Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Simple Check Up


  • Please log in to reply

#1
Grazion062

Grazion062

    New Member

  • Member
  • Pip
  • 8 posts

I have recently tried downloading an e-book, and when i clicked to download nothing popped up and nothing happened. So I did a little walkthrough on my computer and notice everything in place, except for two things. I saw winlogon.exe and csrss.exe and i don't remember seeing them. I tried to execute the process and it says i couldn't. So i started to panic. I then looked up on google and saw that there are virus's that or on each of these programs, and some debate whether there really is one and if there isn't one. So this is where i turned to help. I really got scared because i have alot of info that i don't want to lose. Any feed back is appreciated.   

 

OTL logfile created on: 1/8/2015 6:35:47 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\iRibelino\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.75 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 46.06% Memory free
7.49 Gb Paging File | 4.50 Gb Available in Paging File | 60.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282.92 Gb Total Space | 45.09 Gb Free Space | 15.94% Space Free | Partition Type: NTFS
Drive D: | 14.87 Gb Total Space | 1.86 Gb Free Space | 12.49% Space Free | Partition Type: NTFS
Drive F: | 99.34 Mb Total Space | 89.20 Mb Free Space | 89.79% Space Free | Partition Type: FAT32
 
Computer Name: OWNER-HP | User Name: iRibelino | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/01/08 18:30:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\iRibelino\Downloads\OTL.exe
PRC - [2014/12/19 15:01:07 | 006,147,848 | ---- | M] (Curse, Inc) -- C:\Users\iRibelino\AppData\Roaming\Curse Client\Bin\Curse.exe
PRC - [2014/12/10 17:13:22 | 000,770,728 | ---- | M] (Webroot) -- C:\Program Files\Webroot\WRSA.exe
PRC - [2014/12/09 16:22:33 | 000,186,048 | ---- | M] () -- C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
PRC - [2014/12/06 16:45:16 | 000,105,448 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
PRC - [2014/12/05 19:50:53 | 000,856,904 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/11/03 08:31:56 | 000,064,616 | ---- | M] (CyberGhost S.R.L) -- C:\Program Files\CyberGhost 5\Service.exe
PRC - [2014/10/07 15:36:00 | 000,782,040 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
PRC - [2014/10/07 15:33:56 | 000,388,824 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
PRC - [2014/10/07 15:33:20 | 000,409,304 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-Service.exe
PRC - [2014/10/07 15:33:16 | 000,366,808 | ---- | M] (BlueStack Systems) -- C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
PRC - [2014/10/07 15:33:08 | 000,260,824 | ---- | M] (BlueStack Systems) -- C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
PRC - [2014/10/07 15:33:04 | 000,378,072 | ---- | M] (BlueStack Systems) -- C:\Program Files (x86)\BlueStacks\HD-Network.exe
PRC - [2014/02/17 07:09:48 | 004,915,040 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2013/12/18 10:43:04 | 001,980,416 | ---- | M] (Wondershare) -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
PRC - [2013/09/05 08:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2012/10/02 12:45:22 | 000,120,728 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
PRC - [2012/10/02 12:41:02 | 000,694,168 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
PRC - [2012/09/07 20:36:46 | 000,087,992 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
PRC - [2012/03/05 13:38:38 | 000,578,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/09/02 15:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
PRC - [2011/08/19 14:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2010/11/18 13:57:28 | 001,040,952 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
PRC - [2010/09/11 03:02:22 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/12/05 19:50:50 | 009,009,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
MOD - [2014/12/05 19:50:46 | 001,077,064 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
MOD - [2014/12/05 19:50:45 | 000,211,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
MOD - [2014/12/05 19:50:44 | 001,677,128 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
MOD - [2014/11/13 10:25:47 | 001,947,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\b597c30ed765fa6d99a12f00c3314394\Microsoft.VisualBasic.ni.dll
MOD - [2014/11/13 10:25:33 | 000,805,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\11650ce4aad4575fc146aa66a575bcb7\System.Runtime.Remoting.ni.dll
MOD - [2014/11/13 10:25:33 | 000,785,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Ente96d83b35#\d83810da4cb0cf0802c2cf15c652b368\System.EnterpriseServices.ni.dll
MOD - [2014/11/13 10:25:33 | 000,250,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Ente96d83b35#\d83810da4cb0cf0802c2cf15c652b368\System.EnterpriseServices.Wrapper.dll
MOD - [2014/10/16 11:23:06 | 000,530,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Net.Http\7f372539d1837d70e88821cc20ed6530\System.Net.Http.ni.dll
MOD - [2014/10/16 11:23:04 | 019,696,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\316b149dbb031d0e35c9d57bb2fc4b6e\System.ServiceModel.ni.dll
MOD - [2014/10/16 11:22:41 | 000,399,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\7ab3e68c2e523f60bfc4f222cbd1c1d0\System.Xml.Linq.ni.dll
MOD - [2014/10/16 11:22:01 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\38d6578b4fe29bede85ffff08e3697b6\PresentationFramework-SystemXml.ni.dll
MOD - [2014/10/16 11:22:01 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio4b37ff64#\9370714a38ae2805434296b26a9f5b14\PresentationFramework-SystemXmlLinq.ni.dll
MOD - [2014/10/16 11:22:00 | 000,016,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a7b877#\4df6733efc348c009a4a6e0adccc42a6\PresentationFramework-SystemData.ni.dll
MOD - [2014/10/16 11:21:59 | 000,025,088 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a6349c#\63e9d81bd805aea8f8690fee2efc9a9e\PresentationFramework-SystemCore.ni.dll
MOD - [2014/10/15 19:47:53 | 000,660,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\a26884cd80c1d4a7e3f00c795e5cb305\System.Transactions.ni.dll
MOD - [2014/10/15 19:47:51 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\3646375313dd2b8e3afecbf945960336\PresentationFramework.ni.dll
MOD - [2014/10/15 19:47:51 | 000,241,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Comp46f2b404#\6c97a46aff5154a7217a528e86698ab3\System.ComponentModel.DataAnnotations.ni.dll
MOD - [2014/10/15 19:47:50 | 013,643,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\d12ecb88500237067aa30b40081d51b7\System.Web.ni.dll
MOD - [2014/10/15 19:47:41 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\8b133e0d94535a7534719f70873ca7fe\System.Xaml.ni.dll
MOD - [2014/10/15 19:47:38 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\006d28e7c86f3e70db90ce06ea2f33fb\PresentationCore.ni.dll
MOD - [2014/10/15 19:47:30 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\94bbd298ec8575f3c6151a59538a109c\WindowsBase.ni.dll
MOD - [2014/10/15 19:47:27 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\7971f3a1c08c4043cf981f457855b4d4\PresentationFramework.Aero.ni.dll
MOD - [2014/10/15 19:47:26 | 001,046,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Compba577418#\cc7bb025e7cca401787cec5893c2cb67\System.ComponentModel.Composition.ni.dll
MOD - [2014/10/15 19:47:22 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\046058f81b039ab6fd839e03e67595f8\SMDiagnostics.ni.dll
MOD - [2014/10/15 19:47:21 | 002,822,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f9f13cd8fe1cefaad78579a7c3a41464\System.Runtime.Serialization.ni.dll
MOD - [2014/10/15 19:47:21 | 000,794,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\35d3a1b878542de59cb4fc0593992404\System.ServiceModel.Internals.ni.dll
MOD - [2014/10/15 19:47:20 | 007,668,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7147fa233a070283dba824da40089bf1\System.Xml.ni.dll
MOD - [2014/10/15 19:47:14 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\db563d596d76daed04e9b5d25b2f4cb9\System.Windows.Forms.ni.dll
MOD - [2014/10/15 19:47:14 | 007,409,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\5d2c01ae1ca8c40ed74cdfd7b7b7dcb1\System.Data.ni.dll
MOD - [2014/10/15 19:47:09 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\691c1ad89d16f49d80e84fa06a79089a\System.Core.ni.dll
MOD - [2014/10/15 19:47:06 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b4c08872c259018b17b2801da33ac80f\System.Drawing.ni.dll
MOD - [2014/10/15 19:47:03 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0648dbecb7e3fb9523565107e04a5caf\System.Configuration.ni.dll
MOD - [2014/10/15 19:47:02 | 010,100,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\17a393b77ae757f0768501fb95ff5af6\System.ni.dll
MOD - [2014/05/22 22:15:29 | 000,437,248 | ---- | M] () -- C:\Users\iRibelino\AppData\Roaming\Curse Client\Bin\WebRTC_CSharpWrapper.dll
MOD - [2014/02/27 13:30:56 | 000,190,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75b6a68103e1b76063d9f69b8275ae61\UIAutomationTypes.ni.dll
MOD - [2014/02/27 13:30:56 | 000,100,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\c94c36c9ae776de930f2aacb6dd51c38\UIAutomationProvider.ni.dll
MOD - [2014/02/26 20:48:23 | 000,147,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\4c8a153aa66fcd62db6fff269a2ef2b4\System.Numerics.ni.dll
MOD - [2014/02/26 20:48:23 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\e7e7e3b82e91028e6ed05189f837ea13\Accessibility.ni.dll
MOD - [2014/02/26 20:48:22 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2013/12/13 07:12:44 | 000,307,712 | ---- | M] () -- C:\Users\iRibelino\AppData\Roaming\Curse Client\Bin\opus.dll
MOD - [2013/07/24 08:24:52 | 000,137,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
MOD - [2012/10/02 12:41:02 | 000,694,168 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
MOD - [2010/11/18 14:09:10 | 001,699,384 | ---- | M] () -- C:\Users\iRibelino\AppData\Roaming\PictureMover\EN-US\Presentation.dll
MOD - [2010/11/18 13:57:42 | 012,284,984 | ---- | M] () -- C:\Users\iRibelino\AppData\Roaming\PictureMover\Bin\Core.dll
MOD - [2009/07/13 19:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/12/10 17:13:22 | 000,770,728 | ---- | M] (Webroot) [Auto | Running] -- C:\Program Files\Webroot\WRSA.exe -- (WRSVC)
SRV:64bit: - [2014/11/21 20:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/11/03 08:31:56 | 000,064,616 | ---- | M] (CyberGhost S.R.L) [Auto | Running] -- C:\Program Files\CyberGhost 5\Service.exe -- (CGVPNCliService)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/09/28 10:12:18 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/12/10 00:33:22 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/08/05 21:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/07/21 16:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/06/17 06:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV - [2014/12/11 10:30:48 | 000,315,496 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014/12/09 19:54:25 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/12/09 16:22:33 | 000,186,048 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe -- (Razer Game Scanner Service)
SRV - [2014/12/06 16:45:16 | 000,105,448 | ---- | M] (Razer Inc.) [Auto | Running] -- C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe -- (RzKLService)
SRV - [2014/11/18 14:23:34 | 000,833,728 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/11/05 20:50:35 | 000,174,112 | ---- | M] (EasyAntiCheat Ltd) [On_Demand | Stopped] -- C:\Windows\SysWOW64\EasyAntiCheat.exe -- (EasyAntiCheat)
SRV - [2014/10/07 15:36:00 | 000,782,040 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe -- (BstHdUpdaterSvc)
SRV - [2014/10/07 15:33:56 | 000,388,824 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2014/10/07 15:33:20 | 000,409,304 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2014/03/20 16:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014/03/05 17:32:06 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/02/17 07:09:48 | 004,915,040 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/09/05 08:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/03/05 23:35:55 | 002,413,056 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2012/10/02 12:45:22 | 000,120,728 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/09/07 20:36:46 | 000,087,992 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe -- (DeviceMonitorService)
SRV - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/09/02 15:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service)
SRV - [2010/09/11 03:02:22 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/06/18 19:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/12/10 17:13:25 | 000,114,176 | ---- | M] (Webroot) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WRkrn.sys -- (WRkrn)
DRV:64bit: - [2014/12/09 16:21:53 | 000,037,184 | ---- | M] (Razer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rzpmgrk.sys -- (rzpmgrk)
DRV:64bit: - [2014/05/12 19:49:17 | 000,028,768 | ---- | M] (SoftEther VPN Project at University of Tsukuba, Japan.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Neo_0048.sys -- (Neo_VPN)
DRV:64bit: - [2014/05/06 21:00:02 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013/08/22 06:40:24 | 000,040,664 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2013/06/26 18:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 18:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 18:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 18:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/03/18 16:51:08 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2013/03/05 23:35:55 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 08:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/02 11:18:08 | 000,101,632 | ---- | M] (UT) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uth5x64.sys -- (H5xUSB)
DRV:64bit: - [2012/06/11 10:56:34 | 000,022,016 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2012/06/08 15:09:12 | 000,027,136 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet)
DRV:64bit: - [2012/06/08 15:08:54 | 000,008,832 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/25 13:57:46 | 000,009,728 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2011/11/08 12:59:12 | 000,011,776 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motusbdevice.sys -- (motusbdevice)
DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/09/28 10:52:48 | 010,210,304 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/09/28 09:34:54 | 000,317,952 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/08/02 14:14:47 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/04/14 03:53:15 | 003,065,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011/03/21 12:22:06 | 000,452,200 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/11 00:03:46 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/11/20 04:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 00:37:44 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/06/17 07:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2010/05/15 12:04:00 | 000,073,856 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/05/15 12:04:00 | 000,028,800 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/05/06 07:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/04/29 06:43:20 | 000,038,528 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/03/08 19:08:36 | 000,121,800 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HtcVComV64.sys -- (HtcVCom32)
DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/11/09 11:20:10 | 000,218,056 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2009/09/16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 14:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 14:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/01/29 17:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2014/10/07 15:33:44 | 000,122,072 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://groovorio.com...r=907099533&ir=
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.won...&cc=US&unqvl=60
IE - HKLM\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.won...&cc=US&unqvl=60
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...97&ocid=UP97DHP
IE - HKCU\..\SearchScopes,DefaultScope = {42AAC3D6-8897-4221-9748-BC4186C0A08B}
IE - HKCU\..\SearchScopes\{42AAC3D6-8897-4221-9748-BC4186C0A08B}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{51261617-64CF-40ED-9D94-C384D1955A5F}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...urceid=ie7&rlz=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\iRibelino\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 14:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2014/10/23 07:04:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager  (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager  (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Java Deployment Toolkit 7.0.210.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: No name found = C:\Users\iRibelino\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\iRibelino\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\iRibelino\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\iRibelino\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\iRibelino\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\iRibelino\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcknhkkoolaabfmlnjonogaaifnjlfnp\3.0.7.1_0\
CHR - Extension: No name found = C:\Users\iRibelino\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd\1.0.2.42_0\
CHR - Extension: No name found = C:\Users\iRibelino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.5.0.2_0\
CHR - Extension: No name found = C:\Users\iRibelino\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\iRibelino\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab\3.0.23_0\
CHR - Extension: No name found = C:\Users\iRibelino\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\10.31.4.510_0\
CHR - Extension: No name found = C:\Users\iRibelino\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\10.31.4.510_0\nativeMessaging\nmHost
CHR - Extension: No name found = C:\Users\iRibelino\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Webroot Vault) - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar64.dll (Webroot)
O2:64bit: - BHO: (Webroot Filtering Extension) - {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll (Webroot)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Webroot Vault) - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar.dll (Webroot)
O2 - BHO: (Webroot Filtering Extension) - {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll (Webroot)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll File not found
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Webroot Toolbar) - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar64.dll (Webroot)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll File not found
O3 - HKLM\..\Toolbar: (Webroot Toolbar) - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar.dll (Webroot)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1ACC87D6-CB2B-4CAF-9280-6549842407C9} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {3BBD3C14-4C16-4989-8366-95BC9179779D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Denzi] C:\Program Files (x86)\Denzi\Denzi.exe File not found
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [ISTray] "C:\Users\BAMBAM~1.OWN\AppData\Local\Temp\MRI_TEMP\Spyware Doctor\pctsTray.exe" File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Wondershare Helper Compact] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKLM..\Run: [WRSVC] C:\Program Files\Webroot\WRSA.exe (Webroot)
O4 - HKCU..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O9:64bit: - Extra Button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\PKG\LPBar64.dll (Webroot)
O9:64bit: - Extra 'Tools' menuitem : Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\PKG\LPBar64.dll (Webroot)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\PKG\LPBar.dll (Webroot)
O9 - Extra 'Tools' menuitem : Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\PKG\LPBar.dll (Webroot)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A885B0D-680D-4969-937E-2C75D7694C0F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8E5933B-63C5-4400-BB92-64A283EAC707}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (msapsspc.dll) -  File not found
O29:64bit: - HKLM SecurityProviders - (digest.dll) -  File not found
O29:64bit: - HKLM SecurityProviders - (msnsspc.dll) -  File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) -  File not found
O29 - HKLM SecurityProviders - (digest.dll) -  File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1a6a4fc5-5bc1-11e4-97be-00acda012624}\Shell - "" = AutoRun
O33 - MountPoints2\{1a6a4fc5-5bc1-11e4-97be-00acda012624}\Shell\AutoRun\command - "" = G:\HTC_Sync_Manager_PC.exe
O33 - MountPoints2\{42d58488-5af8-11e4-866d-00acda012624}\Shell - "" = AutoRun
O33 - MountPoints2\{42d58488-5af8-11e4-866d-00acda012624}\Shell\AutoRun\command - "" = G:\HTC_Sync_Manager_PC.exe
O33 - MountPoints2\{5cbd42ba-ac93-11e3-9eae-2c27d7c29c90}\Shell - "" = AutoRun
O33 - MountPoints2\{5cbd42ba-ac93-11e3-9eae-2c27d7c29c90}\Shell\AutoRun\command - "" = G:\Setup.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\HTC_Sync_Manager_PC.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/01/06 16:55:30 | 000,000,000 | ---D | C] -- C:\Users\iRibelino\AppData\Local\Skype
[2015/01/06 16:55:25 | 000,000,000 | ---D | C] -- C:\Users\iRibelino\AppData\Roaming\Skype
[2015/01/06 16:55:13 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2015/01/06 16:55:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2015/01/06 16:55:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2015/01/06 16:01:18 | 000,000,000 | ---D | C] -- C:\Users\iRibelino\AppData\Roaming\Hewlett-Packard
[2015/01/05 00:55:13 | 000,000,000 | ---D | C] -- C:\Users\iRibelino\AppData\Roaming\Apple Computer
[2015/01/05 00:18:37 | 000,000,000 | ---D | C] -- C:\Games
[2015/01/04 21:41:06 | 000,000,000 | ---D | C] -- C:\Users\iRibelino\AppData\Roaming\TeamViewer
[2015/01/04 02:42:21 | 000,000,000 | ---D | C] -- C:\Users\iRibelino\AppData\Roaming\.minecraft
[2015/01/04 00:20:46 | 000,000,000 | ---D | C] -- C:\Users\iRibelino\AppData\Roaming\ATI
[2015/01/03 13:28:03 | 000,000,000 | ---D | C] -- C:\Users\iRibelino\AppData\Roaming\Adobe
[2015/01/03 13:25:43 | 000,000,000 | ---D | C] -- C:\Users\iRibelino\AppData\Local\Razer_Inc
[2015/01/03 13:25:25 | 000,000,000 | ---D | C] -- C:\Users\iRibelino\Documents\Razer
[2015/01/03 13:17:22 | 000,000,000 | ---D | C] -- C:\Users\iRibelino\AppData\Local\Razer
[2015/01/03 13:16:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
[2015/01/03 13:16:50 | 000,037,184 | ---- | C] (Razer, Inc.) -- C:\Windows\SysNative\drivers\rzpmgrk.sys
[2015/01/03 13:16:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Razer
[2015/01/03 13:16:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Razer
[2014/12/31 19:22:14 | 000,000,000 | -HSD | C] -- C:\Users\iRibelino\AppData\Local\EmieBrowserModeList
[2014/12/10 16:08:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appraiser
[2012/11/03 15:10:08 | 010,395,072 | ---- | C] (Webroot Software, Inc.) -- C:\Program Files (x86)\Common Files\wruninstall.exe
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[15 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\iRibelino\*.tmp files -> C:\Users\iRibelino\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2015/01/08 18:38:00 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-633064636-575154894-4071965462-1003UA.job
[2015/01/08 18:01:00 | 000,000,260 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job
[2015/01/08 17:54:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/01/08 17:54:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/01/08 16:54:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/01/08 16:27:03 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro64 startups.job
[2015/01/08 16:27:03 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2015/01/08 16:27:03 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
[2015/01/08 15:58:00 | 000,026,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/01/08 15:58:00 | 000,026,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/01/08 15:55:00 | 000,000,964 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-633064636-575154894-4071965462-1002UA.job
[2015/01/08 15:51:00 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-633064636-575154894-4071965462-1007UA.job
[2015/01/08 15:50:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/01/08 15:49:58 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys
[2015/01/08 00:38:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-633064636-575154894-4071965462-1003Core.job
[2015/01/07 21:51:04 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-633064636-575154894-4071965462-1007Core.job
[2015/01/07 18:55:00 | 000,000,942 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-633064636-575154894-4071965462-1002Core.job
[2015/01/06 16:55:13 | 000,002,697 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2015/01/06 09:46:12 | 000,000,017 | ---- | M] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2015/01/05 00:20:58 | 000,001,624 | ---- | M] () -- C:\Users\iRibelino\Desktop\Play The Forest.lnk
[2015/01/04 16:45:00 | 000,007,604 | ---- | M] () -- C:\Users\iRibelino\AppData\Local\Resmon.ResmonCfg
[2015/01/03 13:16:58 | 000,001,252 | ---- | M] () -- C:\Users\Public\Desktop\Razer Cortex.lnk
[2014/12/10 17:13:25 | 000,153,256 | ---- | M] (Webroot) -- C:\Windows\SysWow64\WRusr.dll
[2014/12/10 17:13:25 | 000,114,176 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\WRkrn.sys
[2014/12/10 17:13:25 | 000,103,816 | ---- | M] (Webroot) -- C:\Windows\SysNative\WRusr.dll
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[15 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\iRibelino\*.tmp files -> C:\Users\iRibelino\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2015/01/06 16:55:13 | 000,002,697 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2015/01/06 09:46:10 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2015/01/05 00:20:58 | 000,001,624 | ---- | C] () -- C:\Users\iRibelino\Desktop\Play The Forest.lnk
[2015/01/03 13:16:58 | 000,001,252 | ---- | C] () -- C:\Users\Public\Desktop\Razer Cortex.lnk
[2014/07/01 23:41:43 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe
[2014/07/01 23:41:43 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2014/07/01 23:41:43 | 000,001,994 | ---- | C] () -- C:\Windows\unins000.dat
[2014/03/29 09:59:07 | 000,007,604 | ---- | C] () -- C:\Users\iRibelino\AppData\Local\Resmon.ResmonCfg
[2013/05/23 14:28:10 | 000,004,608 | ---- | C] () -- C:\Users\iRibelino\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 20:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 19:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 03:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2015/01/06 18:24:14 | 000,000,000 | ---D | M] -- C:\Users\iRibelino\AppData\Roaming\.minecraft
[2014/05/08 18:37:58 | 000,000,000 | ---D | M] -- C:\Users\iRibelino\AppData\Roaming\Curse
[2015/01/08 16:47:43 | 000,000,000 | ---D | M] -- C:\Users\iRibelino\AppData\Roaming\Curse Client
[2013/08/05 14:21:31 | 000,000,000 | ---D | M] -- C:\Users\iRibelino\AppData\Roaming\ihelper
[2014/05/23 11:05:10 | 000,000,000 | ---D | M] -- C:\Users\iRibelino\AppData\Roaming\Local
[2014/04/03 19:23:20 | 000,000,000 | ---D | M] -- C:\Users\iRibelino\AppData\Roaming\LolClient
[2013/06/03 14:30:21 | 000,000,000 | ---D | M] -- C:\Users\iRibelino\AppData\Roaming\Motorola Mobility
[2013/05/11 13:20:08 | 000,000,000 | ---D | M] -- C:\Users\iRibelino\AppData\Roaming\PictureMover
[2014/01/05 20:42:08 | 000,000,000 | ---D | M] -- C:\Users\iRibelino\AppData\Roaming\Publish Providers
[2014/01/25 12:16:17 | 000,000,000 | ---D | M] -- C:\Users\iRibelino\AppData\Roaming\Riot Games
[2014/07/01 15:43:15 | 000,000,000 | ---D | M] -- C:\Users\iRibelino\AppData\Roaming\Sony
[2013/05/11 13:18:43 | 000,000,000 | ---D | M] -- C:\Users\iRibelino\AppData\Roaming\Synaptics
[2015/01/04 21:45:16 | 000,000,000 | ---D | M] -- C:\Users\iRibelino\AppData\Roaming\TeamViewer
[2013/12/15 19:51:31 | 000,000,000 | ---D | M] -- C:\Users\iRibelino\AppData\Roaming\WildTangent
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 158 bytes -> C:\ProgramData\Temp:DFC5A2B2
 
< End of report >
 

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP

I don't see anything.  The two files you mentioned are normal windows files.

 

You might want to let ESET look just to make sure: (takes a few hours)

 

Use IE and go to http://eset.com/onlinescan  and click on ESET online Scanner.  Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).  
 
# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.

  • 0

#3
Grazion062

Grazion062

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

So far, i've been scanning and it's found 5 virus's and its a trojan dropper and also Adware.AlimenMain.A. I have no idea what this means? Can someone explain?


Edited by Grazion062, 08 January 2015 - 09:28 PM.

  • 0

#4
Grazion062

Grazion062

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Here is the log from the lists of threat found, what do i do now? 

C:\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Users\All Users\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\$Recycle.Bin\S-1-5-21-633064636-575154894-4071965462-1006\$RIB62SJ.exe a variant of Win32/TrojanDropper.MsiDrop.A trojan cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-633064636-575154894-4071965462-1006\$R4UBZTV\temp\BIT999E.tmp a variant of Win32/AdWare.MultiPlug.BE application cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-633064636-575154894-4071965462-1006\$R4UBZTV\temp\pcsm_setup.exe a variant of Win32/AdWare.MultiPlug.BE application cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-633064636-575154894-4071965462-1006\$R4UBZTV\temp\setupnt.exe a variant of Win32/AdWare.MultiPlug.BE application cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-633064636-575154894-4071965462-1006\$R4UBZTV\temp\setupsm.exe a variant of Win32/AdWare.MultiPlug.BE application cleaned by deleting - quarantined
C:\Program Files (x86)\PepperZip\PepperZip.exe Win32/Adware.AlimenMain.A application cleaned by deleting - quarantined
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Users\Bam Bam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2MA6P9M9\index[2].htm HTML/Refresh.BC trojan cleaned by deleting - quarantined
C:\Users\Bam Bam.Owner-HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ETLORCB\Installer[1].exe a variant of Win32/TrojanDropper.MsiDrop.A trojan cleaned by deleting - quarantined
C:\Users\Bam Bam.Owner-HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0DL208E\setup[1].exe multiple threats cleaned by deleting - quarantined
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3VFTPOD1\index[1].htm HTML/Refresh.BC trojan cleaned by deleting - quarantined
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uetunksc.default\extensions\[email protected]\content\overlay.js Win32/Adware.Yontoo application cleaned by deleting - quarantined

  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP

It looks like the scan was definitely worth the effort but I don't think any of the stuff it found was really active.  Stuff in Temporary Internet Files is probably from when you hit the bad page.  Stuff in C:\$Recycle.Bin is already in your trash can so you may have deleted it already.  The rest is adware, pepperzip and yontoo.  

 

I would uninstall your current fairly worthless anti-virus and replace it with the free Avast.

 

http://files.avast.c...virus_setup.exe

 

Download avast first then uninstall your old anti-virus, reboot and install Avast.  Once you register (they will offer the paid version but the basic version is what you want) and it updates you can have it run a boot-time scan just to make sure there is nothing left:

 

First mute the speakers so it won't wake you up when Windows loads.  Click on the Orange ball.  Click on Scans.  Change Quickscan to Boot-time Scan.  Click on Settings.  Where it says Heuristic Sensitivity click on the last rectangle so that all of them are  orange and it says High.  Check both boxes.  Then change When a threat is found ... to:  Move to Chest.  OK.  Now click on Start.  Close the Avast window and then reboot.  The scan will start.  It will tell you where it will save the report.  Usually it's 

C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.  When Windows loads Click on the Orange Ball then Scan, Then Scan History (at the bottom of the page). Click on the last scan and then Detailed Report.  If it found anything then open the aswBoot.txt file and copy and paste it.  If you can't find it then take a screen shot of the Detailed Report:
 

Stick with Avast for a while and see how you like it.  Some people object to the voice notification of updates.  To turn it off, click on the Avast ball then on Settings then on Appearance.  Then on Sounds and uncheck Automatic Updates OK.  (It will still update it just won't tell you about in a loud voice in the middle of the night.)
 
They have also started using their info popup to try and get you to upgrade so I go into Settings, Appearance, Popups and change the first two to 1 second.
 
If you haven't registered already then right click on the orange ball and select Registration Information and click on the link.  (They just want your name and email address).  The registration is good for 12-14 months then you will need to register again.  They will, of course, try to talk you into buying the product but you can always register again for another year free tho it may not be the default.
 
 

 
Please download Farbar Recovery Scan Tool and save it to your Desktop. 
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
 
  •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 
  •  
     
     

    • 0

    #6
    Grazion062

    Grazion062

      New Member

    • Topic Starter
    • Member
    • Pip
    • 8 posts

    So my system boot scan finally finished and it found 39 virus's, here they are:

    01/09/2015 22:21
    Scan of C:
     
    Scan of *STARTUP
     
    File C:\Users\Bam Bam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\21CR030N\120924073439-f[1].zip|>120924073439-f.list Error 42125 {ZIP archive is corrupted.}
    File C:\Users\Bam Bam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\40C02SUZ\120910232313-f[1].zip|>120910232313-f.list Error 42125 {ZIP archive is corrupted.}
    File C:\Users\Bam Bam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\40C02SUZ\120920010654-f[1].zip|>120920010654-f.list Error 42125 {ZIP archive is corrupted.}
    File C:\Users\Bam Bam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HBU9UF3F\120719014519-f[1].zip|>120719014519-f.list Error 42125 {ZIP archive is corrupted.}
    File C:\Users\Bam Bam.Owner-HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ETLORCB\DEETs[1].exe is infected by Win32:Downloader-TOU [Trj], Moved to chest
    File C:\Users\Bam Bam.Owner-HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\50H50BZH\121122190654-m[1].zip|>121122190654-m.list is infected by HTML:Redirector-AE [Trj], Moved to chest
    File C:\Users\Bam Bam.Owner-HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\50H50BZH\121123025100-m[1].zip|>121123025100-m.list is infected by HTML:Redirector-AE [Trj], Moved to chest
    File C:\Users\Bam Bam.Owner-HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\50H50BZH\121125002847-m[1].zip|>121125002847-m.list is infected by HTML:Redirector-AE [Trj], Moved to chest
    File C:\Users\Bam Bam.Owner-HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\50H50BZH\121125224459-m[1].zip|>121125224459-m.list is infected by HTML:Redirector-AE [Trj], Moved to chest
    File C:\Users\Bam Bam.Owner-HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\50H50BZH\121102165909-m[1].zip|>121102165909-m.list is infected by HTML:Includer-I [Trj], Moved to chest
    File C:\Users\Bam Bam.Owner-HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ELB31R1\130423062020-l[1].zip|>130423062020-l.list is infected by NSIS:Downloader-YP [Trj], Moved to chest
    File C:\Users\Bam Bam.Owner-HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9EYJU8CM\130603062237-m[1].zip|>130603062237-m.list is infected by NSIS:Adware-MD [PUP], Moved to chest
    File C:\Users\Bam Bam.Owner-HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9EYJU8CM\130712061152-l[1].zip|>130712061152-l.list is infected by HTML:HideMe-F [Trj], Moved to chest
    File C:\Users\Bam Bam.Owner-HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9EYJU8CM\130718060951-l[1].zip|>130718060951-l.list is infected by HTML:HideMe-F [Trj], Moved to chest
    File C:\Users\Bam Bam.Owner-HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KN81EBL3\130618061542-l[1].zip|>130618061542-l.list is infected by NSIS:Adware-MD [PUP], Moved to chest
    File C:\Users\Bam Bam.Owner-HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KN81EBL3\130704072002-m[1].zip|>130704072002-m.list is infected by NSIS:Adware-MD [PUP], Moved to chest
    File C:\Users\Bam Bam.Owner-HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WK32Q403\130330044722-f[1].zip|>130330044722-f.list is infected by NSIS:Downloader-YP [Trj], Moved to chest
    File C:\Users\Bam Bam.Owner-HP\Downloads\7zip_RocketFuelInstaller.exe is infected by Win32:Adware-BGF [PUP], Moved to chest
    File C:\Users\EVRYONE FAMLIY\AppData\Local\antiphishing-vmninternethelper1_1dn\data\130826185643-m.list is infected by JS:Iframe-AYK [Trj], Moved to chest
    File C:\Users\iRibelino\AppData\Local\antiphishing-vmninternethelper1_1dn\data\130720061720-l.list is infected by NSIS:Adware-MD [PUP], Moved to chest
    File C:\Users\iRibelino\AppData\Local\antiphishing-vmninternethelper1_1dn\data\130812182333-m.list is infected by BV:Ftp-AT [Trj], Moved to chest
    File C:\Users\iRibelino\AppData\Local\antiphishing-vmninternethelper1_1dn\data\130826185643-m.list is infected by JS:Iframe-AYK [Trj], Moved to chest
    File C:\Users\iRibelino\AppData\Local\antiphishing-vmninternethelper1_1dn\data\130712061152-l.list is infected by HTML:HideMe-F [Trj], Moved to chest
    File C:\Users\iRibelino\AppData\Local\antiphishing-vmninternethelper1_1dn\data\130716004537-f.list is infected by NSIS:Adware-MD [PUP], Moved to chest
    File C:\Users\iRibelino\AppData\Local\antiphishing-vmninternethelper1_1dn\data\130718060951-l.list is infected by HTML:HideMe-F [Trj], Moved to chest
    File C:\Users\Junior\AppData\Local\antiphishing-vmninternethelper1_1dn\data\130329193221-f.list is infected by NSIS:Downloader-YP [Trj], Moved to chest
    File C:\Users\Junior\AppData\Local\antiphishing-vmninternethelper1_1dn\data\130423062020-l.list is infected by NSIS:Downloader-YP [Trj], Moved to chest
    File C:\Users\Junior\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\20XONWBD\130316070929-m[1].zip|>130316070929-m.list Error 42125 {ZIP archive is corrupted.}
    File C:\Users\Junior\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\44U7LWCJ\130423062020-l[1].zip|>130423062020-l.list is infected by NSIS:Downloader-YP [Trj], Moved to chest
    File C:\Users\Junior\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6F2PFXIZ\130316070929-l[1].zip|>130316070929-l.list Error 42125 {ZIP archive is corrupted.}
    File C:\Users\Junior\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H7I2DY0S\130329193221-f[1].zip|>130329193221-f.list is infected by NSIS:Downloader-YP [Trj], Moved to chest
    File C:\Users\Junior\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WW7FOWVC\130316144857-f[1].zip|>130316144857-f.list Error 42125 {ZIP archive is corrupted.}
    File C:\Users\Junior\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X2UVF7CP\130316153629-f[1].zip|>130316153629-f.list Error 42125 {ZIP archive is corrupted.}
    File C:\Users\Junior\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X2UVF7CP\130316170902-f[1].zip|>130316170902-f.list Error 42125 {ZIP archive is corrupted.}
    File C:\Users\Junior\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X2UVF7CP\130325221106-f[1].zip|>130325221106-f.list is infected by NSIS:Downloader-YP [Trj], Moved to chest
    File C:\Users\Junior\Music\iTunes\iTunes Media\Downloads\ALMA.tmp\download.app|>Payload\alma.app\alma Error 42125 {ZIP archive is corrupted.}
    File C:\Users\Junior\Music\iTunes\iTunes Media\Downloads\Haiku Deck.tmp\download.app|>Payload\Haiku Deck.app\[email protected] Error 42125 {ZIP archive is corrupted.}
    File C:\Users\Junior\Music\iTunes\iTunes Media\Downloads\Kickoff Lite.tmp\download.app|>Payload\Kickoff Lite.app\adHolderFB.png Error 42125 {ZIP archive is corrupted.}
    File C:\Users\Junior\Music\iTunes\iTunes Media\Downloads\Real Racing 3.tmp\download.app|>Payload\RealRacing3.app\res\Tracks\spa\processed\high\spa.m3g Error 42125 {ZIP archive is corrupted.}
    File C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FE162NUL\gift-reward-panel_com[1].htm is infected by HTML:Script-inf, Moved to chest
    File C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6LOPERVC\index[1].htm is infected by HTML:RedirME-inf [Trj], Moved to chest
    File C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\26e2a756-36cec556|>j.class is infected by Java:Malware-gen [Trj], Moved to chest
    File C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\26e2a756-36cec556|>Final.class is infected by Java:CVE-2011-3544-AZ [Expl], Moved to chest
    File C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\26e2a756-36cec556|>n.class is infected by Java:Malware-gen [Trj], Moved to chest
    File C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\7d7fb5ae-13ea8553|>rotor\Glocker.class is infected by Java:Agent-ZY [Expl], Moved to chest
    File C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\7d7fb5ae-13ea8553|>rotor\zalux$1.class is infected by Java:Agent-ZX [Expl], Moved to chest
    File C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\7d7fb5ae-13ea8553|>rotor\zalux$zordo.class is infected by Java:Agent-TB [Expl], Moved to chest
    File C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\7d7fb5ae-13ea8553|>rotor\zalux.class is infected by Java:Agent-WY [Expl], Moved to chest
    File C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\7d7fb5ae-13ea8553|>rotor\Zo666.class is infected by Java:Agent-ZZ [Expl], Moved to chest
    File C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\7d7fb5ae-13ea8553|>rotor\Zom.class is infected by Java:Agent-ZW [Expl], Moved to chest
    File C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\7d7fb5ae-13ea8553|>rotor\Zom2.class is infected by Java:Malware-gen [Trj], Moved to chest
    File C:\$Recycle.Bin\S-1-5-21-633064636-575154894-4071965462-1006\$R4UBZTV\temp\putfu.exe is infected by Win32:PUP-gen [PUP], Moved to chest
    File C:\Windows\Installer\1008c.msi|>Binary.nss3.dll Error 42144 {OLE archive is corrupted.}
    File C:\Windows\Installer\1008c.msi|>Binary.nspr4.dll Error 42144 {OLE archive is corrupted.}
    File C:\Windows\Installer\1008c.msi|>Binary.C2CCustomActions Error 42144 {OLE archive is corrupted.}
    File C:\Windows\Installer\1008c.msi|>Binary.softokn3.dll Error 42144 {OLE archive is corrupted.}
    File C:\Windows\Installer\1008c.msi|>Binary.WixUI_Bmp_Dialog Error 42144 {OLE archive is corrupted.}
    File C:\Windows\Installer\1008c.msi|>Binary.WixUI_Bmp_Banner Error 42144 {OLE archive is corrupted.}
    Number of searched folders: 122518
    Number of tested files: 1768006
    Number of infected files: 39
     
    Need help removing these.

    • 0

    #7
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,028 posts
    • MVP

    You don't need help removing them because Avast has already moved them to its chest.  Most of the infected files are in Temporary Internet Files or the Java cache which means you went to an infected webpage.  Since I don't see them running it means you didn't click on the button on that webpage which would have installed them or if you did your anti-virus stopped them.  The lines with corrupt archives are not viruses.  Just bad downloads that won't open properly.  These should be deleted manually.  The actual file name is before the | so the first one:

    File C:\Users\Bam Bam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\21CR030N\120924073439-f[1].zip|>120924073439-f.list Error 42125 {ZIP archive is corrupted.}

     

    The file is C:\Users\Bam Bam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\21CR030N\120924073439-f[1].zip

     

    We can have OTL  remove them.  

     

    Copy the text in the code box by highlighting and Ctrl + c

     
     
    :files
    C:\Users\Bam Bam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\21CR030N\120924073439-f[1].zip
    C:\Users\Bam Bam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\40C02SUZ\120910232313-f[1].zip
    C:\Users\Bam Bam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\40C02SUZ\120920010654-f[1].zip
    C:\Users\Bam Bam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HBU9UF3F\120719014519-f[1].zip
    C:\Users\Junior\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\20XONWBD\130316070929-m[1].zip
    C:\Users\Junior\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6F2PFXIZ\130316070929-l[1].zip
    C:\Users\Junior\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WW7FOWVC\130316144857-f[1].zip
    C:\Users\Junior\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X2UVF7CP\130316153629-f[1].zip
    C:\Users\Junior\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X2UVF7CP\130316170902-f[1].zip
    C:\Users\Junior\Music\iTunes\iTunes Media\Downloads\ALMA.tmp\download.app
    C:\Users\Junior\Music\iTunes\iTunes Media\Downloads\Haiku Deck.tmp\download.app
    C:\Users\Junior\Music\iTunes\iTunes Media\Downloads\Kickoff Lite.tmp\download.app
    C:\Users\Junior\Music\iTunes\iTunes Media\Downloads\Real Racing 3.tmp\download.app
    C:\Windows\Installer\1008c.msi
     
    :Commands
    [EMPTYTEMP]
    [EMPTYFLASH]
    [EMPTYJAVA]
    [purity]
    [Reboot]
     
    
     
    then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
    Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply. 
    It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\01\10\2015-some number.log so look there if you don't see it.
     
    Clear the Java Cache by following the instructions on
     
    Then go into Control Panel, Programs and Features and uninstall all old versions of Java. (Current one is 8 update 25).
     

     
    Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.
     
    If you feel you must have Java:
    Get the latest Java at:
     
    Save it to your PC then close all browsers and install it.  Do not let it install the Ask toolbar or other foistware.  (Just uncheck the offer before you hit next)
    Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.
     
    (If you also want the 64 bit version then use the 64 bit version of IE to get it.)
     

    If you run the boot-time scan again it should come up clean this time.
     
    Stick with Avast for a while and see how you like it.  Some people object to the voice notification of updates.  To turn it off, click on the Avast ball then on Settings.  Then on Sounds and uncheck Automatic Updates OK.  (It will still update it just won't tell you about in a loud voice in the middle of the night.)
     
    They have also started using their info popup to try and get you to upgrade so I go into Settings, Popups and change the first two to 1 second.
     
    The registration is good for 12-14 months then you will need to register again.  They will, of course, try to talk you into buying the product but you can always register again for another year free.
     
    I do not like their Browser Cleanup as they insist on changing my home page and default search engine to yahoo in order to clean up.  They also have something against  MSIProductInfoClass from HP which is not evil so I tell it to Ignore it.   Prefer to fix things myself.
     
    We can run some more scans to make sure:

     
    Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
     
    NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
     
    Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
     
    scan-results.jpg
     
    Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
     
    The report will be saved in the C:\AdwCleaner folder.
     
     
     
    Junkware-Removal-Tool
     
    Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
    • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    Please download Farbar Recovery Scan Tool and save it to your Desktop. 
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
     
    •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 
  •  
     
     
     
     
    Copy the text in the code box:
     
    DRIVES
    nnetsvcs
    %SYSTEMDRIVE%\*.exe
    %systemroot%\assembly\GAC_32\*.ini
    %systemroot%\assembly\GAC_64\*.ini
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    %ALLUSERSPROFILE%\Application Data\*.exe
    %APPDATA%\*.
    /md5start
    rsvpsp.dll
    pnrpnsp.dll 
    nwprovau.dll
    nlaapi.dll
    napinsp.dll
    mswsock.dll
    winrnr.dll
    wshelper.dll
    services.exe
    atapi.sys
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    csrss.exe
    PrintIsolationHost.exe
    consrv.dll
    user32.dll
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %ProgramFiles%\WINDOWS NT\*.* /s
    %systemroot%\system32\drivers\*.sys /lockedfiles
    CREATERESTOREPOINT
    
     
    Run OTL (Vista or Win 7 => right click and Run As Administrator)
     
    Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes
     
    Select the All option in the Extra Registry group then Run Scan.
     
    You should get two logs.  Please copy and paste both of them.
     

    • 0

    #8
    Grazion062

    Grazion062

      New Member

    • Topic Starter
    • Member
    • Pip
    • 8 posts

    This is what poped up when laptop rebooted form otl, when I copy and pasted the custom scan: 

    All processes killed
    ========== FILES ==========
    C:\Users\Bam Bam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\21CR030N\120924073439-f[1].zip moved successfully.
    C:\Users\Bam Bam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\40C02SUZ\120910232313-f[1].zip moved successfully.
    C:\Users\Bam Bam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\40C02SUZ\120920010654-f[1].zip moved successfully.
    C:\Users\Bam Bam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HBU9UF3F\120719014519-f[1].zip moved successfully.
    C:\Users\Junior\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\20XONWBD\130316070929-m[1].zip moved successfully.
    C:\Users\Junior\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6F2PFXIZ\130316070929-l[1].zip moved successfully.
    C:\Users\Junior\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WW7FOWVC\130316144857-f[1].zip moved successfully.
    C:\Users\Junior\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X2UVF7CP\130316153629-f[1].zip moved successfully.
    C:\Users\Junior\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X2UVF7CP\130316170902-f[1].zip moved successfully.
    C:\Users\Junior\Music\iTunes\iTunes Media\Downloads\ALMA.tmp\download.app moved successfully.
    C:\Users\Junior\Music\iTunes\iTunes Media\Downloads\Haiku Deck.tmp\download.app moved successfully.
    C:\Users\Junior\Music\iTunes\iTunes Media\Downloads\Kickoff Lite.tmp\download.app moved successfully.
    C:\Users\Junior\Music\iTunes\iTunes Media\Downloads\Real Racing 3.tmp\download.app moved successfully.
    C:\Windows\Installer\1008c.msi moved successfully.
    ========== COMMANDS ==========
     
    [EMPTYTEMP]
     
    User: All Users
     
    User: Bam Bam
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 704606793 bytes
    ->Java cache emptied: 792344 bytes
    ->FireFox cache emptied: 1134143250 bytes
    ->Flash cache emptied: 72609 bytes
     
    User: Bam Bam.Owner-HP
    ->Temp folder emptied: 207112999 bytes
    ->Temporary Internet Files folder emptied: 223303127 bytes
    ->Java cache emptied: 235294 bytes
    ->FireFox cache emptied: 283727957 bytes
    ->Google Chrome cache emptied: 120790410 bytes
    ->Flash cache emptied: 152478 bytes
     
    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 56478 bytes
     
    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes
     
    User: EVRYONE FAMLIY
    ->Temp folder emptied: 309746976 bytes
    ->Temporary Internet Files folder emptied: 253050674 bytes
    ->Java cache emptied: 1 bytes
    ->FireFox cache emptied: 65305904 bytes
    ->Google Chrome cache emptied: 317420070 bytes
    ->Flash cache emptied: 4105 bytes
     
    User: iRibelino
    ->Temp folder emptied: 224183011 bytes
    ->Temporary Internet Files folder emptied: 69976205 bytes
    ->Java cache emptied: 1 bytes
    ->Google Chrome cache emptied: 125839286 bytes
    ->Flash cache emptied: 57295 bytes
     
    User: Junior
    ->Temp folder emptied: 4815150 bytes
    ->Temporary Internet Files folder emptied: 315252865 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 1055375746 bytes
    ->Google Chrome cache emptied: 391200866 bytes
    ->Flash cache emptied: 57424 bytes
     
    User: Owner
    ->Temp folder emptied: 8017602 bytes
    ->Temporary Internet Files folder emptied: 3408069678 bytes
    ->Java cache emptied: 5236 bytes
    ->FireFox cache emptied: 75247394 bytes
    ->Flash cache emptied: 470 bytes
     
    User: Public
     
    User: Young Nino
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 104370483 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 5917175 bytes
    ->Flash cache emptied: 69839 bytes
     
    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 226600 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 2643248 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 112499 bytes
    RecycleBin emptied: 0 bytes
     
    Total Files Cleaned = 8,976.00 mb
     
     
    [EMPTYFLASH]
     
    User: All Users
     
    User: Bam Bam
    ->Flash cache emptied: 0 bytes
     
    User: Bam Bam.Owner-HP
    ->Flash cache emptied: 0 bytes
     
    User: Default
    ->Flash cache emptied: 0 bytes
     
    User: Default User
    ->Flash cache emptied: 0 bytes
     
    User: EVRYONE FAMLIY
    ->Flash cache emptied: 0 bytes
     
    User: iRibelino
    ->Flash cache emptied: 0 bytes
     
    User: Junior
    ->Flash cache emptied: 0 bytes
     
    User: Owner
    ->Flash cache emptied: 0 bytes
     
    User: Public
     
    User: Young Nino
    ->Flash cache emptied: 0 bytes
     
    Total Flash Files Cleaned = 0.00 mb
     
     
    [EMPTYJAVA]
     
    User: All Users
     
    User: Bam Bam
    ->Java cache emptied: 0 bytes
     
    User: Bam Bam.Owner-HP
    ->Java cache emptied: 0 bytes
     
    User: Default
     
    User: Default User
     
    User: EVRYONE FAMLIY
    ->Java cache emptied: 0 bytes
     
    User: iRibelino
    ->Java cache emptied: 0 bytes
     
    User: Junior
    ->Java cache emptied: 0 bytes
     
    User: Owner
    ->Java cache emptied: 0 bytes
     
    User: Public
     
    User: Young Nino
    ->Java cache emptied: 0 bytes
     
    Total Java Files Cleaned = 0.00 mb
     
     
    OTL by OldTimer - Version 3.2.69.0 log created on 01102015_092310
     
    Files\Folders moved on Reboot...
    File\Folder C:\Users\EVRYONE FAMLIY\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\U2CRDSJZ\lF7vT5zO2-LBw27a4TYSQD5bRx1vFVOzra0zaIW2-xD4dlCc3O1o1wKc-9w9uhEnB5WVRDJZmxhCW2zkSdf5z_Vl8lUXAmmpnlloXWOJmi79wjh1kn1pj0Por65vCw8SNC0XkpVdS5HNleErFhHsf3QOCE40SZ3qSGhA[1].gif not found!
    File\Folder C:\Users\EVRYONE FAMLIY\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SXTJSJ0A\YSQD5bRx1vFVOzra0zaIW2-xD4dlCc3O1o1wKc-9w9uhEnB5WVRDJZmxhCW2zkSdf5z_Vl8lUXAmmpnlloXWOJmi79wjh1kn1pj0Por65vCw8SNC0XkpVdS5HNleErFhHsf3QOCE40SZ3qSGhA&callback=google.LU[1].js not found!
    File\Folder C:\Users\EVRYONE FAMLIY\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\7UEHI3J8\ldmanager.com%2Fst%3Fad_type%3Diframe%26ad_size%3D300x250%26section%3D3704619%26pub_url%3Dwww.letmewatch.com;url=http%3A%2F%2Fads.ad4game.com%2Fwww%2Fdelivery%2Fafr[1].gif not found!
    C:\Users\iRibelino\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\iRibelino\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
    File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
     
    PendingFileRenameOperations files...
     
    Registry entries deleted on Reboot...

    • 0

    #9
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,028 posts
    • MVP

    Looks like it worked.  Unless I missed one when you run a boot-time scan again it should come up clean.


    • 0

    #10
    Grazion062

    Grazion062

      New Member

    • Topic Starter
    • Member
    • Pip
    • 8 posts

    Alright I just got done using the ADWCleaner and here is the log:

     
    # AdwCleaner v4.107 - Report created 10/01/2015 at 19:01:08
    # Updated 07/01/2015 by Xplode
    # Database : 2015-01-03.1 [Live]
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : iRibelino - OWNER-HP
    # Running from : C:\Users\iRibelino\Desktop\AdwCleaner.exe
    # Option : Clean
     
    ***** [ Services ] *****
     
    Service Deleted : YahooAUService
     
    ***** [ Files / Folders ] *****
     
    Folder Deleted : C:\ProgramData\Ask
    Folder Deleted : C:\ProgramData\AVG Secure Search
    Folder Deleted : C:\ProgramData\Babylon
    Folder Deleted : C:\ProgramData\NCH Software
    Folder Deleted : C:\ProgramData\Tarma Installer
    Folder Deleted : C:\ProgramData\WeCareReminder
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
    Folder Deleted : C:\Program Files (x86)\AVG Secure Search
    Folder Deleted : C:\Program Files (x86)\Conduit
    Folder Deleted : C:\Program Files (x86)\Groovorio
    Folder Deleted : C:\Program Files (x86)\InfoAtoms
    Folder Deleted : C:\Program Files (x86)\PepperZip
    Folder Deleted : C:\Program Files (x86)\Surf Canyon
    Folder Deleted : C:\Windows\SysWOW64\hotspot shield
    Folder Deleted : C:\Users\Bam Bam\AppData\Local\iMesh
    Folder Deleted : C:\Users\Bam Bam\AppData\LocalLow\BabylonToolbar
    Folder Deleted : C:\Users\Bam Bam\AppData\LocalLow\DataMngr
    Folder Deleted : C:\Users\Bam Bam\AppData\LocalLow\FCSB000063941
    Folder Deleted : C:\Users\Bam Bam\AppData\LocalLow\imeshbandmltbpi
    Folder Deleted : C:\Users\Bam Bam\AppData\LocalLow\mediabarim
    Folder Deleted : C:\Users\Bam Bam\AppData\LocalLow\Toolbar4
    Folder Deleted : C:\Users\Bam Bam\AppData\LocalLow\Yahoo! Companion
    Folder Deleted : C:\Users\Bam Bam\Documents\iMesh
    Folder Deleted : C:\Users\Bam Bam.Owner-HP\AppData\Local\torch
    Folder Deleted : C:\Users\Bam Bam.Owner-HP\AppData\LocalLow\BabylonToolbar
    Folder Deleted : C:\Users\Bam Bam.Owner-HP\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Bam Bam.Owner-HP\AppData\LocalLow\DataMngr
    Folder Deleted : C:\Users\Bam Bam.Owner-HP\AppData\LocalLow\Delta
    Folder Deleted : C:\Users\Bam Bam.Owner-HP\AppData\LocalLow\imeshbandmltbpi
    Folder Deleted : C:\Users\Bam Bam.Owner-HP\AppData\LocalLow\PriceGong
    Folder Deleted : C:\Users\Bam Bam.Owner-HP\AppData\LocalLow\uTorrentControl2
    Folder Deleted : C:\Users\Bam Bam.Owner-HP\AppData\LocalLow\Yahoo! Companion
    Folder Deleted : C:\Users\Bam Bam.Owner-HP\AppData\Roaming\NCH Software
    Folder Deleted : C:\Users\Bam Bam.Owner-HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PepperZip
    Folder Deleted : C:\Users\EVRYONE FAMLIY\AppData\Local\iMesh
    Folder Deleted : C:\Users\EVRYONE FAMLIY\AppData\LocalLow\AskToolbar
    Folder Deleted : C:\Users\EVRYONE FAMLIY\AppData\LocalLow\AVG Secure Search
    Folder Deleted : C:\Users\EVRYONE FAMLIY\AppData\LocalLow\Toolbar4
    Folder Deleted : C:\Users\EVRYONE FAMLIY\Documents\iMesh
    Folder Deleted : C:\Users\iRibelino\AppData\Local\PackageAware
    Folder Deleted : C:\Users\iRibelino\AppData\LocalLow\AskToolbar
    Folder Deleted : C:\Users\iRibelino\AppData\LocalLow\AVG Secure Search
    Folder Deleted : C:\Users\iRibelino\AppData\LocalLow\DataMngr
    Folder Deleted : C:\Users\iRibelino\AppData\LocalLow\imeshbandmltbpi
    Folder Deleted : C:\Users\iRibelino\AppData\LocalLow\mediabarim
    Folder Deleted : C:\Users\Junior\AppData\Local\Conduit
    Folder Deleted : C:\Users\Junior\AppData\Local\iMesh
    Folder Deleted : C:\Users\Junior\AppData\Local\SavingsApp
    Folder Deleted : C:\Users\Junior\AppData\LocalLow\AskToolbar
    Folder Deleted : C:\Users\Junior\AppData\LocalLow\AVG Secure Search
    Folder Deleted : C:\Users\Junior\AppData\LocalLow\BabylonToolbar
    Folder Deleted : C:\Users\Junior\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Junior\AppData\LocalLow\DataMngr
    Folder Deleted : C:\Users\Junior\AppData\LocalLow\FCSB000063941
    Folder Deleted : C:\Users\Junior\AppData\LocalLow\imeshbandmltbpi
    Folder Deleted : C:\Users\Junior\AppData\LocalLow\mediabarim
    Folder Deleted : C:\Users\Junior\AppData\LocalLow\PriceGong
    Folder Deleted : C:\Users\Junior\AppData\LocalLow\Toolbar4
    Folder Deleted : C:\Users\Junior\AppData\LocalLow\uTorrentControl2
    Folder Deleted : C:\Users\Junior\AppData\LocalLow\Yahoo! Companion
    Folder Deleted : C:\Users\Junior\AppData\Roaming\BabSolution
    Folder Deleted : C:\Users\Junior\AppData\Roaming\Babylon
    Folder Deleted : C:\Users\Junior\AppData\Roaming\BabylonToolbar
    Folder Deleted : C:\Users\Junior\AppData\Roaming\Claro LTD
    Folder Deleted : C:\Users\Junior\AppData\Roaming\Claro
    Folder Deleted : C:\Users\Junior\AppData\Roaming\DealPly
    Folder Deleted : C:\Users\Junior\AppData\Roaming\Delta
    Folder Deleted : C:\Users\Junior\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
    Folder Deleted : C:\Users\Owner\AppData\Local\Babylon
    Folder Deleted : C:\Users\Owner\AppData\Local\iMesh
    Folder Deleted : C:\Users\Owner\AppData\Local\PackageAware
    Folder Deleted : C:\Users\Owner\AppData\LocalLow\BabylonToolbar
    Folder Deleted : C:\Users\Owner\AppData\LocalLow\DataMngr
    Folder Deleted : C:\Users\Owner\AppData\LocalLow\FCSB000063941
    Folder Deleted : C:\Users\Owner\AppData\LocalLow\imeshbandmltbpi
    Folder Deleted : C:\Users\Owner\AppData\LocalLow\mediabarim
    Folder Deleted : C:\Users\Owner\AppData\LocalLow\Toolbar4
    Folder Deleted : C:\Users\Owner\AppData\LocalLow\Yahoo! Companion
    Folder Deleted : C:\Users\Owner\AppData\Roaming\Babylon
    Folder Deleted : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 20
    Folder Deleted : C:\Users\Owner\Documents\iMesh
    Folder Deleted : C:\Users\Owner\Documents\ShopToWin
    Folder Deleted : C:\Users\Young Nino\AppData\LocalLow\AskToolbar
    Folder Deleted : C:\Users\Young Nino\AppData\LocalLow\BabylonToolbar
    Folder Deleted : C:\Users\Young Nino\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Young Nino\AppData\LocalLow\DataMngr
    Folder Deleted : C:\Users\Young Nino\AppData\LocalLow\imeshbandmltbpi
    Folder Deleted : C:\Users\Young Nino\AppData\LocalLow\mediabarim
    Folder Deleted : C:\Users\Young Nino\AppData\LocalLow\PriceGong
    Folder Deleted : C:\Users\Young Nino\AppData\LocalLow\Toolbar4
    Folder Deleted : C:\Users\Young Nino\AppData\LocalLow\uTorrentControl2
    Folder Deleted : C:\Users\Young Nino\AppData\LocalLow\Yahoo! Companion
    Folder Deleted : C:\Users\Junior\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
    Folder Deleted : C:\Users\Bam Bam.Owner-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm
    Folder Deleted : C:\Users\EVRYONE FAMLIY\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm
    Folder Deleted : C:\Users\Junior\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcillohgikpecbmgioknapdpcjofaafl
    Folder Deleted : C:\Users\Junior\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
    Folder Deleted : C:\Users\Junior\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmfnfnpmhcllokmkepffndflpnadjmma
    Folder Deleted : C:\Users\Junior\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk
    Folder Deleted : C:\Users\Junior\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm
    Folder Deleted : C:\Users\Junior\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
    Folder Deleted : C:\Users\Bam Bam.Owner-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
    Folder Deleted : C:\Users\EVRYONE FAMLIY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
    Folder Deleted : C:\Users\iRibelino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
    Folder Deleted : C:\Users\Junior\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
    Folder Deleted : C:\Users\Junior\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
    File Deleted : C:\Users\Bam Bam.Owner-HP\Desktop\PepperZip.lnk
    File Deleted : C:\Users\EVRYONE FAMLIY\Desktop\PepperZip.lnk
    File Deleted : C:\Users\iRibelino\Desktop\PepperZip.lnk
    File Deleted : C:\Users\Junior\AppData\Roaming\BabMaint.exe
    File Deleted : C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PC Optimizer Pro.lnk
    File Deleted : C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\iMesh.lnk
    File Deleted : C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\iMesh.lnk
    File Deleted : C:\Users\Owner\Desktop\Free Dolphin Screensaver.lnk
    File Deleted : C:\Users\Young Nino\Desktop\PepperZip.lnk
    File Deleted : C:\Users\Junior\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage
    File Deleted : C:\Users\Junior\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
    File Deleted : C:\Users\Junior\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
    File Deleted : C:\Users\Junior\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage
    File Deleted : C:\Users\Junior\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage-journal
    File Deleted : C:\Users\Junior\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage
    File Deleted : C:\Users\Junior\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage-journal
    File Deleted : C:\Users\Junior\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage
    File Deleted : C:\Users\Junior\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage-journal
    File Deleted : C:\Users\Junior\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage
    File Deleted : C:\Users\Junior\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal
    File Deleted : C:\Users\Junior\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta-search.com_0.localstorage
    File Deleted : C:\Users\Junior\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta-search.com_0.localstorage-journal
    File Deleted : C:\Users\Junior\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
    File Deleted : C:\Users\Junior\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
    File Deleted : C:\Users\Junior\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
    File Deleted : C:\Users\Junior\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
    File Deleted : C:\Users\Junior\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_toolbar.utorrent.com_0.localstorage-journal
    File Deleted : C:\Users\Junior\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_toolbar.utorrent.com_0.localstorage
    File Deleted : C:\Users\Junior\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.ak.facebook.com_0.localstorage
    File Deleted : C:\Users\Junior\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.ak.facebook.com_0.localstorage-journal
     
    ***** [ Scheduled Tasks ] *****
     
    Task Deleted : Dealply
     
    ***** [ Shortcuts ] *****
     
    Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Enthusiast Games.lnk
     
    ***** [ Registry ] *****
     
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm
    Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ShoppingBHO.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\surfcanyon.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
    Key Deleted : HKLM\SOFTWARE\Classes\b
    Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd
    Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
    Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
    Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
    Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
    Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
    Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
    Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
    Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\surfcanyon.BhoSite
    Key Deleted : HKLM\SOFTWARE\Classes\surfcanyon.BhoSite.1
    Key Deleted : HKLM\SOFTWARE\Classes\surfcanyon.ShowSettings
    Key Deleted : HKLM\SOFTWARE\Classes\surfcanyon.ShowSettings.1
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
    Key Deleted : HKLM\SOFTWARE\Classes\FCSB000063941.JSOptionsImpl
    Key Deleted : HKLM\SOFTWARE\Classes\FCSB000063941.JSOptionsImpl.1
    Key Deleted : HKLM\SOFTWARE\Classes\FCSB000063941.Shopping
    Key Deleted : HKLM\SOFTWARE\Classes\FCSB000063941.Shopping.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3201318
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A3514F71-E63F-440B-8076-14226E21B2BF}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EB583FE1-9458-4EDA-AC68-24D24F17C70F}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{FCF8BFD3-39B8-4370-B464-EC2AAACD97CF}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AAFFE112-08AB-4B91-8428-C008A22864FB}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B1BCB34F-5DC6-43B4-94B5-DFF4F02E2AF7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{41D42E90-86D2-4521-9847-625D114F7D30}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{622382CB-942C-4580-A2B3-7B06A58D8538}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{68AD96A1-2A28-4841-ABD0-F5AA45F008C9}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BA3105E9-5DE6-4A1E-A819-6F5046AB67F5}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4E09482-2C6A-44B2-8D40-ABC01B36BB9D}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578B9-7132-4A7A-80E4-30EE31099E03}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F9E44926-2497-46F3-8A25-928136AC079E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{687578B9-7132-4A7A-80E4-30EE31099E03}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{41D42E90-86D2-4521-9847-625D114F7D30}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{622382CB-942C-4580-A2B3-7B06A58D8538}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{68AD96A1-2A28-4841-ABD0-F5AA45F008C9}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
    Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EC29EDF6-AD3C-4E1C-A087-D6CB81400C43}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    Key Deleted : HKCU\Software\anchorfree
    Key Deleted : HKCU\Software\AVG Secure Search
    Key Deleted : HKCU\Software\DataMngr
    Key Deleted : HKCU\Software\DataMngr_Toolbar
    Key Deleted : HKCU\Software\PepperZip
    Key Deleted : HKCU\Software\AppDataLow\Software\mediabarim
    Key Deleted : HKCU\Software\AppDataLow\Software\PricePeep
    Key Deleted : HKCU\Software\AppDataLow\Software\SavingsApp
    Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
    Key Deleted : HKLM\SOFTWARE\Babylon
    Key Deleted : HKLM\SOFTWARE\BabylonToolbar
    Key Deleted : HKLM\SOFTWARE\Conduit
    Key Deleted : HKLM\SOFTWARE\Freeze.com
    Key Deleted : HKLM\SOFTWARE\InfoAtoms
    Key Deleted : HKLM\SOFTWARE\InstallCore
    Key Deleted : HKLM\SOFTWARE\PIP
    Key Deleted : HKLM\SOFTWARE\torch
    Key Deleted : HKLM\SOFTWARE\{F2E9660B-98AF-42c0-8258-9CDDF07BF95D}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Groovorio
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InfoAtoms
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PepperZip
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Surf Canyon
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.0
    Key Deleted : [x64] HKLM\SOFTWARE\Speedchecker Limited
    Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\6207E55EA2FE71A4AA7ABD89AEF31D1B
    Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B
     
    ***** [ Browsers ] *****
     
    -\\ Internet Explorer v11.0.9600.17496
     
    Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
     
    -\\ Google Chrome v39.0.2171.95
     
    [C:\Users\Bam Bam.Owner-HP\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=92D1D1CD-2024-45B3-9672-EB65425D5F4F&apn_ptnrs=TV&apn_sauid=8C7D5378-718C-4A1A-BE29-ECA85BBDDA48&apn_dtid=OSJ000YYUS&q={searchTerms}
    [C:\Users\Bam Bam.Owner-HP\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=92D1D1CD-2024-45B3-9672-EB65425D5F4F&apn_ptnrs=TV&apn_sauid=8C7D5378-718C-4A1A-BE29-ECA85BBDDA48&apn_dtid=OSJ000YYUS&q={searchTerms}
    [C:\Users\Bam Bam.Owner-HP\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Bam Bam.Owner-HP\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\Bam Bam.Owner-HP\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.wonderfulsearches.info/?l=1&q={searchTerms}&pid=3522&r=2014/08/10&hid=17187589929114636898&lg=EN&cc=US&unqvl=60
    [C:\Users\Bam Bam.Owner-HP\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_keyd4_14_24&cd=2XzuyEtN2Y1L1Qzu0A0CzztCtCtByDyCzy0DtCyBzzyCzy0CtN0D0Tzu0SzyzztBtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V1J1P2U1QyE1VtCyE1VtByEtN1L1G1B1V1N2Y1L1Qzu2StAzy0C0B0B0AyD0EtG0EzztD0DtGzz0E0AtDtGyByEtDyCtGtC0BtC0ByByDtDyE0FzztDyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByBzy0FzytAtB0DtG0Ezy0C0DtGyEtA0A0AtGzz0BzzyEtGyEyEtD0B0CyCyCtAtAtBtAyB2Q&cr=907099533&ir=
    [C:\Users\EVRYONE FAMLIY\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\EVRYONE FAMLIY\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\iRibelino\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={9C8AD9F0-7F90-4EAC-8F50-376727987FF7}&mid=7f4a70f8fcbc47d0ae91fd6e91267563-ce39fa992da76797e17dfc0b699807681ebee1b1&lang=en&ds=st011&pr=sa&d=2012-07-10 10:46:36&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
    [C:\Users\iRibelino\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\iRibelino\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\Junior\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.delta-search.com/?q={searchTerms}&affID=119585&babsrc=SP_ss&mntrId=9ACF00FF8336CA37
    [C:\Users\Junior\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Homepage] : hxxp://www.delta-search.com/?affID=119585&babsrc=HP_ss&mntrId=9ACF00FF8336CA37
     
    *************************
     
    AdwCleaner[R0].txt - [29635 octets] - [10/01/2015 18:55:05]
    AdwCleaner[S0].txt - [29263 octets] - [10/01/2015 19:01:08]
     
    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [29324 octets] ##########
     
    What do I do next, too make sure I don't have anything left

    • 0

    #11
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,028 posts
    • MVP

    Just keep working down the list.  Junkware-Removal-Tool comes next then FRST.


    • 0

    #12
    Grazion062

    Grazion062

      New Member

    • Topic Starter
    • Member
    • Pip
    • 8 posts

    This is my Junkware removal tool log, what does this mean.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.1 (12.28.2014:1)
    OS: Windows 7 Home Premium x64
    Ran by iRibelino on Sat 01/10/2015 at 21:38:22.76
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
     
     
    ~~~ Services
     
     
     
    ~~~ Registry Values
     
     
     
    ~~~ Registry Keys
     
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011461139}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
    Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504}
    Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504}
    Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504}
    Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504}
     
     
     
    ~~~ Files
     
    Successfully deleted: [File] C:\Windows\Tasks\PC Optimizer Pro64 startups.job
    Successfully deleted: [File] "C:\Windows\couponprinter.ocx"
     
     
     
    ~~~ Folders
     
    Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
    Successfully deleted: [Empty Folder] C:\Users\iRibelino\appdata\local\{39F3C31D-4AD9-4A59-9A5A-7C22B5A1C76E}
     
     
     
    ~~~ Chrome
     
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\bbohlimhkgnnphbdkghkbcjojoafohoa
     
     
     
    ~~~ Event Viewer Logs were cleared
     
     
     
     
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sat 01/10/2015 at 21:51:43.07
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    • 0

    #13
    Grazion062

    Grazion062

      New Member

    • Topic Starter
    • Member
    • Pip
    • 8 posts

    These are the FRST logs: 

    This is the FRST log-

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-01-2015
    Ran by iRibelino (administrator) on OWNER-HP on 10-01-2015 22:13:39
    Running from C:\Users\iRibelino\Desktop
    Loaded Profile: iRibelino (Available profiles: EVRYONE FAMLIY & Young Nino & Bam Bam & iRibelino)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (Webroot) C:\Program Files\Webroot\WRSA.exe
    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Advanced Micro Devices) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
    (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
    (Nero AG) C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
    (Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
    () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
    (Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    (Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
    (Webroot) C:\Program Files\Webroot\WRSA.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    (Curse, Inc) C:\Users\iRibelino\AppData\Roaming\Curse Client\Bin\Curse.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
    HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company)
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-08-02] (IDT, Inc.)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2010-12-10] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [773256 2015-01-09] (Webroot)
    HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [Denzi] => C:\Program Files (x86)\Denzi\Denzi.exe
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1980416 2013-12-18] (Wondershare)
    HKLM-x32\...\Run: [Wondershare Helper Compact] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1980416 2013-12-18] (Wondershare)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-09] (AVAST Software)
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
    HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
    HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
    HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
    HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
    HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
    HKLM\...\Policies\Explorer: [NoFind] 0
    HKLM\...\Policies\Explorer: [NoFile] 0
    HKLM\...\Policies\Explorer: [HideClock] 0
    HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
    HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
    HKLM\...\Policies\Explorer: [NoSetFolders] 0
    HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
    HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
    HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
    HKLM\...\Policies\Explorer: [NoDFSTab] 0
    HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKLM\...\Policies\Explorer: [NoLogoff] 0
    HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
    HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
    HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
    HKLM\...\Policies\Explorer: [NoResolveSearch] 0
    HKLM\...\Policies\Explorer: [NoSaveSettings] 0
    HKLM\...\Policies\Explorer: [NoHardwareTab] 0
    HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
    HKLM\...\Policies\Explorer: [NoDesktop] 0
    HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
    HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
    HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
    HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
    HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
    HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
    HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
    HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
    HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
    HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
    HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
    HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
    HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
    HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
    HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
    HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
    HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
    HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
    HKU\S-1-5-21-633064636-575154894-4071965462-1007\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
    HKU\S-1-5-21-633064636-575154894-4071965462-1007\...\Policies\system: [DisableCMD] 0
    HKU\S-1-5-21-633064636-575154894-4071965462-1007\...\Policies\system: [NoDispAppearancePage] 0
    HKU\S-1-5-21-633064636-575154894-4071965462-1007\...\Policies\system: [NoDispBackgroundPage] 0
    HKU\S-1-5-21-633064636-575154894-4071965462-1007\...\Policies\system: [NoDispSettingsPage] 0
    HKU\S-1-5-21-633064636-575154894-4071965462-1007\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
    HKU\S-1-5-21-633064636-575154894-4071965462-1007\...\Policies\Explorer: [NoViewOnDrive] 0
    HKU\S-1-5-21-633064636-575154894-4071965462-1007\...\Policies\Explorer: [DisableLocalMachineRun] 0
    HKU\S-1-5-21-633064636-575154894-4071965462-1007\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
    HKU\S-1-5-21-633064636-575154894-4071965462-1007\...\Policies\Explorer: [DisableCurrentUserRun] 0
    HKU\S-1-5-21-633064636-575154894-4071965462-1007\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
    HKU\S-1-5-21-633064636-575154894-4071965462-1007\...\Policies\Explorer: [NoViewContextMenu] 0
    HKU\S-1-5-21-633064636-575154894-4071965462-1007\...\Policies\Explorer: [NoFile] 0
    HKU\S-1-5-21-633064636-575154894-4071965462-1007\...\Policies\Explorer: [HideClock] 0
    HKU\S-1-5-21-633064636-575154894-4071965462-1007\...\Policies\Explorer: [NoTrayContextMenu] 0
    HKU\S-1-5-21-633064636-575154894-4071965462-1007\...\Policies\Explorer: [NoSetFolders] 0
    HKU\S-1-5-21-633064636-575154894-4071965462-1007\...\Policies\Explorer: [NoDevMgrUpdate] 0
    HKU\S-1-5-21-633064636-575154894-4071965462-1007\...\Policies\Explorer: [NoSetTaskbar] 0
    HKU\S-1-5-21-633064636-575154894-4071965462-1007\...\Policies\Explorer: [NoDeletePrinter] 0
    HKU\S-1-5-21-633064636-575154894-4071965462-1007\...\Policies\Explorer: [NoDFSTab] 0
    HKU\S-1-5-21-633064636-575154894-4071965462-1007\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKU\S-1-5-21-633064636-575154894-4071965462-1007\...\Policies\Explorer: [NoLogoff] 0
    HKU\S-1-5-21-633064636-575154894-4071965462-1007\...\Policies\Explorer: [NoWindowsUpdate] 0
    HKU\S-1-5-21-633064636-575154894-4071965462-1007\...\Policies\Explorer: [NoEncryptOnMove] 0
    HKU\S-1-5-21-633064636-575154894-4071965462-1007\...\Policies\Explorer: [NoRunasInstallPrompt] 0
    HKU\S-1-5-21-633064636-575154894-4071965462-1007\...\Policies\Explorer: [NoResolveSearch] 0
    HKU\S-1-5-21-633064636-575154894-4071965462-1007\...\Policies\Explorer: [NoSaveSettings] 0
    HKU\S-1-5-21-633064636-575154894-4071965462-1007\...\Policies\Explorer: [NoHardwareTab] 0
    HKU\S-1-5-21-633064636-575154894-4071965462-1007\...\Policies\Explorer: [NoStartMenuSubFolders] 0
    HKU\S-1-5-21-633064636-575154894-4071965462-1007\...\MountPoints2: G - G:\HTC_Sync_Manager_PC.exe
    HKU\S-1-5-21-633064636-575154894-4071965462-1007\...\MountPoints2: {1a6a4fc5-5bc1-11e4-97be-00acda012624} - G:\HTC_Sync_Manager_PC.exe
    HKU\S-1-5-21-633064636-575154894-4071965462-1007\...\MountPoints2: {42d58488-5af8-11e4-866d-00acda012624} - G:\HTC_Sync_Manager_PC.exe
    HKU\S-1-5-21-633064636-575154894-4071965462-1007\...\MountPoints2: {5cbd42ba-ac93-11e3-9eae-2c27d7c29c90} - G:\Setup.exe
    HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
    HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
    HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
    HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
    HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
    HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
    HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
    HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
    HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
    SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk
    ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk
    ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk
    ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
    Startup: C:\Users\EVRYONE FAMLIY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 5510 series (Network).lnk
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
    ShellIconOverlayIdentifiers: [00Zecter] -> {D25B32FE-CB96-491A-98FF-AD59DA382D69} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
    ShellIconOverlayIdentifiers: [01Zecter] -> {EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
    ShellIconOverlayIdentifiers: [02Zecter] -> {B3C78E40-6B64-47C3-AE34-60B770881EB8} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
    ShellIconOverlayIdentifiers: [03Zecter] -> {622AFE52-33F6-4D9F-9966-E0BC52D7D69D} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
    ShellIconOverlayIdentifiers: [04Zecter] -> {855156F0-2A0F-11DE-8C30-0800200C9A66} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
    ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    HKU\S-1-5-21-633064636-575154894-4071965462-1007\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
    HKU\S-1-5-21-633064636-575154894-4071965462-1007\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...97&ocid=UP97DHP
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe
    SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
    SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = http://search.live.c...ferrer:source?}
    SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
    SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
    SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/...rc=IE-SearchBox
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-633064636-575154894-4071965462-1007 -> {42AAC3D6-8897-4221-9748-BC4186C0A08B} URL = http://search.yahoo....p={searchTerms}
    SearchScopes: HKU\S-1-5-21-633064636-575154894-4071965462-1007 -> {51261617-64CF-40ED-9D94-C384D1955A5F} URL = http://search.yahoo....p={searchTerms}
    SearchScopes: HKU\S-1-5-21-633064636-575154894-4071965462-1007 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: No Name -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} ->  No File
    BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll (Webroot)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll (Webroot)
    Toolbar: HKLM - No Name - {97ab88ef-346b-4179-a0b1-7445896547a5} -  No File
    Toolbar: HKLM-x32 - No Name - {97ab88ef-346b-4179-a0b1-7445896547a5} -  No File
    Toolbar: HKU\S-1-5-21-633064636-575154894-4071965462-1007 -> No Name - {3BBD3C14-4C16-4989-8366-95BC9179779D} -  No File
    Toolbar: HKU\S-1-5-21-633064636-575154894-4071965462-1007 -> No Name - {1ACC87D6-CB2B-4CAF-9280-6549842407C9} -  No File
    Toolbar: HKU\S-1-5-21-633064636-575154894-4071965462-1007 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
     
    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-633064636-575154894-4071965462-1007: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\iRibelino\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
    FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-02-26]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
    FF Extension: Webroot Filtering Extension - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2013-12-12]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-09]
    FF StartMenuInternet: FIREFOX.EXE - firefox.exe
     
    Chrome: 
    =======
    CHR HomePage: Default -> hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP
    CHR StartupUrls: Default -> "hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP", "hxxp://google.com/", "https://www.google.c...trackid=sp-006"
    CHR Profile: C:\Users\iRibelino\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\iRibelino\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-11]
    CHR Extension: (Google Drive) - C:\Users\iRibelino\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-11]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\iRibelino\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
    CHR Extension: (YouTube) - C:\Users\iRibelino\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-11]
    CHR Extension: (Google Search) - C:\Users\iRibelino\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-11]
    CHR Extension: (FoxyProxy Standard) - C:\Users\iRibelino\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcknhkkoolaabfmlnjonogaaifnjlfnp [2014-07-14]
    CHR Extension: (Avast Online Security) - C:\Users\iRibelino\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-09]
    CHR Extension: (Google Wallet) - C:\Users\iRibelino\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
    CHR Extension: (Webroot Password Manager) - C:\Users\iRibelino\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab [2013-05-11]
    CHR Extension: (Gmail) - C:\Users\iRibelino\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-11]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-09]
    CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - C:\ProgramData\WRData\PKG\CHROME\CHROME_1.0.0.26.crx [2014-01-30]
    CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2013-11-08]
     
    ==================== Services (Whitelisted) =================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [354304 2010-12-10] (Advanced Micro Devices, Inc.) [File not signed]
    R2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-09] (AVAST Software)
    S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-07] (BlueStack Systems, Inc.)
    R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-07] (BlueStack Systems, Inc.)
    R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-07] (BlueStack Systems, Inc.)
    S2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L)
    S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [174112 2014-11-05] (EasyAntiCheat Ltd)
    R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
    R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2013-03-05] (Realsil Microelectronics Inc.) [File not signed]
    R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [120728 2012-10-02] ()
    R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
    R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186048 2014-12-09] ()
    R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [105448 2014-12-06] (Razer Inc.)
    R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [773256 2015-01-09] (Webroot)
    S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
    S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [X]
     
    ==================== Drivers (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-09] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-01-09] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-09] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-09] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-09] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-09] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-09] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-09] ()
    R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-07] (BlueStack Systems)
    S3 H5xUSB; C:\Windows\System32\Drivers\uth5x64.sys [101632 2012-08-02] (UT) [File not signed]
    S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
    R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0048.sys [28768 2014-05-12] (SoftEther VPN Project at University of Tsukuba, Japan.)
    R0 PCTCore; C:\Windows\System32\drivers\PCTCore64.sys [218056 2009-11-09] (PC Tools)
    R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-12-09] (Razer, Inc.)
    S3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
    S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-06] (Anchorfree Inc.)
    R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [115680 2015-01-09] (Webroot)
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
    U0 SR; No ImagePath
    U2 srservice; No ImagePath
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
     
    ==================== One Month Created Files and Folders ========
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2015-01-10 22:13 - 2015-01-10 22:14 - 00032040 _____ () C:\Users\iRibelino\Desktop\FRST.txt
    2015-01-10 22:13 - 2015-01-10 22:13 - 00000000 ____D () C:\FRST
    2015-01-10 22:12 - 2015-01-10 22:12 - 02124288 _____ (Farbar) C:\Users\iRibelino\Downloads\FRST64.exe
    2015-01-10 22:12 - 2015-01-10 22:12 - 02124288 _____ (Farbar) C:\Users\iRibelino\Desktop\FRST64.exe
    2015-01-10 22:09 - 2015-01-10 22:10 - 01115648 _____ (Farbar) C:\Users\iRibelino\Downloads\FRST.exe
    2015-01-10 21:51 - 2015-01-10 21:51 - 00001995 _____ () C:\Users\iRibelino\Desktop\JRT.txt
    2015-01-10 21:38 - 2015-01-10 21:38 - 00000000 ____D () C:\Windows\ERUNT
    2015-01-10 21:31 - 2015-01-10 21:32 - 01707939 _____ (Thisisu) C:\Users\iRibelino\Desktop\JRT.exe
    2015-01-10 20:43 - 2015-01-10 20:43 - 00165814 _____ () C:\Users\iRibelino\Desktop\Extras.Txt
    2015-01-10 20:41 - 2015-01-10 20:41 - 00228360 _____ () C:\Users\iRibelino\Desktop\OTL.Txt
    2015-01-10 19:21 - 2015-01-10 19:21 - 00003282 _____ () C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-633064636-575154894-4071965462-1007
    2015-01-10 18:53 - 2015-01-10 19:06 - 00000000 ____D () C:\AdwCleaner
    2015-01-10 18:52 - 2015-01-10 18:52 - 02191360 _____ () C:\Users\iRibelino\Desktop\AdwCleaner.exe
    2015-01-10 10:31 - 2012-07-05 21:06 - 00772544 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
    2015-01-10 10:31 - 2012-07-05 21:06 - 00687544 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
    2015-01-10 09:23 - 2015-01-10 09:23 - 00000000 ____D () C:\_OTL
    2015-01-09 21:48 - 2015-01-09 21:48 - 00000000 ____D () C:\Users\iRibelino\AppData\Roaming\AVAST Software
    2015-01-09 21:47 - 2015-01-09 21:47 - 00001964 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
    2015-01-09 21:47 - 2015-01-09 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
    2015-01-09 21:46 - 2015-01-10 04:06 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
    2015-01-09 21:45 - 2015-01-09 21:47 - 00087912 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
    2015-01-09 21:45 - 2015-01-09 21:43 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
    2015-01-09 21:45 - 2015-01-09 21:43 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
    2015-01-09 21:45 - 2015-01-09 21:43 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
    2015-01-09 21:45 - 2015-01-09 21:43 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2015-01-09 21:45 - 2015-01-09 21:43 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
    2015-01-09 21:45 - 2015-01-09 21:43 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
    2015-01-09 21:44 - 2015-01-09 21:46 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
    2015-01-09 21:44 - 2015-01-09 21:43 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2015-01-09 21:43 - 2015-01-09 21:43 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2015-01-09 21:41 - 2015-01-09 21:41 - 00000000 ____D () C:\Program Files\AVAST Software
    2015-01-09 21:28 - 2015-01-10 19:09 - 00004652 _____ () C:\Windows\PFRO.log
    2015-01-09 16:01 - 2015-01-09 21:41 - 00000000 ____D () C:\ProgramData\AVAST Software
    2015-01-09 15:59 - 2015-01-09 16:00 - 132469808 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup.exe
    2015-01-09 15:59 - 2015-01-09 16:00 - 132469808 _____ (AVAST Software) C:\Users\iRibelino\Downloads\avast_free_antivirus_setup.exe
    2015-01-09 01:07 - 2015-01-09 01:07 - 00002473 _____ () C:\Users\iRibelino\Desktop\Scanned Virus.txt
    2015-01-08 20:53 - 2015-01-08 20:53 - 02347384 _____ (ESET) C:\Users\iRibelino\Downloads\esetsmartinstaller_enu.exe
    2015-01-08 20:53 - 2015-01-08 20:53 - 00000000 ____D () C:\Program Files (x86)\ESET
    2015-01-08 19:00 - 2015-01-08 19:00 - 00143038 _____ () C:\Users\iRibelino\Downloads\Extras.Txt
    2015-01-08 18:57 - 2015-01-08 18:57 - 00141900 _____ () C:\Users\iRibelino\Downloads\OTL.Txt
    2015-01-08 18:29 - 2015-01-08 18:30 - 00602112 _____ (OldTimer Tools) C:\Users\iRibelino\Desktop\OTL.exe
    2015-01-06 16:55 - 2015-01-06 17:18 - 00000000 ____D () C:\Users\iRibelino\AppData\Roaming\Skype
    2015-01-06 16:55 - 2015-01-06 16:55 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
    2015-01-06 16:55 - 2015-01-06 16:55 - 00000000 ___RD () C:\Program Files (x86)\Skype
    2015-01-06 16:55 - 2015-01-06 16:55 - 00000000 ____D () C:\Users\iRibelino\AppData\Local\Skype
    2015-01-06 16:55 - 2015-01-06 16:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    2015-01-06 16:53 - 2015-01-06 16:53 - 44835424 _____ (Skype Technologies S.A.) C:\Users\iRibelino\Downloads\SkypeSetupFull.exe
    2015-01-06 16:01 - 2015-01-06 16:01 - 00000000 ____D () C:\Users\iRibelino\AppData\Roaming\Hewlett-Packard
    2015-01-06 09:46 - 2015-01-06 09:46 - 00000017 _____ () C:\Windows\SysWOW64\shortcut_ex.dat
    2015-01-05 00:55 - 2015-01-05 00:55 - 00000000 ____D () C:\Users\iRibelino\AppData\Roaming\Apple Computer
    2015-01-05 00:20 - 2015-01-05 00:20 - 00001624 _____ () C:\Users\iRibelino\Desktop\Play The Forest.lnk
    2015-01-05 00:18 - 2015-01-05 00:20 - 00000000 ____D () C:\Games
    2015-01-05 00:12 - 2015-01-05 00:12 - 00000000 ____D () C:\Users\iRibelino\Downloads\The Forest (1)
    2015-01-05 00:07 - 2015-01-05 00:09 - 539518498 _____ () C:\Users\iRibelino\Downloads\The Forest (1).zip
    2015-01-04 21:41 - 2015-01-04 21:45 - 00000000 ____D () C:\Users\iRibelino\AppData\Roaming\TeamViewer
    2015-01-04 02:42 - 2015-01-08 20:09 - 00000000 ____D () C:\Users\iRibelino\AppData\Roaming\.minecraft
    2015-01-04 00:20 - 2015-01-04 00:20 - 00000000 ____D () C:\Users\iRibelino\AppData\Roaming\ATI
    2015-01-04 00:18 - 2015-01-10 19:11 - 00001120 _____ () C:\Windows\setupact.log
    2015-01-04 00:18 - 2015-01-04 00:18 - 00000000 _____ () C:\Windows\setuperr.log
    2015-01-03 13:28 - 2015-01-08 17:37 - 00000000 ____D () C:\Users\iRibelino\AppData\Roaming\Adobe
    2015-01-03 13:25 - 2015-01-03 13:25 - 00000483 _____ () C:\Users\iRibelino\Downloads\game.cfg
    2015-01-03 13:25 - 2015-01-03 13:25 - 00000000 ____D () C:\Users\iRibelino\Documents\Razer
    2015-01-03 13:25 - 2015-01-03 13:25 - 00000000 ____D () C:\Users\iRibelino\AppData\Local\Razer_Inc
    2015-01-03 13:17 - 2015-01-03 13:17 - 00000000 ____D () C:\Users\iRibelino\AppData\Local\Razer
    2015-01-03 13:16 - 2015-01-03 13:16 - 00001252 _____ () C:\Users\Public\Desktop\Razer Cortex.lnk
    2015-01-03 13:16 - 2015-01-03 13:16 - 00000000 ____D () C:\ProgramData\Razer
    2015-01-03 13:16 - 2015-01-03 13:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
    2015-01-03 13:16 - 2015-01-03 13:16 - 00000000 ____D () C:\Program Files (x86)\Razer
    2015-01-03 13:16 - 2014-12-09 16:21 - 00037184 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpmgrk.sys
    2015-01-03 13:15 - 2015-01-03 13:15 - 22126232 _____ (Razer Inc. ) C:\Users\iRibelino\Downloads\RazerCortexSetup_5.2.22.0.exe
    2014-12-31 19:22 - 2014-12-31 19:22 - 00000000 __SHD () C:\Users\iRibelino\AppData\Local\EmieBrowserModeList
    2014-12-31 18:57 - 2015-01-03 15:31 - 00000323 _____ () C:\Users\iRibelino\Desktop\Stuff to say.txt
    2014-12-18 10:28 - 2014-12-12 23:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-12-18 10:28 - 2014-12-12 21:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-12-15 15:20 - 2014-12-15 15:20 - 00000000 ____D () C:\Users\Bam Bam.Owner-HP\Documents\Youcam
    2014-12-15 15:20 - 2014-12-15 15:20 - 00000000 ____D () C:\Users\Bam Bam.Owner-HP\AppData\Roaming\CyberLink
    2014-12-15 15:20 - 2014-12-15 15:20 - 00000000 ____D () C:\Users\Bam Bam.Owner-HP\AppData\Local\CyberLink
    2014-12-15 15:19 - 2014-12-15 15:19 - 00000000 ____D () C:\Users\Bam Bam.Owner-HP\AppData\Local\Primonics
     
    ==================== One Month Modified Files and Folders =======
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2015-01-10 22:13 - 2012-09-02 19:58 - 00000000 ____D () C:\ProgramData\WRData
    2015-01-10 22:01 - 2012-02-26 18:55 - 00000260 _____ () C:\Windows\Tasks\HP Photo Creations Messager.job
    2015-01-10 21:55 - 2011-08-11 20:45 - 00000964 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-633064636-575154894-4071965462-1002UA.job
    2015-01-10 21:54 - 2012-06-04 22:17 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-01-10 21:54 - 2011-07-13 08:05 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-01-10 21:51 - 2014-06-13 20:33 - 00000944 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-633064636-575154894-4071965462-1007UA.job
    2015-01-10 21:51 - 2014-06-13 20:33 - 00000922 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-633064636-575154894-4071965462-1007Core.job
    2015-01-10 21:40 - 2011-04-14 03:52 - 01946217 _____ () C:\Windows\WindowsUpdate.log
    2015-01-10 21:38 - 2012-02-17 21:53 - 00000936 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-633064636-575154894-4071965462-1003UA.job
    2015-01-10 20:10 - 2014-05-08 18:38 - 00000000 ____D () C:\Users\iRibelino\AppData\Roaming\Curse Client
    2015-01-10 19:21 - 2009-07-13 22:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-01-10 19:21 - 2009-07-13 22:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-01-10 19:14 - 2011-07-13 08:05 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-01-10 19:13 - 2013-06-08 11:29 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
    2015-01-10 19:13 - 2013-05-31 10:58 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
    2015-01-10 19:13 - 2013-05-30 08:02 - 00000000 ____D () C:\Temp
    2015-01-10 19:11 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-01-10 19:05 - 2009-07-13 23:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2015-01-10 18:55 - 2011-08-11 20:45 - 00000942 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-633064636-575154894-4071965462-1002Core.job
    2015-01-10 10:29 - 2011-01-05 18:10 - 00000000 ____D () C:\Program Files (x86)\Java
    2015-01-10 10:27 - 2011-01-05 18:10 - 00000000 ____D () C:\Program Files\Java
    2015-01-09 18:25 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
    2015-01-09 16:00 - 2013-11-08 17:09 - 00154760 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll
    2015-01-09 16:00 - 2013-11-08 17:09 - 00115680 _____ (Webroot) C:\Windows\system32\Drivers\WRkrn.sys
    2015-01-09 16:00 - 2013-11-08 17:09 - 00105320 _____ (Webroot) C:\Windows\system32\WRusr.dll
    2015-01-09 00:38 - 2012-02-17 21:53 - 00000914 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-633064636-575154894-4071965462-1003Core.job
    2015-01-08 18:02 - 2014-11-22 16:53 - 00000000 ____D () C:\Users\iRibelino\Desktop\Chair
    2015-01-06 16:55 - 2012-05-24 21:36 - 00000000 ____D () C:\ProgramData\Skype
    2015-01-06 04:36 - 2011-05-28 19:31 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2015-01-05 00:58 - 2014-08-19 16:18 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2015-01-05 00:58 - 2012-04-28 11:49 - 00000000 ____D () C:\Program Files (x86)\iTunes
    2015-01-05 00:49 - 2014-01-05 20:01 - 00000000 ____D () C:\Users\iRibelino\AppData\Local\Sony
    2015-01-04 16:45 - 2014-03-29 09:59 - 00007604 _____ () C:\Users\iRibelino\AppData\Local\Resmon.ResmonCfg
    2015-01-04 02:41 - 2013-12-20 11:36 - 00000000 ____D () C:\Program Files (x86)\Steam
    2015-01-03 13:04 - 2014-12-05 21:35 - 00000000 ____D () C:\Users\iRibelino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
    2015-01-02 12:35 - 2009-07-13 23:08 - 00032540 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2014-12-15 14:38 - 2014-08-10 10:30 - 00000000 ____D () C:\Users\Bam Bam.Owner-HP\AppData\Local\WeatherBug
    2014-12-14 11:07 - 2013-03-13 10:16 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2014-12-14 11:07 - 2013-03-13 10:16 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
    2014-12-14 00:08 - 2013-03-13 10:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2014-12-13 21:57 - 2014-04-24 16:05 - 00000000 ____D () C:\Users\iRibelino\Documents\Youcam
    2014-12-13 17:52 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
     
    Some content of TEMP:
    ====================
    C:\Users\iRibelino\AppData\Local\Temp\ieframe.dll
    C:\Users\iRibelino\AppData\Local\Temp\Quarantine.exe
    C:\Users\iRibelino\AppData\Local\Temp\sqlite3.dll
     
     
    ==================== Bamital & volsnap Check =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
     
     
    LastRegBack: 2015-01-06 08:26
     
    ==================== End Of Log ============================
     
    This is the addition-
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-01-2015
    Ran by iRibelino at 2015-01-10 22:15:23
    Running from C:\Users\iRibelino\Desktop
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AV: Webroot SecureAnywhere (Enabled - Up to date) {66A6FE14-08CB-F415-3742-517201416109}
    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Webroot SecureAnywhere (Enabled - Up to date) {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.3.0.3670 - Adobe Systems Incorporated)
    Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
    Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.05) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated)
    Adobe Shockwave Player 11.5 (HKLM-x32\...\{3B834B54-EC4B-48E2-BFC6-03FF5DA06F62}) (Version: 11.5.8.612 - Adobe Systems, Inc)
    Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ATI Catalyst Install Manager (HKLM\...\{E18E155E-73A9-0CCA-B796-05B09A1B5D97}) (Version: 3.0.804.0 - ATI Technologies, Inc.)
    Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
    Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
    Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.4.4078 - BlueStack Systems, Inc.)
    BlueStacks Notification Center (HKLM-x32\...\{152E0B21-19D5-4772-9EF8-8E76074B0C0A}) (Version: 0.9.4.4078 - BlueStack Systems, Inc.)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.48.61 - Broadcom Corporation)
    Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
    ccc-core-static (x32 Version: 2010.1209.2324.42008 - ATI) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
    Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
    Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
    CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
    CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3525 - CyberLink Corp.)
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.2.1.3609 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
    DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
    Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Dxtory version 2.0.119 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.119 - Dxtory Software)
    Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
    Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
    ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
    ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
    Facebook Video Calling 1.2.0.159 (HKLM-x32\...\{7CAC6A44-C3DE-4153-ACA6-7524602C789E}) (Version: 1.2.159 - Skype Limited)
    Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
    Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
    FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
    Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
    Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
    HP CloudDrive (HKLM-x32\...\ZumoDrive) (Version:  - Zecter Inc.)
    HP Documentation (HKLM-x32\...\{4913D614-14AA-4728-B32C-678467E5AD58}) (Version: 1.3.0.0 - Hewlett-Packard)
    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
    HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
    HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.5192 - HP Photo Creations)
    HP Photosmart 5510 series Basic Device Software (HKLM\...\{424E8E17-A7B7-45B5-8C79-D58F04D9D920}) (Version: 25.0.621.0 - Hewlett-Packard Co.)
    HP Photosmart 5510 series Help (HKLM-x32\...\{E02964EA-0E1B-4620-A26E-CBAB0341B1BB}) (Version: 140.0.2.2 - Hewlett Packard)
    HP Photosmart 5510 series Product Improvement Study (HKLM\...\{1AE1848C-D592-4222-8048-AEE1694D2959}) (Version: 25.0.621.0 - Hewlett-Packard Co.)
    HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company)
    HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
    HP Setup (HKLM-x32\...\{802C068E-0576-4F25-8137-D54B7DB0FC5E}) (Version: 8.4.4487.3576 - Hewlett-Packard Company)
    HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12845.3522 - Hewlett-Packard Company)
    HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
    HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
    HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
    HP Wireless Assistant (HKLM\...\{13DCC2C7-454D-42F0-A892-E0E9A5DE4E67}) (Version: 4.0.10.0 - Hewlett-Packard Company)
    iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6319.0 - IDT)
    Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3429 - CyberLink Corp.)
    LabelPrint (x32 Version: 2.5.3429 - CyberLink Corp.) Hidden
    Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
    League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
    League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
    LMMS 1.0.2 (HKLM-x32\...\LMMS) (Version: 1.0.2 - LMMS Developers)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
    Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
    Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
    MotoCast (HKLM-x32\...\{5401CEE8-3C2D-4835-A802-213306537FF4}) (Version: 2.0.31 - Motorola Mobility)
    Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.2.35 - Motorola Mobility)
    Motorola Device Software Update (x32 Version: 1.0.41 - Motorola Mobility) Hidden
    MOTOROLA MEDIA LINK (x32 Version: 1.9.0002.0 - Motorola) Hidden
    Motorola Mobile Drivers Installation 5.9.0 (Version: 5.9.0 - Motorola Inc.) Hidden
    Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    MusicOasis (HKLM-x32\...\MusicOasis) (Version: 1.0.3 - W3i, LLC)
    MusicOasis (x32 Version: 1.0.3 - W3i, LLC) Hidden
    Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
    ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.6.4001 - ooVoo LLC.)
    Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
    Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
    PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.35 - Hewlett-Packard Company)
    Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
    PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
    Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4725 - CyberLink Corp.)
    Power2Go (x32 Version: 6.1.4725 - CyberLink Corp.) Hidden
    Python 2.7 pyHook-1.5.1 (64-bit) (HKU\S-1-5-21-633064636-575154894-4071965462-1007\...\pyHook-py2.7) (Version:  - )
    Python 2.7 pywin32-219 (HKU\S-1-5-21-633064636-575154894-4071965462-1007\...\pywin32-py2.7) (Version:  - )
    Python 2.7.8 (HKLM-x32\...\{61121B12-88BD-4261-A6EE-AB32610A56DD}) (Version: 2.7.8150 - Python Software Foundation)
    QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
    Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 5.2.22.0 - Razer Inc.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.26.902.2010 - Realtek)
    Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.)
    Recovery Manager (x32 Version: 1.0.22 - Hewlett-Packard) Hidden
    ReiBoot  (HKLM-x32\...\ReiBoot) (Version:  - Tenorshare, Inc.)
    RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.101 - RoxioNow)
    Sizer 3.34 (HKLM-x32\...\{DE43AA92-E8C0-4620-AFE2-FBD623C71643}) (Version: 3.3.4.0 - Brian Apps)
    Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
    Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
    TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
    TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.26297 - TeamViewer)
    Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
    VoiceOver Kit (HKLM-x32\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)
    WeatherBug (HKLM-x32\...\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}) (Version: 7.0.0.11 - Earth Networks, Inc.)
    Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 8.0.6.44 - Webroot)
    Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
    Wondershare SafeEraser ( Version 3.0.1 ) (HKLM-x32\...\{1FD4D6F6-5A95-44EF-855F-02746470397C}_is1) (Version: 3.0.1 - Wondershare)
    Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
    Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
     
    ==================== Custom CLSID (selected items): ==========================
     
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
     
     
    ==================== Restore Points  =========================
     
    05-01-2015 00:40:37 Removed BabylonObjectInstaller
    05-01-2015 00:43:09 Removed Vegas Pro 12.0 (64-bit)
    05-01-2015 00:51:42 Removed iTunes
    06-01-2015 08:40:05 Windows Update
    09-01-2015 16:01:56 Windows Update
    09-01-2015 16:04:14 avast! antivirus system restore point
    09-01-2015 21:37:45 avast! antivirus system restore point
    10-01-2015 10:17:45 Removed Java 7 Update 45
    10-01-2015 10:21:35 Removed Java™ 6 Update 22 (64-bit)
    10-01-2015 10:25:04 Removed Java 7 Update 45 (64-bit)
    10-01-2015 10:27:52 Removed Java™ 6 Update 25
    10-01-2015 10:30:29 Removed JavaFX 2.1.1
    10-01-2015 19:31:56 OTL Restore Point - 1/10/2015 7:31:51 PM
     
    ==================== Hosts content: ==========================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
     
    ==================== Scheduled Tasks (whitelisted) =============
     
    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
     
    Task: {15FE310E-6E93-4535-8A41-2132D87544C3} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-09-28] ()
    Task: {1FAF9699-2288-451A-AD11-D33F2EA59B96} - System32\Tasks\{1FA5B4CE-AFFE-47B1-B70C-D8D71920589D} => pcalua.exe -a "C:\Users\Junior\Downloads\horizon setup.exe" -d C:\Users\Junior\Downloads
    Task: {2CA9E456-67FA-45FC-8583-42BED62D13E6} - System32\Tasks\{84A36925-7B21-4413-A3D2-B1A78DB719A7} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
    Task: {3214CE79-2B52-4A20-A0B7-73560FB0ACD1} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-633064636-575154894-4071965462-1003UA => C:\Users\Bam Bam\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-14] (Facebook Inc.)
    Task: {3BAFCB95-10AD-4112-B68F-A48F326BB055} - System32\Tasks\{A094D15C-5663-49B6-843B-118EE17AF5D8} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
    Task: {3D489290-0234-4E16-8802-302ABD4DD28F} - System32\Tasks\HPCustParticipation HP Photosmart 5510 series => C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPCustPartic.exe [2011-09-16] (Hewlett-Packard Co.)
    Task: {411418F5-8ABE-4280-9EE2-AA908521A4AA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
    Task: {44BD607B-63DD-4698-AFEA-3FFED2268F61} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2010-12-11] (CyberLink)
    Task: {476B0FD8-00E8-44F9-A033-32AD9910916C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-633064636-575154894-4071965462-1003Core => C:\Users\Bam Bam\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-14] (Facebook Inc.)
    Task: {4E7A1C38-F6A3-4DF0-86AD-CD9C3CBC0556} - System32\Tasks\{124A9FCA-6E07-461A-9058-6A5843FF06A0} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
    Task: {5272E913-5C7C-445D-BEDE-5ECA4CC322CB} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{0B201398-B82D-492D-A782-C3DF2D64790D}.exe
    Task: {56AFB092-4507-4CD1-AAEB-802EA232D753} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-633064636-575154894-4071965462-1002UA => C:\Users\EVRYONE FAMLIY\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
    Task: {56E1A01D-7447-4918-B96C-F6210A066A67} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
    Task: {5E0872DF-67A7-4CF9-9D6A-21D03344503A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
    Task: {60B97169-A9B8-4EDE-B750-14E05B0E01A0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
    Task: {60DF9943-FD9F-4D66-9456-466D473A4389} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-09-28] ()
    Task: {61F90378-6E22-4027-A6C8-55544F447AD3} - System32\Tasks\HP Photo Creations Messager => C:\ProgramData\HP Photo Creations\MessageCheck.exe [2011-02-15] ()
    Task: {69C466EF-DF95-4F3C-89D0-D9ADA74A67E0} - System32\Tasks\{2A3294D4-5597-4C11-BBA7-D64EEC1E328D} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
    Task: {7089A9A9-9580-409E-874C-AEBACC3B4567} - System32\Tasks\{3F204129-864A-4089-9B37-695E704A5FDA} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
    Task: {78F5A740-66B3-40D4-817F-42700C35B6CA} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{56D11AEB-1BD9-4079-8275-34869B04B968}.exe
    Task: {835C152B-E100-4080-A94E-DC70257CB70A} - System32\Tasks\MotoCast Update => C:\Program Files (x86)\Motorola Mobility\MotoCast\LiveUpdate\MotoCastUpdate.exe [2012-07-24] ()
    Task: {840BA909-FE11-49F8-9BC4-F21FEE5CF110} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
    Task: {85705A2F-00D9-408C-ADF4-1DB76F7BFEBE} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-11-17] ()
    Task: {88575BA2-3092-4BF9-9B6C-311106147095} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-633064636-575154894-4071965462-1007Core => C:\Users\iRibelino\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-06-13] (Facebook Inc.)
    Task: {8DB866D2-5536-43DB-A50F-603FED0BC615} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-633064636-575154894-4071965462-1007UA => C:\Users\iRibelino\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-06-13] (Facebook Inc.)
    Task: {9F549451-0AB9-4CE2-8A74-40612143616B} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-09-28] ()
    Task: {A547CD54-248D-4129-915E-795B7184A9E4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
    Task: {A75484BB-F0A9-45F0-B76A-6ADA9C0A30BB} - System32\Tasks\{10701D9F-0089-44A0-80DE-AF19674A09BA} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
    Task: {AF932BD1-2B04-486B-96DC-E15D4CDD61FA} - System32\Tasks\avastBCLRestartS-1-5-21-633064636-575154894-4071965462-1007 => Chrome.exe 
    Task: {B892D0A0-C47E-4ED0-8B22-63E1A25C68A8} - System32\Tasks\{9E8AB04A-B841-48C2-8C06-0AD16002E832} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
    Task: {C34A3B66-C2F7-4D6F-9E8A-467D5A93812D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-09] (AVAST Software)
    Task: {C9402A9F-E95A-4F03-8EFD-A4421149A038} - System32\Tasks\{3B212005-90CC-4920-8BCC-DEA1995ACF81} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
    Task: {CA7A687C-5EFB-4C2F-9406-27A87B218E94} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-633064636-575154894-4071965462-1002Core => C:\Users\EVRYONE FAMLIY\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
    Task: {CC30D9D9-D1B4-48FB-ADAD-773C8EE1298B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {CE32DF13-17CE-46B1-9FAA-25AED1E6479B} - System32\Tasks\{3E051084-4086-46AB-962D-5229F70CECFF} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
    Task: {DC46FC71-6C33-4D7C-BDD6-542D61144683} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {E01EAF94-3C87-4C3C-83C2-1EA439648CA1} - System32\Tasks\{A94F9C25-0B33-4611-A762-EFD21152B66C} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
    Task: {F3306F76-8BA7-4EC9-BAFF-12CE587E11A2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{0B201398-B82D-492D-A782-C3DF2D64790D}.exe
    Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{56D11AEB-1BD9-4079-8275-34869B04B968}.exe
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-633064636-575154894-4071965462-1002Core.job => C:\Users\EVRYONE FAMLIY\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-633064636-575154894-4071965462-1002UA.job => C:\Users\EVRYONE FAMLIY\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-633064636-575154894-4071965462-1003Core.job => C:\Users\Bam Bam\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-633064636-575154894-4071965462-1003UA.job => C:\Users\Bam Bam\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-633064636-575154894-4071965462-1007Core.job => C:\Users\iRibelino\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-633064636-575154894-4071965462-1007UA.job => C:\Users\iRibelino\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\HP Photo Creations Messager.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe
     
    ==================== Loaded Modules (whitelisted) =============
     
    2012-10-02 12:45 - 2012-10-02 12:45 - 00120728 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
    2014-12-09 16:22 - 2014-12-09 16:22 - 00186048 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
    2010-12-10 00:32 - 2010-12-10 00:32 - 00079872 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Services.dll
    2010-12-10 00:32 - 2010-12-10 00:32 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
    2012-10-02 12:41 - 2012-10-02 12:41 - 00694168 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
    2010-07-21 16:33 - 2010-07-21 16:33 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
    2010-07-21 16:33 - 2010-07-21 16:33 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
    2010-07-21 16:33 - 2010-07-21 16:33 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
    2010-12-10 00:33 - 2010-12-10 00:33 - 00101888 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
    2010-12-10 00:23 - 2010-12-10 00:23 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
    2010-11-26 12:15 - 2010-11-26 12:15 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
    2015-01-10 14:40 - 2015-01-10 14:40 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15011002\algo.dll
    2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2012-09-07 20:35 - 2012-09-07 20:35 - 00128960 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\liveupdatetactics.dll
    2012-09-07 20:35 - 2012-09-07 20:35 - 00024496 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\DbAccess.dll
    2012-09-07 20:37 - 2012-09-07 20:37 - 00466256 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\sqlite3.dll
    2012-09-07 20:36 - 2012-09-07 20:36 - 00045992 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NAdvLog.dll
    2012-09-07 20:36 - 2012-09-07 20:36 - 00034752 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NFileCacheDBAccess.dll
    2012-09-26 15:57 - 2012-09-26 15:57 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
    2014-07-26 23:39 - 2013-07-24 08:24 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
    2015-01-09 21:43 - 2015-01-09 21:43 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2013-05-11 13:19 - 2010-11-18 13:57 - 12284984 _____ () C:\Users\iRibelino\AppData\Roaming\PictureMover\Bin\Core.dll
    2009-07-13 15:03 - 2009-07-13 19:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
    2013-05-11 13:20 - 2010-11-18 14:09 - 01699384 _____ () C:\Users\iRibelino\AppData\Roaming\PictureMover\EN-US\Presentation.dll
    2013-12-13 07:12 - 2013-12-13 07:12 - 00307712 _____ () C:\Users\iRibelino\AppData\Roaming\Curse Client\Bin\opus.dll
    2014-03-10 12:55 - 2014-05-22 22:15 - 00437248 _____ () C:\Users\iRibelino\AppData\Roaming\Curse Client\Bin\WebRTC_CSharpWrapper.dll
    2014-12-11 16:59 - 2014-12-05 19:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
    2014-12-11 16:59 - 2014-12-05 19:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
    2014-12-11 16:59 - 2014-12-05 19:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
    2014-12-11 16:59 - 2014-12-05 19:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
     
    ==================== Alternate Data Streams (whitelisted) =========
     
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
     
    AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2
     
    ==================== Safe Mode (whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
     
    ==================== EXE Association (whitelisted) =============
     
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
     
    HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
    HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
    HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
    HKU\S-1-5-21-633064636-575154894-4071965462-1007\Software\Classes\exefile: "%1" %* <===== ATTENTION!
     
    ==================== MSCONFIG/TASK MANAGER disabled items =========
     
    (Currently there is no automatic fix for this section.)
     
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
    MSCONFIG\startupreg: Facebook Update => "C:\Users\iRibelino\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    MSCONFIG\startupreg: ISTray => "C:\Users\BAMBAM~1.OWN\AppData\Local\Temp\MRI_TEMP\Spyware Doctor\pctsTray.exe"
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: ooVoo.exe => C:\Program Files (x86)\ooVoo\oovoo.exe /minimized
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
     
    ========================= Accounts: ==========================
     
    Administrator (S-1-5-21-633064636-575154894-4071965462-500 - Administrator - Disabled)
    Bam Bam (S-1-5-21-633064636-575154894-4071965462-1006 - Administrator - Enabled) => C:\Users\Bam Bam.Owner-HP
    EVRYONE FAMLIY (S-1-5-21-633064636-575154894-4071965462-1002 - Limited - Enabled) => C:\Users\EVRYONE FAMLIY
    Guest (S-1-5-21-633064636-575154894-4071965462-501 - Limited - Disabled)
    iRibelino (S-1-5-21-633064636-575154894-4071965462-1007 - Administrator - Enabled) => C:\Users\iRibelino
    Young Nino (S-1-5-21-633064636-575154894-4071965462-1005 - Limited - Enabled) => C:\Users\Young Nino
     
    ==================== Faulty Device Manager Devices =============
     
    Name: TAP-Win32 Adapter V9 (Tunngle)
    Description: TAP-Win32 Adapter V9 (Tunngle)
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: TAP-Win32 Provider V9 (Tunngle)
    Service: tap0901t
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
     
    Name: TAP-Windows Adapter V9
    Description: TAP-Windows Adapter V9
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: TAP-Windows Provider V9
    Service: tap0901
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
     
    System errors:
    =============
     
    Microsoft Office Sessions:
    =========================
     
    ==================== Memory info =========================== 
     
    Processor: AMD Turion™ II P560 Dual-Core Processor
    Percentage of memory in use: 63%
    Total physical RAM: 3834.9 MB
    Available physical RAM: 1400.24 MB
    Total Pagefile: 7667.98 MB
    Available Pagefile: 5093.49 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.83 MB
     
    ==================== Drives ================================
     
    Drive c: () (Fixed) (Total:282.92 GB) (Free:59.3 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive d: (RECOVERY) (Fixed) (Total:14.87 GB) (Free:1.86 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 1A92C6EF)
    Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=282.9 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=14.9 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
     
    ==================== End Of Log ============================

    • 0

    #14
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,028 posts
    • MVP

    Please uninstall  Webroot SecureAnywhere 

     

    We only want one anti-virus.  They fight each other and slow you down.

     

    Download the attached fixlist.txt to the same location as FRST

    Run FRST and press Fix
    A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.

     

    This just removes some deadwood and any Webroot entries which remain after you uninstall it.


    • 0

    #15
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,028 posts
    • MVP
     I'm scared to delete we root because I have stuff in the quarantine and the allow/block files tab, if I delete we root, will those virus's or files be set free into my computer?

     

     

    Please reply here.  Do not use PMs.

     

     

    Avast is a lot better than webroot.   Normally when you uninstall an anti-virus any files in quarantine will either get left in quarantine or deleted.  (Usually they ask you but I've never worked with webroot).  I have never heard of any anti-virus releasing stuff back into your system when you uninstall it but if it did Avast would eat the files.


    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP