Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Multiple chrome.exe *32 and also SRWare Iron

Started by hi_helpplease , Nov 21 2014 11:53 AM
chrome.exe *32 chrome exe *32 srware iron malware

  • This topic is locked This topic is locked

#1
hi_helpplease
Posted 21 November 2014 - 11:53 AM

hi_helpplease

    Member

  • Member
  • PipPip
  • 22 posts

In my task manager I have multiple chrome.exe *32 on Google Chrome and the same chrome.exe *32 with the description SRWare Iron.

 

The only browsers I have in my computer are chrome and srware iron now.  Even though I tried to uninstall Internet explorer and it doesnt show up the install/uninstall list.  I used to use Firefox and IE, but both were giving me problems, so I uninstalled it.

 

Now I have having severe problems with my computer, it is extremely slow, it reboots at times for windows updates and other things.

 

Could you please help me figure out if there are malwares and viruses in my computer?  I run the AVG virus scan and nothing shows up.  I also use Malwarebytes and nothing shows up also.

 

This is the thread that helped me ask geeks to go for help, any help is appreciated.  Thank you in advance.

 

http://www.geekstogo...e-chromeexe-32/

 
OTL logfile created on: 21/11/2014 15:30:20 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\user\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17420)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
 
3,91 Gb Total Physical Memory | 0,67 Gb Available Physical Memory | 17,22% Memory free
7,83 Gb Paging File | 1,92 Gb Available in Paging File | 24,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 334,90 Gb Free Space | 71,92% Space Free | Partition Type: NTFS
 
Computer Name: SERVIDOR | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/11/21 15:30:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2014/11/13 03:58:58 | 035,419,192 | ---- | M] (Dropbox, Inc.) -- C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/11/09 21:57:40 | 003,488,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
PRC - [2014/11/09 21:56:56 | 001,486,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2015\avgfws.exe
PRC - [2014/11/09 21:56:14 | 003,653,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2015\avgui.exe
PRC - [2014/11/09 21:49:56 | 000,298,080 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
PRC - [2014/11/05 20:57:04 | 000,854,344 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/10/23 16:08:10 | 000,753,664 | ---- | M] (SRWare) -- C:\Program Files (x86)\SRWare Iron\chrome.exe
PRC - [2014/10/11 13:05:40 | 000,060,712 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2014/07/14 18:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014/07/14 18:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2014/06/13 10:17:32 | 000,553,272 | ---- | M] (GAS Tecnologia) -- C:\PROGRA~2\GbPlugin\GbpSv.exe
PRC - [2014/05/08 10:48:38 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/02/07 07:41:21 | 005,093,216 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013/03/11 18:10:35 | 000,360,640 | ---- | M] (Banco Bradesco S.A.) -- C:\Program Files (x86)\Scpad\scpVista.exe
PRC - [2012/12/20 14:47:02 | 002,723,840 | ---- | M] (Firebird Project) -- C:\Santander\Gerenciador de Arquivos\Servidor\bin\fbserver.exe
PRC - [2012/12/20 14:47:02 | 000,081,920 | ---- | M] (Firebird Project) -- C:\Santander\Gerenciador de Arquivos\Servidor\bin\fbguard.exe
PRC - [2012/01/30 21:34:00 | 000,914,584 | ---- | M] (Seiko Epson Corporation) -- C:\Program Files (x86)\EPSON\TMCOMUSB\Service\EpsonPE.exe
PRC - [2010/12/20 18:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 18:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/03/13 12:58:58 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2010/02/26 14:54:10 | 000,056,802 | ---- | M] () -- C:\ACSN\CENTRAL\Rt\acsn.exe
PRC - [2006/05/17 08:05:24 | 000,097,642 | ---- | M] (ACSN Desenvolvimento de Software do Brasil.) -- C:\ACSN\FCSTORE\FC\caixa.exe
PRC - [2006/05/05 13:34:38 | 000,073,684 | ---- | M] (ACSN Desenvolvimento de Software do Brasil.) -- C:\ACSN\CENTRAL\PVD\termpvd.exe
PRC - [2003/03/03 11:09:56 | 000,048,128 | ---- | M] () -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DOSPrintUI.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/11/21 07:55:49 | 000,043,008 | ---- | M] () -- c:\users\user\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp65xn93.dll
MOD - [2014/11/13 03:49:58 | 003,610,624 | ---- | M] () -- C:\Users\user\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2014/11/05 20:57:02 | 014,910,280 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.122\PepperFlash\pepflashplayer.dll
MOD - [2014/11/05 20:57:01 | 008,911,176 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.122\pdf.dll
MOD - [2014/11/05 20:56:57 | 001,042,760 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.122\libglesv2.dll
MOD - [2014/11/05 20:56:55 | 000,211,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.122\libegl.dll
MOD - [2014/11/05 20:56:54 | 001,681,224 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.122\ffmpegsumo.dll
MOD - [2014/10/22 15:34:08 | 009,206,272 | ---- | M] () -- C:\Program Files (x86)\SRWare Iron\pdf.dll
MOD - [2014/10/22 15:25:58 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\SRWare Iron\ffmpegsumo.dll
MOD - [2014/10/22 15:23:44 | 000,212,992 | ---- | M] () -- C:\Program Files (x86)\SRWare Iron\libegl.dll
MOD - [2014/10/22 15:23:18 | 001,311,232 | ---- | M] () -- C:\Program Files (x86)\SRWare Iron\libglesv2.dll
MOD - [2014/10/11 13:05:58 | 001,044,776 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/10/11 13:05:58 | 000,237,352 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
MOD - [2014/02/12 20:58:32 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/08/23 16:01:44 | 025,100,288 | ---- | M] () -- C:\Users\user\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/07/10 18:07:22 | 000,756,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
MOD - [2010/02/26 14:54:10 | 000,056,802 | ---- | M] () -- C:\ACSN\CENTRAL\Rt\acsn.exe
MOD - [2003/03/03 11:09:56 | 000,048,128 | ---- | M] () -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DOSPrintUI.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/11/06 00:30:08 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2009/07/13 22:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/11/12 10:57:32 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/11/09 21:57:40 | 003,488,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2014/11/09 21:56:56 | 001,486,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2015\avgfws.exe -- (avgfws)
SRV - [2014/11/09 21:49:56 | 000,298,080 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe -- (avgwd)
SRV - [2014/11/07 02:37:03 | 008,147,432 | ---- | M] (Hola Networks Ltd.) [Auto | Running] -- C:\Arquivos de Programas\Hola\app\hola_svc.exe -- (hola_svc)
SRV - [2014/11/01 12:10:34 | 008,132,584 | ---- | M] (Hola Networks Ltd.) [Auto | Running] -- C:\Arquivos de Programas\Hola\app\hola_updater.exe -- (hola_updater)
SRV - [2014/07/14 18:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/07/14 18:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014/06/13 10:17:32 | 000,553,272 | ---- | M] (GAS Tecnologia) [Auto | Running] -- C:\PROGRA~2\GbPlugin\GbpSv.exe -- (GbpSv)
SRV - [2014/05/08 10:48:38 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/04/03 20:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014/03/20 19:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014/02/28 09:10:29 | 000,000,000 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\sppsvc.exe -- (sppsvc)
SRV - [2014/02/28 09:10:29 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\spoolsv.exe -- (Spooler)
SRV - [2014/02/28 09:10:28 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (VaultSvc)
SRV - [2014/02/28 09:10:28 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\lsass.exe -- (SamSs)
SRV - [2014/02/28 09:10:28 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (ProtectedStorage)
SRV - [2014/02/28 09:10:28 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (Netlogon)
SRV - [2014/02/28 09:10:28 | 000,000,000 | ---- | M] () [On_Demand | Running] -- C:\Windows\SysWOW64\lsass.exe -- (KeyIso)
SRV - [2014/02/28 09:10:28 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\lsass.exe -- (EFS)
SRV - [2014/02/07 07:41:21 | 005,093,216 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2014/01/29 23:02:44 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/03/11 18:10:35 | 000,360,640 | ---- | M] (Banco Bradesco S.A.) [Auto | Running] -- C:\Program Files (x86)\Scpad\scpVista.exe -- (scpVista)
SRV - [2012/12/20 14:47:02 | 002,723,840 | ---- | M] (Firebird Project) [On_Demand | Running] -- C:\Santander\Gerenciador de Arquivos\Servidor\bin\fbserver.exe -- (FirebirdServerSuperCash)
SRV - [2012/12/20 14:47:02 | 000,081,920 | ---- | M] (Firebird Project) [Auto | Running] -- C:\Santander\Gerenciador de Arquivos\Servidor\bin\fbguard.exe -- (FirebirdGuardianSuperCash)
SRV - [2012/01/30 21:34:00 | 000,914,584 | ---- | M] (Seiko Epson Corporation) [Auto | Running] -- C:\Program Files (x86)\EPSON\TMCOMUSB\Service\EpsonPE.exe -- (EpsonPEService)
SRV - [2011/03/28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010/12/20 18:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/20 18:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/01/20 20:28:45 | 000,675,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\Arquivos de Programas\EPSON\EPuras\EPuras.exe -- (EpsonPuras)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/10/29 21:35:16 | 000,263,960 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2014/10/10 15:14:32 | 000,274,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2014/10/05 21:41:40 | 000,124,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2014/08/28 21:47:24 | 000,243,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2014/08/15 23:35:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2014/07/18 15:53:26 | 000,313,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2014/06/18 21:03:34 | 000,190,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2014/06/18 21:03:34 | 000,153,368 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2014/06/18 21:03:20 | 000,031,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2014/01/29 23:02:28 | 005,363,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2014/01/24 12:42:20 | 000,090,480 | ---- | M] (Seiko Epson Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\EpsCe.sys -- (EpsCe)
DRV:64bit: - [2014/01/24 12:42:20 | 000,063,096 | ---- | M] (Seiko Epson Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TMUSB64.sys -- (TMUSB)
DRV:64bit: - [2013/10/01 23:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/09/26 10:44:54 | 000,057,144 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2013/07/25 16:53:46 | 000,023,040 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2013/06/04 09:15:02 | 000,103,448 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/06/04 09:15:00 | 000,203,672 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013/04/29 09:17:34 | 000,047,632 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PSKMAD.sys -- (PSKMAD)
DRV:64bit: - [2012/08/23 11:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/06 21:02:45 | 000,028,504 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012/03/01 03:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/04 16:00:00 | 000,058,368 | ---- | M] (www.winchiphead.com) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CH341S64.SYS -- (CH341SER_A64)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 03:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 03:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 10:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/14 13:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/07/28 23:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2010/01/20 20:28:45 | 000,021,640 | ---- | M] (SEIKO EPSON CORPORATION) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\tmlpt.sys -- (EPSON TM Parallel Port Driver)
DRV:64bit: - [2009/09/19 04:30:14 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV:64bit: - [2009/09/19 04:30:14 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus)
DRV:64bit: - [2009/09/19 04:30:14 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl)
DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 21:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:31:06 | 000,142,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mf.sys -- (mf)
DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/29 16:28:30 | 000,030,208 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2008/12/19 04:55:34 | 000,122,880 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PciSPorts.sys -- (PciSPorts)
DRV - [2012/09/18 11:23:20 | 000,047,856 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\gbpkm.sys -- (GbpKm)
DRV - [2010/03/13 12:58:52 | 000,146,928 | ---- | M] (CyberLink Corp.) [2011/05/29 00:38:01] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC})
DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-BR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 98 0F FF CF 7A CA CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {B8E6A820-E165-411B-8283-0C362665426F}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{B8E6A820-E165-411B-8283-0C362665426F}: "URL" = https://www.google.c...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Bing "
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.selectedEngine: "Bing "
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: %7BF53C93F1-07D5-430c-86D4-C9531B27DFAF%7D:12.0.0.2189
FF - prefs.js..extensions.enabledAddons: ClassicThemeRestorer%40ArisT2Noia4dev:1.2.3
FF - prefs.js..extensions.enabledAddons: %7B79c50f9a-2ffe-4ee0-8a37-fae4f5dacd4f%7D:5.0.4
FF - prefs.js..extensions.enabledAddons: %7B87F8774F-B485-47E2-A755-A40A8A5E8874%7D:3.7.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:32.0.3
FF - prefs.js..keyword.URL: "http://www.bing.com/...7DF&PC=UP97&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@EDVR/WebClient: C:\windows\system32\WebClient\npwebclient.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\user\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\gastecnologia.com.br/sf/abn: C:\Users\user\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll (GAS Tecnologia)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013/07/20 11:17:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{87F8774F-B485-47E2-A755-A40A8A5E8874}: C:\Users\user\AppData\Local\GAS Tecnologia\GBBD\abn\xpish Reporter\SubmitCrashReport...
 
[2013/11/29 06:07:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2012/07/28 10:43:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\extensions
[2012/07/28 10:43:34 | 000,000,000 | ---D | M] (uTorrentBar_PT) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\extensions\{e0301295-ab3e-4af3-979f-3d453c5f9f48}
[2014/10/06 13:40:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\00brm37i.default\extensions
[2014/10/06 13:40:06 | 000,000,000 | ---D | M] (Hola Better Internet) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\00brm37i.default\extensions\jid1-4P0kohSJxU1qGg@jetpack
[2014/10/06 13:40:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\00brm37i.default\extensions\staged
[2014/08/05 14:36:48 | 000,371,596 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\00brm37i.default\extensions\[email protected]
[2014/09/30 11:43:26 | 000,136,536 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\00brm37i.default\extensions\{79c50f9a-2ffe-4ee0-8a37-fae4f5dacd4f}.xpi
[2014/08/07 13:07:18 | 000,006,057 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\00brm37i.default\searchplugins\bingp.xml
[2014/10/06 15:54:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
File not found (No name found) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK
[2014/09/30 12:15:24 | 000,000,000 | ---D | M] (GBBD Banco Santander (Brasil) S.A.) -- C:\USERS\USER\APPDATA\LOCAL\GAS TECNOLOGIA\GBBD\ABN\XPI
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeelejgkgaffgcceobnnnmhefjcahedc\1.5_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd\2.0.0_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnebomooiloblcgoffldpopcffbfjfdi\1.42_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.7_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cilfofbacaplmfmfbdgfdphmfdljnioc\1.0.0.0_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckfjnaaigeenfphdlphgeflalcegahbj\1.4.2_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\diiecohgbcgbehcpofpolcnoipmefgbm\17_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\embboanagkhdghdnaekpbpgfckeejmlo\3.7.2_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\embboanagkhdghdnaekpbpgfckeejmlo\3.7.2_0\.bak
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\epmleihjpcljbljlohcnljifdhdgfcnl\4_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme\3.8_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.376_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\7.11.13.1_0\ietab_nm_
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\7.11.13.1_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\7.11.20.1_0\ietab_nm_
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\7.11.20.1_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfpkinjnkedlkaeoliioblkmlhppjcfc\2.4_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob\34_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipebkipbeggmmkjjljenoblnfaenambp\1_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmfcakoljjhncfphlflcedhgogfhpbcd\0.5_0\
CHR - Extension: Primeiro usuário = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mojepfklcankkmikonjlnidiooanmpbb\1.5.127_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj\1.9.9_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2014/11/04 16:54:08 | 000,000,774 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (ssh2 Class) - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files (x86)\Scpad\scpsssh2.dll (Banco Bradesco S.A.)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files (x86)\GbPlugin\gbiehabn.dll (Banco Real)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [CertificateRegistration] C:\Windows\SysNative\aetcrss1.exe (A.E.T. Europe B.V.)
O4:64bit: - HKLM..\Run: [hola] C:\Program Files\Hola\app\hola.exe (Hola Networks Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2015\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_A008D3C4AC1F70CC0223825A47FA7BBC] C:\Program Files (x86)\SRWare Iron\chrome.exe (SRWare)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DOSPrintUI.exe ()
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Arquivos de Programas\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: bancoreal.com.br ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: bancosantander.com.br ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: bancosantander.com.br ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: hola.org ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: realsecureweb.com.br ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: realsecureweb.com.br ([www2] https in Trusted sites)
O15 - HKCU\..Trusted Domains: realsecureweb.com.br ([wwws] * in Trusted sites)
O15 - HKCU\..Trusted Domains: realsecureweb.com.br ([wwws] https in Trusted sites)
O15 - HKCU\..Trusted Domains: santander.com.br ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: santander.com.br ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: santanderempresarial.com.br ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: santanderempresarial.com.br ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: santandernet.com.br ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: santandernet.com.br ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: santandernet.com.br ([wwws] * in Trusted sites)
O15 - HKCU\..Trusted Domains: santandernet.com.br ([wwws] https in Trusted sites)
O15 - HKCU\..Trusted Domains: santandernet.com.br ([wwws2] * in Trusted sites)
O15 - HKCU\..Trusted Domains: santandernet.com.br ([wwws2] https in Trusted sites)
O15 - HKCU\..Trusted Domains: santandernetibe.com.br ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: santandernetibe.com.br ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: secureweb.com.br ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: secureweb.com.br ([www] https in Trusted sites)
O16 - DPF: {0ABA4BCD-3D41-4006-88EB-3A4077ACBB23} https://www.santande...m.br/OCX/TG.cab (CTGClienteCOM Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.67.2)
O16 - DPF: {8CF6E9E0-4FC0-48F6-A744-800A09D79D6B} http://192.168.1.102/webview.dll (WebView2 Class)
O16 - DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} https://cpne.bradesc...r/certifexp.cab (ValidaUsuario Class)
O16 - DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.67.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.6.2.82 201.6.2.172
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55A9FB26-3DCC-44FD-B72E-0E9942BDFBB1}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8CDC8285-D44E-4690-8253-EF2EBBFBCC64}: DhcpNameServer = 201.6.2.82 201.6.2.172
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ GbPluginAbn: DllName - (C:\Program Files (x86)\GbPlugin\gbiehAbn.dll) - C:\Program Files (x86)\GbPlugin\gbiehAbn.dll (Banco Real)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files (x86)\Scpad\scpLIB.dll (Banco Bradesco S.A.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\Program Files (x86)\GbPlugin\gbiehabn.dll (Banco Real)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b7b91bcf-48cb-11e1-9ccd-bcaec5e3c768}\Shell - "" = AutoRun
O33 - MountPoints2\{b7b91bcf-48cb-11e1-9ccd-bcaec5e3c768}\Shell\AutoRun\command - "" = F:\SamsungKiesInstaller.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/11/21 15:30:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2014/11/21 09:15:06 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/11/14 15:30:36 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Iron Apps
[2014/11/14 15:30:27 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium
[2014/11/14 14:45:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRWare Iron
[2014/11/14 14:45:56 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Chromium
[2014/11/14 14:45:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SRWare Iron
[2014/11/14 11:05:30 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\IE Tab
[2014/11/14 11:02:13 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\WebClient
[2014/11/14 08:50:15 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
[2014/11/14 08:50:01 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/11/13 09:50:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/11/13 09:45:37 | 000,000,000 | -HSD | C] -- C:\Users\user\AppData\Local\EmieBrowserModeList
[2014/11/13 07:54:51 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2014/11/04 08:28:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/11/04 08:27:40 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/11/04 08:27:39 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/11/04 08:27:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/11/04 08:27:39 | 000,000,000 | ---D | C] -- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
[2014/11/03 17:41:07 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\AVG2015
[2014/11/03 17:40:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2014/11/03 17:38:48 | 000,000,000 | -H-D | C] -- C:\$AVG
[2014/11/03 17:38:47 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2015
[2014/11/03 17:34:31 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\MFAData
[2014/11/03 17:34:31 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Avg2015
[2014/11/03 15:49:34 | 000,047,632 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\PSKMAD.sys
[2014/11/03 15:49:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\DASBOOT
[2014/11/03 15:49:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2014/11/03 15:49:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2014/11/03 11:28:50 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\QuickScan
[2014/11/03 11:24:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2014/11/03 11:21:47 | 000,000,000 | ---D | C] -- C:\ProgramData\BullGuard
[2014/11/03 11:20:39 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Virus Scan
[2014/10/29 21:35:16 | 000,263,960 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys
[2011/08/17 15:07:46 | 000,057,344 | ---- | C] (DBA Engenharia de Sistemas) -- C:\Users\user\signver.dll
[2011/08/17 15:06:37 | 000,057,344 | ---- | C] (DBA Engenharia de Sistemas) -- C:\Users\user\signver1.dll
 
========== Files - Modified Within 30 Days ==========
 
[2014/11/21 15:30:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2014/11/21 14:57:02 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/11/21 14:54:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/11/21 10:22:37 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/11/21 09:54:02 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/11/21 09:13:38 | 002,140,160 | ---- | M] () -- C:\Users\user\Desktop\adwcleaner_4.101.exe
[2014/11/21 08:04:11 | 000,014,448 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/11/21 08:04:11 | 000,014,448 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/11/21 07:54:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/11/21 07:54:49 | 3152,265,216 | -HS- | M] () -- C:\hiberfil.sys
[2014/11/19 14:57:04 | 000,013,822 | ---- | M] () -- C:\Users\user\Desktop\YL_Sfolha_Folha_Incluir_Comprovante.asp
[2014/11/18 11:00:50 | 000,007,605 | ---- | M] () -- C:\Users\user\AppData\Local\Resmon.ResmonCfg
[2014/11/15 09:10:20 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2015.lnk
[2014/11/15 08:37:55 | 000,001,048 | ---- | M] () -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/11/14 15:30:27 | 000,002,045 | ---- | M] () -- C:\Users\user\Desktop\Iron App Launcher.lnk
[2014/11/14 08:50:01 | 000,002,303 | ---- | M] () -- C:\Users\user\Desktop\Chrome App Launcher.lnk
[2014/11/13 09:50:22 | 000,002,257 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/11/13 07:57:14 | 000,442,144 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/11/07 11:29:28 | 000,000,891 | ---- | M] () -- C:\Users\user\Desktop\DrLabel.exe - Atalho.lnk
[2014/11/07 07:59:38 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\FCS - Frente de Caixa Store.lnk
[2014/11/07 02:37:03 | 000,089,192 | ---- | M] (Hola Networks Ltd.) -- C:\Windows\SysNative\drivers\hola_mon_drv.sys
[2014/11/06 12:30:40 | 000,000,856 | ---- | M] () -- C:\Users\Public\Desktop\FCS - Manutenção do Sistema.lnk
[2014/11/04 15:50:59 | 000,014,592 | ---- | M] () -- C:\Windows\SysWow64\FOXUSER.FPT
[2014/11/04 08:28:29 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/11/03 17:15:08 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/11/03 15:49:28 | 000,001,286 | ---- | M] () -- C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
[2014/11/03 15:42:43 | 000,000,512 | ---- | M] () -- C:\Windows\SysNative\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
[2014/10/29 21:35:16 | 000,263,960 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys
 
========== Files Created - No Company Name ==========
 
[2014/11/21 09:13:23 | 002,140,160 | ---- | C] () -- C:\Users\user\Desktop\adwcleaner_4.101.exe
[2014/11/19 14:57:09 | 000,013,822 | ---- | C] () -- C:\Users\user\Desktop\YL_Sfolha_Folha_Incluir_Comprovante.asp
[2014/11/18 11:00:50 | 000,007,605 | ---- | C] () -- C:\Users\user\AppData\Local\Resmon.ResmonCfg
[2014/11/15 08:37:55 | 000,001,048 | ---- | C] () -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/11/14 15:30:27 | 000,002,045 | ---- | C] () -- C:\Users\user\Desktop\Iron App Launcher.lnk
[2014/11/14 08:50:01 | 000,002,303 | ---- | C] () -- C:\Users\user\Desktop\Chrome App Launcher.lnk
[2014/11/13 09:50:22 | 000,002,257 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/11/13 09:49:32 | 000,001,064 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/11/13 09:49:30 | 000,001,060 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/11/07 11:29:28 | 000,000,891 | ---- | C] () -- C:\Users\user\Desktop\DrLabel.exe - Atalho.lnk
[2014/11/06 12:30:40 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\FCS - Frente de Caixa Store.lnk
[2014/11/06 12:30:40 | 000,000,856 | ---- | C] () -- C:\Users\Public\Desktop\FCS - Manutenção do Sistema.lnk
[2014/11/04 08:28:29 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/11/03 17:40:00 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2015.lnk
[2014/11/03 15:49:28 | 000,001,286 | ---- | C] () -- C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
[2014/11/03 15:42:42 | 000,000,512 | ---- | C] () -- C:\Windows\SysNative\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
[2014/07/18 11:55:05 | 000,000,600 | ---- | C] () -- C:\Users\user\PUTTY.RND
[2014/03/20 09:51:22 | 000,720,594 | ---- | C] () -- C:\Users\user\AppData\Roaming\unins000.exe
[2014/02/28 09:22:55 | 000,697,262 | ---- | C] () -- C:\Users\user\AppData\Local\census.cache
[2014/02/28 09:22:32 | 000,112,099 | ---- | C] () -- C:\Users\user\AppData\Local\ars.cache
[2014/02/28 09:10:30 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\conhost.exe
[2014/02/28 09:10:29 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\WUDFHost.exe
[2014/02/28 09:10:29 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\taskhost.exe
[2014/02/28 09:10:29 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\sppsvc.exe
[2014/02/28 09:10:29 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\spoolsv.exe
[2014/02/28 09:10:29 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\igfxpers.exe
[2014/02/28 09:10:29 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\hkcmd.exe
[2014/02/28 09:10:29 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dwm.exe
[2014/02/28 09:10:29 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\aetcrss1.exe
[2014/02/28 09:10:28 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\winlogon.exe
[2014/02/28 09:10:28 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\services.exe
[2014/02/28 09:10:28 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\lsm.exe
[2014/02/28 09:10:28 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\lsass.exe
[2014/02/28 09:10:28 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\csrss.exe
[2014/02/28 09:10:16 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\smss.exe
[2014/02/28 09:09:45 | 000,000,010 | ---- | C] () -- C:\Users\user\AppData\Local\sponge.last.runtime.cache
[2014/02/28 09:00:24 | 000,000,036 | ---- | C] () -- C:\Users\user\AppData\Local\housecall.guid.cache
[2014/01/29 23:02:22 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2014/01/24 12:04:11 | 002,267,136 | ---- | C] () -- C:\Windows\InterfaceEpsonNF.dll
[2014/01/20 10:29:36 | 000,000,134 | ---- | C] () -- C:\Windows\TMFLogoEX.INI
[2013/10/16 10:05:19 | 000,073,096 | ---- | C] () -- C:\Users\user\AppData\Roaming\unins000.dat
[2013/09/30 16:33:57 | 000,000,036 | ---- | C] () -- C:\Windows\SefaNet.ini
[2013/07/20 11:32:15 | 000,042,483 | ---- | C] () -- C:\Windows\Icccodes.dat
[2013/07/20 11:32:15 | 000,039,095 | ---- | C] () -- C:\Windows\Iccsigs.dat
[2013/07/20 11:32:15 | 000,000,156 | ---- | C] () -- C:\Windows\Kpcms.ini
[2013/07/20 11:32:02 | 000,210,944 | ---- | C] () -- C:\Windows\SysWow64\Msvcrt10.dll
[2013/06/12 08:11:54 | 000,000,092 | ---- | C] () -- C:\Users\user\AppData\Local\fusioncache.dat
[2013/06/11 11:47:49 | 000,428,544 | ---- | C] () -- C:\Windows\setup.exe
[2013/06/11 11:47:38 | 000,615,870 | ---- | C] () -- C:\Windows\unins000.exe
[2013/06/11 11:47:38 | 000,000,970 | ---- | C] () -- C:\Windows\unins000.dat
[2012/12/17 10:38:17 | 000,092,216 | ---- | C] () -- C:\Users\user\01120332.one
[2012/12/14 02:42:30 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012/12/14 02:42:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012/12/01 09:49:11 | 000,027,520 | ---- | C] () -- C:\Users\user\AppData\Local\dt.dat
[2012/10/27 12:42:14 | 000,004,096 | -H-- | C] () -- C:\Users\user\AppData\Local\keyfile3.drm
[2012/10/13 10:38:21 | 000,042,006 | ---- | C] () -- C:\Users\user\capa.jpg
[2012/10/09 09:31:23 | 000,344,064 | ---- | C] () -- C:\Users\user\01016259.dot
[2012/07/16 12:17:17 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2011/07/05 17:48:00 | 000,000,600 | ---- | C] () -- C:\Users\user\AppData\Local\PUTTY.RND
 
========== ZeroAccess Check ==========
 
[2009/07/14 01:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 23:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 22:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 22:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 09:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 22:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/06/11 11:52:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AssistenteCertificadoDigital
[2014/11/04 11:34:35 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AVG
[2014/11/03 17:41:07 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AVG2015
[2013/10/07 17:57:07 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Blackboard
[2014/11/21 07:56:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Dropbox
[2012/07/26 18:23:32 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mjusbsp
[2013/07/22 08:49:13 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Oracle
[2014/11/03 11:28:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\QuickScan
[2014/09/02 17:14:38 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Spotify
[2014/09/08 17:06:14 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TeamViewer
[2012/07/30 15:12:38 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TuneUp Software
[2014/09/15 08:09:55 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\uTorrent
[2014/11/03 11:20:42 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Virus Scan
[2012/04/11 08:34:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Windows Live Writer
[2013/07/03 11:18:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Wondershare
 
========== Purity Check ==========
 
 
 
< End of report >
 

  • 0

Advertisements

#2
Essexboy
Posted 21 November 2014 - 12:09 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Biscuithd has answered in your other thread http://www.geekstogo...so-srware-iron/
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: chrome.exe *32, chrome exe *32, srware iron, malware

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP