Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Firefox Malware Hard to remove

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Firefox Malware Hard to remove

Unread postby Brown88 » September 2nd, 2015, 12:34 pm

So, i have different browsers installed on my computer (maxthon, chrome, firefox) but a few weeks ago, i started having problems with pop up ads and windows, and this only happened in firefox. I tried downloading some programs like Malwarebytes,Spybot, AdwCleaner and SuperAntiSpyware but none managed to fix my problem. The only thing that fixed my problem was getting the old version of firefox, but i really dislike it. So whenever i go onto firefox it says my adobe flash plugin stopped working, when i click the search bar it opens windows with ads and when i search anything it comes up with several other websites and on top of it it says "ads by name". This only occurrs on firefox, i was really hoping u could help me solve my problem since none of the software i got did it.

Thanks for your patience

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17937 BrowserJavaVersion: 11.60.2
Run by Diogo at 15:23:48 on 2015-09-02
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.351.2070.18.3549.1237 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Driver Booster\AutoUpdate.exe
C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.254\deploy\LoLLauncher.exe
C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.38\deploy\LoLPatcher.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\system32\GWX\GWX.exe
C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.158\deploy\LolClient.exe
C:\Program Files\Maxthon\Bin\Maxthon.exe
C:\Program Files\Maxthon\Bin\Maxthon.exe
C:\Program Files\Maxthon\Bin\Maxthon.exe
C:\Program Files\Maxthon\Bin\Maxthon.exe
C:\Program Files\Maxthon\Bin\Maxthon.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = google.pt
uSearch Bar = hxxps://www.google.com/?trackid=sp-006
uSearch Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
mWinlogon: Userinit = c:\windows\system32\userinit.exe,userinit.exe,
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_60\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_60\bin\jp2ssv.dll
uRun: [Gyazo] c:\program files\gyazo\GyStation.exe
uRun: [OscarX7Mouse5Mode] "c:\program files\oscarx7editor5mode\oscarx7editor5mode\OscarEditor.exe" Minimum
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [SpybotPostWindows10UpgradeReInstall] "c:\program files\common files\av\spybot - search and destroy\Test.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [XMouseButtonControl] c:\program files\highresolution enterprises\x-mouse button control\XMouseButtonControl.exe /notportable
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [Advanced SystemCare 8] "c:\program files\iobit\advanced systemcare 8\ASCTray.exe" /Auto
dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
uPolicies-Explorer: NoResolveTrack = dword:1
uPolicies-Explorer: NoThumbnailCache = dword:1
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 213.228.128.156 213.228.128.6
TCP: Interfaces\{ABF9C699-C76D-4D1F-97D0-56F6369F1F6E} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{ABF9C699-C76D-4D1F-97D0-56F6369F1F6E} : DHCPNameServer = 213.228.128.156 213.228.128.6
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\44.0.2403.125\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\diogo\appdata\roaming\mozilla\firefox\profiles\jydq68rs.default-1441129334920\
FF - prefs.js: browser.startup.homepage - google.pt
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\adobe creative cloud\utils\npAdobeAAMDetect32.dll
FF - plugin: c:\program files\adobe\adobe creative cloud\utils\npAdobeAAMDetect64.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.28.1\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre1.8.0_60\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre1.8.0_60\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.40728.0\npctrl.1.0.20926.0.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.40728.0\npctrlui.dll
FF - plugin: c:\users\diogo\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1218158.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_18_0_0_232.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-10-5 49776]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-10-5 208664]
R0 ngvss;ngvss;c:\windows\system32\drivers\ngvss.sys [2015-7-13 95112]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-10-5 788784]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-10-5 433264]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2013-12-8 243128]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [2015-1-7 23840]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2014-7-23 142648]
R2 AdvancedSystemCareService8;Advanced SystemCare Service 8;c:\program files\iobit\advanced systemcare 8\ASCService.exe [2015-1-7 815392]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-5-5 24016]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-10-5 76000]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-5-5 113592]
R2 avast! Antivirus;Avast Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2015-7-29 146600]
R2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\skype\toolbars\autoupdate\SkypeC2CAutoUpdateSvc.exe [2015-5-1 1394816]
R2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\skype\toolbars\pnrsvc\SkypeC2CPNRSvc.exe [2015-5-1 1772672]
R2 DiagTrack;Diagnostics Tracking Service;c:\windows\system32\svchost.exe -k utcsvc [2009-7-14 20992]
R2 MaxthonUpdateSvc;Maxthon Core Update Service;c:\program files\maxthon\modules\service\update\MaxthonUpdateSvc.exe [2015-8-24 1871784]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2015-8-23 1871160]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2015-8-23 1133880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2015-8-28 2088408]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2015-8-28 171928]
R2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\avast software\avast\ng\vbox\VBoxAswDrv.sys [2015-7-13 220752]
R3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\avast software\avast\ng\vbox\AvastVBoxSVC.exe [2015-7-13 3218624]
R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\drivers\KMWDFILTER.sys [2009-4-29 25088]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-8-23 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2015-8-23 98520]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-8-23 51928]
R3 RTL8167;Controlador Realtek 8167 NT;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2015-8-28 1738168]
S3 aswTap;avast! SecureLine TAP Adapter v3;c:\windows\system32\drivers\aswTap.sys [2014-7-4 38984]
S3 AVEO;STARTEC UVC Driver;c:\windows\system32\drivers\AVEOdcnt.sys [2011-10-24 278528]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2013-12-28 30504]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2015-8-12 102912]
S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [2014-4-27 17408]
S3 OverwolfUpdater;Overwolf Updater Windows SCM;c:\program files\overwolf\OverwolfUpdater.exe [2015-7-19 1001200]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2014-4-19 14848]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-4-19 49664]
S3 WatAdminSvc;Serviço de Tecnologias de Activação do Windows;c:\windows\system32\wat\WatAdminSvc.exe [2013-10-6 1343400]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\iobit\game booster 3\driver\WinRing0.sys [2014-4-20 14416]
S4 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2014-4-27 99896]
S4 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2015-2-18 315488]
S4 TeamViewer9;TeamViewer 9;c:\program files\teamviewer\version9\TeamViewer_Service.exe [2014-5-5 5052224]
.
=============== Created Last 30 ================
.
2015-09-01 17:36:44 -------- d-----w- c:\users\diogo\.oracle_jre_usage
2015-09-01 17:36:01 -------- d-----w- c:\programdata\Oracle
2015-09-01 17:11:23 -------- d-----w- C:\MGADiagToolOutput
2015-09-01 10:33:59 -------- d-----w- C:\FRST
2015-08-30 19:25:45 -------- d-----w- c:\program files\OldFirefox
2015-08-30 19:24:32 -------- d-----w- c:\users\diogo\appdata\roaming\ProductData
2015-08-30 19:22:13 -------- d-----w- c:\programdata\ProductData
2015-08-30 19:21:02 -------- d-sh--w- C:\$RECYCLE.BIN
2015-08-30 19:17:13 -------- d-----w- c:\users\diogo\appdata\local\VirtualStore
2015-08-30 19:04:15 24064 ----a-w- c:\windows\zoek-delete.exe
2015-08-30 19:04:07 -------- d-----w- c:\users\diogo\appdata\local\Temp
2015-08-30 18:03:00 -------- d-----w- C:\zoek_backup
2015-08-28 12:16:47 -------- d-----w- c:\program files\common files\AV
2015-08-28 11:57:40 -------- d-----w- C:\AdwCleaner
2015-08-28 11:55:25 -------- d-----w- C:\SUPERDelete
2015-08-28 11:50:06 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2015-08-28 11:48:11 18968 ----a-w- c:\windows\system32\sdnclean.exe
2015-08-28 11:48:06 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2015-08-28 11:48:02 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2015-08-28 11:43:42 -------- d-----w- c:\users\diogo\appdata\roaming\SUPERAntiSpyware.com
2015-08-28 11:43:29 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2015-08-28 11:43:29 -------- d-----w- c:\program files\SUPERAntiSpyware
2015-08-27 14:03:35 -------- d-----w- c:\program files\Mozilla
2015-08-27 13:55:26 -------- d-----w- c:\program files\OldMozilla
2015-08-26 11:37:53 -------- d-----w- c:\users\diogo\appdata\roaming\Highresolution Enterprises
2015-08-26 11:37:50 -------- d-----w- c:\program files\Highresolution Enterprises
2015-08-24 14:12:04 -------- d-----w- c:\users\diogo\appdata\roaming\Maxthon3
2015-08-24 14:11:35 -------- d-----w- c:\program files\Maxthon
2015-08-24 13:57:32 -------- d-----w- c:\program files\Mozilla Maintenance Service
2015-08-24 11:58:24 -------- d-----w- c:\users\diogo\appdata\local\Apps
2015-08-23 20:27:34 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-08-23 20:27:00 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-08-23 20:27:00 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-08-23 20:27:00 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-08-23 20:27:00 -------- d-----w- c:\programdata\Malwarebytes
2015-08-23 20:27:00 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-08-23 19:45:03 1372160 ----a-w- c:\windows\system32\dwmcore.dll
2015-08-23 19:45:02 67584 ----a-w- c:\windows\system32\dwmapi.dll
2015-08-23 19:44:43 47104 ----a-w- c:\windows\system32\appinfo.dll
2015-08-23 19:44:43 1805824 ----a-w- c:\windows\system32\authui.dll
2015-08-23 19:44:43 105408 ----a-w- c:\windows\system32\consent.exe
2015-08-23 19:40:51 2048 ----a-w- c:\windows\system32\tzres.dll
2015-08-19 17:06:36 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2015-08-18 17:51:30 0 ----a-w- c:\windows\prleth.sys
2015-08-18 17:51:30 0 ----a-w- c:\windows\hgfs.sys
2015-08-13 12:53:23 -------- d-----w- c:\users\diogo\appdata\local\KogamaLauncher-WWW
2015-08-12 23:01:06 103120 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 07:35:05 93184 ----a-w- c:\windows\system32\wudriver.dll
2015-08-12 07:35:05 73728 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-08-12 07:35:05 34816 ----a-w- c:\windows\system32\wuapp.exe
2015-08-12 07:35:05 2943488 ----a-w- c:\windows\system32\wucltux.dll
2015-08-12 07:35:05 173056 ----a-w- c:\windows\system32\wuwebv.dll
2015-08-12 07:35:05 11776 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-08-08 19:13:13 73216 ----a-w- c:\windows\system32\msiexec.exe
2015-08-08 19:13:13 337408 ----a-w- c:\windows\system32\msihnd.dll
2015-08-08 19:13:13 25088 ----a-w- c:\windows\system32\msimsg.dll
2015-08-08 19:13:13 2364416 ----a-w- c:\windows\system32\msi.dll
2015-08-08 19:13:02 1414656 ----a-w- c:\windows\system32\ole32.dll
2015-08-08 19:13:01 305664 ----a-w- c:\windows\system32\gdi32.dll
2015-08-08 19:12:58 2745856 ----a-w- c:\windows\system32\rdpcorets.dll
2015-08-08 19:12:58 13824 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2015-08-08 19:12:57 210432 ----a-w- c:\windows\system32\cewmdm.dll
2015-08-05 09:05:22 -------- d-----w- c:\program files\Overwolf
2015-08-05 09:05:22 -------- d-----w- c:\program files\common files\Overwolf
2015-08-05 09:05:10 -------- d-----w- c:\programdata\Overwolf
.
==================== Find3M ====================
.
2015-09-01 17:36:19 97888 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2015-08-28 12:07:54 780488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-08-28 12:07:54 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-07-30 17:57:31 909824 ----a-w- c:\windows\system32\FntCache.dll
2015-07-30 17:57:30 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2015-07-30 17:57:30 1251328 ----a-w- c:\windows\system32\DWrite.dll
2015-07-30 17:57:12 26624 ----a-w- c:\windows\system32\lpk.dll
2015-07-30 17:57:08 70656 ----a-w- c:\windows\system32\fontsub.dll
2015-07-30 17:57:05 10240 ----a-w- c:\windows\system32\dciman32.dll
2015-07-30 17:57:02 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-07-30 16:52:25 2384384 ----a-w- c:\windows\system32\win32k.sys
2015-07-30 16:49:55 299520 ----a-w- c:\windows\system32\atmfd.dll
2015-07-29 11:49:07 208664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-07-29 11:49:07 113592 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-07-29 11:49:06 81728 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-07-29 11:49:06 76000 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-07-29 11:49:06 49776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-07-29 11:49:06 24016 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-07-29 11:48:55 43112 ----a-w- c:\windows\avastSS.scr
2015-07-29 11:48:35 788784 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-07-29 11:48:33 95112 ----a-w- c:\windows\system32\drivers\ngvss.sys
2015-07-24 14:47:48 715200 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll
2015-07-24 14:47:06 179200 ----a-w- c:\windows\system32\wintrust.dll
2015-07-24 14:47:06 143872 ----a-w- c:\windows\system32\cryptsvc.dll
2015-07-24 14:47:06 1174528 ----a-w- c:\windows\system32\crypt32.dll
2015-07-24 14:47:06 103936 ----a-w- c:\windows\system32\cryptnet.dll
2015-07-16 20:06:26 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2015-07-16 19:51:47 504320 ----a-w- c:\windows\system32\vbscript.dll
2015-07-16 19:51:46 62464 ----a-w- c:\windows\system32\iesetup.dll
2015-07-16 19:50:54 47616 ----a-w- c:\windows\system32\ieetwproxystub.dll
2015-07-16 19:50:38 341504 ----a-w- c:\windows\system32\html.iec
2015-07-16 19:49:37 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2015-07-16 19:39:29 102912 ----a-w- c:\windows\system32\ieetwcollector.exe
2015-07-16 19:39:20 115712 ----a-w- c:\windows\system32\ieUnatt.exe
2015-07-16 19:38:51 620032 ----a-w- c:\windows\system32\jscript9diag.dll
2015-07-16 19:32:13 667648 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2015-07-16 19:24:03 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2015-07-16 19:12:39 4520448 ----a-w- c:\windows\system32\jscript9.dll
2015-07-16 19:12:22 37376 ----a-w- c:\windows\system32\tsgqec.dll
2015-07-16 19:12:21 4922368 ----a-w- c:\windows\system32\mstscax.dll
2015-07-16 19:12:17 269824 ----a-w- c:\windows\system32\aaclient.dll
2015-07-16 19:06:06 2052608 ----a-w- c:\windows\system32\inetcpl.cpl
2015-07-16 19:05:15 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
2015-07-16 18:42:02 1951232 ----a-w- c:\windows\system32\wininet.dll
2015-07-15 18:45:38 2560 ----a-w- c:\windows\system32\drivers\pt-pt\mountmgr.sys.mui
2015-07-15 17:59:44 78784 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-07-15 17:55:03 1159168 ----a-w- c:\windows\system32\sysmain.dll
2015-07-15 17:54:53 10752 ----a-w- c:\windows\system32\msmmsp.dll
2015-07-15 02:55:45 1390592 ----a-w- c:\windows\system32\msxml6.dll
2015-07-15 02:55:45 1241088 ----a-w- c:\windows\system32\msxml3.dll
2015-07-15 02:55:32 44032 ----a-w- c:\windows\system32\basesrv.dll
2015-07-15 02:51:14 2048 ----a-w- c:\windows\system32\msxml6r.dll
2015-07-15 02:51:14 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-07-09 17:42:27 179712 ----a-w- c:\windows\system32\notepad.exe
2015-07-09 17:42:27 179712 ----a-w- c:\windows\notepad.exe
2015-07-01 20:30:43 206848 ----a-w- c:\windows\system32\WebClnt.dll
2015-07-01 20:30:21 82432 ----a-w- c:\windows\system32\davclnt.dll
2015-06-24 00:29:00 1217192 ----a-w- c:\windows\system32\FM20.DLL
2015-06-23 12:27:10 246952 ------w- c:\windows\system32\MpSigStub.exe
2015-06-20 01:35:58 24 ----a-w- c:\users\diogo\appdata\roaming\appdataFr25.bin
2015-06-09 23:46:39 82944 ----a-w- c:\windows\system32\logman.exe
2015-06-09 23:46:39 40448 ----a-w- c:\windows\system32\typeperf.exe
2015-06-09 23:46:39 364544 ----a-w- c:\windows\system32\tracerpt.exe
2015-06-09 23:46:38 92160 ----a-w- c:\windows\system32\sechost.dll
2015-06-09 23:46:38 37888 ----a-w- c:\windows\system32\relog.exe
2015-06-09 23:46:38 17408 ----a-w- c:\windows\system32\diskperf.exe
2015-06-09 23:44:39 54656 ----a-w- c:\windows\system32\drivers\stream.sys
.
============= FINISH: 15:25:52,15 ===============



DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 05-10-2013 17:43:50
System Uptime: 02-09-2015 12:50:40 (3 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | V-P5G41E
Processor: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz | LGA775 | 2936/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 146,869 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
5-Mode Oscar Editor
Adobe Creative Cloud
Adobe Flash Player 18 ActiveX
Adobe Flash Player 18 NPAPI
Adobe Flash Player 19 PPAPI
Adobe Photoshop CC 2014 (32 Bit)
Adobe Reader XI (11.0.12) - Português
Adobe Refresh Manager
Adobe Shockwave Player 12.1
Advanced SystemCare 8
Apple Mobile Device Support
Apple Software Update
Audacity 2.0.5
Avast Free Antivirus
Bandicam
Bandisoft MPEG-1 Decoder
Bonjour
Camtasia Studio 8
CCleaner
Cross Fire En
Crossfire Europe
DAEMON Tools Lite
Definition Update for Microsoft Office 2010 (KB3054979) 32-Bit Edition
Desktop QR Scanner
Driver Booster 2.1
Facebook Video Calling 3.1.0.521
G Picture EXIF Viewer
Game Booster 3
globalupdate Helper
Google Update Helper
GTA San Andreas
Gyazo 3.1.6
Hitman Absolution
HP LaserJet Professional P1100-P1560-P1600 Series
Intel(R) Graphics Media Accelerator Driver
IObit Uninstaller
iTunes
Java 8 Update 60
Java Auto Updater
Java SE Development Kit 7 Update 40
KogamaLauncher-WWW
League of Legends
Left 4 Dead 2
Malwarebytes Anti-Malware versão 2.1.8.1057
Maxthon Cloud Browser
McAfee Security Scan Plus
Microsoft .NET Framework 4.5.1
Microsoft .NET Framework 4.5.1 (Português)
Microsoft .NET Framework 4.5.1 (PTG)
Microsoft DirectX SDK (June 2010)
Microsoft Office PowerPoint 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft PowerPoint 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Express Edition - ENU
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
MK LOL
Mozilla Firefox 40.0.3 (x86 pt-PT)
Mozilla Maintenance Service
Opera beta 28.0.1750.21
Overwolf
RotauruyTuruners
Search Plus
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB3023224)
Security Update for Microsoft .NET Framework 4.5.1 (KB3035490)
Security Update for Microsoft .NET Framework 4.5.1 (KB3037581)
Security Update for Microsoft Excel 2010 (KB3055044) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553313) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598244) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2863817) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2965310) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB3054848) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB3055033) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB3055039) 32-Bit Edition
Serena
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Skype Click to Call
Skype™ 7.4
Spybot - Search & Destroy
Steam
SUPERAntiSpyware
Suporte para Aplicações Apple
Surfing Protection
swMSM
System Requirements Lab CYRI
System Requirements Lab for Intel
TeamSpeak 3 Client
TeamViewer 9
Unity Web Player
Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2881026) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553347) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589282) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589318) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597089) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition
Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition
Update for Microsoft Office 2010 (KB2910896) 32-Bit Edition
Update for Microsoft Office 2010 (KB2965296) 32-Bit Edition
Update for Microsoft Office 2010 (KB2965301) 32-Bit Edition
Update for Microsoft Office 2010 (KB3054873) 32-Bit Edition
Update for Microsoft Office 2010 (KB3054962) 32-Bit Edition
Update for Microsoft Office 2010 (KB3054964) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2880517) 32-Bit Edition
USB2.0 PC Camera
VC Runtimes MSI
Visual C++ 2008 Runtime (x86)
WinRAR 5.21 (32-bit)
X-Mouse Button Control 2.11.1
.
==== End Of File ===========================
Brown88
Active Member
 
Posts: 4
Joined: September 2nd, 2015, 10:04 am
Advertisement
Register to Remove

Re: Firefox Malware Hard to remove

Unread postby Cypher » September 4th, 2015, 7:53 am

Hi,
Checking your logs now be right back.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Firefox Malware Hard to remove

Unread postby Cypher » September 4th, 2015, 8:05 am

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Next.

Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.

Next.

Please download MGA Diagnostic Tool and save it to your Desktop.

  • Right click on MGADiag.exe and select Run As Administrator to run it.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.
Next.

Please download FRST ... by Farbar, from the link below and save it to your Desktop.

For 32 bit Systems

For 64 bit Systems

  • Right-click FRST.exe and select " Run as administrator " to run it.
  • When the tool opens click Yes to the disclaimer.
  • Press Scan button. ... When finished a log will be created, FRST.txt.
  • Please post the content of the FRST.txt in your next reply.
  • The first time the tool is run, it will create another log... Addition.txt.
  • Please post the content of the Addition.txt in your next reply.

Logs/Information to Post in your Next Reply

  • MGADiag log.
  • FRST.txt and Addition.txt contents.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Firefox Malware Hard to remove

Unread postby Brown88 » September 4th, 2015, 3:01 pm

Hi man here's what you requested.


Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-Q6MMK-KYK6X-VKM6G
Windows Product Key Hash: 289NoAWl2ZoVfuieux/315WkDIc=
Windows Product ID: 00426-OEM-8992662-00173
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.001
ID: {7AEE7267-2691-4CDE-97C7-4A729404110B}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000000
Build lab: 7601.win7sp1_gdr.150722-0600
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{7AEE7267-2691-4CDE-97C7-4A729404110B}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-VKM6G</PKey><PID>00426-OEM-8992662-00173</PID><PIDType>2</PIDType><SID>S-1-5-21-3007010704-1703236571-3604729562</SID><SYSTEM><Manufacturer>System manufacturer</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>0204 </Version><SMBIOSVersion major="2" minor="5"/><Date>20091221000000.000000+000</Date></BIOS><HWID>AE183807018400F8</HWID><UserLCID>0816</UserLCID><SystemLCID>0816</SystemLCID><TimeZone>Hora padrão de GMT(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>_ASUS_</OEMID><OEMTableID>Notebook</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Versão do serviço de licenciamento de software: 6.1.7601.17514

Nome: Windows(R) 7, Ultimate edition
Descrição: Windows Operating System - Windows(R) 7, OEM_SLP channel
ID da Activação: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
ID da Aplicação: 55c92734-d682-4d71-983e-d6ec3f16059f
PID Expandido: 00426-00178-926-600173-02-2070-7601.0000-1832014
ID da Instalação: 003281053823091166737455359195383552925176669583688440
URL de Certificado do Processador: http://go.microsoft.com/fwlink/?LinkID=88338
URL de Certificado do Computador: http://go.microsoft.com/fwlink/?LinkID=88339
URL da Licença de Utilização: http://go.microsoft.com/fwlink/?LinkID=88341
URL de Certificado da Chave do Produto: http://go.microsoft.com/fwlink/?LinkID=88340
Chave de Produto Parcial: VKM6G
Estado da Licença: Licenciado
Contagem de rearmamentos restantes do Windows: 1
Hora fidedigna: 04-09-2015 19:54:10

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 6:28:2015 13:38
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: MgAAAAIABAABAAEAAAABAAAAAQABAAEA6GFWvXTldxaqdkjkHh1a/8RIane8M/hdRso=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC A_M_I_ OEMAPIC
FACP A_M_I_ OEMFACP
HPET A_M_I_ OEMHPET
MCFG A_M_I_ OEMMCFG
OEMB A_M_I_ AMI_OEM
GSCI A_M_I_ GMCHSCI
SSDT DpgPmm CpuPm
SLIC _ASUS_ Notebook
-------------------------------------------------------------------------------------------------------------------
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-08-2015
Ran by Diogo (administrator) on DIOGO-PC (04-09-2015 19:55:56)
Running from C:\Users\Diogo\Desktop
Loaded Profiles: Diogo (Available Profiles: Diogo & Neusa & Rodrigo e Bernardo)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: Português (Portugal)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Maxthon) C:\Program Files\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(IObit) C:\Program Files\IObit\Driver Booster\AutoUpdate.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe
(Maxthon International ltd.) C:\Program Files\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files\Maxthon\Bin\Maxthon.exe
(Microsoft Corporation) C:\Windows\System32\Wat\WatAdminSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111824 2015-08-25] (AVAST Software)
HKLM\...\Run: [XMouseButtonControl] => C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe [820208 2015-08-10] (Highresolution Enterprises)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,userinit.exe,
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-3007010704-1703236571-3604729562-1001\...\Run: [Gyazo] => C:\Program Files\Gyazo\GyStation.exe [3098424 2015-08-19] (Nota Inc.)
HKU\S-1-5-21-3007010704-1703236571-3604729562-1001\...\Run: [OscarX7Mouse5Mode] => C:\Program Files\OscarX7Editor5Mode\OscarX7Editor5Mode\OscarEditor.exe [3571712 2013-02-01] ()
HKU\S-1-5-21-3007010704-1703236571-3604729562-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6815512 2015-07-30] (SUPERAntiSpyware)
HKU\S-1-5-21-3007010704-1703236571-3604729562-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-18\...\Run: [Advanced SystemCare 8] => C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe [2427680 2014-12-10] (IObit)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-10-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll [2014-05-23] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll [2014-05-23] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll [2014-05-23] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-07-29] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 213.228.128.156 213.228.128.6
Tcpip\..\Interfaces\{ABF9C699-C76D-4D1F-97D0-56F6369F1F6E}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{ABF9C699-C76D-4D1F-97D0-56F6369F1F6E}: [DhcpNameServer] 213.228.128.156 213.228.128.6

Internet Explorer:
==================
HKU\S-1-5-21-3007010704-1703236571-3604729562-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-3007010704-1703236571-3604729562-1001\Software\Microsoft\Internet Explorer\Main,Start Page = google.pt
HKU\S-1-5-21-3007010704-1703236571-3604729562-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://pt.msn.com/?ocid=iehp
HKU\S-1-5-21-3007010704-1703236571-3604729562-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKU\S-1-5-21-3007010704-1703236571-3604729562-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3007010704-1703236571-3604729562-1001 -> OldSearch URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3007010704-1703236571-3604729562-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3007010704-1703236571-3604729562-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-01] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-01] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Diogo\AppData\Roaming\Mozilla\Firefox\Profiles\7xmhtwtb.default
FF Homepage: google.pt
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-14] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1218158.dll [2015-04-17] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-01] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-05-26] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3007010704-1703236571-3604729562-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Diogo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-26] (Unity Technologies ApS)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-05]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-07-06]
FF ExtraCheck: C:\Program Files\mozilla firefox\browser\defaults\preferences\prefs.js [2015-08-23]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Diogo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avast Online Security) - C:\Users\Diogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-10-05]
CHR Extension: (Skype Click to Call) - C:\Users\Diogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-08-24]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-17]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-23] (SUPERAntiSpyware.com)
R2 AdvancedSystemCareService8; C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-29] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3218624 2015-07-13] (Avast Software)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 MaxthonUpdateSvc; C:\Program Files\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [1871784 2015-08-24] (Maxthon)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 OverwolfUpdater; C:\Program Files\Overwolf\OverwolfUpdater.exe [1001200 2015-07-19] (Overwolf LTD)
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-07-29] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [76000 2015-07-29] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-07-29] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-07-29] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788784 2015-07-29] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433264 2015-07-29] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [113592 2015-07-29] (AVAST Software)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [38984 2014-07-04] (The OpenVPN Project)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208664 2015-07-29] (AVAST Software)
S3 AVEO; C:\Windows\System32\DRIVERS\AVEOdcnt.sys [278528 2011-10-24] (AVEO)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2013-12-08] (Disc Soft Ltd)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2015-01-07] (REALiX(tm))
R3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows (R) Codename Longhorn DDK provider)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [98520 2015-09-04] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R0 ngvss; C:\Windows\system32\Drivers\ngvss.sys [95112 2015-07-29] (AVAST Software)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-07-13] (Avast Software)
S3 WinRing0_1_2_0; C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys [14416 2010-11-01] (OpenLibSys.org)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 XDva409; no ImagePath
S3 XDva410; no ImagePath
S3 XDva424; \??\C:\Windows\system32\XDva424.sys [X]
S3 XDva425; \??\C:\Windows\system32\XDva425.sys [X]
S3 XDva511; \??\C:\Windows\system32\XDva511.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-02 22:00 - 2015-09-02 22:00 - 00000000 ____D C:\Users\Diogo\AppData\Roaming\Mozilla
2015-09-02 22:00 - 2015-09-02 22:00 - 00000000 ____D C:\Users\Diogo\AppData\Local\Mozilla
2015-09-02 21:59 - 2015-09-02 21:59 - 00001081 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-09-02 21:59 - 2015-09-02 21:59 - 00001069 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-09-02 21:58 - 2015-09-02 21:58 - 00242912 _____ C:\Users\Diogo\Desktop\Firefox Setup Stub 40.0.3(2).exe
2015-09-02 18:30 - 2015-09-02 18:30 - 00000000 ____D C:\Users\Neusa\.android
2015-09-02 16:11 - 2015-07-28 21:04 - 00015808 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-09-02 16:11 - 2015-07-28 21:00 - 00952832 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-09-02 16:11 - 2015-07-28 21:00 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-09-02 16:11 - 2015-07-28 21:00 - 00598528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-09-02 16:11 - 2015-07-28 21:00 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-09-02 16:11 - 2015-07-28 21:00 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-09-02 16:11 - 2015-07-28 21:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-09-02 16:11 - 2015-07-28 20:54 - 00934400 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-09-02 15:28 - 2015-09-02 15:28 - 00007186 _____ C:\Users\Diogo\Desktop\Attach(1).txt
2015-09-02 15:26 - 2015-09-02 15:26 - 00022144 _____ C:\Users\Diogo\DDS.txt
2015-09-02 15:26 - 2015-09-02 15:26 - 00007186 _____ C:\Users\Diogo\Desktop\attach.txt
2015-09-02 15:26 - 2015-09-02 15:26 - 00007186 _____ C:\Users\Diogo\Attach.txt
2015-09-02 15:26 - 2015-09-02 15:25 - 00022144 _____ C:\Users\Diogo\Desktop\dds.txt
2015-09-02 15:23 - 2015-09-02 15:23 - 00688992 ____R (Swearware) C:\Users\Diogo\Desktop\dds.scr
2015-09-01 20:51 - 2015-09-01 20:51 - 00000000 ____D C:\Users\Neusa\AppData\Roaming\Sun
2015-09-01 20:51 - 2015-09-01 20:51 - 00000000 ____D C:\Users\Neusa\.oracle_jre_usage
2015-09-01 18:44 - 2015-09-01 18:44 - 00068802 _____ C:\4137c314-ff84-4f83-9561-cf4d1b202cc7.dmp
2015-09-01 18:38 - 2015-09-01 18:38 - 00058074 _____ C:\8ce326d7-06a5-4e14-b7a9-25df20e191e0.dmp
2015-09-01 18:37 - 2015-09-01 18:37 - 00000000 ____D C:\Program Files\Common Files\Java
2015-09-01 18:36 - 2015-09-01 18:37 - 00000000 ____D C:\ProgramData\Oracle
2015-09-01 18:36 - 2015-09-01 18:36 - 00000000 ____D C:\Users\Diogo\AppData\Roaming\Sun
2015-09-01 18:36 - 2015-09-01 18:36 - 00000000 ____D C:\Users\Diogo\.oracle_jre_usage
2015-09-01 18:35 - 2015-09-01 18:35 - 00584288 _____ (Oracle Corporation) C:\Users\Diogo\Downloads\jre-8u60-windows-i586-iftw.exe
2015-09-01 18:19 - 2015-09-01 18:19 - 00584288 _____ (Oracle Corporation) C:\Users\Diogo\Desktop\chromeinstall-8u60.exe
2015-09-01 18:19 - 2015-09-01 18:19 - 00004877 _____ C:\Users\Diogo\Desktop\MGAdiagggg.txt
2015-09-01 18:18 - 2015-09-01 18:18 - 00049728 _____ C:\Users\Diogo\Desktop\Addition_01-09-2015_11-35-58.txt
2015-09-01 18:12 - 2015-09-01 18:12 - 00004877 _____ C:\Users\Diogo\MGAdiagggg.txt
2015-09-01 18:11 - 2015-09-04 19:54 - 00000000 ____D C:\MGADiagToolOutput
2015-09-01 18:10 - 2015-09-01 18:10 - 02031992 _____ (Microsoft Corporation) C:\Users\Diogo\Desktop\MGADiag.exe
2015-09-01 18:10 - 2015-09-01 18:10 - 00000000 ____D C:\ProgramData\Office Genuine Advantage
2015-09-01 11:40 - 2015-09-01 11:40 - 00242912 _____ C:\Users\Diogo\Desktop\Firefox Setup Stub 40.0.3(1).exe
2015-09-01 11:35 - 2015-09-01 11:35 - 00049728 _____ C:\Users\Diogo\Desktop\Addition.txt
2015-09-01 11:34 - 2015-09-04 19:56 - 00016127 _____ C:\Users\Diogo\Desktop\FRST.txt
2015-09-01 11:33 - 2015-09-04 19:55 - 00000000 ____D C:\FRST
2015-09-01 11:33 - 2015-09-01 11:33 - 01690624 _____ (Farbar) C:\Users\Diogo\Desktop\FRST.exe
2015-08-31 20:33 - 2015-08-31 20:33 - 30668968 _____ (Riot Games) C:\Users\Neusa\Downloads\LeagueofLegends_EUW_Installer_9_15_2014(1).exe
2015-08-31 19:00 - 2015-08-31 19:00 - 00000000 ____D C:\Users\Neusa\AppData\Roaming\ProductData
2015-08-31 18:58 - 2015-08-31 18:58 - 00000000 ____D C:\Users\Neusa\AppData\Local\VirtualStore
2015-08-30 20:25 - 2015-09-01 11:41 - 00000000 ____D C:\Program Files\OldFirefox
2015-08-30 20:25 - 2015-08-30 20:25 - 00242912 _____ C:\Users\Diogo\Desktop\Firefox Setup Stub 40.0.3.exe
2015-08-30 20:24 - 2015-08-30 20:24 - 00000000 ____D C:\Users\Diogo\AppData\Roaming\ProductData
2015-08-30 20:22 - 2015-08-30 20:22 - 00000000 ____D C:\ProgramData\ProductData
2015-08-30 20:17 - 2015-08-30 20:17 - 00000000 ____D C:\Users\Diogo\AppData\Local\VirtualStore
2015-08-30 20:04 - 2015-08-30 19:02 - 00024064 _____ C:\Windows\zoek-delete.exe
2015-08-30 19:05 - 2015-08-30 20:20 - 00094752 _____ C:\zoek-results.log
2015-08-30 19:03 - 2015-08-30 20:16 - 00000000 ____D C:\zoek_backup
2015-08-30 19:03 - 2015-08-30 19:03 - 04180806 _____ C:\Users\Diogo\Desktop\zoek.zip
2015-08-30 19:02 - 2015-08-30 19:02 - 01308672 _____ C:\Users\Diogo\Desktop\zoek.exe
2015-08-28 18:19 - 2015-08-28 18:19 - 00774144 _____ C:\Users\Neusa\Downloads\KogamaLauncher (3).msi
2015-08-28 18:18 - 2015-08-28 18:18 - 00774144 _____ C:\Users\Neusa\Downloads\KogamaLauncher (2).msi
2015-08-28 13:16 - 2015-08-28 13:16 - 00000000 ____D C:\Program Files\Common Files\AV
2015-08-28 13:16 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2015-08-28 12:57 - 2015-09-02 16:45 - 00000000 ____D C:\AdwCleaner
2015-08-28 12:55 - 2015-08-28 12:55 - 00000000 ____D C:\SUPERDelete
2015-08-28 12:50 - 2015-08-28 12:50 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2015-08-28 12:49 - 2015-08-28 12:49 - 00717656 _____ (Kaspersky Lab) C:\Users\Diogo\Desktop\setup.exe
2015-08-28 12:48 - 2015-08-28 13:16 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2015-08-28 12:48 - 2015-08-28 12:48 - 00002095 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-08-28 12:48 - 2015-08-28 12:48 - 00002083 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-08-28 12:48 - 2015-08-28 12:48 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-08-28 12:48 - 2015-08-28 12:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-08-28 12:48 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2015-08-28 12:47 - 2015-08-28 12:47 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Diogo\Desktop\spybot-2.4.exe
2015-08-28 12:44 - 2015-08-28 12:44 - 140774152 _____ (Microsoft Corporation) C:\Users\Diogo\Desktop\msert.exe
2015-08-28 12:43 - 2015-09-04 12:43 - 00000510 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task e97ada84-ce00-4d95-a3ce-b336d0707f80.job
2015-08-28 12:43 - 2015-09-01 02:00 - 00000510 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 98d3f2e1-96df-40fb-8258-2e7facba5dfe.job
2015-08-28 12:43 - 2015-08-28 12:43 - 23161872 _____ (SUPERAntiSpyware) C:\Users\Diogo\Desktop\SUPERAntiSpyware.exe
2015-08-28 12:43 - 2015-08-28 12:43 - 00001925 _____ C:\Users\Diogo\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-08-28 12:43 - 2015-08-28 12:43 - 00000000 ____D C:\Users\Diogo\AppData\Roaming\SUPERAntiSpyware.com
2015-08-28 12:43 - 2015-08-28 12:43 - 00000000 ____D C:\Users\Diogo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-08-28 12:43 - 2015-08-28 12:43 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2015-08-28 12:43 - 2015-08-28 12:43 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-08-28 12:42 - 2015-08-28 12:42 - 01618432 _____ C:\Users\Diogo\Desktop\AdwCleaner.exe
2015-08-28 11:49 - 2015-08-28 11:49 - 00000000 ____D C:\Users\Neusa\B969199164D3435B8A8369CC21016936.TMP
2015-08-27 15:03 - 2015-08-27 15:05 - 00000000 ____D C:\Program Files\Mozilla
2015-08-27 15:03 - 2015-08-27 15:03 - 00242760 _____ C:\Users\Diogo\Desktop\Firefox Setup Stub 40.0.2(4).exe
2015-08-27 14:55 - 2015-08-27 15:03 - 00000000 ____D C:\Program Files\OldMozilla
2015-08-26 17:41 - 2015-08-26 17:41 - 00000000 ____D C:\Users\Neusa\AppData\Roaming\Highresolution Enterprises
2015-08-26 12:37 - 2015-08-26 12:37 - 04286768 _____ C:\Users\Diogo\Desktop\XMouseButtonControlSetup.2.11.1.exe
2015-08-26 12:37 - 2015-08-26 12:37 - 00000000 ____D C:\Users\Diogo\AppData\Roaming\Highresolution Enterprises
2015-08-26 12:37 - 2015-08-26 12:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Highresolution Enterprises
2015-08-26 12:37 - 2015-08-26 12:37 - 00000000 ____D C:\Program Files\Highresolution Enterprises
2015-08-26 09:02 - 2015-08-26 09:02 - 00001613 _____ C:\Users\Public\Desktop\League of Legends.lnk
2015-08-26 09:02 - 2015-08-26 09:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2015-08-25 13:10 - 2015-09-01 18:42 - 00000000 ____D C:\Users\Diogo\Desktop\Dados antigos do Firefox
2015-08-25 10:06 - 2015-08-25 10:06 - 00000000 ____D C:\Users\Neusa\AppData\Roaming\Maxthon3
2015-08-24 21:07 - 2015-08-24 21:07 - 41944904 _____ C:\Users\Diogo\Downloads\Firefox Setup 40.0.2(2).exe
2015-08-24 18:34 - 2015-08-24 18:34 - 00242760 _____ C:\Users\Diogo\Desktop\Firefox Setup Stub 40.0.2.exe
2015-08-24 15:48 - 2015-08-24 15:48 - 41944904 _____ C:\Users\Diogo\Downloads\Firefox Setup 40.0.2.exe
2015-08-24 15:48 - 2015-08-24 15:48 - 41944904 _____ C:\Users\Diogo\Downloads\Firefox Setup 40.0.2(1).exe
2015-08-24 15:37 - 2015-08-24 15:37 - 09980608 _____ (MEGA Limited) C:\Users\Diogo\Desktop\MEGAsyncSetup.exe
2015-08-24 15:37 - 2015-08-24 15:37 - 00501248 _____ (Haxball ANL v3) C:\Users\Diogo\Desktop\Antilag.exe
2015-08-24 15:12 - 2015-08-24 15:12 - 00001003 _____ C:\Users\Public\Desktop\Maxthon Cloud Browser.lnk
2015-08-24 15:12 - 2015-08-24 15:12 - 00000000 ____D C:\Users\Diogo\AppData\Roaming\Maxthon3
2015-08-24 15:12 - 2015-08-24 15:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxthon Cloud Browser
2015-08-24 15:11 - 2015-08-24 15:12 - 00000000 ____D C:\Program Files\Maxthon
2015-08-24 15:06 - 2015-08-24 15:06 - 01558792 _____ (Maxthon International ltd.) C:\Users\Diogo\Downloads\mxsetup(1).exe
2015-08-24 14:57 - 2015-08-27 18:03 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-08-24 14:56 - 2015-08-24 14:56 - 00242760 _____ C:\Users\Diogo\Downloads\Firefox Setup Stub 40.0.2 (1).exe
2015-08-24 12:58 - 2015-08-24 12:58 - 00000000 ____D C:\Users\Diogo\AppData\Local\Apps\2.0
2015-08-24 12:29 - 2015-08-24 12:29 - 00242768 _____ C:\Users\Diogo\Downloads\Firefox Setup Stub 40.0.2.exe
2015-08-24 07:43 - 2015-08-24 07:43 - 00001229 _____ C:\anti.txt
2015-08-23 21:50 - 2015-09-04 11:23 - 00001848 _____ C:\Windows\setupact.log
2015-08-23 21:50 - 2015-09-04 10:04 - 00479516 _____ C:\Windows\PFRO.log
2015-08-23 21:50 - 2015-08-23 21:50 - 00000000 _____ C:\Windows\setuperr.log
2015-08-23 21:27 - 2015-09-04 19:48 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-23 21:27 - 2015-08-23 21:28 - 00001024 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-23 21:27 - 2015-08-23 21:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-23 21:27 - 2015-08-23 21:28 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-08-23 21:27 - 2015-08-23 21:27 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-23 21:27 - 2015-06-18 09:48 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-23 21:27 - 2015-06-18 09:47 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-23 21:27 - 2015-06-18 09:47 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-23 21:24 - 2015-08-23 21:25 - 21545336 _____ (Malwarebytes Corporation ) C:\Users\Diogo\Downloads\mbam-setup-sem-2.1.6.1022(1).exe
2015-08-23 21:24 - 2015-08-23 21:24 - 21545336 _____ (Malwarebytes Corporation ) C:\Users\Diogo\Downloads\mbam-setup-sem-2.1.6.1022.exe
2015-08-23 20:45 - 2015-08-23 20:45 - 01372160 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-08-23 20:45 - 2015-08-23 20:45 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-08-23 20:44 - 2015-08-23 20:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-08-23 20:44 - 2015-08-23 20:44 - 00105408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-08-23 20:44 - 2015-08-23 20:44 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-08-23 20:43 - 2015-08-23 20:43 - 03989952 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-08-23 20:43 - 2015-08-23 20:43 - 03934656 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-23 20:43 - 2015-08-23 20:43 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-23 20:43 - 2015-08-23 20:43 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-23 20:43 - 2015-08-23 20:43 - 00937984 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-08-23 20:43 - 2015-08-23 20:43 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-23 20:43 - 2015-08-23 20:43 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-23 20:43 - 2015-08-23 20:43 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-08-23 20:43 - 2015-08-23 20:43 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-08-23 20:43 - 2015-08-23 20:43 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-23 20:43 - 2015-08-23 20:43 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-23 20:43 - 2015-08-23 20:43 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-23 20:43 - 2015-08-23 20:43 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-23 20:43 - 2015-08-23 20:43 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-23 20:43 - 2015-08-23 20:43 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-23 20:43 - 2015-08-23 20:43 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-23 20:43 - 2015-08-23 20:43 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-23 20:43 - 2015-08-23 20:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-23 20:43 - 2015-08-23 20:43 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-23 20:43 - 2015-08-23 20:43 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-23 20:43 - 2015-08-23 20:43 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-23 20:43 - 2015-08-23 20:43 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-23 20:43 - 2015-08-23 20:43 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-23 20:43 - 2015-08-23 20:43 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-23 20:43 - 2015-08-23 20:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-23 20:43 - 2015-08-23 20:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-23 20:43 - 2015-08-23 20:43 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-23 20:43 - 2015-08-23 20:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-23 20:43 - 2015-08-23 20:43 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-08-23 20:43 - 2015-08-23 20:43 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-23 20:43 - 2015-08-23 20:43 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-23 20:43 - 2015-08-23 20:43 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-23 20:43 - 2015-08-23 20:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-23 20:43 - 2015-08-23 20:43 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-23 20:43 - 2015-08-23 20:43 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-23 20:43 - 2015-08-23 20:43 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-23 20:40 - 2015-08-23 20:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-08-19 18:06 - 2015-08-11 01:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-19 18:06 - 2015-08-11 01:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-19 09:12 - 2015-08-19 09:12 - 00242760 _____ C:\Users\Neusa\Downloads\Firefox Setup Stub 40.0.2 (1).exe
2015-08-18 20:39 - 2015-08-18 20:40 - 00020705 _____ C:\Users\Neusa\Downloads\Sniper_HaxMaps_1438799084(1).hbs
2015-08-18 20:39 - 2015-08-18 20:39 - 00005058 _____ C:\Users\Neusa\Downloads\Orduspor_HaxMaps_1438815736.hbs
2015-08-18 20:37 - 2015-08-18 20:37 - 00004859 _____ C:\Users\Neusa\Downloads\Volleball_HaxMaps_1439145121.hbs
2015-08-18 20:36 - 2015-08-18 20:36 - 00311402 _____ C:\Users\Neusa\Downloads\NIEZNANY_HaxMaps_1439205579.hbs
2015-08-18 20:36 - 2015-08-18 20:36 - 00009665 _____ C:\Users\Neusa\Downloads\OLD_HaxMaps_1439225996.hbs
2015-08-18 20:25 - 2015-08-18 20:26 - 00242760 _____ C:\Users\Neusa\Downloads\Firefox Setup Stub 40.0.2.exe
2015-08-18 19:15 - 2015-08-19 09:15 - 00000004 _____ C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7
2015-08-18 18:51 - 2015-08-18 18:51 - 00000000 _____ C:\Windows\prleth.sys
2015-08-18 18:51 - 2015-08-18 18:51 - 00000000 _____ C:\Windows\hgfs.sys
2015-08-15 13:42 - 2015-08-15 13:42 - 00774144 _____ C:\Users\Neusa\Downloads\KogamaLauncher (1).msi
2015-08-13 13:53 - 2015-08-13 13:53 - 00001211 _____ C:\Users\Diogo\Desktop\KogamaLauncher-WWW.lnk
2015-08-13 13:53 - 2015-08-13 13:53 - 00000000 ____D C:\Users\Diogo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KogamaLauncher-WWW
2015-08-13 13:53 - 2015-08-13 13:53 - 00000000 ____D C:\Users\Diogo\AppData\Local\KogamaLauncher-WWW
2015-08-13 13:52 - 2015-08-13 13:52 - 00774144 _____ C:\Users\Diogo\Downloads\KogamaLauncher.msi
2015-08-13 00:01 - 2015-07-30 14:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 20:32 - 2015-08-12 20:32 - 00020705 _____ C:\Users\Neusa\Downloads\Sniper_HaxMaps_1438799084.hbs
2015-08-12 20:32 - 2015-08-12 20:32 - 00008877 _____ C:\Users\Neusa\Downloads\Space_HaxMaps_1438679315.hbs
2015-08-12 20:31 - 2015-08-12 20:31 - 00022663 _____ C:\Users\Neusa\Downloads\FindTheGoal_HaxMaps_1438877473.hbs
2015-08-12 08:35 - 2015-07-20 18:56 - 02943488 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-12 08:35 - 2015-07-20 18:56 - 02061312 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-12 08:35 - 2015-07-20 18:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-12 08:35 - 2015-07-20 18:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-12 08:35 - 2015-07-20 18:56 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-12 08:35 - 2015-07-20 18:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-12 08:35 - 2015-07-20 18:56 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-12 08:35 - 2015-07-20 18:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-12 08:35 - 2015-07-20 18:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-12 08:35 - 2015-07-20 18:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-12 08:35 - 2015-07-20 18:56 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-12 08:34 - 2015-07-30 18:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-12 08:34 - 2015-07-30 18:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-12 08:34 - 2015-07-30 18:57 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-12 08:34 - 2015-07-30 18:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-12 08:34 - 2015-07-30 18:57 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-12 08:34 - 2015-07-30 18:57 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-12 08:34 - 2015-07-30 18:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-12 08:34 - 2015-07-30 17:52 - 02384384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-12 08:34 - 2015-07-30 17:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-12 08:34 - 2015-07-21 01:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-12 08:34 - 2015-07-16 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-12 08:34 - 2015-07-16 20:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-12 08:34 - 2015-07-16 20:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-12 08:34 - 2015-07-16 20:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-12 08:34 - 2015-07-16 20:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-12 08:34 - 2015-07-16 20:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-12 08:34 - 2015-07-16 20:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-12 08:34 - 2015-07-16 20:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-12 08:34 - 2015-07-16 20:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-12 08:34 - 2015-07-16 20:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-12 08:34 - 2015-07-16 20:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-12 08:34 - 2015-07-16 20:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-12 08:34 - 2015-07-16 20:39 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-12 08:34 - 2015-07-16 20:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-12 08:34 - 2015-07-16 20:32 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-12 08:34 - 2015-07-16 20:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-12 08:34 - 2015-07-16 20:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-12 08:34 - 2015-07-16 20:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-12 08:34 - 2015-07-16 20:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-12 08:34 - 2015-07-16 20:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-12 08:34 - 2015-07-16 20:12 - 04922368 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-12 08:34 - 2015-07-16 20:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-12 08:34 - 2015-07-16 20:12 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-08-12 08:34 - 2015-07-16 20:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-12 08:34 - 2015-07-16 20:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-12 08:34 - 2015-07-16 20:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-12 08:34 - 2015-07-16 20:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-12 08:34 - 2015-07-16 20:06 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-12 08:34 - 2015-07-16 20:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-12 08:34 - 2015-07-16 19:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-12 08:34 - 2015-07-16 19:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-12 08:34 - 2015-07-16 19:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-12 08:34 - 2015-07-15 18:59 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-12 08:34 - 2015-07-15 18:55 - 01159168 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-12 08:34 - 2015-07-15 18:54 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-12 08:34 - 2015-07-15 03:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-12 08:34 - 2015-07-15 03:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-12 08:34 - 2015-07-15 03:55 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-12 08:34 - 2015-07-15 03:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-12 08:34 - 2015-07-15 03:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-12 08:34 - 2015-07-10 18:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-12 08:34 - 2015-07-09 18:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-12 08:34 - 2015-07-09 18:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-12 08:34 - 2015-07-01 21:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-12 08:34 - 2015-07-01 21:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-10 09:41 - 2015-08-10 09:41 - 00006001 _____ C:\Users\Neusa\Downloads\Classic_HaxMaps_1438760610.hbs
2015-08-10 09:40 - 2015-08-10 09:40 - 00005604 _____ C:\Users\Neusa\Downloads\Rainbow_HaxMaps_1428226671.hbs
2015-08-10 09:40 - 2015-08-10 09:40 - 00005587 _____ C:\Users\Neusa\Downloads\Strong_HaxMaps_1406483277.hbs
2015-08-09 13:40 - 2015-08-09 13:40 - 00004092 _____ C:\Users\Neusa\Downloads\Total_1383514507.hbs
2015-08-09 13:40 - 2015-08-09 13:40 - 00002697 _____ C:\Users\Neusa\Downloads\Spaceball_HaxMaps_1408359492.hbs
2015-08-09 13:38 - 2015-08-09 13:38 - 00007415 _____ C:\Users\Neusa\Downloads\SpaceBounce_1382105147.hbs
2015-08-09 13:38 - 2015-08-09 13:38 - 00002783 _____ C:\Users\Neusa\Downloads\Spaceball_1382121479.hbs
2015-08-09 13:38 - 2015-08-09 13:38 - 00000421 _____ C:\Users\Neusa\Downloads\VolleyBall_HaxMaps_1382631317.hbs
2015-08-09 13:37 - 2015-08-09 13:37 - 00044303 _____ C:\Users\Neusa\Downloads\Yellow_1381965795.hbs
2015-08-09 13:37 - 2015-08-09 13:37 - 00014208 _____ C:\Users\Neusa\Downloads\Pokemon_HaxMaps_1410286611.hbs
2015-08-09 13:37 - 2015-08-09 13:37 - 00004187 _____ C:\Users\Neusa\Downloads\SpeedGol_1381960781.hbs
2015-08-08 20:13 - 2015-07-04 18:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-08-08 20:13 - 2015-06-17 18:39 - 00305664 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-08-08 20:13 - 2015-06-15 22:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-08-08 20:13 - 2015-06-15 22:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-08-08 20:13 - 2015-06-15 22:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-08-08 20:13 - 2015-06-15 22:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-08-08 20:12 - 2015-06-09 20:35 - 02745856 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-08-08 20:12 - 2015-06-09 20:35 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-08-08 20:12 - 2015-06-02 00:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-08-07 19:03 - 2015-08-07 19:03 - 00774144 _____ C:\Users\Neusa\Downloads\KogamaLauncher.msi
2015-08-06 08:20 - 2015-08-06 08:20 - 00002506 _____ C:\Users\Rodrigo e Bernardo\2015-08-06-replay.hbr
2015-08-06 08:05 - 2015-08-06 08:05 - 00001351 _____ C:\Users\Neusa\Documents\AutoHotkey.ahk
2015-08-05 10:05 - 2015-08-27 16:05 - 00000000 ____D C:\Program Files\Overwolf
2015-08-05 10:05 - 2015-08-27 08:22 - 00000000 ____D C:\Program Files\Common Files\Overwolf
2015-08-05 10:05 - 2015-08-06 12:05 - 00000000 ____D C:\ProgramData\Overwolf
2015-08-05 10:05 - 2015-08-05 10:05 - 00001881 _____ C:\Users\Public\Desktop\Overwolf.lnk
2015-08-05 10:05 - 2015-08-05 10:05 - 00000000 ____D C:\Users\Neusa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2015-08-05 10:04 - 2015-09-04 11:28 - 00000000 ____D C:\Users\Neusa\AppData\Local\Overwolf
2015-08-05 10:04 - 2015-08-05 10:04 - 00001084 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-04 19:49 - 2013-12-30 16:06 - 00000000 ____D C:\Users\Diogo\AppData\Roaming\TS3Client
2015-09-04 19:03 - 2014-12-02 15:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-04 18:53 - 2015-06-23 21:27 - 01509314 _____ C:\Windows\WindowsUpdate.log
2015-09-04 18:21 - 2013-10-12 09:16 - 00000980 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3007010704-1703236571-3604729562-1006UA.job
2015-09-04 13:03 - 2014-02-12 16:45 - 00000000 ____D C:\Program Files\Opera Next
2015-09-04 11:35 - 2009-07-14 05:34 - 00023312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-04 11:35 - 2009-07-14 05:34 - 00023312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-04 11:29 - 2014-07-20 09:23 - 00000000 ____D C:\Users\Neusa\AppData\Roaming\Skype
2015-09-04 11:28 - 2014-07-08 20:37 - 00000000 ____D C:\Users\Neusa\AppData\Local\CrashDumps
2015-09-04 11:23 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-03 11:55 - 2013-10-05 18:37 - 00000000 ____D C:\Windows\Panther
2015-09-03 11:49 - 2015-07-10 14:41 - 00000000 ___HD C:\$Windows.~BT
2015-09-03 09:21 - 2013-10-12 09:16 - 00000958 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3007010704-1703236571-3604729562-1006Core.job
2015-09-02 22:02 - 2014-06-27 21:58 - 00000000 ____D C:\Users\Diogo\AppData\Local\CrashDumps
2015-09-02 21:59 - 2015-07-06 14:24 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-09-02 20:19 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
2015-09-02 18:30 - 2013-10-06 10:10 - 00000000 ____D C:\Users\Neusa
2015-09-02 17:37 - 2015-04-05 16:42 - 00000000 ___SD C:\Windows\system32\GWX
2015-09-02 17:37 - 2014-12-10 15:15 - 00000000 ____D C:\Windows\system32\appraiser
2015-09-02 17:37 - 2014-05-07 16:16 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-09-02 15:26 - 2013-10-05 17:43 - 00000000 ____D C:\Users\Diogo
2015-09-02 13:09 - 2014-07-09 21:10 - 00000000 ____D C:\Users\Diogo\AppData\Local\Adobe
2015-09-01 19:24 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system
2015-09-01 18:37 - 2014-12-02 15:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-09-01 18:36 - 2014-12-02 15:37 - 00274016 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-09-01 18:36 - 2014-12-02 15:37 - 00097888 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-09-01 18:36 - 2013-10-13 10:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-09-01 18:35 - 2013-10-13 10:18 - 00000000 ____D C:\Program Files\Java
2015-08-31 18:58 - 2014-05-10 11:37 - 00000008 __RSH C:\Users\Neusa\ntuser.pol
2015-08-30 21:39 - 2009-07-14 09:56 - 00000000 ____D C:\Windows\ShellNew
2015-08-30 20:18 - 2014-05-10 15:40 - 00000008 __RSH C:\Users\Diogo\ntuser.pol
2015-08-30 20:09 - 2014-02-02 10:12 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-08-30 19:49 - 2009-07-14 03:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-08-28 13:07 - 2014-12-02 15:34 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-08-28 13:07 - 2014-12-02 15:34 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-08-28 12:26 - 2015-04-05 15:31 - 00000000 ____D C:\Users\Neusa\AppData\Roaming\TS3Client
2015-08-28 11:47 - 2013-10-08 19:40 - 00000000 ____D C:\Users\Neusa\AppData\Roaming\Adobe
2015-08-26 09:04 - 2015-05-04 17:31 - 00000000 ____D C:\Users\Neusa\AppData\Roaming\Riot Games
2015-08-26 08:45 - 2015-01-07 15:27 - 00002015 _____ C:\Users\Public\Desktop\Advanced SystemCare 8.lnk
2015-08-25 08:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\AppCompat
2015-08-24 22:01 - 2013-12-26 22:51 - 00000000 ____D C:\Users\Diogo\Desktop\Windows Loader
2015-08-24 14:40 - 2013-10-05 17:47 - 00001204 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-24 14:40 - 2013-10-05 17:44 - 00001098 _____ C:\Users\Diogo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-24 13:08 - 2014-05-12 14:45 - 57409536 _____ C:\Windows\system32\config\SOFTWARE.iobit
2015-08-24 13:08 - 2014-05-12 14:45 - 00372736 _____ C:\Windows\system32\config\DEFAULT.iobit
2015-08-24 13:08 - 2014-05-12 14:45 - 00143360 _____ C:\Windows\system32\config\SAM.iobit
2015-08-24 13:08 - 2014-05-12 14:45 - 00032768 _____ C:\Windows\system32\config\SECURITY.iobit
2015-08-24 12:17 - 2015-04-06 08:19 - 00000000 ____D C:\Users\Rodrigo e Bernardo\AppData\Roaming\TS3Client
2015-08-24 12:13 - 2015-02-18 19:35 - 00000000 ____D C:\Users\Rodrigo e Bernardo\AppData\Local\CrashDumps
2015-08-24 01:18 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2015-08-23 22:23 - 2014-04-19 00:22 - 00000000 ____D C:\ProgramData\IObit
2015-08-23 22:23 - 2014-04-19 00:22 - 00000000 ____D C:\Program Files\IObit
2015-08-23 22:22 - 2015-05-19 15:47 - 00000000 ____D C:\Program Files\Opera
2015-08-23 22:22 - 2014-02-12 16:45 - 00000000 ____D C:\Users\Diogo\AppData\Roaming\Opera Software
2015-08-23 22:22 - 2014-02-12 16:45 - 00000000 ____D C:\Users\Diogo\AppData\Local\Opera Software
2015-08-23 21:57 - 2013-10-05 17:49 - 01654886 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-23 21:57 - 2009-07-14 09:31 - 00720612 _____ C:\Windows\system32\prfh0816.dat
2015-08-23 21:57 - 2009-07-14 09:31 - 00152564 _____ C:\Windows\system32\prfc0816.dat
2015-08-23 21:49 - 2015-04-03 17:03 - 00000000 ____D C:\Windows\MasterSword
2015-08-23 21:48 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\pt-PT
2015-08-23 20:25 - 2014-05-07 15:19 - 00000000 ____D C:\temp
2015-08-22 19:26 - 2013-10-05 17:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-21 11:07 - 2014-04-19 20:52 - 00000000 ____D C:\Users\Neusa\AppData\Roaming\IObit
2015-08-21 11:07 - 2014-04-19 08:01 - 00000000 ____D C:\Users\Rodrigo e Bernardo\AppData\Roaming\IObit
2015-08-21 11:06 - 2015-03-20 18:10 - 00000478 _____ C:\Users\Rodrigo e Bernardo\Documents\AutoHotkey.ahk
2015-08-20 14:36 - 2015-04-03 17:03 - 00000000 ____D C:\Windows\bcaec5924d27
2015-08-20 14:06 - 2014-06-21 15:59 - 00000000 ____D C:\Program Files\Gyazo
2015-08-20 13:54 - 2014-09-25 14:28 - 00000000 ____D C:\Users\Diogo\AppData\Roaming\Audacity
2015-08-19 18:49 - 2013-10-09 17:15 - 00000000 ____D C:\Program Files\Steam
2015-08-19 12:49 - 2013-10-06 10:11 - 00001098 _____ C:\Users\Neusa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-19 12:49 - 2013-10-05 18:14 - 00000000 ____D C:\Users\Rodrigo e Bernardo
2015-08-18 09:56 - 2014-03-05 11:26 - 00000000 ____D C:\Users\Diogo\Documents\Cross Fire
2015-08-13 15:02 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-08-13 08:09 - 2009-07-14 05:33 - 00287320 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-13 08:06 - 2009-07-14 09:30 - 00000000 ____D C:\Windows\system32\Drivers\pt-PT
2015-08-13 00:18 - 2015-04-05 16:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-13 00:17 - 2015-04-03 17:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-13 00:17 - 2014-11-05 18:51 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-13 00:04 - 2013-10-11 19:38 - 129304528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-13 00:04 - 2013-10-11 19:38 - 00000000 ____D C:\Windows\system32\MRT
2015-08-09 14:07 - 2013-10-08 19:39 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-08-07 15:53 - 2013-12-30 16:05 - 00000000 ____D C:\Users\Diogo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2015-08-06 08:07 - 2014-05-03 18:33 - 00000664 _____ C:\Users\Rodrigo e Bernardo\Downloads\server.properties
2015-08-06 08:07 - 2014-05-03 18:33 - 00000002 _____ C:\Users\Rodrigo e Bernardo\Downloads\usercache.json
2015-08-06 08:07 - 2014-05-03 18:33 - 00000002 _____ C:\Users\Rodrigo e Bernardo\Downloads\ops.json
2015-08-06 08:07 - 2014-05-03 18:33 - 00000002 _____ C:\Users\Rodrigo e Bernardo\Downloads\banned-players.json
2015-08-06 08:07 - 2014-05-03 18:33 - 00000002 _____ C:\Users\Rodrigo e Bernardo\Downloads\banned-ips.json
2015-08-06 08:07 - 2014-05-03 18:33 - 00000000 ____D C:\Users\Rodrigo e Bernardo\Downloads\world
2015-08-05 21:46 - 2015-04-05 15:30 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2015-08-05 10:04 - 2015-04-05 15:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client

==================== Files in the root of some directories =======

2015-05-21 21:32 - 2015-07-28 12:00 - 0000079 _____ () C:\Program Files\prefs.js
2015-05-19 15:36 - 2015-06-20 02:35 - 0000024 _____ () C:\Users\Diogo\AppData\Roaming\appdataFr25.bin
2014-04-26 19:17 - 2014-06-19 10:58 - 0000125 _____ () C:\Users\Diogo\AppData\Roaming\Camdata.ini
2014-04-26 19:17 - 2014-06-19 10:58 - 0000408 _____ () C:\Users\Diogo\AppData\Roaming\CamLayout.ini
2014-04-26 19:17 - 2014-06-19 10:58 - 0000408 _____ () C:\Users\Diogo\AppData\Roaming\CamShapes.ini
2014-06-08 11:26 - 2014-06-19 10:58 - 0004534 _____ () C:\Users\Diogo\AppData\Roaming\CamStudio.cfg
2014-04-14 12:20 - 2014-04-14 12:20 - 0000004 _____ () C:\Users\Diogo\AppData\Roaming\steam_md4.dat
2014-04-26 17:49 - 2014-06-19 10:56 - 0000096 _____ () C:\Users\Diogo\AppData\Roaming\version2.xml

Some files in TEMP:
====================
C:\Users\Diogo\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-01 00:04

==================== End of FRST.txt ============================
Brown88
Active Member
 
Posts: 4
Joined: September 2nd, 2015, 10:04 am

Re: Firefox Malware Hard to remove

Unread postby Brown88 » September 4th, 2015, 3:04 pm

And the rest of it.

Additional scan result of Farbar Recovery Scan Tool (x86) Version:31-08-2015
Ran by Diogo (2015-09-04 19:56:50)
Running from C:\Users\Diogo\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-3007010704-1703236571-3604729562-500 - Administrator - Disabled)
Convidado (S-1-5-21-3007010704-1703236571-3604729562-501 - Limited - Disabled)
Diogo (S-1-5-21-3007010704-1703236571-3604729562-1001 - Administrator - Enabled) => C:\Users\Diogo
HomeGroupUser$ (S-1-5-21-3007010704-1703236571-3604729562-1002 - Limited - Enabled)
Neusa (S-1-5-21-3007010704-1703236571-3604729562-1005 - Administrator - Enabled) => C:\Users\Neusa
Rodrigo e Bernardo (S-1-5-21-3007010704-1703236571-3604729562-1006 - Limited - Enabled) => C:\Users\Rodrigo e Bernardo

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

5-Mode Oscar Editor (HKLM\...\OscarX7Mouse5Mode) (Version: 13.02.0001 - A4Tech)
Adobe Creative Cloud (HKLM\...\Adobe Creative Cloud) (Version: 2.6.0.393 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 19 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 19.0.0.162 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (32 Bit) (HKLM\...\{7C25E7A0-A0A1-4B87-BB30-BF0FBDC37878}) (Version: 15.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) - Português (HKLM\...\{AC76BA86-7AD7-1046-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)
Advanced SystemCare 8 (HKLM\...\Advanced SystemCare 8_is1) (Version: 8.0.3 - IObit)
Apple Mobile Device Support (HKLM\...\{C0CC75CD-F5B7-46AD-B016-17C0F5171718}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Avast Free Antivirus (HKLM\...\avast) (Version: 10.3.2225 - AVAST Software)
Bandicam (HKLM\...\Bandicam) (Version: 2.0.3.674 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM\...\BandiMPEG1) (Version: - Bandisoft.com)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Camtasia Studio 8 (HKLM\...\{B9691991-64D3-435B-8A83-69CC21016936}) (Version: 8.4.0.1699 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
Cross Fire En (HKLM\...\Cross Fire_is1) (Version: - Z8Games.com)
Crossfire Europe (HKLM\...\Crossfire Europe) (Version: 1.172 - SG Europe)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Desktop QR Scanner (HKU\S-1-5-21-3007010704-1703236571-3604729562-1001\...\c31ebb7005be8b35) (Version: 1.0.1.6 - ODOA)
Driver Booster 2.1 (HKLM\...\Driver Booster_is1) (Version: 2.1 - IObit)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
G Picture EXIF Viewer (HKLM\...\{3DE8A1D7-C77F-E02A-70DD-31D29EC5B988}) (Version: - "")
Game Booster 3 (HKLM\...\Game Booster_is1) (Version: 3.4 - IObit)
globalupdate Helper (Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
Google Update Helper (Version: 1.3.28.1 - Google Inc.) Hidden
GTA San Andreas (HKLM\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games)
Gyazo 3.1.6 (HKLM\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.)
Hitman Absolution (HKLM\...\Hitman Absolution_is1) (Version: - )
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - )
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 4.1.6.25 - IObit)
iTunes (HKLM\...\{F32DC846-4457-40A8-BECA-BCC0E960BC53}) (Version: 11.4.0.18 - Apple Inc.)
Java 8 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Java SE Development Kit 7 Update 40 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170400}) (Version: 1.7.0.400 - Oracle)
KogamaLauncher-WWW (HKLM\...\{1CC9F278-D898-43D2-BBED-B3B765045888}) (Version: 1.0.3.0 - Multiverse ApS)
League of Legends (HKLM\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (Version: 3.0.1 - Riot Games) Hidden
Left 4 Dead 2 (HKLM\...\Steam App 550) (Version: - Valve)
Malwarebytes Anti-Malware versão 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Maxthon Cloud Browser (HKLM\...\Maxthon3) (Version: 4.4.7.1000 - Maxthon International Limited)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Português) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 2070) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft DirectX SDK (June 2010) (HKLM\...\Microsoft DirectX SDK (June 2010)) (Version: 9.29.1962.0 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft PowerPoint 2010 (HKLM\...\Office14.POWERPOINT) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Express Edition - ENU (HKLM\...\Microsoft Visual C++ 2008 Express Edition - ENU) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework (HKLM\...\{B4C0A315-07FB-39F9-85CD-8CE20C019350}) (Version: 3.5.21022 - Microsoft)
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 (HKLM\...\{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (HKLM\...\{842FAF7C-50EF-4463-9B8F-6222E1384D7D}) (Version: 6.1.5288.17011 - Microsoft Corporation)
MK LOL (HKU\S-1-5-21-3007010704-1703236571-3604729562-1001\...\MK LOL) (Version: - )
Mozilla Firefox 40.0.3 (x86 pt-PT) (HKLM\...\Mozilla Firefox 40.0.3 (x86 pt-PT)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 40.0.2 - Mozilla)
Opera beta 28.0.1750.21 (HKLM\...\Opera 28.0.1750.21) (Version: 28.0.1750.21 - Opera Software ASA)
Overwolf (HKLM\...\Overwolf) (Version: 0.87.58.0 - Overwolf Ltd.)
RotauruyTuruners (HKLM\...\{23941EC3-13AB-FF4C-274C-5807B0F205D1}) (Version: - "")
Search Plus (HKLM\...\{C83958EE-687A-C1B7-7242-79482B8C003A}) (Version: - "")
Serena (HKLM\...\Steam App 272060) (Version: - Senscape)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0018-0000-0000-0000000FF1CE}_Office14.POWERPOINT_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.4 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1204 - SUPERAntiSpyware.com)
Suporte para Aplicações Apple (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Surfing Protection (HKLM\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab CYRI (HKLM\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
System Requirements Lab for Intel (HKLM\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamSpeak 3 Client (HKU\S-1-5-21-3007010704-1703236571-3604729562-1001\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.31064 - TeamViewer)
Unity Web Player (HKU\S-1-5-21-3007010704-1703236571-3604729562-1001\...\UnityWebPlayer) (Version: 4.5.2f1 - Unity Technologies ApS)
USB2.0 PC Camera (HKLM\...\{417D86A0-89FE-4308-B172-45B74DCE6F8F}) (Version: 2.2.0.0 - aveotek)
VC Runtimes MSI (Version: 9.0.21022 - Microsoft) Hidden
WinRAR 5.21 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
X-Mouse Button Control 2.11.1 (HKLM\...\X-Mouse Button Control) (Version: 2.11.1 - Highresolution Enterprises)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3007010704-1703236571-3604729562-1001_Classes\CLSID\{0002DF01-0000-0000-C000-000000000046}\localserver32 -> C:\Program Files\Maxthon\Bin\Maxthon.exe (Maxthon International ltd.)
CustomCLSID: HKU\S-1-5-21-3007010704-1703236571-3604729562-1001_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Diogo\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)

==================== Restore Points =========================

02-09-2015 17:36:41 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2014-04-17 09:12 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07208165-E109-44FF-8325-CBEF2D363C33} - System32\Tasks\AdobeAAMUpdater-1.0-Diogo-PC-Diogo => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {0CF4A492-066B-4E0B-8FB4-FAD139449ABA} - System32\Tasks\Driver Booster Update => C:\Program Files\IObit\Driver Booster\AutoUpdate.exe [2014-12-09] (IObit)
Task: {11E536FD-0602-4E67-A202-70F44BDDD811} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3007010704-1703236571-3604729562-1006Core => C:\Users\Rodrigo e Bernardo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-10-12] (Facebook Inc.)
Task: {1D9B2958-22A8-4A3E-AB07-ED6F4423DDA7} - System32\Tasks\SUPERAntiSpyware Scheduled Task 98d3f2e1-96df-40fb-8258-2e7facba5dfe => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {20CE68B4-4691-4B59-9AA4-93E54926ACB1} - System32\Tasks\Maxthon Update => C:\Program Files\Maxthon\Bin\Maxthon.exe [2015-08-11] (Maxthon International ltd.)
Task: {232FE3BC-4A9A-4B99-A297-3D7B1057D489} - \APSnotifierPP3 -> No File <==== ATTENTION
Task: {254B0F42-3C72-4FAB-9DF5-878B65F391C8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {2597E95D-0E5F-4EB8-B579-1294462F58A0} - System32\Tasks\{2710B470-DFDB-42D7-8BA5-7C80F4F905D4} => pcalua.exe -a "C:\Program Files\P-HD-V1.4\Uninstall.exe" -c /fcp=1
Task: {2C10EADC-431D-437F-A1F5-5CAA67CF846F} - \APSnotifierPP1 -> No File <==== ATTENTION
Task: {32243FC4-2523-4A4E-AE7B-10858117ECB1} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-29] (AVAST Software)
Task: {350323F1-0BE2-4CA7-8E28-DD1E6C487897} - System32\Tasks\ASC8_SkipUac_Neusa => C:\Program Files\IObit\Advanced SystemCare 8\ASC.exe [2014-12-30] (IObit)
Task: {36509E0A-3546-48B1-B1C1-877EDAA52FC2} - System32\Tasks\ASC8_SkipUac_Diogo => C:\Program Files\IObit\Advanced SystemCare 8\ASC.exe [2014-12-30] (IObit)
Task: {36C4ACFE-A7E8-48FC-9BA5-A4F1D915DC0D} - System32\Tasks\Uninstaller_SkipUac_Diogo => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-12-09] (IObit)
Task: {3FF9C132-13EB-4503-B54B-FA551FDFEB4B} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files\IObit\Game Booster 3\AutoUpdate.exe [2014-04-20] ()
Task: {4899DB1E-104A-4581-BBA4-3EFD16D8A139} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {4DF112D5-BCF6-4A3F-A092-2E026B7BF4E8} - System32\Tasks\SUPERAntiSpyware Scheduled Task e97ada84-ce00-4d95-a3ce-b336d0707f80 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {53C2838D-0F6E-4FA4-94A3-337B50667738} - System32\Tasks\{20047386-3ABE-4561-BE98-F9334B405364} => C:\SG Interactive\Crossfire Europe\CF_SGIN.exe [2015-01-08] (Smilegate Europe)
Task: {5CF07B9D-98D8-440B-ACF7-A4149DC5BAA1} - \APSnotifierPP2 -> No File <==== ATTENTION
Task: {60E33785-66C7-4328-AD39-36AF5975A7C4} - \Bidaily Synchronize Task[8da6] -> No File <==== ATTENTION
Task: {65FE0376-A6F3-4E2D-84A8-AA340DECBFB0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6635F699-98C3-4E84-9A9D-B105464009D9} - System32\Tasks\TechSmith Updater => C:\Program Files\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe
Task: {6B27EC7E-8A64-4AF7-AB5A-3AEEF2D656E0} - System32\Tasks\Driver Booster SkipUAC (Diogo) => C:\Program Files\IObit\Driver Booster\DriverBooster.exe [2015-01-06] (IObit)
Task: {702E34E2-4541-4207-835C-B9062B4231EA} - System32\Tasks\{D19B41B2-6BF0-4C66-928E-235E539ADB7E} => C:\Program Files\Microsoft Office\Office12\PPTVIEW.EXE [2011-10-05] (Microsoft Corporation)
Task: {8B8857BE-BD5B-4125-8F08-083FD2DEA8F2} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files\Gyazo\GyazoUpdate.exe [2015-08-19] ()
Task: {936A9F41-29C7-490F-ACA9-A91729E4FD3D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {93A93B55-9FC9-421F-8902-AA762D9F3381} - System32\Tasks\{3840575A-4F62-4256-9801-7DE5B8911885} => C:\SG Interactive\Crossfire Europe\CF_SGIN.exe [2015-01-08] (Smilegate Europe)
Task: {966AB8E6-3BED-4DDE-8917-317270BAF8D2} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3007010704-1703236571-3604729562-1006UA => C:\Users\Rodrigo e Bernardo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-10-12] (Facebook Inc.)
Task: {9DF95399-F824-471E-9362-C658C850DB26} - System32\Tasks\{0C1313B4-3E43-4698-B023-F176BFFA4E49} => C:\SG Interactive\Crossfire Europe\CF_SGIN.exe [2015-01-08] (Smilegate Europe)
Task: {ADC8A9D9-F086-4910-8567-7D6148301AAA} - System32\Tasks\Driver Booster SkipUAC (SYSTEM) => C:\Program Files\IObit\Driver Booster\DriverBooster.exe [2015-01-06] (IObit)
Task: {B077AA37-FA2E-4B08-9474-07466BFB4894} - System32\Tasks\{C11D9EBA-DC97-43E9-8665-27256E51003E} => pcalua.exe -a "C:\Users\Diogo\Downloads\InstallIW4M (2).exe" -d C:\Users\Diogo\Downloads
Task: {B3AFD9BB-AEB6-4EE6-B47B-BAA977BE27BE} - System32\Tasks\Overwolf Updater Task => C:\Program Files\Overwolf\OverwolfUpdater.exe [2015-07-19] (Overwolf LTD)
Task: {B56A3EA9-D327-4749-B2F9-EA7E07093EF2} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {B67DAF5D-E93F-429E-8E67-E21272A850D6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-28] (Adobe Systems Incorporated)
Task: {BF2EFE46-FBA5-46DA-88D4-593BA6E87D03} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {C571D319-80EF-4A87-8DEA-43B393BF3395} - System32\Tasks\Opera scheduled Autoupdate 1392219902 => C:\Program Files\Opera Next\launcher.exe [2015-05-12] (Opera Software)
Task: {C5E25E8D-8AC5-4130-B76D-DC1DF4EF04B9} - System32\Tasks\{379A1EB7-E69E-4AFE-84E2-127BAEAD968B} => C:\SG Interactive\Crossfire Europe\CF_SGIN.exe [2015-01-08] (Smilegate Europe)
Task: {C63C1BF5-1FBE-4DF5-9285-AF60900967B9} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files\Gyazo\GyazoUpdate.exe [2015-08-19] ()
Task: {C6F54B4E-4DCA-46BB-897E-B6ADFEC3633D} - System32\Tasks\Driver Booster SkipUAC (Neusa) => C:\Program Files\IObit\Driver Booster\DriverBooster.exe [2015-01-06] (IObit)
Task: {CC17489B-6160-4CC4-931C-B6C79FDDCAE8} - System32\Tasks\{24AD0FB6-C34F-4491-8E48-71D247C62990} => C:\SG Interactive\Crossfire Europe\CF_SGIN.exe [2015-01-08] (Smilegate Europe)
Task: {CF9A778C-82C8-4F27-99A2-BF446BF53C5D} - System32\Tasks\{56891CD9-4037-4C65-8043-0CFB92EE3B80} => C:\SG Interactive\Crossfire Europe\CF_SGIN.exe [2015-01-08] (Smilegate Europe)
Task: {D4CF4D13-46BE-4845-9331-8571CE0521AF} - System32\Tasks\Driver Booster Scan => C:\Program Files\IObit\Driver Booster\Scheduler.exe [2014-12-17] (IObit)
Task: {D646C772-2B18-42C9-A8E5-35B91A51FDC7} - System32\Tasks\{C2B8DF23-A33F-457A-A420-F2DBBDAF44E0} => pcalua.exe -a C:\ProgramData\LowPricesApp\LowPricesApp.exe -c /progname=LowPricesApp /progver=3.4.2 /progpub=LowPricesApp /proguninstallurl=asdahjka.com /deleteappfolder=0 /deletefile2="C:\Program Files\Google\Chrome\Applicationupdate.dll" /deletefile3="C:\Program Files\Google\Chrome\Applicationchrome.dll" /VERYSILENT
Task: {E1D2FE11-D062-4BA6-A7EA-EC5EDF7CD4CF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)
Task: {F39531DE-8ACD-46A9-9FB2-516B39B761C5} - System32\Tasks\{34A21B89-B4C5-40B5-B65C-56FA29617C90} => C:\SG Interactive\Crossfire Europe\CF_SGIN.exe [2015-01-08] (Smilegate Europe)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3007010704-1703236571-3604729562-1006Core.job => C:\Users\Rodrigo e Bernardo\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3007010704-1703236571-3604729562-1006UA.job => C:\Users\Rodrigo e Bernardo\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 98d3f2e1-96df-40fb-8258-2e7facba5dfe.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task e97ada84-ce00-4d95-a3ce-b336d0707f80.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Loaded Modules (Whitelisted) ==============

2015-01-07 15:27 - 2013-10-25 13:08 - 00517408 _____ () C:\Program Files\IObit\Advanced SystemCare 8\sqlite3.dll
2015-07-29 12:48 - 2015-07-29 12:48 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-07-29 12:48 - 2015-07-29 12:48 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-09-04 11:04 - 2015-09-04 11:04 - 02964480 _____ () C:\Program Files\AVAST Software\Avast\defs\15090400\algo.dll
2015-09-04 19:29 - 2015-09-04 19:29 - 02964480 _____ () C:\Program Files\AVAST Software\Avast\defs\15090402\algo.dll
2014-04-27 20:46 - 2011-04-02 16:03 - 00151552 _____ () C:\Windows\System32\HP1100LM.DLL
2014-04-27 20:46 - 2011-04-02 16:03 - 00069632 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\HP1100PP.DLL
2015-01-07 15:28 - 2014-08-22 16:19 - 00893248 _____ () C:\Program Files\IObit\Driver Booster\webres.dll
2015-08-28 12:48 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-08-28 12:48 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-08-28 12:48 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-05-23 02:10 - 2014-05-23 02:10 - 00693920 _____ () C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll
2015-03-17 15:19 - 2015-03-17 15:19 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-02-28 14:33 - 2015-08-05 21:46 - 00153576 _____ () C:\Program Files\TeamSpeak 3 Client\quazip.dll
2014-08-04 14:43 - 2015-08-05 21:46 - 00090088 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\directsound_win32.dll
2014-08-04 14:43 - 2015-08-05 21:46 - 00103400 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win32.dll
2014-08-04 14:45 - 2015-08-05 21:46 - 00260072 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
2014-08-04 14:45 - 2015-08-05 21:46 - 00369640 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll
2014-06-05 14:35 - 2015-08-05 21:46 - 00271360 _____ () C:\Program Files\TeamSpeak 3 Client\ssleay32.dll
2014-06-05 14:35 - 2015-08-05 21:46 - 01300992 _____ () C:\Program Files\TeamSpeak 3 Client\LIBEAY32.dll
2015-08-24 15:12 - 2015-08-11 09:19 - 00258944 _____ () C:\Program Files\Maxthon\bin\Maxzlib.dll
2015-08-24 15:12 - 2015-08-11 09:19 - 00258944 _____ () C:\Program Files\Maxthon\Bin\maxzlib.dll
2015-08-24 15:12 - 2015-08-11 09:19 - 00247096 _____ () C:\Program Files\Maxthon\Addons\Mobile\MxMobile.dll
2015-08-24 15:11 - 2015-08-11 09:20 - 00887064 _____ () C:\Program Files\Maxthon\Core\Webkit\libglesv2.dll
2015-08-24 15:11 - 2015-08-11 09:20 - 00109336 _____ () C:\Program Files\Maxthon\Core\Webkit\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\temp:list3
AlternateDataStreams: C:\temp:pid1
AlternateDataStreams: C:\temp:pid2
AlternateDataStreams: C:\temp:rnd.dat
AlternateDataStreams: C:\temp:srv
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\Users\Diogo\Downloads\No Subject.eml:OECustomProperty

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3007010704-1703236571-3604729562-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3007010704-1703236571-3604729562-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3007010704-1703236571-3604729562-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3007010704-1703236571-3604729562-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3007010704-1703236571-3604729562-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3007010704-1703236571-3604729562-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3007010704-1703236571-3604729562-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3007010704-1703236571-3604729562-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3007010704-1703236571-3604729562-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3007010704-1703236571-3604729562-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3007010704-1703236571-3604729562-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3007010704-1703236571-3604729562-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3007010704-1703236571-3604729562-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3007010704-1703236571-3604729562-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3007010704-1703236571-3604729562-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3007010704-1703236571-3604729562-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3007010704-1703236571-3604729562-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-3007010704-1703236571-3604729562-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-3007010704-1703236571-3604729562-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-3007010704-1703236571-3604729562-1001\...\100sexlinks.com -> 100sexlinks.com

There are 4788 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3007010704-1703236571-3604729562-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Diogo\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 3
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AdvancedSystemCareService8 => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 3
MSCONFIG\Services: Disturbed Stress => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HPSIService => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: MaintainerSvc4.00.5030318 => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: Service Mgr browsepulse => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TeamViewer9 => 3
MSCONFIG\Services: Update Mgr browsepulse => 3
MSCONFIG\Services: winzipersvc => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA => 1
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Gyazo => C:\Program Files\Gyazo\GyStation.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MK LOL => "C:\Program Files\MKJogo\MK IM\Bin\MKIM.exe" -auto
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: svchost => regsvr32 /s "C:\Temp:0435BBA6.dat"
MSCONFIG\startupreg: uTorrent => "C:\Users\Diogo\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C6B2161F-B928-46C1-93A1-EB5D590AA18A}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{B8462CEA-DDFD-4F39-BC6B-3BB65686D8AC}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{B533DE1E-F576-4D67-945A-174496DEAA6B}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{76871608-2DA3-46A9-8C47-CE8995C008F5}] => (Allow) C:\Program Files\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{BA0C5250-7347-42B0-A898-A51A817C8611}] => (Allow) C:\Program Files\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{8712547F-0F9C-451F-86BA-BF608A1B8807}] => (Allow) C:\Program Files\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{14CF31AA-4A72-4C33-B89C-4E68B0C5E142}] => (Allow) C:\Program Files\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{6BB82565-09A4-4E4A-A94E-BB8A78AEBD02}] => (Allow) C:\Program Files\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{C169E266-F303-48A6-8096-5B4D48C606E3}] => (Allow) C:\Program Files\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [TCP Query User{45772794-5668-43CC-8C48-A33C153F1209}C:\users\rodrigo e bernardo\appdata\local\facebook\video\skype\facebookvideocalling.exe] => (Block) C:\users\rodrigo e bernardo\appdata\local\facebook\video\skype\facebookvideocalling.exe
FirewallRules: [UDP Query User{7018C385-8B56-41BC-975A-A7FB409447A3}C:\users\rodrigo e bernardo\appdata\local\facebook\video\skype\facebookvideocalling.exe] => (Block) C:\users\rodrigo e bernardo\appdata\local\facebook\video\skype\facebookvideocalling.exe
FirewallRules: [{AE656F3A-0B1C-4BB8-9FA8-B1B3D22D5202}] => (Allow) C:\Users\Diogo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{70D5E7DF-6301-4C39-BC2C-6D6BDEADCD2E}] => (Allow) C:\Users\Diogo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{5E13D051-8AF4-4367-95E2-0E977EDA71C9}C:\program files\steam\steam.exe] => (Allow) C:\program files\steam\steam.exe
FirewallRules: [UDP Query User{9412F314-1590-42B3-8E99-000CCB6D6C3C}C:\program files\steam\steam.exe] => (Allow) C:\program files\steam\steam.exe
FirewallRules: [{E6B25A34-7AB3-4F36-B190-99C7CE5369D2}] => (Allow) C:\Program Files\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{801049C4-7880-4E0B-B908-1F9910C8930B}] => (Allow) C:\Program Files\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{8BED828D-AEA6-4015-A708-6F7FC5442AE0}] => (Allow) C:\Program Files\Steam\SteamApps\common\Serena\Dagon.exe
FirewallRules: [{E574E5AC-C571-48A4-96C4-377BDCB70CBE}] => (Allow) C:\Program Files\Steam\SteamApps\common\Serena\Dagon.exe
FirewallRules: [{D272A4C2-2342-499E-84EA-BD11695F189F}] => (Allow) C:\Users\Diogo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A0E9C222-7B3A-4410-B290-60680744D11E}] => (Allow) C:\Users\Diogo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{ED0AEA7B-5323-43FF-A1A5-EAB5ED40FAF2}] => (Allow) LPort=8317
FirewallRules: [{1D6115F2-78D1-40F8-8ABE-9882C885D32F}] => (Allow) C:\Users\Neusa\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{9CC68B20-52E6-4C39-80D9-CC649E9ED399}] => (Allow) C:\Users\Neusa\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{EAD7BA0B-F54B-4584-9765-6FAEE8B99611}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{D31E7BBD-1F4A-4CBE-B70C-89B8D3AB0777}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{B285A015-CCC8-44EF-8702-9BFC4C2052BD}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{D4BFA7C0-4BAB-440A-886F-FC71D852F42D}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{140650EB-D778-4F69-9F1E-81F721DEABF5}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{3C8CADF3-9A09-4DC8-A7C2-97C3C627EB60}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{CB449917-16DD-480B-8E23-BBEE416AF616}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{BFFE52BD-570B-425D-BA4E-394E1963D380}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B8B79CC4-4112-4177-BF20-58341B804A82}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A4E0F423-ECBA-4055-A13D-7924DFE92236}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{ACE149AD-272C-45AD-8885-9CA07F0CE7A6}C:\program files\opera next\25.0.1614.35\opera.exe] => (Block) C:\program files\opera next\25.0.1614.35\opera.exe
FirewallRules: [UDP Query User{29521AAD-563C-4B3A-B4D0-A094CC0D4370}C:\program files\opera next\25.0.1614.35\opera.exe] => (Block) C:\program files\opera next\25.0.1614.35\opera.exe
FirewallRules: [TCP Query User{2325C2EA-2571-40DD-A3BD-FF5832C4A07F}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
FirewallRules: [UDP Query User{BCEB116D-7138-4198-A30C-A3CD3D8FE132}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
FirewallRules: [TCP Query User{7FA7FEFA-C907-47C9-85DD-B436529BB7A0}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
FirewallRules: [UDP Query User{971E757B-84FA-41CE-8C81-505CFFB2FA46}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
FirewallRules: [TCP Query User{5A7F3FD0-C9B2-4D2B-BB98-12ADCDA029F1}C:\program files\java\jre7\bin\jp2launcher.exe] => (Allow) C:\program files\java\jre7\bin\jp2launcher.exe
FirewallRules: [UDP Query User{1D5056D3-B92E-48DC-833E-8195753C8EDE}C:\program files\java\jre7\bin\jp2launcher.exe] => (Allow) C:\program files\java\jre7\bin\jp2launcher.exe
FirewallRules: [TCP Query User{69DA10A0-DBDC-409C-BDDD-A649BFE2FCED}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{279DF0CF-9B46-4DDD-9434-B7E092733C83}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{BD535C06-7C17-4D42-9C06-6C197C4666CC}C:\program files\java\jdk1.7.0_40\bin\javaw.exe] => (Block) C:\program files\java\jdk1.7.0_40\bin\javaw.exe
FirewallRules: [UDP Query User{44815929-5FF0-4250-A1E4-CBCC20787526}C:\program files\java\jdk1.7.0_40\bin\javaw.exe] => (Block) C:\program files\java\jdk1.7.0_40\bin\javaw.exe
FirewallRules: [TCP Query User{223CC3E6-B13C-4721-B2BE-C0CE23B5E131}C:\users\diogo\appdata\roaming\utorrent\updates\3.4.3_40298.exe] => (Block) C:\users\diogo\appdata\roaming\utorrent\updates\3.4.3_40298.exe
FirewallRules: [UDP Query User{99039C91-BBDF-4CB4-8D24-F0E18F40FD66}C:\users\diogo\appdata\roaming\utorrent\updates\3.4.3_40298.exe] => (Block) C:\users\diogo\appdata\roaming\utorrent\updates\3.4.3_40298.exe
FirewallRules: [{2E3D4111-9501-464D-BEAF-563BAF0C4351}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{B8BDEE79-4BFE-4AC4-AA0F-99116115536F}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{1C4AB509-0467-4C38-81C4-610C78504466}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{FDE72EEE-7A12-4CBB-9016-CBF69FEB689A}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{A7E4D9B7-0D5C-4226-8B0A-85C94DEDD65F}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{E4396930-8EAC-465C-881A-EC4B4062127C}] => (Allow) C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
FirewallRules: [{FFAC9B56-7FB7-44D0-8A2B-ADB0966DD57D}] => (Allow) C:\Program Files\Maxthon\Bin\MxUp.exe
FirewallRules: [{88799530-59A8-4061-B2A0-108C4861CCE1}] => (Allow) C:\Program Files\Maxthon\Bin\Maxthon.exe
FirewallRules: [{47E66CE8-AF75-472F-B19C-8655D0E715F7}] => (Allow) C:\Program Files\Maxthon\Bin\MxUp.exe
FirewallRules: [{B6A79654-5C24-4B9C-B0DE-31008F551CA4}] => (Allow) C:\Program Files\Maxthon\Bin\Maxthon.exe
FirewallRules: [{3B4088B7-1619-42EF-8D10-410C7E312916}] => (Allow) C:\Program Files\OldMozilla\firefox.exe
FirewallRules: [{9FFE2FC6-5607-4833-94CB-6EB35701CF69}] => (Allow) C:\Program Files\OldMozilla\firefox.exe
FirewallRules: [{3AE40F3C-5D23-4623-BEE6-642E27D80606}] => (Allow) C:\Program Files\Mozilla\firefox.exe
FirewallRules: [{4602D3EC-2EA7-4283-9F03-2C7BCB0D347A}] => (Allow) C:\Program Files\Mozilla\firefox.exe
FirewallRules: [{0D53A7C3-55D1-483A-B594-A750E778C9D5}] => (Allow) C:\Program Files\OldFirefox\firefox.exe
FirewallRules: [{0AC8B9B2-AFF3-4478-954C-1B68016279E0}] => (Allow) C:\Program Files\OldFirefox\firefox.exe
FirewallRules: [{528AD63A-0642-419C-9C04-FA7058941537}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C1F90648-AF3F-411C-A3F1-C9C30E5498D9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/04/2015 11:27:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome da aplicação com falha: plugin-container.exe, versão: 40.0.3.5716, carimbo de data/hora: 0x55ddb213
Nome do módulo com falha: mozglue.dll, versão: 40.0.3.5716, carimbo de data/hora: 0x55dda062
Código de excepção: 0x80000003
Desvio de falha: 0x0000e250
ID do processo com falha: 0xef8
Data/hora de início da aplicação com falha: 0xplugin-container.exe0
Caminho da aplicação com falha: plugin-container.exe1
Caminho do módulo com falha: plugin-container.exe2
ID do Relatório: plugin-container.exe3

Error: (09/04/2015 10:16:17 AM) (Source: OverwolfUpdater) (EventID: 0) (User: )
Description: Não é possível iniciar o serviço. Já existe uma instância do serviço em execução

Error: (09/04/2015 10:16:16 AM) (Source: OverwolfUpdater) (EventID: 0) (User: )
Description: Não é possível iniciar o serviço. O identificador é inválido

Error: (09/03/2015 10:27:05 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: O identificador é inválido

Error: (09/03/2015 10:27:05 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: O identificador é inválido

Error: (09/03/2015 08:48:09 AM) (Source: OverwolfUpdater) (EventID: 0) (User: )
Description: Não é possível iniciar o serviço. Já existe uma instância do serviço em execução

Error: (09/03/2015 08:48:09 AM) (Source: OverwolfUpdater) (EventID: 0) (User: )
Description: Não é possível iniciar o serviço. O identificador é inválido

Error: (09/02/2015 10:59:30 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: O identificador é inválido

Error: (09/02/2015 10:59:30 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: O identificador é inválido

Error: (09/02/2015 10:02:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome da aplicação com falha: FlashPlayerPlugin_18_0_0_232.exe, versão: 18.0.0.232, carimbo de data/hora: 0x55c42e20
Nome do módulo com falha: unknown, versão: 0.0.0.0, carimbo de data/hora: 0x00000000
Código de excepção: 0xc0000005
Desvio de falha: 0x5e6992cd
ID do processo com falha: 0x704
Data/hora de início da aplicação com falha: 0xFlashPlayerPlugin_18_0_0_232.exe0
Caminho da aplicação com falha: FlashPlayerPlugin_18_0_0_232.exe1
Caminho do módulo com falha: FlashPlayerPlugin_18_0_0_232.exe2
ID do Relatório: FlashPlayerPlugin_18_0_0_232.exe3


System errors:
=============
Error: (09/04/2015 11:26:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: O serviço AvastVBox COM Service falhou o arranque devido ao seguinte erro:
%%1053

Error: (09/04/2015 11:26:37 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Foi atingido o tempo limite (30000 milissegundos) ao aguardar pela ligação do serviço AvastVBox COM Service.

Error: (09/04/2015 11:26:37 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053AvastVBoxSvc{F319F1B8-7587-4146-AF9C-0D6D77819BF1}

Error: (09/04/2015 11:25:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: O serviço Spybot-S&D 2 Scanner Service falhou o arranque devido ao seguinte erro:
%%1053

Error: (09/04/2015 11:25:51 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Foi atingido o tempo limite (30000 milissegundos) ao aguardar pela ligação do serviço Spybot-S&D 2 Scanner Service.

Error: (09/04/2015 11:25:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: O serviço Spybot-S&D 2 Scanner Service falhou o arranque devido ao seguinte erro:
%%1053

Error: (09/04/2015 11:25:05 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Foi atingido o tempo limite (30000 milissegundos) ao aguardar pela ligação do serviço Spybot-S&D 2 Scanner Service.

Error: (09/04/2015 11:23:31 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: O anterior encerramento do sistema, ‎04-‎09-‎2015 às 11:22:05, foi inesperado.

Error: (09/04/2015 10:24:20 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Falha na instalação: O Windows falhou a instalação da seguinte actualização com o erro 0x80240020: Atualização para o Windows 10 Pro.

Error: (09/04/2015 10:07:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: O serviço Spybot-S&D 2 Scanner Service falhou o arranque devido ao seguinte erro:
%%1053


Microsoft Office:
=========================
Error: (09/04/2015 11:27:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe40.0.3.571655ddb213mozglue.dll40.0.3.571655dda062800000030000e250ef801d0e6fc3d3bae67C:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozglue.dll953e8e8c-52ef-11e5-a7fa-bcaec5924d27

Error: (09/04/2015 10:16:17 AM) (Source: OverwolfUpdater) (EventID: 0) (User: )
Description: Não é possível iniciar o serviço. Já existe uma instância do serviço em execução

Error: (09/04/2015 10:16:16 AM) (Source: OverwolfUpdater) (EventID: 0) (User: )
Description: Não é possível iniciar o serviço. O identificador é inválido

Error: (09/03/2015 10:27:05 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: O identificador é inválido

Error: (09/03/2015 10:27:05 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: O identificador é inválido

Error: (09/03/2015 08:48:09 AM) (Source: OverwolfUpdater) (EventID: 0) (User: )
Description: Não é possível iniciar o serviço. Já existe uma instância do serviço em execução

Error: (09/03/2015 08:48:09 AM) (Source: OverwolfUpdater) (EventID: 0) (User: )
Description: Não é possível iniciar o serviço. O identificador é inválido

Error: (09/02/2015 10:59:30 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: O identificador é inválido

Error: (09/02/2015 10:59:30 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: O identificador é inválido

Error: (09/02/2015 10:02:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_18_0_0_232.exe18.0.0.23255c42e20unknown0.0.0.000000000c00000055e6992cd70401d0e5c2b3f70656C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exeunknownf1e62919-51b5-11e5-a782-bcaec5924d27


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz
Percentage of memory in use: 42%
Total physical RAM: 3549.05 MB
Available physical RAM: 2047.1 MB
Total Virtual: 7096.42 MB
Available Virtual: 5282.38 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:141.25 GB) NTFS
Drive d: (GTA_SAN_ANDREAS) (CDROM) (Total:3.92 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
Brown88
Active Member
 
Posts: 4
Joined: September 2nd, 2015, 10:04 am

Re: Firefox Malware Hard to remove

Unread postby Cypher » September 4th, 2015, 4:18 pm

Cracked - Illegal Software

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.
The section here explains why we bring this to your attention.

If you wish to receive help from us, you must remove any and all of the following from your computer:
  • Illegal software
  • Cracked software
  • illegal software key generators

Once the software and/or keygens have been removed, if you still need help, please start a new thread... include a link to your closed topic and include NEW DDS logs :
  • DDS.txt.
  • Attach.txt.
  • Details of the problems you're experiencing.
Wait for a new helper. Do not reply to your topic before a helper has replied.

This topic is now closed.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: M2Judy and 65 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware