• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.   EDIT: I have asked our hosting service to do the restore at 9 PM Central time and it looks like it will go forward at that time.  Please prepare whatever you need to prepare so that we can restore your topics when the forum is stable again.
theruler

ebd123

36 posts in this topic

My start page of firefox and chrome keeps changing to ebd123.com. I got many virus, used a lot antimalware programs and this seems to be the last one remaining.

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 30/09/2015
Scan Time: 09:38
Logfile: mbam.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.09.30.04
Rootkit Database: v2015.09.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Rafael

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 331370
Time Elapsed: 16 min, 33 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.18015 BrowserJavaVersion: 11.60.2
Run by Rafael at 10:06:55 on 2015-09-30
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1033.18.3474.676 [GMT -3:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\TeamViewer\TeamViewer_Service.exe
C:\Windows\system32\viakaraokesrv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\explorer.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BlueStacks\HD-Agent.exe
C:\Program Files\BlueStacks\HD-Frontend.exe
C:\Program Files\BlueStacks\HD-LogRotatorService.exe
C:\Program Files\BlueStacks\HD-UpdaterService.exe
C:\Program Files\BlueStacks\HD-Service.exe
C:\Program Files\BlueStacks\HD-Network.exe
C:\Windows\system32\conhost.exe
C:\Program Files\BlueStacks\HD-BlockDevice.exe
C:\Windows\system32\conhost.exe
C:\Program Files\BlueStacks\HD-SharedFolder.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Opera\32.0.1948.25\opera.exe
C:\Program Files\Opera\32.0.1948.25\opera_crashreporter.exe
C:\Program Files\Opera\32.0.1948.25\opera.exe
C:\Program Files\Opera\32.0.1948.25\opera.exe
C:\Program Files\Opera\32.0.1948.25\opera.exe
C:\Program Files\Opera\32.0.1948.25\opera.exe
C:\Program Files\Opera\32.0.1948.25\opera.exe
C:\Program Files\Opera\32.0.1948.25\opera.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe
C:\Windows\system32\AUDIODG.EXE
C:\Program Files\Opera\32.0.1948.25\opera.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_60\bin\ssv.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_60\bin\jp2ssv.dll
dRunOnce: [sPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915"/build:7601
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{12FF66DF-C2B5-4FA9-9BA0-4C02BDED4B79} : DHCPNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\45.0.2454.101\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\rafael\appdata\roaming\mozilla\firefox\profiles\4h6kato1.default-1443576810151\
FF - plugin: c:\program files\adobe\acrobat reader dc\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.28.15\npGoogleUpdate3.dll
FF - plugin: c:\program files\intel\intel® management engine components\ipt\npIntelWebAPIIPT.dll
FF - plugin: c:\program files\intel\intel® management engine components\ipt\npIntelWebAPIUpdater.dll
FF - plugin: c:\program files\java\jre1.8.0_60\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre1.8.0_60\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\skypewebplugin\3.2.0.23388\npSkypeWebPlugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_19_0_0_185.dll
.
============= SERVICES / DRIVERS ===============
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2015-9-29 54968]
R1 usbabcd;usbabcd;c:\windows\system32\drivers\usbabcd.sys [2015-9-28 334936]
R2 BstHdDrv;BlueStacks Hypervisor;c:\program files\bluestacks\HD-Hypervisor-x86.sys [2015-5-7 131704]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\intel\icls client\HeciServer.exe [2012-4-20 462048]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files\intel\intel® management engine components\dal\Jhi_service.exe [2014-11-24 165760]
R2 TeamViewer;TeamViewer 10;c:\program files\teamviewer\TeamViewer_Service.exe [2015-1-29 5427472]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2014-11-24 364416]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\ViakaraokeSrv.exe [2014-11-24 27792]
R3 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\bluestacks\HD-Service.exe [2015-5-7 433784]
R3 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\bluestacks\HD-LogRotatorService.exe [2015-5-7 413304]
R3 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files\bluestacks\HD-UpdaterService.exe [2015-5-7 831096]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2014-11-24 289792]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2014-11-24 99992]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-12-29 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-12-29 98520]
R3 MEI;Intel® Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [2014-11-24 55104]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2014-11-24 1839760]
R3 WsAudio_Device;WsAudio_Device;c:\windows\system32\drivers\VirtualAudio.sys [2014-12-4 27496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-12-29 1133880]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2015-7-9 327296]
S2 SvcHelper;SvcHelper;c:\windows\system32\svchost.exe -k SvcHelper [2009-7-13 20992]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files\intel\intel® integrated clock controller service\ICCProxy.exe [2015-9-23 169752]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2015-9-9 102912]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-12-29 51928]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2015-7-15 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-11-26 52224]
.
=============== File Associations ===============
.
ShellExec: opera.exe: open="c:\program files\opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2015-09-30 03:03:09 -------- d-sh--w- C:\$RECYCLE.BIN
2015-09-30 03:03:06 -------- d-----w- c:\users\rafael\appdata\local\temp
2015-09-30 02:21:21 -------- d--h--w- c:\users\rafael\appdata\roaming\LockIE
2015-09-30 02:03:09 -------- d-----w- c:\programdata\HitmanPro
2015-09-30 01:45:46 54968 ----a-w- c:\windows\system32\drivers\fsbts.sys
2015-09-30 01:44:03 -------- d-----w- c:\users\rafael\appdata\local\F-Secure
2015-09-30 01:44:03 -------- d-----w- c:\programdata\F-Secure
2015-09-30 01:42:24 -------- d-----w- c:\users\rafael\appdata\roaming\QuickScan
2015-09-30 00:26:08 -------- d-----w- c:\users\rafael\appdata\local\VirtualStore
2015-09-29 17:28:58 -------- d-----w- c:\programdata\Sophos
2015-09-29 17:27:50 -------- d-----w- c:\program files\Sophos
2015-09-29 17:23:35 -------- d-----w- c:\program files\common files\AV
2015-09-29 17:09:07 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2015-09-29 02:35:20 -------- d-----w- c:\program files\SpywareBlaster
2015-09-29 00:40:25 -------- d-----w- C:\TDSSKiller_Quarantine
2015-09-29 00:23:32 334936 ----a-w- c:\windows\system32\drivers\usbabcd.sys
2015-09-25 16:04:04 -------- d-----w- c:\users\rafael\appdata\local\CEF
2015-09-25 14:51:15 -------- d-----w- c:\users\rafael\.oracle_jre_usage
2015-09-23 13:12:33 -------- d-----w- c:\windows\system32\MRT
2015-09-12 15:43:24 -------- d-----w- c:\program files\Mythicsoft
2015-09-09 13:13:41 991744 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2015-09-09 13:03:30 93184 ----a-w- c:\windows\system32\wudriver.dll
2015-09-09 13:03:30 73728 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-09-09 13:03:30 34816 ----a-w- c:\windows\system32\wuapp.exe
2015-09-09 13:03:30 2953728 ----a-w- c:\windows\system32\wucltux.dll
2015-09-09 13:03:30 173056 ----a-w- c:\windows\system32\wuwebv.dll
2015-09-09 13:03:30 11776 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-09-09 13:03:22 2048 ----a-w- c:\windows\system32\tzres.dll
.
==================== Find3M ====================
.
2015-09-30 12:38:54 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-09-29 18:21:08 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-09-25 14:51:01 97888 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2015-09-22 12:49:10 780488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-09-22 12:49:10 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-09-02 02:48:35 26624 ----a-w- c:\windows\system32\lpk.dll
2015-09-02 02:48:31 70656 ----a-w- c:\windows\system32\fontsub.dll
2015-09-02 02:48:28 10240 ----a-w- c:\windows\system32\dciman32.dll
2015-09-02 02:48:25 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-09-02 01:36:35 2384896 ----a-w- c:\windows\system32\win32k.sys
2015-09-02 01:33:48 299520 ----a-w- c:\windows\system32\atmfd.dll
2015-08-15 05:53:22 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2015-08-15 05:53:08 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2015-08-15 05:40:29 504832 ----a-w- c:\windows\system32\vbscript.dll
2015-08-15 05:40:12 62464 ----a-w- c:\windows\system32\iesetup.dll
2015-08-15 05:39:32 47616 ----a-w- c:\windows\system32\ieetwproxystub.dll
2015-08-15 05:39:22 341504 ----a-w- c:\windows\system32\html.iec
2015-08-15 05:38:34 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2015-08-15 05:29:42 102912 ----a-w- c:\windows\system32\ieetwcollector.exe
2015-08-15 05:29:36 115712 ----a-w- c:\windows\system32\ieUnatt.exe
2015-08-15 05:29:12 620032 ----a-w- c:\windows\system32\jscript9diag.dll
2015-08-15 05:24:21 667648 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2015-08-15 05:16:37 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2015-08-15 05:10:32 4520448 ----a-w- c:\windows\system32\jscript9.dll
2015-08-15 05:01:47 2052608 ----a-w- c:\windows\system32\inetcpl.cpl
2015-08-15 05:01:23 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
2015-08-15 04:43:00 1951232 ----a-w- c:\windows\system32\wininet.dll
2015-08-05 17:41:00 751104 ----a-w- c:\windows\system32\schedsvc.dll
2015-08-05 17:40:50 22528 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\jnwppr.dll
2015-08-05 17:40:50 216064 ----a-w- c:\windows\system32\InkEd.dll
2015-08-05 17:40:50 19968 ----a-w- c:\windows\system32\jnwmon.dll
2015-08-04 17:48:00 50176 ----a-w- c:\windows\system32\setbcdlocale.dll
2015-08-04 17:47:42 50688 ----a-w- c:\windows\system32\appidapi.dll
2015-08-04 17:47:42 28160 ----a-w- c:\windows\system32\appidsvc.dll
2015-08-04 17:46:53 96768 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2015-08-04 17:46:53 16896 ----a-w- c:\windows\system32\appidcertstorecheck.exe
2015-08-04 16:53:39 50176 ----a-w- c:\windows\system32\drivers\appid.sys
2015-07-30 17:57:31 909824 ----a-w- c:\windows\system32\FntCache.dll
2015-07-30 17:57:30 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2015-07-30 17:57:30 1251328 ----a-w- c:\windows\system32\DWrite.dll
2015-07-30 13:13:38 103120 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-15 17:59:45 3989952 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-07-15 17:59:45 3934656 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-07-15 17:59:44 78784 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-07-15 17:59:44 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-07-15 17:59:44 137664 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-07-15 17:56:24 1308160 ----a-w- c:\windows\system32\ntdll.dll
2015-07-15 17:55:07 172032 ----a-w- c:\windows\system32\wdigest.dll
2015-07-15 17:55:04 65536 ----a-w- c:\windows\system32\TSpkg.dll
2015-07-15 17:55:03 15872 ----a-w- c:\windows\system32\sspisrv.dll
2015-07-15 17:55:03 1159168 ----a-w- c:\windows\system32\sysmain.dll
2015-07-15 17:55:03 100352 ----a-w- c:\windows\system32\sspicli.dll
2015-07-15 17:55:02 43008 ----a-w- c:\windows\system32\srclient.dll
2015-07-15 17:55:02 400896 ----a-w- c:\windows\system32\srcore.dll
2015-07-15 17:55:00 248832 ----a-w- c:\windows\system32\schannel.dll
2015-07-15 17:55:00 22016 ----a-w- c:\windows\system32\secur32.dll
2015-07-15 17:54:59 655360 ----a-w- c:\windows\system32\rpcrt4.dll
2015-07-15 17:54:55 221184 ----a-w- c:\windows\system32\ncrypt.dll
2015-07-15 17:54:54 259584 ----a-w- c:\windows\system32\msv1_0.dll
2015-07-15 17:54:53 10752 ----a-w- c:\windows\system32\msmmsp.dll
2015-07-15 17:54:50 1061376 ----a-w- c:\windows\system32\lsasrv.dll
2015-07-15 17:54:49 552960 ----a-w- c:\windows\system32\kerberos.dll
2015-07-15 17:54:43 38912 ----a-w- c:\windows\system32\csrsrv.dll
2015-07-15 17:54:43 36864 ----a-w- c:\windows\system32\cryptbase.dll
2015-07-15 17:54:43 17408 ----a-w- c:\windows\system32\credssp.dll
2015-07-15 17:54:24 69632 ----a-w- c:\windows\system32\smss.exe
2015-07-15 17:54:19 262656 ----a-w- c:\windows\system32\rstrui.exe
2015-07-15 17:54:08 22528 ----a-w- c:\windows\system32\lsass.exe
2015-07-15 17:53:53 50176 ----a-w- c:\windows\system32\auditpol.exe
2015-07-15 17:49:10 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-07-15 17:48:14 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-07-15 17:44:18 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-07-15 17:44:16 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-07-15 17:43:40 2560 ----a-w- c:\windows\system32\drivers\en-us\mountmgr.sys.mui
2015-07-15 16:36:44 225792 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2015-07-15 16:36:23 98304 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2015-07-15 16:36:23 124416 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2015-07-15 02:55:45 1390592 ----a-w- c:\windows\system32\msxml6.dll
2015-07-15 02:55:45 1241088 ----a-w- c:\windows\system32\msxml3.dll
2015-07-15 02:55:32 44032 ----a-w- c:\windows\system32\basesrv.dll
2015-07-15 02:51:14 2048 ----a-w- c:\windows\system32\msxml6r.dll
2015-07-15 02:51:14 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-07-10 17:34:09 36864 ----a-w- c:\windows\system32\tsgqec.dll
2015-07-10 17:34:02 3221504 ----a-w- c:\windows\system32\mstscax.dll
2015-07-10 17:33:50 131584 ----a-w- c:\windows\system32\aaclient.dll
2015-07-09 17:42:27 179712 ----a-w- c:\windows\system32\notepad.exe
2015-07-09 17:42:27 179712 ----a-w- c:\windows\notepad.exe
2015-07-04 17:48:36 1414656 ----a-w- c:\windows\system32\ole32.dll
.
============= FINISH: 10:07:22.63 ===============

 

 

 

 

Results of screen317's Security Check version 0.99.96
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 5.0
CCleaner
Java 8 Update 60
Java version 32-bit out of Date!
Java 64-bit 8 Update 31
Adobe Flash Player 19.0.0.185
Mozilla Firefox (41.0)
Google Chrome (45.0.2454.101)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

Share this post


Link to post
Share on other sites

Hello theruler. Welcome to SWI.

I notice that you do not seem to be running antivirus software.This is somewhat suicidal in today's digital world. I strongly suggest you install one. I will give you a list of anti-virus programs to choose from once the computer is clean.

First of all you need to create a Restore point. Give it a name that you will understand. Something like---before running tools.
For information on how to create a Restore point please go here: How to create Restore Point.

Please download AdwCleaner by Xplode onto your Desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please attach it to your reply.


Please post:
AdwCleaner log
FRST log.

How is the computer running now?


Rocket Grannie

Share this post


Link to post
Share on other sites
# AdwCleaner v5.004 - Logfile created 30/09/2015 at 22:30:56

# Updated 26/08/2015 by Xplode

# Database : 2015-09-30.1 [server]

# Operating system : Windows 7 Ultimate Service Pack 1 (x86)

# Username : Rafael - RAFAEL-PC

# Running from : C:\Users\Rafael\Downloads\adwcleaner_5.004.exe

# Option : Scan



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****



***** [ Shortcuts ] *****



***** [ Scheduled tasks ] *****



***** [ Registry ] *****


Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WdsManPro


***** [ Web browsers ] *****


[C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Found : br.ask.com


########## EOF - C:\AdwCleaner\AdwCleaner[s30].txt - [758 bytes] ##########







Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:27-09-2015 01

Ran by Rafael (administrator) on RAFAEL-PC (30-09-2015 22:33:39)

Running from C:\Users\Rafael\Downloads

Loaded Profiles: Rafael (Available Profiles: Rafael)

Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal



==================== Processes (Whitelisted) =================


(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe

(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe

(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Agent.exe

(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe

(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-UpdaterService.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

() C:\Users\Rafael\Downloads\adwcleaner_5.004.exe

(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Frontend.exe

(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Service.exe

(BlueStack Systems) C:\Program Files\BlueStacks\HD-Network.exe

(BlueStack Systems) C:\Program Files\BlueStacks\HD-BlockDevice.exe

(BlueStack Systems) C:\Program Files\BlueStacks\HD-SharedFolder.exe

(Opera Software) C:\Program Files\Opera\32.0.1948.25\opera.exe

(Opera Software) C:\Program Files\Opera\32.0.1948.25\opera_crashreporter.exe

(Opera Software) C:\Program Files\Opera\32.0.1948.25\opera.exe

(Opera Software) C:\Program Files\Opera\32.0.1948.25\opera.exe

(Opera Software) C:\Program Files\Opera\32.0.1948.25\opera.exe

(Opera Software) C:\Program Files\Opera\32.0.1948.25\opera.exe

(Opera Software) C:\Program Files\Opera\32.0.1948.25\opera.exe

(Opera Software) C:\Program Files\Opera\32.0.1948.25\opera.exe

(Opera Software) C:\Program Files\Opera\32.0.1948.25\opera.exe

(Opera Software) C:\Program Files\Opera\32.0.1948.25\opera.exe

(Opera Software) C:\Program Files\Opera\32.0.1948.25\opera.exe

(Opera Software) C:\Program Files\Opera\32.0.1948.25\opera.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe



==================== Registry (Whitelisted) ===========================


(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-11-26] (Microsoft Corporation)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

BootExecute: autocheck autochk * sdnclean.exe

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION


==================== Internet (Whitelisted) ====================


(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{12FF66DF-C2B5-4FA9-9BA0-4C02BDED4B79}: [DhcpNameServer] 192.168.1.1


Internet Explorer:

==================

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKU\S-1-5-21-2419543767-738669550-1292418241-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-2419543767-738669550-1292418241-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-2419543767-738669550-1292418241-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-2419543767-738669550-1292418241-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-25] (Oracle Corporation)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-25] (Oracle Corporation)

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab


FireFox:

========

FF ProfilePath: C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\4h6kato1.default-1443576810151

FF Homepage: user_pref("browser.startup.homepage","hxxp://www.ebd123.com/?QD");user_pref("browser.taskbar.lastgroupid", "308046B0AF4A39CB");

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-22] ()

FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)

FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)

FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-25] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-25] (Oracle Corporation)

FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files\SkypeWebPlugin\3.2.0.23388\npSkypeWebPlugin.dll [2014-11-03] (Skype)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-29] (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-29] (Google Inc.)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)

FF Extension: Block site - C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\4h6kato1.default-1443576810151\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2015-09-30]

FF HKLM\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com

FF Extension: Wondershare Video Converter Ultimate - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com [2014-12-04]


Chrome:

=======

CHR Profile: C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Apresentações) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-29]

CHR Extension: (Google Docs) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-29]

CHR Extension: (Google Drive) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-29]

CHR Extension: (YouTube) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]

CHR Extension: (Google Search) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-29]

CHR Extension: (Planilhas do Google) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-29]

CHR Extension: (Documentos Google off-line) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-29]

CHR Extension: (Avast Online Security) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-09-30]

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-09-29]

CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-29]

CHR Extension: (Gmail) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-29]


==================== Services (Whitelisted) ========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


R3 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [433784 2015-06-16] (BlueStack Systems, Inc.)

R3 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [413304 2015-06-16] (BlueStack Systems, Inc.)

R3 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [831096 2015-07-21] (BlueStack Systems, Inc.)

S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [280680 2015-06-04] (Intel Corporation)

S3 ICCS; C:\Program Files\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [169752 2012-04-24] (Intel Corporation)

R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [462048 2012-04-20] (Intel® Corporation)

R2 jhi_service; C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)

S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)

R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5427472 2015-01-28] (TeamViewer GmbH)

R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-14] (VIA Technologies, Inc.)

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

S2 SvcHelper; C:\Program Files\OIViewer\SvcHlp.dll [X]


===================== Drivers (Whitelisted) ==========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [131704 2015-06-16] (BlueStack Systems)

R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [54968 2015-09-29] ()

R3 L1C; C:\Windows\System32\DRIVERS\L1C62x86.sys [99992 2012-07-19] (Qualcomm Atheros Co., Ltd.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)

R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [55104 2012-07-02] (Intel Corporation)

R1 usbabcd; C:\Windows\System32\Drivers\usbabcd.sys [334936 2015-09-16] ()

R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1839760 2012-08-14] (VIA Technologies, Inc.)

R3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [27496 2014-10-24] (Wondershare)

S0 Bhbase; System32\drivers\Bhbase.sys [X]

S3 catchme; \??\C:\Users\Rafael\AppData\Local\Temp\catchme.sys [X]

S3 eapihdrv; \??\C:\Users\Rafael\AppData\Local\Temp\ehdrv.sys [X]

S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]

S3 tsusbhub; system32\drivers\tsusbhub.sys [X]

S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]


==================== NetSvcs (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)



==================== One Month Created files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2015-09-30 22:28 - 2015-09-30 15:19 - 00789296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswC14D.tmp

2015-09-30 22:28 - 2015-09-30 15:19 - 00434184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswC2A9.tmp

2015-09-30 22:28 - 2015-09-30 15:19 - 00208664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswC2D9.tmp

2015-09-30 22:28 - 2015-09-30 15:19 - 00115640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswC376.tmp

2015-09-30 22:28 - 2015-09-30 15:19 - 00107984 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvC052.tmp

2015-09-30 22:28 - 2015-09-30 15:19 - 00081728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswC19C.tmp

2015-09-30 22:28 - 2015-09-30 15:19 - 00076000 _____ (AVAST Software) C:\Windows\system32\Drivers\aswC278.tmp

2015-09-30 22:28 - 2015-09-30 15:19 - 00049776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswC299.tmp

2015-09-30 22:28 - 2015-09-30 15:19 - 00024016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswC258.tmp

2015-09-30 21:41 - 2015-09-30 21:41 - 00290816 _____ C:\Windows\system32\usbabcdProxy.dat

2015-09-30 21:38 - 2015-09-30 21:38 - 00287216 _____ C:\Windows\system32\FNTCACHE.DAT

2015-09-30 21:38 - 2015-09-30 21:38 - 00000334 _____ C:\Windows\PFRO.log

2015-09-30 15:21 - 2015-09-30 15:21 - 00000000 ____D C:\Windows\system32\vbox

2015-09-30 15:21 - 2015-09-30 15:21 - 00000000 ____D C:\Users\Rafael\AppData\Roaming\AVAST Software

2015-09-30 15:20 - 2015-09-30 21:38 - 00000056 _____ C:\Windows\setupact.log

2015-09-30 15:20 - 2015-09-30 15:20 - 00002075 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk

2015-09-30 15:20 - 2015-09-30 15:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software

2015-09-30 15:20 - 2015-09-30 15:20 - 00000000 _____ C:\Windows\setuperr.log

2015-09-30 15:19 - 2015-09-30 15:19 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr

2015-09-30 15:04 - 2015-09-30 15:04 - 00000000 ____D C:\Program Files\AVAST Software

2015-09-30 15:03 - 2015-09-30 15:03 - 00064504 _____ C:\Users\Rafael\AppData\Local\GDIPFONTCACHEV1.DAT

2015-09-30 15:03 - 2015-09-30 15:03 - 00000000 ____D C:\ProgramData\AVAST Software

2015-09-30 15:02 - 2015-09-30 15:03 - 05481336 _____ (Avast Software s.r.o.) C:\Users\Rafael\Downloads\avast_free_antivirus_setup_online_cnet.exe

2015-09-30 10:07 - 2015-09-30 10:07 - 00004588 _____ C:\Users\Rafael\Desktop\attach.txt

2015-09-30 09:10 - 2015-09-30 21:44 - 00030590 _____ C:\Windows\WindowsUpdate.log

2015-09-30 00:21 - 2015-09-30 00:21 - 00000376 _____ C:\Users\Rafael\Downloads\Search.txt

2015-09-30 00:17 - 2015-09-30 22:33 - 00012314 _____ C:\Users\Rafael\Downloads\FRST.txt

2015-09-30 00:16 - 2015-09-30 00:17 - 01696256 _____ (Farbar) C:\Users\Rafael\Downloads\FRST.exe

2015-09-30 00:03 - 2015-09-30 00:03 - 00014678 _____ C:\ComboFix.txt

2015-09-29 23:54 - 2015-09-29 23:55 - 05636489 ____R (Swearware) C:\Users\Rafael\Downloads\ComboFix.exe

2015-09-29 23:21 - 2015-09-30 22:33 - 00000000 ___HD C:\Users\Rafael\AppData\Roaming\LockIE

2015-09-29 23:03 - 2015-09-29 23:24 - 00000000 ____D C:\ProgramData\HitmanPro

2015-09-29 23:01 - 2015-09-29 23:02 - 10367880 _____ (SurfRight B.V.) C:\Users\Rafael\Downloads\HitmanPro.exe

2015-09-29 22:45 - 2015-09-29 22:45 - 00054968 _____ C:\Windows\system32\Drivers\fsbts.sys

2015-09-29 22:44 - 2015-09-29 22:45 - 00000000 ____D C:\ProgramData\F-Secure

2015-09-29 22:44 - 2015-09-29 22:44 - 00000000 ____D C:\Users\Rafael\AppData\Local\F-Secure

2015-09-29 22:43 - 2015-09-29 22:43 - 00572456 _____ (F-Secure Corporation) C:\Users\Rafael\Downloads\F-SecureOnlineScanner.exe

2015-09-29 22:42 - 2015-09-29 22:43 - 00000000 ____D C:\Users\Rafael\AppData\Roaming\QuickScan

2015-09-29 22:35 - 2015-09-29 22:36 - 00688992 ____R (Swearware) C:\Users\Rafael\Downloads\dds(1).scr

2015-09-29 22:33 - 2015-09-29 22:33 - 00000000 ____D C:\Users\Rafael\Desktop\Dados anteriores do Firefox

2015-09-29 22:01 - 2015-09-29 22:01 - 00019107 _____ C:\ZA-Scan.txt

2015-09-29 21:41 - 2015-09-29 21:41 - 00002199 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2015-09-29 21:41 - 2015-09-29 21:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-09-29 21:26 - 2015-09-29 23:38 - 00000000 ____D C:\Users\Rafael\AppData\Local\VirtualStore

2015-09-29 15:24 - 2015-09-29 15:24 - 00448512 _____ (OldTimer Tools) C:\Users\Rafael\Downloads\TFC(1).exe

2015-09-29 15:17 - 2015-09-29 15:19 - 18801736 _____ C:\Users\Rafael\Downloads\RogueKiller.exe

2015-09-29 14:28 - 2015-09-29 14:29 - 00000000 ____D C:\ProgramData\Sophos

2015-09-29 14:27 - 2015-09-29 14:27 - 00002747 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk

2015-09-29 14:27 - 2015-09-29 14:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos

2015-09-29 14:27 - 2015-09-29 14:27 - 00000000 ____D C:\Program Files\Sophos

2015-09-29 14:23 - 2015-09-29 14:23 - 00000000 ____D C:\Program Files\Common Files\AV

2015-09-29 14:15 - 2015-09-29 14:26 - 134662048 _____ (Sophos Limited) C:\Users\Rafael\Downloads\Sophos Virus Removal Tool.exe

2015-09-29 14:09 - 2015-09-29 21:25 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2

2015-09-29 14:03 - 2015-09-29 14:07 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Rafael\Downloads\spybot-2.4.exe

2015-09-29 13:09 - 2015-09-29 14:01 - 00000000 ____D C:\Users\Rafael\AppData\Local\Mozilla

2015-09-29 13:09 - 2015-09-29 13:09 - 00001117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2015-09-29 13:09 - 2015-09-29 13:09 - 00000000 ____D C:\Users\Rafael\AppData\Roaming\Mozilla

2015-09-29 13:09 - 2015-09-29 13:09 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

2015-09-29 13:05 - 2015-09-29 13:05 - 00243768 _____ C:\Users\Rafael\Downloads\Firefox Setup Stub 41.0.exe

2015-09-29 10:19 - 2015-09-29 10:25 - 55698416 _____ C:\Users\Rafael\Downloads\GRASS ROOT RIDDIM [FULL PROMO] - FREE WILLY MUSIC.zip

2015-09-28 23:35 - 2015-09-28 23:38 - 00000000 ____D C:\Program Files\SpywareBlaster

2015-09-28 23:35 - 2015-09-28 23:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster

2015-09-28 23:29 - 2015-09-28 23:29 - 00029959 _____ C:\Users\Rafael\Downloads\regsv32a.exe

2015-09-28 23:29 - 1997-01-09 15:01 - 00001239 _____ C:\Users\Rafael\Downloads\REGSV32A.TXT

2015-09-28 23:29 - 1996-08-09 00:30 - 00030720 ____R (Microsoft Corporation) C:\Users\Rafael\Downloads\REGSVR32.EXE

2015-09-28 21:54 - 2015-09-28 21:54 - 00000000 ____D C:\Users\Rafael\Downloads\FRST-OlderVersion

2015-09-28 21:40 - 2015-09-28 21:40 - 00000000 ____D C:\TDSSKiller_Quarantine

2015-09-28 21:38 - 2015-09-28 21:39 - 04383777 _____ C:\Users\Rafael\Downloads\tdsskiller (1).zip

2015-09-28 21:25 - 2015-09-30 21:41 - 00000728 _____ C:\Windows\NvConfig.dat

2015-09-28 21:23 - 2015-09-28 21:23 - 00000126 _____ C:\Windows\nvse.dat

2015-09-28 21:23 - 2015-09-16 23:56 - 00334936 _____ C:\Windows\system32\Drivers\usbabcd.sys

2015-09-28 21:22 - 2015-09-28 21:22 - 00000102 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat

2015-09-28 20:52 - 2015-09-28 21:57 - 00000004 _____ C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7

2015-09-28 20:51 - 2015-06-10 22:43 - 00000027 _____ C:\Windows\system32\Drivers\etc\hp.bak

2015-09-25 13:04 - 2015-09-25 13:04 - 00000000 ____D C:\Users\Rafael\AppData\Local\CEF

2015-09-25 11:51 - 2015-09-25 11:51 - 00000000 ____D C:\Users\Rafael\AppData\Roaming\Sun

2015-09-25 11:51 - 2015-09-25 11:51 - 00000000 ____D C:\Users\Rafael\.oracle_jre_usage

2015-09-25 11:51 - 2015-09-25 11:51 - 00000000 ____D C:\Program Files\Common Files\Java

2015-09-23 22:37 - 2015-09-23 22:37 - 00929872 _____ (Google Inc.) C:\Users\Rafael\Downloads\ChromeSetup(1).exe

2015-09-23 12:30 - 2015-09-28 23:13 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

2015-09-23 12:30 - 2015-09-23 12:30 - 00000000 ____D C:\Program Files\Adobe

2015-09-23 12:23 - 2015-09-23 12:43 - 49695840 _____ (Oracle Corporation) C:\Users\Rafael\Downloads\jre-8u60-windows-i586.exe

2015-09-23 10:29 - 2015-09-23 10:38 - 101540296 _____ (Intel Corporation) C:\Users\Rafael\Downloads\win32_152824.exe

2015-09-23 10:12 - 2015-09-23 10:16 - 00000000 ____D C:\Windows\system32\MRT

2015-09-23 00:04 - 2015-09-23 00:06 - 15232481 _____ C:\Users\Rafael\Downloads\F_MRiddim (Soca 2015).zip

2015-09-22 23:18 - 2015-09-29 13:09 - 00000000 ____D C:\Program Files\Mozilla Firefox

2015-09-21 21:21 - 2015-09-21 21:22 - 11286878 _____ C:\Users\Rafael\Downloads\AIDONIA- 1V- NUH BORING GAL (BUDDY BRUKA) [RAW+CLEAN] - AJAN _ JAG ONE PRODUCTION.zip

2015-09-16 15:04 - 2015-09-28 23:13 - 00000959 _____ C:\Users\Public\Desktop\CCleaner.lnk

2015-09-12 12:43 - 2015-09-12 12:43 - 00000000 ____D C:\Program Files\Mythicsoft

2015-09-11 10:07 - 2015-09-11 10:07 - 00026243 _____ C:\Users\Rafael\Downloads\Addition.txt

2015-09-09 11:27 - 2015-09-09 11:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2015-09-09 11:27 - 2015-09-09 11:27 - 00000000 ____D C:\Program Files\Common Files\Skype

2015-09-09 10:19 - 2015-08-17 22:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2015-09-09 10:19 - 2015-08-15 03:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-09-09 10:19 - 2015-08-15 02:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2015-09-09 10:19 - 2015-08-15 02:53 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2015-09-09 10:19 - 2015-08-15 02:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-09-09 10:19 - 2015-08-15 02:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2015-09-09 10:19 - 2015-08-15 02:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2015-09-09 10:19 - 2015-08-15 02:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2015-09-09 10:19 - 2015-08-15 02:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2015-09-09 10:19 - 2015-08-15 02:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-09-09 10:19 - 2015-08-15 02:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2015-09-09 10:19 - 2015-08-15 02:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2015-09-09 10:19 - 2015-08-15 02:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-09-09 10:19 - 2015-08-15 02:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2015-09-09 10:19 - 2015-08-15 02:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2015-09-09 10:19 - 2015-08-15 02:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2015-09-09 10:19 - 2015-08-15 02:29 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2015-09-09 10:19 - 2015-08-15 02:24 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2015-09-09 10:19 - 2015-08-15 02:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-09-09 10:19 - 2015-08-15 02:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2015-09-09 10:19 - 2015-08-15 02:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2015-09-09 10:19 - 2015-08-15 02:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-09-09 10:19 - 2015-08-15 02:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-09-09 10:19 - 2015-08-15 02:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-09-09 10:19 - 2015-08-15 02:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-09-09 10:19 - 2015-08-15 02:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-09-09 10:19 - 2015-08-15 02:02 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2015-09-09 10:19 - 2015-08-15 02:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-09-09 10:19 - 2015-08-15 02:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2015-09-09 10:19 - 2015-08-15 01:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-09-09 10:19 - 2015-08-15 01:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-09-09 10:19 - 2015-08-15 01:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2015-09-09 10:13 - 2015-09-01 23:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll

2015-09-09 10:13 - 2015-09-01 23:48 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2015-09-09 10:13 - 2015-09-01 23:48 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll

2015-09-09 10:13 - 2015-09-01 23:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll

2015-09-09 10:13 - 2015-09-01 22:36 - 02384896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2015-09-09 10:13 - 2015-09-01 22:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2015-09-09 10:13 - 2015-08-05 14:41 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll

2015-09-09 10:13 - 2015-08-05 14:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll

2015-09-09 10:13 - 2015-08-05 14:40 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll

2015-09-09 10:13 - 2015-08-04 14:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll

2015-09-09 10:13 - 2015-08-04 14:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll

2015-09-09 10:13 - 2015-08-04 14:47 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll

2015-09-09 10:13 - 2015-08-04 14:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe

2015-09-09 10:13 - 2015-08-04 14:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe

2015-09-09 10:13 - 2015-08-04 13:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys

2015-09-09 10:03 - 2015-08-26 14:56 - 02953728 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2015-09-09 10:03 - 2015-08-26 14:56 - 02061824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2015-09-09 10:03 - 2015-08-26 14:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2015-09-09 10:03 - 2015-08-26 14:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2015-09-09 10:03 - 2015-08-26 14:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2015-09-09 10:03 - 2015-08-26 14:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll

2015-09-09 10:03 - 2015-08-26 14:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll

2015-09-09 10:03 - 2015-08-26 14:55 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2015-09-09 10:03 - 2015-08-26 14:55 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll

2015-09-09 10:03 - 2015-08-26 14:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2015-09-09 10:03 - 2015-08-26 14:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll

2015-09-09 10:03 - 2015-07-14 23:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2015-09-02 15:02 - 2015-09-02 15:07 - 57515714 _____ C:\Users\Rafael\Downloads\STEAMAZ RIDDIM [FULL PROMO] - BIGGY MUSIC.zip

2015-08-31 11:18 - 2015-08-31 11:19 - 01618432 _____ C:\Users\Rafael\Downloads\adwcleaner_5.004.exe


==================== One Month Modified files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2015-09-30 22:33 - 2015-02-16 10:39 - 00000000 ____D C:\FRST

2015-09-30 22:30 - 2015-01-14 13:37 - 00000000 ____D C:\AdwCleaner

2015-09-30 21:39 - 2009-07-14 01:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2015-09-30 15:29 - 2009-07-14 01:34 - 00016960 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-09-30 15:29 - 2009-07-14 01:34 - 00016960 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-09-30 15:28 - 2014-11-24 22:12 - 00000000 ____D C:\Users\Rafael\AppData\Roaming\DC++

2015-09-30 09:51 - 2014-11-25 12:19 - 00000000 ____D C:\Users\Rafael\AppData\Local\Google

2015-09-30 09:38 - 2014-12-29 10:41 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-09-30 09:08 - 2015-07-23 23:41 - 00000000 ____D C:\Users\Rafael\AppData\Local\CrashDumps

2015-09-30 00:19 - 2014-11-25 11:30 - 00000000 ____D C:\Users\Rafael\AppData\Roaming\foobar2000

2015-09-30 00:03 - 2015-01-14 13:41 - 00000000 ____D C:\Qoobox

2015-09-30 00:02 - 2009-07-13 23:04 - 00000215 _____ C:\Windows\system.ini

2015-09-29 23:34 - 2014-11-24 22:12 - 00000000 ____D C:\Users\Rafael\AppData\Local\DC++

2015-09-29 21:41 - 2014-11-25 12:19 - 00000000 ____D C:\Program Files\Google

2015-09-29 15:21 - 2015-07-23 23:33 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys

2015-09-29 12:47 - 2015-04-06 21:45 - 00000000 ____D C:\Users\Rafael\AppData\Roaming\TeamViewer

2015-09-28 23:40 - 2015-04-21 19:45 - 00000000 ____D C:\ProgramData\TEMP

2015-09-28 23:15 - 2009-07-13 23:37 - 00000000 __RSD C:\Windows\Media

2015-09-28 23:13 - 2015-06-07 22:36 - 00001054 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-09-28 23:13 - 2015-02-01 13:16 - 00000853 _____ C:\Users\Rafael\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk

2015-09-28 23:13 - 2015-01-29 11:16 - 00000989 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk

2015-09-28 23:13 - 2015-01-29 11:16 - 00000983 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk

2015-09-28 23:13 - 2014-11-25 18:36 - 00000947 _____ C:\Users\Public\Desktop\ApexDC++.lnk

2015-09-28 23:13 - 2014-11-25 11:30 - 00001059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk

2015-09-28 23:13 - 2014-11-24 21:37 - 00000940 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk

2015-09-28 23:13 - 2014-11-24 15:01 - 00001088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD VDeck.lnk

2015-09-28 23:13 - 2014-11-24 15:01 - 00001082 _____ C:\Users\Public\Desktop\HD VDeck.lnk

2015-09-28 23:13 - 2009-10-14 06:52 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk

2015-09-28 23:13 - 2009-10-14 06:52 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk

2015-09-28 23:13 - 2009-07-14 01:46 - 00001479 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

2015-09-28 23:13 - 2009-07-14 01:46 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk

2015-09-28 23:13 - 2009-07-14 01:42 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk

2015-09-28 23:13 - 2009-07-14 01:42 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk

2015-09-28 23:13 - 2009-07-14 01:42 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk

2015-09-28 23:13 - 2009-07-14 01:37 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk

2015-09-28 21:50 - 2014-12-29 10:27 - 00000000 ____D C:\Users\Rafael\Downloads\backups

2015-09-28 21:30 - 2015-01-14 13:41 - 00000000 ____D C:\Windows\erdnt

2015-09-28 21:30 - 2009-07-13 23:03 - 46923776 _____ C:\Windows\system32\config\SOFTWARE.bak

2015-09-28 21:30 - 2009-07-13 23:03 - 15466496 _____ C:\Windows\system32\config\SYSTEM.bak

2015-09-28 21:30 - 2009-07-13 23:03 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak

2015-09-28 21:30 - 2009-07-13 23:03 - 00262144 _____ C:\Windows\system32\config\SAM.bak

2015-09-28 21:30 - 2009-07-13 23:03 - 00262144 _____ C:\Windows\system32\config\DEFAULT.bak

2015-09-28 20:53 - 2009-07-13 23:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy

2015-09-27 21:31 - 2009-07-14 01:53 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2015-09-27 13:33 - 2014-11-25 18:37 - 00000000 ____D C:\Users\Rafael\AppData\Roaming\ApexDC++

2015-09-27 13:27 - 2009-11-11 02:43 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI

2015-09-26 21:53 - 2014-12-29 10:00 - 00000000 ____D C:\Users\Rafael\AppData\Roaming\Skype

2015-09-25 14:38 - 2015-06-28 02:12 - 00000000 ____D C:\Users\Rafael\Downloads\Carbon Copy Riddim - Platta Recordings

2015-09-25 13:04 - 2014-11-25 12:14 - 00000000 ____D C:\Users\Rafael\AppData\Local\Adobe

2015-09-25 11:51 - 2014-12-01 12:23 - 00097888 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

2015-09-25 11:51 - 2014-12-01 12:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2015-09-25 11:51 - 2014-11-24 14:52 - 00000000 ____D C:\Users\Rafael

2015-09-25 11:50 - 2014-12-01 12:22 - 00000000 ____D C:\Program Files\Java

2015-09-23 12:30 - 2015-01-28 23:40 - 00000000 ____D C:\ProgramData\Adobe

2015-09-23 12:30 - 2015-01-28 23:40 - 00000000 ____D C:\Program Files\Common Files\Adobe

2015-09-23 10:42 - 2014-11-24 15:04 - 00018260 _____ C:\Windows\system32\results.xml

2015-09-23 10:41 - 2015-01-29 11:16 - 00000000 ____D C:\Program Files\TeamViewer

2015-09-23 10:40 - 2014-11-24 14:54 - 00000000 ____D C:\Program Files\Intel

2015-09-22 21:25 - 2015-08-07 23:29 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-09-22 09:49 - 2015-01-28 23:49 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2015-09-22 09:49 - 2015-01-28 23:49 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2015-09-16 15:10 - 2014-11-24 21:31 - 00000000 ____D C:\Program Files\Opera

2015-09-16 15:04 - 2014-11-24 21:29 - 00000000 ____D C:\Program Files\CCleaner

2015-09-12 15:13 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\rescache

2015-09-11 00:30 - 2015-02-01 13:16 - 00000000 ____D C:\Users\Rafael\AppData\Roaming\BitTorrent

2015-09-10 13:45 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\Microsoft.NET

2015-09-09 15:53 - 2015-06-15 11:59 - 00000000 ____D C:\Users\Rafael\Documents\projeto

2015-09-09 15:51 - 2009-07-14 04:50 - 00000000 ____D C:\Program Files\Windows Journal

2015-09-09 11:27 - 2015-03-03 14:44 - 00000000 ___RD C:\Program Files\Skype

2015-09-09 11:27 - 2014-12-29 10:00 - 00000000 ____D C:\ProgramData\Skype

2015-09-02 00:12 - 2014-11-24 22:12 - 00000000 ____D C:\Users\Rafael\Desktop\dc++

2015-08-31 11:42 - 2014-11-24 15:01 - 00000662 _____ C:\Users\Rafael\Desktop\New Text Document.txt


==================== Files in the root of some directories =======


2015-09-28 21:22 - 2015-09-28 21:22 - 0000102 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat


Some files in TEMP:

====================

C:\Users\Rafael\AppData\Local\temp\sqlite3.dll



==================== Bamital & volsnap =================


(There is no automatic fix for files that do not pass verification.)


C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed



LastRegBack: 2015-09-24 18:03


==================== End of FRST.txt ============================

Share this post


Link to post
Share on other sites

Hello

 

Both AdwCleaner and FRST are running from your downloads folder.

Running from : C:\Users\Rafael\Downloads\adwcleaner_5.004.exe

 

To function correctly these programs need to be run from the Desktop.

Please open AdwCleaner and press uninstall.

Please delete all the FRST folders to the Recycle Bin.

Finally, go back to post #2, follow the instructions and post fresh logs.

 

 

Rocket Grannie

Share this post


Link to post
Share on other sites
# AdwCleaner v5.009 - Logfile created 01/10/2015 at 09:49:15

# Updated 27/09/2015 by Xplode

# Database : 2015-09-30.1 [server]

# Operating system : Windows 7 Ultimate Service Pack 1 (x86)

# Username : Rafael - RAFAEL-PC

# Running from : C:\Users\Rafael\Desktop\AdwCleaner.exe

# Option : Scan



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****



***** [ Shortcuts ] *****



***** [ Scheduled tasks ] *****


Task Found : Adobe Flash Player Updater


***** [ Registry ] *****



***** [ Web browsers ] *****



########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [597 bytes] ##########







Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:30-09-2015

Ran by Rafael (administrator) on RAFAEL-PC (01-10-2015 09:50:40)

Running from C:\Users\Rafael\Desktop

Loaded Profiles: Rafael (Available Profiles: Rafael)

Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal



==================== Processes (Whitelisted) =================


(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe

(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe

(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Agent.exe

(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-UpdaterService.exe

(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe



==================== Registry (Whitelisted) ===========================


(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-11-26] (Microsoft Corporation)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

BootExecute: autocheck autochk * sdnclean.exe

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION


==================== Internet (Whitelisted) ====================


(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{12FF66DF-C2B5-4FA9-9BA0-4C02BDED4B79}: [DhcpNameServer] 192.168.1.1


Internet Explorer:

==================

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKU\S-1-5-21-2419543767-738669550-1292418241-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-2419543767-738669550-1292418241-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-2419543767-738669550-1292418241-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-2419543767-738669550-1292418241-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-25] (Oracle Corporation)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-25] (Oracle Corporation)

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab


FireFox:

========

FF ProfilePath: C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\4h6kato1.default-1443576810151

FF Homepage: user_pref("browser.startup.homepage","hxxp://www.ebd123.com/?QD");user_pref("browser.startup.homepage_override.mstone", "41.0.1");

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-22] ()

FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)

FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)

FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-25] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-25] (Oracle Corporation)

FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files\SkypeWebPlugin\3.2.0.23388\npSkypeWebPlugin.dll [2014-11-03] (Skype)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-29] (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-29] (Google Inc.)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)

FF Extension: Block site - C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\4h6kato1.default-1443576810151\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2015-09-30]

FF HKLM\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com

FF Extension: Wondershare Video Converter Ultimate - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com [2014-12-04]


Chrome:

=======

CHR Profile: C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Apresentações) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-29]

CHR Extension: (Google Docs) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-29]

CHR Extension: (Google Drive) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-29]

CHR Extension: (YouTube) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]

CHR Extension: (Google Search) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-29]

CHR Extension: (Planilhas do Google) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-29]

CHR Extension: (Documentos Google off-line) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-29]

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-09-29]

CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-29]

CHR Extension: (Gmail) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-29]


==================== Services (Whitelisted) ========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


S3 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [433784 2015-06-16] (BlueStack Systems, Inc.)

R3 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [413304 2015-06-16] (BlueStack Systems, Inc.)

R3 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [831096 2015-07-21] (BlueStack Systems, Inc.)

S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [280680 2015-06-04] (Intel Corporation)

S3 ICCS; C:\Program Files\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [169752 2012-04-24] (Intel Corporation)

R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [462048 2012-04-20] (Intel® Corporation)

R2 jhi_service; C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)

S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)

R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5427472 2015-01-28] (TeamViewer GmbH)

R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-14] (VIA Technologies, Inc.)

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

S2 SvcHelper; C:\Program Files\OIViewer\SvcHlp.dll [X]


===================== Drivers (Whitelisted) ==========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [131704 2015-06-16] (BlueStack Systems)

R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [54968 2015-09-29] ()

R3 L1C; C:\Windows\System32\DRIVERS\L1C62x86.sys [99992 2012-07-19] (Qualcomm Atheros Co., Ltd.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)

R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [55104 2012-07-02] (Intel Corporation)

R1 usbabcd; C:\Windows\System32\Drivers\usbabcd.sys [334936 2015-09-16] ()

R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1839760 2012-08-14] (VIA Technologies, Inc.)

R3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [27496 2014-10-24] (Wondershare)

S0 Bhbase; System32\drivers\Bhbase.sys [X]

S3 catchme; \??\C:\Users\Rafael\AppData\Local\Temp\catchme.sys [X]

S3 eapihdrv; \??\C:\Users\Rafael\AppData\Local\Temp\ehdrv.sys [X]

S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]

S3 tsusbhub; system32\drivers\tsusbhub.sys [X]

S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]


==================== NetSvcs (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)



==================== One Month Created files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2015-10-01 09:50 - 2015-10-01 09:51 - 00010913 _____ C:\Users\Rafael\Desktop\FRST.txt

2015-10-01 09:48 - 2015-10-01 09:48 - 01696256 _____ (Farbar) C:\Users\Rafael\Desktop\FRST.exe

2015-10-01 09:41 - 2015-10-01 09:42 - 01670656 _____ C:\Users\Rafael\Desktop\AdwCleaner.exe

2015-10-01 09:39 - 2015-10-01 09:39 - 00290816 _____ C:\Windows\system32\usbabcdProxy.dat

2015-09-30 23:04 - 2015-10-01 09:38 - 00000000 ____D C:\Program Files\Mozilla Firefox

2015-09-30 21:38 - 2015-10-01 09:38 - 00479698 _____ C:\Windows\PFRO.log

2015-09-30 21:38 - 2015-09-30 21:38 - 00287216 _____ C:\Windows\system32\FNTCACHE.DAT

2015-09-30 15:21 - 2015-09-30 15:21 - 00000000 ____D C:\Windows\system32\vbox

2015-09-30 15:20 - 2015-10-01 09:38 - 00000224 _____ C:\Windows\setupact.log

2015-09-30 15:20 - 2015-09-30 15:20 - 00000000 _____ C:\Windows\setuperr.log

2015-09-30 15:03 - 2015-09-30 22:36 - 00000000 ____D C:\ProgramData\AVAST Software

2015-09-30 15:03 - 2015-09-30 15:03 - 00064504 _____ C:\Users\Rafael\AppData\Local\GDIPFONTCACHEV1.DAT

2015-09-30 15:02 - 2015-09-30 15:03 - 05481336 _____ (Avast Software s.r.o.) C:\Users\Rafael\Downloads\avast_free_antivirus_setup_online_cnet.exe

2015-09-30 10:07 - 2015-09-30 10:07 - 00004588 _____ C:\Users\Rafael\Desktop\attach.txt

2015-09-30 09:10 - 2015-10-01 09:49 - 00066814 _____ C:\Windows\WindowsUpdate.log

2015-09-30 00:21 - 2015-09-30 00:21 - 00000376 _____ C:\Users\Rafael\Downloads\Search.txt

2015-09-30 00:03 - 2015-09-30 00:03 - 00014678 _____ C:\ComboFix.txt

2015-09-29 23:54 - 2015-09-29 23:55 - 05636489 ____R (Swearware) C:\Users\Rafael\Downloads\ComboFix.exe

2015-09-29 23:21 - 2015-10-01 09:50 - 00000000 ___HD C:\Users\Rafael\AppData\Roaming\LockIE

2015-09-29 23:03 - 2015-09-29 23:24 - 00000000 ____D C:\ProgramData\HitmanPro

2015-09-29 23:01 - 2015-09-29 23:02 - 10367880 _____ (SurfRight B.V.) C:\Users\Rafael\Downloads\HitmanPro.exe

2015-09-29 22:45 - 2015-09-29 22:45 - 00054968 _____ C:\Windows\system32\Drivers\fsbts.sys

2015-09-29 22:44 - 2015-09-29 22:45 - 00000000 ____D C:\ProgramData\F-Secure

2015-09-29 22:44 - 2015-09-29 22:44 - 00000000 ____D C:\Users\Rafael\AppData\Local\F-Secure

2015-09-29 22:43 - 2015-09-29 22:43 - 00572456 _____ (F-Secure Corporation) C:\Users\Rafael\Downloads\F-SecureOnlineScanner.exe

2015-09-29 22:42 - 2015-09-29 22:43 - 00000000 ____D C:\Users\Rafael\AppData\Roaming\QuickScan

2015-09-29 22:35 - 2015-09-29 22:36 - 00688992 ____R (Swearware) C:\Users\Rafael\Downloads\dds(1).scr

2015-09-29 22:33 - 2015-09-29 22:33 - 00000000 ____D C:\Users\Rafael\Desktop\Dados anteriores do Firefox

2015-09-29 22:01 - 2015-09-29 22:01 - 00019107 _____ C:\ZA-Scan.txt

2015-09-29 21:41 - 2015-09-29 21:41 - 00002199 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2015-09-29 21:41 - 2015-09-29 21:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-09-29 21:26 - 2015-09-29 23:38 - 00000000 ____D C:\Users\Rafael\AppData\Local\VirtualStore

2015-09-29 15:24 - 2015-09-29 15:24 - 00448512 _____ (OldTimer Tools) C:\Users\Rafael\Downloads\TFC(1).exe

2015-09-29 15:17 - 2015-09-29 15:19 - 18801736 _____ C:\Users\Rafael\Downloads\RogueKiller.exe

2015-09-29 14:28 - 2015-09-29 14:29 - 00000000 ____D C:\ProgramData\Sophos

2015-09-29 14:27 - 2015-09-29 14:27 - 00002747 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk

2015-09-29 14:27 - 2015-09-29 14:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos

2015-09-29 14:27 - 2015-09-29 14:27 - 00000000 ____D C:\Program Files\Sophos

2015-09-29 14:23 - 2015-09-29 14:23 - 00000000 ____D C:\Program Files\Common Files\AV

2015-09-29 14:15 - 2015-09-29 14:26 - 134662048 _____ (Sophos Limited) C:\Users\Rafael\Downloads\Sophos Virus Removal Tool.exe

2015-09-29 14:09 - 2015-09-29 21:25 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2

2015-09-29 14:03 - 2015-09-29 14:07 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Rafael\Downloads\spybot-2.4.exe

2015-09-29 13:09 - 2015-10-01 09:38 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

2015-09-29 13:09 - 2015-09-29 14:01 - 00000000 ____D C:\Users\Rafael\AppData\Local\Mozilla

2015-09-29 13:09 - 2015-09-29 13:09 - 00001117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2015-09-29 13:09 - 2015-09-29 13:09 - 00000000 ____D C:\Users\Rafael\AppData\Roaming\Mozilla

2015-09-29 13:05 - 2015-09-29 13:05 - 00243768 _____ C:\Users\Rafael\Downloads\Firefox Setup Stub 41.0.exe

2015-09-29 10:19 - 2015-09-29 10:25 - 55698416 _____ C:\Users\Rafael\Downloads\GRASS ROOT RIDDIM [FULL PROMO] - FREE WILLY MUSIC.zip

2015-09-28 23:35 - 2015-09-28 23:38 - 00000000 ____D C:\Program Files\SpywareBlaster

2015-09-28 23:35 - 2015-09-28 23:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster

2015-09-28 23:29 - 2015-09-28 23:29 - 00029959 _____ C:\Users\Rafael\Downloads\regsv32a.exe

2015-09-28 23:29 - 1997-01-09 15:01 - 00001239 _____ C:\Users\Rafael\Downloads\REGSV32A.TXT

2015-09-28 23:29 - 1996-08-09 00:30 - 00030720 ____R (Microsoft Corporation) C:\Users\Rafael\Downloads\REGSVR32.EXE

2015-09-28 21:40 - 2015-09-28 21:40 - 00000000 ____D C:\TDSSKiller_Quarantine

2015-09-28 21:38 - 2015-09-28 21:39 - 04383777 _____ C:\Users\Rafael\Downloads\tdsskiller (1).zip

2015-09-28 21:25 - 2015-10-01 09:39 - 00000728 _____ C:\Windows\NvConfig.dat

2015-09-28 21:23 - 2015-09-28 21:23 - 00000126 _____ C:\Windows\nvse.dat

2015-09-28 21:23 - 2015-09-16 23:56 - 00334936 _____ C:\Windows\system32\Drivers\usbabcd.sys

2015-09-28 21:22 - 2015-09-28 21:22 - 00000102 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat

2015-09-28 20:52 - 2015-09-28 21:57 - 00000004 _____ C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7

2015-09-28 20:51 - 2015-06-10 22:43 - 00000027 _____ C:\Windows\system32\Drivers\etc\hp.bak

2015-09-25 13:04 - 2015-09-25 13:04 - 00000000 ____D C:\Users\Rafael\AppData\Local\CEF

2015-09-25 11:51 - 2015-09-25 11:51 - 00000000 ____D C:\Users\Rafael\AppData\Roaming\Sun

2015-09-25 11:51 - 2015-09-25 11:51 - 00000000 ____D C:\Users\Rafael\.oracle_jre_usage

2015-09-25 11:51 - 2015-09-25 11:51 - 00000000 ____D C:\Program Files\Common Files\Java

2015-09-23 22:37 - 2015-09-23 22:37 - 00929872 _____ (Google Inc.) C:\Users\Rafael\Downloads\ChromeSetup(1).exe

2015-09-23 12:30 - 2015-09-28 23:13 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

2015-09-23 12:30 - 2015-09-23 12:30 - 00000000 ____D C:\Program Files\Adobe

2015-09-23 12:23 - 2015-09-23 12:43 - 49695840 _____ (Oracle Corporation) C:\Users\Rafael\Downloads\jre-8u60-windows-i586.exe

2015-09-23 10:29 - 2015-09-23 10:38 - 101540296 _____ (Intel Corporation) C:\Users\Rafael\Downloads\win32_152824.exe

2015-09-23 10:12 - 2015-09-23 10:16 - 00000000 ____D C:\Windows\system32\MRT

2015-09-23 00:04 - 2015-09-23 00:06 - 15232481 _____ C:\Users\Rafael\Downloads\F_MRiddim (Soca 2015).zip

2015-09-21 21:21 - 2015-09-21 21:22 - 11286878 _____ C:\Users\Rafael\Downloads\AIDONIA- 1V- NUH BORING GAL (BUDDY BRUKA) [RAW+CLEAN] - AJAN _ JAG ONE PRODUCTION.zip

2015-09-16 15:04 - 2015-09-28 23:13 - 00000959 _____ C:\Users\Public\Desktop\CCleaner.lnk

2015-09-12 12:43 - 2015-09-12 12:43 - 00000000 ____D C:\Program Files\Mythicsoft

2015-09-11 10:07 - 2015-09-11 10:07 - 00026243 _____ C:\Users\Rafael\Downloads\Addition.txt

2015-09-09 11:27 - 2015-09-09 11:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2015-09-09 11:27 - 2015-09-09 11:27 - 00000000 ____D C:\Program Files\Common Files\Skype

2015-09-09 10:19 - 2015-08-17 22:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2015-09-09 10:19 - 2015-08-15 03:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-09-09 10:19 - 2015-08-15 02:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2015-09-09 10:19 - 2015-08-15 02:53 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2015-09-09 10:19 - 2015-08-15 02:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-09-09 10:19 - 2015-08-15 02:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2015-09-09 10:19 - 2015-08-15 02:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2015-09-09 10:19 - 2015-08-15 02:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2015-09-09 10:19 - 2015-08-15 02:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2015-09-09 10:19 - 2015-08-15 02:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-09-09 10:19 - 2015-08-15 02:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2015-09-09 10:19 - 2015-08-15 02:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2015-09-09 10:19 - 2015-08-15 02:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-09-09 10:19 - 2015-08-15 02:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2015-09-09 10:19 - 2015-08-15 02:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2015-09-09 10:19 - 2015-08-15 02:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2015-09-09 10:19 - 2015-08-15 02:29 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2015-09-09 10:19 - 2015-08-15 02:24 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2015-09-09 10:19 - 2015-08-15 02:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-09-09 10:19 - 2015-08-15 02:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2015-09-09 10:19 - 2015-08-15 02:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2015-09-09 10:19 - 2015-08-15 02:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-09-09 10:19 - 2015-08-15 02:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-09-09 10:19 - 2015-08-15 02:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-09-09 10:19 - 2015-08-15 02:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-09-09 10:19 - 2015-08-15 02:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-09-09 10:19 - 2015-08-15 02:02 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2015-09-09 10:19 - 2015-08-15 02:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-09-09 10:19 - 2015-08-15 02:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2015-09-09 10:19 - 2015-08-15 01:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-09-09 10:19 - 2015-08-15 01:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-09-09 10:19 - 2015-08-15 01:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2015-09-09 10:13 - 2015-09-01 23:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll

2015-09-09 10:13 - 2015-09-01 23:48 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2015-09-09 10:13 - 2015-09-01 23:48 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll

2015-09-09 10:13 - 2015-09-01 23:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll

2015-09-09 10:13 - 2015-09-01 22:36 - 02384896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2015-09-09 10:13 - 2015-09-01 22:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2015-09-09 10:13 - 2015-08-05 14:41 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll

2015-09-09 10:13 - 2015-08-05 14:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll

2015-09-09 10:13 - 2015-08-05 14:40 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll

2015-09-09 10:13 - 2015-08-04 14:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll

2015-09-09 10:13 - 2015-08-04 14:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll

2015-09-09 10:13 - 2015-08-04 14:47 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll

2015-09-09 10:13 - 2015-08-04 14:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe

2015-09-09 10:13 - 2015-08-04 14:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe

2015-09-09 10:13 - 2015-08-04 13:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys

2015-09-09 10:03 - 2015-08-26 14:56 - 02953728 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2015-09-09 10:03 - 2015-08-26 14:56 - 02061824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2015-09-09 10:03 - 2015-08-26 14:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2015-09-09 10:03 - 2015-08-26 14:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2015-09-09 10:03 - 2015-08-26 14:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2015-09-09 10:03 - 2015-08-26 14:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll

2015-09-09 10:03 - 2015-08-26 14:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll

2015-09-09 10:03 - 2015-08-26 14:55 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2015-09-09 10:03 - 2015-08-26 14:55 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll

2015-09-09 10:03 - 2015-08-26 14:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2015-09-09 10:03 - 2015-08-26 14:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll

2015-09-09 10:03 - 2015-07-14 23:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2015-09-02 15:02 - 2015-09-02 15:07 - 57515714 _____ C:\Users\Rafael\Downloads\STEAMAZ RIDDIM [FULL PROMO] - BIGGY MUSIC.zip


==================== One Month Modified files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2015-10-01 09:50 - 2015-02-16 10:39 - 00000000 ____D C:\FRST

2015-10-01 09:49 - 2015-01-14 13:37 - 00000000 ____D C:\AdwCleaner

2015-10-01 09:38 - 2009-07-14 01:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2015-10-01 00:35 - 2009-07-14 01:34 - 00016960 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-10-01 00:35 - 2009-07-14 01:34 - 00016960 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-09-30 23:53 - 2014-11-25 11:30 - 00000000 ____D C:\Users\Rafael\AppData\Roaming\foobar2000

2015-09-30 15:28 - 2014-11-24 22:12 - 00000000 ____D C:\Users\Rafael\AppData\Roaming\DC++

2015-09-30 09:51 - 2014-11-25 12:19 - 00000000 ____D C:\Users\Rafael\AppData\Local\Google

2015-09-30 09:38 - 2014-12-29 10:41 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-09-30 09:08 - 2015-07-23 23:41 - 00000000 ____D C:\Users\Rafael\AppData\Local\CrashDumps

2015-09-30 00:03 - 2015-01-14 13:41 - 00000000 ____D C:\Qoobox

2015-09-30 00:02 - 2009-07-13 23:04 - 00000215 _____ C:\Windows\system.ini

2015-09-29 23:34 - 2014-11-24 22:12 - 00000000 ____D C:\Users\Rafael\AppData\Local\DC++

2015-09-29 21:41 - 2014-11-25 12:19 - 00000000 ____D C:\Program Files\Google

2015-09-29 15:21 - 2015-07-23 23:33 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys

2015-09-29 12:47 - 2015-04-06 21:45 - 00000000 ____D C:\Users\Rafael\AppData\Roaming\TeamViewer

2015-09-28 23:40 - 2015-04-21 19:45 - 00000000 ____D C:\ProgramData\TEMP

2015-09-28 23:15 - 2009-07-13 23:37 - 00000000 __RSD C:\Windows\Media

2015-09-28 23:13 - 2015-06-07 22:36 - 00001054 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-09-28 23:13 - 2015-02-01 13:16 - 00000853 _____ C:\Users\Rafael\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk

2015-09-28 23:13 - 2015-01-29 11:16 - 00000989 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk

2015-09-28 23:13 - 2015-01-29 11:16 - 00000983 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk

2015-09-28 23:13 - 2014-11-25 18:36 - 00000947 _____ C:\Users\Public\Desktop\ApexDC++.lnk

2015-09-28 23:13 - 2014-11-25 11:30 - 00001059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk

2015-09-28 23:13 - 2014-11-24 21:37 - 00000940 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk

2015-09-28 23:13 - 2014-11-24 15:01 - 00001088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD VDeck.lnk

2015-09-28 23:13 - 2014-11-24 15:01 - 00001082 _____ C:\Users\Public\Desktop\HD VDeck.lnk

2015-09-28 23:13 - 2009-10-14 06:52 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk

2015-09-28 23:13 - 2009-10-14 06:52 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk

2015-09-28 23:13 - 2009-07-14 01:46 - 00001479 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

2015-09-28 23:13 - 2009-07-14 01:46 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk

2015-09-28 23:13 - 2009-07-14 01:42 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk

2015-09-28 23:13 - 2009-07-14 01:42 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk

2015-09-28 23:13 - 2009-07-14 01:42 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk

2015-09-28 23:13 - 2009-07-14 01:37 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk

2015-09-28 21:50 - 2014-12-29 10:27 - 00000000 ____D C:\Users\Rafael\Downloads\backups

2015-09-28 21:30 - 2015-01-14 13:41 - 00000000 ____D C:\Windows\erdnt

2015-09-28 21:30 - 2009-07-13 23:03 - 46923776 _____ C:\Windows\system32\config\SOFTWARE.bak

2015-09-28 21:30 - 2009-07-13 23:03 - 15466496 _____ C:\Windows\system32\config\SYSTEM.bak

2015-09-28 21:30 - 2009-07-13 23:03 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak

2015-09-28 21:30 - 2009-07-13 23:03 - 00262144 _____ C:\Windows\system32\config\SAM.bak

2015-09-28 21:30 - 2009-07-13 23:03 - 00262144 _____ C:\Windows\system32\config\DEFAULT.bak

2015-09-28 20:53 - 2009-07-13 23:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy

2015-09-27 21:31 - 2009-07-14 01:53 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2015-09-27 13:33 - 2014-11-25 18:37 - 00000000 ____D C:\Users\Rafael\AppData\Roaming\ApexDC++

2015-09-27 13:27 - 2009-11-11 02:43 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI

2015-09-26 21:53 - 2014-12-29 10:00 - 00000000 ____D C:\Users\Rafael\AppData\Roaming\Skype

2015-09-25 14:38 - 2015-06-28 02:12 - 00000000 ____D C:\Users\Rafael\Downloads\Carbon Copy Riddim - Platta Recordings

2015-09-25 13:04 - 2014-11-25 12:14 - 00000000 ____D C:\Users\Rafael\AppData\Local\Adobe

2015-09-25 11:51 - 2014-12-01 12:23 - 00097888 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

2015-09-25 11:51 - 2014-12-01 12:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2015-09-25 11:51 - 2014-11-24 14:52 - 00000000 ____D C:\Users\Rafael

2015-09-25 11:50 - 2014-12-01 12:22 - 00000000 ____D C:\Program Files\Java

2015-09-23 12:30 - 2015-01-28 23:40 - 00000000 ____D C:\ProgramData\Adobe

2015-09-23 12:30 - 2015-01-28 23:40 - 00000000 ____D C:\Program Files\Common Files\Adobe

2015-09-23 10:42 - 2014-11-24 15:04 - 00018260 _____ C:\Windows\system32\results.xml

2015-09-23 10:41 - 2015-01-29 11:16 - 00000000 ____D C:\Program Files\TeamViewer

2015-09-23 10:40 - 2014-11-24 14:54 - 00000000 ____D C:\Program Files\Intel

2015-09-22 21:25 - 2015-08-07 23:29 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-09-22 09:49 - 2015-01-28 23:49 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2015-09-22 09:49 - 2015-01-28 23:49 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2015-09-16 15:10 - 2014-11-24 21:31 - 00000000 ____D C:\Program Files\Opera

2015-09-16 15:04 - 2014-11-24 21:29 - 00000000 ____D C:\Program Files\CCleaner

2015-09-12 15:13 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\rescache

2015-09-11 00:30 - 2015-02-01 13:16 - 00000000 ____D C:\Users\Rafael\AppData\Roaming\BitTorrent

2015-09-10 13:45 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\Microsoft.NET

2015-09-09 15:53 - 2015-06-15 11:59 - 00000000 ____D C:\Users\Rafael\Documents\projeto

2015-09-09 15:51 - 2009-07-14 04:50 - 00000000 ____D C:\Program Files\Windows Journal

2015-09-09 11:27 - 2015-03-03 14:44 - 00000000 ___RD C:\Program Files\Skype

2015-09-09 11:27 - 2014-12-29 10:00 - 00000000 ____D C:\ProgramData\Skype

2015-09-02 00:12 - 2014-11-24 22:12 - 00000000 ____D C:\Users\Rafael\Desktop\dc++


==================== Files in the root of some directories =======


2015-09-28 21:22 - 2015-09-28 21:22 - 0000102 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat


==================== Bamital & volsnap =================


(There is no automatic fix for files that do not pass verification.)


C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed



LastRegBack: 2015-09-24 18:03


==================== End of FRST.txt ============================









Additional scan result of Farbar Recovery Scan Tool (x86) Version:30-09-2015

Ran by Rafael (2015-10-01 09:51:12)

Running from C:\Users\Rafael\Desktop

Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2014-11-24 17:52:35)

Boot Mode: Normal

==========================================================



==================== Accounts: =============================


Administrator (S-1-5-21-2419543767-738669550-1292418241-500 - Administrator - Disabled)

Guest (S-1-5-21-2419543767-738669550-1292418241-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2419543767-738669550-1292418241-1002 - Limited - Enabled)

Rafael (S-1-5-21-2419543767-738669550-1292418241-1000 - Administrator - Enabled) => C:\Users\Rafael


==================== Security Center ========================


(If an entry is included in the fixlist, it will be removed.)


AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


==================== Installed Programs ======================


(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


Adobe Acrobat Reader DC - Português (HKLM\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)

Adobe Flash Player 18 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)

Adobe Flash Player 19 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)

ApexDC++ 1.6.0 (HKLM\...\{43D1A6DC-F2D3-4EBC-8851-CC8B9C0C8763}_is1) (Version: 1.6.0 - ApexDC++ Development Team)

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)

BlueStacks App Player (HKLM\...\BlueStacks App Player) (Version: 0.9.30.9239 - BlueStack Systems, Inc.)

BlueStacks Notification Center (HKLM\...\{79809712-A577-4B8C-A9FC-51945690C7DC}) (Version: 0.9.30.9239 - BlueStack Systems, Inc.)

CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)

DC++ 0.843 (HKLM\...\DC++) (Version: 0.843 - Jacek Sieka)

ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )

foobar2000 v1.3.5 (HKLM\...\foobar2000) (Version: 1.3.5 - Peter Pawlowski)

globalupdate Helper (Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION

Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)

Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden

HD Tune Pro 5.50 (HKLM\...\HD Tune Pro_is1) (Version: - EFD Software)

Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)

Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)

Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)

Java 8 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)

Kingsoft Office 2013 (9.1.0.4550) (HKLM\...\Kingsoft Office) (Version: 9.1.0.4550 - Kingsoft Corp.)

Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Mozilla Firefox 41.0.1 (x86 pt-BR) (HKLM\...\Mozilla Firefox 41.0.1 (x86 pt-BR)) (Version: 41.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 41.0.1.5750 - Mozilla)

OpenOffice 4.1.1 (HKLM\...\{503D2C42-D698-43BC-97FE-3610F4E8CDDC}) (Version: 4.11.9775 - Apache Software Foundation)

Opera Stable 32.0.1948.25 (HKLM\...\Opera 32.0.1948.25) (Version: 32.0.1948.25 - Opera Software)

Platform (Version: 1.39 - VIA Technologies, Inc.) Hidden

Skype Web Plugin (HKLM\...\{15AF46DB-9EBA-4662-AA52-29EF23585035}) (Version: 3.2.0.23388 - Skype Technologies S.A.)

Skype™ 7.8 (HKLM\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)

Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)

SoulseekQt (HKLM\...\SoulseekQt) (Version: - )

SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)

TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.38388 - TeamViewer)

VBA (2627.01) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden

VIA Gerenciador de dispositivo de plataforma (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)

WinRAR 5.21 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)


==================== Custom CLSID (Whitelisted): ==========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


CustomCLSID: HKU\S-1-5-21-2419543767-738669550-1292418241-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)

CustomCLSID: HKU\S-1-5-21-2419543767-738669550-1292418241-1000_Classes\CLSID\{30A2652A-DDF7-45e7-ACA6-3EAB26FC8A4E}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)

CustomCLSID: HKU\S-1-5-21-2419543767-738669550-1292418241-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)

CustomCLSID: HKU\S-1-5-21-2419543767-738669550-1292418241-1000_Classes\CLSID\{41662FC2-0D57-4aff-AB27-AD2E12E7C273}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)

CustomCLSID: HKU\S-1-5-21-2419543767-738669550-1292418241-1000_Classes\CLSID\{448BB771-CFE2-47C4-BCDF-1FBF378E202C}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)

CustomCLSID: HKU\S-1-5-21-2419543767-738669550-1292418241-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)

CustomCLSID: HKU\S-1-5-21-2419543767-738669550-1292418241-1000_Classes\CLSID\{7B342DC4-139A-4a46-8A93-DB0827CCEE9C}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)

CustomCLSID: HKU\S-1-5-21-2419543767-738669550-1292418241-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\ooofilt.dll (Apache Software Foundation)

CustomCLSID: HKU\S-1-5-21-2419543767-738669550-1292418241-1000_Classes\CLSID\{7FA8AE11-B3E3-4D88-AABF-255526CD1CE8}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)

CustomCLSID: HKU\S-1-5-21-2419543767-738669550-1292418241-1000_Classes\CLSID\{82154420-0FBF-11d4-8313-005004526AB4}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)

CustomCLSID: HKU\S-1-5-21-2419543767-738669550-1292418241-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\propertyhdl.dll (Apache Software Foundation)

CustomCLSID: HKU\S-1-5-21-2419543767-738669550-1292418241-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)

CustomCLSID: HKU\S-1-5-21-2419543767-738669550-1292418241-1000_Classes\CLSID\{D0484DE6-AAEE-468a-991F-8D4B0737B57A}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)

CustomCLSID: HKU\S-1-5-21-2419543767-738669550-1292418241-1000_Classes\CLSID\{D2D59CD1-0A6A-4D36-AE20-47817077D57C}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)

CustomCLSID: HKU\S-1-5-21-2419543767-738669550-1292418241-1000_Classes\CLSID\{E5A0B632-DFBA-4549-9346-E414DA06E6F8}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)

CustomCLSID: HKU\S-1-5-21-2419543767-738669550-1292418241-1000_Classes\CLSID\{EE5D1EA4-D445-4289-B2FC-55FC93693917}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)

CustomCLSID: HKU\S-1-5-21-2419543767-738669550-1292418241-1000_Classes\CLSID\{F616B81F-7BB8-4F22-B8A5-47428D59F8AD}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)


==================== Restore Points =========================


30-09-2015 22:27:18 avast! antivirus system restore point


==================== Hosts content: ==========================


(If needed Hosts: directive could be included in the fixlist to reset Hosts.)


2009-07-13 23:04 - 2015-09-30 00:02 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost


==================== Scheduled Tasks (Whitelisted) =============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


Task: {1CA1D87C-E0F4-4161-A152-36C5EABACD97} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)

Task: {577DDD40-BE76-49F5-91CA-0B5A4EACBAE1} - \060184C3-9766-46a0-B258-F4518A0B2633 -> No File <==== ATTENTION

Task: {98B47F0D-8B43-44ED-A789-E208D3707A2F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-19] (Piriform Ltd)

Task: {BFD3263E-329F-4591-949C-18B2207186E9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-22] (Adobe Systems Incorporated)

Task: {DA747967-398B-41D4-920B-8E8A586CC92E} - System32\Tasks\Opera scheduled Autoupdate 1416875865 => C:\Program Files\Opera\launcher.exe [2015-09-11] (Opera Software)

Task: {DAA67D29-99F0-4112-AD3F-A8DF98EB670F} - System32\Tasks\{25C4D483-1141-4054-8455-94E341361CC9} => Iexplore.exe http://ui.skype.com/ui/0/7.8.85.102/pt/abandoninstall?page=tsProgressBar


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe


==================== Loaded Modules (Whitelisted) ==============


2014-11-24 14:57 - 2012-06-24 23:41 - 01198912 ____R () C:\Program Files\Intel\Intel® Management Engine Components\UNS\ACE.dll


==================== Alternate Data Streams (Whitelisted) =========


(If an entry is included in the fixlist, only the ADS will be removed.)


AlternateDataStreams: C:\ProgramData\TEMP:5C321E34


==================== Safe Mode (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)



==================== EXE Association (Whitelisted) ===============


(If an entry is included in the fixlist, the registry item will be restored to default or removed.)



==================== Internet Explorer trusted/restricted ===============


(If an entry is included in the fixlist, it will be removed from the registry.)



==================== Other Areas ============================


(Currently there is no automatic fix for this section.)


HKU\S-1-5-21-2419543767-738669550-1292418241-1000\Control Panel\Desktop\\Wallpaper ->

DNS Servers: 192.168.1.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.


==================== MSCONFIG/TASK MANAGER disabled items ==


(Currently there is no automatic fix for this section.)


MSCONFIG\startupreg: GoogleChromeAutoLaunch_624A76E5D876DF68D809BD3DD31AB481 => "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window

MSCONFIG\startupreg: HotKeysCmds => "C:\Windows\system32\hkcmd.exe"

MSCONFIG\startupreg: IgfxTray => "C:\Windows\system32\igfxtray.exe"

MSCONFIG\startupreg: Persistence => "C:\Windows\system32\igfxpers.exe"

MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"


==================== FirewallRules (Whitelisted) ===============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


FirewallRules: [TCP Query User{E834E8C4-5D38-4C83-A805-85DBC3DB06B2}C:\program files\dc++\dcplusplus.exe] => (Allow) C:\program files\dc++\dcplusplus.exe

FirewallRules: [uDP Query User{00473E5B-E5AD-4BBF-8548-7FD3F8FB9FB7}C:\program files\dc++\dcplusplus.exe] => (Allow) C:\program files\dc++\dcplusplus.exe

FirewallRules: [TCP Query User{F0357463-66B8-4F09-A55C-7DA31D5A2789}C:\program files\dc++\dcplusplus.exe] => (Allow) C:\program files\dc++\dcplusplus.exe

FirewallRules: [uDP Query User{5B78101A-8AE6-4F06-B51D-06119F8FE1E2}C:\program files\dc++\dcplusplus.exe] => (Allow) C:\program files\dc++\dcplusplus.exe

FirewallRules: [TCP Query User{6F04D8AC-3D7F-4002-841D-E7EE08743BCE}C:\program files\apexdc++\apexdc.exe] => (Allow) C:\program files\apexdc++\apexdc.exe

FirewallRules: [uDP Query User{2273A40D-5C52-4988-8EFC-7F720D5210B7}C:\program files\apexdc++\apexdc.exe] => (Allow) C:\program files\apexdc++\apexdc.exe

FirewallRules: [TCP Query User{0ED39D9E-F3B1-4A47-A1F6-414BFC6793A8}C:\program files\apexdc++\apexdc.exe] => (Allow) C:\program files\apexdc++\apexdc.exe

FirewallRules: [uDP Query User{432F93AF-9468-42D8-98FD-434586DD9FF0}C:\program files\apexdc++\apexdc.exe] => (Allow) C:\program files\apexdc++\apexdc.exe

FirewallRules: [TCP Query User{064D4A25-9179-4020-81BE-DC9EE3BCD029}C:\program files\soulseekqt\soulseekqt.exe] => (Allow) C:\program files\soulseekqt\soulseekqt.exe

FirewallRules: [uDP Query User{7022FAAA-41B7-423D-A5F3-39DCF26216A1}C:\program files\soulseekqt\soulseekqt.exe] => (Allow) C:\program files\soulseekqt\soulseekqt.exe

FirewallRules: [{DBE461FD-8145-4AB4-A93C-21258D3CE472}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

FirewallRules: [{44474FEE-9B51-46A5-9F2A-04A7ACAEC6AD}] => (Allow) C:\Program Files\SkypeWebPlugin\3.2.0.23388\SkypeWebPlugin.exe

FirewallRules: [{D7265CA0-A928-4661-8C80-2BE8DB250AA6}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe

FirewallRules: [{6E60C4B9-8E9A-4F4A-AA45-9E64B343E2AE}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe

FirewallRules: [{FAD13DBF-366E-4E47-85CE-9509B67DB33B}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{2F3BA82F-4185-4748-928F-857FA1F86687}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{4078A4B4-8D5B-43E6-BEB2-EBE54EF51A97}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe

FirewallRules: [{6460DA80-7F65-4506-9511-0411F78DE20F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

FirewallRules: [{0ADFC1BB-64F7-4B70-BB30-5C20CD07743A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

FirewallRules: [{22AB4194-437F-45A9-A7AB-9B5CB34FAB1C}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Faulty Device Manager Devices =============


Name: Microsoft Teredo Tunneling Adapter

Description: Microsoft Teredo Tunneling Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.



==================== Event log errors: =========================


Application errors:

==================

Error: (09/30/2015 10:27:17 PM) (Source: VSS) (EventID: 8194) (User: )

Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.

.

This is often caused by incorrect security settings in either the writer or requestor process.



Operation:

Gathering Writer Data


Context:

Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}

Writer Name: System Writer

Writer Instance ID: {82bf29d6-53e2-421d-ba81-aa2593273fea}


Error: (09/30/2015 03:04:30 PM) (Source: VSS) (EventID: 8194) (User: )

Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.

.

This is often caused by incorrect security settings in either the writer or requestor process.



Operation:

Gathering Writer Data


Context:

Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}

Writer Name: System Writer

Writer Instance ID: {615f7310-0d24-47bc-a68d-f049aea24a56}


Error: (09/30/2015 12:28:53 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: plugin-container.exe, version: 41.0.0.5738, time stamp: 0x55fb7072

Faulting module name: mozglue.dll, version: 41.0.0.5738, time stamp: 0x55fb5afb

Exception code: 0x80000003

Fault offset: 0x0000ec7e

Faulting process id: 0x3c4

Faulting application start time: 0xplugin-container.exe0

Faulting application path: plugin-container.exe1

Faulting module path: plugin-container.exe2

Report Id: plugin-container.exe3


Error: (09/30/2015 12:26:37 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: plugin-container.exe, version: 41.0.0.5738, time stamp: 0x55fb7072

Faulting module name: mozglue.dll, version: 41.0.0.5738, time stamp: 0x55fb5afb

Exception code: 0x80000003

Fault offset: 0x0000ec7e

Faulting process id: 0x1100

Faulting application start time: 0xplugin-container.exe0

Faulting application path: plugin-container.exe1

Faulting module path: plugin-container.exe2

Report Id: plugin-container.exe3


Error: (09/29/2015 11:42:38 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: plugin-container.exe, version: 41.0.0.5738, time stamp: 0x55fb7072

Faulting module name: mozglue.dll, version: 41.0.0.5738, time stamp: 0x55fb5afb

Exception code: 0x80000003

Fault offset: 0x0000ec7e

Faulting process id: 0x5b0

Faulting application start time: 0xplugin-container.exe0

Faulting application path: plugin-container.exe1

Faulting module path: plugin-container.exe2

Report Id: plugin-container.exe3


Error: (09/29/2015 11:42:29 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: plugin-container.exe, version: 41.0.0.5738, time stamp: 0x55fb7072

Faulting module name: mozglue.dll, version: 41.0.0.5738, time stamp: 0x55fb5afb

Exception code: 0x80000003

Fault offset: 0x0000ec7e

Faulting process id: 0xe90

Faulting application start time: 0xplugin-container.exe0

Faulting application path: plugin-container.exe1

Faulting module path: plugin-container.exe2

Report Id: plugin-container.exe3


Error: (09/29/2015 11:42:29 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program firefox.exe version 41.0.0.5738 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.


Process ID: b3c


Start Time: 01d0fb28cd059ab9


Termination Time: 178


Application Path: C:\Program Files\Mozilla Firefox\firefox.exe


Report Id: d74759f9-671c-11e5-8db9-eca86bbc34a0


Error: (09/29/2015 11:36:29 PM) (Source: Windows Search Service) (EventID: 7010) (User: )

Description: The index cannot be initialized.


Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)


Error: (09/29/2015 11:36:29 PM) (Source: Windows Search Service) (EventID: 3058) (User: )

Description: The application cannot be initialized.


Context: Windows Application


Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)


Error: (09/29/2015 11:36:29 PM) (Source: Windows Search Service) (EventID: 3028) (User: )

Description: The gatherer object cannot be initialized.


Context: Windows Application, SystemIndex Catalog


Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)



System errors:

=============

Error: (10/01/2015 09:39:11 AM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: The following boot-start or system-start driver(s) failed to load:

Bhbase


Error: (10/01/2015 09:39:00 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The SvcHelper service terminated with the following error:

%%126


Error: (09/30/2015 11:52:46 PM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: The following boot-start or system-start driver(s) failed to load:

Bhbase


Error: (09/30/2015 11:52:40 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The SvcHelper service terminated with the following error:

%%126


Error: (09/30/2015 10:36:21 PM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: The following boot-start or system-start driver(s) failed to load:

Bhbase


Error: (09/30/2015 10:36:11 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The SvcHelper service terminated with t

Share this post


Link to post
Share on other sites

Hello theruler.

That's better, thank you.

Open Notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
To do this highlight the contents of the box and right click on it and select Copy.
Paste this into the open Notepad.

start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2419543767-738669550-1292418241-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2419543767-738669550-1292418241-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2419543767-738669550-1292418241-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
FF Homepage: user_pref("browser.startup.homepage","hxxp://www.ebd123.com/?QD");user_pref("browser.startup.homepage_override.mstone", "41.0.1");
FF Extension: Block site - C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\4h6kato1.default-1443576810151\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2015-09-30]
S2 SvcHelper; C:\Program Files\OIViewer\SvcHlp.dll [X]
S0 Bhbase; System32\drivers\Bhbase.sys [X]
S3 catchme; \??\C:\Users\Rafael\AppData\Local\Temp\catchme.sys [X]
S3 eapihdrv; \??\C:\Users\Rafael\AppData\Local\Temp\ehdrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
globalupdate Helper (Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
Task: {577DDD40-BE76-49F5-91CA-0B5A4EACBAE1} - \060184C3-9766-46a0-B258-F4518A0B2633 -> No File <==== ATTENTION

end

Save the files as fixlist.txt in to the same folder as FRST
Run FRST and click Fix only once and wait
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. (Save it to the Desktop)

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

How is the computer running now?


Rocket Grannie

Share this post


Link to post
Share on other sites

Hi Grannie, ebd123 still around. Strange that it didn't affected Opera browser.

 

Fix result of Farbar Recovery Scan Tool (x86) Version:30-09-2015
Ran by Rafael (2015-10-01 14:54:49) Run:4
Running from C:\Users\Rafael\Desktop
Loaded Profiles: Rafael (Available Profiles: Rafael)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2419543767-738669550-1292418241-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2419543767-738669550-1292418241-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2419543767-738669550-1292418241-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
FF Homepage: user_pref("browser.startup.homepage","hxxp://www.ebd123.com/?QD");user_pref("browser.startup.homepage_override.mstone", "41.0.1");
FF Extension: Block site - C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\4h6kato1.default-1443576810151\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2015-09-30]
S2 SvcHelper; C:\Program Files\OIViewer\SvcHlp.dll [X]
S0 Bhbase; System32\drivers\Bhbase.sys [X]
S3 catchme; \??\C:\Users\Rafael\AppData\Local\Temp\catchme.sys [X]
S3 eapihdrv; \??\C:\Users\Rafael\AppData\Local\Temp\ehdrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
globalupdate Helper (Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
Task: {577DDD40-BE76-49F5-91CA-0B5A4EACBAE1} - \060184C3-9766-46a0-B258-F4518A0B2633 -> No File <==== ATTENTION
end
*****************
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-2419543767-738669550-1292418241-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => value removed successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully.
HKU\S-1-5-21-2419543767-738669550-1292418241-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"HKU\S-1-5-21-2419543767-738669550-1292418241-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}" => key removed successfully.
HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => key not found.
Firefox "homepage" removed successfully.
C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\4h6kato1.default-1443576810151\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} => moved successfully
C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\4h6kato1.default-1443576810151\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} => path removed successfully.
SvcHelper => service removed successfully.
Bhbase => service removed successfully.
catchme => service removed successfully.
eapihdrv => service removed successfully.
Synth3dVsc => service removed successfully.
tsusbhub => service removed successfully.
VBoxNetFlt => service removed successfully.
VGPU => service removed successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}\\SystemComponent => value removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{577DDD40-BE76-49F5-91CA-0B5A4EACBAE1}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{577DDD40-BE76-49F5-91CA-0B5A4EACBAE1}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\060184C3-9766-46a0-B258-F4518A0B2633" => key removed successfully.
EmptyTemp: => 1.2 GB temporary data Removed.
The system needed a reboot.
==== End of Fixlog 14:56:47 ====

Share this post


Link to post
Share on other sites

Hello theruler.

 

Strange that it didn't affected Opera browser.

It appears that Opera is not active, or, the computer could have been infected before Opera was installed.

Your logs appear to be clean.

I strongly suggest you install Avast again and leave it active on the computer all the time.

Now some housekeeping.

Open AdwCleaner and click "uninstall"
Delete the Security Check folder.
Delete the FRST folders.
Please delete all the tools in your downloads folder.

System Restore maintains a backup of your programs and may also backup infections, so please reset it to make a clean Restore Point.

To reset System Restore Points:
  • Go to Start >right click Computer >click Properties >in the left pane click System Protection
  • Click the System Protection tab then click Create Give the Restore Point a name then click "Create". The new Restore Point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Go to "Disk Cleanup" which can be found by going to Start > All Programs > Accessories > System Tools.
  • Click "OK" to select the partition or drive you desire.
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one. More details and screenshots for Disk Cleanup in Windows 7 can be found here.


Any further problems?


Rocket Grannie

Share this post


Link to post
Share on other sites

Hello theruler.

Which browsers are redirecting to ebd123?

Please go here to reset the home page for Firefox.

Please go here to reset the home page for Chrome

If that doesn't fix the problem follow the next instructions.

Note: This scan will take a long time to complete.

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1---32bit.
Download Mirror #2---64bit.

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    *ebd123*
    *.com
    
    :folderfind
    *ebd123*
    
    :regfind
    ebd123.com
  • Click the Look button to start the scan.
  • When finished, a Notepad window will open with the results of the scan.
    Please post this log in your next reply.

Note: The log can also be found on your Desktop named SystemLook.txt


Rocket Grannie

Share this post


Link to post
Share on other sites

Firefox and chrome, not opera and IE.

 

After the virus, mp3 files give this message "Unrecoverable playback error: Class not registered (0x80040154)"

but i can listen audio from web pages.

 

 

 

SystemLook 30.07.11 by jpshortstuff
Log created at 08:19 on 02/10/2015 by Rafael
Administrator - Elevation successful
========== filefind ==========
Searching for "*ebd123*"
C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ebd123.com_0.localstorage --a---- 3072 bytes [18:10 01/10/2015] [18:10 01/10/2015] 4891D7ABBBC54A02B23B155F0C859EE8
C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ebd123.com_0.localstorage-journal --a---- 0 bytes [18:10 01/10/2015] [18:10 01/10/2015] D41D8CD98F00B204E9800998ECF8427E
Searching for "*.com"
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.com --a---- 6463360 bytes [12:59 16/02/2015] [12:59 16/02/2015] A6073B7978493CCD2D95AB1C5DDF2829
C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\firefox.com --a---- 893752 bytes [13:41 29/12/2014] [11:39 18/06/2015] 0692C8163852AB5674E2EB3B36131EF3
C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\mbam-chameleon.com --a---- 893752 bytes [13:41 29/12/2014] [11:39 18/06/2015] 0692C8163852AB5674E2EB3B36131EF3
C:\Program Files\OpenOffice 4\program\unopkg.com --a---- 10240 bytes [15:39 29/07/2014] [15:39 29/07/2014] F6FCE9593332430DC19E0091122B15D8
C:\Windows\Boot\DVD\PCAT\etfsboot.com --a---- 4096 bytes [21:14 10/06/2009] [21:14 10/06/2009] D4BEFEBF3CEF129AC087422B9E912788
C:\Windows\Fonts\GlobalMonospace.CompositeFont --a---- 26040 bytes [04:52 14/07/2009] [04:52 14/07/2009] B7F882C45E520600053327AA42FA3A4F
C:\Windows\Fonts\GlobalSansSerif.CompositeFont --a---- 26489 bytes [04:52 14/07/2009] [04:52 14/07/2009] D6B2075824BA9FAA4B37D98B13447F32
C:\Windows\Fonts\GlobalSerif.CompositeFont --a---- 29779 bytes [04:52 14/07/2009] [04:52 14/07/2009] B77AB4697B17FBBB25E41A15CC31D94E
C:\Windows\Fonts\GlobalUserInterface.CompositeFont --a---- 43318 bytes [04:52 14/07/2009] [04:52 14/07/2009] 8F64A583B0823BFC2FDF7277E67B5E16
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config.comments --a---- 42852 bytes [02:05 14/07/2009] [21:22 10/06/2009] 4C472A89BF2EDEB06A9E99D76E9C622C
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\web.config.comments --a---- 57738 bytes [02:05 14/07/2009] [21:22 10/06/2009] 1A0EE358341DE6C0D19FE8D3962856D4
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config.comments --a---- 91785 bytes [19:02 11/09/2013] [19:02 11/09/2013] BE7B0175B424A5849434E8A9E52977CE
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\web.config.comments --a---- 69520 bytes [21:29 18/03/2013] [21:29 18/03/2013] A0BC6D8153132CC3FEABB0A0FB54192E
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\Fonts\GlobalMonospace.CompositeFont --a---- 26040 bytes [06:55 31/08/2009] [06:55 31/08/2009] B7F882C45E520600053327AA42FA3A4F
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\Fonts\GlobalSansSerif.CompositeFont --a---- 26489 bytes [06:55 31/08/2009] [06:55 31/08/2009] D6B2075824BA9FAA4B37D98B13447F32
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\Fonts\GlobalSerif.CompositeFont --a---- 29779 bytes [06:55 31/08/2009] [06:55 31/08/2009] B77AB4697B17FBBB25E41A15CC31D94E
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\Fonts\GlobalUserInterface.CompositeFont --a---- 55867 bytes [00:11 19/03/2013] [00:11 19/03/2013] 40F94AA906BF58374E2FEF90353C5211
C:\Windows\System32\chcp.com --a---- 11776 bytes [23:15 13/07/2009] [23:15 13/07/2009] 4436B1A16BDC58D2B3A5263F042C09B3
C:\Windows\System32\COMMAND.COM --a---- 50648 bytes [21:40 13/07/2009] [21:40 13/07/2009] BA597F9A4BB90F038266CE1A3C3BE3FB
C:\Windows\System32\diskcomp.com --a---- 13824 bytes [23:15 13/07/2009] [23:15 13/07/2009] 5B14AC797149B7D353490AC36F17EC5B
C:\Windows\System32\diskcopy.com --a---- 11264 bytes [23:15 13/07/2009] [23:15 13/07/2009] 8D475192609B4C28916A394D264C9ACA
C:\Windows\System32\edit.com --a---- 69886 bytes [21:42 10/06/2009] [21:42 10/06/2009] F6E368E10B600836DD349FF937B183A2
C:\Windows\System32\format.com --a---- 35840 bytes [23:15 13/07/2009] [23:15 13/07/2009] 6D2F3D25402B3A3981E884C59C7D4720
C:\Windows\System32\graftabl.com --a---- 58880 bytes [23:20 13/07/2009] [23:20 13/07/2009] A84EF6BA5248BC34683DDC5495563254
C:\Windows\System32\GRAPHICS.COM --a---- 19694 bytes [21:41 13/07/2009] [21:41 13/07/2009] 6E4E7884E6489AC4F5E6DAB176A73E52
C:\Windows\System32\KB16.COM --a---- 14710 bytes [21:40 13/07/2009] [21:40 13/07/2009] 4D7E256377A5E934EA1820B2CEA79131
C:\Windows\System32\LOADFIX.COM --a---- 1131 bytes [21:40 13/07/2009] [21:40 13/07/2009] 536460507B20AE0F03D7BEE8111028CF
C:\Windows\System32\mode.com --a---- 25088 bytes [23:15 13/07/2009] [23:15 13/07/2009] F015208F1F8473BA2E4BC229E0D38EFD
C:\Windows\System32\more.com --a---- 20992 bytes [23:15 13/07/2009] [23:15 13/07/2009] D337FBEC548E46BD32DAEC5F67D0BE47
C:\Windows\System32\tree.com --a---- 16384 bytes [23:15 13/07/2009] [23:15 13/07/2009] EE3B6D847B0644D5A2A1D23A3D37B3EE
C:\Windows\System32\win.com --a---- 6656 bytes [23:20 13/07/2009] [23:20 13/07/2009] 9DB8E7776F8BB7804FDF5AFEE864E60E
C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7_kb16.com_ec87df0f --a---- 14710 bytes [19:31 26/11/2014] [18:25 26/11/2014] 4D7E256377A5E934EA1820B2CEA79131
C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7_graftabl.com_a9c93904 --a---- 58880 bytes [19:31 26/11/2014] [18:25 26/11/2014] A84EF6BA5248BC34683DDC5495563254
C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7_loadfix.com_26a53d88 --a---- 1131 bytes [19:31 26/11/2014] [18:25 26/11/2014] 536460507B20AE0F03D7BEE8111028CF
C:\Windows\winsxs\Backup\x86_microsoft-windows-b..onment-dvd-etfsboot_31bf3856ad364e35_6.1.7600.16385_none_82523ed4cbbd035a_etfsboot.com_ef11feb5 --a---- 4096 bytes [04:52 14/07/2009] [04:52 14/07/2009] D4BEFEBF3CEF129AC087422B9E912788
C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7_command.com_a0d51f6e --a---- 50648 bytes [19:31 26/11/2014] [18:25 26/11/2014] BA597F9A4BB90F038266CE1A3C3BE3FB
C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7_edit.com_fc89ce91 --a---- 69886 bytes [19:31 26/11/2014] [18:25 26/11/2014] F6E368E10B600836DD349FF937B183A2
C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7_win.com_ca2eda11 --a---- 6656 bytes [19:31 26/11/2014] [18:25 26/11/2014] 9DB8E7776F8BB7804FDF5AFEE864E60E
C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7_graphics.com_d370dbdc --a---- 19694 bytes [19:31 26/11/2014] [18:25 26/11/2014] 6E4E7884E6489AC4F5E6DAB176A73E52
C:\Windows\winsxs\x86_microsoft-windows-b..onment-dvd-etfsboot_31bf3856ad364e35_6.1.7600.16385_none_82523ed4cbbd035a\etfsboot.com --a---- 4096 bytes [21:14 10/06/2009] [21:14 10/06/2009] D4BEFEBF3CEF129AC087422B9E912788
C:\Windows\winsxs\x86_microsoft-windows-f..opycompareutilities_31bf3856ad364e35_6.1.7600.16385_none_d9573758d681d8ec\diskcomp.com --a---- 13824 bytes [23:15 13/07/2009] [23:15 13/07/2009] 5B14AC797149B7D353490AC36F17EC5B
C:\Windows\winsxs\x86_microsoft-windows-f..opycompareutilities_31bf3856ad364e35_6.1.7600.16385_none_d9573758d681d8ec\diskcopy.com --a---- 11264 bytes [23:15 13/07/2009] [23:15 13/07/2009] 8D475192609B4C28916A394D264C9ACA
C:\Windows\winsxs\x86_microsoft-windows-format_31bf3856ad364e35_6.1.7600.16385_none_265f38d5eb4d284a\format.com --a---- 35840 bytes [23:15 13/07/2009] [23:15 13/07/2009] 6D2F3D25402B3A3981E884C59C7D4720
C:\Windows\winsxs\x86_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.1.7600.16385_none_7cf343cac8a829ec\chcp.com --a---- 11776 bytes [23:15 13/07/2009] [23:15 13/07/2009] 4436B1A16BDC58D2B3A5263F042C09B3
C:\Windows\winsxs\x86_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.1.7600.16385_none_7cf343cac8a829ec\mode.com --a---- 25088 bytes [23:15 13/07/2009] [23:15 13/07/2009] F015208F1F8473BA2E4BC229E0D38EFD
C:\Windows\winsxs\x86_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.1.7600.16385_none_7cf343cac8a829ec\more.com --a---- 20992 bytes [23:15 13/07/2009] [23:15 13/07/2009] D337FBEC548E46BD32DAEC5F67D0BE47
C:\Windows\winsxs\x86_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.1.7600.16385_none_7cf343cac8a829ec\tree.com --a---- 16384 bytes [23:15 13/07/2009] [23:15 13/07/2009] EE3B6D847B0644D5A2A1D23A3D37B3EE
C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7600.16385_none_fde3cf3dd3e16d0d\COMMAND.COM --a---- 50648 bytes [21:40 13/07/2009] [21:40 13/07/2009] BA597F9A4BB90F038266CE1A3C3BE3FB
C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7600.16385_none_fde3cf3dd3e16d0d\edit.com --a---- 69886 bytes [21:42 10/06/2009] [21:42 10/06/2009] F6E368E10B600836DD349FF937B183A2
C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7600.16385_none_fde3cf3dd3e16d0d\graftabl.com --a---- 58880 bytes [23:20 13/07/2009] [23:20 13/07/2009] A84EF6BA5248BC34683DDC5495563254
C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7600.16385_none_fde3cf3dd3e16d0d\GRAPHICS.COM --a---- 19694 bytes [21:41 13/07/2009] [21:41 13/07/2009] 6E4E7884E6489AC4F5E6DAB176A73E52
C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7600.16385_none_fde3cf3dd3e16d0d\KB16.COM --a---- 14710 bytes [21:40 13/07/2009] [21:40 13/07/2009] 4D7E256377A5E934EA1820B2CEA79131
C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7600.16385_none_fde3cf3dd3e16d0d\LOADFIX.COM --a---- 1131 bytes [21:40 13/07/2009] [21:40 13/07/2009] 536460507B20AE0F03D7BEE8111028CF
C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7600.16385_none_fde3cf3dd3e16d0d\win.com --a---- 6656 bytes [23:20 13/07/2009] [23:20 13/07/2009] 9DB8E7776F8BB7804FDF5AFEE864E60E
C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7\COMMAND.COM --a---- 50648 bytes [21:40 13/07/2009] [21:40 13/07/2009] BA597F9A4BB90F038266CE1A3C3BE3FB
C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7\edit.com --a---- 69886 bytes [21:42 10/06/2009] [21:42 10/06/2009] F6E368E10B600836DD349FF937B183A2
C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7\graftabl.com --a---- 58880 bytes [23:20 13/07/2009] [23:20 13/07/2009] A84EF6BA5248BC34683DDC5495563254
C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7\GRAPHICS.COM --a---- 19694 bytes [21:41 13/07/2009] [21:41 13/07/2009] 6E4E7884E6489AC4F5E6DAB176A73E52
C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7\KB16.COM --a---- 14710 bytes [21:40 13/07/2009] [21:40 13/07/2009] 4D7E256377A5E934EA1820B2CEA79131
C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7\LOADFIX.COM --a---- 1131 bytes [21:40 13/07/2009] [21:40 13/07/2009] 536460507B20AE0F03D7BEE8111028CF
C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7\win.com --a---- 6656 bytes [23:20 13/07/2009] [23:20 13/07/2009] 9DB8E7776F8BB7804FDF5AFEE864E60E
C:\Windows\winsxs\x86_netfx-aspnet_web_config_b03f5f7f11d50a3a_6.1.7600.16385_none_729fe3c3da2c920c\web.config.comments --a---- 57738 bytes [20:46 13/07/2009] [21:22 10/06/2009] 1A0EE358341DE6C0D19FE8D3962856D4
C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.1.7600.16385_none_c9d22ae4d1f56bb1\machine.config.comments --a---- 42852 bytes [20:46 13/07/2009] [21:22 10/06/2009] 4C472A89BF2EDEB06A9E99D76E9C622C
C:\Windows\winsxs\x86_wpf-globalmonospacecf_31bf3856ad364e35_6.1.7600.16385_none_83c483fc1174a9e5\GlobalMonospace.CompositeFont --a---- 26040 bytes [00:35 14/07/2009] [21:14 10/06/2009] B7F882C45E520600053327AA42FA3A4F
C:\Windows\winsxs\x86_wpf-globalsansserifcf_31bf3856ad364e35_6.1.7600.16385_none_4e21cfdf5cd2cf4e\GlobalSansSerif.CompositeFont --a---- 26489 bytes [00:35 14/07/2009] [21:14 10/06/2009] D6B2075824BA9FAA4B37D98B13447F32
C:\Windows\winsxs\x86_wpf-globalserifcf_31bf3856ad364e35_6.1.7600.16385_none_33500fa80136560f\GlobalSerif.CompositeFont --a---- 29779 bytes [00:35 14/07/2009] [21:14 10/06/2009] B77AB4697B17FBBB25E41A15CC31D94E
C:\Windows\winsxs\x86_wpf-globaluserinterfacecf_31bf3856ad364e35_6.1.7600.16385_none_add49046153bfa6c\GlobalUserInterface.CompositeFont --a---- 43318 bytes [00:35 14/07/2009] [21:14 10/06/2009] 8F64A583B0823BFC2FDF7277E67B5E16
========== folderfind ==========
Searching for "*ebd123*"
No folders found.
========== regfind ==========
Searching for "ebd123.com"
No data found.
-= EOF =-

Share this post


Link to post
Share on other sites


Hello

Using Windows Explorer navigate to C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Local Storage
Right click the Local Storage folder and click Delete
Reboot the computer.

Has this fixed the browser problem?

MP3 error
Please go to the following link and follow that fix.
http://www.sevenforums.com/media-center/123094-help-windows-media-player-class-not-registered.html

Any further problems?


Rocket Grannie

Share this post


Link to post
Share on other sites

Hello

 

Please open MBAM, let it update then run a full scan and post the log back here to me.

 

Please download Junkware Removal Tool to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it.
  • If you are using Windows Vista or Windows 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.


Download and save to your Desktop RogueKiller

Note: You need to run the version compatible with your system.

  • Quit all programs
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Start RogueKiller.exe
  • Wait until Prescan has finished
  • Click on Scan.
  • Wait until the Status box shows Scan Finished
  • Click on Delete
  • Wait unit the Status box shows Deleting Finished
  • Click on Report and copy/paste the content of the Notepad
  • The log should be found in RKreport[1]txt on your Desktop
  • Close RogueKiller


Please scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your Desktop.
    2. Double click on the esetsmartinstaller_enu.png
      icon on your Desktop.

    [*]Check YES, I accept the Terms of Use. [*]Click the Start button. [*]Accept any security warnings from your browser. [*]Under scan settings, check Scan Archives and Remove found threats [*]Click Advanced settings and select the following:

    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology

    [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. [*]When the scan completes, click List Threats [*]Click Export, and save the file to your Desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. [*]Click the Back button. [*]Click the Finish button.

Note: If nothing is found, it will not produce a log.

 

Please post: (you will likely need 2 posts to fit them all in)
MBAM log

Junk Removal log

Rogue Killer log

ESet log.

 

How's the computer running now?

Share this post


Link to post
Share on other sites

Eset did not generate log.

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 30/09/2015
Scan Time: 09:38
Logfile: mbam.txt
Administrator: Yes
Version: 2.1.8.1057
Malware Database: v2015.09.30.04
Rootkit Database: v2015.09.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Rafael
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 331370
Time Elapsed: 16 min, 33 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 7 Ultimate x86
Ran by Rafael on 02/10/2015 at 19:54:24.55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
~~~ Folders
Successfully deleted: [Folder] C:\Program Files\free youtube downloader
Successfully deleted: [Folder] C:\ProgramData\free youtube downloader
Successfully deleted: [Folder] C:\Users\Rafael\Appdata\Local\free youtube downloader
~~~ Chrome
[C:\Users\Rafael\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
[C:\Users\Rafael\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
[C:\Users\Rafael\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
[C:\Users\Rafael\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02/10/2015 at 19:55:44.99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
RogueKiller V10.10.7.0 [sep 28 2015] por Adlice Software
Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Iniciou : Modo normal
Usuário : Rafael [Administrador]
Started from : C:\Users\Rafael\Desktop\RogueKiller.exe
Modo : Escanear -- Data : 10/02/2015 20:14:37
¤¤¤ Processos : 0 ¤¤¤
¤¤¤ Registro : 0 ¤¤¤
¤¤¤ Tarefas : 0 ¤¤¤
¤¤¤ Arquivos : 0 ¤¤¤
¤¤¤ Arquivos de hosts : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
¤¤¤ Antirootkit : 0 (Driver: Carregado) ¤¤¤
¤¤¤ Navegadores : 0 ¤¤¤
¤¤¤ Verificação da MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EZEX-00RKKA0 ATA Device +++++
--- User ---
[MBR] fb9ae4cb299035f18af3920454b97885
[bSP] 17d4c8f08e827366c2e515f36bd2a8d1 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

Share this post


Link to post
Share on other sites

All your logs appear to be clean.

 

All I can suggest is to download a new version of Firefox and Chrome onto the Desktop.

To uninstall the old programs:

Please download and install Revo Uninstaller (Freeware) from here.

Please run Revo Uninstaller and select Firefox. (Chrome)

Then please click Uninstall icon

Please choose Advanced and follow the prompts.

Then click Select all (1.) and Delete (2.) to delete all registry items, folders and files listed by Revo and reboot your computer when the Revo Uninstaller is finished.

Then please install the new versions and let me know if you still get redirected.

 

MP3:

Please run the System File Checker tool.
How to use the System File Checker tool to troubleshoot missing or corrupted system files on Windows Vista or on Windows 7.
http://support.microsoft.com/kb/929833

After verification is complete reboot the computer.

Rocket Grannie

 

Share this post


Link to post
Share on other sites

Yes, dat solved the edb123 problem. Revo solved the problem in chrome and dis one solved in firefox. Thanks for not giving up like me. Mp3 files still don't play, System File Checker didn't solve it.

Share this post


Link to post
Share on other sites

lol you won't believe but now pc just works in safe mode again. In normal start, windows works for a few seconds then i got a black screen. System file checker didn't find any error.

Share this post


Link to post
Share on other sites

Share this post


Link to post
Share on other sites

It's actually Network Store Interface Service.

When i enable it in msconfig, pc doesnt run in normal mode, just in safe mode.

Share this post


Link to post
Share on other sites

Share this post


Link to post
Share on other sites

it turned out to be virus. I used the same tools here and it works now....

I strongly advise you NOT to visit that web site again.

 

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections.

Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems.

As happy as we at SWI are to help you, for your sake we would rather not have repeat customers.

 

Note: All of the programs I am suggesting are either free or have free versions.

 

Please make sure to run your antivirus software regularly, and to keep it up-to-date. Most programs have an automatic update feature.

 

Keep MalwareBytes Anti-Malware updated and run it regularly.

Please Note: Only the paid for version has real time capabilities.

 

The free FileHippo Update Checker makes it easy to keep all your programs up to date - run it every few weeks.

Note: If you are running Avast, it has an automatic updater built in.

 

Windows needs to be kept up-to-date.

 

Windows Updates are available from here

 

IMPORTANT: Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates, or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

 

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Chrome is another good option.

 

If you are interested, Firefox may be downloaded from here

Chrome is available here

 

Please also read Tony Klein's excellent article: How I got Infected in the First Place

 

Hopefully this should take care of your problems!

 

Safe Surfing:

 

Rocket Grannie.

 

Share this post


Link to post
Share on other sites
Mp3 files still dont play

 

You said that they were. If none of the fixes I posted fix it, I suggest you contact Microsoft Support.

Share this post


Link to post
Share on other sites

Glad we could help. :)

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.