.exe
2010-02-26 14:54 - 2010-02-26 14:54 - 00056802 ____C () C:\ACSN\CENTRAL\Rt\acsn.exe
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-03 07:56 - 2014-12-03 07:56 - 00043008 _____ () c:\users\user\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppyfue2.dll
2013-08-23 16:01 - 2013-08-23 16:01 - 25100288 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\libcef.dll
2014-11-27 07:54 - 2014-11-25 03:39 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libglesv2.dll
2014-11-27 07:54 - 2014-11-25 03:39 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libegl.dll
2014-08-07 15:47 - 2014-08-07 15:47 - 00000000 _____ () C:\Windows\system32\igdumd32.dll
2014-11-27 07:54 - 2014-11-25 03:39 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll
2014-11-27 07:54 - 2014-11-25 03:39 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 00237352 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2014-08-07 15:47 - 2014-08-07 15:47 - 00000000 _____ () C:\Windows\system32\MSVCR70.dll
2014-11-27 07:54 - 2014-11-25 03:39 - 14910280 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\PepperFlash\pepflashplayer.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2014-08-07 15:47 - 2014-08-07 15:47 - 00000000 _____ () C:\Windows\system32\MSVBVM60.DLL
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Windows\System32:E1A471B4_Abn.gbp
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMPCHelper => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tvnserver => ""=""
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: Fax => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Recorte de tela e Iniciador do OneNote 2007.lnk => C:\Windows\pss\Recorte de tela e Iniciador do OneNote 2007.lnk.Startup
MSCONFIG\startupreg: EpsonAPD4SV => C:\Program Files (x86)\EPSON\EPSON Advanced Printer Driver 4\Tools\EAPSV\EAPSV.EXE
MSCONFIG\startupreg: G4Listener => "C:\Santander\Gerenciador de Arquivos\Bin\Listener.exe"
MSCONFIG\startupreg: Garmin Lifetime Updater => C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: mcpltui_exe => "C:\Program Files\Common~1\McAfee\Platform\mcuicnt.exe" /platui
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\user\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: WinCalendarV3 => "C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe" /q /c
 
========================= Accounts: ==========================
 
Administrador (S-1-5-21-2030063666-2984625868-3582313932-500 - Administrator - Enabled) => C:\Users\Administrador
ASPNET (S-1-5-21-2030063666-2984625868-3582313932-1006 - Administrator - Enabled)
Convidado (S-1-5-21-2030063666-2984625868-3582313932-501 - Limited - Enabled) => C:\Users\Convidado
HomeGroupUser$ (S-1-5-21-2030063666-2984625868-3582313932-1004 - Limited - Enabled) => C:\Users\HomeGroupUser$
user (S-1-5-21-2030063666-2984625868-3582313932-1000 - Administrator - Enabled) => C:\Users\user
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/02/2014 00:15:12 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: AUTORIDADE NT)
Description: O valor da cadeia de caracteres de texto explicativo do contador de desempenho  do Registro não está formatado corretamente. A cadeia de caracteres formada incorretamente é 婍. O primeiro DWORD da seção de dados contém o valor de índice da cadeia de caracteres formada incorretamente e o segundo e o terceiro contêm os últimos valores válidos do índice.
 
Error: (12/01/2014 06:28:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8175
 
Error: (12/01/2014 06:28:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8175
 
Error: (12/01/2014 06:28:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (12/01/2014 06:28:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7176
 
Error: (12/01/2014 06:28:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7176
 
Error: (12/01/2014 06:28:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (12/01/2014 06:28:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6178
 
Error: (12/01/2014 06:28:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6178
 
Error: (12/01/2014 06:28:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (12/03/2014 08:54:10 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: O serviço Pesquisador de Computadores depende do serviço Server, mas não foi possível iniciá-lo devido ao seguinte erro: 
%%1075
 
Error: (12/03/2014 08:54:10 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: O serviço Server depende do seguinte serviço: SamSS. Esse serviço pode não ter sido instalado.
 
Error: (12/03/2014 08:54:10 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: O serviço Pesquisador de Computadores depende do serviço Server, mas não foi possível iniciá-lo devido ao seguinte erro: 
%%1075
 
Error: (12/03/2014 08:54:10 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: O serviço Server depende do seguinte serviço: SamSS. Esse serviço pode não ter sido instalado.
 
Error: (12/03/2014 08:54:10 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: O serviço Pesquisador de Computadores depende do serviço Server, mas não foi possível iniciá-lo devido ao seguinte erro: 
%%1075
 
Error: (12/03/2014 08:54:10 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: O serviço Server depende do seguinte serviço: SamSS. Esse serviço pode não ter sido instalado.
 
Error: (12/03/2014 08:54:06 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: O serviço Pesquisador de Computadores depende do serviço Server, mas não foi possível iniciá-lo devido ao seguinte erro: 
%%1075
 
Error: (12/03/2014 08:54:06 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: O serviço Server depende do seguinte serviço: SamSS. Esse serviço pode não ter sido instalado.
 
Error: (12/03/2014 08:54:06 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: O serviço Pesquisador de Computadores depende do serviço Server, mas não foi possível iniciá-lo devido ao seguinte erro: 
%%1075
 
Error: (12/03/2014 08:54:06 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: O serviço Server depende do seguinte serviço: SamSS. Esse serviço pode não ter sido instalado.
 
 
Microsoft Office Sessions:
=========================
Error: (12/01/2014 09:36:10 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 750 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (11/29/2014 01:35:25 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 5946 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (11/29/2014 10:25:41 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 153 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (11/10/2014 06:10:46 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 30789 seconds with 780 seconds of active time.  This session ended with a crash.
 
Error: (10/25/2014 01:26:19 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 14464 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (10/24/2014 05:03:24 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 25032 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error: (10/18/2014 02:13:25 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 19453 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error: (10/17/2014 02:19:36 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 10374 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (10/14/2014 04:51:37 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 19814 seconds with 1920 seconds of active time.  This session ended with a crash.
 
Error: (10/10/2014 04:14:57 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 109863 seconds with 720 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-06-11 13:45:20.774
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\IKEYENUM.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-06-11 13:45:20.694
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\IKEYENUM.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-06-11 13:45:20.558
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\IKEYENUM.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-06-11 13:45:20.440
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\IKEYENUM.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-06-11 12:03:23.070
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\IKEYENUM.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-06-11 12:03:22.977
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\IKEYENUM.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2120 CPU @ 3.30GHz
Percentage of memory in use: 70%
Total physical RAM: 4008.32 MB
Available physical RAM: 1195.96 MB
Total Pagefile: 8014.81 MB
Available Pagefile: 4577.5 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.66 GB) (Free:334.22 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 55EDC247)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

  • 0

#35
hi_helpplease

hi_helpplease

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts

I have a few programs that don't work properly anymore.  I don't think the fix is helping.  Let's please close this topic.  Thank you for your time.


  • 0

#36
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
I have a few programs that don't work properly anymore. I don't think the fix is helping.

I'm certain the fix is not working as you removed the fix! You we're more concerned about accessing a shared file than removing Malware. That is certainly your perogitive as the machine belongs to you, but as I reminded you via PM, several times, we are a volunteer organization and have limited time. When you fail to complete instructions or undo fixes or run tools other than instructed, you will not have a positive outcome.

 

 

 

Let's please close this topic. Thank you for your time.

Yes, I will close the topic.


  • 0

#37
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics


Also tagged with one or more of these keywords: chrome exe *32, chrome.exe *32, srware iron, malware

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP