Jump to content


Photo

ebd123


  • This topic is locked This topic is locked
35 replies to this topic

#1 theruler

theruler

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 30 September 2015 - 08:09 AM

My start page of firefox and chrome keeps changing to ebd123.com. I got many virus, used a lot antimalware programs and this seems to be the last one remaining.

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 30/09/2015
Scan Time: 09:38
Logfile: mbam.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.09.30.04
Rootkit Database: v2015.09.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Rafael

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 331370
Time Elapsed: 16 min, 33 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.18015  BrowserJavaVersion: 11.60.2
Run by Rafael at 10:06:55 on 2015-09-30
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.55.1033.18.3474.676 [GMT -3:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\TeamViewer\TeamViewer_Service.exe
C:\Windows\system32\viakaraokesrv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\explorer.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BlueStacks\HD-Agent.exe
C:\Program Files\BlueStacks\HD-Frontend.exe
C:\Program Files\BlueStacks\HD-LogRotatorService.exe
C:\Program Files\BlueStacks\HD-UpdaterService.exe
C:\Program Files\BlueStacks\HD-Service.exe
C:\Program Files\BlueStacks\HD-Network.exe
C:\Windows\system32\conhost.exe
C:\Program Files\BlueStacks\HD-BlockDevice.exe
C:\Windows\system32\conhost.exe
C:\Program Files\BlueStacks\HD-SharedFolder.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Opera\32.0.1948.25\opera.exe
C:\Program Files\Opera\32.0.1948.25\opera_crashreporter.exe
C:\Program Files\Opera\32.0.1948.25\opera.exe
C:\Program Files\Opera\32.0.1948.25\opera.exe
C:\Program Files\Opera\32.0.1948.25\opera.exe
C:\Program Files\Opera\32.0.1948.25\opera.exe
C:\Program Files\Opera\32.0.1948.25\opera.exe
C:\Program Files\Opera\32.0.1948.25\opera.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe
C:\Windows\system32\AUDIODG.EXE
C:\Program Files\Opera\32.0.1948.25\opera.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_60\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_60\bin\jp2ssv.dll
dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft....?LinkID=122915"/build:7601
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{12FF66DF-C2B5-4FA9-9BA0-4C02BDED4B79} : DHCPNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\45.0.2454.101\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\rafael\appdata\roaming\mozilla\firefox\profiles\4h6kato1.default-1443576810151\
FF - plugin: c:\program files\adobe\acrobat reader dc\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.28.15\npGoogleUpdate3.dll
FF - plugin: c:\program files\intel\intel® management engine components\ipt\npIntelWebAPIIPT.dll
FF - plugin: c:\program files\intel\intel® management engine components\ipt\npIntelWebAPIUpdater.dll
FF - plugin: c:\program files\java\jre1.8.0_60\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre1.8.0_60\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\skypewebplugin\3.2.0.23388\npSkypeWebPlugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_19_0_0_185.dll
.
============= SERVICES / DRIVERS ===============
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2015-9-29 54968]
R1 usbabcd;usbabcd;c:\windows\system32\drivers\usbabcd.sys [2015-9-28 334936]
R2 BstHdDrv;BlueStacks Hypervisor;c:\program files\bluestacks\HD-Hypervisor-x86.sys [2015-5-7 131704]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\intel\icls client\HeciServer.exe [2012-4-20 462048]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files\intel\intel® management engine components\dal\Jhi_service.exe [2014-11-24 165760]
R2 TeamViewer;TeamViewer 10;c:\program files\teamviewer\TeamViewer_Service.exe [2015-1-29 5427472]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2014-11-24 364416]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\ViakaraokeSrv.exe [2014-11-24 27792]
R3 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\bluestacks\HD-Service.exe [2015-5-7 433784]
R3 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\bluestacks\HD-LogRotatorService.exe [2015-5-7 413304]
R3 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files\bluestacks\HD-UpdaterService.exe [2015-5-7 831096]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2014-11-24 289792]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2014-11-24 99992]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-12-29 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-12-29 98520]
R3 MEI;Intel® Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [2014-11-24 55104]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2014-11-24 1839760]
R3 WsAudio_Device;WsAudio_Device;c:\windows\system32\drivers\VirtualAudio.sys [2014-12-4 27496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-12-29 1133880]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2015-7-9 327296]
S2 SvcHelper;SvcHelper;c:\windows\system32\svchost.exe -k SvcHelper [2009-7-13 20992]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files\intel\intel® integrated clock controller service\ICCProxy.exe [2015-9-23 169752]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2015-9-9 102912]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-12-29 51928]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2015-7-15 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-11-26 52224]
.
=============== File Associations ===============
.
ShellExec: opera.exe: open="c:\program files\opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2015-09-30 03:03:09    --------    d-sh--w-    C:\$RECYCLE.BIN
2015-09-30 03:03:06    --------    d-----w-    c:\users\rafael\appdata\local\temp
2015-09-30 02:21:21    --------    d--h--w-    c:\users\rafael\appdata\roaming\LockIE
2015-09-30 02:03:09    --------    d-----w-    c:\programdata\HitmanPro
2015-09-30 01:45:46    54968    ----a-w-    c:\windows\system32\drivers\fsbts.sys
2015-09-30 01:44:03    --------    d-----w-    c:\users\rafael\appdata\local\F-Secure
2015-09-30 01:44:03    --------    d-----w-    c:\programdata\F-Secure
2015-09-30 01:42:24    --------    d-----w-    c:\users\rafael\appdata\roaming\QuickScan
2015-09-30 00:26:08    --------    d-----w-    c:\users\rafael\appdata\local\VirtualStore
2015-09-29 17:28:58    --------    d-----w-    c:\programdata\Sophos
2015-09-29 17:27:50    --------    d-----w-    c:\program files\Sophos
2015-09-29 17:23:35    --------    d-----w-    c:\program files\common files\AV
2015-09-29 17:09:07    --------    d-----w-    c:\program files\Spybot - Search & Destroy 2
2015-09-29 02:35:20    --------    d-----w-    c:\program files\SpywareBlaster
2015-09-29 00:40:25    --------    d-----w-    C:\TDSSKiller_Quarantine
2015-09-29 00:23:32    334936    ----a-w-    c:\windows\system32\drivers\usbabcd.sys
2015-09-25 16:04:04    --------    d-----w-    c:\users\rafael\appdata\local\CEF
2015-09-25 14:51:15    --------    d-----w-    c:\users\rafael\.oracle_jre_usage
2015-09-23 13:12:33    --------    d-----w-    c:\windows\system32\MRT
2015-09-12 15:43:24    --------    d-----w-    c:\program files\Mythicsoft
2015-09-09 13:13:41    991744    ----a-w-    c:\program files\windows journal\JNTFiltr.dll
2015-09-09 13:03:30    93184    ----a-w-    c:\windows\system32\wudriver.dll
2015-09-09 13:03:30    73728    ----a-w-    c:\windows\system32\WinSetupUI.dll
2015-09-09 13:03:30    34816    ----a-w-    c:\windows\system32\wuapp.exe
2015-09-09 13:03:30    2953728    ----a-w-    c:\windows\system32\wucltux.dll
2015-09-09 13:03:30    173056    ----a-w-    c:\windows\system32\wuwebv.dll
2015-09-09 13:03:30    11776    ----a-w-    c:\windows\system32\wu.upgrade.ps.dll
2015-09-09 13:03:22    2048    ----a-w-    c:\windows\system32\tzres.dll
.
==================== Find3M  ====================
.
2015-09-30 12:38:54    98520    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-09-29 18:21:08    35064    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
2015-09-25 14:51:01    97888    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2015-09-22 12:49:10    780488    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2015-09-22 12:49:10    142536    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2015-09-02 02:48:35    26624    ----a-w-    c:\windows\system32\lpk.dll
2015-09-02 02:48:31    70656    ----a-w-    c:\windows\system32\fontsub.dll
2015-09-02 02:48:28    10240    ----a-w-    c:\windows\system32\dciman32.dll
2015-09-02 02:48:25    34304    ----a-w-    c:\windows\system32\atmlib.dll
2015-09-02 01:36:35    2384896    ----a-w-    c:\windows\system32\win32k.sys
2015-09-02 01:33:48    299520    ----a-w-    c:\windows\system32\atmfd.dll
2015-08-15 05:53:22    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2015-08-15 05:53:08    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2015-08-15 05:40:29    504832    ----a-w-    c:\windows\system32\vbscript.dll
2015-08-15 05:40:12    62464    ----a-w-    c:\windows\system32\iesetup.dll
2015-08-15 05:39:32    47616    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2015-08-15 05:39:22    341504    ----a-w-    c:\windows\system32\html.iec
2015-08-15 05:38:34    64000    ----a-w-    c:\windows\system32\MshtmlDac.dll
2015-08-15 05:29:42    102912    ----a-w-    c:\windows\system32\ieetwcollector.exe
2015-08-15 05:29:36    115712    ----a-w-    c:\windows\system32\ieUnatt.exe
2015-08-15 05:29:12    620032    ----a-w-    c:\windows\system32\jscript9diag.dll
2015-08-15 05:24:21    667648    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2015-08-15 05:16:37    60416    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2015-08-15 05:10:32    4520448    ----a-w-    c:\windows\system32\jscript9.dll
2015-08-15 05:01:47    2052608    ----a-w-    c:\windows\system32\inetcpl.cpl
2015-08-15 05:01:23    1155072    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2015-08-15 04:43:00    1951232    ----a-w-    c:\windows\system32\wininet.dll
2015-08-05 17:41:00    751104    ----a-w-    c:\windows\system32\schedsvc.dll
2015-08-05 17:40:50    22528    ----a-w-    c:\windows\system32\spool\prtprocs\w32x86\jnwppr.dll
2015-08-05 17:40:50    216064    ----a-w-    c:\windows\system32\InkEd.dll
2015-08-05 17:40:50    19968    ----a-w-    c:\windows\system32\jnwmon.dll
2015-08-04 17:48:00    50176    ----a-w-    c:\windows\system32\setbcdlocale.dll
2015-08-04 17:47:42    50688    ----a-w-    c:\windows\system32\appidapi.dll
2015-08-04 17:47:42    28160    ----a-w-    c:\windows\system32\appidsvc.dll
2015-08-04 17:46:53    96768    ----a-w-    c:\windows\system32\appidpolicyconverter.exe
2015-08-04 17:46:53    16896    ----a-w-    c:\windows\system32\appidcertstorecheck.exe
2015-08-04 16:53:39    50176    ----a-w-    c:\windows\system32\drivers\appid.sys
2015-07-30 17:57:31    909824    ----a-w-    c:\windows\system32\FntCache.dll
2015-07-30 17:57:30    1987584    ----a-w-    c:\windows\system32\d3d10warp.dll
2015-07-30 17:57:30    1251328    ----a-w-    c:\windows\system32\DWrite.dll
2015-07-30 13:13:38    103120    ----a-w-    c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-15 17:59:45    3989952    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2015-07-15 17:59:45    3934656    ----a-w-    c:\windows\system32\ntoskrnl.exe
2015-07-15 17:59:44    78784    ----a-w-    c:\windows\system32\drivers\mountmgr.sys
2015-07-15 17:59:44    67520    ----a-w-    c:\windows\system32\drivers\ksecdd.sys
2015-07-15 17:59:44    137664    ----a-w-    c:\windows\system32\drivers\ksecpkg.sys
2015-07-15 17:56:24    1308160    ----a-w-    c:\windows\system32\ntdll.dll
2015-07-15 17:55:07    172032    ----a-w-    c:\windows\system32\wdigest.dll
2015-07-15 17:55:04    65536    ----a-w-    c:\windows\system32\TSpkg.dll
2015-07-15 17:55:03    15872    ----a-w-    c:\windows\system32\sspisrv.dll
2015-07-15 17:55:03    1159168    ----a-w-    c:\windows\system32\sysmain.dll
2015-07-15 17:55:03    100352    ----a-w-    c:\windows\system32\sspicli.dll
2015-07-15 17:55:02    43008    ----a-w-    c:\windows\system32\srclient.dll
2015-07-15 17:55:02    400896    ----a-w-    c:\windows\system32\srcore.dll
2015-07-15 17:55:00    248832    ----a-w-    c:\windows\system32\schannel.dll
2015-07-15 17:55:00    22016    ----a-w-    c:\windows\system32\secur32.dll
2015-07-15 17:54:59    655360    ----a-w-    c:\windows\system32\rpcrt4.dll
2015-07-15 17:54:55    221184    ----a-w-    c:\windows\system32\ncrypt.dll
2015-07-15 17:54:54    259584    ----a-w-    c:\windows\system32\msv1_0.dll
2015-07-15 17:54:53    10752    ----a-w-    c:\windows\system32\msmmsp.dll
2015-07-15 17:54:50    1061376    ----a-w-    c:\windows\system32\lsasrv.dll
2015-07-15 17:54:49    552960    ----a-w-    c:\windows\system32\kerberos.dll
2015-07-15 17:54:43    38912    ----a-w-    c:\windows\system32\csrsrv.dll
2015-07-15 17:54:43    36864    ----a-w-    c:\windows\system32\cryptbase.dll
2015-07-15 17:54:43    17408    ----a-w-    c:\windows\system32\credssp.dll
2015-07-15 17:54:24    69632    ----a-w-    c:\windows\system32\smss.exe
2015-07-15 17:54:19    262656    ----a-w-    c:\windows\system32\rstrui.exe
2015-07-15 17:54:08    22528    ----a-w-    c:\windows\system32\lsass.exe
2015-07-15 17:53:53    50176    ----a-w-    c:\windows\system32\auditpol.exe
2015-07-15 17:49:10    60416    ----a-w-    c:\windows\system32\msobjs.dll
2015-07-15 17:48:14    146432    ----a-w-    c:\windows\system32\msaudite.dll
2015-07-15 17:44:18    6656    ----a-w-    c:\windows\system32\apisetschema.dll
2015-07-15 17:44:16    686080    ----a-w-    c:\windows\system32\adtschema.dll
2015-07-15 17:43:40    2560    ----a-w-    c:\windows\system32\drivers\en-us\mountmgr.sys.mui
2015-07-15 16:36:44    225792    ----a-w-    c:\windows\system32\drivers\mrxsmb10.sys
2015-07-15 16:36:23    98304    ----a-w-    c:\windows\system32\drivers\mrxsmb20.sys
2015-07-15 16:36:23    124416    ----a-w-    c:\windows\system32\drivers\mrxsmb.sys
2015-07-15 02:55:45    1390592    ----a-w-    c:\windows\system32\msxml6.dll
2015-07-15 02:55:45    1241088    ----a-w-    c:\windows\system32\msxml3.dll
2015-07-15 02:55:32    44032    ----a-w-    c:\windows\system32\basesrv.dll
2015-07-15 02:51:14    2048    ----a-w-    c:\windows\system32\msxml6r.dll
2015-07-15 02:51:14    2048    ----a-w-    c:\windows\system32\msxml3r.dll
2015-07-10 17:34:09    36864    ----a-w-    c:\windows\system32\tsgqec.dll
2015-07-10 17:34:02    3221504    ----a-w-    c:\windows\system32\mstscax.dll
2015-07-10 17:33:50    131584    ----a-w-    c:\windows\system32\aaclient.dll
2015-07-09 17:42:27    179712    ----a-w-    c:\windows\system32\notepad.exe
2015-07-09 17:42:27    179712    ----a-w-    c:\windows\notepad.exe
2015-07-04 17:48:36    1414656    ----a-w-    c:\windows\system32\ole32.dll
.
============= FINISH: 10:07:22.63 ===============
 

 

 

 

 

Results of screen317's Security Check version 0.99.96  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 SpywareBlaster 5.0    
 CCleaner     
 Java 8 Update 60  
 Java version 32-bit out of Date!
  Java 64-bit 8 Update 31  
 Adobe Flash Player     19.0.0.185  
 Mozilla Firefox (41.0)
 Google Chrome (45.0.2454.101)
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
 



#2 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,801 posts

Posted 30 September 2015 - 05:32 PM

Hello theruler. Welcome to SWI.

I notice that you do not seem to be running antivirus software.This is somewhat suicidal in today's digital world. I strongly suggest you install one. I will give you a list of anti-virus programs to choose from once the computer is clean.

First of all you need to create a Restore point. Give it a name that you will understand. Something like---before running tools.
For information on how to create a Restore point please go here: How to create Restore Point.

Please download AdwCleaner by Xplode onto your Desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found.  Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please attach it to your reply.

Please post:
AdwCleaner log
FRST log.

How is the computer running now?


Rocket Grannie

 


a93.gif


 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

#3 theruler

theruler

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 30 September 2015 - 08:35 PM

# AdwCleaner v5.004 - Logfile created 30/09/2015 at 22:30:56
# Updated 26/08/2015 by Xplode
# Database : 2015-09-30.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x86)
# Username : Rafael - RAFAEL-PC
# Running from : C:\Users\Rafael\Downloads\adwcleaner_5.004.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WdsManPro
 
***** [ Web browsers ] *****
 
[C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : br.ask.com
 
########## EOF - C:\AdwCleaner\AdwCleaner[S30].txt - [758 bytes] ##########
 
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:27-09-2015 01
Ran by Rafael (administrator) on RAFAEL-PC (30-09-2015 22:33:39)
Running from C:\Users\Rafael\Downloads
Loaded Profiles: Rafael (Available Profiles: Rafael)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Agent.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-UpdaterService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Users\Rafael\Downloads\adwcleaner_5.004.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Frontend.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Service.exe
(BlueStack Systems) C:\Program Files\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files\BlueStacks\HD-SharedFolder.exe
(Opera Software) C:\Program Files\Opera\32.0.1948.25\opera.exe
(Opera Software) C:\Program Files\Opera\32.0.1948.25\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\32.0.1948.25\opera.exe
(Opera Software) C:\Program Files\Opera\32.0.1948.25\opera.exe
(Opera Software) C:\Program Files\Opera\32.0.1948.25\opera.exe
(Opera Software) C:\Program Files\Opera\32.0.1948.25\opera.exe
(Opera Software) C:\Program Files\Opera\32.0.1948.25\opera.exe
(Opera Software) C:\Program Files\Opera\32.0.1948.25\opera.exe
(Opera Software) C:\Program Files\Opera\32.0.1948.25\opera.exe
(Opera Software) C:\Program Files\Opera\32.0.1948.25\opera.exe
(Opera Software) C:\Program Files\Opera\32.0.1948.25\opera.exe
(Opera Software) C:\Program Files\Opera\32.0.1948.25\opera.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-11-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
BootExecute: autocheck autochk * sdnclean.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{12FF66DF-C2B5-4FA9-9BA0-4C02BDED4B79}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2419543767-738669550-1292418241-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2419543767-738669550-1292418241-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2419543767-738669550-1292418241-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2419543767-738669550-1292418241-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-25] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-25] (Oracle Corporation)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
 
FireFox:
========
FF ProfilePath: C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\4h6kato1.default-1443576810151
FF Homepage: user_pref("browser.startup.homepage","hxxp://www.ebd123.com/?QD");user_pref("browser.taskbar.lastgroupid", "308046B0AF4A39CB");
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-22] ()
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-25] (Oracle Corporation)
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files\SkypeWebPlugin\3.2.0.23388\npSkypeWebPlugin.dll [2014-11-03] (Skype)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-29] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-29] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Extension: Block site - C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\4h6kato1.default-1443576810151\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2015-09-30]
FF HKLM\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com
FF Extension: Wondershare Video Converter Ultimate - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com [2014-12-04]
 
Chrome: 
=======
CHR Profile: C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Apresentações) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-29]
CHR Extension: (Google Docs) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-29]
CHR Extension: (Google Drive) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-29]
CHR Extension: (YouTube) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Google Search) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-29]
CHR Extension: (Planilhas do Google) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-29]
CHR Extension: (Documentos Google off-line) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-29]
CHR Extension: (Avast Online Security) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-09-30]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-09-29]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-29]
CHR Extension: (Gmail) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-29]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [433784 2015-06-16] (BlueStack Systems, Inc.)
R3 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [413304 2015-06-16] (BlueStack Systems, Inc.)
R3 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [831096 2015-07-21] (BlueStack Systems, Inc.)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [280680 2015-06-04] (Intel Corporation)
S3 ICCS; C:\Program Files\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [169752 2012-04-24] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [462048 2012-04-20] (Intel® Corporation)
R2 jhi_service; C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5427472 2015-01-28] (TeamViewer GmbH)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-14] (VIA Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 SvcHelper; C:\Program Files\OIViewer\SvcHlp.dll [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [131704 2015-06-16] (BlueStack Systems)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [54968 2015-09-29] ()
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x86.sys [99992 2012-07-19] (Qualcomm Atheros Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [55104 2012-07-02] (Intel Corporation)
R1 usbabcd; C:\Windows\System32\Drivers\usbabcd.sys [334936 2015-09-16] ()
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1839760 2012-08-14] (VIA Technologies, Inc.)
R3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [27496 2014-10-24] (Wondershare)
S0 Bhbase; System32\drivers\Bhbase.sys [X]
S3 catchme; \??\C:\Users\Rafael\AppData\Local\Temp\catchme.sys [X]
S3 eapihdrv; \??\C:\Users\Rafael\AppData\Local\Temp\ehdrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-30 22:28 - 2015-09-30 15:19 - 00789296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswC14D.tmp
2015-09-30 22:28 - 2015-09-30 15:19 - 00434184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswC2A9.tmp
2015-09-30 22:28 - 2015-09-30 15:19 - 00208664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswC2D9.tmp
2015-09-30 22:28 - 2015-09-30 15:19 - 00115640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswC376.tmp
2015-09-30 22:28 - 2015-09-30 15:19 - 00107984 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvC052.tmp
2015-09-30 22:28 - 2015-09-30 15:19 - 00081728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswC19C.tmp
2015-09-30 22:28 - 2015-09-30 15:19 - 00076000 _____ (AVAST Software) C:\Windows\system32\Drivers\aswC278.tmp
2015-09-30 22:28 - 2015-09-30 15:19 - 00049776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswC299.tmp
2015-09-30 22:28 - 2015-09-30 15:19 - 00024016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswC258.tmp
2015-09-30 21:41 - 2015-09-30 21:41 - 00290816 _____ C:\Windows\system32\usbabcdProxy.dat
2015-09-30 21:38 - 2015-09-30 21:38 - 00287216 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-30 21:38 - 2015-09-30 21:38 - 00000334 _____ C:\Windows\PFRO.log
2015-09-30 15:21 - 2015-09-30 15:21 - 00000000 ____D C:\Windows\system32\vbox
2015-09-30 15:21 - 2015-09-30 15:21 - 00000000 ____D C:\Users\Rafael\AppData\Roaming\AVAST Software
2015-09-30 15:20 - 2015-09-30 21:38 - 00000056 _____ C:\Windows\setupact.log
2015-09-30 15:20 - 2015-09-30 15:20 - 00002075 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-09-30 15:20 - 2015-09-30 15:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-09-30 15:20 - 2015-09-30 15:20 - 00000000 _____ C:\Windows\setuperr.log
2015-09-30 15:19 - 2015-09-30 15:19 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-09-30 15:04 - 2015-09-30 15:04 - 00000000 ____D C:\Program Files\AVAST Software
2015-09-30 15:03 - 2015-09-30 15:03 - 00064504 _____ C:\Users\Rafael\AppData\Local\GDIPFONTCACHEV1.DAT
2015-09-30 15:03 - 2015-09-30 15:03 - 00000000 ____D C:\ProgramData\AVAST Software
2015-09-30 15:02 - 2015-09-30 15:03 - 05481336 _____ (Avast Software s.r.o.) C:\Users\Rafael\Downloads\avast_free_antivirus_setup_online_cnet.exe
2015-09-30 10:07 - 2015-09-30 10:07 - 00004588 _____ C:\Users\Rafael\Desktop\attach.txt
2015-09-30 09:10 - 2015-09-30 21:44 - 00030590 _____ C:\Windows\WindowsUpdate.log
2015-09-30 00:21 - 2015-09-30 00:21 - 00000376 _____ C:\Users\Rafael\Downloads\Search.txt
2015-09-30 00:17 - 2015-09-30 22:33 - 00012314 _____ C:\Users\Rafael\Downloads\FRST.txt
2015-09-30 00:16 - 2015-09-30 00:17 - 01696256 _____ (Farbar) C:\Users\Rafael\Downloads\FRST.exe
2015-09-30 00:03 - 2015-09-30 00:03 - 00014678 _____ C:\ComboFix.txt
2015-09-29 23:54 - 2015-09-29 23:55 - 05636489 ____R (Swearware) C:\Users\Rafael\Downloads\ComboFix.exe
2015-09-29 23:21 - 2015-09-30 22:33 - 00000000 ___HD C:\Users\Rafael\AppData\Roaming\LockIE
2015-09-29 23:03 - 2015-09-29 23:24 - 00000000 ____D C:\ProgramData\HitmanPro
2015-09-29 23:01 - 2015-09-29 23:02 - 10367880 _____ (SurfRight B.V.) C:\Users\Rafael\Downloads\HitmanPro.exe
2015-09-29 22:45 - 2015-09-29 22:45 - 00054968 _____ C:\Windows\system32\Drivers\fsbts.sys
2015-09-29 22:44 - 2015-09-29 22:45 - 00000000 ____D C:\ProgramData\F-Secure
2015-09-29 22:44 - 2015-09-29 22:44 - 00000000 ____D C:\Users\Rafael\AppData\Local\F-Secure
2015-09-29 22:43 - 2015-09-29 22:43 - 00572456 _____ (F-Secure Corporation) C:\Users\Rafael\Downloads\F-SecureOnlineScanner.exe
2015-09-29 22:42 - 2015-09-29 22:43 - 00000000 ____D C:\Users\Rafael\AppData\Roaming\QuickScan
2015-09-29 22:35 - 2015-09-29 22:36 - 00688992 ____R (Swearware) C:\Users\Rafael\Downloads\dds(1).scr
2015-09-29 22:33 - 2015-09-29 22:33 - 00000000 ____D C:\Users\Rafael\Desktop\Dados anteriores do Firefox
2015-09-29 22:01 - 2015-09-29 22:01 - 00019107 _____ C:\ZA-Scan.txt
2015-09-29 21:41 - 2015-09-29 21:41 - 00002199 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-29 21:41 - 2015-09-29 21:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-09-29 21:26 - 2015-09-29 23:38 - 00000000 ____D C:\Users\Rafael\AppData\Local\VirtualStore
2015-09-29 15:24 - 2015-09-29 15:24 - 00448512 _____ (OldTimer Tools) C:\Users\Rafael\Downloads\TFC(1).exe
2015-09-29 15:17 - 2015-09-29 15:19 - 18801736 _____ C:\Users\Rafael\Downloads\RogueKiller.exe
2015-09-29 14:28 - 2015-09-29 14:29 - 00000000 ____D C:\ProgramData\Sophos
2015-09-29 14:27 - 2015-09-29 14:27 - 00002747 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2015-09-29 14:27 - 2015-09-29 14:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-09-29 14:27 - 2015-09-29 14:27 - 00000000 ____D C:\Program Files\Sophos
2015-09-29 14:23 - 2015-09-29 14:23 - 00000000 ____D C:\Program Files\Common Files\AV
2015-09-29 14:15 - 2015-09-29 14:26 - 134662048 _____ (Sophos Limited) C:\Users\Rafael\Downloads\Sophos Virus Removal Tool.exe
2015-09-29 14:09 - 2015-09-29 21:25 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2015-09-29 14:03 - 2015-09-29 14:07 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Rafael\Downloads\spybot-2.4.exe
2015-09-29 13:09 - 2015-09-29 14:01 - 00000000 ____D C:\Users\Rafael\AppData\Local\Mozilla
2015-09-29 13:09 - 2015-09-29 13:09 - 00001117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-09-29 13:09 - 2015-09-29 13:09 - 00000000 ____D C:\Users\Rafael\AppData\Roaming\Mozilla
2015-09-29 13:09 - 2015-09-29 13:09 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-09-29 13:05 - 2015-09-29 13:05 - 00243768 _____ C:\Users\Rafael\Downloads\Firefox Setup Stub 41.0.exe
2015-09-29 10:19 - 2015-09-29 10:25 - 55698416 _____ C:\Users\Rafael\Downloads\GRASS ROOT RIDDIM [FULL PROMO] - FREE WILLY MUSIC.zip
2015-09-28 23:35 - 2015-09-28 23:38 - 00000000 ____D C:\Program Files\SpywareBlaster
2015-09-28 23:35 - 2015-09-28 23:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2015-09-28 23:29 - 2015-09-28 23:29 - 00029959 _____ C:\Users\Rafael\Downloads\regsv32a.exe
2015-09-28 23:29 - 1997-01-09 15:01 - 00001239 _____ C:\Users\Rafael\Downloads\REGSV32A.TXT
2015-09-28 23:29 - 1996-08-09 00:30 - 00030720 ____R (Microsoft Corporation) C:\Users\Rafael\Downloads\REGSVR32.EXE
2015-09-28 21:54 - 2015-09-28 21:54 - 00000000 ____D C:\Users\Rafael\Downloads\FRST-OlderVersion
2015-09-28 21:40 - 2015-09-28 21:40 - 00000000 ____D C:\TDSSKiller_Quarantine
2015-09-28 21:38 - 2015-09-28 21:39 - 04383777 _____ C:\Users\Rafael\Downloads\tdsskiller (1).zip
2015-09-28 21:25 - 2015-09-30 21:41 - 00000728 _____ C:\Windows\NvConfig.dat
2015-09-28 21:23 - 2015-09-28 21:23 - 00000126 _____ C:\Windows\nvse.dat
2015-09-28 21:23 - 2015-09-16 23:56 - 00334936 _____ C:\Windows\system32\Drivers\usbabcd.sys
2015-09-28 21:22 - 2015-09-28 21:22 - 00000102 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2015-09-28 20:52 - 2015-09-28 21:57 - 00000004 _____ C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7
2015-09-28 20:51 - 2015-06-10 22:43 - 00000027 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-09-25 13:04 - 2015-09-25 13:04 - 00000000 ____D C:\Users\Rafael\AppData\Local\CEF
2015-09-25 11:51 - 2015-09-25 11:51 - 00000000 ____D C:\Users\Rafael\AppData\Roaming\Sun
2015-09-25 11:51 - 2015-09-25 11:51 - 00000000 ____D C:\Users\Rafael\.oracle_jre_usage
2015-09-25 11:51 - 2015-09-25 11:51 - 00000000 ____D C:\Program Files\Common Files\Java
2015-09-23 22:37 - 2015-09-23 22:37 - 00929872 _____ (Google Inc.) C:\Users\Rafael\Downloads\ChromeSetup(1).exe
2015-09-23 12:30 - 2015-09-28 23:13 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-09-23 12:30 - 2015-09-23 12:30 - 00000000 ____D C:\Program Files\Adobe
2015-09-23 12:23 - 2015-09-23 12:43 - 49695840 _____ (Oracle Corporation) C:\Users\Rafael\Downloads\jre-8u60-windows-i586.exe
2015-09-23 10:29 - 2015-09-23 10:38 - 101540296 _____ (Intel Corporation) C:\Users\Rafael\Downloads\win32_152824.exe
2015-09-23 10:12 - 2015-09-23 10:16 - 00000000 ____D C:\Windows\system32\MRT
2015-09-23 00:04 - 2015-09-23 00:06 - 15232481 _____ C:\Users\Rafael\Downloads\F_MRiddim (Soca 2015).zip
2015-09-22 23:18 - 2015-09-29 13:09 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-09-21 21:21 - 2015-09-21 21:22 - 11286878 _____ C:\Users\Rafael\Downloads\AIDONIA- 1V- NUH BORING GAL (BUDDY BRUKA) [RAW+CLEAN] - AJAN _ JAG ONE PRODUCTION.zip
2015-09-16 15:04 - 2015-09-28 23:13 - 00000959 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-09-12 12:43 - 2015-09-12 12:43 - 00000000 ____D C:\Program Files\Mythicsoft
2015-09-11 10:07 - 2015-09-11 10:07 - 00026243 _____ C:\Users\Rafael\Downloads\Addition.txt
2015-09-09 11:27 - 2015-09-09 11:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-09-09 11:27 - 2015-09-09 11:27 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-09-09 10:19 - 2015-08-17 22:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-09 10:19 - 2015-08-15 03:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-09 10:19 - 2015-08-15 02:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-09 10:19 - 2015-08-15 02:53 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-09-09 10:19 - 2015-08-15 02:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-09 10:19 - 2015-08-15 02:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-09-09 10:19 - 2015-08-15 02:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-09 10:19 - 2015-08-15 02:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-09-09 10:19 - 2015-08-15 02:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-09-09 10:19 - 2015-08-15 02:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-09 10:19 - 2015-08-15 02:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-09 10:19 - 2015-08-15 02:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-09-09 10:19 - 2015-08-15 02:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-09 10:19 - 2015-08-15 02:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-09 10:19 - 2015-08-15 02:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-09-09 10:19 - 2015-08-15 02:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-09 10:19 - 2015-08-15 02:29 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-09-09 10:19 - 2015-08-15 02:24 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-09-09 10:19 - 2015-08-15 02:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-09 10:19 - 2015-08-15 02:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-09-09 10:19 - 2015-08-15 02:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-09-09 10:19 - 2015-08-15 02:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-09 10:19 - 2015-08-15 02:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-09 10:19 - 2015-08-15 02:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-09 10:19 - 2015-08-15 02:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-09 10:19 - 2015-08-15 02:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-09 10:19 - 2015-08-15 02:02 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-09 10:19 - 2015-08-15 02:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-09 10:19 - 2015-08-15 02:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-09-09 10:19 - 2015-08-15 01:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-09 10:19 - 2015-08-15 01:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-09 10:19 - 2015-08-15 01:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-09 10:13 - 2015-09-01 23:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-09-09 10:13 - 2015-09-01 23:48 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-09 10:13 - 2015-09-01 23:48 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-09-09 10:13 - 2015-09-01 23:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-09-09 10:13 - 2015-09-01 22:36 - 02384896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-09 10:13 - 2015-09-01 22:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-09 10:13 - 2015-08-05 14:41 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-09 10:13 - 2015-08-05 14:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-09 10:13 - 2015-08-05 14:40 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-09-09 10:13 - 2015-08-04 14:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-09-09 10:13 - 2015-08-04 14:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-09 10:13 - 2015-08-04 14:47 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-09 10:13 - 2015-08-04 14:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-09-09 10:13 - 2015-08-04 14:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-09-09 10:13 - 2015-08-04 13:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-09-09 10:03 - 2015-08-26 14:56 - 02953728 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-09 10:03 - 2015-08-26 14:56 - 02061824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-09 10:03 - 2015-08-26 14:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-09 10:03 - 2015-08-26 14:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-09 10:03 - 2015-08-26 14:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-09 10:03 - 2015-08-26 14:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-09 10:03 - 2015-08-26 14:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-09 10:03 - 2015-08-26 14:55 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-09 10:03 - 2015-08-26 14:55 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-09-09 10:03 - 2015-08-26 14:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-09 10:03 - 2015-08-26 14:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-09-09 10:03 - 2015-07-14 23:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-09-02 15:02 - 2015-09-02 15:07 - 57515714 _____ C:\Users\Rafael\Downloads\STEAMAZ RIDDIM [FULL PROMO] - BIGGY MUSIC.zip
2015-08-31 11:18 - 2015-08-31 11:19 - 01618432 _____ C:\Users\Rafael\Downloads\adwcleaner_5.004.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-30 22:33 - 2015-02-16 10:39 - 00000000 ____D C:\FRST
2015-09-30 22:30 - 2015-01-14 13:37 - 00000000 ____D C:\AdwCleaner
2015-09-30 21:39 - 2009-07-14 01:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-30 15:29 - 2009-07-14 01:34 - 00016960 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-30 15:29 - 2009-07-14 01:34 - 00016960 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-30 15:28 - 2014-11-24 22:12 - 00000000 ____D C:\Users\Rafael\AppData\Roaming\DC++
2015-09-30 09:51 - 2014-11-25 12:19 - 00000000 ____D C:\Users\Rafael\AppData\Local\Google
2015-09-30 09:38 - 2014-12-29 10:41 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-30 09:08 - 2015-07-23 23:41 - 00000000 ____D C:\Users\Rafael\AppData\Local\CrashDumps
2015-09-30 00:19 - 2014-11-25 11:30 - 00000000 ____D C:\Users\Rafael\AppData\Roaming\foobar2000
2015-09-30 00:03 - 2015-01-14 13:41 - 00000000 ____D C:\Qoobox
2015-09-30 00:02 - 2009-07-13 23:04 - 00000215 _____ C:\Windows\system.ini
2015-09-29 23:34 - 2014-11-24 22:12 - 00000000 ____D C:\Users\Rafael\AppData\Local\DC++
2015-09-29 21:41 - 2014-11-25 12:19 - 00000000 ____D C:\Program Files\Google
2015-09-29 15:21 - 2015-07-23 23:33 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-09-29 12:47 - 2015-04-06 21:45 - 00000000 ____D C:\Users\Rafael\AppData\Roaming\TeamViewer
2015-09-28 23:40 - 2015-04-21 19:45 - 00000000 ____D C:\ProgramData\TEMP
2015-09-28 23:15 - 2009-07-13 23:37 - 00000000 __RSD C:\Windows\Media
2015-09-28 23:13 - 2015-06-07 22:36 - 00001054 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-28 23:13 - 2015-02-01 13:16 - 00000853 _____ C:\Users\Rafael\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2015-09-28 23:13 - 2015-01-29 11:16 - 00000989 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-09-28 23:13 - 2015-01-29 11:16 - 00000983 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-09-28 23:13 - 2014-11-25 18:36 - 00000947 _____ C:\Users\Public\Desktop\ApexDC++.lnk
2015-09-28 23:13 - 2014-11-25 11:30 - 00001059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk
2015-09-28 23:13 - 2014-11-24 21:37 - 00000940 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-09-28 23:13 - 2014-11-24 15:01 - 00001088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD VDeck.lnk
2015-09-28 23:13 - 2014-11-24 15:01 - 00001082 _____ C:\Users\Public\Desktop\HD VDeck.lnk
2015-09-28 23:13 - 2009-10-14 06:52 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-09-28 23:13 - 2009-10-14 06:52 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-09-28 23:13 - 2009-07-14 01:46 - 00001479 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-09-28 23:13 - 2009-07-14 01:46 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2015-09-28 23:13 - 2009-07-14 01:42 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2015-09-28 23:13 - 2009-07-14 01:42 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2015-09-28 23:13 - 2009-07-14 01:42 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2015-09-28 23:13 - 2009-07-14 01:37 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2015-09-28 21:50 - 2014-12-29 10:27 - 00000000 ____D C:\Users\Rafael\Downloads\backups
2015-09-28 21:30 - 2015-01-14 13:41 - 00000000 ____D C:\Windows\erdnt
2015-09-28 21:30 - 2009-07-13 23:03 - 46923776 _____ C:\Windows\system32\config\SOFTWARE.bak
2015-09-28 21:30 - 2009-07-13 23:03 - 15466496 _____ C:\Windows\system32\config\SYSTEM.bak
2015-09-28 21:30 - 2009-07-13 23:03 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2015-09-28 21:30 - 2009-07-13 23:03 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2015-09-28 21:30 - 2009-07-13 23:03 - 00262144 _____ C:\Windows\system32\config\DEFAULT.bak
2015-09-28 20:53 - 2009-07-13 23:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-09-27 21:31 - 2009-07-14 01:53 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-09-27 13:33 - 2014-11-25 18:37 - 00000000 ____D C:\Users\Rafael\AppData\Roaming\ApexDC++
2015-09-27 13:27 - 2009-11-11 02:43 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-26 21:53 - 2014-12-29 10:00 - 00000000 ____D C:\Users\Rafael\AppData\Roaming\Skype
2015-09-25 14:38 - 2015-06-28 02:12 - 00000000 ____D C:\Users\Rafael\Downloads\Carbon Copy Riddim - Platta Recordings
2015-09-25 13:04 - 2014-11-25 12:14 - 00000000 ____D C:\Users\Rafael\AppData\Local\Adobe
2015-09-25 11:51 - 2014-12-01 12:23 - 00097888 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-09-25 11:51 - 2014-12-01 12:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-09-25 11:51 - 2014-11-24 14:52 - 00000000 ____D C:\Users\Rafael
2015-09-25 11:50 - 2014-12-01 12:22 - 00000000 ____D C:\Program Files\Java
2015-09-23 12:30 - 2015-01-28 23:40 - 00000000 ____D C:\ProgramData\Adobe
2015-09-23 12:30 - 2015-01-28 23:40 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-09-23 10:42 - 2014-11-24 15:04 - 00018260 _____ C:\Windows\system32\results.xml
2015-09-23 10:41 - 2015-01-29 11:16 - 00000000 ____D C:\Program Files\TeamViewer
2015-09-23 10:40 - 2014-11-24 14:54 - 00000000 ____D C:\Program Files\Intel
2015-09-22 21:25 - 2015-08-07 23:29 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-22 09:49 - 2015-01-28 23:49 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-09-22 09:49 - 2015-01-28 23:49 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-09-16 15:10 - 2014-11-24 21:31 - 00000000 ____D C:\Program Files\Opera
2015-09-16 15:04 - 2014-11-24 21:29 - 00000000 ____D C:\Program Files\CCleaner
2015-09-12 15:13 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\rescache
2015-09-11 00:30 - 2015-02-01 13:16 - 00000000 ____D C:\Users\Rafael\AppData\Roaming\BitTorrent
2015-09-10 13:45 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-09-09 15:53 - 2015-06-15 11:59 - 00000000 ____D C:\Users\Rafael\Documents\projeto
2015-09-09 15:51 - 2009-07-14 04:50 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-09 11:27 - 2015-03-03 14:44 - 00000000 ___RD C:\Program Files\Skype
2015-09-09 11:27 - 2014-12-29 10:00 - 00000000 ____D C:\ProgramData\Skype
2015-09-02 00:12 - 2014-11-24 22:12 - 00000000 ____D C:\Users\Rafael\Desktop\dc++
2015-08-31 11:42 - 2014-11-24 15:01 - 00000662 _____ C:\Users\Rafael\Desktop\New Text Document.txt
 
==================== Files in the root of some directories =======
 
2015-09-28 21:22 - 2015-09-28 21:22 - 0000102 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
 
Some files in TEMP:
====================
C:\Users\Rafael\AppData\Local\temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-09-24 18:03
 
==================== End of FRST.txt ============================


#4 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,801 posts

Posted 30 September 2015 - 09:58 PM

Hello

 

Both AdwCleaner and FRST are running from your downloads folder.

Running from : C:\Users\Rafael\Downloads\adwcleaner_5.004.exe

 

To function correctly these programs need to be run from the Desktop.

Please open AdwCleaner and press uninstall.

Please delete all the FRST folders to the Recycle Bin.

Finally, go back to post #2, follow the instructions and post fresh logs.

 

 

Rocket Grannie


a93.gif


 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

#5 theruler

theruler

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 01 October 2015 - 07:54 AM

# AdwCleaner v5.009 - Logfile created 01/10/2015 at 09:49:15
# Updated 27/09/2015 by Xplode
# Database : 2015-09-30.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x86)
# Username : Rafael - RAFAEL-PC
# Running from : C:\Users\Rafael\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
Task Found : Adobe Flash Player Updater
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [597 bytes] ##########
 
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:30-09-2015
Ran by Rafael (administrator) on RAFAEL-PC (01-10-2015 09:50:40)
Running from C:\Users\Rafael\Desktop
Loaded Profiles: Rafael (Available Profiles: Rafael)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Agent.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-UpdaterService.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-11-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
BootExecute: autocheck autochk * sdnclean.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{12FF66DF-C2B5-4FA9-9BA0-4C02BDED4B79}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2419543767-738669550-1292418241-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2419543767-738669550-1292418241-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2419543767-738669550-1292418241-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2419543767-738669550-1292418241-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-25] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-25] (Oracle Corporation)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
 
FireFox:
========
FF ProfilePath: C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\4h6kato1.default-1443576810151
FF Homepage: user_pref("browser.startup.homepage","hxxp://www.ebd123.com/?QD");user_pref("browser.startup.homepage_override.mstone", "41.0.1");
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-22] ()
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-25] (Oracle Corporation)
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files\SkypeWebPlugin\3.2.0.23388\npSkypeWebPlugin.dll [2014-11-03] (Skype)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-29] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-29] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Extension: Block site - C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\4h6kato1.default-1443576810151\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2015-09-30]
FF HKLM\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com
FF Extension: Wondershare Video Converter Ultimate - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com [2014-12-04]
 
Chrome: 
=======
CHR Profile: C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Apresentações) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-29]
CHR Extension: (Google Docs) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-29]
CHR Extension: (Google Drive) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-29]
CHR Extension: (YouTube) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Google Search) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-29]
CHR Extension: (Planilhas do Google) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-29]
CHR Extension: (Documentos Google off-line) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-29]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-09-29]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-29]
CHR Extension: (Gmail) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-29]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [433784 2015-06-16] (BlueStack Systems, Inc.)
R3 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [413304 2015-06-16] (BlueStack Systems, Inc.)
R3 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [831096 2015-07-21] (BlueStack Systems, Inc.)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [280680 2015-06-04] (Intel Corporation)
S3 ICCS; C:\Program Files\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [169752 2012-04-24] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [462048 2012-04-20] (Intel® Corporation)
R2 jhi_service; C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5427472 2015-01-28] (TeamViewer GmbH)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-14] (VIA Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 SvcHelper; C:\Program Files\OIViewer\SvcHlp.dll [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [131704 2015-06-16] (BlueStack Systems)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [54968 2015-09-29] ()
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x86.sys [99992 2012-07-19] (Qualcomm Atheros Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [55104 2012-07-02] (Intel Corporation)
R1 usbabcd; C:\Windows\System32\Drivers\usbabcd.sys [334936 2015-09-16] ()
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1839760 2012-08-14] (VIA Technologies, Inc.)
R3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [27496 2014-10-24] (Wondershare)
S0 Bhbase; System32\drivers\Bhbase.sys [X]
S3 catchme; \??\C:\Users\Rafael\AppData\Local\Temp\catchme.sys [X]
S3 eapihdrv; \??\C:\Users\Rafael\AppData\Local\Temp\ehdrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-01 09:50 - 2015-10-01 09:51 - 00010913 _____ C:\Users\Rafael\Desktop\FRST.txt
2015-10-01 09:48 - 2015-10-01 09:48 - 01696256 _____ (Farbar) C:\Users\Rafael\Desktop\FRST.exe
2015-10-01 09:41 - 2015-10-01 09:42 - 01670656 _____ C:\Users\Rafael\Desktop\AdwCleaner.exe
2015-10-01 09:39 - 2015-10-01 09:39 - 00290816 _____ C:\Windows\system32\usbabcdProxy.dat
2015-09-30 23:04 - 2015-10-01 09:38 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-09-30 21:38 - 2015-10-01 09:38 - 00479698 _____ C:\Windows\PFRO.log
2015-09-30 21:38 - 2015-09-30 21:38 - 00287216 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-30 15:21 - 2015-09-30 15:21 - 00000000 ____D C:\Windows\system32\vbox
2015-09-30 15:20 - 2015-10-01 09:38 - 00000224 _____ C:\Windows\setupact.log
2015-09-30 15:20 - 2015-09-30 15:20 - 00000000 _____ C:\Windows\setuperr.log
2015-09-30 15:03 - 2015-09-30 22:36 - 00000000 ____D C:\ProgramData\AVAST Software
2015-09-30 15:03 - 2015-09-30 15:03 - 00064504 _____ C:\Users\Rafael\AppData\Local\GDIPFONTCACHEV1.DAT
2015-09-30 15:02 - 2015-09-30 15:03 - 05481336 _____ (Avast Software s.r.o.) C:\Users\Rafael\Downloads\avast_free_antivirus_setup_online_cnet.exe
2015-09-30 10:07 - 2015-09-30 10:07 - 00004588 _____ C:\Users\Rafael\Desktop\attach.txt
2015-09-30 09:10 - 2015-10-01 09:49 - 00066814 _____ C:\Windows\WindowsUpdate.log
2015-09-30 00:21 - 2015-09-30 00:21 - 00000376 _____ C:\Users\Rafael\Downloads\Search.txt
2015-09-30 00:03 - 2015-09-30 00:03 - 00014678 _____ C:\ComboFix.txt
2015-09-29 23:54 - 2015-09-29 23:55 - 05636489 ____R (Swearware) C:\Users\Rafael\Downloads\ComboFix.exe
2015-09-29 23:21 - 2015-10-01 09:50 - 00000000 ___HD C:\Users\Rafael\AppData\Roaming\LockIE
2015-09-29 23:03 - 2015-09-29 23:24 - 00000000 ____D C:\ProgramData\HitmanPro
2015-09-29 23:01 - 2015-09-29 23:02 - 10367880 _____ (SurfRight B.V.) C:\Users\Rafael\Downloads\HitmanPro.exe
2015-09-29 22:45 - 2015-09-29 22:45 - 00054968 _____ C:\Windows\system32\Drivers\fsbts.sys
2015-09-29 22:44 - 2015-09-29 22:45 - 00000000 ____D C:\ProgramData\F-Secure
2015-09-29 22:44 - 2015-09-29 22:44 - 00000000 ____D C:\Users\Rafael\AppData\Local\F-Secure
2015-09-29 22:43 - 2015-09-29 22:43 - 00572456 _____ (F-Secure Corporation) C:\Users\Rafael\Downloads\F-SecureOnlineScanner.exe
2015-09-29 22:42 - 2015-09-29 22:43 - 00000000 ____D C:\Users\Rafael\AppData\Roaming\QuickScan
2015-09-29 22:35 - 2015-09-29 22:36 - 00688992 ____R (Swearware) C:\Users\Rafael\Downloads\dds(1).scr
2015-09-29 22:33 - 2015-09-29 22:33 - 00000000 ____D C:\Users\Rafael\Desktop\Dados anteriores do Firefox
2015-09-29 22:01 - 2015-09-29 22:01 - 00019107 _____ C:\ZA-Scan.txt
2015-09-29 21:41 - 2015-09-29 21:41 - 00002199 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-29 21:41 - 2015-09-29 21:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-09-29 21:26 - 2015-09-29 23:38 - 00000000 ____D C:\Users\Rafael\AppData\Local\VirtualStore
2015-09-29 15:24 - 2015-09-29 15:24 - 00448512 _____ (OldTimer Tools) C:\Users\Rafael\Downloads\TFC(1).exe
2015-09-29 15:17 - 2015-09-29 15:19 - 18801736 _____ C:\Users\Rafael\Downloads\RogueKiller.exe
2015-09-29 14:28 - 2015-09-29 14:29 - 00000000 ____D C:\ProgramData\Sophos
2015-09-29 14:27 - 2015-09-29 14:27 - 00002747 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2015-09-29 14:27 - 2015-09-29 14:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-09-29 14:27 - 2015-09-29 14:27 - 00000000 ____D C:\Program Files\Sophos
2015-09-29 14:23 - 2015-09-29 14:23 - 00000000 ____D C:\Program Files\Common Files\AV
2015-09-29 14:15 - 2015-09-29 14:26 - 134662048 _____ (Sophos Limited) C:\Users\Rafael\Downloads\Sophos Virus Removal Tool.exe
2015-09-29 14:09 - 2015-09-29 21:25 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2015-09-29 14:03 - 2015-09-29 14:07 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Rafael\Downloads\spybot-2.4.exe
2015-09-29 13:09 - 2015-10-01 09:38 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-09-29 13:09 - 2015-09-29 14:01 - 00000000 ____D C:\Users\Rafael\AppData\Local\Mozilla
2015-09-29 13:09 - 2015-09-29 13:09 - 00001117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-09-29 13:09 - 2015-09-29 13:09 - 00000000 ____D C:\Users\Rafael\AppData\Roaming\Mozilla
2015-09-29 13:05 - 2015-09-29 13:05 - 00243768 _____ C:\Users\Rafael\Downloads\Firefox Setup Stub 41.0.exe
2015-09-29 10:19 - 2015-09-29 10:25 - 55698416 _____ C:\Users\Rafael\Downloads\GRASS ROOT RIDDIM [FULL PROMO] - FREE WILLY MUSIC.zip
2015-09-28 23:35 - 2015-09-28 23:38 - 00000000 ____D C:\Program Files\SpywareBlaster
2015-09-28 23:35 - 2015-09-28 23:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2015-09-28 23:29 - 2015-09-28 23:29 - 00029959 _____ C:\Users\Rafael\Downloads\regsv32a.exe
2015-09-28 23:29 - 1997-01-09 15:01 - 00001239 _____ C:\Users\Rafael\Downloads\REGSV32A.TXT
2015-09-28 23:29 - 1996-08-09 00:30 - 00030720 ____R (Microsoft Corporation) C:\Users\Rafael\Downloads\REGSVR32.EXE
2015-09-28 21:40 - 2015-09-28 21:40 - 00000000 ____D C:\TDSSKiller_Quarantine
2015-09-28 21:38 - 2015-09-28 21:39 - 04383777 _____ C:\Users\Rafael\Downloads\tdsskiller (1).zip
2015-09-28 21:25 - 2015-10-01 09:39 - 00000728 _____ C:\Windows\NvConfig.dat
2015-09-28 21:23 - 2015-09-28 21:23 - 00000126 _____ C:\Windows\nvse.dat
2015-09-28 21:23 - 2015-09-16 23:56 - 00334936 _____ C:\Windows\system32\Drivers\usbabcd.sys
2015-09-28 21:22 - 2015-09-28 21:22 - 00000102 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2015-09-28 20:52 - 2015-09-28 21:57 - 00000004 _____ C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7
2015-09-28 20:51 - 2015-06-10 22:43 - 00000027 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-09-25 13:04 - 2015-09-25 13:04 - 00000000 ____D C:\Users\Rafael\AppData\Local\CEF
2015-09-25 11:51 - 2015-09-25 11:51 - 00000000 ____D C:\Users\Rafael\AppData\Roaming\Sun
2015-09-25 11:51 - 2015-09-25 11:51 - 00000000 ____D C:\Users\Rafael\.oracle_jre_usage
2015-09-25 11:51 - 2015-09-25 11:51 - 00000000 ____D C:\Program Files\Common Files\Java
2015-09-23 22:37 - 2015-09-23 22:37 - 00929872 _____ (Google Inc.) C:\Users\Rafael\Downloads\ChromeSetup(1).exe
2015-09-23 12:30 - 2015-09-28 23:13 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-09-23 12:30 - 2015-09-23 12:30 - 00000000 ____D C:\Program Files\Adobe
2015-09-23 12:23 - 2015-09-23 12:43 - 49695840 _____ (Oracle Corporation) C:\Users\Rafael\Downloads\jre-8u60-windows-i586.exe
2015-09-23 10:29 - 2015-09-23 10:38 - 101540296 _____ (Intel Corporation) C:\Users\Rafael\Downloads\win32_152824.exe
2015-09-23 10:12 - 2015-09-23 10:16 - 00000000 ____D C:\Windows\system32\MRT
2015-09-23 00:04 - 2015-09-23 00:06 - 15232481 _____ C:\Users\Rafael\Downloads\F_MRiddim (Soca 2015).zip
2015-09-21 21:21 - 2015-09-21 21:22 - 11286878 _____ C:\Users\Rafael\Downloads\AIDONIA- 1V- NUH BORING GAL (BUDDY BRUKA) [RAW+CLEAN] - AJAN _ JAG ONE PRODUCTION.zip
2015-09-16 15:04 - 2015-09-28 23:13 - 00000959 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-09-12 12:43 - 2015-09-12 12:43 - 00000000 ____D C:\Program Files\Mythicsoft
2015-09-11 10:07 - 2015-09-11 10:07 - 00026243 _____ C:\Users\Rafael\Downloads\Addition.txt
2015-09-09 11:27 - 2015-09-09 11:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-09-09 11:27 - 2015-09-09 11:27 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-09-09 10:19 - 2015-08-17 22:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-09 10:19 - 2015-08-15 03:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-09 10:19 - 2015-08-15 02:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-09 10:19 - 2015-08-15 02:53 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-09-09 10:19 - 2015-08-15 02:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-09 10:19 - 2015-08-15 02:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-09-09 10:19 - 2015-08-15 02:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-09 10:19 - 2015-08-15 02:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-09-09 10:19 - 2015-08-15 02:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-09-09 10:19 - 2015-08-15 02:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-09 10:19 - 2015-08-15 02:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-09 10:19 - 2015-08-15 02:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-09-09 10:19 - 2015-08-15 02:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-09 10:19 - 2015-08-15 02:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-09 10:19 - 2015-08-15 02:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-09-09 10:19 - 2015-08-15 02:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-09 10:19 - 2015-08-15 02:29 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-09-09 10:19 - 2015-08-15 02:24 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-09-09 10:19 - 2015-08-15 02:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-09 10:19 - 2015-08-15 02:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-09-09 10:19 - 2015-08-15 02:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-09-09 10:19 - 2015-08-15 02:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-09 10:19 - 2015-08-15 02:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-09 10:19 - 2015-08-15 02:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-09 10:19 - 2015-08-15 02:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-09 10:19 - 2015-08-15 02:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-09 10:19 - 2015-08-15 02:02 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-09 10:19 - 2015-08-15 02:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-09 10:19 - 2015-08-15 02:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-09-09 10:19 - 2015-08-15 01:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-09 10:19 - 2015-08-15 01:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-09 10:19 - 2015-08-15 01:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-09 10:13 - 2015-09-01 23:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-09-09 10:13 - 2015-09-01 23:48 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-09 10:13 - 2015-09-01 23:48 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-09-09 10:13 - 2015-09-01 23:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-09-09 10:13 - 2015-09-01 22:36 - 02384896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-09 10:13 - 2015-09-01 22:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-09 10:13 - 2015-08-05 14:41 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-09 10:13 - 2015-08-05 14:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-09 10:13 - 2015-08-05 14:40 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-09-09 10:13 - 2015-08-04 14:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-09-09 10:13 - 2015-08-04 14:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-09 10:13 - 2015-08-04 14:47 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-09 10:13 - 2015-08-04 14:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-09-09 10:13 - 2015-08-04 14:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-09-09 10:13 - 2015-08-04 13:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-09-09 10:03 - 2015-08-26 14:56 - 02953728 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-09 10:03 - 2015-08-26 14:56 - 02061824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-09 10:03 - 2015-08-26 14:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-09 10:03 - 2015-08-26 14:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-09 10:03 - 2015-08-26 14:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-09 10:03 - 2015-08-26 14:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-09 10:03 - 2015-08-26 14:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-09 10:03 - 2015-08-26 14:55 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-09 10:03 - 2015-08-26 14:55 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-09-09 10:03 - 2015-08-26 14:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-09 10:03 - 2015-08-26 14:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-09-09 10:03 - 2015-07-14 23:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-09-02 15:02 - 2015-09-02 15:07 - 57515714 _____ C:\Users\Rafael\Downloads\STEAMAZ RIDDIM [FULL PROMO] - BIGGY MUSIC.zip
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-01 09:50 - 2015-02-16 10:39 - 00000000 ____D C:\FRST
2015-10-01 09:49 - 2015-01-14 13:37 - 00000000 ____D C:\AdwCleaner
2015-10-01 09:38 - 2009-07-14 01:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-01 00:35 - 2009-07-14 01:34 - 00016960 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-01 00:35 - 2009-07-14 01:34 - 00016960 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-30 23:53 - 2014-11-25 11:30 - 00000000 ____D C:\Users\Rafael\AppData\Roaming\foobar2000
2015-09-30 15:28 - 2014-11-24 22:12 - 00000000 ____D C:\Users\Rafael\AppData\Roaming\DC++
2015-09-30 09:51 - 2014-11-25 12:19 - 00000000 ____D C:\Users\Rafael\AppData\Local\Google
2015-09-30 09:38 - 2014-12-29 10:41 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-30 09:08 - 2015-07-23 23:41 - 00000000 ____D C:\Users\Rafael\AppData\Local\CrashDumps
2015-09-30 00:03 - 2015-01-14 13:41 - 00000000 ____D C:\Qoobox
2015-09-30 00:02 - 2009-07-13 23:04 - 00000215 _____ C:\Windows\system.ini
2015-09-29 23:34 - 2014-11-24 22:12 - 00000000 ____D C:\Users\Rafael\AppData\Local\DC++
2015-09-29 21:41 - 2014-11-25 12:19 - 00000000 ____D C:\Program Files\Google
2015-09-29 15:21 - 2015-07-23 23:33 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-09-29 12:47 - 2015-04-06 21:45 - 00000000 ____D C:\Users\Rafael\AppData\Roaming\TeamViewer
2015-09-28 23:40 - 2015-04-21 19:45 - 00000000 ____D C:\ProgramData\TEMP
2015-09-28 23:15 - 2009-07-13 23:37 - 00000000 __RSD C:\Windows\Media
2015-09-28 23:13 - 2015-06-07 22:36 - 00001054 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-28 23:13 - 2015-02-01 13:16 - 00000853 _____ C:\Users\Rafael\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2015-09-28 23:13 - 2015-01-29 11:16 - 00000989 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-09-28 23:13 - 2015-01-29 11:16 - 00000983 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-09-28 23:13 - 2014-11-25 18:36 - 00000947 _____ C:\Users\Public\Desktop\ApexDC++.lnk
2015-09-28 23:13 - 2014-11-25 11:30 - 00001059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk
2015-09-28 23:13 - 2014-11-24 21:37 - 00000940 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-09-28 23:13 - 2014-11-24 15:01 - 00001088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD VDeck.lnk
2015-09-28 23:13 - 2014-11-24 15:01 - 00001082 _____ C:\Users\Public\Desktop\HD VDeck.lnk
2015-09-28 23:13 - 2009-10-14 06:52 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-09-28 23:13 - 2009-10-14 06:52 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-09-28 23:13 - 2009-07-14 01:46 - 00001479 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-09-28 23:13 - 2009-07-14 01:46 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2015-09-28 23:13 - 2009-07-14 01:42 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2015-09-28 23:13 - 2009-07-14 01:42 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2015-09-28 23:13 - 2009-07-14 01:42 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2015-09-28 23:13 - 2009-07-14 01:37 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2015-09-28 21:50 - 2014-12-29 10:27 - 00000000 ____D C:\Users\Rafael\Downloads\backups
2015-09-28 21:30 - 2015-01-14 13:41 - 00000000 ____D C:\Windows\erdnt
2015-09-28 21:30 - 2009-07-13 23:03 - 46923776 _____ C:\Windows\system32\config\SOFTWARE.bak
2015-09-28 21:30 - 2009-07-13 23:03 - 15466496 _____ C:\Windows\system32\config\SYSTEM.bak
2015-09-28 21:30 - 2009-07-13 23:03 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2015-09-28 21:30 - 2009-07-13 23:03 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2015-09-28 21:30 - 2009-07-13 23:03 - 00262144 _____ C:\Windows\system32\config\DEFAULT.bak
2015-09-28 20:53 - 2009-07-13 23:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-09-27 21:31 - 2009-07-14 01:53 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-09-27 13:33 - 2014-11-25 18:37 - 00000000 ____D C:\Users\Rafael\AppData\Roaming\ApexDC++
2015-09-27 13:27 - 2009-11-11 02:43 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-26 21:53 - 2014-12-29 10:00 - 00000000 ____D C:\Users\Rafael\AppData\Roaming\Skype
2015-09-25 14:38 - 2015-06-28 02:12 - 00000000 ____D C:\Users\Rafael\Downloads\Carbon Copy Riddim - Platta Recordings
2015-09-25 13:04 - 2014-11-25 12:14 - 00000000 ____D C:\Users\Rafael\AppData\Local\Adobe
2015-09-25 11:51 - 2014-12-01 12:23 - 00097888 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-09-25 11:51 - 2014-12-01 12:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-09-25 11:51 - 2014-11-24 14:52 - 00000000 ____D C:\Users\Rafael
2015-09-25 11:50 - 2014-12-01 12:22 - 00000000 ____D C:\Program Files\Java
2015-09-23 12:30 - 2015-01-28 23:40 - 00000000 ____D C:\ProgramData\Adobe
2015-09-23 12:30 - 2015-01-28 23:40 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-09-23 10:42 - 2014-11-24 15:04 - 00018260 _____ C:\Windows\system32\results.xml
2015-09-23 10:41 - 2015-01-29 11:16 - 00000000 ____D C:\Program Files\TeamViewer
2015-09-23 10:40 - 2014-11-24 14:54 - 00000000 ____D C:\Program Files\Intel
2015-09-22 21:25 - 2015-08-07 23:29 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-22 09:49 - 2015-01-28 23:49 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-09-22 09:49 - 2015-01-28 23:49 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-09-16 15:10 - 2014-11-24 21:31 - 00000000 ____D C:\Program Files\Opera
2015-09-16 15:04 - 2014-11-24 21:29 - 00000000 ____D C:\Program Files\CCleaner
2015-09-12 15:13 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\rescache
2015-09-11 00:30 - 2015-02-01 13:16 - 00000000 ____D C:\Users\Rafael\AppData\Roaming\BitTorrent
2015-09-10 13:45 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-09-09 15:53 - 2015-06-15 11:59 - 00000000 ____D C:\Users\Rafael\Documents\projeto
2015-09-09 15:51 - 2009-07-14 04:50 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-09 11:27 - 2015-03-03 14:44 - 00000000 ___RD C:\Program Files\Skype
2015-09-09 11:27 - 2014-12-29 10:00 - 00000000 ____D C:\ProgramData\Skype
2015-09-02 00:12 - 2014-11-24 22:12 - 00000000 ____D C:\Users\Rafael\Desktop\dc++
 
==================== Files in the root of some directories =======
 
2015-09-28 21:22 - 2015-09-28 21:22 - 0000102 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-09-24 18:03
 
==================== End of FRST.txt ============================
 
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:30-09-2015
Ran by Rafael (2015-10-01 09:51:12)
Running from C:\Users\Rafael\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2014-11-24 17:52:35)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2419543767-738669550-1292418241-500 - Administrator - Disabled)
Guest (S-1-5-21-2419543767-738669550-1292418241-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2419543767-738669550-1292418241-1002 - Limited - Enabled)
Rafael (S-1-5-21-2419543767-738669550-1292418241-1000 - Administrator - Enabled) => C:\Users\Rafael
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC - Português (HKLM\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe Flash Player 18 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
ApexDC++ 1.6.0 (HKLM\...\{43D1A6DC-F2D3-4EBC-8851-CC8B9C0C8763}_is1) (Version: 1.6.0 - ApexDC++ Development Team)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
BlueStacks App Player (HKLM\...\BlueStacks App Player) (Version: 0.9.30.9239 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM\...\{79809712-A577-4B8C-A9FC-51945690C7DC}) (Version: 0.9.30.9239 - BlueStack Systems, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
DC++ 0.843 (HKLM\...\DC++) (Version: 0.843 - Jacek Sieka)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
foobar2000 v1.3.5 (HKLM\...\foobar2000) (Version: 1.3.5 - Peter Pawlowski)
globalupdate Helper (Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
HD Tune Pro 5.50 (HKLM\...\HD Tune Pro_is1) (Version:  - EFD Software)
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 8 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Kingsoft Office 2013 (9.1.0.4550) (HKLM\...\Kingsoft Office) (Version: 9.1.0.4550 - Kingsoft Corp.)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 41.0.1 (x86 pt-BR) (HKLM\...\Mozilla Firefox 41.0.1 (x86 pt-BR)) (Version: 41.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 41.0.1.5750 - Mozilla)
OpenOffice 4.1.1 (HKLM\...\{503D2C42-D698-43BC-97FE-3610F4E8CDDC}) (Version: 4.11.9775 - Apache Software Foundation)
Opera Stable 32.0.1948.25 (HKLM\...\Opera 32.0.1948.25) (Version: 32.0.1948.25 - Opera Software)
Platform (Version: 1.39 - VIA Technologies, Inc.) Hidden
Skype Web Plugin (HKLM\...\{15AF46DB-9EBA-4662-AA52-29EF23585035}) (Version: 3.2.0.23388 - Skype Technologies S.A.)
Skype™ 7.8 (HKLM\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
SoulseekQt (HKLM\...\SoulseekQt) (Version:  - )
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.38388 - TeamViewer)
VBA (2627.01) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VIA Gerenciador de dispositivo de plataforma (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
WinRAR 5.21 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2419543767-738669550-1292418241-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2419543767-738669550-1292418241-1000_Classes\CLSID\{30A2652A-DDF7-45e7-ACA6-3EAB26FC8A4E}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2419543767-738669550-1292418241-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2419543767-738669550-1292418241-1000_Classes\CLSID\{41662FC2-0D57-4aff-AB27-AD2E12E7C273}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2419543767-738669550-1292418241-1000_Classes\CLSID\{448BB771-CFE2-47C4-BCDF-1FBF378E202C}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2419543767-738669550-1292418241-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2419543767-738669550-1292418241-1000_Classes\CLSID\{7B342DC4-139A-4a46-8A93-DB0827CCEE9C}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2419543767-738669550-1292418241-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\ooofilt.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2419543767-738669550-1292418241-1000_Classes\CLSID\{7FA8AE11-B3E3-4D88-AABF-255526CD1CE8}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2419543767-738669550-1292418241-1000_Classes\CLSID\{82154420-0FBF-11d4-8313-005004526AB4}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2419543767-738669550-1292418241-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\propertyhdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2419543767-738669550-1292418241-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2419543767-738669550-1292418241-1000_Classes\CLSID\{D0484DE6-AAEE-468a-991F-8D4B0737B57A}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2419543767-738669550-1292418241-1000_Classes\CLSID\{D2D59CD1-0A6A-4D36-AE20-47817077D57C}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2419543767-738669550-1292418241-1000_Classes\CLSID\{E5A0B632-DFBA-4549-9346-E414DA06E6F8}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2419543767-738669550-1292418241-1000_Classes\CLSID\{EE5D1EA4-D445-4289-B2FC-55FC93693917}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2419543767-738669550-1292418241-1000_Classes\CLSID\{F616B81F-7BB8-4F22-B8A5-47428D59F8AD}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
 
==================== Restore Points =========================
 
30-09-2015 22:27:18 avast! antivirus system restore point
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 23:04 - 2015-09-30 00:02 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1CA1D87C-E0F4-4161-A152-36C5EABACD97} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {577DDD40-BE76-49F5-91CA-0B5A4EACBAE1} - \060184C3-9766-46a0-B258-F4518A0B2633 -> No File <==== ATTENTION
Task: {98B47F0D-8B43-44ED-A789-E208D3707A2F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-19] (Piriform Ltd)
Task: {BFD3263E-329F-4591-949C-18B2207186E9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-22] (Adobe Systems Incorporated)
Task: {DA747967-398B-41D4-920B-8E8A586CC92E} - System32\Tasks\Opera scheduled Autoupdate 1416875865 => C:\Program Files\Opera\launcher.exe [2015-09-11] (Opera Software)
Task: {DAA67D29-99F0-4112-AD3F-A8DF98EB670F} - System32\Tasks\{25C4D483-1141-4054-8455-94E341361CC9} => Iexplore.exe http://ui.skype.com/...e=tsProgressBar
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-11-24 14:57 - 2012-06-24 23:41 - 01198912 ____R () C:\Program Files\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2419543767-738669550-1292418241-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: GoogleChromeAutoLaunch_624A76E5D876DF68D809BD3DD31AB481 => "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: HotKeysCmds => "C:\Windows\system32\hkcmd.exe"
MSCONFIG\startupreg: IgfxTray => "C:\Windows\system32\igfxtray.exe"
MSCONFIG\startupreg: Persistence => "C:\Windows\system32\igfxpers.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{E834E8C4-5D38-4C83-A805-85DBC3DB06B2}C:\program files\dc++\dcplusplus.exe] => (Allow) C:\program files\dc++\dcplusplus.exe
FirewallRules: [UDP Query User{00473E5B-E5AD-4BBF-8548-7FD3F8FB9FB7}C:\program files\dc++\dcplusplus.exe] => (Allow) C:\program files\dc++\dcplusplus.exe
FirewallRules: [TCP Query User{F0357463-66B8-4F09-A55C-7DA31D5A2789}C:\program files\dc++\dcplusplus.exe] => (Allow) C:\program files\dc++\dcplusplus.exe
FirewallRules: [UDP Query User{5B78101A-8AE6-4F06-B51D-06119F8FE1E2}C:\program files\dc++\dcplusplus.exe] => (Allow) C:\program files\dc++\dcplusplus.exe
FirewallRules: [TCP Query User{6F04D8AC-3D7F-4002-841D-E7EE08743BCE}C:\program files\apexdc++\apexdc.exe] => (Allow) C:\program files\apexdc++\apexdc.exe
FirewallRules: [UDP Query User{2273A40D-5C52-4988-8EFC-7F720D5210B7}C:\program files\apexdc++\apexdc.exe] => (Allow) C:\program files\apexdc++\apexdc.exe
FirewallRules: [TCP Query User{0ED39D9E-F3B1-4A47-A1F6-414BFC6793A8}C:\program files\apexdc++\apexdc.exe] => (Allow) C:\program files\apexdc++\apexdc.exe
FirewallRules: [UDP Query User{432F93AF-9468-42D8-98FD-434586DD9FF0}C:\program files\apexdc++\apexdc.exe] => (Allow) C:\program files\apexdc++\apexdc.exe
FirewallRules: [TCP Query User{064D4A25-9179-4020-81BE-DC9EE3BCD029}C:\program files\soulseekqt\soulseekqt.exe] => (Allow) C:\program files\soulseekqt\soulseekqt.exe
FirewallRules: [UDP Query User{7022FAAA-41B7-423D-A5F3-39DCF26216A1}C:\program files\soulseekqt\soulseekqt.exe] => (Allow) C:\program files\soulseekqt\soulseekqt.exe
FirewallRules: [{DBE461FD-8145-4AB4-A93C-21258D3CE472}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{44474FEE-9B51-46A5-9F2A-04A7ACAEC6AD}] => (Allow) C:\Program Files\SkypeWebPlugin\3.2.0.23388\SkypeWebPlugin.exe
FirewallRules: [{D7265CA0-A928-4661-8C80-2BE8DB250AA6}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{6E60C4B9-8E9A-4F4A-AA45-9E64B343E2AE}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{FAD13DBF-366E-4E47-85CE-9509B67DB33B}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{2F3BA82F-4185-4748-928F-857FA1F86687}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{4078A4B4-8D5B-43E6-BEB2-EBE54EF51A97}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{6460DA80-7F65-4506-9511-0411F78DE20F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0ADFC1BB-64F7-4B70-BB30-5C20CD07743A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{22AB4194-437F-45A9-A7AB-9B5CB34FAB1C}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/30/2015 10:27:17 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {82bf29d6-53e2-421d-ba81-aa2593273fea}
 
Error: (09/30/2015 03:04:30 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {615f7310-0d24-47bc-a68d-f049aea24a56}
 
Error: (09/30/2015 12:28:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 41.0.0.5738, time stamp: 0x55fb7072
Faulting module name: mozglue.dll, version: 41.0.0.5738, time stamp: 0x55fb5afb
Exception code: 0x80000003
Fault offset: 0x0000ec7e
Faulting process id: 0x3c4
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
 
Error: (09/30/2015 12:26:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 41.0.0.5738, time stamp: 0x55fb7072
Faulting module name: mozglue.dll, version: 41.0.0.5738, time stamp: 0x55fb5afb
Exception code: 0x80000003
Fault offset: 0x0000ec7e
Faulting process id: 0x1100
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
 
Error: (09/29/2015 11:42:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 41.0.0.5738, time stamp: 0x55fb7072
Faulting module name: mozglue.dll, version: 41.0.0.5738, time stamp: 0x55fb5afb
Exception code: 0x80000003
Fault offset: 0x0000ec7e
Faulting process id: 0x5b0
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
 
Error: (09/29/2015 11:42:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 41.0.0.5738, time stamp: 0x55fb7072
Faulting module name: mozglue.dll, version: 41.0.0.5738, time stamp: 0x55fb5afb
Exception code: 0x80000003
Fault offset: 0x0000ec7e
Faulting process id: 0xe90
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
 
Error: (09/29/2015 11:42:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 41.0.0.5738 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: b3c
 
Start Time: 01d0fb28cd059ab9
 
Termination Time: 178
 
Application Path: C:\Program Files\Mozilla Firefox\firefox.exe
 
Report Id: d74759f9-671c-11e5-8db9-eca86bbc34a0
 
Error: (09/29/2015 11:36:29 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (09/29/2015 11:36:29 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (09/29/2015 11:36:29 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
 
System errors:
=============
Error: (10/01/2015 09:39:11 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
Bhbase
 
Error: (10/01/2015 09:39:00 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The SvcHelper service terminated with the following error: 
%%126
 
Error: (09/30/2015 11:52:46 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
Bhbase
 
Error: (09/30/2015 11:52:40 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The SvcHelper service terminated with the following error: 
%%126
 
Error: (09/30/2015 10:36:21 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
Bhbase
 
Error: (09/30/2015 10:36:11 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The SvcHelper service terminated with t

#6 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,801 posts

Posted 01 October 2015 - 12:48 PM

Hello theruler.

That's better, thank you.

Open Notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
To do this highlight the contents of the box and right click on it and select Copy.
Paste this into the open Notepad.
 

start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2419543767-738669550-1292418241-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2419543767-738669550-1292418241-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2419543767-738669550-1292418241-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
FF Homepage: user_pref("browser.startup.homepage","hxxp://www.ebd123.com/?QD");user_pref("browser.startup.homepage_override.mstone", "41.0.1");
FF Extension: Block site - C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\4h6kato1.default-1443576810151\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2015-09-30]
S2 SvcHelper; C:\Program Files\OIViewer\SvcHlp.dll [X]
S0 Bhbase; System32\drivers\Bhbase.sys [X]
S3 catchme; \??\C:\Users\Rafael\AppData\Local\Temp\catchme.sys [X]
S3 eapihdrv; \??\C:\Users\Rafael\AppData\Local\Temp\ehdrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
globalupdate Helper (Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
Task: {577DDD40-BE76-49F5-91CA-0B5A4EACBAE1} - \060184C3-9766-46a0-B258-F4518A0B2633 -> No File <==== ATTENTION

end

Save the files as fixlist.txt in to the same folder as FRST
Run FRST and click Fix only once and wait
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. (Save it to the Desktop)

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

How is the computer running now?


Rocket Grannie
 


a93.gif


 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

#7 theruler

theruler

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 01 October 2015 - 01:02 PM

Hi Grannie, ebd123 still around. Strange that it didn't affected Opera browser.

 

Fix result of Farbar Recovery Scan Tool (x86) Version:30-09-2015
Ran by Rafael (2015-10-01 14:54:49) Run:4
Running from C:\Users\Rafael\Desktop
Loaded Profiles: Rafael (Available Profiles: Rafael)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2419543767-738669550-1292418241-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2419543767-738669550-1292418241-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2419543767-738669550-1292418241-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
FF Homepage: user_pref("browser.startup.homepage","hxxp://www.ebd123.com/?QD");user_pref("browser.startup.homepage_override.mstone", "41.0.1");
FF Extension: Block site - C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\4h6kato1.default-1443576810151\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2015-09-30]
S2 SvcHelper; C:\Program Files\OIViewer\SvcHlp.dll [X]
S0 Bhbase; System32\drivers\Bhbase.sys [X]
S3 catchme; \??\C:\Users\Rafael\AppData\Local\Temp\catchme.sys [X]
S3 eapihdrv; \??\C:\Users\Rafael\AppData\Local\Temp\ehdrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
globalupdate Helper (Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
Task: {577DDD40-BE76-49F5-91CA-0B5A4EACBAE1} - \060184C3-9766-46a0-B258-F4518A0B2633 -> No File <==== ATTENTION
 
end
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
"HKLM\SOFTWARE\Policies\Google" => key removed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-2419543767-738669550-1292418241-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => value removed successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully.
HKU\S-1-5-21-2419543767-738669550-1292418241-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"HKU\S-1-5-21-2419543767-738669550-1292418241-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}" => key removed successfully.
HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => key not found. 
Firefox "homepage" removed successfully.
C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\4h6kato1.default-1443576810151\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} => moved successfully
C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\4h6kato1.default-1443576810151\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} => path removed successfully.
SvcHelper => service removed successfully.
Bhbase => service removed successfully.
catchme => service removed successfully.
eapihdrv => service removed successfully.
Synth3dVsc => service removed successfully.
tsusbhub => service removed successfully.
VBoxNetFlt => service removed successfully.
VGPU => service removed successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}\\SystemComponent => value removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{577DDD40-BE76-49F5-91CA-0B5A4EACBAE1}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{577DDD40-BE76-49F5-91CA-0B5A4EACBAE1}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\060184C3-9766-46a0-B258-F4518A0B2633" => key removed successfully.
EmptyTemp: => 1.2 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 14:56:47 ====


#8 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,801 posts

Posted 01 October 2015 - 04:00 PM

Hello theruler.

Strange that it didn't affected Opera browser.

It appears that Opera is not active, or, the computer could have been infected before Opera was installed.

Your logs appear to be clean.

I strongly suggest you install Avast again and leave it active on the computer all the time.

Now some housekeeping.

Open AdwCleaner and click "uninstall"
Delete the Security Check folder.
Delete the FRST folders.
Please delete all the tools in your downloads folder.

System Restore maintains a backup of your programs and may also backup infections, so please reset it to make a clean Restore Point.

To reset System Restore Points:
  • Go to Start >right click Computer >click  Properties >in the left pane click System Protection
  • Click the System Protection tab then click Create Give the Restore Point a name then click "Create". The new Restore Point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.    
  • Go to "Disk Cleanup" which can be found by going to Start > All Programs > Accessories > System Tools.
  • Click "OK" to select the partition or drive you desire.
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one. More details and screenshots for Disk Cleanup in Windows 7 can be found here.

Any further problems?


Rocket Grannie
 
a93.gif


 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

#9 theruler

theruler

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 01 October 2015 - 08:36 PM

Well, start page continue to change to ebd123.com. Maybe just formatting pc to get rid of it.



#10 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,801 posts

Posted 01 October 2015 - 10:27 PM

Hello theruler.

Which browsers are redirecting to ebd123?

Please go here to reset the home page for Firefox.

Please go here to reset the home page for Chrome

If that doesn't fix the problem follow the next instructions.

Note: This scan will take a long time to complete.

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1---32bit.
Download Mirror #2---64bit.
 

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    *ebd123*
    *.com
    
    :folderfind
    *ebd123*
    
    :regfind
    ebd123.com
  • Click the Look button to start the scan.
  • When finished, a Notepad window will open with the results of the scan.
    Please post this log in your next reply.

Note: The log can also be found on your Desktop named SystemLook.txt


Rocket Grannie
 


a93.gif


 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

#11 theruler

theruler

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 02 October 2015 - 06:26 AM

Firefox and chrome, not opera and  IE.

 

After the virus, mp3 files give this message "Unrecoverable playback error: Class not registered   (0x80040154)"

but i can listen audio from web pages.

 

 

 

SystemLook 30.07.11 by jpshortstuff
Log created at 08:19 on 02/10/2015 by Rafael
Administrator - Elevation successful
 
========== filefind ==========
 
Searching for "*ebd123*"
C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ebd123.com_0.localstorage --a---- 3072 bytes [18:10 01/10/2015] [18:10 01/10/2015] 4891D7ABBBC54A02B23B155F0C859EE8
C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ebd123.com_0.localstorage-journal --a---- 0 bytes [18:10 01/10/2015] [18:10 01/10/2015] D41D8CD98F00B204E9800998ECF8427E
 
Searching for "*.com"
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.com --a---- 6463360 bytes [12:59 16/02/2015] [12:59 16/02/2015] A6073B7978493CCD2D95AB1C5DDF2829
C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\firefox.com --a---- 893752 bytes [13:41 29/12/2014] [11:39 18/06/2015] 0692C8163852AB5674E2EB3B36131EF3
C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\mbam-chameleon.com --a---- 893752 bytes [13:41 29/12/2014] [11:39 18/06/2015] 0692C8163852AB5674E2EB3B36131EF3
C:\Program Files\OpenOffice 4\program\unopkg.com --a---- 10240 bytes [15:39 29/07/2014] [15:39 29/07/2014] F6FCE9593332430DC19E0091122B15D8
C:\Windows\Boot\DVD\PCAT\etfsboot.com --a---- 4096 bytes [21:14 10/06/2009] [21:14 10/06/2009] D4BEFEBF3CEF129AC087422B9E912788
C:\Windows\Fonts\GlobalMonospace.CompositeFont --a---- 26040 bytes [04:52 14/07/2009] [04:52 14/07/2009] B7F882C45E520600053327AA42FA3A4F
C:\Windows\Fonts\GlobalSansSerif.CompositeFont --a---- 26489 bytes [04:52 14/07/2009] [04:52 14/07/2009] D6B2075824BA9FAA4B37D98B13447F32
C:\Windows\Fonts\GlobalSerif.CompositeFont --a---- 29779 bytes [04:52 14/07/2009] [04:52 14/07/2009] B77AB4697B17FBBB25E41A15CC31D94E
C:\Windows\Fonts\GlobalUserInterface.CompositeFont --a---- 43318 bytes [04:52 14/07/2009] [04:52 14/07/2009] 8F64A583B0823BFC2FDF7277E67B5E16
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config.comments --a---- 42852 bytes [02:05 14/07/2009] [21:22 10/06/2009] 4C472A89BF2EDEB06A9E99D76E9C622C
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\web.config.comments --a---- 57738 bytes [02:05 14/07/2009] [21:22 10/06/2009] 1A0EE358341DE6C0D19FE8D3962856D4
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config.comments --a---- 91785 bytes [19:02 11/09/2013] [19:02 11/09/2013] BE7B0175B424A5849434E8A9E52977CE
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\web.config.comments --a---- 69520 bytes [21:29 18/03/2013] [21:29 18/03/2013] A0BC6D8153132CC3FEABB0A0FB54192E
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\Fonts\GlobalMonospace.CompositeFont --a---- 26040 bytes [06:55 31/08/2009] [06:55 31/08/2009] B7F882C45E520600053327AA42FA3A4F
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\Fonts\GlobalSansSerif.CompositeFont --a---- 26489 bytes [06:55 31/08/2009] [06:55 31/08/2009] D6B2075824BA9FAA4B37D98B13447F32
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\Fonts\GlobalSerif.CompositeFont --a---- 29779 bytes [06:55 31/08/2009] [06:55 31/08/2009] B77AB4697B17FBBB25E41A15CC31D94E
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\Fonts\GlobalUserInterface.CompositeFont --a---- 55867 bytes [00:11 19/03/2013] [00:11 19/03/2013] 40F94AA906BF58374E2FEF90353C5211
C:\Windows\System32\chcp.com --a---- 11776 bytes [23:15 13/07/2009] [23:15 13/07/2009] 4436B1A16BDC58D2B3A5263F042C09B3
C:\Windows\System32\COMMAND.COM --a---- 50648 bytes [21:40 13/07/2009] [21:40 13/07/2009] BA597F9A4BB90F038266CE1A3C3BE3FB
C:\Windows\System32\diskcomp.com --a---- 13824 bytes [23:15 13/07/2009] [23:15 13/07/2009] 5B14AC797149B7D353490AC36F17EC5B
C:\Windows\System32\diskcopy.com --a---- 11264 bytes [23:15 13/07/2009] [23:15 13/07/2009] 8D475192609B4C28916A394D264C9ACA
C:\Windows\System32\edit.com --a---- 69886 bytes [21:42 10/06/2009] [21:42 10/06/2009] F6E368E10B600836DD349FF937B183A2
C:\Windows\System32\format.com --a---- 35840 bytes [23:15 13/07/2009] [23:15 13/07/2009] 6D2F3D25402B3A3981E884C59C7D4720
C:\Windows\System32\graftabl.com --a---- 58880 bytes [23:20 13/07/2009] [23:20 13/07/2009] A84EF6BA5248BC34683DDC5495563254
C:\Windows\System32\GRAPHICS.COM --a---- 19694 bytes [21:41 13/07/2009] [21:41 13/07/2009] 6E4E7884E6489AC4F5E6DAB176A73E52
C:\Windows\System32\KB16.COM --a---- 14710 bytes [21:40 13/07/2009] [21:40 13/07/2009] 4D7E256377A5E934EA1820B2CEA79131
C:\Windows\System32\LOADFIX.COM --a---- 1131 bytes [21:40 13/07/2009] [21:40 13/07/2009] 536460507B20AE0F03D7BEE8111028CF
C:\Windows\System32\mode.com --a---- 25088 bytes [23:15 13/07/2009] [23:15 13/07/2009] F015208F1F8473BA2E4BC229E0D38EFD
C:\Windows\System32\more.com --a---- 20992 bytes [23:15 13/07/2009] [23:15 13/07/2009] D337FBEC548E46BD32DAEC5F67D0BE47
C:\Windows\System32\tree.com --a---- 16384 bytes [23:15 13/07/2009] [23:15 13/07/2009] EE3B6D847B0644D5A2A1D23A3D37B3EE
C:\Windows\System32\win.com --a---- 6656 bytes [23:20 13/07/2009] [23:20 13/07/2009] 9DB8E7776F8BB7804FDF5AFEE864E60E
C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7_kb16.com_ec87df0f --a---- 14710 bytes [19:31 26/11/2014] [18:25 26/11/2014] 4D7E256377A5E934EA1820B2CEA79131
C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7_graftabl.com_a9c93904 --a---- 58880 bytes [19:31 26/11/2014] [18:25 26/11/2014] A84EF6BA5248BC34683DDC5495563254
C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7_loadfix.com_26a53d88 --a---- 1131 bytes [19:31 26/11/2014] [18:25 26/11/2014] 536460507B20AE0F03D7BEE8111028CF
C:\Windows\winsxs\Backup\x86_microsoft-windows-b..onment-dvd-etfsboot_31bf3856ad364e35_6.1.7600.16385_none_82523ed4cbbd035a_etfsboot.com_ef11feb5 --a---- 4096 bytes [04:52 14/07/2009] [04:52 14/07/2009] D4BEFEBF3CEF129AC087422B9E912788
C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7_command.com_a0d51f6e --a---- 50648 bytes [19:31 26/11/2014] [18:25 26/11/2014] BA597F9A4BB90F038266CE1A3C3BE3FB
C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7_edit.com_fc89ce91 --a---- 69886 bytes [19:31 26/11/2014] [18:25 26/11/2014] F6E368E10B600836DD349FF937B183A2
C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7_win.com_ca2eda11 --a---- 6656 bytes [19:31 26/11/2014] [18:25 26/11/2014] 9DB8E7776F8BB7804FDF5AFEE864E60E
C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7_graphics.com_d370dbdc --a---- 19694 bytes [19:31 26/11/2014] [18:25 26/11/2014] 6E4E7884E6489AC4F5E6DAB176A73E52
C:\Windows\winsxs\x86_microsoft-windows-b..onment-dvd-etfsboot_31bf3856ad364e35_6.1.7600.16385_none_82523ed4cbbd035a\etfsboot.com --a---- 4096 bytes [21:14 10/06/2009] [21:14 10/06/2009] D4BEFEBF3CEF129AC087422B9E912788
C:\Windows\winsxs\x86_microsoft-windows-f..opycompareutilities_31bf3856ad364e35_6.1.7600.16385_none_d9573758d681d8ec\diskcomp.com --a---- 13824 bytes [23:15 13/07/2009] [23:15 13/07/2009] 5B14AC797149B7D353490AC36F17EC5B
C:\Windows\winsxs\x86_microsoft-windows-f..opycompareutilities_31bf3856ad364e35_6.1.7600.16385_none_d9573758d681d8ec\diskcopy.com --a---- 11264 bytes [23:15 13/07/2009] [23:15 13/07/2009] 8D475192609B4C28916A394D264C9ACA
C:\Windows\winsxs\x86_microsoft-windows-format_31bf3856ad364e35_6.1.7600.16385_none_265f38d5eb4d284a\format.com --a---- 35840 bytes [23:15 13/07/2009] [23:15 13/07/2009] 6D2F3D25402B3A3981E884C59C7D4720
C:\Windows\winsxs\x86_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.1.7600.16385_none_7cf343cac8a829ec\chcp.com --a---- 11776 bytes [23:15 13/07/2009] [23:15 13/07/2009] 4436B1A16BDC58D2B3A5263F042C09B3
C:\Windows\winsxs\x86_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.1.7600.16385_none_7cf343cac8a829ec\mode.com --a---- 25088 bytes [23:15 13/07/2009] [23:15 13/07/2009] F015208F1F8473BA2E4BC229E0D38EFD
C:\Windows\winsxs\x86_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.1.7600.16385_none_7cf343cac8a829ec\more.com --a---- 20992 bytes [23:15 13/07/2009] [23:15 13/07/2009] D337FBEC548E46BD32DAEC5F67D0BE47
C:\Windows\winsxs\x86_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.1.7600.16385_none_7cf343cac8a829ec\tree.com --a---- 16384 bytes [23:15 13/07/2009] [23:15 13/07/2009] EE3B6D847B0644D5A2A1D23A3D37B3EE
C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7600.16385_none_fde3cf3dd3e16d0d\COMMAND.COM --a---- 50648 bytes [21:40 13/07/2009] [21:40 13/07/2009] BA597F9A4BB90F038266CE1A3C3BE3FB
C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7600.16385_none_fde3cf3dd3e16d0d\edit.com --a---- 69886 bytes [21:42 10/06/2009] [21:42 10/06/2009] F6E368E10B600836DD349FF937B183A2
C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7600.16385_none_fde3cf3dd3e16d0d\graftabl.com --a---- 58880 bytes [23:20 13/07/2009] [23:20 13/07/2009] A84EF6BA5248BC34683DDC5495563254
C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7600.16385_none_fde3cf3dd3e16d0d\GRAPHICS.COM --a---- 19694 bytes [21:41 13/07/2009] [21:41 13/07/2009] 6E4E7884E6489AC4F5E6DAB176A73E52
C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7600.16385_none_fde3cf3dd3e16d0d\KB16.COM --a---- 14710 bytes [21:40 13/07/2009] [21:40 13/07/2009] 4D7E256377A5E934EA1820B2CEA79131
C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7600.16385_none_fde3cf3dd3e16d0d\LOADFIX.COM --a---- 1131 bytes [21:40 13/07/2009] [21:40 13/07/2009] 536460507B20AE0F03D7BEE8111028CF
C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7600.16385_none_fde3cf3dd3e16d0d\win.com --a---- 6656 bytes [23:20 13/07/2009] [23:20 13/07/2009] 9DB8E7776F8BB7804FDF5AFEE864E60E
C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7\COMMAND.COM --a---- 50648 bytes [21:40 13/07/2009] [21:40 13/07/2009] BA597F9A4BB90F038266CE1A3C3BE3FB
C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7\edit.com --a---- 69886 bytes [21:42 10/06/2009] [21:42 10/06/2009] F6E368E10B600836DD349FF937B183A2
C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7\graftabl.com --a---- 58880 bytes [23:20 13/07/2009] [23:20 13/07/2009] A84EF6BA5248BC34683DDC5495563254
C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7\GRAPHICS.COM --a---- 19694 bytes [21:41 13/07/2009] [21:41 13/07/2009] 6E4E7884E6489AC4F5E6DAB176A73E52
C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7\KB16.COM --a---- 14710 bytes [21:40 13/07/2009] [21:40 13/07/2009] 4D7E256377A5E934EA1820B2CEA79131
C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7\LOADFIX.COM --a---- 1131 bytes [21:40 13/07/2009] [21:40 13/07/2009] 536460507B20AE0F03D7BEE8111028CF
C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7\win.com --a---- 6656 bytes [23:20 13/07/2009] [23:20 13/07/2009] 9DB8E7776F8BB7804FDF5AFEE864E60E
C:\Windows\winsxs\x86_netfx-aspnet_web_config_b03f5f7f11d50a3a_6.1.7600.16385_none_729fe3c3da2c920c\web.config.comments --a---- 57738 bytes [20:46 13/07/2009] [21:22 10/06/2009] 1A0EE358341DE6C0D19FE8D3962856D4
C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.1.7600.16385_none_c9d22ae4d1f56bb1\machine.config.comments --a---- 42852 bytes [20:46 13/07/2009] [21:22 10/06/2009] 4C472A89BF2EDEB06A9E99D76E9C622C
C:\Windows\winsxs\x86_wpf-globalmonospacecf_31bf3856ad364e35_6.1.7600.16385_none_83c483fc1174a9e5\GlobalMonospace.CompositeFont --a---- 26040 bytes [00:35 14/07/2009] [21:14 10/06/2009] B7F882C45E520600053327AA42FA3A4F
C:\Windows\winsxs\x86_wpf-globalsansserifcf_31bf3856ad364e35_6.1.7600.16385_none_4e21cfdf5cd2cf4e\GlobalSansSerif.CompositeFont --a---- 26489 bytes [00:35 14/07/2009] [21:14 10/06/2009] D6B2075824BA9FAA4B37D98B13447F32
C:\Windows\winsxs\x86_wpf-globalserifcf_31bf3856ad364e35_6.1.7600.16385_none_33500fa80136560f\GlobalSerif.CompositeFont --a---- 29779 bytes [00:35 14/07/2009] [21:14 10/06/2009] B77AB4697B17FBBB25E41A15CC31D94E
C:\Windows\winsxs\x86_wpf-globaluserinterfacecf_31bf3856ad364e35_6.1.7600.16385_none_add49046153bfa6c\GlobalUserInterface.CompositeFont --a---- 43318 bytes [00:35 14/07/2009] [21:14 10/06/2009] 8F64A583B0823BFC2FDF7277E67B5E16
 
========== folderfind ==========
 
Searching for "*ebd123*"
No folders found.
 
========== regfind ==========
 
Searching for "ebd123.com"
No data found.
 
-= EOF =-


#12 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,801 posts

Posted 02 October 2015 - 01:28 PM


Hello

Using Windows Explorer navigate to C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Local Storage
Right click the Local Storage folder and click Delete
Reboot the computer.

Has this fixed the browser problem?

MP3 error
Please go to the following link and follow that fix.
http://www.sevenforu...registered.html

Any further problems?


Rocket Grannie
 


a93.gif


 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

#13 theruler

theruler

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 02 October 2015 - 05:10 PM

Nah, still the same, both ebd123 and audio files.



#14 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,801 posts

Posted 02 October 2015 - 05:32 PM

Hello

 

Please open MBAM, let it update then run a full scan and post the log back here to me.

 

Please download Junkware Removal Tool to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it.
  • If you are using Windows Vista or Windows 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.

Download and save to your Desktop RogueKiller

Note: You need to run the version compatible with your system.

  • Quit all programs
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Start RogueKiller.exe
  • Wait until Prescan has finished
  • Click on Scan.
  • Wait until the Status box shows Scan Finished
  • Click on Delete
  • Wait unit the Status box shows Deleting Finished
  • Click on Report and copy/paste the content of the Notepad
  • The log should be found in RKreport[1]txt on your Desktop
  • Close RogueKiller

Please scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png  button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png
       icon on your Desktop.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Scan Archives and Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your Desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Note: If nothing is found, it will not produce a log.

 

Please post: (you will likely need 2 posts to fit them all in)
MBAM log

Junk Removal log

Rogue Killer log

ESet log.

 

How's the computer running now?


a93.gif


 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

#15 theruler

theruler

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 02 October 2015 - 07:06 PM

Eset did not generate log.

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 30/09/2015
Scan Time: 09:38
Logfile: mbam.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.09.30.04
Rootkit Database: v2015.09.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Rafael
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 331370
Time Elapsed: 16 min, 33 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 7 Ultimate x86
Ran by Rafael on 02/10/2015 at 19:54:24.55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\Program Files\free youtube downloader
Successfully deleted: [Folder] C:\ProgramData\free youtube downloader
Successfully deleted: [Folder] C:\Users\Rafael\Appdata\Local\free youtube downloader
 
 
 
~~~ Chrome
 
 
[C:\Users\Rafael\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Rafael\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\Rafael\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Rafael\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02/10/2015 at 19:55:44.99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
RogueKiller V10.10.7.0 [Sep 28 2015] por Adlice Software
 
Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Iniciou : Modo normal
Usuário : Rafael [Administrador]
Started from : C:\Users\Rafael\Desktop\RogueKiller.exe
Modo : Escanear -- Data : 10/02/2015 20:14:37
 
¤¤¤ Processos : 0 ¤¤¤
 
¤¤¤ Registro : 0 ¤¤¤
 
¤¤¤ Tarefas : 0 ¤¤¤
 
¤¤¤ Arquivos : 0 ¤¤¤
 
¤¤¤ Arquivos de hosts : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
 
¤¤¤ Antirootkit : 0 (Driver: Carregado) ¤¤¤
 
¤¤¤ Navegadores : 0 ¤¤¤
 
¤¤¤ Verificação da MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EZEX-00RKKA0 ATA Device +++++
--- User ---
[MBR] fb9ae4cb299035f18af3920454b97885
[BSP] 17d4c8f08e827366c2e515f36bd2a8d1 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 


#16 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,801 posts

Posted 02 October 2015 - 08:29 PM

Did that fix the problem?


a93.gif


 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

#17 theruler

theruler

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 02 October 2015 - 08:49 PM

No, and it seems unfixable. But still many thanks for yuh help.



#18 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,801 posts

Posted 02 October 2015 - 10:49 PM

All your logs appear to be clean.

 

All I can suggest is to download a new version of Firefox and Chrome onto the Desktop.

To uninstall the old programs:

Please download and install Revo Uninstaller (Freeware) from here.

Please run Revo Uninstaller and select Firefox. (Chrome)

Then please click Uninstall icon

Please choose Advanced and follow the prompts.

Then click Select all (1.) and Delete (2.) to delete all registry items, folders and files listed by Revo and reboot your computer when the Revo Uninstaller is finished.

Then please install the new versions and let me know if you still get redirected.

 

MP3:

Please run the System File Checker tool.
How to use the System File Checker tool to troubleshoot missing or corrupted system files on Windows Vista or on Windows 7.
http://support.microsoft.com/kb/929833

After verification is complete reboot the computer.
 

Rocket Grannie

 


a93.gif


 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

#19 theruler

theruler

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 03 October 2015 - 08:51 AM

Something unexpexted happened yesterday, pc just wants to work at safe mode!!



#20 theruler

theruler

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 03 October 2015 - 10:15 AM

i fixed dat..it was error in superfetch, its normal now.



#21 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,801 posts

Posted 03 October 2015 - 04:54 PM

Have you followed my instructions in post #18?

http://www.spywarein...23/#entry796148

 

What is the status of the computer now?


a93.gif


 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

#22 theruler

theruler

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 05 October 2015 - 08:29 AM

I did dat and ebd123 still around. I quit! lol



#23 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,801 posts

Posted 05 October 2015 - 01:40 PM

Do you want to keep trying or do you want to reformat the computer?
 
Let's try one more thing.
 
 Firefox:
Reset Default Browsing settings:
https://support.mozi.../www.google.ca/

Clean the Firefox Cache.
https://support.mozi...r-firefox-cache
 

Restart the computer normally.


a93.gif


 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

#24 theruler

theruler

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 07 October 2015 - 10:43 AM

Yes, dat solved the edb123 problem. Revo solved the problem in chrome and dis one solved in firefox. Thanks for not giving up like me. Mp3 files still don't play, System File Checker didn't solve it.



#25 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,801 posts

Posted 07 October 2015 - 06:32 PM

That is good.

Now, MP3. Below is a list of solutions.
 

http://www.bleepingc...udio-file-tags/
https://social.techn...=w7itprogeneral
http://answers.micro...06-163f1ae27288
http://www.sevenforu...registered.html



Any further problems?


Rocket Grannie


a93.gif


 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

#26 theruler

theruler

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 08 October 2015 - 12:51 PM

lol you won't believe but now pc just works in safe mode again. In normal start, windows works for a few seconds then i got a black screen. System file checker didn't find any error.



#27 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,801 posts

Posted 08 October 2015 - 03:47 PM

Try the following solutions. If they do not work try restoring the computer to the last Restore Point.

Let me know how you get on.

 

http://www.sevenforu...p-recovery.html

http://windows.micro...n#1TC=windows-7

 

http://windows.micro...es-and-settings

 

 

Rocket Grannie


a93.gif


 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

#28 theruler

theruler

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 08 October 2015 - 07:48 PM

It's error in Network location awareness.



#29 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,801 posts

Posted 08 October 2015 - 07:58 PM

https://www.google.c...=utf-8&oe=utf-8


a93.gif


 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

#30 theruler

theruler

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 08 October 2015 - 08:26 PM

It's actually Network Store Interface Service.

When i enable it in msconfig, pc doesnt run in normal mode, just in safe mode.



#31 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,801 posts

Posted 08 October 2015 - 09:16 PM

Please try the following solutions. If the computer still won't run I suggest you contact Microsoft support.

 

http://www.techsuppo...ode-546263.html

http://www.sevenforu...mal-mode-3.html

 

 

Rocket Grannie


a93.gif


 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

#32 theruler

theruler

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 09 October 2015 - 07:27 AM

it turned out to be virus. I used the same tools here and it works now....



#33 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,801 posts

Posted 09 October 2015 - 05:15 PM

it turned out to be virus. I used the same tools here and it works now....

I strongly advise you NOT to visit that web site again.

 

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections.
Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems.
As happy as we at SWI are to help you, for your sake we would rather not have repeat customers.

Note: All of the programs I am suggesting are either free or have free versions.

Please make sure to run your antivirus software regularly, and to keep it up-to-date. Most programs have an automatic update feature.

Keep MalwareBytes Anti-Malware updated and run it regularly.
Please Note: Only the paid for version has real time capabilities.

The free FileHippo Update Checker makes it easy to keep all your programs up to date - run it every few weeks.
Note: If you are running Avast, it has an automatic updater built in.

Windows needs to be kept up-to-date.
 
Windows Updates are available from here

IMPORTANT: Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates, or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative.  In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Chrome is another good option.

If you are interested, Firefox may be downloaded from here
Chrome is available here
 
Please also read Tony Klein's excellent article: How I got Infected in the First Place

Hopefully this should take care of your problems!

Safe Surfing:

Rocket Grannie.  
 


a93.gif


 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

#34 theruler

theruler

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 11 October 2015 - 09:51 PM

Ok, i will do these things. Mp3 files still dont play



#35 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,801 posts

Posted 11 October 2015 - 11:09 PM

Mp3 files still dont play

 

You said that they were. If none of the fixes I posted fix it, I suggest you contact Microsoft Support.


a93.gif


 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

#36 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,801 posts

Posted 10 January 2017 - 06:01 PM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
a93.gif


 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of

Support SpywareInfo Forum - click the button
PayPal - The safer, easier way to pay online!